Originally Published: Tuesday, 19 September 2000 Author: Chris Campbell
Published to: enhance_articles_sysadmin/Sysadmin Page: 1/1 - [Printable]

Linux and Windows NT 4.0: Basic Administration - Part I

There are many articles on why you should use Linux. The main goal of this article is not necessarily to convince you to use Linux, but to guide experienced NT administrators through the server-based aspects of Linux.

   Page 1 of 1  

There are many articles on why you should use Linux. The main goal of this column will be not necessarily to convince you to use Linux, but to guide experienced NT administrators into the more server-based aspects of Linux, in contrast to Windows NT. However, in the process of covering these topics, several key points have surfaced. Microsoft's push to sell Windows 2000 makes it nearly impossible to find the software necessary to make a machine comparable to Linux. To make a comparable box using Windows NT 4.0, it would be necessary to install the following:

  • Windows NT 4.0 Enterprise (Clustering ability)
  • Windows NT Resource Kit (Posix, C2 compliance)
  • Windows NT Back Office Server:
    • Exchange E-mail Server
    • SQL Server (Database)
    • Site Server (LDAP authentication for commercial web sites)
    • SNA Server (Mainframe connectivity)
    • Proxy Server
    • Systems Management Server
  • Windows NT Terminal Server (Remote desktop access)

With Windows 2000, it would be impossible with currently released software, consisting of:

  • Windows 2000 Datacenter Server (4 way clustering and terminal services)
  • Windows 2000 Resource Kit (Posix, C2 compliance)
  • Microsoft Exchange 2000

As there are no currently available versions of Back Office, that would be about as far as you could go.

Unfortunately, it is also impossible to find accurate pricing for the combination described above. Microsoft BackOffice Server with 5 CALS (client access licenses) retails on the Microsoft site for $3,099.00. Terminal Server, NT 4.0 Enterprise and NT 4.0 Resource kit have been supplanted on the site by Windows 2000. Windows 2000 Datacenter Server would be needed for the 4 way clustering available in Linux, but unfortunately the price for that is listed on the site as 'available only from OEMs.' The closest relative would be the Windows 2000 Advanced Server (2 way clustering) with 25 CALs at $3,999.00. It's not particularly apparent as to when Windows 2000 will be comparable to Linux in ability, but from the pricing we just reviewed, you can guarantee that it won't be even remotely inexpensive. For clarification's sake, Microsoft has released Exchange 2000, but not the remainder of Back Office. All prices are accurate as of 8/29/00.

In all fairness to Novell (another would-be contender for the server market), I did a quick assessment of their product offerings, and they fared even worse. The average price for Novell licensing (based on add-on packs) is about $110 per user (compared to $36.95 for Windows NT)*. But this is just the base OS pricing. Any additional functionality must be purchased, more so with Novell than NT. Considering Novell's downfalls (draconian, but effective, licensing techniques; expensive licensing; a cumbersome interface), the possibility that Novell will ever be comparable to Linux is remote at best. It is still necessary to install a DOS boot partition for Netware 5. Hope you remember where those DOS disks are!

With all of this in mind, it is not hard to see why many Windows NT administrators are choosing the Linux route. Full functionality not currently available in NT is available in Linux, and for no software fiscal investment. The only real investment is the time spent to learn how to perform administrative functions in Linux. Those tasks will be the focus of this column. We'll contrast how each task is performed in NT with how it would be done in Linux.

Functions to be Covered

The functions that will be covered here are based on the network services and administration functions of basic Windows NT, as well as the additional functionality of Windows NT Enterprise, the back office product and terminal services; these are based on the extent of Windows NT's abilities, and in no way indicate all that Linux is capable of.

