CentOS - Sep 2013 - Anyone using CentOS Active Directory like system?

I am the IT Development Specialist for a small community college and our
CIO has asked me to explore an alternative to Microsoft Active Directory as
we are separating from our parent university and funding is tight so we
were looking into CentOS with 389 Directory Server.

Any advise or suggestions would be very helpful.

Jacob Tennant

Greetings,


On Sat, Sep 28, 2013 at 10:45 AM, Tennant, Jacob
<jacob.tennant at pierpont.edu> wrote:
>
> were looking into CentOS with 389 Directory Server.
>
> Any advise or suggestions would be very helpful.
>
That is a choice of course.

Have you looked into Samba 4 which provides build for Centos and it
seems it does support AD as DC:

http://opentodo.net/2013/01/samba4-as-ad-domain-controller-on-centos-6/

YMMV.

-- 
Regards,

Rajagopal

On 09/27/2013 10:15 PM, Tennant, Jacob wrote:
> Any advise or suggestions would be very helpful.
Samba4 has been offered as an option.  However, as far as I know, the 
packages in Fedora and RHEL are not capable of operating as an AD 
server.  More specific information is here:
https://fedoraproject.org/wiki/Features/Samba4

If you want to run Samba 4 as Microsoft Active Directory replacement, 
you'll need to build your own packages with Heimdal Kerberos support. 
Someday, when RHEL/Fedora offer working MIT Kerberos support, you'll 
want to migrate to reduce ongoing maintenance costs, and that's going to 
be a huge headache.

If you don't need Group Policy support, you can use FreeIPA to 
authenticate Windows and Linux guests:
http://www.freeipa.org/page/Main_Page

OS X has been supported, but I'm not sure what the status of 10.7 is.

----- Original Message -----
| I am the IT Development Specialist for a small community college and
| our
| CIO has asked me to explore an alternative to Microsoft Active
| Directory as
| we are separating from our parent university and funding is tight so
| we
| were looking into CentOS with 389 Directory Server.
| 
| Any advise or suggestions would be very helpful.
| 
| Jacob Tennant

No, we use Active Directory because it's the right tool for the job.  I
think that you will find that you will have a difficult time finding another
product that will provide all the tools that AD provides when working with
Windows.  If you are working with Windows and Windows only just use AD it's
the "right thing".  If you're in a mixed bag of Windows, Mac and
GNU/Linux, just use AD, it's likely still the "right thing".

If you only need basic authentication than Samba will likely suit your needs. 
On what scale are you talking?  2 workstations, 50 workstations, 100s
workstations?

-- 
James A. Peltier
Manager, IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 778-782-6573
Fax     : 778-782-3045
E-Mail  : jpeltier at sfu.ca
Website : http://www.sfu.ca/itservices

?A successful person is one who can lay a solid foundation from the bricks
others have thrown at them.? -David Brinkley via Luke Shaw