Larry Mead TSP - Platform Modernization Microsoft Corporation SESSION CODE: WSV318 John Kelbley Sr. Technical Product Mgr. Microsoft Corporation Linux Windows MySQL/PHP Virtualized Windows / Linux / UNIX on Hyper-V C/C++.NET Services For UNIX Services For UNIX Common Runtime Support for Applications Java UNIX High Performance Virtualization File Services Directory Services Application Sharing and Integration Management Virtual Machine1 Virtual Machine 2 Windows 2000 UNIX to Windows identity mapping Windows Server 2008 R2 UNIX-based NFS clients SuSE Linux 10 Solaris NFS v2/ v3 SMB / SMB 2 Windows 7/Vista Windows-based SMB clients Active Directory / AD LDS Identity Mapping sources (for Mapped Access) UNM (User Name Mapping Server) Active Directory ADLDS (Active Directory Lightweight Directory Services) Authentication options AUTH_SYS No server authentication Kerberos v5 authentication (Krb5) Kerberos v5 integrity and authentication (Krb5i) Microsoft funded research project (NFS 4.1 & pNFS capable standalone Windows client) Center for Information Technology Integration (University of Michigan) Prominent member of the NFS Open Source community First NFS v4.0 and v4.1 Linux implementations Linux NFS maintainer Instrumental in starting pNFS effort in the industry Details (CITI website): Problem: Customer wants to integrate non-Windows systems into Active Directory Solution: Active Directory offers integration options either thru customization or third-party applications Linux SYSTEMSLinux SYSTEMS PAM NSS API YPBIND (NIS) ldapsearch (LDAP) Linux System Auth & AuthzLinux System Auth & Authz PAM NSS NIS ProxyNIS ProxyLAPD ProxyLAPD Proxy Linux Service DaemonLinux Service Daemon Library Active DirectoryActive Directory Linux AD ClientLinux AD Client Windows DesktopsWindows Desktops Windows Server 2008 R2Windows Server 2008 R2 MMC and PowerShell Users and Computers Snapin MMC Snapin orMMC Snapin or Just PowerShell ScriptingJust PowerShell Scripting Kerberos/LDAP Kerberos/LDAP Kerberos/LDAP Authentication Authorization # If the user can authenticate with S/Key, that's sufficient; # allow clear password. Try kerberos, then try plain Linux password. login auth sufficient pam_skey.so login auth sufficient pam_opie.so no_fake_prompts login auth requisite pam_cleartext_pass_ok.so login auth required pam_Linux.so try_first_pass login account required pam_Linux.so login password required pam_permit.so login session required pam_permit.so # The entry '[NOTFOUND=return]' means that the search for an entry should stop if the search # in the previous entry turned up nothing. Note that if the search failed due to some other # reason (like no NIS server responding) then the search continues with the next entry passwd: files ldap nisplus nis shadow: files nisplus nis group: files ldap nisplus nis hosts: files dns netgroup: files nis automount: files aliases: files nisplus More than 2,000 UNIX API calls pthread X11R6 Utilities More than 350 tools and utilities NFS Client NFS Server Hardware Abstraction Layer Open Source tools: Apache, Tcl/Tk, bash, etc. X11 R6 server Windows Apps Windows Apps Other device drivers CDFS FAT NTFS Windows Kernel win32k.sys Win32 Subsystem Windows APIs Windows system admin, commands & networking Windows GUI Windows command Shell SUA/Interix Windows 3rd Party X11 U N I X S D K (gcc) Interix Subsystem UNIX /POSIX APIs UNIX, XPG, POSIX.2 commands & utilities UNIX shells Motif UNIX Applications SSH Daemon Health Service WS-Man Modules SSH Modules SFTP Modules Enumerate Get Invoke Execute Cmd Session Transfer File CIMOM OpenPegasus 2.9 with WS-Management Support CIMOM OpenPegasus 2.9 with WS-Management Support OpsMgr Providers OS Resources WinRM Putty Library New component for Cross Platform Existing v3 or SP1 component Outside dependency Built-in Unix/Linux functionality WS-Man CIMOM OpsMgr Providers OpsMgrOpsMgr WS-Man OS Resources Sign up for TechEd 2011 and save $500 starting June 8 June 31 stYou can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year