What's New in Likewise Enterprise 5.0

Authentication, Group Policy, Audit and Reporting

---

The Basics

• Introduction
• Why Customers Choose Likewise Enterprise
• How it Works
• Technical Overview
• Features Overview
• Supported Platforms
• Frequently Asked Questions (FAQ)

In-Depth Features

• New Features in 5.0
• Screenshots
• Group Policy
• Gnome Group Policy
• Cell Technology
• PCI Compliance
• Single Sign-On for Web Applications
• Single Sign-On for Databases
• Single Sign-On for Apache Web Server
• Single Sign-On for ERP & Storage Applications
• Kerberos Authentication
• Cross Forest Trusts
• Cached Credentials
• Reporting
• Likewise Identity Service
• Likewise Administrative Console
• Workgroup Manager Overview
• Workgroup Manager Policies
• Audit and Reporting Overview
• Advantages Overview
• Complying with HIPAA Standards
• Linux Active Directory Integration
• Winbind

New Features:

• The Likewise Identity Service
• Control Mac Preferences with Workgroup Manager and GPOs
• The Likewise Administrative Console
• New Group Policies
• Likewise Enterprise 5.0 Screenshots

The Likewise Identity Service

The Likewise Identity Service, or LWIS, is a next-generation authentication engine for Linux, Unix, and Mac OS X. A highly reliable and industrial-strength application, LWIS gives non-Windows computers advanced capabilities for both local authentication and Active Directory-based authentication.

The LWIS authentication daemon, lsassd, is a single-process, multi-threaded application that can host multiple server-side authentication providers. In Likewise Enterprise 5.0, LWIS includes two distinct authentication providers:

• The local authentication provider is a full local authentication database. With functionality similar to the local SAM authentication database on every Windows computer, the local authentication provider lets you create and manipulate local users and groups.
• The Active Directory authentication provider interfaces with a Microsoft Active Directory forest to authenticate AD users and groups and to manage AD account information.

The Active Directory authentication provider gives you the option of storing ID (UID) and group ID (GID) information either by using RFC 2307 attributes or, if the schema is not RFC 2307-compliant, by using existing object classes and attributes in AD. Changes to your AD schema are not required.

LWIS includes a full MSRPC-compatible DCE/RPC implementation, empowering OEMs and others to build their own Windows-compatible RPC clients and servers. The DCE/RPC framework comes with a full IDL compiler, the DCE/RPC runtime, a platform-neutral threading library, and full support for Windows authentication libraries. LWIS does not use Winbind.

For a detailed list of the features of LWIS, see the Likewise Identity Service page.

Control Mac Preferences with Workgroup Manager and GPOs

Likewise Enterprise lets you set Managed Client Settings for Mac computers with Workgroup Manager, a free server administration tool from Apple for remotely managing user, group, and computer settings on Mac OS X machines. Likewise Enterprise integrates Workgroup Manager with Active Directory by saving Managed Client Settings (MCX) as standard Microsoft Active Directory group policy objects, or GPOs.

By integrating Managed Client Settings in Active Directory as configuration data in GPOs, Likewise preserves the familiar GPO model that makes it easy to review, back up, and copy policies. In short, Likewise lets you apply Managed Client Settings to Macs in the same way that you use GPOs to apply settings to Linux, Unix, and Windows computers.

In a typical deployment in which Mac computers have been integrated with Active Directory by using Apple's AD Directory Service plug-in, Workgroup Manager can be used to store settings for users, computers, and security groups in Active Directory, but only if the Active Directory schema is extended. With Apple's AD Directory Service plug-in, the AD schema must be extended to include both the RFC 2307 attributes and Apple's schema extensions for managed client settings (MCX).

The Likewise Enterprise solution integrates Mac computers with Active Directory and lets you use Workgroup Manager to apply MCX settings without modifying your Active Directory schema, even if you are using a schema that does not comply with RFC 2307. More: You do not need to add additional infrastructure, such as an Open Directory server.

In addition, the Likewise Enterprise 5.0 group policy features for Mac OS X computers are the most comprehensive available. Likewise includes Unix settings for managing syslogs, crontabs, sudoers files, and many other configuration files on a Mac. Likewise also includes additional Mac-specific policies for setting Mac system preferences and configuring security options such as the built-in firewall.

Likewise Enterprise 5.0 supports group policies and Managed Client Settings for Mac computers running OS X 10.4 or later, including Leopard.

The Likewise Administrative Console

The Likewise Administrative Console is an extensible service for running management applications, or snap-ins, on a Linux or Mac computer. The console, for example, lets you run an Active Directory User and Computers snap-in on a Linux computer so you can modify objects in Active Directory without leaving your Linux desktop.

For more information about the console, see the Likewise Administrative Console page.

New Group Policies

Likewise Enterprise 5.0 includes a number of new group policies for Linux, Unix, and Mac workstations and servers, including the following:

• Monitor Sudoers File
• Prepend Domain Name for AD Users and Groups
• Disable System Time Synchronization
• Denied Logon Rights Message
• Set the Computer Group Policy Refresh Interval
• Set the User Group Policy Refresh Interval
• Specify the User Policy Loopback Processing Mode
• Set DNS Servers and Search Domains
• Use a variety of energy-saver policies for Mac OS X computers

Next > > Screenshots