You are on page 1of 33

9  Product Documentation

Likewise Enterprise

Features and Benefits


Of Likewise Enterprise
FEATURES
Abstract
• Centralized management of all
your systems — Linux, Unix, Likewise Enterprise lets you join Linux, Unix, and Mac computers to
Windows, and Mac OS X. Microsoft Active Directory, yielding a range of benefits for users, system
• One user, one ID. administrators, and security managers.
• Secure authentication with
Kerberos 5. Users get one ID and single sign-on: They log on once to a workstation that
• Single sign-on. is authenticated through Active Directory and receive Kerberos-based
• Access control. single sign-on for other computers and applications, such as Oracle,
Apache, and SAP. System administrators rest easy with the knowledge
• Group policies for controlling a
variety of settings. that users are securely authenticated with Kerberos 5 and authorized for
• Gnome group policies to lock
access to resources and applicatons. Managers see their operational costs
down Linux computers. drop as their Linux, Unix, and Mac computers are centrally managed within
• Advanced cell technology for Active Directory and configured en masse with Likewise group policies.
managing computers and Security managers find help in their quest for regulatory compliance with
users in Active Directory. Sarbanes-Oxley and the Payment Card Industry Data Security Standard.
• NIS migration tools and
professional services. This document outlines the technical features and benefits of using
• Auditing and reporting modules. Likewise Enterprise.

BENEFITS
About Likewise Enterprise
• Enhances operational
By joining Linux, Unix, and Mac computers to Active Directory – a secure,
efficiency.
scalable, stable, and proven identity management system – Likewise gives
• Helps demonstrate regulatory
compliance. you the power to manage all your users' identities in one place, use the
highly secure Kerberos 5 protocol to authenticate users in the same way on
• Hardens network security.
all your systems, apply granular access controls to sensitive resources,
• Eases the managerial burden
for system administrators and
and centrally administer Linux, Unix, Mac, and Windows computers with
security managers. group policies. Likewise includes reporting and auditing capabilities that
• Reduces the cost of managing can help improve regulatory compliance. The result: lower operating costs,
a mixed network. better security, enhanced compliance.
• Consolidates and simplifies
identity management.
 

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008. 1


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

The information contained in this document represents the current view of Likewise
Software on the issues discussed as of the date of publication. Because Likewise
Software must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Likewise, and Likewise Software cannot guarantee the
accuracy of any information presented after the date of publication.

These documents are for informational purposes only. LIKEWISE SOFTWARE MAKES
NO WARRANTIES, EXPRESS OR IMPLIED.

Complying with all applicable copyright laws is the responsibility of the user. Without
limiting the rights under copyright, no part of this document may be reproduced, stored in,
or introduced into a retrieval system, or transmitted in any form, by any means
(electronic, mechanical, photocopying, recording, or otherwise), or for any purpose,
without the express written permission of Likewise Software.

Likewise may have patents, patent applications, trademarks, copyrights, or other


intellectual property rights covering subject matter in this document. Except as expressly
provided in any written license agreement from Likewise, the furnishing of this document
does not give you any license to these patents, trademarks, copyrights, or other
intellectual property.

© 2008 Likewise Software. All rights reserved.

Likewise and the Likewise logo are either registered trademarks or trademarks of
Likewise Software in the United States and/or other countries. All other trademarks are
property of their respective owners.

Likewise Software
15395 SE 30th Place, Suite #140
Bellevue, WA 98007
USA

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Table of Contents
INTRODUCTION............................................................................5

CENTRALIZED MANAGEMENT ...................................................6


Benefits of Likewise Over a Custom LDAP Solution ......................................8

SECURE AUTHENTICATION WITH KERBEROS 5 .....................9


How It Works .......................................................................................................9
Benefits ..............................................................................................................10
More Information...............................................................................................10

ACCESS CONTROL....................................................................11
Features .............................................................................................................11
Benefits ..............................................................................................................12
More Information...............................................................................................12

CACHED CREDENTIALS............................................................12

SINGLE SIGN-ON........................................................................13
How Likewise Makes SSO Happen .................................................................13
Application Support..........................................................................................14

