Solved

can Linux RHEL NIS Kerberos-based replace Windows Active Directory

Posted on 2011-02-27
9
485 Views
Last Modified: 2012-05-11
Hi all,

can Linux RHEL NIS or Kerberos-based replace Windows Active Directory? If NO, why not.
our Clients is windows.

thanks
0
Comment
Question by:rawandnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34994693
(out of points, please)
I'm not an expert in Linux technology, but I've recently read somewhere about Fedora 389 Directory Server and I think it can be a part of existing domain and can be a separate environment where your machines could work. If you can test it, do it. Maybe it's worth :)

Check this project home page for installation and more details with downloads (install guide for Red Hat)
http://directory.fedoraproject.org/wiki/Install_Guide

Home Page
http://directory.fedoraproject.org/

Regards,
Krzysztof
0
 

Author Comment

by:rawandnet
ID: 34994823
I wanted to know the disadvantage of moving to Linux authentication rather than Active directory, example with windows server there is group policy that can be implemented on windows client.  I don’t know if that is possible with Linux server. currently we use Vista client, can Linux server control clients roaming profiles, and other permission and privileges?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34994871
Nope, that's the only Windows-based domain functions. I would suggest using Windows AD rather that Linux. It's much easier in management and more powerful. If you need to use your Linux/UNIX then you can use NIS as you said (available in 2003 R2 and above)

I'm a Windows guy and I prefer using it than Linux :]

You can check some info about AD features
http://msdn.microsoft.com/en-us/library/cc737139%28v=ws.10%29.aspx
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

Krzysztof
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 48

Expert Comment

by:Tintin
ID: 34994950
I would either use OpenLDAP or Samba on the Linux side.

From memory, I don't think Windows has any native NIS support.

0
 

Author Comment

by:rawandnet
ID: 34995859
I worked with AD but not with openLDAP. What feachers AD has OpenLDAP doesn’t. Currently we have server 2003 that has Domain controller with AD with group policy implemented, the clients are vista.
I have been asked to replace those windows server with linx.

The question is; if I use OpenLDAP does it replace windows AD. Can OpenLDAP do same function as windows AD does?
0
 
LVL 31

Accepted Solution

by:
farzanj earned 500 total points
ID: 35002958
It will have multiple parts.

You need authentication and you need centralized storage.  Furthermore you need security and probably scalability --depending upon your organizational size, etc.


SAMBA can act as a primary domain controller for Windows clients.  I have done it in the past.  It is easy to configure.
You can use some implementation of LDAP in conjunction with SAMBA.  So LDAP would keep the directory data which would be fast and scalable.  You would further need to add security features to it because you may not want passwords to travel over the network unencrypted.  So you can use one of many mechanisms to do that -- TLS, SASL or Kerberos.

If you want to keep it very simple in a small setup, all you need is SAMBA.

NIS is mostly used for Unix/Linux clients.  How would you centralize account storage?  I am not even sure how the authentication would work on Windows with NIS  -- never heard of it.  It has always been typically for pure Unix/Linux environments.

Try
http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35422473
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question