Lee Reynolds:
On Mon, Dec 31, 2012 at 3:52 PM, Lee Reynolds <
Lee.Reynolds@asu.edu> wrote:
> True, but getting a Linux system to work with AD in terms of allowing
> users to log in using AD authentication, use their home directories, etc,
> etc, is tricky.
>
REALLY? I will have to clue in the 4 companies I have implemented this for
over the last 6 years?
Run a quick google and you will see how easy it really is.
> Or at least it was several years ago when I last tried to set it up. This
> was in 2005 or 06, so things may be much better now.
>
> I got it working at the time, but we didn't stick with it. We ended up
> using a separate OpenLDAP+Kerberos solution that the university keeps
> synchronized with AD in terms of usernames and passwords. Other account
> details differ however. Most Linux workstations on campus use AFS for home
> directories and the UID/GID sequence used hails from the 80's. You can
> easily guess how long someone has been around by their UID value. The
> lowest I've ever seen is 2104. The highest is well above 600,000.
>
OpenLDAP+Kerberos is the more secure solution, but the the Kerberos is only
important on the linux side.
User management is still clearly sitting in the AD domain.
>
>
>
>
> Lee Reynolds
> Systems Analyst Principal
> ASU Advanced Computing Center
> a2c2.asu.edu
>
> GWC-558
> 480.965.9460 (Office)
> 480.458.7434 (Mobile)
>
> Have an A2C2 related question or problem?
>
> Just send an email to the following address detailing
> the nature of the question or problem and a service request
> will be created automatically:
>
> support@hpchelp.asu.edu
>
>
>
> ________________________________________
> From: plug-discuss-bounces@lists.phxlinux.org [
> plug-discuss-bounces@lists.phxlinux.org] on behalf of Lisa Kachold [
> lisakachold@obnosis.com]
> Sent: Monday, December 31, 2012 2:51 PM
> To: Main PLUG discussion list
> Subject: Re: Windows 8 demo video parody
>
> Anything that works with ldap works with AD.
>
>
> On Mon, Dec 31, 2012 at 12:08 PM, Lee Reynolds <Lee.Reynolds@asu.edu
> <mailto:Lee.Reynolds@asu.edu>> wrote:
> Sadly these other directory service systems don't work with Windows, or at
> least they don't make it clear that they do. The page for 389 said past
> versions did, which means current versions don't. Apache's product says
> nothing about supporting windows, which means it probably doesn't.
>
> This might not matter to people who only use Linux and its cousins in the
> unix world, but this is a matter of utmost importance to people who support
> heterogeneous IT environments.
>
> AD does not support Linux, but Linux (with tweaking) does support AD.
>
>
>
>
>
> Lee Reynolds
> Systems Analyst Principal
> ASU Advanced Computing Center
> a2c2.asu.edu<http://a2c2.asu.edu>
>
> GWC-558
> 480.965.9460<tel:480.965.9460> (Office)
> 480.458.7434<tel:480.458.7434> (Mobile)
>
> Have an A2C2 related question or problem?
>
> Just send an email to the following address detailing
> the nature of the question or problem and a service request
> will be created automatically:
>
> support@hpchelp.asu.edu<mailto:support@hpchelp.asu.edu>
>
>
>
> ________________________________________
> From: plug-discuss-bounces@lists.phxlinux.org<mailto:
> plug-discuss-bounces@lists.phxlinux.org> [
> plug-discuss-bounces@lists.phxlinux.org<mailto:
> plug-discuss-bounces@lists.phxlinux.org>] on behalf of Lisa Kachold [
> lisakachold@obnosis.com<mailto:lisakachold@obnosis.com>]
> Sent: Monday, December 31, 2012 11:29 AM
> To: Mike Butash; Main PLUG discussion list
> Subject: Re: Windows 8 demo video parody
>
> I have to differ that Windows AD is the only directory management beast
> out there worth using!
>
> This is a matter of running a dumbed down OS; running systems that ensure
> you don't need to know anything about the systems you support, and we have
> all seen from the Microsoft example, that this is a dangerous and UNSTABLE
> INSECURE development model.
