1 |
I've recently begun administrating a site that has about 20 Linux |
2 |
servers of various flavors, another 25 Windows 2003 servers, and soon 15 |
3 |
Apple Xserves. Previously no real policies of any sort existed, so I've |
4 |
been trying to consolidate servers and users and what not. On the |
5 |
Windows side this was fairly easily accomplished via Active Directory. |
6 |
I've begun setting up our new Apple XRaid and it's cluster nodes. While |
7 |
doing this I noticed that it has some built in support for Active |
8 |
Directory authentication, which got me to thinking whether I could also |
9 |
integrate all the Linux servers into this scheme. |
10 |
|
11 |
Basically I would like to use Active Directory to manage users, groups, |
12 |
and passwords. Then have the Linux servers hit up against this using |
13 |
LDAP to translate the uid and gids for some ssh access, filesystem |
14 |
access via Samba and ftp, a few email accounts for use with |
15 |
postfix/dovecot, web authentication, etc. I would also like to make |
16 |
sure I can change passwords on the Linux side. |
17 |
|
18 |
My limited understanding says that this is similar to an OpenLDAP setup |
19 |
through pam/nss with the further modification of remapping some |
20 |
attributes to Active Directory ones (or altering the AD schema, which |
21 |
seems unnecessary to me). Oh, and then there's Kerberos to deal with, |
22 |
which I need to do some more research on. |
23 |
|
24 |
I would like to know if there's anyone out there who's tried to or |
25 |
successfully accomplished this and whether it's any better or worse than |
26 |
setting up a separate OpenLDAP server. I'd prefer to keep it in one |
27 |
directory, but also don't want to cause myself any unnecessary headaches. |
28 |
|
29 |
Thanks for your input, |
30 |
Brian |
31 |
-- |
32 |
gentoo-server@g.o mailing list |