Linux and LDAP
-
There are other tools too, like NIS and NIS+ but they are not very good and pretty much no one uses them anymore.
-
@scottalanmiller said:
There are other tools too, like NIS and NIS+ but they are not very good and pretty much no one uses them anymore.
Are there "group policy" type tools that are used or is it just DAC & MAC?
I saw something called Pesselus but I don't know if some of these things solve problems that arent there and are evenenterprise accepted.
-
@johnhooks said:
@scottalanmiller said:
There are other tools too, like NIS and NIS+ but they are not very good and pretty much no one uses them anymore.
Are there "group policy" type tools that are used or is it just DAC & MAC?
Have not seen any, but the need for them is very low as you can do similar things with nearly no effort on Linux without tools like that.
-
@scottalanmiller said:
In a large environment of UNIX you would expect to see LDAP and Kerberos most of the time. There are other ways to tackle this like local users and tools to push those out that but that is generally too complex to do on scale.
When I worked at West Teleservices 15+ years ago they managed all of their SCO boxes through local accounts and manged those through network based scripts...
-
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
-
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
-
@johnhooks said:
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.
-
@johnhooks said:
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
You would use Kerberos and LDAP but not Samba of any version. Samba does "Windows services", SMB protocol and AD. If you don't have Windows, you don't touch Samba. Samba is not the Kerberos or LDAP supplier, it's literally only for talking to Windows.
-
@coliver said:
@johnhooks said:
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.
Samba4 takes Kerberos and LDAP and sets them up in an AD way. AD is just specialized Kerberos and LDAP packaged together and ready to go.
-
@scottalanmiller said:
@coliver said:
@johnhooks said:
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.
Samba4 takes Kerberos and LDAP and sets them up in an AD way. AD is just specialized Kerberos and LDAP packaged together and ready to go.
Yep, hence the "drop-in" replacement for AD.
-
@coliver said:
Yep, hence the "drop-in" replacement for AD.
Just want to make sure that everyone reading understands that Samba4 does one very specific version and setup for Kerberos and LDAP while on UNIX there are many options for how to do that both in setup as well as in products. Although I'd guess 99% of UNIX people just use OpenLDAP.
-
@scottalanmiller said:
Although I'd guess 99% of UNIX people just use OpenLDAP.
If you are in a 100% *nix environment, then that would make sense... No need for Samba4/Active Directory unless you are primarily a Windows shop.
-
Windows or Mac. Even though Mac is 100% UNIX, it has so much built in SMB and AD support, you would use it for that potentially too.
-
OpenLDAP is what the average Linux shop is going to turn to when looking to implement an "AD like" authentication mechanism when no Windows is involved.
