Port 25: The Open Source Community at Microsoft : Community, Identity and Authentication

UNIX Interop in Vista Beta 2 and Longhorn Server

jcannon — Thu, 06 Jul 2006 17:06:00 GMT

Another guest blog this week from Identity Management Program Manager, Shamit Patel:
---------------------------------------------

Hi,
Last week, we released two new utilities to help customers achieve UNIX / Windows Interop. The first is a set of utilities and the SDK for the Subsystem for UNIX Architecture (SUA) in Vista Beta 2 & Longhorn. For those unaware, SUA is a native subsystem residing on top of the Windows kernel, just like the Win32 subsystem. It provides the basic infrastructure to run UNIX-based applications and scripts on Windows Vista (Ultimate and Enterprise) and Longhorn Server.

We've also released the UNIX-side components for Identity Management with UNIX. This essentially provides the utilities which enable password sync between Windows and UNIX environments. These are the UNIX-based utilities to enable successful synchronization.

I realize many of you may not be testing Vista or Longhorn, but for those who are, or have corporate testing, we would love to hear your feedback on the product, scripts and documentation.

View full post on Longhorn Server Identity Management for UNIX components and Vista Beta 2/Longhorn Utilities and SDK for UNIX Subsystem.
Download Utilities and SDK for Subsystem for UNIX-based Applications in Microsoft Windows Vista / Longhorn Server Beta 2.
Download UNIX Side Components for Identity Management for UNIX – Shipped with Windows Server codenamed Longhorn Server Beta 2.

Thanks all,
Shamit

Security and Directory Services for UNIX Guide Released

admin — Fri, 30 Jun 2006 18:23:00 GMT

We've got a quick guest blog before the holiday weekend on a new set of interoperability tools released this week by Microsoft, and in conjunction with some very talented folks in our partner, sales & services group. Welcome Luis Camara Manoel, Program Manager for in Communications & Collaboration...take it away Luis:

------------------

(Luis Camara Manoel)

Hi all,
The Interoperability and Migration Solutions team at Microsoft is very happy to have just released the Windows Security and Directory Services for UNIX Guide. This guide details step-by-step instructions for providing security and directory services for mixed Windows and UNIX environments using Active Directory. The approach we followed here describes multiple options to achieve two different system end-states:

1. UNIX clients are enabled to use Windows Active Directory Kerberos for authentication while continuing to use a UNIX-based store for authorization.

2. UNIX clients are enabled to use Windows Active Directory Kerberos for authentication and use Active Directory LDAP for authorization.

We have also added some tools and templates to help plan, develop, deploy, and operate these solutions.

Although this release addresses AD integration only for Solaris 9 and for RedHat 9, it is pretty simple to see how it would apply to other UNIX and UNIX-like systems.

You can download the guide at http://go.microsoft.com/?linkid=5118169 and please let me know what you think. I am very interested in finding out how the guidance is received.

Have a great holiday weekend,
-Luis

The Future of IdMU, help us help you...

admin — Thu, 25 May 2006 14:56:00 GMT

The Future of IdMU, help us help you...

I would like to thank everyone who posted comments in my Identity Management for UNIX intro web session. While I am keen on getting your feedback on Windows 2003 R2 and Longhorn Beta releases, I am also interested in getting your views on the direction you feel that this product should take for future releases. I have received good feedback so far on topics such as: expanding IdMU feature-set to support authentication over LDAP, and providing a Kerberos based solution that knits well with AD.

I would like to hear more ideas and request your opinion on what direction you feel IdMU should take next.

Please take a moment to comment below or submit mail to port25@microsoft.com with the subject: IdMU Ideas. I will be responding to comments and email and look forward to a productive discussion.

-Shamit

Windows Security and Directory Services for UNIX Solution Guide

admin — Thu, 11 May 2006 19:36:00 GMT

Jason Zions pointed us to this newly revised Windows Security and Directory Services for UNIX solution guide, still in beta.

