I am the IT Development Specialist for a small community college and our CIO has asked me to explore an alternative to Microsoft Active Directory as we are separating from our parent university and funding is tight so we were looking into CentOS with 389 Directory Server.
Any advise or suggestions would be very helpful.
Jacob Tennant
Greetings,
On Sat, Sep 28, 2013 at 10:45 AM, Tennant, Jacob jacob.tennant@pierpont.edu wrote:
were looking into CentOS with 389 Directory Server.
Any advise or suggestions would be very helpful.
That is a choice of course.
Have you looked into Samba 4 which provides build for Centos and it seems it does support AD as DC:
http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/
YMMV.
On 09/28/2013 01:41 AM, Rajagopal Swaminathan wrote:
Greetings,
On Sat, Sep 28, 2013 at 10:45 AM, Tennant, Jacob jacob.tennant@pierpont.edu wrote:
were looking into CentOS with 389 Directory Server.
Any advise or suggestions would be very helpful.
That is a choice of course.
Have you looked into Samba 4 which provides build for Centos and it seems it does support AD as DC:
http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/
YMMV.
Be sure to disable any other DC on the network. Windows always assumes that no other OS exists.
Thanks folks as I will build it today as a VM so I test at work on Monday.
My CI wants me to try to build as much of our infrastructure servers as Linux machines as possible.
Hate giving money to Microsoft...
Jacob Tennant On Sep 28, 2013 10:28 AM, "Mark LaPierre" marklapier@aol.com wrote:
On 09/28/2013 01:41 AM, Rajagopal Swaminathan wrote:
Greetings,
On Sat, Sep 28, 2013 at 10:45 AM, Tennant, Jacob jacob.tennant@pierpont.edu wrote:
were looking into CentOS with 389 Directory Server.
Any advise or suggestions would be very helpful.
That is a choice of course.
Have you looked into Samba 4 which provides build for Centos and it seems it does support AD as DC:
http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/
YMMV.
Be sure to disable any other DC on the network. Windows always assumes that no other OS exists.
-- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 09/27/2013 10:15 PM, Tennant, Jacob wrote:
Any advise or suggestions would be very helpful.
Samba4 has been offered as an option. However, as far as I know, the packages in Fedora and RHEL are not capable of operating as an AD server. More specific information is here: https://fedoraproject.org/wiki/Features/Samba4
If you want to run Samba 4 as Microsoft Active Directory replacement, you'll need to build your own packages with Heimdal Kerberos support. Someday, when RHEL/Fedora offer working MIT Kerberos support, you'll want to migrate to reduce ongoing maintenance costs, and that's going to be a huge headache.
If you don't need Group Policy support, you can use FreeIPA to authenticate Windows and Linux guests: http://www.freeipa.org/page/Main_Page
OS X has been supported, but I'm not sure what the status of 10.7 is.
Greetings,
On Mon, Sep 30, 2013 at 6:21 AM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 09/27/2013 10:15 PM, Tennant, Jacob wrote:
Any advise or suggestions would be very helpful.
Samba4 has been offered as an option. However, as far as I know, the packages in Fedora and RHEL are not capable of operating as an AD server. More specific information is here: https://fedoraproject.org/wiki/Features/Samba4
of course the default repo may not support.
Have you tried this:
google-fu did this to me
https://www.google.co.in/search?q=rhel/centos+samba4+rpm&ie=utf-8&oe...
http://wiki.samba.org/index.php/Samba_4/OS_Requirements
https://lists.samba.org/archive/samba/2012-November/170177.html
http://pkgs.org/centos-6-rhel-6/centos-rhel-x86_64/samba4-dc-4.0.0-55.el6.rc...
etc. etc.
HTH
On 9/29/2013 5:51 PM, Gordon Messmer wrote:
If you don't need Group Policy support, you can use FreeIPA to authenticate Windows and Linux guests: http://www.freeipa.org/page/Main_Page
noting that FreeIPA is built around the 389 Directory project the OP already mentioned...
I'd test this over Samba as a AD replacement..... but, if your environment includes a lot of windows client systems, and expects to use Active Directory group policies to closely manage those windows systems, none of these solutions will come close to what the 'real thing' offers.
On 09/29/2013 09:56 PM, John R Pierce wrote:
I'd test this over Samba as a AD replacement..... but, if your environment includes a lot of windows client systems, and expects to use Active Directory group policies to closely manage those windows systems, none of these solutions will come close to what the 'real thing' offers.
I agree. If you're managing Windows clients and need Group Policy, there's very little reason not to run AD.
If you "don't like" giving money to Microsoft, then ditch the clients. Even if you replace AD with Samba, you still need a management workstation to handle all of the tools that would otherwise be present on an AD system. Most of the time, that means you haven't actually saved any money on Windows licenses.
Am 30.09.2013 um 07:34 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 09/29/2013 09:56 PM, John R Pierce wrote:
I'd test this over Samba as a AD replacement..... but, if your environment includes a lot of windows client systems, and expects to use Active Directory group policies to closely manage those windows systems, none of these solutions will come close to what the 'real thing' offers.
I agree. If you're managing Windows clients and need Group Policy, there's very little reason not to run AD.
