>> What is the advantage of going ldap against AD vs. using kerberos ? > > OpenLDAP/kerberos works swimmingly on Linux and Mac, and has > cheap failover options; I've not gotten a non-AD LDAP/kerberos
I'm currently able to use either LDAP or Kerberos on Linux, against the AD structure. It works well, except ... If you want to do this on a laptop, and leave the network. I posted this thread in another group too, and the suggestions both came up: PADL Or Centrify I haven't looked at PADL yet, but Centrify looks pretty awesome, including ability to join Linux computers to AD domain just like Samba does, except Centrify can cache the credentials for offline usage, which Samba can't. And Centrify adds some extra control panels to the AD configuration tools, to enforce something along the lines of group policy, without need to modify your schema. There's just one drawback ... Yes linux, No Mac. (And I don't know how much it costs, but it's certainly not free.) On the Mac: I have done "golden triangle," LDAP/Kerberos to MS AD, and Apple OD for group policy and such, using Mobility Accounts ... I have also scrapped the golden triangle, and gone for straight up, all-Apple OD. Fully blessed, all-Leopard clients and server, fresh installs, legitimate Apple everywhere, including hardware, and support contracts..... I was thoroughly un-impressed with either solution. I had problems like ... Get home with my macbook, and try to login, and have to wait for a 2 minute timeout before my credentials succeed and I'm logged in. ... And ... The OD server spontaneously loses all the passwords ... And ... Stuff like that. In the end, Apple users are standalone users. Because I just couldn't trust anything else that I found, to actually *function* for offline usage. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