Description of the Guide and access instructions from Luis Camara Manoel, Program Manager, Collaboration Solutions Team:

"The Windows Security and Directory Services for UNIX v1.0 Beta guide provides several solutions for enabling interoperability between UNIX and Windows infrastructures. The solutions included in this Beta release describe multiple options to achieve two different end states:

How to enable UNIX clients to use Windows Active Directory Kerberos for authentication while continuing to use a UNIX-based store for authorization.
How to enable UNIX clients to use Windows Active Directory Kerberos for authentication and use Active Directory LDAP for authorization.

To download and read the solution online, please visit Microsoft Connect: https://connect.microsoft.com/default.aspx. Follow registration procedures and select “The Windows Security and Directory Services Guide for UNIX v1.0” program to enroll and download the beta."

Per Jason: "Although the guide gives step-by-step instructions for setting up AD integration only for Solaris 9 and for RedHat 9, it's pretty easy to see how it would extend to lots of other UNIX and UNIX-like systems."

To download the paper you'll need a Passport Account (the link above will prompt you for one) which is used to send updates, if you wish, on new releases and an announcement when the guide is final.

Let us and Luis know what you think!

Oil and Water?

admin — Fri, 21 Apr 2006 23:35:00 GMT

Oil and Water?

It’s been an interesting week for Interop inside the lab – we’re running an IPSEC interoperability project to test Fedora, OpenSUSE, RHEL, SLES, Ubuntu, and Mandriva with Windows Networking technology, and ran interviews both with the IDMU (Identity Management for Unix) Program Manager and with Paul Moore, CTO of Centrify.

Today I spoke with Jeremy Moskowitz, a Windows/Linux interoperability expert, to get his take on some of the recurring challenges in starting interop projects and why it matters. He’s done a lot of work on the topic of group policy, and writes books and teaches on-site classes for IT professionals.

Sam: What's the main thing that you find people don’t understand about Windows/Linux interop?

Jeremy: People often don’t realize how many points of contact between the two systems you can actually interoperate. I wrote a book with Thomas Boutell, and in 10 chapters we isolated 8 points, including desktop, applications, email, networking and authentication.

Sam: Authentication is an interesting topic – what do you lay out as the main approaches here?

Jeremy: There are a lot of different approaches. For example, if it’s a “mostly Linux” shop that needs to integrate a couple of Windows machines, you’d use OpenLDAP. If it’s a mixed Windows and Linux/Unix shop running Active Directory, integrate Linux & Unix systems as Windows clients.

Sam: Do you cover that in the book? Are you using IDMU to run a Windows NIS master?

Jeremy: When we wrote the book, Win2K3 R2 hadn’t shipped and SFU was a separate application. We decided to write a chapter on updated procedures for Win2K3 R2 as a download from www.winlinanswers.com. It should be available in May, so check back often.

Sam: What do you usually see as the main obstacle in IT shops to do Windows and Linux integration?

Jeremy: Windows and Linux guys in a given company don't talk much – they usually only meet up playing softball on opposite teams at the company picnic.

Sam: Sounds like some cultural interop issues?

Jeremy: There has historically been a religion problem which causes problems in doing these things. I'm a pragmatist - I have Windows running a bunch of systems but my website runs on LAMP. I needed a great web designer and a site he could maintain, and what he knew was PHP.

Sam: What's one great thing people will get out of reading your book?

Jeremy: When I gave my session on interop at LinuxWorld, I asked the audience of about 70 people: “Who here is running Exchange?” 60 people raised their hands. I said, “Keep your hands up. Now drop your hand if you're planning on walking away from your Exchange infrastructure and just to have something that runs on Linux.” One person dropped their hand. Exchange is here and people need to manage it.

So the question is, “How do we use Linux to manage the exchange environment?” In the book we detail an approach that uses a front end Linux server that will, for free, scrub email, scan for viruses, and verify the delivery address for routing across backend mail servers (Exchange, sendmail, etc). You offload things that typically run on the Exchange server and bog it down. By using a Linux box to front-end Exchange, you get more horsepower out of your Exchange server so that you get better performance for what you're paying for.

You can see Jeremy’s new site at http://www.winlinanswers.com, or see other stuff he’s done at http://www.moskowitz-inc.com Jeremy will be answering comments on this thread, so if you have some tough questions about AD interop, OpenLDAP, Samba 3.0, SFU, or related topics, this is the place to ask.

Cheers,
Sam