Hans van der Merwe wrote:
On Tue, 2007-02-27 at 14:58 +0000, Russell Jones wrote:
Joachim Schrod wrote:
John Andersen wrote:
On Monday 26 February 2007, Hans van der Merwe wrote:
This will probably spark some debates, but can someone point me to some information that I can use to successfully challenge out IT department concerning moving some Windows driven services to Linux (file, print and email/collaboration).
An anti-FUD cheat-sheet if you like.
The only part of that debate you can't easily win is the much vaunted "collaboration" services.
Oompfh. Big words.
Well: I'm looking for a ready-to-run Active Directory replacement, with group policies. (I think you know about all the nice network-wide configuration work one can does with group policies, don't you?)
Integrating OpenLDAP (or RH-LDAP, for that matter), Kerberos, cfengine, and a few other tools to achieve the same functionality, is not for the faint of heart. Especially when it's a hassle to use Kerberos authentication for many services.
While I'm an died-in-the-whool Unix user (I don't even use one of these newfangled desktop thingies like KDE or GNOME and am satisfied with fvwm and Emacs), I have to admit that a centralized way to manage all servers and desktop, with system- and user(!)-specific profiles, would be a great thing to have.
Care to name an Open-Source replacement for AD that is already integrated, and where I don't have to do the integration myself?
Joachim
Well, not as tidy as AD (nor, I suspect, as difficult to diagnose when it goes wrong) is to use something like AutoYaST to roll out software and configuration packages (which you roll yourself). Far more powerful than the MS mandated and controlled policy system, though you can do similar things with MSIs and the MS package distribution system (SMS is it?). I'd guess the previous commenter was thinking of having Linux on the Desktop too.
So Samba AD-enabled with LDAP managed users/groups is probably the best bet for replacing File and Print services?
That depends on a bunch of factors. If you want to integrate Linux systems into your existing AD setup (on Windows servers), I'd think winbind (which makes windows AD users and groups the ones in Linux) would suit. I'm a little hazy on how essential users (e.g. 'nobody') are handled if they are not in AD. I'd think that as with LDAP there are fallbacks to /etc/group and /etc/passwd (ish) when users are not found in AD. I don't know about using LDAP authentication against AD. AD is not LDAP, it's a proprietary X500 derived set of conventions. You may be able to get it to talk LDAP or LDAPishly enough to work. I'd be wary of the latter, though. OTOH, if you are happy for users just to go directly to print/file servers (rather than find them via a directory search) the server doesn't need to be that integrated with the domain and can just do certain types of authentication against it. Ech, it's been a while since I looked at this, and I'm not clear what you're trying to do. There is no "best bet", IMO. It depends too much on your existing set-up. You need to look at what Samba can provide and consider what you want to do. I'm not even sure if you need to use Samba... Do you need to work with AD? Can you put Linux on the desktop? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org