Hi Simo, Stephen,

I agree that in larger organisations there might be a need to keep both systems separate. In our case (~300 users) AD works just fine - but true is that apart of the identity & password management we require nothing else.
That's said I appreciate your hard work and support even for the scenario below.

I also hope that you won't dislike me if I continue to bombard you with questions/problems regarding Linux/Windows interoperability. :-) Eventually, even Microsoft has its own bright moments - last time they surprised me when I contacted microsoft support reporting that their LDAP servers (AD controllers) responds to connections via SASL/MD5 auth the way which breaks RFC (I could not get Linux automounter to work with AD). They admitted the bug and unveiled a patch for it.

Ondrej

On 10/03/2011 02:07 PM, Simo Sorce wrote:
Ondrej,
it depends on your company structure, complexity and goals and
flexibility.

If you join your Linux machines to an AD directory then you are tied
very strictly, administratively and functionally to that directory.
Given Windows Administration and Linux Administration are very diverse
skills set, and very few admins are capable of doing both with maximum
proficiency on both system we think that splitting your support
organization between the Windows admin and Linux admins is a good thing.

Each group can concentrate on its own tasks w/o too much interference
and less need for coordinating.
Also FreeIPA is targeted at serving Linux machines and has integrated
HBAC, Sudo support and other goodies that are simply missing in the AD
side as they are alien concepts in the Windows world.

Of course small organization were a single admin group controlling both
platfroms may decide having just one directory is the way to go. You
have the freedom to choose.

Simo.

On Mon, 2011-10-03 at 12:45 +0200, Ondrej Valousek wrote:
Well, I think these advantages won't outweigh the extra complexity of
having two systems for the same thing.
But it is up to everyone's decision...

Ondrej

- the error messages of an AD might be strange to deal with for
unix/linux admins

- While I expect Microsoft to test AD patches with Windows clients
I do not expect them to test linux/unix clients.  Resulting in possi-
bility that patches of the AD break the communication to linux/unix
clients.

- Having important infrastructure like idendification/directory services
running on OpenSource software is a good thing, apply all the OpenSource
advantages here like beeing able to audit the code etc.


Christian

______________________________________________________________________
The information contained in this e-mail and in any attachments is
confidential and is designated solely for the attention of the
intended recipient(s). If you are not an intended recipient, you must
not use, disclose, copy, distribute or retain this e-mail or any part
thereof. If you have received this e-mail in error, please notify the
sender by return e-mail and delete all copies of this e-mail from your
computer system(s). Please direct any additional queries to:
communicati...@s3group.com. Thank You. Silicon and Software Systems
Limited (S3 Group). Registered in Ireland no. 378073. Registered
Office: South County Business Park, Leopardstown, Dublin 18

______________________________________________________________________

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


The information contained in this e-mail and in any attachments is confidential 
and is designated solely for the attention of the intended recipient(s). If you 
are not an intended recipient, you must not use, disclose, copy, distribute or 
retain this e-mail or any part thereof. If you have received this e-mail in 
error, please notify the sender by return e-mail and delete all copies of this 
e-mail from your computer system(s).
Please direct any additional queries to: communicati...@s3group.com.
Thank You.
Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 
378073.
Registered Office: South County Business Park, Leopardstown, Dublin 18
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to