Kangaroot SUSE TechUpdate Interoperability SUSE Linux Enterprise and Windows

Similar documents
SUSE Linux Enterprise Server in an Active Directory Domain

SUSE Customer Center Roadmap

Advanced Systems Management with Machinery

Using SUSE Linux Enterprise to "Focus In" on Retail Optical Sales

Operating System Security Hardening for SAP HANA

We are watching SUSE

Relax-and-Recover. Johannes Meixner. on SUSE Linux Enterprise 12.

Implementing Linux Authentication and Authorisation Using SSSD

Using btrfs Snapshots for Full System Rollback

Running SAP HANA One on SoftLayer Bare Metal with SUSE Linux Enterprise Server CAS19256

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

SUSE Linux uutuudet - kuulumiset SUSECon:sta

Apache LDAP Configuration

Configuration Management in SUSE Manager 3

Ceph Distributed Storage for the Cloud An update of enterprise use-cases at BMW

Installing, Tuning, and Deploying Oracle Database on SUSE Linux Enterprise Server 12 Technical Introduction

Challenges Implementing a Generic Backup-Restore API for Linux

CAS18543 Migration from a Windows Environment to a SUSE Linux Enterprise based Infrastructure Liberty Christian School

DevOps and SUSE From check-in to deployment

How To Make A Cloud Work For You

SUSE Storage. FUT7537 Software Defined Storage Introduction and Roadmap: Getting your tentacles around data growth. Larry Morris

Big Data, SAP HANA. SUSE Linux Enterprise Server for SAP Applications. Kim Aaltonen

High Availability Storage

Wicked A Network Manager Olaf Kirch

Build Platform as a Service (PaaS) with SUSE Studio, WSO2 Middleware, and EC2 Chris Haddad

Public Cloud. Build, Use, Manage. Robert Schweikert. Public Cloud Architect

HO15982 Deploy OpenStack. The SUSE OpenStack Cloud Experience. Alejandro Bonilla. Michael Echavarria. Cameron Seader. Sales Engineer

Using SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure

Btrfs and Rollback How It Works and How to Avoid Pitfalls

TUT5605: Deploying an elastic Hadoop cluster Alejandro Bonilla

Single sign-on websites with Apache httpd: Integrating with Active Directory for authentication and authorization

Apache Authentication, Authorization, and Access Control Concepts Version 2.2

SUSE OpenStack Cloud 4 Private Cloud Platform based on OpenStack. Gábor Nyers Sales gnyers@suse.com

SUSE Enterprise Storage Highly Scalable Software Defined Storage. Gábor Nyers Sales

Deploying Hadoop with Manager

Setting up a DNS MX Record for mail.corp.com p. 327 Installing Fedora on the Front-End Mail Server with the Postfix and SpamAssassin Packages

Software Defined Everything

Oracle Products on SUSE Linux Enterprise Server 11

Open Enterprise Server Product Roadmap Presentation

How an Open Source Cloud Will Help Keep Your Cloud Strategy Options Open

SUSE Manager 1.2.x ADS Authentication

Workflow und Identity Management - Genehmigungsprozesse, Role Mining, Role Design und Compliance Management

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

SUSE Linux Enterprise 12 Security Certifications

File Management Suite. Novell. Intelligently Manage File Storage for Maximum Business Benefit. Sophia Germanides

High Availability and Disaster Recovery for SAP HANA with SUSE Linux Enterprise Server for SAP Applications

Linux w chmurze publicznej SUSE na platformie Microsoft Azure

SUSE Linux Enterprise 12 Security Certifications Common Criteria, EAL, FIPS, PCI DSS,... What's All This About?

