Ubuntu as Zentyal Client

[christian]

We are waiting for SSO ...

Well, a lot of you are waiting for SSO, fine... but it has nothing to do with above debate about roaming and NFS vs. CIFS (SMB), at least for what I uinderstand.
I believe these is a mix between various features and (end-)users as administrators are asking for some features that will make at, the end, Zentyal+Ubuntu Windows like mainly because it's free 

It's fair but not that simple    Please let me explain the way I see it.

SSO stands for Single Sign On
This offers capability to authenticate once and then have this credential validated and reused for multiple services. No more nor less. e.g. you authenticate first time while accessing mail and access to browser requiring authentication will not prompt you for login / password. One of the standard mechanism is to implement Kerberos (like Windows) that will, once authenticated successfully, provide user with ticket that can be reused to show that authentication was successful.

NFS. vs CIFS (SMB) is "only" remote (network) file access protocol.
Windows implements CIFS but can also implement NFS while Linux world can do the same with NFS and Samba. This doesn't make any assumption on the fact that user's data is stored "centrally".

...then roaming  in the above debate, meaning capability, for users, to move from one personal computer to another while keeping its "environment":
this means that accounts are centrally managed, first  and also that all user's data are stored elsewhere that on personal computers. This doesn't mean in one single location but at least this (these) location(s) must be store somehow with user's profile. Same for user's "desktop", preferences and so far and so on...
This is, although not perfect, pretty well achieved in Windows world and also achievable in Linux world. Former NIS and  NIS+ services were targeting, at least partially, this. Now NIS is over (not enough secure) and NIS+ is too much complex. LDAP replaces one part of NIS features. I personally doubt that roaming is a must for SMB. Accounts and computer management (i.e. backup/restore) must be addressed. Perfect "roaming enabled" infrastructure will partially answer to this need but is it really a must?

To make a long story short, all the stuff required to achieve and manage this kind of implementation is far form being in the SMB (not CIFS but Small & Medium Business  ) scope.
To me, the only realistic way to achieve it it to have ALL services web based, including applications.
You provide users with light, almost disk-less computers and everything is centrally managed.  This is what more and more companies are offering, kind of... look at Google.
Cloud based services are also pushing in this direction: put virtually "everything" in a cloud and the you can walk, move, change... easily    because you don't own anything anymore   
I'm joking a bit with such wording but this is nevertheless the concept.

Back to this thread, SSO is on component required to reach the holy grail, network file sharing is potentially another, some more are required but:
- when you ask for new feature, keep in mind the whole landscape to be sure you don't ask for SSO while you mean roaming
- do not think that SSO alone with provide everything
- ask ourself if this is really what you or your company needs because in front of potential added values values, there is a cost: there is not such thing as a free lunch 

NB: I really hope Zentyal team will intervene in this debate and explain their view. How does Zentyal fit with SMB market and how does this fit or compete with Cloud landscape? Is there also e real need for roaming in the SMB world?

[robb]

To me, the only realistic way to achieve it it to have ALL services web based, including applications.
You provide users with light, almost disk-less computers and everything is centrally managed.  This is what more and more companies are offering, kind of... look at Google.

OR....... drumsound.... implement LTSP. YES! Does my vote count for 10000 now?...

[christian]

OR....... drumsound.... implement LTSP. YES! Does my vote count for 10000 now?...

   I don't know. Like you, I'm Zentyal user, not Zentyal team member 

Yes, LTSP in one of the "diskless like" implementations that may suit.

[Sam Graf]

There's so much more to this discussion if we think about where Windows XP-powered SMBs are at and the options available to them going forward. Because of the hardware ramifications, I personally think the Wyse-Citrix team-up is going to play a significant role as a solution provider for a lot of SMBs thinking through XP EOL. I think Zentyal needs to be intentional about it if it wants a piece of that action.

But I've launched into lengthy versions of this conversation before and really should keep it shorter. I'll just say that sometimes people are missing my point when I talk about where I think Zentyal needs to be strong. (The whole UPS support discussion is a classic example of people not quite understanding what I'm saying, which just means I'm not too good at getting my point across. )

The vast Windows XP-driven SMB market is, or soon will be, in aggregate motion out of necessity. It will head somewhere out of necessity. The size of what has to happen is really unprecedented in Windows computing history. Solution providers understand better and better that IT consumers have several good options both on the desktop and in the back room--including closing up the back room almost altogether. Open source software continues to have an opportunity here if providers can think clearly about the end user experience and what that will generally look like in the near future. (Apple gets this better than some.) This is a time like none before for the open source community, developers and users alike, to think very carefully about the future.

Just sayin' ...

[arun]

I do agree that the Win$ driven SMB market will soon be a history (and I will be happy as soon as this will happen ), but the current fact is that, linux Administrator (to be) are facing problem in transformation, which is an ultimate setback to the 'open' movement in network server  .

This is also a fact that small and medium organizations will continue with their network and provide their internal resources to the users in this manner. (it will take time that everything / process will be on cloud, where small organisations are more concern about their security) Or Zentyal provide an innovative mode of providing so, by technology leapfrogging ..

This is also a fact that many of the network will have win$ and Linux users, working together (atleast for coming few years ).

And as far as I know, Zentyal is most appropriate for such organisations, thus we should focus on this issue ...

