I've recently begun administrating a site that has about 20 Linux
servers of various flavors, another 25 Windows 2003 servers, and soon 15
Apple Xserves. Previously no real policies of any sort existed, so I've
been trying to consolidate servers and users and what not. On the
Windows side this was fairly easily accomplished via Active Directory.
I've begun setting up our new Apple XRaid and it's cluster nodes. While
doing this I noticed that it has some built in support for Active
Directory authentication, which got me to thinking whether I could also
integrate all the Linux servers into this scheme.
Basically I would like to use Active Directory to manage users, groups,
and passwords. Then have the Linux servers hit up against this using
LDAP to translate the uid and gids for some ssh access, filesystem
access via Samba and ftp, a few email accounts for use with
postfix/dovecot, web authentication, etc. I would also like to make
sure I can change passwords on the Linux side.
My limited understanding says that this is similar to an OpenLDAP setup
through pam/nss with the further modification of remapping some
attributes to Active Directory ones (or altering the AD schema, which
seems unnecessary to me). Oh, and then there's Kerberos to deal with,
which I need to do some more research on.
I would like to know if there's anyone out there who's tried to or
successfully accomplished this and whether it's any better or worse than
setting up a separate OpenLDAP server. I'd prefer to keep it in one
directory, but also don't want to cause myself any unnecessary headaches.
Thanks for your input,
Brian
--
[email protected] mailing list