From Idea to Working Deployment:

Securing Your System: Security Hardening Techniques for SUSE Linux Enterprise Server

Of Pets and Cattle and Hearts

Guide to Web Hosting in CIS. Contents. Information for website administrators. ITEE IT Support

Linux Troubleshooting. 5 Days

Novell Remote Manager Administration Guide

Novell Collaboration Vibe OnPrem

kgraft Live patching of the Linux kernel

Novell Archive and Version Services Administration Guide

2 Installing Privileged User Manager 2.3

HO5604 Deploying MongoDB. A Scalable, Distributed Database with SUSE Cloud. Alejandro Bonilla. Sales Engineer abonilla@suse.com

Linux/Windows Security Interop: Apache with mod_auth_kerb and Windows Server 2003 R2

SUSE Cloud 5 Private Cloud based on OpenStack

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Integrating Red Hat Enterprise Linux 6 with Microsoft Active Directory Presentation

Getting Started Guide

Data Center Automation with SUSE Manager Federal Deployment Agency Bundesagentur für Arbeit Data Center Automation Project

CA Spectrum and CA Embedded Entitlements Manager

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Migration Tool Administration Guide

Patch Management Reference

Building Open Source Identity Management with FreeIPA. Martin Kosek

ICANWK401A Install and manage a server

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Kerberos and Single Sign On with HTTP

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

User Source and Authentication Reference

Open Source High Availability Writing Resource Agents for your own services. Lars Marowsky-Brée Team Lead SUSE Labs

COURCE TITLE DURATION LPI-202 Advanced Linux Professional Institute 40 H.

Migration Tool Administration Guide

Domain Services for Windows Administration Guide

Installing Management Applications on VNX for File

Patch Management Reference

Setup Guide Access Manager 3.2 SP3

How SUSE Is Helping You Rock The Public Cloud

FreeIPA - Open Source Identity Management in Linux

Novell Identity Manager Resource Kit

ZENworks Virtual Appliance Deployment and Administration Reference

GL254 - RED HAT ENTERPRISE LINUX SYSTEMS ADMINISTRATION III

Implementing the SUSE Linux Enterprise High Availability Extension on System z Mike Friesenegger

What is included in the ATRC server support

Administration Quick Start

Transcription:

Kangaroot SUSE TechUpdate Interoperability SUSE Linux Enterprise and Windows Gábor Nyers Systems Engineer @SUSE gnyers@suse.com

Agenda 14:00 Kangaroot Update SUSE Update Data Center Interoperability the playfield Scenario's SLES Participating in a Active Directory domain Integration of Apache on SLES with Active Directory 15:30 Pause SLES and Samba as domain controller Remote Desktop On the bleeding edge: Btrfs + Snapper + Samba = FSRVP 17:00 Refreshments 18:00 End 2

SUSE Update

SUSE Update Last 3 months Changes in the Subscription Model SUSECon 2012 Visit the SUSE channel on YouTube SUSE Manager Proof of Concept Programma 4

SUSE Update Next 3 months SUSECon 2013 SUSE Cloud Topic of the next TechExchange New SUSE Customer Center New SUSE Partners in The Netherlands 5

SUSE Update Improving services to help SUSE customers Events, Workshops, Seminars TechExchange and TechTalk's Workshops for Special Interests, e.g.: High Availability, RPM Packaging, SUSE Customer Center update Trainings, Certification Advanced Technical Trainings CLA, CLP, CLE RHCE CLP or CLE 6

SUSE Update Improving services to help SUSE customers Assessments In co-operation with partners Fix price / fix duration Topics: Health check Patch Management Disaster Recovery Security and Hardening Migration physical to virtual 7

Interoperability Scenario's

Data Center Interoperability The Playfield Platforms Mainframe Observable trends (in general): Legacy Unix holds or declines Mainframe: Linux Windows z/os holds Linux on System z emerging Linux and Windows grow UNIX 9

Linux Windows Interoperability The playfield Platforms Interoperability Topics Linux Mainframe UNIX Windows > Services < Virtualization Systems Management Documents Scripting Languages Porting and running software 10

SUSE Linux Enterprise Windows Interoperability Example Services 1/2 Windows using services of SUSE Linux Enterprise (*) File and printer shares (Samba) Domain services (Samba) Directory services (Samba 4, openldap) Web services (Apache, Tomcat,...) Network Proxy (Squid) E-mail (Postfix, Dovecot) Databases (MySQL, PostgreSQL) SSL certificates (OpenSSL, YaST CA) Remote Desktop (NX) DNS, DHCP VoIP (Asterisk) etc... 11 (*) in braces the involved components on SLES

