|
The proper answer is to kerberize the non-MS platforms.
This is not always that easy, I have known grown men who have started crying
trying to do it. Kerberos is not easy to wrap your noodle around. That is why
products from Centrify and Vintela are so great for companies, it makes this
something that can be done in days, weeks, months instead of years (I am
serious, I know of a large company that went a couple of years trying to figure
out how to do this well and finally just purchased Centrify products to do it,
would have saved a fortune had that decision been made initially and if the
product had existed). You especially want to look at these products if you have
a multidomain forest (called Multiple-realm in the Kerberos world) or do
anything a bit different from the standard such as disjoint namespaces, etc.
Also they have Group Policy pieces in their products to help manage the non-MS
platform machines which could be extremely helpful.
You have other options such as using LDAP in PAM modules
but anytimes someone says they are using LDAP for authentication my mind
immediately kicks back, LDAP isn't an authentication protocol. Sure it has to
authenticate users as part of the accessing of the directory, but that isn't the
purpose behind it and there are issues that can crop up when you try to do it
like for instance passwords in clear text flying all over the network. You can
also look at using SAMBA but last I heard, the integration across the various
aspects of the platform were nowhere near what you get out of the Centrify and
Vintela products.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Thursday, January 05, 2006 1:00 PM To: [email protected] Subject: RE: [ActiveDir] Acitve Directory & Other OS's Let say that I want to
have a single logon for my users who use windows and Unix/Linux platforms.
They must maintain
separate user account and passwords. I would like to combine them into the
AD. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Al
Mulnick Let's attack from another angle then. What is the
end state of what you're trying to accomplish? In other words, what is it
you want to be able to do with these machines and what does "integrate" mean to
you? Al On 1/5/06, Did not find what I was
looking for on the Archives. I realize that this is
kind of a broad subject. But, I guess I can say that most issues can be
solved by using "middleware" products Like SAMBA for unix for
file and print. I know in my present
organization, my Linux, Unix servers contain their own directory services (user
accounts, passwds, etc.) They have not been
integrated into the AD, therefore we do not have the single sign-on for
users. Ron From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Al Mulnick The
archives of this list would be a good place to start. You may also want to
check out the web sites of centrify and vintella for additional information
about it as well as the samba.org
. Al On 1/5/06,
Can anyone
point me to information on or related to the following |
- RE: [ActiveDir] Acitve Directory & Other OS's joe
