1 |
gregorcy <gregorcy@××××××××.edu> 2011-10-29 10:52: |
2 |
> What's missing: OpenLDAP replication from AD? Is this possible? Is this |
3 |
> needed? Since I want another machines (running Linux) to authenticate it |
4 |
> will be a good idea only ONE machine get information from AD and |
5 |
> everyone else authenticate natively on this Gentoo Machine. |
6 |
> |
7 |
> No this is not needed. If you are in a mixed environment (I think) it |
8 |
> is much easier to just use AD as the one directory service and join all |
9 |
> your linux boxes to it. As long as your idmap ranges match your users |
10 |
> will have the same uid on all boxes. |
11 |
|
12 |
I agree with this except for the need to "join all your linux boxes". |
13 |
AD is really just ldap+kerberos. Most of the time you don't need the |
14 |
headache of kerberos and can just use the ldap component. Modern AD |
15 |
schemas include all the of necessary attributes support for having Linux |
16 |
clients talk to it directly for uid/gid mapping, which is much nicer |
17 |
since it avoids the complexity of any samba requirements when you don't |
18 |
need them (eg: mail, web, etc.). |
19 |
|
20 |
</cent></cent> |
21 |
|
22 |
Brian |