can Linux RHEL NIS Kerberos-based replace Windows Active Directory

Hi all,

can Linux RHEL NIS or Kerberos-based replace Windows Active Directory? If NO, why not.
our Clients is windows.

thanks
rawandnetAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
farzanjConnect With a Mentor Commented:
It will have multiple parts.

You need authentication and you need centralized storage.  Furthermore you need security and probably scalability --depending upon your organizational size, etc.


SAMBA can act as a primary domain controller for Windows clients.  I have done it in the past.  It is easy to configure.
You can use some implementation of LDAP in conjunction with SAMBA.  So LDAP would keep the directory data which would be fast and scalable.  You would further need to add security features to it because you may not want passwords to travel over the network unencrypted.  So you can use one of many mechanisms to do that -- TLS, SASL or Kerberos.

If you want to keep it very simple in a small setup, all you need is SAMBA.

NIS is mostly used for Unix/Linux clients.  How would you centralize account storage?  I am not even sure how the authentication would work on Windows with NIS  -- never heard of it.  It has always been typically for pure Unix/Linux environments.

Try
http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
(out of points, please)
I'm not an expert in Linux technology, but I've recently read somewhere about Fedora 389 Directory Server and I think it can be a part of existing domain and can be a separate environment where your machines could work. If you can test it, do it. Maybe it's worth :)

Check this project home page for installation and more details with downloads (install guide for Red Hat)
http://directory.fedoraproject.org/wiki/Install_Guide

Home Page
http://directory.fedoraproject.org/

Regards,
Krzysztof
0
 
rawandnetAuthor Commented:
I wanted to know the disadvantage of moving to Linux authentication rather than Active directory, example with windows server there is group policy that can be implemented on windows client.  I don’t know if that is possible with Linux server. currently we use Vista client, can Linux server control clients roaming profiles, and other permission and privileges?
0
A proven path to a career in data science

At Springboard, we know how to get you a job in data science. With Springboard’s Data Science Career Track, you’ll master data science  with a curriculum built by industry experts. You’ll work on real projects, and get 1-on-1 mentorship from a data scientist.

 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Nope, that's the only Windows-based domain functions. I would suggest using Windows AD rather that Linux. It's much easier in management and more powerful. If you need to use your Linux/UNIX then you can use NIS as you said (available in 2003 R2 and above)

I'm a Windows guy and I prefer using it than Linux :]

You can check some info about AD features
http://msdn.microsoft.com/en-us/library/cc737139%28v=ws.10%29.aspx
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

Krzysztof
0
 
TintinCommented:
I would either use OpenLDAP or Samba on the Linux side.

From memory, I don't think Windows has any native NIS support.

0
 
rawandnetAuthor Commented:
I worked with AD but not with openLDAP. What feachers AD has OpenLDAP doesn’t. Currently we have server 2003 that has Domain controller with AD with group policy implemented, the clients are vista.
I have been asked to replace those windows server with linx.

The question is; if I use OpenLDAP does it replace windows AD. Can OpenLDAP do same function as windows AD does?
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.