[Novalug] Linux and Windows AD

Matt Bidwell mbidwell@gmail.com
Wed Sep 25 00:03:11 EDT 2013


Late answer/Last answer?
We had this forced on us. On the one hand, it's nice not to have to 
maintain our own ldap structure, on the other hand, the people who set 
up AD didn't know unix at all. They did have the unix services for AD 
plugin, but the UID/GID numbers are all way to high to work with things 
like file system quotas.... So I am constantly having to go in and 
reassign unix uid/gid's to sane numbers. We didn't convert any of our 
old Linux servers, but all new servers are using auth from AD. We are 
standardarized on RHEL/Centos, and use SSSD. The SSSD does some stuff 
better than older LDAP, like letting you put in a round robin dns entry 
and not going into conniptions if the IP changes. However, the first few 
versions on RHEL and CENTOS 6 were rough. The newer ones seem better. 
For me it was a case of editing /etc/krb5.conf, /etc/sssd/sssd.conf and 
a few of the other usual files you would edit of LDAP and we were up and 
running.
For what it's worth, our brand new Solaris storage system still seems 
hacky in terms of getting things working, although to be honest, I'm not 
the admin on that system.
Matt
On 09/23/2013 10:49 AM, Nick Danger wrote:
> The new plan for the IT Infrastructure is to use Windows AD as the be
> all end all data/authentication/organization of things. Which means I
> need to integrate the Linux infrastructure into using Windows. I have a
> bunch of them doing AD authentication for logging in but I am sure this
> was a not so great hacky way. There are lots of sites about how to get
> auth working, and other various bits working, but the methods are all
> over the place using various combinations of software. Its hard to get
> an idea of "best practice" from that.
>
> Anyone have books/sites/classes to recommend? I noticed there was an
> official RedHat class but it looks like mostly "How to do with LDAP"
> then a little but on windows ad. I could be wrong there, Im just going
> by the quick description.
>
> Any suggestions are welcome :-)
>
> Nick





More information about the Novalug mailing list