ADVANCED CELL TECHNOLOGY ............................................15


Linking Cells......................................................................................................16
Using a Default Cell ..........................................................................................17
Cell Manager......................................................................................................17
Benefits of Likewise Cell Technology ............................................................18
More Information...............................................................................................18

GROUP POLICIES FOR LINUX, UNIX, AND MAC .....................18


Filtering by Target Platform .............................................................................20

GNOME SETTINGS .....................................................................21


Benefits ..............................................................................................................22
More Information...............................................................................................22

MAC SUPPORT...........................................................................22
More Information...............................................................................................23

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

MIGRATION TOOLS ...................................................................23

INTEGRATION OPTIONS............................................................24

AUDITING AND REPORTING .....................................................24


Benefits ..............................................................................................................26

LIKEWISE ADMINISTRATIVE CONSOLE ..................................27

BROAD PLATFORM SUPPORT .................................................29

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Introduction
Likewise Enterprise joins Linux, Unix, and Mac OS X computers to
Microsoft Active Directory to centrally manage all your computers,
authenticate users, control access to resources, and apply group policies
to non-Windows computers.

Likewise Enterprise comprises two main components: The Likewise


Management Console and the Likewise Agent.

The console runs on a Windows administrative workstation that can


connect to the Active Directory domain controller and includes
management tools that are integrated into Active Directory Users and
Computers, the Group Policy Management Console, and the Group
Policy Object Editor. The console also includes Cell Manager, an MMC
snap-in for managing Likewise cells.

The Likewise Agent runs on Linux, Unix, and Mac OS computers so that
you can join them to a domain, manage them within Active Directory, and
use single sign-on.

In addition, Likewise Enterprises includes tools for migrating non-


Windows systems to Active Directory and modules for auditing and
reporting.

The following diagram highlights the role of Likewise in a mixed network:

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

More information about the architecture of Likewise Enterprise is


available in the Likewise Technical Overview at
http://www.likewisesoftware.com/resources/technical_notes/LikewiseEnt
erprise4.0_TechnicalOverview.pdf.

With Likewise Enterprise, you get the following features:

• Support for more than 100 Linux, Unix, and Mac OS X platforms

• Centralized management of your mixed network

• One user, one ID

• Cached credentials

• Secure authentication

• Access control

• Single sign-on

• Advanced cell technology

• Group policies for Linux, Unix, and Mac workstations and servers

• Gnome settings centrally managed through Likewise group


policies

• Migration tools

• Auditing and reporting

Each of these features is discussed below.

Centralized Management
Likewise Enterprise empowers you to centrally manage all your
computers in Active Directory — bringing you an array of features and
benefits unavailable with NIS, a custom LDAP solution, or an ad hoc
Kerberos key distribution center.

First, Likewise radically simplifies user account management: It lets you


manage all your users and computers with a single identity management

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

system. Provisioning, password maintenance, security policies, and de-


provisioning can all be done through Active Directory.

Second, Likewise lets you assign a unique ID to each person with


computer access — a best practice and a requirement of such regulatory
standards as the Payment Card Industry Data Security Standard. Active
Directory makes ID assignment simple: one ID, one user. Likewise
extends that functionality to Linux, Unix, and Mac OS X users. With one
unique ID provisioned and centrally managed through Active Directory, a
user can log on Windows, Unix, Linux, and Mac OS X computers with an
encrypted password that is securely authenticated with Kerberos 5
against the Active Directory database.

Third, Likewise lets you assign each user a unique ID in Active Directory
while maintaining your NIS domain user information. When you migrate
Linux and Unix users from NIS domains to Active Directory, Likewise
uses cells to preserve the user information in your NIS domains. A cell
provides a custom mapping of a unique and identifiable Active Directory
user to that user’s UIDs and GIDs.

Fourth, Likewise is integrated with Microsoft Active Directory Users and


Computers (ADUC), which streamlines the management of Linux, Unix,
and Mac users — you can manage them in Active Directory just like you
manage your Windows users. For example, Likewise integrates the
following tab into the user properties sheets in ADUC:

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Benefits of Likewise Over a Custom LDAP Solution

A custom LDAP approach can have the following drawbacks:

• Complexity: With LDAP, you must use certificates and, for


example, SSL for security — which adds a lot of complexity to the
system, making it difficult to set up, troubleshoot, and maintain.

