Lee Reynolds: On Mon, Dec 31, 2012 at 3:52 PM, Lee Reynolds wrote: > True, but getting a Linux system to work with AD in terms of allowing > users to log in using AD authentication, use their home directories, etc, > etc, is tricky. > REALLY? I will have to clue in the 4 companies I have implemented this for over the last 6 years? Run a quick google and you will see how easy it really is. > Or at least it was several years ago when I last tried to set it up. This > was in 2005 or 06, so things may be much better now. > > I got it working at the time, but we didn't stick with it. We ended up > using a separate OpenLDAP+Kerberos solution that the university keeps > synchronized with AD in terms of usernames and passwords. Other account > details differ however. Most Linux workstations on campus use AFS for home > directories and the UID/GID sequence used hails from the 80's. You can > easily guess how long someone has been around by their UID value. The > lowest I've ever seen is 2104. The highest is well above 600,000. > OpenLDAP+Kerberos is the more secure solution, but the the Kerberos is only important on the linux side. User management is still clearly sitting in the AD domain. > > > > > Lee Reynolds > Systems Analyst Principal > ASU Advanced Computing Center > a2c2.asu.edu > > GWC-558 > 480.965.9460 (Office) > 480.458.7434 (Mobile) > > Have an A2C2 related question or problem? > > Just send an email to the following address detailing > the nature of the question or problem and a service request > will be created automatically: > > support@hpchelp.asu.edu > > > > ________________________________________ > From: plug-discuss-bounces@lists.phxlinux.org [ > plug-discuss-bounces@lists.phxlinux.org] on behalf of Lisa Kachold [ > lisakachold@obnosis.com] > Sent: Monday, December 31, 2012 2:51 PM > To: Main PLUG discussion list > Subject: Re: Windows 8 demo video parody > > Anything that works with ldap works with AD. > > > On Mon, Dec 31, 2012 at 12:08 PM, Lee Reynolds > wrote: > Sadly these other directory service systems don't work with Windows, or at > least they don't make it clear that they do. The page for 389 said past > versions did, which means current versions don't. Apache's product says > nothing about supporting windows, which means it probably doesn't. > > This might not matter to people who only use Linux and its cousins in the > unix world, but this is a matter of utmost importance to people who support > heterogeneous IT environments. > > AD does not support Linux, but Linux (with tweaking) does support AD. > > > > > > Lee Reynolds > Systems Analyst Principal > ASU Advanced Computing Center > a2c2.asu.edu > > GWC-558 > 480.965.9460 (Office) > 480.458.7434 (Mobile) > > Have an A2C2 related question or problem? > > Just send an email to the following address detailing > the nature of the question or problem and a service request > will be created automatically: > > support@hpchelp.asu.edu > > > > ________________________________________ > From: plug-discuss-bounces@lists.phxlinux.org plug-discuss-bounces@lists.phxlinux.org> [ > plug-discuss-bounces@lists.phxlinux.org plug-discuss-bounces@lists.phxlinux.org>] on behalf of Lisa Kachold [ > lisakachold@obnosis.com] > Sent: Monday, December 31, 2012 11:29 AM > To: Mike Butash; Main PLUG discussion list > Subject: Re: Windows 8 demo video parody > > I have to differ that Windows AD is the only directory management beast > out there worth using! > > This is a matter of running a dumbed down OS; running systems that ensure > you don't need to know anything about the systems you support, and we have > all seen from the Microsoft example, that this is a dangerous and UNSTABLE > INSECURE development model. > The "least intellectual investment" philosophy started in the American > Public school systems, decried in the oft heard lament "Oh! Why do we have > to learn this?" and exploited by Microsoft and Apple, is not a good > business decision, but for some reason large companies continue to make > choices based on "ease of support" perhaps due to the small numbers of lazy > Americans who actually want to work for a living or be paid a great number > of frogpelts for nothing (all while Eastern Indians and Middle Easterners > queue up to take anything and everything that can be outsourced). Suddenly > MicroSnot AD becomes a very good economic choice. > > There's: > > 389 Directory Server: http://directory.fedoraproject.org/wiki/Download > > Apache Directory LDAP v3 compliant server http://directory.apache.org< > http://directory.apache.org/> > > FreeIPA is the upstream project for Redhat IPA, which is now bundled in > RHEL 6.2. There are plenty of production implementations of Redhat's IPA, > if you need specific references, Redhat can likely provide them to you. The > RHEL 6.2 package names for IPA are ipa-*. > > > GOsa² provides a powerful GPL'ed framework for managing accounts and > systems in LDAP databases. Using GOsa² allows system administrators to > easily manage users and groups, fat and thin clients, applications, phones > and faxes, mail distribution lists and many other parameters. In > conjunction with FAI (Fully Automatic Installation), GOsa² allows the > highly automated installation of preconfigured systems. GOsa² therefore > provides a single, LDAP-based point of administration for large and small > environments, thus making the administration of users and systems and all > related parameters manageable and easy. More info on > https://oss.gonicus.de/labs/gosa > > ... and a few more? > > > On Mon, Dec 31, 2012 at 10:56 AM, Michael Butash michael@butash.net>>> wrote: > > On 12/31/2012 10:17 AM, Nathan England wrote: > Excellent points. I don't entirely believe 2000 was a bomb. But in all > reality, I don't know anyone that used it. > > I've seen it used, and used it quite heavily at most environments I was at > when still doing more systems stuff. 2003 was obviously much improved > (xp+server stuff) and quickly became defacto, but for at time, it was good > for passage out of the dark ages of 16bit os's. > > > I saw it on a couple servers > and replaced it with linux on a few others. It wasn't horrible, but come > one! Windows ME on an NTOS kernel? I thought the frequent automatic > reboots were a "feature" so I did not have to manually reboot Windows > ME! Windows 2000 destroyed the only good "feature" Windows ME had! > > Hah! Well like most I started life as a windoze guy, and my first > experience with "servers" was using win2k server beta's for adventure in > '99. I was rockin' AD before I'd ever had to futz with NT. Imagine my > horror when I had to inherit some nt4 domains later! > > That said, I learned what DNS, DHCP, LDAP/Kerberos, and IIS were good for > in windoze land, then later replaced them once I got familiar enough with > linux. Learning how network services work under linux without some > prerequisite knowledge is more than a bit daunting, so I was glad to have > had exposure and understanding from windoze worlds. > > All in all, AD still has numerous advantages for directory management that > simply cannot be _easily_ replaced in linux. 99% of times, I'll still see > it paired with linux if for nothing else than authentication and user/group > enumerations (likewise/centrify), and I'm fairly OK with that. > > > Nathan > > > -mb > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org PLUG-discuss@lists.phxlinux.org> > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > -- > > (503) 754-4452 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > it-clowns.com > Chief Clown > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org PLUG-discuss@lists.phxlinux.org> > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > > > > -- > > (503) 754-4452 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > it-clowns.com > Chief Clown > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss > -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com Chief Clown