Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

can Linux RHEL NIS Kerberos-based replace Windows Active Directory

Posted on 2011-02-27
9
484 Views
Last Modified: 2012-05-11
Hi all,

can Linux RHEL NIS or Kerberos-based replace Windows Active Directory? If NO, why not.
our Clients is windows.

thanks
0
Comment
Question by:rawandnet
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34994693
(out of points, please)
I'm not an expert in Linux technology, but I've recently read somewhere about Fedora 389 Directory Server and I think it can be a part of existing domain and can be a separate environment where your machines could work. If you can test it, do it. Maybe it's worth :)

Check this project home page for installation and more details with downloads (install guide for Red Hat)
http://directory.fedoraproject.org/wiki/Install_Guide

Home Page
http://directory.fedoraproject.org/

Regards,
Krzysztof
0
 

Author Comment

by:rawandnet
ID: 34994823
I wanted to know the disadvantage of moving to Linux authentication rather than Active directory, example with windows server there is group policy that can be implemented on windows client.  I don’t know if that is possible with Linux server. currently we use Vista client, can Linux server control clients roaming profiles, and other permission and privileges?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34994871
Nope, that's the only Windows-based domain functions. I would suggest using Windows AD rather that Linux. It's much easier in management and more powerful. If you need to use your Linux/UNIX then you can use NIS as you said (available in 2003 R2 and above)

I'm a Windows guy and I prefer using it than Linux :]

You can check some info about AD features
http://msdn.microsoft.com/en-us/library/cc737139%28v=ws.10%29.aspx
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

Krzysztof
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 48

Expert Comment

by:Tintin
ID: 34994950
I would either use OpenLDAP or Samba on the Linux side.

From memory, I don't think Windows has any native NIS support.

0
 

Author Comment

by:rawandnet
ID: 34995859
I worked with AD but not with openLDAP. What feachers AD has OpenLDAP doesn’t. Currently we have server 2003 that has Domain controller with AD with group policy implemented, the clients are vista.
I have been asked to replace those windows server with linx.

The question is; if I use OpenLDAP does it replace windows AD. Can OpenLDAP do same function as windows AD does?
0
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 35002958
It will have multiple parts.

You need authentication and you need centralized storage.  Furthermore you need security and probably scalability --depending upon your organizational size, etc.


SAMBA can act as a primary domain controller for Windows clients.  I have done it in the past.  It is easy to configure.
You can use some implementation of LDAP in conjunction with SAMBA.  So LDAP would keep the directory data which would be fast and scalable.  You would further need to add security features to it because you may not want passwords to travel over the network unencrypted.  So you can use one of many mechanisms to do that -- TLS, SASL or Kerberos.

If you want to keep it very simple in a small setup, all you need is SAMBA.

NIS is mostly used for Unix/Linux clients.  How would you centralize account storage?  I am not even sure how the authentication would work on Windows with NIS  -- never heard of it.  It has always been typically for pure Unix/Linux environments.

Try
http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35422473
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question