Re: RFT0001 : Request For Thoughts

["Dieter Kluenter" <dieter@dkluenter.de>]

Hi Christopjer,

"Christopher Barry" <christopher.barry@qlogic.com> writes:


>> 
>> "Christopher Barry" <christopher.barry@qlogic.com> writes:
[...]
>> >  
>> > My question really is what are others doing to solve this type of
>> > problem? Architecturally, what is the best approach given the above
>> > desired outcome?
>> 
>>  If you administer a homogenous windows network, keep AD as primary
>>  domain controller (just KDC) and configure samba as backup
>>  controller. 
>> If you administer a heterogenous network, get, in addition to  the
>> above mentioned design, OpenLDAP plus heimdal kerberos to administer
>> Unix hosts and users and create a trust relation to AD.
[...]
> Thanks Dieter.
>
> Why heimdal as opposed to MIT? Is is better at AD interop, or are you thinking about crypto restrictions?

The reason for heimdal achtually is that credentials can be stored in
OpenLDAP, an other argument is better threading beaviour.

> Also, would you recommend keeping all user/group data in AD proper, but all other NIS related stuff in OpenLDAP?

This really depends on the whole design, I wouldn't give any
recommendation here.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6