How to get Windows and Linux to cooperate on the network

It's always been possible for Windows and Linux to cooperate. Now it's easier than ever.

"East is East, and West is West, and never the twain shall meet," is a line from Rudyard Kipling's The Ballad of East and West. It could also apply to Windows and Linux. If you don't know what you're doing, getting the two to meet on the network can seem like it's almost impossible. Fortunately, it has gotten easier over time.

It's not a job though for an average Linux administrator or a Windows Microsoft Certified Systems Engineer (MCSE) who's still wet behind the ears. While parts of it, such as sharing files and printers across a network between Windows and Linux systems, are simple enough, bridging the gap between Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) requires some serious network engineering.

[ Linux School: Getting started with Linix ]

The first part, simply sharing files and printers, can be handled by using Samba as a server or as a client on Linux and Mac desktops. Samba is an open-source program that provides Server Message Block/Common Internet File System (SMB/CIFS) file services. With Samba, your Linux servers can act just like Windows file and printer servers to all your desktop clients. Whether your PCs run Windows 7, XP, Mac OS X, Snow Leopard, or Ubuntu, Samba can get the files to them whenever they need them without much fuss or muss.

But, once you start trying to manage logins and authentication between Linux and Windows systems with just AD or by combining LDAP and AD, things can get complicated. One way to handle this is just not to use AD at all. I know, I know, that's heresy to Windows administrators. But, for small to medium business networks, an LDAP implementation such as OpenLDAP may be all you need for both Windows and Linux servers and desktops. If you need more, there are other network directories that can work for both operating systems that come with enterprise-level support such as Novell's eDirectory.

If you can't wean yourself from AD, and let's face it, there are a lot of reasons to stick with AD, there are other approaches to Linux and Windows network rapprochement. For starters, there's Likewise Software with Likewise Enterprise. With this program, you can Join non-Windows servers to AD. In addition, you have a centralized administration console that lets you provision and manage users and systems no matter whether they're running Linux, Unix, and Mac OS X. Last, but never least, you can use it to provide a SSO (Single Sign-on) regardless of the user's native operating system.

[ And the best Linux desktop distro of all is... ]

If you want to give it a try first, Likewise also offers Likewise Open an open-source program that lets Linux and Mac users authenticate against and join AD domains and forests. This software also enforces AD password policies across Linux systems.

Likewise isn't the only company that tries to get Linux and Windows servers to coordinate with each other. Centrify also offers programs that can get the pair working together. In Centrify's case, Centrify DirectControl works by making a non-Microsoft server, workstation or device appear as a Windows AD client. This enables Windows administrators to secure Linux and Unix systems using their familiar AD authentication, access control and Group Policy services. To this, however, requires a particular client for each version of Linux, Unix, or Mac OS X that you're running.

Samba has also been working on AD integration for Linux in Samba 4. Unfortunately, Samba 4, which involves a complete re-write of Samba as well as adding AD integration, is still a ways from being done. While the current program is certainly worth experimenting with, it can in no way, shape, or form be used on a production network yet.

Of course, there is another entirely different way, which is to use federated identity management to get Windows and Linux to get along on a network. This means that your business can use a SSO to share applications across platforms while using two, or even more, different directory services and security and authentication methods.

Microsoft and Novell have been working together on this since they made their partnership to get Windows and Novell's SUSE Linux Enterprise Server (SLES) working on the same page both on the server and desktop.

Specifically, with Active Directory Federation Services (ADFS) and Novell Access Manager users can use a single login to access network services regardless of whether their home identity is authenticated against Active Directory or Novell's LDAP or eDirectory.

Business SharePoint users in particular have found this very useful. Linux using end-users can log-in to SharePoint services via Access Manager, which transparently forwards the authentication information to ADFS and back again. This lets either Linux desktop users or Windows users who authenticate against Linux servers to use SharePoint without jumping through any additional hoops. This same technique can be used with other Windows corporate network applications.

With the SUSE Linux Management Pack for System Center Operations Manager R2 2007, you can monitor SLES 10 and 11 with Microsoft System Center Operations Manager 2007 R2. With it, Windows administrators can monitor Linux DNS (Domain Name Service); Dynamic Host Configuration Protocol (DHCP); Samba; Lightweight Directory Access Protocol (LDAP); CUPS, Linux printing services; NFS (Network File System); and the Linux firewall.

All this is integrated with the Novell Support Advisor. This is a self-help tool to help system administrators support and diagnose SLES problems. For Windows administrators trying to manage an unfamiliar operating system, this is ideal.

In addition, Novell and Microsoft have made it possible to run virtual machines of each other's servers on their own servers. So, network administrators can run SLES Windows Server 2008 R2 Hyper-V on Windows Server 2008 R2.

If you feel like taking your chances, you can also use the Linux open-source drivers to try to run any Linux on Hyper-V, not just SLES. You can also do the reverse. Thanks to the Xen hypervisor on SLES, you can run most versions of Windows Server on Linux.

If you look at all this, I think it becomes pretty clear that it's really not that hard today to run Windows and Linux on the same corporate network. Ideally Samba 4 will eventually take care of Windows/Linux networking management on the Linux side, but until that day comes there are still many other ways to get the two to cooperate. Or, to paraphrase from Kipling's poem, "But there is neither East nor West, Border, nor Breed, nor Birth, When two strong operating systems stand face to face.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon