For Unified Login, security and auditing I would recommend you take a look at Centrify. In other arenas I am not very well versed yet but I will be watching this thread as I am interested as well.
On Mon, Dec 29, 2008 at 10:57 AM, Neil Neely <[email protected]> wrote: > We're looking at integrating our *nix machines with our AD servers and > are trying to find the "Best" way to do this. In this case I'm > finding my google-fu isn't working in my favor... there is no shortage > of information. Every time I think I have a complete grasp of ways > this can be done I find one more. So there are plenty of resources > for how to do this using technique X, what I really need is some > feedback from people who are further along in this evolution that can > give some perspective on which approach they think is the best. > > Disclaimer: I am in the process of learning how these bits fit > together, and if I've said something truly bizarre it is likely out of > ignorance not arrogance so I really would appreciate being pointed in > the right direction. > > Relevant background details: > ~50 production servers that are centrally managed (unified UID and > passwords) using homegrown syncing - we would like to move these to AD > Already have AD infrastructure in place authenticating staff work > stations (~50 workstations) > The servers exist to support our customers (not staff in general) > These servers do not require shared home directories for staff. > Staff accessing these servers are all performing some task relating to > "administration", though at different levels (tech support through sys > admin). > * primary concern is not securing these machines against it's > legitimate users (so NIS may be acceptable in this environment). > This economy stinks and doing this without any capital expenses is > very important. > > Combinations we are seriously considering (in no particular order): > > NIS w/Kerberos (via SFU) > > Winbind > > Likewise Open > > We've found various bits and pieces that seemed promising with each of > these approaches. This is our short list of best fit for the problems > we've got, but perhaps we've overlooked something. I would really > appreciate any pro's/con's from the trenches on this topic. "Likewise > Open" seems to be the easiest to install at this point, so is slightly > ahead in our evaluation. > > Thanks for your time, > > (sidenote: AD is being chosen because it is existing established > infrastructure here that looks like it will do the job we need, > nothing at all against openldap, this is just using the tool that > we've got so we can focus on solving other challenges.) > > Neil Neely > http://neil-neely.blogspot.com > > > > > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ > -- Paul _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
