Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Mar 2008 18:16:35 +0800 (HKT)
From:      "Gelsema, P \(Patrick\)" <gelsemap@superhero.nl>
To:        Nejc =?iso-8859-1?Q?=8Akoberne?= <nejc@skoberne.net>
Cc:        User Questions <freebsd-questions@freebsd.org>
Subject:   Re: Replacing Windows with FreeBSD (was: my brother is making me  learn FreeBSD...)
Message-ID:  <31594.203.127.42.92.1206008195.squirrel@www.superhero.nl>
In-Reply-To: <47E2336A.5050207@skoberne.net>
References:  <000001c88a5c$82d01b40$887051c0$@com> <59945.203.127.42.92.1205999937.squirrel@www.superhero.nl> <47E21DD1.9000806@skoberne.net> <9136.203.127.42.92.1206002915.squirrel@www.superhero.nl> <47E2336A.5050207@skoberne.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Hiya,

On Thu, March 20, 2008 17:50, Nejc Škoberne wrote:
> Hey Patrick,
>
>> AD is nothing more than a big database accessible over LDAP.
>> You connect to the LDAP database, and when you are authenticated you get
>> a
>> kerberos token.
>>
>> Clients use SRV records to check for AD services. SRV Records are
>> supported by BIND. It is possible to run AD and have your DNS/AD zones
>> on
>> a BIND DNS server. I believe you can even find whitepapers from
>> Microsoft
>> for this.
>>
>> Of course certain features are Microsoft specific.
>
> So you are saying that merely setting up an OpenLDAP server with proper
> DNS
> configuration and Kerberos authentication could replace Microsoft AD
> controller?
> How about a group of controllers with all the failover features? Group
> policies?
> Are you sure you could do that just with a "bit of tweaking"? If there are
> Microsoft
> specific features, than FreeBSD can't do anything Windows server does and
> more. I
> am really skeptic about joining a Vista into such a domain. I would really
> love to
> see ONE guy who achieves that. To _completely_ replace Windows server with
> all its
> features with FreeBSD Anyone?

Failover is nothing more than multi master replication and querying a DNS
server for the nearest server which contains an AD database. If the first
record fails try another one, if that fails try another one. This is how
locating AD servers work.

Also why would you want to have a Vista machine in your Freebsd AD domain
;-) You should be running Xorg, Gnome, KDE or whatever, authenticating
against the Freebsd server.

Thinking about it. What about Radius, isnt that already a system that
allows you to manage logons network wise?

>
>> Xorg + openoffice? Why not? Of course the TCO will increase, training
>> etc.
>> It is simpler for the majority of us to stick to windows.
>
> Sorry, but OpenOffice is more featureless than MS Office 2007. There are
> things
> which you can do with MS Office so MUCH easily than with OpenOffice. For
> feature
> comparison see:
>
> http://blogs.zdnet.com/Ou/?p=480
>
> Not to mention performance issues with OpenOffice:
>
> http://www.openoffice.org/product/docs/ms2007vsooo2.pdf
>
> And not to mention, that running Xorg prevents a company from running many
> other
> software (specific to some environment, for example here in Slovenia we
> have many
> small companies which develop various business software - from business
> directories
> to phone books, dictionaries, ... practically none of them can run under
> Windows).

I completely agree with OpenOffice. Thing is that MIcrosoft has been
defined the de facto standard. And yes to have the same features in
OpenOffice as in Microsoft you will have to install more applications.

Dont forget emulators. If you run a 16bit app on windows xp you run in an
emulator. There is even an option telling windows xp which version of
dos/windows to emulate.

> Being a company it is difficult to choose where you live. You could say
> "just don't
> run that software" but I can't say that to users. Because they need that
> stuff.
>

I agree. Business comes first. But users will be used with what they get
as long as it does the job, and b, if it does it fast.

