Linux Domain Controller/Resara Server

Warren Luebkeman warren at resara.com
Fri Jan 27 16:06:54 EST 2012 

"Back to Resara, does it handle Likewise or Centrify? "

Yes, we are using Likewise at several locations.  Works like a charm!

On Fri, Jan 27, 2012 at 4:02 PM, Tom Buskey <tom at buskey.name> wrote:

>
>
> On Fri, Jan 27, 2012 at 2:47 PM, Ben Scott <dragonhawk at gmail.com> wrote:
>
>> On Fri, Jan 27, 2012 at 12:35 PM, Warren Luebkeman <warren at resara.com>
>> wrote:
>> > Yes, its an Active Directory DC, and can host FSMO roles.  Once you
>> have the
>> > domain setup, you can create/manage standard AD group policies via
>> > Microsoft's group policy tools.
>>
>>   *Very* impressive.  You can bet I'll be checking this out.  Thanks
>> for the info.
>>
>
> The Samba folks have been trying to do this for a long time too.  I have
> been in the middle of a migration from AD on Win 2000 to Win 2003 to Win
> 2008 and implementing GPOs.  It's worth having them.
>
>
>>
>>  For those *nix-heads on the list wondering what all this
>> gobbledygook is about:
>>
>>  Active Directory (AD) is Microsoft's directory service.  It manages
>> things like users, groups, email addresses, passwords, computers, etc.
>>  It's vaguely LDAP based.  A Domain Controller (DC) is a server
>> hosting the AD services.  In order to do just about anything with
>> MS-Windows on a network at a business, you need AD.
>>
>>
>
> It is LDAP with Kerberos wrapped in (in a proprietary way).  I have to
> admin AD and a Solaris LDAP server.  As a Unix bigot (like most of us here
> :-) I wish I could get off the LDAP and use AD where it has been done right.
>
> AD also does DNS (static and dynamic) and DHCP very well.  We use it and
> not BIND with all our Unix boxes.
>
>
>>  DCs are mostly peers.  The FSMO roles (Flexible Single Master
>> Operation) are a handful of special tasks which need to be assigned to
>> a single DC.  One is responsible for generating unique IDs, for
>> example.
>>
>
> Replication and redundancy (only one needs to be up).  Again, AD does this
> easily with a few clicks.
>
>
>>
>>  Group Policy Objects (GPOs) are how Windows computers are managed.
>> Pretty much everything about Windows management starts there.
>>
>
> With our GPOs, we've going from hours configuring a PC (300+ files need
> specific permissions and auditing set) to minutes.  If it gets out of spec,
> the GPO resets it.
>
> I'm looking to puppet/CFengine/chef to do something similar for the Unix
> boxes.  If it works 1/2 as well as the GPOs to, I'll be happy.
>
>
>>
>>  The ability to do the above means a Linux server can handle the
>> proper care and feeding of Windows clients.
>>
>>
> AD is a case where MS really did things right.
>
> Back to Resara, does it handle Likewise or Centrify?  These are products
> that allow a Unix client (Linux, Solaris, MacOSX) to use AD for its
> authentication.  If you have an AD environment, it's more secure for
> authenticating then NIS and.
>
>
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
>


-- 
Warren Luebkeman
Partner, COO
Resara LLC
888.357.9195
www.resara.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20120127/e9c68a51/attachment-0001.html

More information about the gnhlug-discuss mailing list