Practical Technology

for practical people.

Likewise open-sources Active Directory authentication for Linux


Like it or lump it, Microsoft’s Active Directory is a very popular network directory, and thus, management system. It’s been possible to use AD for Linux, but it was never easy. Now, Likewise Software, formerly Centeris, a leader in mixing and matching Windows and Linux network solutions, has announced the first open-source version of release of version 4.0 of its cross-platform authentication software: Likewise Open.

This is an open-source community project that enables core AD authentication for Linux. Likewise Open’s source code is available today under the GPLv3. With this code, experienced Linux users and Linux vendors can integrate open-sourced AD Linux authentication into their distributions. The company has already packaged versions of Likewise Open for openSUSE 10.3, Fedora 8, and Ubuntu 7.10.

With Likewise Open, users will be able to use a single log-in and password for both their Windows and Linux PCs to gain access to a Windows or Samba-based network resources. The program also enables credential caching for offline log-on in the event of temporary loss of connectivity to the Active Directory Domain Controller. Last, but not least, users can also use this single log-in for a SSO (single sign on) for SSH (Secure Shell) and PuTTY sessions.

For administrators, Likewise Open will enable them to apply AD security settings on individual Linux machines to enforce password complexity and aging. In the future, it will be possible to use other AD management tools on Linux systems.

Gerald Carter, a senior Likewise Software developer and long-time member of the Samba core development team, will serve as the Likewise Open’s project director.

“Likewise Open represents our commitment to providing solutions that foster true interoperability between Windows and Linux for enterprise organizations,” Carter said in a statement. “Making Likewise Open available will help a number of organizations that have had difficulties with authentication across multiple platforms. We look forward to working with our technology partners and the open-source community to continue to improve authentication and access management solutions for mixed network environments.”

This could be a major step forward for Linux system acceptance in businesses using Windows-centric network. “Likewise Open will allow NIH [National Institutes of Health] to reduce costs by joining our Linux systems to Active Directory,” said Jeff Plum, a senior engineer at NIH. “By working with the open-source community, Likewise Software has made it easy for Linux distributors to include Active Directory authentication as part of the operating system and easy for centers like ours to deploy the solution.”

At the same time, Likewise Software isn’t doing this on its own and hoping that Linux companies will follow its lead. The company has already formally partnered with Red Hat and Canonical, Ubuntu’s sponsor and informally with Novell. Likewise Open will be incorporated into the next versions of Ubuntu, Red Hat and SUSE.

“We are excited about the Likewise Open project and the solutions that it will provide Canonical’s enterprise customers and other major deployments of Ubuntu,” said Mark Shuttleworth, founder of the Ubuntu project, in a statement. “Likewise Open allows us to provide end users of the Ubuntu operating system the ability to join their systems to Microsoft Active Directory for user authentication. We look forward to the debut of Likewise Open in the April release of Ubuntu 8.04 Long Term Support.”

Red Hat is on board too. “Likewise Open is an important development for our enterprise customers who wish to use open-source software to enable users of Red Hat Enterprise Linux to authenticate against Active Directory,” said Karl Wirth, Red Hat’s director of security business. “We plan to ship Likewise Open together with Samba in Red Hat Enterprise Linux 5.2.”

After an early evaluation of Likewise Open by eWEEK’s Jason Brooks, it’s easy to see why the Linux vendors are enthusiastic about Likewise Open. While not perfect, it makes integrating AD and Linux systems much easier than the ad hoc, duct tape measures often used in the past to get AD and Linux working together.

The company also announced the release of the next commercial version of its AD/Linux and other operating system integration program: Likewise
Enterprise 4.0.

“The non-Windows desktop group policy advancements in Likewise Enterprise 4.0 are a significant advancement,” said Guy Lunardi, Novell’s senior product manager for the SUSE Linux Enterprise Desktop.

“With thousands of group policies to offer, Novell and Likewise Software are working with some of our largest SUSE Linux Enterprise Desktop customers to lock down their desktops with Likewise Enterprise, for increased security and control. The ability to manage SUSE Linux Enterprise Desktop machines using existing Active Directory group policies makes it even easier for customers to deploy Linux desktops alongside their existing Windows machines.”

Likewise Enterprise 4.0 includes more than 500 Active Directory Group Policies for managing Linux, Unix and Mac servers and desktops. These include policies for security, authentication and identification, log-on, display, message, logging and audit, file system and tasks.

It also includes Linux desktop support. With this, administrators can set Linux desktop user configuration settings from AD. Thus, managers can centrally manage Linux desktops, easily set consistent group policy, and lock down desktop security with their familiar AD management tools. You can apply settings for the most popular Linux desktop applications such as Firefox and Evolution.

You don’t have to manage AD from Windows with Likewise installed. Likewise makes it possible for Linux and Unix administrators to manage AD from their systems with the Likewise Administrative Console. This is a pluggable framework that provides MMC (Microsoft Management Console)-like functionality and runs on any Linux platform.

Likewise Enterprise 4.0 also allows local network managers to organize branch office organizational unit-level deployment and administration without enterprise domain administrative privileges. In addition, Likewise Enterprise 4.0 streamlines the customer’s ability to allow users and groups to access resources by linking cells to share attributes across organizational units.
A version of this story first appeared in Linux-Watch.

Leave a Reply