>> yes. I meant that. We are talking out of the box Windows 2008. What kind
>> of functionality are you talking about?
>
> The most important thing: we are talking about ordinary users not a bunch
> of
> math professors who want to run every application from a shell. And those
> users
> want to use things nicely. For example, let's look at the mail system. You
> could
> put a Postfix+amavisd-new+spamassassin+Horde+postfixadmin+ ... bla bla
> stuff on
> your FreeBSD server (I actually run this on many servers). But in that
> webmail,
> you are not able to manage your spam quarantine for example - you have to
> logout
> of Horde and login to Maia Mailguard (before you have to install that
> too), which
> is complicated for users. The problem of "mail" is then cut to so many
> little
> pieces that it may affect user efficiency. The problem with concatenating
> so many
> opensource products is that it is hard to make them work together like a
> charm.
> Microsoft usually (!) provides that (naturally, because it produces all
> those
> pieces).

Spam? What about filtering all the spam into a folder in the mailbox of a
user. Microsoft calls this junk filter/mail. Then run every night a script
which feeds the content of that folder into a spamassassin database. I run
my mailserver onto the Mailtoaster found on www.tnpi.biz and it learns
spam full automatic.

Microsoft and spam? They dont have a proper spam solution. You had to buy
expensive addons for exchange. I believe with forefront that his has
changed but I have no personal experience with this.

I do agree that microsoft has the benefit of everything together where you
will have to install port and port and package to end up with the same
result.

>
> How about group policies? How would you do that with FreeBSD server? Group
> policies
> are "THE" thing you need when managing greater amount of workstations.
>

group policies are nothing more than a bunch of files. Used to be adm
files, dont know what they are now, available on a SYSVOL share available
to the clients. So yes. You can make Group policies available. As long as
the client knows where to get them from you should be ok. I assume that
this information is stored in the AD database. As long as your LDAP
database has the same scheme it should work.

>> At work I use windows a lot. Windows 2003 R2, SCCM, SQL 2005, SCOM,
>> Exchange 2007 and all the other latest stuff from Microsoft. But for all
>> these applications I can use also Freebsd and applications found in
>> ports.
>
> Probably you use it more than I do, I really run FreeBSD servers mostly.
> And I
> have problems with providing nice-packaged, easy-to-use, all-in-one
> software to
> users who are used to that. I use FreeBSD/OS mostly because it is free of
> charge
> and because it is quite costumisable. If MS products would be free of
> charge, I
> would probably switch to them in most cases. I would just keep the OS
> scene for
> our math professors, because you just _can't_ use non-OS software at
> universities. :)

I like to use both unfortunately I am restricted to use windows at work.
Which is ok for me. For an end user the OS makes no difference. There are
big companies, financial companies even which completely run on linux.

it is all about training and expectations.

>> Besides, the point was that the TS wanted to start using somethign else
>> than windows to learn more about OS in general. PPl stick to Windows
>> because they are afraid for change and a learning curve.
>
> I totally agree here. And I agree that it's good to check other things
> too, even
> if it is for learning only. Not only good, I think it is necessary for a
> good admin.
>
> I just don't agree with the statement, that Windows servers are completely
> inferior
> to FreeBSD and you could replace all of them with FreeBSD boxen. If that
> would be
> possible, I would do it already.

Sorry. I did not utter the inferior part. I only said that everything
which you run on windows can also be found on Freebsd.

>
> I really am a FreeBSD guy, I run it for more than 6 years now and I like
> it a lot.
> But I learned to be reasonable and not to say that it is in every way
> superior to
> everything else in the world.
>
> Still just talking, not fighting.

Just writing.
To be honest I think you hijacked the thread but I like the topic. It
makes you think about what microsoft offers you and how much effort is
required to have the same on Freebsd.

If I had the time I would have tried building an network with Active
Directory running on a Freebsd server. Probably would have failed due to
some microsoft specific thing. Point is still that all the features are
available on Freebsd.

However using that. I wouldnt recommend. When I need to do a job, i first
look at the job, what is exactly required and then start working on how to
do it. It might be windows, it might be freebsd.

Each OS has it good points and it bad points.

The OS should be tailored for the task, not the task tailored for the OS.

Cheers

Patrick

>
> Bye,
> Nejc
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31594.203.127.42.92.1206008195.squirrel>