I'm glad it is simpler than when I got it working. Back then the documentation was sparse and what I was able to find assumed that I had control over the AD servers, which I did not. I'm glad I don't have to worry about it where I'm at now.
Lee Reynolds Systems Analyst Principal ASU Advanced Computing Center a2c2.asu.edu GWC-558 480.965.9460 (Office) 480.458.7434 (Mobile) Have an A2C2 related question or problem? Just send an email to the following address detailing the nature of the question or problem and a service request will be created automatically: [email protected] ________________________________________ From: [email protected] [[email protected]] on behalf of Lisa Kachold [[email protected]] Sent: Monday, December 31, 2012 4:21 PM To: Main PLUG discussion list Subject: Re: Windows 8 demo video parody Lee Reynolds: On Mon, Dec 31, 2012 at 3:52 PM, Lee Reynolds <[email protected]<mailto:[email protected]>> wrote: True, but getting a Linux system to work with AD in terms of allowing users to log in using AD authentication, use their home directories, etc, etc, is tricky. REALLY? I will have to clue in the 4 companies I have implemented this for over the last 6 years? Run a quick google and you will see how easy it really is. Or at least it was several years ago when I last tried to set it up. This was in 2005 or 06, so things may be much better now. I got it working at the time, but we didn't stick with it. We ended up using a separate OpenLDAP+Kerberos solution that the university keeps synchronized with AD in terms of usernames and passwords. Other account details differ however. Most Linux workstations on campus use AFS for home directories and the UID/GID sequence used hails from the 80's. You can easily guess how long someone has been around by their UID value. The lowest I've ever seen is 2104. The highest is well above 600,000. OpenLDAP+Kerberos is the more secure solution, but the the Kerberos is only important on the linux side. User management is still clearly sitting in the AD domain. Lee Reynolds Systems Analyst Principal ASU Advanced Computing Center a2c2.asu.edu<http://a2c2.asu.edu> GWC-558 480.965.9460<tel:480.965.9460> (Office) 480.458.7434<tel:480.458.7434> (Mobile) Have an A2C2 related question or problem? Just send an email to the following address detailing the nature of the question or problem and a service request will be created automatically: [email protected]<mailto:[email protected]> ________________________________________ From: [email protected]<mailto:[email protected]> [[email protected]<mailto:[email protected]>] on behalf of Lisa Kachold [[email protected]<mailto:[email protected]>] Sent: Monday, December 31, 2012 2:51 PM To: Main PLUG discussion list Subject: Re: Windows 8 demo video parody Anything that works with ldap works with AD. On Mon, Dec 31, 2012 at 12:08 PM, Lee Reynolds <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: Sadly these other directory service systems don't work with Windows, or at least they don't make it clear that they do. The page for 389 said past versions did, which means current versions don't. Apache's product says nothing about supporting windows, which means it probably doesn't. This might not matter to people who only use Linux and its cousins in the unix world, but this is a matter of utmost importance to people who support heterogeneous IT environments. AD does not support Linux, but Linux (with tweaking) does support AD. Lee Reynolds Systems Analyst Principal ASU Advanced Computing Center a2c2.asu.edu<http://a2c2.asu.edu><http://a2c2.asu.edu> GWC-558 480.965.9460<tel:480.965.9460><tel:480.965.9460<tel:480.965.9460>> (Office) 480.458.7434<tel:480.458.7434><tel:480.458.7434<tel:480.458.7434>> (Mobile) Have an A2C2 related question or problem? Just send an email to the following address detailing the nature of the question or problem and a service request will be created automatically: [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> ________________________________________ From: [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> [[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>] on behalf of Lisa Kachold [[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>] Sent: Monday, December 31, 2012 11:29 AM To: Mike Butash; Main PLUG discussion list Subject: Re: Windows 8 demo video parody I have to differ that Windows AD is the only directory management beast out there worth using! This is a matter of running a dumbed down OS; running systems that ensure you don't need to know anything about the systems you support, and we have all seen from the Microsoft example, that this is a dangerous and UNSTABLE INSECURE development model. The "least intellectual investment" philosophy started in the American Public school systems, decried in the oft heard lament "Oh! Why do we have to learn this?" and exploited by Microsoft and Apple, is not a good business decision, but for some reason large companies continue to make choices based on "ease of support" perhaps due to the small numbers of lazy Americans who actually want to work for a living or be paid a great number of frogpelts for nothing (all while Eastern Indians and Middle Easterners queue up to take anything and everything that can be outsourced). Suddenly MicroSnot AD becomes a very good economic choice. There's: 389 Directory Server: http://directory.fedoraproject.org/wiki/Download Apache Directory LDAP v3 compliant server http://directory.apache.org<http://directory.apache.org/> FreeIPA is the upstream project for Redhat IPA, which is now bundled in RHEL 6.2. There are plenty of production implementations of Redhat's IPA, if you need specific references, Redhat can likely provide them to you. The RHEL 6.2 package names for IPA are ipa-*. GOsa² provides a powerful GPL'ed framework for managing accounts and systems in LDAP databases. Using GOsa² allows system administrators to easily manage users and groups, fat and thin clients, applications, phones and faxes, mail distribution lists and many other parameters. In conjunction with FAI (Fully Automatic Installation), GOsa² allows the highly automated installation of preconfigured systems. GOsa² therefore provides a single, LDAP-based point of administration for large and small environments, thus making the administration of users and systems and all related parameters manageable and easy. More info on https://oss.gonicus.de/labs/gosa ... and a few more? On Mon, Dec 31, 2012 at 10:56 AM, Michael Butash <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>>> wrote: On 12/31/2012 10:17 AM, Nathan England wrote: Excellent points. I don't entirely believe 2000 was a bomb. But in all reality, I don't know anyone that used it. I've seen it used, and used it quite heavily at most environments I was at when still doing more systems stuff. 2003 was obviously much improved (xp+server stuff) and quickly became defacto, but for at time, it was good for passage out of the dark ages of 16bit os's. I saw it on a couple servers and replaced it with linux on a few others. It wasn't horrible, but come one! Windows ME on an NTOS kernel? I thought the frequent automatic reboots were a "feature" so I did not have to manually reboot Windows ME! Windows 2000 destroyed the only good "feature" Windows ME had! Hah! Well like most I started life as a windoze guy, and my first experience with "servers" was using win2k server beta's for adventure in '99. I was rockin' AD before I'd ever had to futz with NT. Imagine my horror when I had to inherit some nt4 domains later! That said, I learned what DNS, DHCP, LDAP/Kerberos, and IIS were good for in windoze land, then later replaced them once I got familiar enough with linux. Learning how network services work under linux without some prerequisite knowledge is more than a bit daunting, so I was glad to have had exposure and understanding from windoze worlds. All in all, AD still has numerous advantages for directory management that simply cannot be _easily_ replaced in linux. 99% of times, I'll still see it paired with linux if for nothing else than authentication and user/group enumerations (likewise/centrify), and I'm fairly OK with that. Nathan -mb --------------------------------------------------- PLUG-discuss mailing list - [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>><mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- (503) 754-4452<tel:%28503%29%20754-4452><tel:%28503%29%20754-4452> Android (623) 239-3392<tel:%28623%29%20239-3392><tel:%28623%29%20239-3392> Skype (623) 688-3392<tel:%28623%29%20688-3392><tel:%28623%29%20688-3392> Google Voice ** it-clowns.com<http://it-clowns.com><http://it-clowns.com><http://it-clowns.com> Chief Clown --------------------------------------------------- PLUG-discuss mailing list - [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- (503) 754-4452<tel:%28503%29%20754-4452> Android (623) 239-3392<tel:%28623%29%20239-3392> Skype (623) 688-3392<tel:%28623%29%20688-3392> Google Voice ** it-clowns.com<http://it-clowns.com><http://it-clowns.com> Chief Clown --------------------------------------------------- PLUG-discuss mailing list - [email protected]<mailto:[email protected]> To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** it-clowns.com<http://it-clowns.com> Chief Clown --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.phxlinux.org/mailman/listinfo/plug-discuss
