Hans van der Merwe wrote:
On Tue, 2007-02-27 at 14:58 +0000, Russell Jones wrote:
Joachim Schrod wrote:
John Andersen wrote:
On Monday 26 February 2007, Hans van der Merwe wrote:
This will probably spark some debates, but can someone point me to some
information that I can use to successfully challenge out IT department
concerning moving some Windows driven services to Linux (file, print
and
email/collaboration).
An anti-FUD cheat-sheet if you like.
The only part of that debate you can't easily win is the much vaunted
"collaboration" services.
Oompfh. Big words.
Well: I'm looking for a ready-to-run Active Directory replacement,
with group policies. (I think you know about all the nice network-wide
configuration work one can does with group policies, don't you?)
Integrating OpenLDAP (or RH-LDAP, for that matter), Kerberos,
cfengine, and a few other tools to achieve the same functionality, is
not for the faint of heart. Especially when it's a hassle to use
Kerberos authentication for many services.
While I'm an died-in-the-whool Unix user (I don't even use one of
these newfangled desktop thingies like KDE or GNOME and am satisfied
with fvwm and Emacs), I have to admit that a centralized way to manage
all servers and desktop, with system- and user(!)-specific profiles,
would be a great thing to have.
Care to name an Open-Source replacement for AD that is already
integrated, and where I don't have to do the integration myself?
Joachim
Well, not as tidy as AD (nor, I suspect, as difficult to diagnose when
it goes wrong) is to use something like AutoYaST to roll out software
and configuration packages (which you roll yourself). Far more powerful
than the MS mandated and controlled policy system, though you can do
similar things with MSIs and the MS package distribution system (SMS is
it?).
I'd guess the previous commenter was thinking of having Linux on the
Desktop too.
So Samba AD-enabled with LDAP managed users/groups is probably the best
bet for replacing File and Print services?
That depends on a bunch of factors. If you want to integrate Linux
systems into your existing AD setup (on Windows servers), I'd think
winbind (which makes windows AD users and groups the ones in Linux)
would suit. I'm a little hazy on how essential users (e.g. 'nobody')
are handled if they are not in AD. I'd think that as with LDAP there
are fallbacks to /etc/group and /etc/passwd (ish) when users are not
found in AD.
I don't know about using LDAP authentication against AD. AD is not LDAP,
it's a proprietary X500 derived set of conventions. You may be able to
get it to talk LDAP or LDAPishly enough to work. I'd be wary of the
latter, though.
OTOH, if you are happy for users just to go directly to print/file
servers (rather than find them via a directory search) the server
doesn't need to be that integrated with the domain and can just do
certain types of authentication against it.
Ech, it's been a while since I looked at this, and I'm not clear what
you're trying to do.
There is no "best bet", IMO. It depends too much on your existing
set-up. You need to look at what Samba can provide and consider what you
want to do.
I'm not even sure if you need to use Samba... Do you need to work with
AD? Can you put Linux on the desktop?
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