• No site affinity: LDAP will not find the most efficient domain
controller if you change locations.

• No support for cached credentials support. Users won’t be able to


log on computers when the computers cannot connect to the
domain.

• No group policies for centrally configuring and managing


management Linux, Unix, and Mac computers.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Likewise, in contrast, gives you simplicity, site affinity, cached


credentials, and hundreds of group policies.

Secure Authentication with Kerberos 5


Why does enterprise-wide authentication require so much work? For
many businesses, it is because they use different Identity Management
Systems for different operating systems: Windows users might
authenticate through Active Directory, Linux and Unix users might
authenticate through NIS, and Mac OS X users might authenticate
through an ad hoc Kerberos key distribution center. Every time a user
joins or leaves your company, you have to update each of these identity
management systems separately — a time-consuming process that can
leave security holes. The complexity of these identity management
systems and their lack of central management increases the likelihood
that something will go wrong. A user account with access to protected
data, for example, might not get deprovisioned from one of the systems
when the user leaves the company.

Likewise's ability to join non-Windows computers to an Active Directory


domain immediately yields the benefit of making Active Directory's
authentication process available to Unix, Linux, and Mac OS X
computers. Because Active Directory functions as a Kerberos key
distribution center, Likewise can validate Unix and Linux usernames and
passwords with the Kerberos 5 network authentication protocol.
Kerberos lets users and computers communicating over an insecure
network prove their identity to one another in a secure manner.

How It Works

With Likewise, authentication works like this:

1. A user logs on a Linux or Unix client, and the login program gets the
username and password.

2. The username and password are sent to PAM.

3. The pam_lwidentity.so library communicates with the Likewise


authentication daemon.

4. From the username and password, the Likewise authentication


daemon generates a secret key.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

5. Using the secret key, the Likewise authentication daemon requests


a ticket granting ticket, or TGT, from the Active Directory's Kerberos
key distribution center, or KDC.

6. The KDC verifies the secret key and then grants the client a TGT.

7. The client and the KDC exchange messages to authenticate the


client.

8. The Likewise authentication daemon can then use the TGT to


request service tickets for other services, such as SSH.

Benefits

Authenticating Linux, Unix, and Mac computers with Likewise and Active
Directory has the following benefits:

• Consolidate your identity management systems into a single


secure, scalable, stable, and proven identity management
system.

• Stop maintaining /etc/passwd files.

• Reduce your administrators reliance on using the root account,


an insecure practice that runs counter to accepted security
standards and regulations.

• Eliminate labor-intensive ad hoc Kerberos key distribution centers


and custom LDAP implementations.

• Eliminate NIS authentication systems, which are difficult to scale,


cumbersome to implement for multiple operating systems, and far
less secure than LDAP and Kerberos.

• Get a variety of access control methods.

More Information

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

For more information on authentication, see the Likewise Enterprise


Technical Overview at
http://www.likewisesoftware.com/resources/technical_notes/LikewiseEnt
erprise4.0_TechnicalOverview.pdf.

Access Control
This section outlines the Likewise access control mechanisms.

Features

Likewise Enterprise provides several mechanisms to control access to


Linux, Unix, and Mac OS X computers, beginning with the strong
cryptographic mechanism — Kerberos 5 — that Likewise uses to
communicate with Active Directory to verify that a username and
password correspond to a valid user in AD. This fundamental form of
access control lets administrators stop using local accounts on Unix,
Linux, and Mac OS X computers. Instead, Likewise empowers them to
manage all their user accounts centrally in AD. A user is allowed to log
on only if he or she has a valid AD user account explicitly enabled for
Unix, Linux, and Mac access.

In addition, Likewise provides the following mechanisms for controlling


access:

Access Control Mechanism Description


Likewise Cell Technology Only users with membership in a cell
can log on the Unix, Linux and Mac
OS X machines in the cell. Judicious
use of cells can provide a convenient
way of controlling access to different
classes of Unix, Linux and Mac OS X
computers.
Allow Logon Rights Group Policy This Likewise group policy can
(require_membership_of) specify that a user be a member of a
particular group to log on a computer
within the scope of the group policy
object. You can designate one or
more groups. A user is allowed to log
on only if he or she is a member of at
least one of the designated groups.
Logon Hours With Likewise, you can use Microsoft

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Active Directory Users and


Computers (ADUC) to set the days of
the week and times of day that a user
is allowed to log on any Linux, Unix,
and Mac machines.
Logon List Likewise lets you use ADUC to
specify the Linux, Unix, and Mac
computers that a user can log on.
Disable Account With Likewise and ADUC, you can
disallow logons by a user.

Benefits

• Greater control over access to Linux, Unix, and Mac workstations


and servers.

• Access control options to help improve regulatory compliance.

• Improved network security.

• Likewise access reports help demonstrate regulatory compliance.

More Information

Read the Likewise technical note titled Access Control for Linux, Unix,
and Mac OS X available at
http://www.likewisesoftware.com/resources/technical_notes/Likewise_Ac
cessControl_TechNote.pdf.

Cached Credentials
Although modern networks are extremely reliable, network architects
should not rely on perfect connectivity, especially when a network spans
multiple geographic sites. Branch offices and other satellite facilities may
be connected to Active Directory through leased lines or through virtual
private networks (VPNs) that are subject to occasional failure.

Likewise Enterprise tolerates communication failures. The Likewise


agent caches user account information so that it can authenticate users
even if it has temporarily lost connectivity with AD domain controllers. It
uses the same logic employed by Microsoft Windows: If a user has
previously logged on a machine, the machine caches the user’s
credentials and lets the user log on again even when the domain

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

controller is unavailable. The lifetime of the Likewise Enterprise


credential cache can be configured to be short for optimal security or
long for laptop and other computers that may be disconnected for
protracted periods.

Single Sign-On
When you log on a Linux, Unix, or Mac OS X computer by using your
Active Directory domain credentials, Likewise initializes and maintains a
Kerberos ticket granting ticket (TGT). With a TGT, you can log on other
computers joined to Active Directory or applications provisioned with a
Service Principal Name and be automatically authenticated with
Kerberos and authorized for access through Active Directory. In a
process transparent to the user, the underlying Generic Security
Services (GSS) system requests a Kerberos service ticket for the
Kerberos-enabled application or server. The result: single sign-on.

To gain access to the other computer, you can use various protocols and
applications:

• SSH

• rlogin

• rsh

• Telnet

• FTP

• Firefox (for browsing of intranet sites)

• LDAP queries against Active Directory

• HTTP with an Apache HTTP Server

How Likewise Makes SSO Happen

Since Microsoft Windows 2000, Active Directory's primary authentication


protocol has been Kerberos. When a user logs on a Windows computer
that is joined to a domain, the operating system uses the Kerberos
protocol to establish a key and to request a ticket for the user. Active
Directory serves as the Kerberos key distribution center, or KDC.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Likewise configures Linux and Unix computers to interact with Active


Directory in a similar way. When a user logs on a Linux and Unix
computer joined to a domain, Likewise requests a ticket for the user. The
ticket can then be used to implement SSO with other applications.

Likewise fosters the use of the highly secure Kerberos 5 protocol by


automating its configuration and use on Linux and Unix computers. To
ensure that the Kerberos authentication infrastructure is properly
configured, Likewise does the following:

• Ensures that DNS is properly configured to resolve names


associated with Active Directory (AD).

• Provides tools to join Linux, Unix, and Mac OS X computers to


AD.

• Performs secure, dynamic DNS updates to ensure that Linux and


Unix computer names can be resolved with AD-integrated DNS
servers.

• Configures Kerberos. In an environment with multiple KDCs,


Likewise makes sure that Kerberos selects the appropriate
server.

• Configures SSHD to support SSO through Kerberos (by using


GSSAPI).

• Creates a keytab for the computer in the following way: When you
join a Linux or Unix computer to AD, Likewise creates a machine
account for the computer. Likewise then automatically creates a
keytab for the SPN and places it in the standard system location
(typically /etc/krb5.keytab).

• Provides a tool, lwinet, to generate additional keytab entries for


other applications or services.

• Creates a keytab for the user during logon. On most systems, the
user keytab is placed in the /tmp directory and named
krb5cc_UID, where UID is the numeric user ID assigned by the
system.

Application Support

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Likewise supports single sign-on for a variety of applications and


services, including the following:

Application or Service For More Information


Apache HTTP Server See Configuring Apache Web Server for Single Sign-On with Likewise at
http://www.likewisesoftware.com/resources/user_documentation/Likewise-
Apache-SSO-Guide.pdf.
SAP See Using Likewise for Active Directory-Based Single Sign-On with SAP at
http://www.likewisesoftware.com/resources/technical_notes/Likewise-SAP-
SSO-Tech-Note.pdf.
Oracle See Using Likewise for Single Sign-On with Kerberos and Active Directory at
http://www.likewisesoftware.com/resources/technical_notes/Likewise-SSO-
Overview-Tech-Note.pdf.
Network Appliances See Using Likewise for Single Sign-On with Kerberos and Active Directory at
http://www.likewisesoftware.com/resources/technical_notes/Likewise-SSO-
Overview-Tech-Note.pdf.

Advanced Cell Technology


Active Directory uses Organizational Units to group related objects in a
common container to manage the objects in a uniform and consistent
way. To map Active Directory users to Linux and Unix user identifiers
(UIDs) and group identifiers (GIDs), Likewise associates cells with
Organizational Units.

When a Unix or Linux computer running the Likewise agent connects to


Active Directory, it determines the OU of which it is a member and
checks whether a Likewise cell is associated with it. If a cell is not
associated with the OU, the Likewise Agent on the Unix computer
searches the parent and grandparent OUs until it finds an OU that has a
cell associated with it. If an OU with an associated cell is not found, the
agent uses the default cell to map its username to UID and GID
information.

Cells can map a user to different UIDs and GIDs for different computers.
Linux and Unix computers that are in the OU (or an OU nested in it) use
the cell to map AD users to UIDs and GIDs. Likewise Enterprise modifies
the Active Directory User and Computers MMC snap-in so that you can
create an associated cell for an OU and then use the cell to manage
UID-GID numbers. In the following screen shot from ADUC, the example

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

user, Raymond Williams, is allowed to access the Linux and Unix


computers that are in the selected Likewise cells:

Linking Cells

To provide a mechanism for inheritance and to ease system


management, Likewise can link cells. Linking specifies that users and
groups in a linked cell can access resources in the target cell. For
example, if your default cell contains 100 system administrators and you
want those administrators to have access to another cell, called
Engineering, you do not need to provision those users in the Engineering
cell. You can simply link the Engineering cell to the default cell, and then
the Engineering cell inherits the settings of the default cell. Then, to

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

make management easier, in the Engineering cell you can just specify
the mapping information that deviates from the default cell. You can use
linking to in effect set up a hierarchy of cells.

Using a Default Cell

Likewise includes a feature that lets you define a default cell. It handles
mapping for computers that are not in an OU with an associated cell. The
default cell can contain the mapping information for all your Linux and
Unix computers.

A Linux or Unix computer can be a member of an OU that does not have


a cell associated with it. In such a case, the group polices associated
with the OU apply to the Linux and Unix computer, but user UID-GID
mappings follow the policy of the nearest parent cell, or the default cell.
Likewise does not require you to have a default cell.

Cell Manager

Cell Manager is a Likewise MMC snap-in for managing cells associated


with Active Directory Organizational Units. With Cell Manager, you can
delegate management, change permissions for a cell, add cells, view
cells, and associate cells with OUs to provide users and groups with
Linux and Unix access. Cell Manager also lets you filter cells to reduce
clutter and connect to another domain. Cell Manager is automatically
installed when you install the Likewise Console.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Benefits of Likewise Cell Technology

Likewise cell technology provides the following benefits:

• A hierarchical processing model that mirrors the hierarchy of


Active Directory organizational units.

• The ability to maintain existing NIS mapping information for users


and groups when you migrate them to Active Directory.

• The ability to delegate administrative rights by cell.

• The ability to control access to computers. Only users with


membership in a cell can log on the Unix, Linux and Mac OS X
machines in the cell. Judicious use of cells can provide a
convenient way of controlling access to different classes of Unix,
Linux and Mac OS X computers.

• The ability to link cells to streamline administration of Linux and


Unix users.

• The ability to use a default cell to ease administration.