> The "least intellectual investment" philosophy started in the American
> Public school systems, decried in the oft heard lament "Oh! Why do we have
> to learn this?" and exploited by Microsoft and Apple, is not a good
> business decision, but for some reason large companies continue to make
> choices based on "ease of support" perhaps due to the small numbers of lazy
> Americans who actually want to work for a living or be paid a great number
> of frogpelts for nothing (all while Eastern Indians and Middle Easterners
> queue up to take anything and everything that can be outsourced). Suddenly
> MicroSnot AD becomes a very good economic choice.
>
> There's:
>
> 389 Directory Server: http://directory.fedoraproject.org/wiki/Download
>
> Apache Directory LDAP v3 compliant server http://directory.apache.org<
> http://directory.apache.org/>
>
> FreeIPA is the upstream project for Redhat IPA, which is now bundled in
> RHEL 6.2. There are plenty of production implementations of Redhat's IPA,
> if you need specific references, Redhat can likely provide them to you. The
> RHEL 6.2 package names for IPA are ipa-*.
>
>
> GOsa² provides a powerful GPL'ed framework for managing accounts and
> systems in LDAP databases. Using GOsa² allows system administrators to
> easily manage users and groups, fat and thin clients, applications, phones
> and faxes, mail distribution lists and many other parameters. In
> conjunction with FAI (Fully Automatic Installation), GOsa² allows the
> highly automated installation of preconfigured systems. GOsa² therefore
> provides a single, LDAP-based point of administration for large and small
> environments, thus making the administration of users and systems and all
> related parameters manageable and easy. More info on
> https://oss.gonicus.de/labs/gosa
>
> ... and a few more?
>
>
> On Mon, Dec 31, 2012 at 10:56 AM, Michael Butash <michael@butash.net
> <mailto:michael@butash.net><mailto:michael@butash.net<mailto:
> michael@butash.net>>> wrote:
>
> On 12/31/2012 10:17 AM, Nathan England wrote:
> Excellent points. I don't entirely believe 2000 was a bomb. But in all
> reality, I don't know anyone that used it.
>
> I've seen it used, and used it quite heavily at most environments I was at
> when still doing more systems stuff. 2003 was obviously much improved
> (xp+server stuff) and quickly became defacto, but for at time, it was good
> for passage out of the dark ages of 16bit os's.
>
>
> I saw it on a couple servers
> and replaced it with linux on a few others. It wasn't horrible, but come
> one! Windows ME on an NTOS kernel? I thought the frequent automatic
> reboots were a "feature" so I did not have to manually reboot Windows
> ME! Windows 2000 destroyed the only good "feature" Windows ME had!
>
> Hah! Well like most I started life as a windoze guy, and my first
> experience with "servers" was using win2k server beta's for adventure in
> '99. I was rockin' AD before I'd ever had to futz with NT. Imagine my
> horror when I had to inherit some nt4 domains later!
>
> That said, I learned what DNS, DHCP, LDAP/Kerberos, and IIS were good for
> in windoze land, then later replaced them once I got familiar enough with
> linux. Learning how network services work under linux without some
> prerequisite knowledge is more than a bit daunting, so I was glad to have
> had exposure and understanding from windoze worlds.
>
> All in all, AD still has numerous advantages for directory management that
> simply cannot be _easily_ replaced in linux. 99% of times, I'll still see
> it paired with linux if for nothing else than authentication and user/group
> enumerations (likewise/centrify), and I'm fairly OK with that.
>
>
> Nathan
>
>
> -mb
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org<mailto:
> PLUG-discuss@lists.phxlinux.org><mailto:PLUG-discuss@lists.phxlinux.org
> <mailto:PLUG-discuss@lists.phxlinux.org>>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
>
> (503) 754-4452<tel:%28503%29%20754-4452> Android
> (623) 239-3392<tel:%28623%29%20239-3392> Skype
> (623) 688-3392<tel:%28623%29%20688-3392> Google Voice
> **
> it-clowns.com<http://it-clowns.com><http://it-clowns.com>
> Chief Clown
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org<mailto:
> PLUG-discuss@lists.phxlinux.org>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
>
>
> --
>
> (503) 754-4452 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> it-clowns.com<http://it-clowns.com>
> Chief Clown
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss