[Date Prev][Date Next]
RE: RFT0001 : Request For Thoughts
> -----Original Message-----
email@example.com] On Behalf Of Dieter Kluenter
> Sent: Tuesday, September 23, 2008 1:11 PM
> To: firstname.lastname@example.org
> Subject: Re: RFT0001 : Request For Thoughts
> "Christopher Barry" <email@example.com> writes:
> > Hi everyone,
> > The Parts Bin:
> > There's a bunch of parts around, and they all kind of fit
> together, but
> > to my current understanding anyway, seem to create a few different
> > incomplete solutions, such as:
> > * Samba/Winbind/Kerberos (possibly backed by OpenLDAP)
> No, this is not possible, ask on a samba list for reasons.
> > * OpenLDAP/Kerberos with trusts to AD
> yes, this can be done,
> > * AD using 2003R2 and possibly custom schema modifications if
> > required.
> this could be done
> > My question really is what are others doing to solve this type of
> > problem? Architecturally, what is the best approach given the above
> > desired outcome?
> If you administer a homogenous windows network, keep AD as primary
> domain controller (just KDC) and configure samba as backup
> If you administer a heterogenous network, get, in addition to the
> above mentioned design, OpenLDAP plus heimdal kerberos to administer
> Unix hosts and users and create a trust relation to AD.
> Dieter Klünter | Systemberatung
> GPG Key ID:8EF7B6C6
Why heimdal as opposed to MIT? Is is better at AD interop, or are you thinking about crypto restrictions?
Also, would you recommend keeping all user/group data in AD proper, but all other NIS related stuff in OpenLDAP?