On 12/31/2012 04:21 PM, Lisa Kachold wrote:
> Lee Reynolds:
>
> True, but getting a Linux system to work with AD in terms of
> allowing users to log in using AD authentication, use their home
> directories, etc, etc, is tricky.
>
>
> REALLY? I will have to clue in the 4 companies I have implemented this
> for over the last 6 years?
> Run a quick google and you will see how easy it really is.
>
>
Just out of curiosity, what do you all use for ad auth/integration (or
if you bother)? I know setting up kerberos, samba, etc manually works,
but I'd always found it somewhat a pain until likewise-open became
mainstream packaged. It's one command to trust it to the domain, and I
simply add admin groups as sudoers. Can get way more granular with rbac
from there, but most times I don't end up needing to bother.
sudo apt-get install likewise-open
sudo domainjoin-cli join --ou assets/phx1/svr/lin ad.corpdomain.com username
## visudo and add ad groups
## likewise ad groups
%DOMAIN\\it-lin-manager1 ALL=(ALL) ALL
## done!
I've worked in a company that use Centrify for the same thing (Cisco
oem's it in their linux appliances when ad integration is needed too),
but seems way more functional than the biz used in my experience
(ad logins, uid/gid enumerations), and it supported unixes they had here
and there too. Likewise enterprise looks awesome, extending the ldap
schema in AD to manage linux boxen with gpo's, but the cost is
prohibitive enough for me to even bother testing in my lab (home) to
recommend to anyone. Sadly no keygens floating around for either to
even play with them, so rather hard to recommend one over another (or
upsell from free version) for a big spend. Their loss, I don't buy
before I try, and I'm not keen on crippled or time-locked demo's.
Sysadmin is more of a personal interest, and usually don't consult
directly for systems vs network/security that is my staple, so people
don't usually ask me outside of casual chat. However, anytime I do
deploy customer linux systems these days, and extensible admin ability
is essential, so I'm curious what other practical solutions folks use
and like here for the role.
-mb
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)