PBIS has, or at least used to have, some interesting issues when connected to really large AD environments. The one I remember, is that if your AD has more than 512k objects, the Unix users it auto-provisioned could have overlapping UIDs (multiple users mapping to the same Unix uid). As I recall, the solution involved modifying our AD setup (maybe installing their software on our DCs?) which was a non-starter, when all we wanted to do was let ten or so people use their AD credentials to sign on to a few Linux boxes.
Centrify worked just fine for this, and didn’t require any hooks into AD. In all fairness, it has its own issues (I’ve had some less-than-ideal experiences with their support team), but for me their issues are more manageable. :) David Smith From: discuss-boun...@lists.lopsa.org [mailto:discuss-boun...@lists.lopsa.org] On Behalf Of Christina Plummer Sent: Friday, October 31, 2014 9:11 AM To: Mark McCullough Cc: disc...@lopsa.org Subject: Re: [lopsa-discuss] AD equivalent for Linux I've used and evaluated PowerBroker about five years ago. From a security perspective, I cannot recommend it. At the shop where I did the eval, we banned it and forced the group using it to dump it completely. Can you elaborate on your bad experiences with PBIS (PowerBroker Identity Services, formerly Likewise)? (Unless you meant the main "PowerBroker" product, which is more of a drop-in sudo replacement?) We've been using PBIS for years and it does the job of allowing us to use AD accounts to login to our Linux systems. We manage access primarily via AD groups. We switched from the "Open" version to "Enterprise" last year, but I'm not sure it was worth it (the main thing we were hoping for was improved reporting, but the reporting piece is kinda useless for us right now). But, it's not an AD replacement - just a method of integrating your Unix-like systems with AD.
_______________________________________________ Discuss mailing list Discuss@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
