Linux Authentication Against Active Directory 90
Bandman writes "For a while now I've been looking for something to integrate my Linux/Mac corporate environment with Windows Active Directory. I was hoping for centralized authentication at best. As I found out, Likewise Software has produced two products, the free Likewise Open and the commercial Likewise Enterprise. Both of them provide much more than just a centralized repository for accounts. I wrote a review of Likewise Open, but I don't have enough experience with Active Directory to really do justice to Likewise Enterprise. If you've been trying to integrate the Linux and Windows worlds, this could be the easiest way to do it."
enough with the lame tag! (Score:3, Insightful)
Stop with the signed [slashdot.org] tag already!
Re:Linux authenication aganist....can not connect (Score:3, Insightful)
If you went to a car dealership, and you wanted to buy an automatic, what would you do if the salesman said 'Oh, get a stick shift, you've got much more control'? - and then he refused to sell you a car with an automatic transmission?
This is a review? (Score:5, Insightful)
Posting in your blog that you logged in with AD credentials is a review?
What is the downsides. How does it compare to other authentication systems, such as eDirectory, or Open LDAP? How is it any different from just using Samba, or some of the other tools that have been around for years. My Redhat EL 3 server had the option to authenticate against AD. How is this better? How is it better than using Microsoft's Services For Unix and NIS?
Does the directory information get carried to the new system? (Profiles, groups, mapped drives, printers, etc) Do you have to designate special groups to allow logging in? There is way more questions that I would like to see answered in a "review".
What capabilities does the Enterprise edition allow that the basic does not, what is the price, how difficult is it to move a currently running system, and all its users and permissions..
A blog post from someone that admits they don't know much about AD in the first part of the review doesn't really count does it?
Re:Linux authenication aganist....can not connect (Score:4, Insightful)
Ever work in a large environment? Its much easier to have one point of authentication and configuration. Do you want to deal with managing users (change passwords, disabled accounts, etc) on 8 different systems? I sure don't. Things will get forgotten, and accounts that should be disabled will not be.
You obviously haven't used AD very much, because it is not just an authentication system. It ensures policies (drive mappings, configurations, proxy settings, MS office behaviour and defaults, security standards, etc), deploys software and printers to users and computers
I hope the editors got paid... (Score:3, Insightful)
Re:Linux authenication aganist....can not connect (Score:4, Insightful)
"...it is not just an authentication system. It ensures policies (drive mappings, configurations, proxy settings, MS office behaviour and defaults, security standards, etc), deploys software and printers to users and computers"
Of what use is this in anything other than a Microsoft Environment?
How does AD "deploy software and printers" to anything that isn't a Microsoft Environment? And why would you even want it to?
So, from a network viewpoint, AD is just an authentication system. The rest is worthless in a heterogeneous environment.
[Proxy settings are useful].
Re:Linux authenication aganist....can not connect (Score:4, Insightful)
Re:Linux authenication aganist....can not connect (Score:3, Insightful)
As of v4.11 of Novell's NDS (now eDirectory), NDS was a far superior system for managing objects. I was easily managing hundreds of servers and thousands of Windows workstations (using Zen Works) with NDS in the NetWare 4.11/4.12 time frame. This included enterprise software roll out, local NT registry management, software and hardware inventory, and on-demand software delivery. I could easily drop in a replacement PC for a user and it would auto-build the software profile for them. We didn't spend hours trying to fix a user's PC if it was hosed or infected. We swapped their old one for a new one. When they logged in they got their old tools and files (network stored). The old PC was diagnosed and wiped at our leisure.
The programming API for NDS was much simpler that for AD (or LDAP, for that matter). The limitation there was having to use the Watcom C compiler to wrap NetWare NLMs (NetWare Loadable Modules. The old 3.x versions were called VAPs - Value Added Processes).
AD still suffers from old holdover problems (like groups not showing up via one API, but visible in another, or simply showing some members and truncating the list, having to know which server to query, etc...)
Novell's NDS was stronger in the 4.11+ days than AD is now. This includes extensibility, manageability, API, etc... That doesn't mean that MS isn't making progress, just that they should have listened to us back in '97 when we were asking them to license NDS from Novell and drop the death-trap that was AD. We would be 11 years farther on stability and usability if they had.
I have no idea how stable or usable NDS/eDirectory is now. Very few shops depend on it now and I had to drop it from my bag of tricks so that I could focus on what paid the bills.
Here's a basic list of MS non-innovation over time:
Enough ranting... MS is doing better with AD than they were, but it still has a long way to go.