I started my new job at StorageCraft this week. We produce backup and disaster recovery software for Windows servers and desktops. They have grown big enough to organically grow their development team, and pursue new markets. I think I’m under NDA not to disclose the nature of the projects I’m working on, but given my history, it shouldn’t be difficult to figure some of it out.

One of the nice perks they offered was to purchase books or software that I think would make me more effective at work. So I asked for a RHEL6 Workstation License, and was successful in justifying the purchase. Since I am one of only 4 brand-new employees that have any substantial experience with Linux at all, their entire infrastructure uses Active Directory for authentication. Workstation logins, Version Control, Issue Trackers, WiFi, the VPN, and Email all use it. As a sort of last hurrah as a Systems guy, I decided to get my RHEL workstation “on the domain.” What that really boils down to underneath is allowing PAM to delegate authentication out to the Domain Controllers, so things like GNOME and SSHD can authenticate users “on the domain.”

The process really just boils down to popping up a little GUI, joining the domain, and installing winbind-server. The only thing the GUI does that I had to update the smb.conf file for was to use the default Domain for logins. Gnome didn’t like having the backslash in the username, ie: “WDM\kai.meyer”. With winbind running properly, running the command “id kai.meyer” returns valid user information.

Once I figured out how to authenticate (running “ssh WDM\\kai.meyer@kai-rhel6” just felt wrong), what services were needed (winbind, smb, nmb), and which config files were used (winbind actually uses smb.conf), I feel like I could easily teach our IT guys how to deploy a RHEL6 Workstation for Developers, or a RHEL6 Desktop for other positions like Technical Support, and give them warm fuzzies about eliminating those pesky Windows Viruses.

One more benefit of having my RHEL6 workstation on the domain is configuring samba shares to use Domain Authentication to control permissions to files. My local files can be shared over the domain, and access read-write from any other Windows workstation that I’ve logged into with my account.

I realize all these benefits from joining the domain are fairly small in reality. All of the “features” it provides can be done in so many less-convoluted ways. What really makes it worth it is having the IT guys go, “You can do what?!?”