Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 512
  • Last Modified:

can Linux RHEL NIS Kerberos-based replace Windows Active Directory

Hi all,

can Linux RHEL NIS or Kerberos-based replace Windows Active Directory? If NO, why not.
our Clients is windows.

thanks
0
rawandnet
Asked:
rawandnet
1 Solution
 
Krzysztof PytkoActive Directory EngineerCommented:
(out of points, please)
I'm not an expert in Linux technology, but I've recently read somewhere about Fedora 389 Directory Server and I think it can be a part of existing domain and can be a separate environment where your machines could work. If you can test it, do it. Maybe it's worth :)

Check this project home page for installation and more details with downloads (install guide for Red Hat)
http://directory.fedoraproject.org/wiki/Install_Guide

Home Page
http://directory.fedoraproject.org/

Regards,
Krzysztof
0
 
rawandnetAuthor Commented:
I wanted to know the disadvantage of moving to Linux authentication rather than Active directory, example with windows server there is group policy that can be implemented on windows client.  I don’t know if that is possible with Linux server. currently we use Vista client, can Linux server control clients roaming profiles, and other permission and privileges?
0
 
Krzysztof PytkoActive Directory EngineerCommented:
Nope, that's the only Windows-based domain functions. I would suggest using Windows AD rather that Linux. It's much easier in management and more powerful. If you need to use your Linux/UNIX then you can use NIS as you said (available in 2003 R2 and above)

I'm a Windows guy and I prefer using it than Linux :]

You can check some info about AD features
http://msdn.microsoft.com/en-us/library/cc737139%28v=ws.10%29.aspx
http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx

Krzysztof
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TintinCommented:
I would either use OpenLDAP or Samba on the Linux side.

From memory, I don't think Windows has any native NIS support.

0
 
rawandnetAuthor Commented:
I worked with AD but not with openLDAP. What feachers AD has OpenLDAP doesn’t. Currently we have server 2003 that has Domain controller with AD with group policy implemented, the clients are vista.
I have been asked to replace those windows server with linx.

The question is; if I use OpenLDAP does it replace windows AD. Can OpenLDAP do same function as windows AD does?
0
 
farzanjCommented:
It will have multiple parts.

You need authentication and you need centralized storage.  Furthermore you need security and probably scalability --depending upon your organizational size, etc.


SAMBA can act as a primary domain controller for Windows clients.  I have done it in the past.  It is easy to configure.
You can use some implementation of LDAP in conjunction with SAMBA.  So LDAP would keep the directory data which would be fast and scalable.  You would further need to add security features to it because you may not want passwords to travel over the network unencrypted.  So you can use one of many mechanisms to do that -- TLS, SASL or Kerberos.

If you want to keep it very simple in a small setup, all you need is SAMBA.

NIS is mostly used for Unix/Linux clients.  How would you centralize account storage?  I am not even sure how the authentication would work on Windows with NIS  -- never heard of it.  It has always been typically for pure Unix/Linux environments.

Try
http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now