Pre-Linux Preparation Hints

In preparation for a migration to Linux, It is strongly suggested that Windows NT 4.0 Resource Kit be installed. This comes with a set of Posix compliant applications, which would be well advised to learn in the more familiar NT environment before attempting to navigate in Linux. These commands consist of cat, chmod, chown, cc, cp, find, grep, ln, ls, mkdir, mv, rm, rmdir, sh, touch, vi and wc. Particular emphasis would be placed on learning the shell commands and the vi editor. Please note that the installation of the resource kit does not automatically place the these utilities (\reskit\posix) into the system path, so the directory must be added manually. Also, in order to make use of vi, the following environmental variables must be added:

START -> SETTINGS -> SYSTEM -> ENVIRONMENT

TERM=ansi
TERMCAP=equivalent for your MSDOS window
(Columns x Lines: Most likely "co#100" and "li#60")
_POSIX_TERM=on

As always, it is strongly advised that you read the accompanying text files. Use of the CC compiler, for instance, will require additional system variables.

The vi editor, although very basic, can be found on nearly any Linux or Unix installation, making knowledge of it priceless. Any editing done in the course of this column will be done in vi.

One final note on navigation in Linux. Unlike Windows operating systems, Linux does not see local or remote resources as letters. (C:, for example) Instead, resources are connected and grafted to the local directory tree as a sub-directory. When mounting a resource, such as a floppy, the administrator would type:

#mkdir /mnt/floppy
#mount /dev/fd0 /mnt/floppy

The mount command is followed by the device system location, and then the desired point in the directory tree for the connection to be grafted. Here, it is the mount point directory that we created in the previous command.

Linux refers to the devices on the system by device names. The device files are located in /dev in the system and some of the more common are:

  • eth: ethernet
  • fd: floppy disk
  • hd: hard disk
  • kbd: keyboard
  • loop: loopback device
  • lp: line printer
  • null: null device
  • port: I/O port access
  • psaux: PS/2 mouse
  • ram: RAM disk
  • rtc: real time clock
  • sd: SCSI disk
  • sl: slip device
  • sr: SCSI CD-ROM
  • st: SCSI tape
  • tty: virtual console
  • tun: IP tunnel device

The list shows devices (such as hard drives) indicated as hd, for example. If there is only one hard drive, it is referred to as hda, the second drive, hdb and so on. If it's a SCSI drive, then it's sda and sdb, respectively.

Notes on Installation

For these writings, I have chosen the Mandrake 7.1 version of Linux. It is freely downloadable at www.mandrake.com. I am not endorsing it in any way; I have simply chosen it as I feel that it is most likely the easiest Linux distribution to install.

Being that there are many existing articles on how to install Linux, and as Mandrake is easy to install, we will be taking successful installation as writ. Anyone incapable of installing Mandrake is probably not all that competent with Windows NT. To that end, these articles are probably not for you.

User and Group Administration

The heart of Windows NT administration is undeniably User Manager for domains. Located under:

START -> PROGRAMS -> ADMINISTRATIVE TOOLS

This tool allows the Windows NT administrator to add and configure new users and groups, set user rights, auditing and policies. There are many different configurations that groups and users may have, dependent upon need and desire: The strategics behind these are far too numerous to discuss in detail here. Instead, let's begin the breakdown. To add a user in Windows NT:

START -> PROGRAMS -> ADMINISTRATIVE TOOLS -> USER MANAGER FOR DOMAINS -> USER -> NEW USER.

The administrator is then asked to provide the username, full name, description, and password, and to specify groups for the user to join. Adding a user in Windows NT may also be done from command line:

net user {username} /add /active:{yes/no} /comment:{text}/fullname:{fullname} /homedir:{path} /passwordchg:{yes/no} /passwordreq:{yes/no}
/profilepath:{profilepath} /scriptpath:{scriptpath}
/times:{account access times} /workstations:{workstations}
/del (to remove)

All of the arguments are not necessary to add a basic account; only {username} and /add are. However, not all the arguments are seen when doing 'net user /?'. Using the command 'net user' alone will display all users listed on the system/domain. Typing 'net use {username}' will display all account statistics for {username}. Notably, in both administrative interfaces, it gives the ability to set a home directory. The login script, if properly configured, will attempt to map the user to their home directory (This can also be set as a default in User Manager). The directory itself needs to be created and shared manually. This can be rather cumbersome when administering large networks, so a batch file like the following would be useful:

@echo off
net user %1 /add /homedir:d:\home\%1 /scriptpath:login.bat
mkdir d:\home\%1
net share %1$ d:\home\%1
cacls d:\home\%1 /T /G %1:C Administrator:F

As in Windows NT, there are many ways to add a user in Linux. Most installations come with Linuxconf installed. This administration tool runs both in command line and GUI format. Most installations also come with a version specific configurator. Obviously there are too many to list here, but for the most part they are rather intuitive and often similar to linuxconf.

Linux also has the ability to add a user from command line. There are several ways, actually, but the first and most common way is the 'useradd' command:

useradd {username}

This command not only creates the user, but also creates the user's home directory, sets it as the default location at login, and also creates a mailbox for the user in /var/spool/mail.This avoids additional scripting, as needed for windows NT. The other commands to edit user information follow suit:

  • chfn - changes User Information (such as Fullname, hence the fn)
  • chsh - changes the User login shell (the command line environment)
  • groups - display the groups that a user belongs to
  • passwd - change the user's password
  • userdel - delete the user account
  • usermod - modify the user account

As with all Linux commands, more specific information can be found by typing:

man {command}

In Linux, it's even possible to copy certain files and subdirectories to the user's home directory upon creation. Simply copy the desired files and subdirectories to /etc/skel.

There is another way to add a user. In Linux, all user information is stored in a file, /etc/passwd. This file can be edited by typing:

vipw

The /etc/passwd file will be opened in vi and will contain lines delimited with colons. The format is as follows:

account_name:password:UserID(UID):GroupID(GID:full_name:home_directory:default_shell

It will look something like this:

soup:x:509:100:Chris Campbell:/home/chris:/bin/shs

(The password is represented as X, as it is stored in another file named /etc/shadow.)

Here a line can be added for a new user account, but as this is directly accessinga critical system file, it is suggested that the aforementioned methods be used. NEVER erase any users / lines in this file that you yourself did not create.

It may seem that storing passwords and user information in such an obvious place would be dangerous, but access to these files inherently only allowed to the root user. In Windows NT, all of the password information is stored in a hash file, which is included when a recovery disk is created. Where in Linux it root access would be needed to get at the file, all you need for NT is a recovery disk (see http://www.l0pht.com/l0phtcrack"). Any computer system is in relative danger if anyone other than the administrator can get at the machine itself.

In Windows NT, user account restrictions are partially controlled when adding a user via

START -> PROGRAMS -> ADMINISTRATIVE TOOLS -> USER MANAGER FOR DOMAINS -> POLICIES -> ACCOUNTS

In Linux, all of the restrictions are defined in /etc/login.defs. Here, everything from password aging and expiration to default shells are defined. Users can be restricted via these settings, but as in Windows NT, these restrictions should be done sparingly and only by an experienced administrator.

Group Administration

To add a group in Windows NT:

START -> PROGRAMS -> ADMINISTRATIVE TOOLS -> USER MANAGER FOR DOMAINS -> USER -> NEW LOCAL GROUP.

As with User Administration, Group Administration can be done several ways in Linux: with linuxconf, and often in the Linux variant-dependent administration tool. It is also possible to be done in the shell.

  • groupadd - add a new group
  • groupdel - remove existing group
  • groupmod - modify existing group

Like user administration, the group information is stored in a file, /etc/group. This file can be edited manually also, using the command vigr.

As with users, it is suggested that either the administration tools or the command line method be used to prevent damage to system files.

*The basic NetWare 5.1 Server (5 licenses) comes in at $995.00 with additionallicensing at 25 Licenses for $2,750.00. Contrasted that to the basic Windows 2000 (10 CALS) going for $1199.00, additional CALS at 20 CALS for $739.00.


Chris Campbell knows how to admin NT as well as Linux, and he knows how to party with the ladies. Chris is the head of the new sysadmin section of Linux.com, and can be E-mailed at soup@linux.com with praise or complaints. He was last seen wielding a bottle of Peter Luger's Steak Sauce at his apartment in Philadelphia.





   Page 1 of 1