(a) There is *NO* Active Directory compatible service for LINUX. At least not in any state that is currently production ready. I never said there was. Though it's misleading to put it that way.
No it isn't. I've researched this topic quite thoroughly, no such thing exists, not even anything equivalent.
Samba exists, but is not production ready.
Yep, specifically we are talking about Samba4, and it is quite a ways from a release.
I was talking about something equivalent, not compatible.
Sure there are LDAP servers and Kerberos servers, but AD is much more than LDAP + Kerberos. There is no Open Source equivalent. I very much wish there was, but being even equivalent to AD would be a herculean undertaking and require the close cooperation of many services and applications - something at which Open Source, quite frankly, sucks. We, very happily, run an NT4 style domain with 2000/XP/Linux workstations using a Samba3 + LDAP server. It works well. we even have DHCP and DNS using the LDAP backend. But it doesn't provide 1/5th the feature set of AD. You are basically on your own for user/group management, workstation management is a complete hack job, and you get none of the very nice security features.
(b) AD on Windows 2003 is a very stable service; in general, Windows 2003 is very stable, provided you don't do anything dumb like install non-M$ applications or services. Odd comment. So you can't use any software except MS software? Doesn't that cut down the field somewhat?
I suppose, but you can build a completely M$ infrastructure. If you go with M$ you usually go with M$ all the way.
I thought one of the advantages of MS was the large selection of existing software?
(c) AD and Linux play quite nicely together. For now.
The future is always an unknown. To conspiracy theorists I'd point out that interoperability with M$ infrastructure has dramatically improved in recent years, not gotten harder. Witness that you CAN use AD via Kerberos and LDAP technologies, verses NT4 domains. Witness the pervasive use of Web Services in .NET. Witness the use of WebDAV in M$-Exchange. I could go on. So a non-interoperable future would be a change in the current trend and pattern, not even a continuation of existing behavior. If one is forced to assume a future scenario it is always best to assume things will continue as they are; they usually do. Don't let ideology or ideologues fog things up - ideologues are the people most certain to always be wrong, on any side of an argument. -- Adam Tauno Williams Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org