sry for repost didnt hit reply to all my question though is what is the best way in the linux world to get windows machines to join a linux domain which is being hosted by bind
On Fri, Oct 24, 2008 at 3:01 PM, Dave Love <[EMAIL PROTECTED]> wrote: > Prentice Bisbal <[EMAIL PROTECTED]> writes: > > > The trust is that if you already have and AD installation and the AD > > controllers have Microsoft Services for Unix (MSSFU, or just SFU) 3.5 or > > later, you have everything you need to use your AD servers as Kerberos > > and LDAP masters for your Linux clients. > > You only need that stuff for the NSS databases (passwd, group), not for > Kerberos. [I never managed to get the add-on SFE stuff to install -- > even after recovering from the server being 0wned whilst it was getting > security-patched -- but I guess that's not a general problem.] > > > If you want to go the other way around, have Linux serve as the AD > > controllers, you'll need to use Samba, and I haven't had much success > > with it. > > Samba as an actual AD controller is a Samba 4 thing, which isn't ready > yet, as far as I know -- has that changed recently? The canonical way > to DTRT is to have a master Kerberos server in the POSIX world, which AD > trusts, and populate the POSIX and AD worlds' LDAP separately from one > or more accounts databases. Basically you want to keep AD in its own > world, and in a network subdomain with a sensible DNS arrangement, since > AD wants to control DNS. > _______________________________________________ > Beowulf mailing list, [email protected] > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf > -- Jonathan Aquilina
_______________________________________________ Beowulf mailing list, [email protected] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