More Information

See Using Likewise Cell Technology To Manage Users and Computers.

Group Policies for Linux, Unix, and Mac


Likewise empowers you to define group policies for computers running
Linux, Unix, and Mac OS X. Likewise includes more than 100 policies
that are custom made for non-Windows computers. All the policies are
integrated into the Microsoft Group Policy Object Editor.

For example, you can use a group policy to control who can use sudo for
access to root-level privileges by specifying a common sudoers file for
target computers. You could, for instance, create an Active Directory
group called SudoUsers, add Active Directory users to the group, and
then apply the sudo group policy to the container, giving those users
sudo access on their Linux and Unix computers. In the sudoers file, you
can specify Windows-style user names and identities. Using a group
policy for sudo gives you a powerful method to remotely and uniformly
audit and control access to Unix and Linux resources.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Likewise stores its Unix and Linux group policies in the same locations
and in the same format as the default Windows group policies -- in the
system volume (sysvol) shared directory. Unix and Linux computers
that are joined to an Active Directory domain receive their group policies
in the same way that a Windows system does:

Likewise gives you the option of creating and editing group policies with
either the Group Policy Object Editor (GPOE) or the Group Policy
Management Console (GPMC). When you use the Group Policy
Management Console, you can view group policy settings.

In the Group Policy Object Editor, the Likewise group policies are in the
UNIX and Linux Settings folder in the console tree under Computer
Configuration; the Likewise user settings are under User Configuration:

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Filtering by Target Platform

With the Group Policy Object Editor, you can set group policies to target
all versions of the following platforms.

• Apple Mac OS X

• CentOS Linux

• Debian Linux

• Fedora Linux

• Hewlett-Packard HP-UX

• IBM AIX

• OpenSUSE Linux

• Red Hat Linux

• Red Hat Enterprise Linux (ES and AS)

• Sun Solaris

• SUSE Linux

• SUSE Linux Enterprise Desktop

• SUSE Linux Enterprise Server

• Ubuntu Linux

The dialog for setting target platforms looks like this:

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Gnome Settings
Likewise Enterprise includes several thousand group policies for Linux
user and computer settings -- policies that are based on the Gnome
GConf project to define desktop and application preferences such as the
default web browser. These Gnome configuration settings can be applied
to Linux computers running the Gnome desktop.

The Gnome policies are integrated into the Group Policy Object Editor,
making it easy to manage and apply them. After you add the Gnome
schemas for your Linux platform, the policies appear in the Unix and
Linux User Settings folder under User Configuration or under Computer
Configuration.

The Gnome-based group policies include user and computer settings for
applications like the browser, help viewer, and main menu. For example,
a user policy can define whether the Gnome volume manager

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

automatically mounts removable storage drives when they are inserted


into a computer. Another Gnome policy can lock down Linux desktops.

Benefits

• Improve the
security of
Linux
computers by
locking down
Linux desktops.

• Centrally
configure
computers and
applications
running the
Gnome
desktop.

• Control access to the command line.

• Manage Gnome settings on a user-by-user or computer-by-


computer basis.

More Information

For more information, see Applying Gnome Settings to Linux Desktops


with Group Policies.

Mac Support
Likewise Enterprise includes extensive
SUPPORTED MAC VERSIONS
support for Mac OS X workstations and
servers. With Likewise, Mac clients can Likewise supports the 32-bit and
gain single sign-on to OS X servers as 64-bit versions of the following
Mac operating systems:
well as Linux and Unix resources by using
• OS X v10.4 PowerPC
a single Active Directory account.
Likewise also includes group policies • OS X Server v10.4
PowerPC
tailored specfically for the Mac, many of
which are shown in the following screen • OS X v10.4 x86
shot: • OS X v10.3 PowerPC

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

More Information

See the Benefits of Joining Mac Computers To Active Directory with


Likewise at
http://www.likewisesoftware.com/resources/technical_notes/LikewiseEnt
erprise4.0_JoiningMacToADTechnicalNote.pdf and the Mac Group
Policy Administrator’s Guide at
http://www.likewisesoftware.com/resources/user_documentation/Likewis
eEnterprise4.0_MacintoshGroupPolicyAdministratorGuide.pdf.