SUSE Linux Enterprise Windows Interoperability Example Services 2/2 SUSE Linux Enterprise using services of Windows File and printer shares (Samba) Domain services (Samba) Directory services (Winbind) Web services Network proxy Databases (FreeTDS, JDBC) SSL certificates Remote Desktop (rdesktop) DNS, DHCP etc... E-mail (Postfix, Dovecot) 12 (*) in braces the involved components on SLES

Scenario's 1. SLES Participating in an Active Directory domain 2. Integration of Apache with Active Directory 3. SLES and Samba as domain controller 4. Windows Remote Desktop on Linux 5. Prototype Samba implementation of Recovery Point 13

Scenario's Practical value vs. Maturity Maturity 4 Enterprise 2 1 3 1 2 3 4 SLES Participating in an Active Directory domain Integration of Apache on SLES with Active Directory SLES and Samba as domain controller Windows Remote Desktop on Linux 5 Emerging 5 Prototype Samba implementation of Recovery Point Practical value 14

Overview of SMB versions (*) Samba 3.6 supports SMB 1.0, 2.0 and partly 2.1 (*) see also this blog article 15

Scenario 1: SLES as member server in Active Directory domain Features SLES as member server in an Active Directory domain Used services Directory and Authentication through Winbind Mount Windows file share Provided services File and print sharing for Windows workstations PAM integration Technology components SLES 11 SP2 Samba (v3.6) Windows 2008 R2 Windows XP and 7 Troubleshooting: wbinfo, smbclient, strace, lsof, netstat, tcpdump, Wireshark Logs: /var/log/samba/* 16

Scenario 1: SLES as member server in Active Directory domain PAM Demo 1 SSH service Demo 2 Active Directory SLES 11 SP2 Mount share Demo 3 Shared folder Windows 2008 R2 Role: Member server in AD: ad.demo.lan Hostname: interop01 File share Demo 4 Mapped share Role: AD Domain Controller AD: ad.demo.lan Hostname: win200864 Mapped share Mapped share Windows XP (winxp01.ad.demo.lan) Windows 7 (win764.ad.demo.lan) 17

Scenario 1: SLES as member server in Active Directory domain Steps on SLES Steps on Active Directory Join the domain using YaST Windows Domain Membership Manually configure pam_winbind to restrict allowed users /etc/security/pam_winbind.conf [global] cached_login = yes krb5_auth = yes krb5_ccache_type = FILE debug = yes require_membership_of = "SLES Shell Users" Add group SLES Shell Users Add user Administrator to SLES Shell Users Steps on Windows Workstations Map share \\interop01\homes See also: Interop Demo appliance 18

Scenario 2: Integration of Apache on SLES with Active Directory Features SLES as member server in an Active Directory domain Browsers running on Windows workstations can transparently log in to Web applications Active Directory as provider for: Authentication through Kerberos Authorization through LDAP Provided services Web services by Apache/Tomcat Technology components SLES 11 SP2 Samba (v3.6), mod_kerb_auth Windows 2008 R2 Windows XP and 7 Troubleshooting klist, strace, lsof, netstat, tcpdump, Wireshark Firefox add-in Live Headers Logs: /var/log/apache2/*, /var/log/messages 19

Scenario 2: Integration of Apache with Active Directory Apache mod_kerb_auth 3 Active Directory (LDAP) SLES 11 SP2 / 2 Kerberos Windows 2008 R2 Role: Member server AD: ad.demo.lan Hostname: interop04 /secure 1 Role: AD Domain Controller AD: ad.demo.lan Hostname: interop01 4 Firefox Internet Explorer Windows 7 (win764.ad.demo.lan) 20

