I was bopping around the blogosphere and came across Scott Lowe's blog where he has a number of posts on Linux-Windows integration. Good stuff. It's interesting to see that he surfaces a lot of technical detail around this integration and discussion around Samba also.
Scott clearly has done a lot of work in this area but you can see how difficult this integration is. It's like one of those Mecanno toys you'd construct and if you got one thing wrong you had to deconstruct it and start over again. That's the whole reason d'etre of the Vintela products. Automate all of these details across all of the various platforms that customers are using. Scott presents the nuts and bolts of doing the integration but enabling things like group policy for Linux/Unix, automating UID/GID assignments, building out the PAM stack, automating the configuration of Kerberos, LDAP & NSS are tricky and necessary pieces to enabling true interoperability of not just the identities but also the applications.
I can't tell you how many customers I have met with who all have a similiar story that goes something like this...
- We were able to integrate x flavors of Unix & Linux with Windows in our lab (x is usually >5)
- For the last y months we have been trying to roll-out that work in production (y is usually 6-18 months)
- We can't keep up with the number of versions of Unix & Linux that we have and the differences between each one so it makes maintenance very difficult
- We can't get what we did in the lab to scale-out and scale-up to meet our operational demands
- We've had a bunch of really smart people working on this (always true)
Vintela, Quest Software, Active Directory, identity management