> From: [email protected] [mailto:[email protected]] On Behalf > Of Michael D. Parker > > The company that I am working for is embarking on replacing the current > locally developed NIS/YP structure with something LDAPish. > > We already have AD in house for the Windows stuff and would like to > consider > using the AD system. The AD people are quite restrictive and would not > easily support extensive modifications. > > We have needs to have the replacement include the support the full > capabilities of the NIS/YP suite include netgroups, login restrictions > to > specific servers for specific users or groups of users, consistent > passwords > between the *nix and Windows environment,etc.
Without any modification at all, you can use Kerberos or LDAP (preferably Kerberos) for authentication. With minimal modification (enabling UNIX services) you could support a very basic NIS or LDAP setup for posix stuff ... but you can't get full NIS capabilities out of Windows without extensive modifications. You can't have a groupname that matches a username. You can't have a bunch of the other "advanced" features too. At $WORK, I use kerberos for authentication, and NIS for everything else. Passwords are all unified and single-sign on, controlled by AD. POSIX stuff all comes from a system that's natively designed for that purpose (NIS). (You could also substitue LDAP instead of NIS.) When we eval'd LDAP as an alternative to NIS, it was tougher to configure right, and less effective at failover, so we opted for NIS. Security is not a concern as it's all on a LAN and doesn't contain any password information. > We have looked at Likewise, but our management wants other alternatives > to > compare with. If you're looking at likewise, perhaps also look at concentric. I used the free version of likewise a little bit (and liked it) but I've never used either of these companies for anything beyond that. I cannot say which is better for which purposes, I only know they do similar type of stuff. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