Migration Tools
You can use the Likewise migration tool to import Linux, Unix, and Mac
OS X passwd and group files -- typically /etc/passwd and
/etc/group -- and automatically map their UIDs and GIDs to users and
groups defined in Active Directory. Or, you can choose to generate a
Windows automation script to associate the Unix and Linux UIDs and
GIDs with Active Directory users and groups. Before you commit the
changes, you can resolve ambiguous user names and other conflicts.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Integration Options
Likewise provides multiple possible configurations for integrating Unix
and Linux systems into Active Directory. All of these configurations
require that a user’s Unix- and Linux-specific information be associated
with the user’s Active Directory object. All of these configurations can be
automatically provisioned using IBM’s Tivoli Identity Manager solution or
by using Sun Identity Manager.

Auditing and Reporting


Likewise empowers you to create custom reports about Linux and Unix
users, groups, computers, forests, and domains within Active Directory.
From the Reports tab in the Likewise Console, you can generate the
following reports:

Report Description
Forest Users and Groups Displays all Unix- and Linux-
enabled users and groups in an
Active Directory forest. This
report can also display duplicate
UIDs, GIDs, login names, and

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

group aliases.

User Access Shows the Unix and Linux


machines that each Active
Directory user can access.

Group Access Lists the Unix and Linux


machines that each Active
Directory group can access.

Group Membership Shows the members of each


Unix- and Linux-enabled Active
Directory group.

Computer Access Lists the users who can access


each Unix and Linux computer.

You can choose the information that you want to include in a report by
selecting from a variety of report columns. Depending on the type of
report, you can select different columns for users, groups, computers,
and cells. When you generate a User Access report, for example, you
can select from such report columns as Login Name, Unix Login Name,
User Status, UID, Primary GID, Gecos, Login Shell, and Home Directory.

Each type of report includes filters and options. All the reports let you
filter by domain. Depending on the type of report that you create, you can
choose whether to show disabled users or disabled computers. For
some reports you can limit the number of objects by specifying a
maximum. For example, the Group Access report gives you a report
option to set the maximum number of computers per group.

After you generate a report, you can view, save, preview, and print it.

Likewise outputs the report data in XML but displays it in HTML. After
you generate a report, you can save it in XML, HTML, or CSV by clicking
Save As, and then in the Save as type box, clicking the format that you
want.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Benefits

• Help demonstrate regulatory compliance by generating reports


showing the users and groups that have access to computers in a
cell or OU.

• List all the duplicate UIDs, GIDs, Login Names, and Group
Aliases in an Active Directory forest.

• Generating a report that shows duplicate UIDs, GIDs, Login


Names, and Group Aliases can help you troubleshoot and
resolve conflicts within your Active Directory forest.

• Generate a Computer Access report to show the users who have


access to the Linux and Unix computers in each Likewise cell
within the scope that you specify. You can customize the report
by selecting the user details, computers, and domains that the
report displays.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

• A Group Membership report shows the members of your Unix


and Linux Active Directory groups. You can customize the report
by selecting the user details, group details, domains, and groups
that the report displays.

Likewise Administrative Console


The Likewise Administrative Console is an extensible service for running
management applications, or snap-ins, on a Linux computer. The
following Likewise snap-ins are available after you install the console:

Snap-In Description
Likewise Active Directory Users Provides administrative access to
and Computers users, computers, groups,
organizational units, and Likewise
cells in Active Directory. You can
add, delete, and modify the
properties of Active Directory
objects from your Linux desktop.
It also serves as a Linux-side
ADSI -- you can use it to view and
edit Active Directory attribute
values.
In the Likewise Administrative Console, the Active Directory Users and
Computers snap-in looks like this:

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

To run the console, you must first install Mono 1.2.5.1 and Mono
WinForms 1.2.5.1. Mono is available for free at http://www.mono-
project.com/, and Mono WinForms is available for free at
http://www.mono-project.com/WinForms.

