[CentOS] Linux kerberos to Windows AD 2000/2003

Mon Jul 17 17:14:58 UTC 2006
Ian Kaufman <iank at mac.com>

Greg,

The latest release of Windows AD (ADR2) integrates a newer version of SFU into the
AD schema. We have tested it very successfully using our CentOS boxes to authenticate
authorize access to our machines, using kerberos and LDAP. 

We tried the winbind/smb approach, and the way it handles UIDs and GIDs is less than
desireable in our case. It might work for small offices/networks with 50 users or so, 
but for us, in the case of spreading it campuswide to 1000s of users, it would never
do. Also, the degree of UID/GID management is less than stellar since they are enumerated
as people log on, and if the machine housing the UID/GID database crashes or you lose the
database, getting the exact same mappings upon rebuild may not work - even with backups.

Ian