[Beowulf] Re: Active directory with Linux

[Jon Aquilina]

sry for repost didnt hit reply to all

my question though is what is the best way in the linux world to get windows
machines to join a linux domain which is being hosted by bind

On Fri, Oct 24, 2008 at 3:01 PM, Dave Love <d.love at liverpool.ac.uk> wrote:

> Prentice Bisbal <prentice at ias.edu> writes:
>
> > The trust is that if you already have and AD installation and the AD
> > controllers have Microsoft Services for Unix (MSSFU, or just SFU) 3.5 or
> > later, you have everything you need to use your AD servers as Kerberos
> > and LDAP masters for your Linux clients.
>
> You only need that stuff for the NSS databases (passwd, group), not for
> Kerberos.  [I never managed to get the add-on SFE stuff to install --
> even after recovering from the server being 0wned whilst it was getting
> security-patched -- but I guess that's not a general problem.]
>
> > If you want to go the other way around, have Linux serve as the AD
> > controllers, you'll need to use Samba, and I haven't had much success
> > with it.
>
> Samba as an actual AD controller is a Samba 4 thing, which isn't ready
> yet, as far as I know -- has that changed recently?  The canonical way
> to DTRT is to have a master Kerberos server in the POSIX world, which AD
> trusts, and populate the POSIX and AD worlds' LDAP separately from one
> or more accounts databases.  Basically you want to keep AD in its own
> world, and in a network subdomain with a sensible DNS arrangement, since
> AD wants to control DNS.
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit
> http://www.beowulf.org/mailman/listinfo/beowulf
>



-- 
Jonathan Aquilina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.scyld.com/pipermail/beowulf/attachments/20081025/d73673b0/attachment.html