The Likewise Administrative Console runs on the following Linux


platforms:

• SUSE Linux Enterprise Server 10.0

• SUSE Linux Enterprise Desktop 10

• Ubuntu Desktop 7.1

• Red Hat Fedora 7 and 8

• CentOS 5

• Red Hat Enterprise Linux

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Broad Platform Support


Supported
Vendor  Distribution  32‐ 64‐
bit  bit 

AIX 5L 5.2  ‐   
  AIX 5L 5.3  ‐   
OS X v10.3 PPC     
OS X v10.4 PPC     
  OS X Server v10.4 PPC     
OS X v10.4 x86     
CentOS 4.0     
CentOS 4.1     
CentOS 4.2     
  CentOS 4.3 
   
CentOS 4.4     
CentOS 5.0     

Debian Linux 3.1     
 
Fedora Core 3    ‐ 
Fedora Core 4     
Fedora Core 5     
 
Fedora Core 6     
Fedora Core 7     

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Supported
Vendor  Distribution  32‐ 64‐
bit  bit 

HP‐UX 11.11 PA‐RISC ‐ Trusted Mode  ‐   
HP‐UX 11.11 PA‐RISC ‐ Untrusted Mode  ‐   
  HP‐UX 11.23 Itanium ‐ Trusted Mode  ‐   
HP‐UX 11.23 Itanium ‐ Untrusted Mode  ‐   
Oracle Enterprise Linux 4      
Oracle Enterprise Linux 5     
Red Hat Enterprise Linux AS 2.1    ‐ 
 
Red Hat Enterprise Linux ES 2.1    ‐ 
Red Hat Enterprise Linux WS 2.1    ‐ 
Red Hat Enterprise Linux AS 3.0     
Red Hat Enterprise Linux ES 3.0     
Red Hat Enterprise Linux WS 3.0     
Red Hat Enterprise Linux AS 4.0     
Red Hat Enterprise Linux ES 4.0     
Red Hat Enterprise Linux WS 4.0     
Red Hat Enterprise Linux 5.0     
Red Hat Enterprise Linux 5.0 Desktop     
Red Hat Enterprise Linux 5.0 Advanced 
Platform     

Red Hat Linux 7.2    ‐ 

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Supported
Vendor  Distribution  32‐ 64‐
bit  bit 

Red Hat Linux 7.3    ‐ 
Red Hat Linux 8    ‐ 
Red Hat Linux 9    ‐ 
Solaris 8 (SPARC)     
Solaris 8 x86     
Solaris 9 (SPARC)     

Sun  Solaris 9 x86     
Solaris 10 (SPARC)  ‐   
Solaris 10 x86  ‐   
Open Solaris  ‐   
SuSE Linux Desktop 8.2    ‐ 
 
SuSE Linux Desktop 9.0    ‐ 
SuSE Linux Desktop 9.1     
SuSE Linux Desktop 9.2     
SuSE Linux Desktop 9.3     
SuSE Linux Enterprise Desktop 10.0     
OpenSuSE Linux 10.0     
OpenSuSE Linux 10.1     
OpenSuSE Linux 10.2     
SuSE Linux Enterprise Server 9.0     

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

Supported
Vendor  Distribution  32‐ 64‐
bit  bit 

SuSE Linux Enterprise Server 10.0     
Ubuntu Desktop 6.06     
Ubuntu Desktop 6.10     
Ubuntu Server 6.06     
  Ubuntu Server 6.10 
   
Ubuntu Desktop 7.04     
Ubuntu Desktop 7.10     
VMWare ESX Server 2.5    ‐ 
VMWare ESX Server 3.0.1    ‐ 

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.


Product Documentation  

Likewise Enterprise: Features and Benefits Overview

ABOUT LIKEWISE

Likewise Software is an open source company that provides audit and authentication
solutions designed to improve security, reduce operational costs and help
demonstrate regulatory compliance in mixed network environments. Likewise Open
allows large organizations to securely authenticate Linux, UNIX and Mac systems
with a unified directory such as Microsoft Active Directory. Additionally, Likewise
Enterprise includes world-class group policy, audit and reporting modules.
Likewise Software is a Bellevue, WA-based software company funded by leading
venture capital firms Ignition Partners, Intel Capital, and Trinity Ventures. Likewise
has experienced management and engineering teams in place and is led by senior
executives from leading technology companies such as Microsoft, F5 Networks,
EMC and Mercury.

Copyright © 2008 Likewise Software. All rights reserved. 5.15.2008.

You might also like