[olug] System management tools

Sean Kelly smkelly at zombie.org
Sun Nov 28 02:54:13 UTC 2004 

On Sat, Nov 27, 2004 at 07:52:14PM -0600, Phil Brutsche wrote:
> It's important to note that Microsoft's freeware Services for Unix
> includes a component that will turn any AD DC into an NIS master or
> slave server.  Dunno if it does NIS+.

Right. I am aware of this but am not sure convincing the Windows cadre that
this is a good path to take. It will take some experimentation.

> Also remember that one of the technologies AD is based on is Kerberos.
> That's probably your most cross-platform option.

The key term here is "based on." Have you successfully done krb5 against AD
before? It is on my ever-growing list of things to try, but I haven't
gotten there yet. I'll let you know what results I end up with, though.

So far, I just have several PHP applications that authenticate against AD
via LDAP. There is more advanced work being done with PHP, providing a
lookup service via AD, but I'm not clued in on it right now.

> If you check the list archives you'll find a reference to a commercial
> package that lets *NIX machines use the AD LDAP schema directly (created
> by one of the Samba folks IIRC), but if you're using something that
> doesn't use nsswitch (ie FreeBSD 4) that doesn't help you any.  Hence my
> suggestion for NIS via MS Active Directory :)

NIS is pretty meh, in my opinion. FreeBSD 5's PAM/NSS abilities make
FreeBSD 4 not worth hassling with. There is also several projects underway
to provide a nscd-like service for FreeBSD for providing a single point for
plugins/caching of directory data. One group is trying to do it in the
libraries, while another is trying to do it externally ala nscd. Currently,
the former is winning.

> Incidentally, you can make Windows use *NIX authentication mechanisms
> (NIS, LDAP, SQL, etc) by replacing MS's GINA .dlls with pGina:
> http://pgina.xpasystems.com/.

There are better chances for snow in Hell than that happening. Neat,
though. I might do that to my machines just for entertainment.

Another solution to look at is http://www.padl.com/Products/XAD.html. It
seems to do it all. PADL has some very useful things.


-- 
Sean Kelly         | PGP KeyID: D2E5E296
smkelly at zombie.org | http://www.zombie.org

More information about the OLUG mailing list