I've just finished testing with LikeWise (http://www.likewise.com/) with rhel4,5 and 6. There is a free edition and an enterprise edition. I've tested both and been pleasantly surprised with how well they work. The only downside is SELinux must be off or in permissive mode.
Its worth doing an evaluation. CC On Thu, Apr 14, 2011 at 4:58 AM, Musayev, Ilya <[email protected]> wrote: > We are using winbind. Its true that its not stable, but we added "monit" > daemon monitoring of the process with bunch of queries and if it finds > problems with winbind daemon, it will delete the cached files and restart > winbind. Once this was setup and deployed, the winbind auth issues were gone > and I'm talking about a very large environment. In past year+ I haven't had > to fix a single winbind linux auth issue. > > The other reason why we did not use LDAP+Kerberos, is that from what I > recall, it did not have a concept of domain trust. If you have multiple > domains and you need your users to authenticate against multiple domains, it > seems like winbind is the only free/open-source solution that supports it. > > If your setup is simple with 1 domain, LDAP+Kerberos is your best bet. > Otherwise, I'd consider winbind. > > Good luck > -ilya > > > > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Domenico Viggiani > Sent: Wednesday, April 13, 2011 5:32 AM > To: 'Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list' > Subject: Re: [rhelv5-list] AD integration > > Troels Arvin wrote: > >> > Winbind is not the most stable thing I've come across >> > .. >> > So winbind is not without pain, but I couldn't get the other build-in >> > method (using a combination of LDAP and Kerberos, but not winbind) to >> > work well. And a third party tool that we used (Centrify) is too much >> > of a hazzle, being a ... well ... exactly a 3rd party tool (no >> > automatic updates, less well-known by search engines, no Red Hat >> > support, ...) > My experience with LDAP+Kerberos (without Winbind) was successful: no > problem at all, "emergency" (no network, no auth servers available) login > possible, etc > > -- > DV > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list > > > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list > -- RHCE#805007969328369 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