[stuartiannaylor]

LTSP keeps being mentioned on a few threads now and I hope very much that it will be included in 3.0.

http://www.networkupstools.org/download.html NUT is in the repository. I was supposed to spend some time with alfresco and NUT this weekend with NUT looking the simpler. http://tldp.org/HOWTO/UPS-HOWTO/x142.html#AEN187
It has been demoted to sometime this week but I will post my results when installed.

Alfresco is just an application but LTSP has a strange crossover as it provides some solutions to infrastructure problems that are in no-mans land until samba4.

[christian]

Alfresco is just an application but LTSP has a strange crossover as it provides some solutions to infrastructure problems that are in no-mans land until samba4.

Could you explain relationship between Alfresco (or any CMS) and LTSP? I'm a bit lost...
And I also don't understand how Samba4 will interfere with LTSP 

To me Samba4 is one (big) step toward "Windows like" infrastructure or potentially better Windows world integration implementing its own directory service.
This is, although I might be wrong, just the opposite of what I would target with component able to rely on "standard" infrastructure block (if one assumes that standard is not Microsoft Windows only but what IEEE and RFCs describe)

[stuartiannaylor]

Oh I only mentioned Alfresco (DMS) as I was supposed to be having a go at seeing if it would co-exist with my zentyal server and how easy it was to configure. My plan for the weekend was NUT & Alfresco but it changed to a girl and serveral bottles of wine 

There are several hurdles with later versions of windows in respect to samba3, roaming profiles, account lockdown and general win client / zentyal as a PDC.
LTSP could provide thin clients that would provide an alternative to the above.
Also the only problem with Samba4 is that we are still on Alpha releases and until a release candidate turns up I doubt many will be employing it in production environments.

[christian]

I hope you enjoyed 

Back to business  you're correct looking at Alfresco as DMS, although I see it as a mix of DMS, CMS plus much more features too. This being said, I still don't understand how this can be compared with LTSP.

LTSP is basically "terminal server" meaning container for application running centrally. It doesn't make assumption on application exposed. Sure it could be DMS or whatever else but the is NO relationship, at least for what I understand.

I'm elaborating on this because I would like to avoid people voting for LTSP thinking that is will solve issues they may face with DMS. LTSP could be one component of target design assuming another application or service is centrally provided.

I my view biased or wrong 

Then Samba4 is another story  or 

[ichat]

to comment on what rob says.   

we allready HAVE  ldap.. we have radius   we have lots of other stuf..

we dont have zentyal desktop ...    we should build our own  desktop version of ubuntu based on a subset of ubuntu repositories, and the base install  using  pam-auth-ldap  for loging in... or for example  using radius to enforce settings like most users are familiar with  when using windows..

in my view..  that same ubuntu subset desktop could be the base for any future ltps plan... 

idd be willing to document this.. but i would require some help in a few aspects allong the way...

[jsalamero]

RADIUS is good to do AAA but not for storing users&groups policies, LDAP is the best solution for this...

[christian]

RADIUS is good to do AAA but not for storing users&groups policies, LDAP is the best solution for this...

You're perfectly correct and it's worth to make it clear, there is definitely no doubt regarding this!

If you look closely at Radius based solutions, you will notice that some are (and more and more for what I noticed although I do not work with Radius any more since a while) implementing Radius protocol using Radius service which relies on LDAP in the back-end for users and groups (and policies) management.

One may even imagine to have LDAP authentication based on Kerberos using GSSAPI, therefore stacking Radius, LDAP and Kerberos

This shows that Radius, LDAP, Kerberos are not covering same perimeter.

There is a lot of confusion here  like when we discuss CMS vs. DMS vs. file sharing...

[ichat]

radius if im informed correctly is a way to authenticate serveral kind's of services via user + password   with any database backend possible (thus also ldap)... 

what i think must be done is building a simple  lightweight desktop  based un ubuntu witch should be logging in against the  zentyal ldap db...   

if you want roaming profiles  it should also mount  mount a remote directory as its profile dir  in /home/$username$    but thats not part of the SSO ...   

while reading this document -  creating a ubuntu iso with these packages preconfigured .. should be able to fix all the problems stated here above without near to no changes to the server...


i think that a think-tank post / forum / wiki or whatever should be installed to  think over these kind of features.. selecting packages for sucht a desktop and remastring an iso to accomplish this.  and after that  proposing a specefic list of functions that should be added to zentyal to accomdate this intergration... 

the lot of us really should start on telling developers  what to code  rather than what idea to come up with... i know many of them are really smart  but even they only have 2 hands and 1 brain... 

[arun]

what i think must be done is building a simple  lightweight desktop  based un ubuntu witch should be logging in against the  zentyal ldap db...   

if you want roaming profiles  it should also mount  mount a remote directory as its profile dir  in /home/$username$    but thats not part of the SSO ...   

while reading this document -  creating a ubuntu iso with these packages preconfigured .. should be able to fix all the problems stated here above without near to no changes to the server...

I think this could be an immediate and handy solution ...

[ichat]

there is one more thing that im considering...

when i read the proposal to intergrate a dms  a lot of people was calling for.... dont bloat the server it will get to slow  etc etc etc..  and though i did not agrea with that statement in that usercase BUT it was a valid warning..

and i think it applies to the here and now...   ergo  "lets think hard about ever installing ltsp on the same box as zentyal server.  since ltsp is kind of tought on system resources it might be better to have it installed on special equiped servers.    my point is 'when designing a zentyal desktop' make it as lightweight as possible,   build an ltps server  that can join your zentyal network via a setup wizard (or something in that spirit). 

and only put the management interface on the zentyal box...