[TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHELdirectoryserver

OlsonE at aosa.army.mil OlsonE at aosa.army.mil
Mon Dec 11 09:58:11 EST 2006


I'd definitely look into OpenLDAP then. At a previous company, we were
using that in OSX ...and it worked great.


-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
Behalf Of Chris Bullock
Sent: Monday, December 11, 2006 9:41 AM
To: Triangle Linux Users Group discussion list
Subject: Re: [TriLUG] LDAP vs AD vs NT domains vs eDirectory vs
RHELdirectoryserver

I guess I should have mentioned that MS is not an option. $$$ We also
have/had an Samba domain, it works, but is not elegant at all. This was
a "hurry up we have 24 hours to get this office up and running"
situation.  I really don't like the double duty you have to do to have
unix and smb users, plus the machine accounts don't seem to always work.
This is my fault but we did not map the "admin" account correctly so
there are no "domain admins" for that domain, you have to log in locally
to do any admin stuff.

Hope that adds a little to the feed back I get.

----- Original Message ----
From: David McDowell <turnpike420 at gmail.com>
To: Triangle Linux Users Group discussion list <trilug at trilug.org>
Sent: Monday, December 11, 2006 9:26:39 AM
Subject: Re: [TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHEL
directoryserver

Also, FYI, w2k3 R2 also has some additional features that work well with
*nix environments as I understand it.  We don't have the R2 release
here, but if you are buying today, that's what you get.  Even without
that we are doing AD auth with our Apache web apps and have just
completed doing kerberos auth and setting up IE on our clients for
auto-login to the secured websites based on desktop login information
and it's working great (adding the allowed website to the Intranet zone
and installing the ssl cert so the user doesn't have to type usr/pwd to
login to the web app).  Believe it or not, with Services for Unix
installed on one of our  w2k3 servers, we are also using it as our NFS
install point over the network using the ISO files and we are now
mirroring NCSU's CentOS repo for yum updates.



Now that a couple of us have pimped Microsoft on a linux list... Don't
forget that Samba may or may not also be an alternative you had not
mentioned.  I'd love to know that openLDAP or RHEL Directory server
could meet all your needs, but for us with tons of winXP clients, AD is
the best and we just make all this other stuff work as we can for the
Linux servers.

best of luck,
David


On 12/11/06, OlsonE at aosa.army.mil <OlsonE at aosa.army.mil> wrote:
> well, if you were intending on staying with a windows machine for some

> form of services, i'd highly recommend you migrate nt4 to windows
2003.
> the path is fairly easy, and upgrade is minimal (depending on what nt4

> services you were running). this would also preserve your clients, and

> user names and passwords. if you're really not concerned about this, 
> then put in a win2k3 domain controller.
>
> if you have any specific questions about nt4 > win2k3, you can contact

> me off list if you like (or on list even). i rolled out a large scale
> nt4 > win2k3 migration for the government (with 3 remote sites).
>
> user management is definitely a lot easier in win2k3 ad... and ad 
> gives you quite a few things you can do with your windows clients. 
> i've heard of people migrating off nt4 and using their linux server as

> a "domain controller" so to speak ...but i personally haven't tried it

> in production.
>
> -----Original Message-----
> From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On 
> Behalf Of Chris Bullock
> Sent: Monday, December 11, 2006 8:55 AM
> To: trilug trilug
> Subject: [TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHEL 
> directoryserver
>
> We have an old dying NT4 domain that we currently use only for user 
> authentication to gain access to network services.  We are long 
> overdue for an overhaul and I am looking for advice on which direction
to go.
> As I mentioned before currently we are using the NT4 domain for user 
> and Windows client authentication, our overall goal will be that all 
> mail
> (postfix,) linux systems and users, and other possible MS apps be able

> to authenticate against this.
> Here are my questions:
> 1.  What could be a drop in replacement for our current NT4 domain?
> 2.  What will give us AD type authentication/access and how easy or 
> difficult will it be to set up, ie is there anything as easy as the 
> click and add feature available in AD?
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com
> --
> TriLUG mailing list        :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member 
> Services FAQ : http://members.trilug.org/services_faq/
> --
> TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member 
> Services FAQ : http://members.trilug.org/services_faq/
>
-- 
TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member
Services FAQ : http://members.trilug.org/services_faq/





 
________________________________________________________________________
____________
Want to start your own business?
Learn how on Yahoo! Small Business.
http://smallbusiness.yahoo.com/r-index
-- 
TriLUG mailing list        :
http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ  : http://trilug.org/faq/ TriLUG Member
Services FAQ : http://members.trilug.org/services_faq/



More information about the TriLUG mailing list