Hi, Does CentOS 5 / RH 5 ship with a similar windows active directory and able to support windows workstations? I've of heard OpenLDAP and FDS. Does windows support those? regards
http://enterprise.linux.com/article.pl?sid=04/12/09/2318244&tid=102&tid=101&tid=100 We use OpenLDAP here and it works perfectly for the UNIX systems. You should be able to authenticate your UNIX boxes against Windows LDAP. One thing to remember through about this is that Windows LDAP Schema is not extensible; so you cannot do things like home directory provisioning and such. See the URL above. On 4/3/07, CentOS List <centoslist at gmail.com> wrote:> > Hi, > > Does CentOS 5 / RH 5 ship with a similar windows active directory and able > to support windows workstations? I've of heard OpenLDAP and FDS. Does > windows support those? > > regards > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- Thx Joshua Gimer -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070403/3459ffdd/attachment-0004.html>
CentOS List wrote:> Hi, > > Does CentOS 5 / RH 5 ship with a similar windows active directory and > able to support windows workstations? I've of heard OpenLDAP and FDS. > Does windows support those?AD is sorta LDAP, but Linux doesn't come with the schema, and I'm not at all sure it's going to happen any time soon*. Even if it does, unless it comes with a GUI to match Microsoft's, you'd have rocks in your head to try to do it. Linux can authenticate against AD though. * Apple's OS X Xserv comes with openldap and a gui, but it doesn't equate to AD either. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list
> -----Original Message----- > From: centos-bounces at centos.org > [mailto:centos-bounces at centos.org] On Behalf Of CentOS List > Sent: Tuesday, April 03, 2007 9:58 AM > To: CentOS mailing list > Subject: [CentOS] Windows AD > > Hi, > > Does CentOS 5 / RH 5 ship with a similar windows active > directory and able > to support windows workstations? I've of heard OpenLDAP and > FDS. Does > windows support those?You don't want to go through the Windows LDAP authentication method, modified schemas, adding extended attributes and managing them for all AD users. It's a real mess. Use winbind + kerberos and that's all you need. If you need to have the windows uid/gid common across a whole bunch of machines you can either, 1) get the idmap rid stuff working in samba so all uid/gid->rid mappings are the same or 2) setup 1 host to do the mappings and dump it into an NIS map and share it via NIS. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
CentOS List wrote:> Hi, > > Does CentOS 5 / RH 5 ship with a similar windows active directory and > able to support windows workstations? I've of heard OpenLDAP and FDS. > Does windows support those?the newest SAMBA can partially emulate active directory, but it doesn't readily provide lots of the associated windows management tools like global policy objects, and its an uphill battle.
2007/4/3, CentOS List <centoslist at gmail.com>:> > Hi, > > Does CentOS 5 / RH 5 ship with a similar windows active directory and able > to support windows workstations? I've of heard OpenLDAP and FDS. Does > windows support those?LDAP+Kerberos+smthM$specs=Active_Directory. You also should use Samba and have a Primary Domain Controller for you Windows clients. Active_Directory uses DNS to solve hosts to addresses, so you don't need a WINS server, though. I think the point to start w/ is Samba: http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ , http://us4.samba.org/samba/docs/man/Samba-Guide/ (jump to Chapter 5, maybe it's all you need) AFAIK CentOS has an Anaconda chapter dedicated to installation of Kerberos, and LDAP, too, so you have no excuse to miss the party :D. Sorry about I am not more useful for you, but I think it's feasible. I would try it. (I have no experience w/ Kerberos, very little w/ OpenLDAP, Samba, and... CentOS). regards Stan P?pu?? who heared some fairy tails about a ugly multihead dog... -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070404/7455d662/attachment-0004.html>
user local wrote:> 2007/4/3, CentOS List <centoslist at gmail.com>: >> >> Hi, >> >> Does CentOS 5 / RH 5 ship with a similar windows active directory and >> able >> to support windows workstations? I've of heard OpenLDAP and FDS. Does >> windows support those? > > > LDAP+Kerberos+smthM$specs=Active_Directory. You also should use Samba and > have a Primary Domain Controller for you Windows clients. Active_Directory > uses DNS to solve hosts to addresses, so you don't need a WINS server, > though. I think the point to start w/ is Samba: > http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/ , > http://us4.samba.org/samba/docs/man/Samba-Guide/ (jump to Chapter 5, maybe > it's all you need) > > AFAIK CentOS has an Anaconda chapter dedicated to installation of Kerberos, > and LDAP, too, so you have no excuse to miss the party :D. Sorry about I am > not more useful for you, but I think it's feasible. I would try it. (I have > no experience w/ Kerberos, very little w/ OpenLDAP, Samba, and... CentOS).Assuming you're already a somewhat competent Windows user (ie you meet the prerequisites), then a one-week course makes you competent (not expert, that comes only with experience) to create and administer an AD setup. I've done the course, though I was a little light on the prerequisites, and have some experience here. Microsoft has this nice big GUI that takes most of the pain out of it, one just has to have some idea of what one's doing. Until Red Hat and/or SUSE ships the tools to replicate AD's functionality, it's not there. Few enterprises are going to spend shareholder funds on a speculative venture to do the same job with harder-to-use tools. The tools will have to be better, and demonstrably able to save money. -- Cheers John -- spambait 1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu Please do not reply off-list