AD Authentication?
Tom Buskey
tom at buskey.name
Wed Mar 5 12:30:16 EST 2008
On Tue, Mar 4, 2008 at 3:44 PM, Ben Scott <dragonhawk at gmail.com> wrote:
> On Tue, Mar 4, 2008 at 3:02 PM, Kenny Lussier <klussier at gmail.com> wrote:
> > What if I can touch the AD servers? Or, at least, I sit next to the
> > guy that can touch the AD servers? Are there other options?
>
> SFU (Services For Unix, "free", from Microsoft) aims to make Windows
> speak Unix protocols to your Unix boxes. It's the logical inverse of
> Samba.
>
> http://www.google.com/search?q=%22Services+For+Unix%22
>
> So, with SFU, you could use closer-to-native tools (like NIS or
> LDAP) to have the Unix boxes authenticate to Active Directory. That
> would probably yield a smoother integration, since those protocols
> provide more Unix-like capabilities than SMB does. You could, for
> example, control the Unix home directory path from AD, or the Unix
> UID/GID. I've never used SFU myself, but I've heard of others who
> have used it successfully (for something).
I'm running w2k3 Storage server with SFU to serve Solaris clients. We're
using about 20 TB.
It will use a NIS map to coordinate usernames but we're not using NIS so we
use a static map.
It seems to require that every Unix user have an AD account with a valid
password. No password, no access. File ownership has had some issues, but
I suspect that because we switched AD servers. It's not an issue in my
environment.
I've also used SFU on WinXP to get an NFS server for a lab. Everything has
been with local accounts. The price is right.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20080305/b08bfd37/attachment.html
More information about the gnhlug-discuss
mailing list