Mailinglist Archive: opensuse (3109 mails)

[Russell Jones <russell.jones@xxxxxxxxxxxx>]

Hans van der Merwe wrote:
> On Tue, 2007-02-27 at 14:58 +0000, Russell Jones wrote:
>   
> > Joachim Schrod wrote:
> >     
> > > John Andersen wrote:
> > >       
> > > > On Monday 26 February 2007, Hans van der Merwe wrote:
> > > >         
> > > > > This will probably spark some debates, but can someone point me to some
> > > > > information that I can use to successfully challenge out IT department
> > > > > concerning moving some Windows driven services to Linux (file, print 
> > > > > and
> > > > > email/collaboration).
> > > > >
> > > > > An anti-FUD cheat-sheet if you like.
> > > > >           
> > > > The only part of that debate you can't easily win is the much vaunted
> > > > "collaboration" services.  
> > > >         
> > > Oompfh. Big words.
> > >
> > > Well: I'm looking for a ready-to-run Active Directory replacement, 
> > > with group policies. (I think you know about all the nice network-wide 
> > > configuration work one can does with group policies, don't you?)
> > >
> > > Integrating OpenLDAP (or RH-LDAP, for that matter), Kerberos, 
> > > cfengine, and a few other tools to achieve the same functionality, is 
> > > not for the faint of heart. Especially when it's a hassle to use 
> > > Kerberos authentication for many services.
> > >
> > > While I'm an died-in-the-whool Unix user (I don't even use one of 
> > > these newfangled desktop thingies like KDE or GNOME and am satisfied 
> > > with fvwm and Emacs), I have to admit that a centralized way to manage 
> > > all servers and desktop, with system- and user(!)-specific profiles, 
> > > would be a great thing to have.
> > >
> > > Care to name an Open-Source replacement for AD that is already 
> > > integrated, and where I don't have to do the integration myself?
> > >
> > >     Joachim
> > >
> > >       
> > Well, not as tidy as AD (nor, I suspect, as difficult to diagnose when 
> > it goes wrong) is to use something like AutoYaST to roll out software 
> > and configuration packages (which you roll yourself). Far more powerful 
> > than the MS mandated and controlled policy system, though you can do 
> > similar things with MSIs and the MS package distribution system (SMS is 
> > it?).
> > I'd guess the previous commenter was thinking of having Linux on the 
> > Desktop too.
> >     
>
> So Samba AD-enabled with LDAP managed users/groups is probably the best
> bet for replacing File and Print services?
>   
That depends on a bunch of factors. If you want to integrate Linux 
systems into your existing AD setup (on Windows servers), I'd think 
winbind (which makes windows AD users and groups the ones in Linux) 
would suit.  I'm a little hazy on how essential users (e.g. 'nobody') 
are handled if they are not in AD.  I'd think that as with LDAP there 
are fallbacks to /etc/group and /etc/passwd (ish) when users are not 
found in AD.
I don't know about using LDAP authentication against AD. AD is not LDAP, 
it's a proprietary X500 derived set of conventions. You may be able to 
get it to talk LDAP or LDAPishly enough to work. I'd be wary of the 
latter, though.
OTOH, if you are happy for users just to go directly to print/file 
servers (rather than find them via a directory search) the server 
doesn't need to be that integrated with the domain and can just do 
certain types of authentication against it.
Ech, it's been a while since I looked at this, and I'm not clear what 
you're trying to do.
There is no "best bet", IMO. It depends too much on your existing 
set-up. You need to look at what Samba can provide and consider what you 
want to do.
I'm not even sure if you need to use Samba... Do you need to work with 
AD? Can you put Linux on the desktop?
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx