+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
*nix Thread, Active Directory Alternative HOW-TO?? in Technical; OK so, I'm looking into how I'd go about setting up a network with all servers to run FreeBSD or ...
  1. #1
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Active Directory Alternative HOW-TO??

    OK so, I'm looking into how I'd go about setting up a network with all servers to run FreeBSD or *nix and not have any windows servers. The clients would be a mix between *nix/*BSD and Windows XP Pro.

    I've been investigating various solutions on the interwebs as to centralised user management and what comes up quite often are the following:

    - Kerberos and OpenLDAP
    - NIS and NFS (although i've read somewhere that Sun are planning to drop NIS)
    - Fedora Directory Server.

    Does anyone have any advice on the best way to go about replacing AD with an open source solution and any how-tos etc?

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Active Directory Alternative HOW-TO??

    If you still want to use XP clients your limited to Kerberos + OpenLDAP. Windows doesn't understand anything else out of the box (you can of course splash out on extra client software for XP, but I expect that defeats the object of what you are trying to do).

    I'll direct you to the 'OpenLDAP everywhere revisted' article published by Linux Journal as a good starting point for this sort of project.

    http://www.linuxjournal.com/article/8119

    From there, I recommend you read the 'Centralized Authentication with Kerberos' series.

    http://www.linuxjournal.com/article/7336

    Then finally, read the 'Single Signon and the Corporate Directory' series.

    http://www.linuxjournal.com/article/8374

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Active Directory Alternative HOW-TO??

    Zimbra has been integrating ldap/email/samba authentication
    http://wiki.zimbra.com/index.php?tit...imbra_Admin_UI

    AFIK the only thing you don't get is GPO - but that will change with samba4

  4. #4
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: Active Directory Alternative HOW-TO??

    Zimbra, whilst very nice i'm sure, appears to have too much bloat for what i want to do. I'll have a look at those sites you suggested Geoff. I can tell that it's going to be nights sat at a terminal trying to figure this stuff out lol.

    Thanks for the help!

  5. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: Active Directory Alternative HOW-TO??

    you may also want to read up on samba, particularly ldapsam backends
    http://www.samba.org/samba/docs/man/...TO-Collection/

  6. #6
    binky's Avatar
    Join Date
    Sep 2006
    Posts
    290
    Thank Post
    1
    Thanked 19 Times in 16 Posts
    Rep Power
    0

    Re: Active Directory Alternative HOW-TO??

    you could just setup OpenLDAP and use pGINA on the clients for authentication :?:

  7. #7
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: Active Directory Alternative HOW-TO??

    I was under the impression that replacing / modifying the MS GINA violated the EULA.

  8. #8

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,406
    Thank Post
    639
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    324

    Re: Active Directory Alternative HOW-TO??

    You can use any GINA DLL (it's just a registry key to set which one, by default msgina.dll), just don't modify microsoft's

    pGINA is a custom GINA DLL that supports many authentication protocols.

  9. #9
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: Active Directory Alternative HOW-TO??

    Ahh. OK. Depending on how hard it is to setup kerberos i might take a look at that.

  10. #10

    Join Date
    Mar 2011
    Location
    Canberra
    Posts
    108
    Thank Post
    0
    Thanked 10 Times in 10 Posts
    Rep Power
    12
    Hi,

    I know this is an old post, but had to comment (being new here I am having a good look around). However, not wanting to throw a spanner into the works, but why not use Windows AD? The Windows server licenses I get are about $50 each, not free, but not breaking the bank either by a long shot.
    Whilst everything mentioned above is technically feasible, it also adds a great deal of complexity to the solution, and one where you pretty much have locked yourself into "boutique" type solution.

    Mind you, I am a big fan of Open LDAP (being formally from IBM where we took OpenLDAP code and created Tivoli Directory Services), but when there is possibly an easier solution that is readily available, I would use it...I guess it comes down to what requirements guided you to this decision both Functional and Non-Functional (I am hoping it is not anti-MS zeal that guided you here).


    Regards,
    Richard Bance

  11. #11

    Join Date
    Dec 2008
    Location
    Essex
    Posts
    2,144
    Thank Post
    1
    Thanked 326 Times in 316 Posts
    Rep Power
    77
    Hi

    I agree with Richard and ask the question, why do you want to move away from MSFT?

    Licenses are reasonable for the education sector (depending on the type of establishment, even so).

    Also, in terms of support, will be more difficult.

    If you leave the establishment then they will be in a more difficult situation to support the infrastructure, more costs involved to find the correct personnel.

    Sukh

  12. #12

    Join Date
    Jan 2012
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    have you looked at resara server? its an open source active directory/file server built on samba4, and makes setting up an AD pdc really easy.

  13. #13
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,478
    Thank Post
    515
    Thanked 287 Times in 263 Posts
    Rep Power
    81
    Samba 4 and CentOS

  14. #14


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Samba 4 is still an alpha release

  15. #15

    Join Date
    Jan 2012
    Posts
    3
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by CyberNerd View Post
    Samba 4 is still an alpha release
    i know of many organizations using samba4 now, it just depends on what features you want and need.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Active Directory Auditing??
    By ICTNUT in forum How do you do....it?
    Replies: 8
    Last Post: 28th November 2012, 02:21 AM
  2. active directory all messed up
    By alonebfg in forum Windows
    Replies: 2
    Last Post: 7th January 2008, 08:25 PM
  3. PDA and Active Directory
    By localzuk in forum Windows
    Replies: 4
    Last Post: 10th October 2007, 03:54 PM
  4. Terrastation and active directory
    By edie209 in forum Windows
    Replies: 8
    Last Post: 27th September 2007, 02:46 PM
  5. Active Directory Web Administration
    By localzuk in forum Windows
    Replies: 12
    Last Post: 13th July 2007, 02:09 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •