DC Demotion Question
-
@BRRABill Yup same boat. Solo it guy.
-
@scottalanmiller I agree that is a superior but i would still have issues with the other services.
-
@tiagom said in DC Demotion Question:
@scottalanmiller I agree that is a superior but i would still have issues with the other services.
How crippling are those other services? Do they affect everyone, just a few people?
-
Varies on the service. But some of them can have engineers or our manufacturing floor at a stand still.
-
@tiagom said in DC Demotion Question:
Varies on the service. But some of them can have engineers or our manufacturing floor at a stand still.
Can't you replicate those services on other servers and leave AD singular?
-
Why isn't there an open source product that can replicate AD? That would solve all our problems!
-
The services authenticate against AD using LDAP.
-
@BRRABill said in DC Demotion Question:
Why isn't there an open source product that can replicate AD? That would solve all our problems!
There is. Samba4 functions as AD completely. LDAP will replicate it, like FreeIPA.
-
@tiagom said in DC Demotion Question:
The services authenticate against AD using LDAP.
So you have double dependencies, if either AD or LDAP fails everything goes down?
-
I happened to have spare licenses already in house, so it was the "simplest" solution.
-
It is single dependency as i understand it. If AD goes down i cant use a LDAP query again it.
-
@tiagom said in DC Demotion Question:
It is single dependency as i understand it. If AD goes down i cant use a LDAP query again it.
That's one dependency. But you depend on LDAP as well. What if LDAP goes down?
AD needs LDAP, LDAP needs AD. It's an "and" not an "or".
-
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Why isn't there an open source product that can replicate AD? That would solve all our problems!
There is. Samba4 functions as AD completely. LDAP will replicate it, like FreeIPA.
Could one of those provide redundancy for AD in a 1 server scenario?
Save some licensing costs?
-
@scottalanmiller said in DC Demotion Question:
@tiagom said in DC Demotion Question:
It is single dependency as i understand it. If AD goes down i cant use a LDAP query again it.
That's one dependency. But you depend on LDAP as well. What if LDAP goes down?
AD needs LDAP, LDAP needs AD. It's an "and" not an "or".
Maybe im missing something but..
I have the service and AD(/DC). The service uses a ldap query's against AD.
If the service goes down well then we never get to authenticate. If AD goes down the service will still try to authenticate but fail.
-
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Why isn't there an open source product that can replicate AD? That would solve all our problems!
There is. Samba4 functions as AD completely. LDAP will replicate it, like FreeIPA.
Could one of those provide redundancy for AD in a 1 server scenario?
Save some licensing costs?
Samba4 can, but doesn't do the LDAP portion that he needs.
-
@tiagom said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@tiagom said in DC Demotion Question:
It is single dependency as i understand it. If AD goes down i cant use a LDAP query again it.
That's one dependency. But you depend on LDAP as well. What if LDAP goes down?
AD needs LDAP, LDAP needs AD. It's an "and" not an "or".
Maybe im missing something but..
I have the service and AD(/DC). The service uses a ldap query's against AD.
If the service goes down well then we never get to authenticate. If AD goes down the service will still try to authenticate but fail.
Oh, you are hitting AD directly, not talking to an LDAP server? Commonly for non-AD enabled services people use federation for AD to sync to LDAP and then they hit LDAP directly. Like with FreeIPA.
-
@scottalanmiller There's the disconnect.
Yup hitting AD directly.
I see interesting, i haven't been in that scenario. Is that the only way to do it, or just the most common?
-
@tiagom said in DC Demotion Question:
@scottalanmiller There's the disconnect.
Yup hitting AD directly.
I see interesting, i haven't been in that scenario. Is that the only way to do it, or just the most common?
Definitely not the only way, but I think it is more common. Many systems, like Linux boxes, talk to LDAP natively and it works really smoothly.
-
Cool, the services that i deal with all (luckily) talk to LDAP natively.
-
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
@scottalanmiller said in DC Demotion Question:
@BRRABill said in DC Demotion Question:
Why isn't there an open source product that can replicate AD? That would solve all our problems!
There is. Samba4 functions as AD completely. LDAP will replicate it, like FreeIPA.
Could one of those provide redundancy for AD in a 1 server scenario?
Save some licensing costs?
Samba4 can, but doesn't do the LDAP portion that he needs.
In my scenario, thinking about going down to one AD ... could Samba work here for redundancy if the AD server goes down while I am away?