Scenario 2: Integration of Apache with Active Directory Configuration steps Steps on SLES Join domain Create keytab Configure Apache Steps on workstations Configure Integrated Authentication for browsers Steps on Active Directory Add user sles-apache Add group SLES Web Users Add user Administrator to SLES Web Users See also: HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol (MSDN) See also: Interop Demo appliance 21

Configure Apache for Kerberos authentication LoadModule auth_kerb_module /usr/lib64/apache2/mod_auth_kerb.so LoadModule ldap_module /usr/lib64/apache2/mod_ldap.so LoadModule authnz_ldap_module /usr/lib64/apache2/mod_authnz_ldap.so <Location /secure> AuthName "---Restricted Access, please use your Active Directory credentials---" AuthType Kerberos KrbMethodNegotiate on KrbMethodK5Passwd on Krb5Keytab /etc/apache2/conf.d/sles-apache.krb5.keytab KrbAuthRealms AD.DEMO.LAN KrbServiceName HTTP/interop02.ad.demo.lan@AD.DEMO.LAN KrbLocalUserMapping On AuthLDAPBindDN cn=sles-apache,cn=users,dc=ad,dc=demo,dc=lan AuthLDAPBindPassword SecretPassword AuthLDAPURL "ldap://win200864.ad.demo.lan:389/dc=ad,dc=demo,dc=lan?samaccountname" AuthLDAPGroupAttribute member Require ldap-group cn=sles Web Users,cn=Users,dc=ad,dc=demo,dc=lan </Location> 22

Configure Firefox for Integrated Authentication Firefox is by default not enabled for the Negotiate authentication 23

Configure IE for Integrated Authentication IE is by default not enabled for the Negotiate authentication 24

Scenario 3: SLES and Samba as Domain Controller Features SLES as domain controller (NT style) Windows workstations can consume domain, file- and printer shares Optional: Samba configuration in replicated LDAP directory Technology components SLES 11 SP2 Samba (v3.6) (OpenLDAP) Windows XP and 7 Troubleshooting smbclient, strace, lsof, netstat, tcpdump, Wireshark Logs: /var/log/samba/* 25

Scenario 3: Overview Demo 1 Demo 2 OpenLDAP Directory Samba config Samba Domain service Domain Users and Groups File share Printer share SLES 11 SP2 Mapped share Network printer Network printer Mapped share Windows XP Windows 7 26

Scenario 3: Configuration Steps Steps on SLES Configure LDAP server using YaST Configure Samba domain using YaST Steps on Windows clients Join Samba domain See also: Interop Demo appliance 27

Scenario 4: Remote Desktop Use case Using the build in Remote Desktop capability, log in on a Windows system Technology components SLES 11 SP2 rdesktop tsclient Windows 2008 R2 Windows XP and 7 Troubleshooting netstat, tcpdump, Wireshark 28

Scenario 4: Overview Remote Desktop service Remote Desktop service Virtual Desktops Windows 7 Windows XP VDI farm Remote Desktop client SLED 11 SP2 29

Scenario 4 Configuration Steps On SLE client Install the packages: rdesktop and tsclient Configure remote desktop systems On Active Directory domain controller: Create AD Group: Domain Remote Desktop Users Add On Windows systems Add the AD group Domain Remote Desktop Users to local group Remote Desktop Users See also: Interop Demo appliance 30

Scenario 5: Prototype Samba implementation of Recovery Point Features Through integration of Btrfs, Snapper and Samba, SLES 11 SP2 is providing a file share Automatic snapshots create by Snapper provide Recovery Points for files Through Windows Explorer clients may access older versions of a file Technology components SLES 11 SP2 Btrfs and Snapper(prototype) Samba 4(prototype) Windows XP and 7 See also: David Disseldorp's Bleeding Edge Samba and Snapper appliance 31

Scenario 5: Demo Automatic snapshots by Snapper Previous versions of test.txt in Explorer File test.txt is changed Samba4 service File share File test.txt is created Now SLES 11 SP2 Network share Windows XP 32

For more information please visit our website: www.suse.com Thank you. 33

Unpublished Work of SUSE. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information