Vintela Authentication Services

Integrate the power of AD with Linux and UNIX platforms

Administrators who maintain mixed Windows, Linux, and UNIX networks face the unique challenge of providing directory access across multiple platforms. To meet that challenge, they often maintain multiple directories or use tools such as Samba to enable file sharing across platforms. Integrating Active Directory (AD) into such mixed environments would provide a way to share files and would let Linux and UNIX users take advantage of the power of directory-based applications.

Vintela Authentication Services (VAS) meets the mixed-environment challenge for a few users or hundreds of thousands of users. VAS lets Linux and UNIX (e.g., IBM's AIX, HP-UX, Sun Microsystems' Solaris) clients authenticate against a Windows AD server while providing single sign-on (SSO) functionality. VAS is Vintela's flagship product in a line that includes Vintela Management eXtensions (VMX), which extends Microsoft Systems Management Server (SMS) to Linux and UNIX platforms. (The company also plans to extend Windows Group Policy to Linux and UNIX systems; that functionality should be available by the time you read this article.)

Setting up VAS requires that you make some major changes to your AD networking environment. For my test, I used a fresh Windows server installation with a new AD.

The primary requirement for installing VAS is that you extend the AD schema by applying the VAS Group and User Schema. Vintela supplies a utility program that automates the process. On my unmodified AD, which had few additional objects, applying the schema took only a few minutes. I supplied the root distinguished name (DN) and schema master information, then selected the schema extension I wanted to apply (VAS supports the UNIX Network Information Service—NIS—map schema, if you need it). I applied the Group and User Schema extension (which need to be applied only once
to your AD forest's schema master).

I then installed the VAS Administrative Tools package. This step is required if you plan to use the NIS-compatibility features. If you don't use the NIS features, the step is optional (but recommended); it lets you add the UNIX compatibility tab to multiple administrative menus. The VAS Display Specifier Registration Wizard registers the VAS Administrative Tools in AD. The wizard gave me the option of registering the tools by using the Microsoft Management Console (MMC) Active Directory Users and Computer snap-in or Quest Software's Aelita Enterprise Directory Manager.

I was then ready to add UNIX or Linux users to my AD user groups. I used the Active Directory Users and Computers snap-in to create a new group, then opened the Properties dialog box for the group, selected the new Unix Account tab (which the VAS installation added), and selected the Enable Unix Group check box.

To enable UNIX (or Linux, in my case) users for the group, I opened the Active Directory Users and Computers snap-in and the Properties dialog box for the selected user. I selected the Enable Unix Account check box on the Unix Account tab. Other than making sure that the account was properly configured to log on to the local UNIX host (defined as the Linux or UNIX computer that the account uses), that step completed the installation on the server side.

On the client side, I then installed the VAS client on my Red Hat Linux 7.2 computer. To join the computer to the AD domain, I used Vastool, a command-line VAS client-configuration tool. The tool requires that you know the name of the AD domain and have administrative privileges for an account on that domain.

Bringing Linux and UNIX computers into AD lets administrators use standard Windows server tools for basic administrative tasks. This simplification of the management routine in a cross-platform environment is an excellent starting point for conserving IT resources. When Vintela ships full support for Group Policy, administrators will be able to apply Group Policy objects (GPOs) across mixed Windows, Linux, and UNIX environments without worrying about client computer types.

Any tool that can reduce the management complexity of mixed environments is worth careful consideration. If you need to integrate Linux and UNIX with AD, VAS is a good choice.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.