Making the directory hit
In theory, on the Windows side, you don't need to bother with WINS anymore, thanks to AD. That looks great on paper, but implementing AD in the field is still difficult, even when all of the servers are running Windows 2000. On a hybrid network, with NT and Unix servers still using the NT domain style, the complications can get very scary.
Nevertheless, some customers demand AD. Fortunately, you can get AD- and Unix-style directories to get along. One way to hit this home run is to use Windows Services for Unix (SFU) 2.0, enabling one-way password synchronisation. The name of the game here is simply to avoid using Unix directory services entirely. This can actually work quite well in situations where the Linux servers work entirely on the back end, well away from interactive users.
With this one-way synchronisation method, all password changes are handled by AD. This doesn't, however, give you a single login to both networks. You still have to log in twice, in many circumstances. A user can still have problems using the Linux password utility to change their password. All this method really does is enable you to make it possible for user passwords to be set on the Windows 2K system and then automatically have the Unix systems synchronise them. It's no game-winner, but it does cut down considerably on the constant confusion of unsynchronised user/password systems.
Batting practice
If you want to do more, start taking your LDAP practice swings now. Under the surface, AD uses LDAPv3 as its core protocol. To make AD work with Unix/Linux LDAP servers, you can use the C application programming interface (API) to allow AD to talk with external LDAP servers that also use the C API.
If that sounds like too much workâ€"and we can tell you from personal experience that it isâ€"you can make your life easier by using LDAPv3 compliant servers on both Windows 2000 and Linux. The best of these is Innosoft's Distributed Directory Server (IDDS). It runs not only on Windows 2000 and Red Hat Linux, but also on AIX, Compaq's Tru64 Unix, Hewlett-Packard's HP-UX and Sun's Solaris, making it the most flexible choice. Another alternative is Novell's eDirectory, with Linux, Solaris and NetWare (and now, AIX and Tru64 Unix) support. Don't be fooled, though. Getting AD and Unix directories to play as a team is always a custom programming job, even with the best tools.
