Coming from Ubuntu/Debian to RHEL

Latest response

Hello everyone. My name is Scott and I am a network administrator for a small company with employees worldwide. Currently we are working with Ubuntu/Zentyal servers as possible replacements for Microsoft Windows server 2k3 small data center infrastructure and are looking into RHEL. I have a fair amount of experience with Ubuntu primarily in the server realm and currently have a small proof of concept domain configured with AD at Win 2k8 level and working with no Windows boxes. Having managed to get AD, DNS, Samba4 file sharing, AD replication working as well as experimented in running Xen or VMWare vrtualization setups for remote user access of Citrix-like remote desktop/apps, we are looking at RHEL as it is able to do all these things without having these services spread across multiple vendors. I have not found very many how tos for RHEL 7 that are concise and to the point on the procedures for building the DNS, AD structure. Coming from Ubuntu as I have and having used the Zentyal interface, the ease with which to start all of the needed tasks are in one place and easily managed. I am having a difficult time making my way through the RHEL documentation as there is so much information that I get lost. Further, while Ubuntu/Debian/Zentyal use Samba4 as the AD DC, RHEL, I have found, does not do this because of their implementation of Kerberos. And as anyone delving into open source and linux in general knows: there is a plethora of OLD information out there that may or may not work with your current setup version.

Where I am now is a 90 day license for 3 boxes of RHEL, 1 license of RHEV, and one license of RH Directory Server. I need some guidance on how to set up DNS and the directory server as well as the best method for getting Samba to authenticate against the directory for file sharing to directory users. I think part of my issue is my lack of familiarity with RH convention and this may be hampering me a bit. But, I am having the powers that be consistently wondering when we will be moving forward with this, but my goal is data protection during the migration and I need to make sure that I have the best tools I can for this as well as trying to meet the check writer's anti-Microsoft sentiment. Personally, I think they should not discount Microsoft, but, I'm just a network admin.

Any information needed can be provided. Thank you in advance for any suggestions/help.

Scott

no
Log in to join the conversation

Responses

rhn-support-mflitter's picture Red Hat Guru 1638 points
9 February 2015 2:04 PM

Hi Scott,

Focusing on the questions at the end;

  1. When you say set up DNS, do you mean a full DNS server with BIND, or how to connect to your current DNS server?
    • if it is the latter, then I suggest using dnsmasq to provide local caching of names.
  2. Samba and AD depends a little on your configuration:
  3. We have a getting started page for RHEV, but there are a number of steps to complete there.
    • If you just want to test performance of virtual machines, then you may wish to use virt-manager to install a vm.
    • A quick note here about Xen, we only support Xen as a hypervisor on RHEL 5, in RHEL 6 we moved to KVM. We have a KVM Admin Guide that may help make the choice a little easier for your PoC.
  4. You don't say if you are looking at RHEL 6 or 7 (I would suggest if you are new to RHEL, then start with 7 as the differences between that and 6 are significant). We have a document called Navigating Red Hat Enterprise Linux 7 which aims to explain the new components and links to multiple documents explaining new features.

Let me know about the DNS question and I will find you the information you need.
best regards
Mark

no Newbie 10 points
9 February 2015 3:51 PM

Thanks for the reply. You are correct: I am setting up Bind DNS. I am using RHEL server 7. I am curious, though, regarding SAMBA AD as we will not be having a Windows AD server, rather a server running Windows that will need to authenticate through AD. We are looking at Red Hat Directory Server for handling that. I am confused as to the proper way to set this up as we will be having Windows on many of the workstations that will be loging in as well as Linux. I know that RHEL does not support Samba4 as a DC, so I am trying to wrap my head around what is needed to setup a couple of DCs for fault tolerance. All with user Bind DNS or whatever is recommended for these duties. Does the Directory Server perform the DC duties? I am a bit fuzzy on that aspect of is as I have been using Samba as a DC with its built in directory up until now. From what I experienced playing with 389 server, if Samba is to be used for file services, it is better to have it on a separate machine than the directory server and set it to authenticate through the directory server. If there is a better method for going about this, I would certainly appreciate some guidance. In the mean time, I will continue on and get Bind DNS up and running and look through the articles listed in your response.

Thanks again!

SW Red Hat Guru 4022 points
10 February 2015 8:39 AM

Hello

There is a "DNS Servers" chapter in the Red Hat Enterprise Linux 7 Networking Guide

james.radtke@siriusxm.com's picture Guru 6863 points
9 February 2015 4:23 PM

Hey Scott - this is not intended to necessarily answer your question, but I thought I would provide a few things to consider/review. I do not have enterprise experience integrating Samba and therefore I am unsure if the following will help you.

I find quite a bit of value in having AD be the primary source for user administration in our environment, EVERYONE first has a Windows workstation and most Infrastructure functionality is tied to the Windows login. Secondarily some users will need to access our Linux environment. Plus, the Helpdesk is already capable of managing users in AD.

We currently utilize the following to allow our Linux hosts to coordinate with AD for password authentication
Directory Server as a Passthru
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/pam-pta.html

I would, however, like to move to some a bit more capable and Linux-aware
Red Hat Identity Management (formerly IPA)
https://access.redhat.com/products/Identity_Management

Both methods have caveats and limitations. The Red Hat IdM appears to have a more broad overview now. (i.e. the page refers to Directory Server, IPA/IdM, etc..)

PS Guru 6494 points
9 February 2015 9:44 PM

I find quite a bit of value in having AD be the primary source for user administration in our environment, EVERYONE first has a Windows workstation and most Infrastructure functionality is tied to the Windows login. Secondarily some users will need to access our Linux environment. Plus, the Helpdesk is already capable of managing users in AD.

I completely agree with this if you have multiple Windows workstations/servers in your environment. . If you have an existing Windows AD domain, there is limited benefit in replacing it imho.

I authenticate Linux servers directly against AD with IMU (AD plugin) enabled using SSSD without an intermediary.

There really shouldn't be a need for Winbind at all, especially with authentication (from below document):

Samba Winbind had been a traditional way of connecting Linux systems to AD. Winbind emulates a Windows client on a Linux system and is able to communicate to AD servers. The recent versions of the System Security Services Daemon (SSSD) closed a feature gap between Samba Winbind and SSSD and SSSD can now be used as a replacement for Winbind. In certain corner cases, Winbind might still be necessary to use but it is no longer the first choice in general.

The integration process has become easier in RHEL 7, some relevant documentation here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.