Jumping on this thread late but another product that is awesome for Unix AD integration is VAS or I guess now they are calling it Quest Authentication Services. Just like Centrify only been around longer and is definitely geared toward the large enterprise.
One thing I liked about is that they had a tool that resolved UID/GID conflicts. Adam ----- Original Message ----- From: "Richard Chycoski" <[email protected]> To: "Edward Ned Harvey" <[email protected]> Cc: "LOPSA Technical Discussions" <[email protected]> Sent: Friday, January 9, 2009 11:36:16 AM GMT -07:00 US/Canada Mountain Subject: Re: [lopsa-tech] AD integration with Unix > >> Again, we're an engineering shop and the users move lots of data >> around, so NFS sucks over the WAN, though it's honestly tolerable for >> home dirs. >> >> > > OOooohhh... I would caution against that idea. You might not know how much > your home dir gets used. Every new shell runs another .bashrc, every little > X movement reads another dot-file of various sorts ... etc. The main thing > about the WAN is that it's very high latency, even for tiny little files, > it'll take another 1 second delay ... over and over and over and over ... > > In the setup where I use the international NIS setup, the users have separate > home directories in each country, but the path is always the same. So > they're always /path/to/home but coming from a low-latency server. > > We still have NIS+ installed across the globe, with most data for *everyone* (150K+ user accounts) replicated into the domain at every location. The exception is home directory information where we have a NIS+ automounter map for the home directories. Most users have a single home directory in the location where they do most of the work (usually local to where they live). However, for users who do work in multiple theatres we can create separate home directories in each of those theatres. This usually happens only after someone complains about the speed (mounting a US-based home directory in Europe or India is painful!) and when authorised by management.Others just put up with the latency for occasional use 'across the pond'. - Richard _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
