[CentOS] NIS or not?

Wed Jan 29 09:26:02 UTC 2014
Rob Kampen <rkampen at kampensonline.com>

On 01/29/2014 09:44 PM, John R Pierce wrote:
> On 1/28/2014 4:45 AM, Sorin Srbu wrote:
>>> Use IPA. It combines LDAP with Kerberos, a server-client environment is
>>>> easily setup and the documentation (RHEL deployment) is very helpful.
>> Thank you. I'll look it up.
>>
>> LDAP and Kerberos though. That does sound a lot like Microsoft Active
>> Directory.8-)
>>
>> --
> FreeIPA provides an open source Active Directory equivalent.   its
> pretty easy to setup a simple directory server, and it can expand to be
> an enterprise-wide directory.   it allows both linux and windows
> computers to participate in the authentication domain.
>
> yes, its basically LDAP and Kerberos, with a management suite.
>
I've been following this with interest, about once every 6 months this 
topic is raised.
 From my observation there now appear to be two possible solutions:
1. FreeIPA - gives genuine LDAP and Kerberos with some web front end 
management
2. Samba4 - gives a windoze interoperable AD implementation, not sure 
how "standards" based this is, it is engineered to follow micro$oft's 
implementation and work well for windoze clients.

Issues: option 1 will work very well with linux clients, considerable 
work to get all the required windoze functions working
option 2 - early days of implementation, CentOS does not yet support the 
complete package needed for full windoze integration.
decent documentation in the form of a howto for server, linux client, 
windoze (many versions), iOS and Android are not yet out there.
As evidenced by the few that have "been there, done that" they ALL say 
it takes A LOT of time and effort, and getting all the bits involved, 
just right, is difficult.

My appeal to those that have been there - how do we get all the tiny 
details that matter, documented, so that the black art / trial and error 
(months of) can be eliminated.
Living in the hope that this will one day be accessible to the rest of 
us that cannot afford the many months of trial and error and frustration.
BTW, I have tried openLDAP, 389 implementations, samba3 and a trial of 
samba4, all with limited success - there were always a few combinations 
that failed to work for me and I do not have the resources (mainly 
time/$$) to just keep trying.