Ubuntu as Zentyal Client

[arun]

Dear All,

I am planning to completely switch over to opensource OS plateform. For that our server is working on Zentyal (Firewall, file and proxy). Few of the users are working on Windows and rest all are having Ubuntu 10.04 and higher...

Now I am in process of implementing Domain, so that all the users should authenticate through Zentyal, while login and for all other services. Surprisingly W$ pc are working perfectly with zentyal domain (even roaming profile also), but I m confuse what to do with Ubuntu PCs. I have tried "Zentyal Desktop", but it cause very slow authentication, no roaming, how to access to user folder etc. ultimately user 

Is there any effective solution for this, so that I can force even W& users to move to Ubuntu  ....

Arun

[robb]

I found this (old) topic. It might do the trick. http://forum.zentyal.org/index.php/topic,34.0.html

And some background info: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html

[christian]

As I wrote in another thread, I'm a bit confused with the wording. I don't understand what "domain" provides to Linux clients.
To me (but I might be wrong), "domain" concept cover Microsoft Windows perimeter (only).
Somewhat equivalent features are provided implementing "NIS" or "NIS+" in the Unix/Linux work. The point is that NIS and NIS+ are quite old and Sun (now acquired by Oracle) doesn't promote it anymore because idea is to implement instead PAM-LDAP and NSS-LDAP.
PAM is clearly for authentication. Fine and simple. However, implementing NSS will not provide "out of the box" seamless integration with Windows domain.

Reason why I would suggest to refine what you intend to achieve when asking for "Zentyal domain client".
- Is it matter of single authentication back-end (here LDAP)?
- is it matter of resource sharing (Samba) with Windows clients?

I hope I'm clarifying here why I'm not comfortable with this wording 

[arun]

Dear Christian, thanks for the details and background of the terminologies, now like you, I am also not comfortable or bit confused (on you comment I have removed the "Domain" term from topic also) thus I tried to list just required features ...

For Ubuntu as a Client to Zentyal :
1. Single Authentication to server while login.
2. Available resource access at Zentyal Server. (Samba in Roaming mode)
3. Jabber / Mail access

(open for others to complete the list)

[christian]

Thus your main objective is SSO...  meaning you would like users to authenticate once (opening session on their computer) and then access various services exposed by Zentyal server(s) without additional authentication. This Single Sign-On feature is not yet implemented.
This is discussed here too: http://forum.zentyal.org/index.php/topic,6024.0.html

I've no doubt Kerberos will be sooner or later part of Zentyal product catalog 
Technically speaking, implementing Kerberos is not that difficult    if one sticks on "Zentyal only" deployment.
I don't yet understand what it would mean to mix Zentyal and Windows domain (which is also implementing its own Kerberos-like authentication) 

[arun]

I would like to completely switch over to open source, for which I have selected Zentyal as a server and Ubuntu at the clients (where currently user are at Win$), in such scenario administrator as well as users are intent to stick with M$ (even with combination of Zentyal).
Zentyal is working perfectly, but the Linux / Ubuntu / Zentyal philosophy fails here if somebody plans to switch over to Open Source Solution .....

[christian]

Zentyal is working perfectly, but the Linux / Ubuntu / Zentyal philosophy fails here if somebody plans to switch over to Open Source Solution .....

  I don't really understand why 

I'm using Zentyal with mix of Windows and Ubuntu clients and don't face any issue. Of course, there is no SSO  but this aside, no problem so far for services I'm using.
What do you mean with "fails" 

[arun]

Dear Christian, I am extremely sorry if i have hurt somebody, but I too currently want to have the mix of Zentyal -> Windows + Ubuntu clients, for easy penetration of Ubuntu, and convert to only Zentyal + Ubuntu only. For that I am in search of "howto" which works cross Ubuntu and Windows.
If you have that please forward me the same ....I am desperate to do so ....

[christian]

No hurts    I'm only trying to understand what is not working for you 

Did you already look at:
http://trac.zentyal.org/wiki/Documentation?redirectedfrom=Document%2FIndex

[arun]

Yes ... Now two very simple question ...

1. I have setup PDC, how ubuntu users can access their resources
2. Zentyal has eased the working of Administrator, lots of things working out of the box. How any Zentyal administrator can handle the transaction with ease specially when Windows and Ubuntu both are in network ....
hope you can understand my pain ...

[christian]

Yes ... Now two very simple question ...

Question is somewhat simple  but answers may not 
It all depends on where you stand and what your strategy is.

Either you target full opensource landscape: Ubuntu clients, Samba... (with such design, why would you keep PDC?) or you need to keep Windows as your main core infrastructure but decide to integrate some Linux boxes in the landscape: then if you already have PDC, Samba has to join the existing domain and act potentially as domain controller. Be sure to select this option while configuring LDAP. I don't really like this option with Zentyal because Zentyal being initially designed to work as standalone SMB core box, it handles accounts and requires additional (I mean external to Zentyal) program in order to synchronize pwd change.
One option could have been not to handle accounts but to rely on external repository (either "true" LDAP server or AD) but this is not Zentyal philosophy... This would result in really too complex designs for those not understanding what each component provides and is used for. I'm a bit frustrated with this but at the end... I share it, keeping in mind what Zentyal targets.

Then another option is to deploy Zentyal as PCD because you target opensource landscape but need to keep some Windows clients. This one is easier. You, of course, have noticed that clients must be able to join the domain, which means no "Windows Home" or similar editions but "Windows pro", "enterprise"...

Notice, in order to build more accurate picture, that even with Windows "Home" clients, you can still share folders. Lack of Domain Controller will result in local account management on clients that will use Zentyal account to access resources.

Does it clarify a bit the multiple high level choices

[arun]

For both the cases, considering Zentyal as a central server, may have the howto s .....

[jsalamero]

SSO is still not ready on Zentyal, hopefully it is in the near future.

You still can setup Samba as PDC for your Windows clients and use Zentyal Desktop to authenticate your Linux clients using PAM-LDAP. The Linux clients will be able to access the shares via samba as well.

[robb]

What I think needs high priority is to make the complete Zentyal network be as transparent in USE as possible. As a (former) Windows administrator, I think the availability of true roaming profiles is very important. In an environment where pc's are just standard workingtools, every user needs his/her OWN desktop. Therefor it shouldn't matter what kind of pc you log on, youn always get the same desktop. For windows clients this is easy enough.

What I sense in this thread is that ubuntu desktops are still treated like islands on their own. IMO in a networking environment this is not acceptable. I would highly prefer ubuntu desktops over windows IF al the windows networking features like roaming profiles are available for ubuntu too, especialy seamlessly integrated in Zentyal.

[arun]

I do agree with robb, I am trying hard to completely switch over to Zentyal and Ubuntu combination (but currently having few windows, which I can not immediately convert). Where as it would be easy for me to convert normal user to Ubuntu, If I can provide features similar or better than windows networking.

I have read, NFS which pointed me to NIS, than Samba, OpenLDAP, which finally zeroed to Zentyal Desktop. But Zentyal Desktop is in beta version and no further development is there. Still I am planning to Implement it in production ....(in the way jsalamero suggested)

We are waiting for SSO ...