[TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHEL directoryserver

Chris Bullock cgbullock at yahoo.com
Mon Dec 11 09:41:10 EST 2006


I guess I should have mentioned that MS is not an option. $$$
We also have/had an Samba domain, it works, but is not elegant at all. This was a "hurry up we have 24 hours to get this office up and running" situation.  I really don't like the double duty you have to do to have unix and smb users, plus the machine accounts don't seem to always work.  This is my fault but we did not map the "admin" account correctly so there are no "domain admins" for that domain, you have to log in locally to do any admin stuff.

Hope that adds a little to the feed back I get.

----- Original Message ----
From: David McDowell <turnpike420 at gmail.com>
To: Triangle Linux Users Group discussion list <trilug at trilug.org>
Sent: Monday, December 11, 2006 9:26:39 AM
Subject: Re: [TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHEL directoryserver

Also, FYI, w2k3 R2 also has some additional features that work well
with *nix environments as I understand it.  We don't have the R2
release here, but if you are buying today, that's what you get.  Even
without that we are doing AD auth with our Apache web apps and have
just completed doing kerberos auth and setting up IE on our clients
for auto-login to the secured websites based on desktop login
information and it's working great (adding the allowed website to the
Intranet zone and installing the ssl cert so the user doesn't have to
type usr/pwd to login to the web app).  Believe it or not, with
Services for Unix installed on one of our  w2k3 servers, we are also
using it as our NFS install point over the network using the ISO files
and we are now mirroring NCSU's CentOS repo for yum updates.



Now that a couple of us have pimped Microsoft on a linux list... Don't
forget that Samba may or may not also be an alternative you had not
mentioned.  I'd love to know that openLDAP or RHEL Directory server
could meet all your needs, but for us with tons of winXP clients, AD
is the best and we just make all this other stuff work as we can for
the Linux servers.

best of luck,
David


On 12/11/06, OlsonE at aosa.army.mil <OlsonE at aosa.army.mil> wrote:
> well, if you were intending on staying with a windows machine for some
> form of services, i'd highly recommend you migrate nt4 to windows 2003.
> the path is fairly easy, and upgrade is minimal (depending on what nt4
> services you were running). this would also preserve your clients, and
> user names and passwords. if you're really not concerned about this,
> then put in a win2k3 domain controller.
>
> if you have any specific questions about nt4 > win2k3, you can contact
> me off list if you like (or on list even). i rolled out a large scale
> nt4 > win2k3 migration for the government (with 3 remote sites).
>
> user management is definitely a lot easier in win2k3 ad... and ad gives
> you quite a few things you can do with your windows clients. i've heard
> of people migrating off nt4 and using their linux server as a "domain
> controller" so to speak ...but i personally haven't tried it in
> production.
>
> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
> Behalf Of Chris Bullock
> Sent: Monday, December 11, 2006 8:55 AM
> To: trilug trilug
> Subject: [TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHEL
> directoryserver
>
> We have an old dying NT4 domain that we currently use only for user
> authentication to gain access to network services.  We are long overdue
> for an overhaul and I am looking for advice on which direction to go.
> As I mentioned before currently we are using the NT4 domain for user and
> Windows client authentication, our overall goal will be that all mail
> (postfix,) linux systems and users, and other possible MS apps be able
> to authenticate against this.
> Here are my questions:
> 1.  What could be a drop in replacement for our current NT4 domain?
> 2.  What will give us AD type authentication/access and how easy or
> difficult will it be to set up, ie is there anything as easy as the
> click and add feature available in AD?
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member
> Services FAQ : http://members.trilug.org/services_faq/
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
-- 
TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/





 
____________________________________________________________________________________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index



More information about the TriLUG mailing list