If you "don't like" giving money to Microsoft, then ditch the clients. Even if you replace AD with Samba, you still need a management workstation to handle all of the tools that would otherwise be present on an AD system. Most of the time, that means you haven't actually saved any money on Windows licenses.
Yes. If you need to have Windows-Clients around, you need to have a native AD around, too. Period. Both FreeIPA and RHIPA state rather prominently on their web-pages that they are not a replacement for the former. Rather, they are meant as an alternative.
----- Original Message ----- | I am the IT Development Specialist for a small community college and | our | CIO has asked me to explore an alternative to Microsoft Active | Directory as | we are separating from our parent university and funding is tight so | we | were looking into CentOS with 389 Directory Server. | | Any advise or suggestions would be very helpful. | | Jacob Tennant
No, we use Active Directory because it's the right tool for the job. I think that you will find that you will have a difficult time finding another product that will provide all the tools that AD provides when working with Windows. If you are working with Windows and Windows only just use AD it's the "right thing". If you're in a mixed bag of Windows, Mac and GNU/Linux, just use AD, it's likely still the "right thing".
If you only need basic authentication than Samba will likely suit your needs. On what scale are you talking? 2 workstations, 50 workstations, 100s workstations?
sernet.de/en/samba/ seems to have the most promising SaMBa binaries and make an ISO image to download. Described as " http://www.enterprisesamba.com/samba4app/
Setting up a new domain without existing ADS: http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_u...
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
On Mon, Sep 30, 2013 at 12:50 PM, James A. Peltier jpeltier@sfu.ca wrote:
----- Original Message ----- | I am the IT Development Specialist for a small community college and | our | CIO has asked me to explore an alternative to Microsoft Active | Directory as | we are separating from our parent university and funding is tight so | we | were looking into CentOS with 389 Directory Server. | | Any advise or suggestions would be very helpful. | | Jacob Tennant
No, we use Active Directory because it's the right tool for the job. I think that you will find that you will have a difficult time finding another product that will provide all the tools that AD provides when working with Windows. If you are working with Windows and Windows only just use AD it's the "right thing". If you're in a mixed bag of Windows, Mac and GNU/Linux, just use AD, it's likely still the "right thing".
If you only need basic authentication than Samba will likely suit your needs. On what scale are you talking? 2 workstations, 50 workstations, 100s workstations?
-- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.sfu.ca/itservices
“A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Sorry, ctrl-enter (send right away) won ctrl-shift-v...
i used to love MS ADS, but do not love it much anymore and see that there are other tools for the job. There was not nearly enough documentation on which target machines a particular group policy can apply correctly to which version of windows (2000?, XP?, 7?, Vista?, ...). When there was a problem, applying a policy there were many different logfiles one had to parse thru to put together the problem. Most of those policies can be done with registry changes pushed out a number of different ways.
Zarafa or Zentyal are projects to look at.
sernet.de/en/samba/ seems to have the most promising SaMBa binaries and make an ISO image to download called "samba4app". Described as "Guided initial configuration of a Samba 4 Active Directory domain" http://www.enterprisesamba.com/samba4app/
"Full support for managing Windows clients via group policies using the Windows Remote Server Administration Tools." Win7Pro or Enterprise runs that tool. It would be much less expensive to buy one server license instead of multiple licenses and all those CALs.
Some wiki articles: Setting up a new domain without existing ADS: http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_u...
Join an existing ADS domain: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
On Mon, Sep 30, 2013 at 4:58 PM, Rob Townley rob.townley@gmail.com wrote:
sernet.de/en/samba/ seems to have the most promising SaMBa binaries and make an ISO image to download. Described as " http://www.enterprisesamba.com/samba4app/
Setting up a new domain without existing ADS: http://wiki.samba.org/index.php/Samba4/HOWTO#Provisioning_Samba_.28Setting_u...
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
On Mon, Sep 30, 2013 at 12:50 PM, James A. Peltier jpeltier@sfu.ca wrote:
----- Original Message ----- | I am the IT Development Specialist for a small community college and | our | CIO has asked me to explore an alternative to Microsoft Active | Directory as | we are separating from our parent university and funding is tight so | we | were looking into CentOS with 389 Directory Server. | | Any advise or suggestions would be very helpful. | | Jacob Tennant
No, we use Active Directory because it's the right tool for the job. I think that you will find that you will have a difficult time finding another product that will provide all the tools that AD provides when working with Windows. If you are working with Windows and Windows only just use AD it's the "right thing". If you're in a mixed bag of Windows, Mac and GNU/Linux, just use AD, it's likely still the "right thing".
If you only need basic authentication than Samba will likely suit your needs. On what scale are you talking? 2 workstations, 50 workstations, 100s workstations?
-- James A. Peltier Manager, IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.sfu.ca/itservices
“A successful person is one who can lay a solid foundation from the bricks others have thrown at them.” -David Brinkley via Luke Shaw _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Gordon Messmer -
James A. Peltier -
John R Pierce -
Mark LaPierre -
Rainer Duffner -
Rajagopal Swaminathan -
Rob Townley -
Steve Thompson -
Tennant, Jacob