Active Directory Alternative HOW-TO??

[Joedetic]

OK so, I'm looking into how I'd go about setting up a network with all servers to run FreeBSD or *nix and not have any windows servers. The clients would be a mix between *nix/*BSD and Windows XP Pro.

I've been investigating various solutions on the interwebs as to centralised user management and what comes up quite often are the following:

- Kerberos and OpenLDAP
- NIS and NFS (although i've read somewhere that Sun are planning to drop NIS)
- Fedora Directory Server.

Does anyone have any advice on the best way to go about replacing AD with an open source solution and any how-tos etc?

[Geoff]

If you still want to use XP clients your limited to Kerberos + OpenLDAP. Windows doesn't understand anything else out of the box (you can of course splash out on extra client software for XP, but I expect that defeats the object of what you are trying to do).

I'll direct you to the 'OpenLDAP everywhere revisted' article published by Linux Journal as a good starting point for this sort of project.

http://www.linuxjournal.com/article/8119

From there, I recommend you read the 'Centralized Authentication with Kerberos' series.

http://www.linuxjournal.com/article/7336

Then finally, read the 'Single Signon and the Corporate Directory' series.

http://www.linuxjournal.com/article/8374

[CyberNerd]

Zimbra has been integrating ldap/email/samba authentication
http://wiki.zimbra.com/index.php?tit...imbra_Admin_UI

AFIK the only thing you don't get is GPO - but that will change with samba4

[Joedetic]

Zimbra, whilst very nice i'm sure, appears to have too much bloat for what i want to do. I'll have a look at those sites you suggested Geoff. I can tell that it's going to be nights sat at a terminal trying to figure this stuff out lol.

Thanks for the help!

[CyberNerd]

you may also want to read up on samba, particularly ldapsam backends
http://www.samba.org/samba/docs/man/...TO-Collection/

[binky]

you could just setup OpenLDAP and use pGINA on the clients for authentication :?:

[Joedetic]

I was under the impression that replacing / modifying the MS GINA violated the EULA.

[webman]

You can use any GINA DLL (it's just a registry key to set which one, by default msgina.dll), just don't modify microsoft's

pGINA is a custom GINA DLL that supports many authentication protocols.

[Joedetic]

Ahh. OK. Depending on how hard it is to setup kerberos i might take a look at that.

[rbance]

Hi,

I know this is an old post, but had to comment (being new here I am having a good look around). However, not wanting to throw a spanner into the works, but why not use Windows AD? The Windows server licenses I get are about $50 each, not free, but not breaking the bank either by a long shot.
Whilst everything mentioned above is technically feasible, it also adds a great deal of complexity to the solution, and one where you pretty much have locked yourself into "boutique" type solution.

Mind you, I am a big fan of Open LDAP (being formally from IBM where we took OpenLDAP code and created Tivoli Directory Services), but when there is possibly an easier solution that is readily available, I would use it...I guess it comes down to what requirements guided you to this decision both Functional and Non-Functional (I am hoping it is not anti-MS zeal that guided you here).


Regards,
Richard Bance

[sukh]

Hi

I agree with Richard and ask the question, why do you want to move away from MSFT?

Licenses are reasonable for the education sector (depending on the type of establishment, even so).

Also, in terms of support, will be more difficult.

If you leave the establishment then they will be in a more difficult situation to support the infrastructure, more costs involved to find the correct personnel.

Sukh

[elwarreno]

have you looked at resara server? its an open source active directory/file server built on samba4, and makes setting up an AD pdc really easy.

[cpjitservices]

Samba 4 and CentOS

[CyberNerd]

Samba 4 is still an alpha release

[elwarreno]

Samba 4 is still an alpha release

i know of many organizations using samba4 now, it just depends on what features you want and need.