LinkBack URL
About LinkBacksanyone from here post it?
Slashdot | Best FOSS Active Directory Alternative?
anyone from here post it?
Slashdot | Best FOSS Active Directory Alternative?
Interesting, but why would they not want to use Active Directory? If they are not using Windows Clients I suppose it could make sense.
I think this post sums it up [NSFW]
http://tech.slashdot.org/comments.pl...9&cid=26502907
Last edited by somabc; 18th January 2009 at 03:41 PM.
You have to pay for it.Originally Posted by somabc
--
David Hicks
The submitter says he has 2 Server 2003 boxes already. So they have paid for the licences they can reuse on new hardware if necessary.
The time spent trying to achieve a solution that works half as well as Active Directory will cost more than buying a licence anyway.
Good point, although he might be thinking of future expansion plans, or he might not actually have licenses, he could have taken over a network cobbled together by some War3z D00d.
--
David Hicks
At the moment, even though i'm what many would call a 'Linux Zealot', I wouldn't think of replacing AD. There just isn't anything, to replace it with yet - that can do all it can do.
If we moved away from Windows clients, then yes, AD would be gone, but until then, Windows clients and AD go hand in hand.
not necessarily, the server license is only part of the cost (assuming a license was bought!), add in CALS and the constant upgrade cost with windows licensing. There may be other reasons, such as training. For example; we migrated our windows file servers to samba because they have more features, less licensing, have free feature upgrades, are faster (than the w2k file servers they replaced). There will reach a point where it just won't be cost effective for us to maintain a windows server environment because our skills will be elsewhere.
Again, it rather depends on what the submitter is trying to achieve, other solutions do work as well as AD if you only want an authentication server . If he has no need for GPO in the case of a TC site, with only a few servers that can be managed by scripts or local policy
Personally I'd build upon the Zimbra, by integrating samba into it if I was setting up a new directory / auth server
UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI - Zimbra :: Wiki
Well you do have to look at TCO. What is the schools technology plan? They presumably have a full windows ecosystem just now which is not pirated. So they have Server 2003, Windows XP / Vista, MS Office , MS Exchange all the CALS etc. What are the cost implications of keeping windows software, and upgrading the hardware. Should they migrate wholesale to Linux? How will this affect recruitment in the future. Presumably schools will actually find it harder to recruit qualified Linux/Unix personnel to maintain the system if this tech leaves?
Does his school want to migrate from MS to Open Source solutions, because that is effectively what he is proposing. How far down the open source route should they go? Replace Windows servers with Linux running authentication, DNS, DHCP etc. Then you cannot use exchange, so perhaps something like Zimbra. If you have Linux Servers / Linux Mail Servers then why pay for MS Office so start using OpenOffice or similar. Then why are you paying for Windows at all why not have Linux on the desktop...
I think I agree with this poster on the issue
Best FOSS Active Directory Alternative?
It can be done, but there's a few things you have to bear in mind:
1. Lots of existing products (and this is becoming more common as the years go on) expect an AD-backed domain. Samba + (insert name of LDAP server here) currently can only emulate an NT4-type domain. Samba 4 claims to eliminate this issue but the last time I checked it wasn't even in beta. You'd be nuts to implement it in production at this stage. If your employer's been heavily into Windows for some time, don't be too surprised to find you need to replace quite a lot.
2. Do you have a lot of policies pushed out through AD? (If you're a school, the answer should be "yes". Unless you like making work for yourself...) The closest equivalent is NT4- style policies - which aren't as flexible, don't offer as much and suitable precooked template files are becoming much harder to find.
3. Do you use Exchange anywhere? Exchange doesn't have a directory of its own, relying heavily on AD. You'd have to replace it, and while there are lots of projects claiming to replace Exchange, few come anywhere close in the real world. Most of the projects seem to be driven by people who have heard of Exchange and had it described to them, but never actually used it much.
4. Is your network heavily subnetted? AD doesn't really care about this because it uses DNS to find services it requires (such as the domain controllers). NT-4 type domains use broadcast packets, and can be a dog to get everything working properly where a lot of subnets are involved.
5. The information stored in AD about who owns and has permissions over which files is stored as unique IDs ("SIDS"). As far as I know, there is no easy pre-cooked way to migrate these SIDs between AD and Samba. So you're going to have to be very careful at replicating this information in your shiny new LDAP-backed system otherwise who has access to which files is going to be thrown all over the place. If that means one pupil gets read-access to another pupils work, that's annoying. If that means all the students get write access to a file storing their grades, that goes out annoying and through the other side.
Basically, if you already have a strong investment in Windows servers and associated licenses, this carries very high risk, will cost an inordinate amount of time and inevitably mean substantial upheaval for your end users. And (assuming you currently have AD running fairly nicely and you do a good job), you'll come out the other side with there being little or no perceivable benefit to anyone else.
Last edited by somabc; 18th January 2009 at 05:56 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
