Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
regards
http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&...
We use OpenLDAP here and it works perfectly for the UNIX systems. You should be able to authenticate your UNIX boxes against Windows LDAP. One thing to remember through about this is that Windows LDAP Schema is not extensible; so you cannot do things like home directory provisioning and such. See the URL above.
On 4/3/07, CentOS List centoslist@gmail.com wrote:
Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
regards
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS List wrote:
Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
AD is sorta LDAP, but Linux doesn't come with the schema, and I'm not at all sure it's going to happen any time soon*. Even if it does, unless it comes with a GUI to match Microsoft's, you'd have rocks in your head to try to do it.
Linux can authenticate against AD though.
* Apple's OS X Xserv comes with openldap and a gui, but it doesn't equate to AD either.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of CentOS List Sent: Tuesday, April 03, 2007 9:58 AM To: CentOS mailing list Subject: [CentOS] Windows AD
Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
You don't want to go through the Windows LDAP authentication method, modified schemas, adding extended attributes and managing them for all AD users. It's a real mess.
Use winbind + kerberos and that's all you need.
If you need to have the windows uid/gid common across a whole bunch of machines you can either, 1) get the idmap rid stuff working in samba so all uid/gid->rid mappings are the same or 2) setup 1 host to do the mappings and dump it into an NIS map and share it via NIS.
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
CentOS List wrote:
Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
the newest SAMBA can partially emulate active directory, but it doesn't readily provide lots of the associated windows management tools like global policy objects, and its an uphill battle.
2007/4/3, CentOS List centoslist@gmail.com:
Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
LDAP+Kerberos+smthM$specs=Active_Directory. You also should use Samba and have a Primary Domain Controller for you Windows clients. Active_Directory uses DNS to solve hosts to addresses, so you don't need a WINS server, though. I think the point to start w/ is Samba: http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ , http://us4.samba.org/samba/docs/man/Samba-Guide/ (jump to Chapter 5, maybe it's all you need)
AFAIK CentOS has an Anaconda chapter dedicated to installation of Kerberos, and LDAP, too, so you have no excuse to miss the party :D. Sorry about I am not more useful for you, but I think it's feasible. I would try it. (I have no experience w/ Kerberos, very little w/ OpenLDAP, Samba, and... CentOS).
regards
Stan Păpuşă who heared some fairy tails about a ugly multihead dog...
user local wrote:
2007/4/3, CentOS List centoslist@gmail.com:
Hi,
Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those?
LDAP+Kerberos+smthM$specs=Active_Directory. You also should use Samba and have a Primary Domain Controller for you Windows clients. Active_Directory uses DNS to solve hosts to addresses, so you don't need a WINS server, though. I think the point to start w/ is Samba: http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ , http://us4.samba.org/samba/docs/man/Samba-Guide/ (jump to Chapter 5, maybe it's all you need)
AFAIK CentOS has an Anaconda chapter dedicated to installation of Kerberos, and LDAP, too, so you have no excuse to miss the party :D. Sorry about I am not more useful for you, but I think it's feasible. I would try it. (I have no experience w/ Kerberos, very little w/ OpenLDAP, Samba, and... CentOS).
Assuming you're already a somewhat competent Windows user (ie you meet the prerequisites), then a one-week course makes you competent (not expert, that comes only with experience) to create and administer an AD setup. I've done the course, though I was a little light on the prerequisites, and have some experience here.
Microsoft has this nice big GUI that takes most of the pain out of it, one just has to have some idea of what one's doing.
Until Red Hat and/or SUSE ships the tools to replicate AD's functionality, it's not there. Few enterprises are going to spend shareholder funds on a speculative venture to do the same job with harder-to-use tools. The tools will have to be better, and demonstrably able to save money.
-
CentOS List -
John R Pierce -
John Summerfield -
Joshua Gimer -
Ross S. W. Walker -
user local