+ Post New Thread
Results 1 to 6 of 6
Licensing Questions Thread, Licensing issue for AD Authentication in Technical; Hi, Running Alfresco with AD authentication. Our machines have device CALS as we have more users than machines. Whenever a ...
  1. #1

    Join Date
    May 2007
    Location
    Barnsley
    Posts
    121
    Thank Post
    5
    Thanked 2 Times in 2 Posts
    Rep Power
    15

    Licensing issue for AD Authentication

    Hi,

    Running Alfresco with AD authentication. Our machines have device CALS as we have more users than machines. Whenever a user logs into the system from outside as they are logging on using a device that is not covered by our CALS then i've been inofmred by our licensing people the they will need a device CAL. We can't really justifiy converting our licenses into user CALS. Just thought i'd put the question out there for opinions.

    Simply puy users login to a website (Alfresco) and login which is authenticated against AD and from there on all there deadlings are with Alfresco and its own internal MySQL database. For this each user who accesses this not using out equipment it needs a license.

    Now my other option would be to put something like Open LDAP infront of AD as a kind of chaining mechanism so when a user logs in the request goes to Open LDAP to cache the request and the response so after the first login the users will use the Open LDAP data rather than AD data and the licensing issue would be between our Centos Linux server and AD talking to each other meaning one license required? Got a really good project but the cost of licensing could put the dampeners on things.

  2. #2

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,859
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    182
    You either need appropriate CALs or a Windows Server External Connector license. Putting an extra LDAP server in between the two systems gives you the same problems.

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    The external connector license is the easiest way - but I disagree that syncronising an LDAP server would need CALS. it would be like MS requiring cals for a samba share that is syncronised off a windows share - in both cases it shouldn't need extra CALS.

  4. #4

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,613
    Thank Post
    1,229
    Thanked 772 Times in 670 Posts
    Rep Power
    234
    Quote Originally Posted by bensewell View Post
    Now my other option would be to put something like Open LDAP infront of AD as a kind of chaining mechanism so when a user logs in the request goes to Open LDAP to cache the request and the response so after the first login the users will use the Open LDAP data rather than AD data and the licensing issue would be between our Centos Linux server and AD talking to each other meaning one license required?
    I'm with powdarrmonkey on this one - I'd understood that in this kind of scenario you'd need an external connector license. I think that was somewhere under 3,000 as was pretty much a one-off charge that covered the whole school, so probably not too bad really. For the method you describe above, what happens if the user changes their password via AD - shurely the "cached" password kept by OpenLDAP needs to be kept up-to-date?

  5. #5

    Join Date
    May 2007
    Location
    Barnsley
    Posts
    121
    Thank Post
    5
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    I had the official reply from MS about this so thought i'd share with you.

    If a linux server talks to AD for authentication then it requires a device cal.

    For users who are covered by a device cal in the organisation but access the webserver from a non-organisation device they need a Remote Desktop Services license.

    Users who access the system internally are covered by their device licenses.

    So a bit clearer but licensing still a bit of a bombsite and looking expenive unless i can get group caching for the Alfresco users.

  6. #6

    Join Date
    Oct 2008
    Posts
    213
    Thank Post
    2
    Thanked 11 Times in 11 Posts
    Rep Power
    21
    Incidentally, could you somehow get ISA to perform the authentication/export/lookup? ISA (and and option for SQL) has per processor model therefore would negate the need for CAL monitoring.

    Most schools qualify and get the "free grant" in that respect anyway (http://www.microsoft.com/uk/educatio...r-schools.aspx)
    Last edited by KK20; 9th May 2011 at 12:59 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. Smooth-Guardian Licensing issue
    By parasol in forum Internet Related/Filtering/Firewall
    Replies: 23
    Last Post: 7th September 2011, 01:54 PM
  2. ie8 - LDAP Authentication issue
    By jmair in forum Internet Related/Filtering/Firewall
    Replies: 0
    Last Post: 5th January 2011, 07:52 PM
  3. AD Trust One Way - RPC failure, authentication issue
    By fox1977 in forum Windows Server 2000/2003
    Replies: 1
    Last Post: 27th October 2010, 09:40 AM
  4. Licensing Issue...
    By dwhyte85 in forum Windows
    Replies: 3
    Last Post: 15th April 2009, 09:33 PM
  5. Licensing Issue
    By dezt in forum Wireless Networks
    Replies: 22
    Last Post: 30th January 2007, 10:23 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •