[Date Prev][Date Next]
Re: RFT0001 : Request For Thoughts
"Christopher Barry" <firstname.lastname@example.org> writes:
> Hi everyone,
> The Parts Bin:
> There's a bunch of parts around, and they all kind of fit together, but
> to my current understanding anyway, seem to create a few different
> incomplete solutions, such as:
> * Samba/Winbind/Kerberos (possibly backed by OpenLDAP)
No, this is not possible, ask on a samba list for reasons.
> * OpenLDAP/Kerberos with trusts to AD
yes, this can be done,
> * AD using 2003R2 and possibly custom schema modifications if
this could be done
> My question really is what are others doing to solve this type of
> problem? Architecturally, what is the best approach given the above
> desired outcome?
If you administer a homogenous windows network, keep AD as primary
domain controller (just KDC) and configure samba as backup
If you administer a heterogenous network, get, in addition to the
above mentioned design, OpenLDAP plus heimdal kerberos to administer
Unix hosts and users and create a trust relation to AD.
Dieter Klünter | Systemberatung
GPG Key ID:8EF7B6C6