Linux and LDAP
-
I'd like to ask those who are much wiser in Linux than I, what do you use for server/client setups? Samba4? NFS home folders & LDAP? 389 Directory Server? I haven't been a part of a large enterprise Linux environment (yet) and I'm just curious how they tackle these types of things. Thanks!
-
Well the first question would be.... what kind of large Linux environment are you picturing? Does this mean Linux on the desktop? Only Linux on the server?
-
Linux home directories in a large environment are typically handled via NFS automounters which is amazing. This works so much better than anything on Windows. NFS v3 with AutoFS is fast, transparent and totally slick. And the ease of user between machines is fantastic.
-
@scottalanmiller said:
Well the first question would be.... what kind of large Linux environment are you picturing? Does this mean Linux on the desktop? Only Linux on the server?
I had pictured both. Linux servers and end users on Linux desktops.
-
@scottalanmiller said:
Linux home directories in a large environment are typically handled via NFS automounters which is amazing. This works so much better than anything on Windows. NFS v3 with AutoFS is fast, transparent and totally slick. And the ease of user between machines is fantastic.
Thanks @scottalanmiller!
-
Then Samba of any sort would be out of the picture. Samba is purely for the purpose of cross compatibility with the Windows and/or Mac worlds. It is all non-native technologies to the UNIX world and would be complex and inefficient there.
-
In a large environment of UNIX you would expect to see LDAP and Kerberos most of the time. There are other ways to tackle this like local users and tools to push those out that but that is generally too complex to do on scale.
-
@scottalanmiller said:
In a large environment of UNIX you would expect to see LDAP and Kerberos most of the time. There are other ways to tackle this like local users and tools to push those out that but that is generally too complex to do on scale.
I never looked into it but I never thought of using kerberos without samba. I just assumed it was mostly for Windows.
-
@johnhooks said:
I never looked into it but I never thought of using kerberos without samba. I just assumed it was mostly for Windows.
Nope, it's all from UNIX originally. That's where it started while at MIT. The use of both LDAP and Kerberos on Windows is completely copied from the UNIX world.
-
@scottalanmiller said:
@johnhooks said:
I never looked into it but I never thought of using kerberos without samba. I just assumed it was mostly for Windows.
Nope, it's all from UNIX originally. That's where it started while at MIT. The use of both LDAP and Kerberos on Windows is completely copied from the UNIX world.
Thanks again!
-
There are other tools too, like NIS and NIS+ but they are not very good and pretty much no one uses them anymore.
-
@scottalanmiller said:
There are other tools too, like NIS and NIS+ but they are not very good and pretty much no one uses them anymore.
Are there "group policy" type tools that are used or is it just DAC & MAC?
I saw something called Pesselus but I don't know if some of these things solve problems that arent there and are evenenterprise accepted.
-
@johnhooks said:
@scottalanmiller said:
There are other tools too, like NIS and NIS+ but they are not very good and pretty much no one uses them anymore.
Are there "group policy" type tools that are used or is it just DAC & MAC?
Have not seen any, but the need for them is very low as you can do similar things with nearly no effort on Linux without tools like that.
-
@scottalanmiller said:
In a large environment of UNIX you would expect to see LDAP and Kerberos most of the time. There are other ways to tackle this like local users and tools to push those out that but that is generally too complex to do on scale.
When I worked at West Teleservices 15+ years ago they managed all of their SCO boxes through local accounts and manged those through network based scripts...
-
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
-
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
-
@johnhooks said:
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.
-
@johnhooks said:
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
You would use Kerberos and LDAP but not Samba of any version. Samba does "Windows services", SMB protocol and AD. If you don't have Windows, you don't touch Samba. Samba is not the Kerberos or LDAP supplier, it's literally only for talking to Windows.
-
@coliver said:
@johnhooks said:
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.
Samba4 takes Kerberos and LDAP and sets them up in an AD way. AD is just specialized Kerberos and LDAP packaged together and ready to go.
-
@scottalanmiller said:
@coliver said:
@johnhooks said:
@coliver said:
I've always seen Kerberos+LDAP+NFS to do the "Active Directory" stuff with Linux. Even had a grad class that had us setup that environment.
I had heard of Kerberos and Samba 4 as an AD replacement but I didn't know you could use it in that regard.
Right Samba4 is an AD drop-in replacement. Kerberos and LDAP are more designed for network logins for Linux and Unix systems.
Samba4 takes Kerberos and LDAP and sets them up in an AD way. AD is just specialized Kerberos and LDAP packaged together and ready to go.
Yep, hence the "drop-in" replacement for AD.
