[Novalug] Linux and Windows AD
Matt Bidwell
mbidwell@gmail.com
Wed Sep 25 00:03:11 EDT 2013
Late answer/Last answer?
We had this forced on us. On the one hand, it's nice not to have to
maintain our own ldap structure, on the other hand, the people who set
up AD didn't know unix at all. They did have the unix services for AD
plugin, but the UID/GID numbers are all way to high to work with things
like file system quotas.... So I am constantly having to go in and
reassign unix uid/gid's to sane numbers. We didn't convert any of our
old Linux servers, but all new servers are using auth from AD. We are
standardarized on RHEL/Centos, and use SSSD. The SSSD does some stuff
better than older LDAP, like letting you put in a round robin dns entry
and not going into conniptions if the IP changes. However, the first few
versions on RHEL and CENTOS 6 were rough. The newer ones seem better.
For me it was a case of editing /etc/krb5.conf, /etc/sssd/sssd.conf and
a few of the other usual files you would edit of LDAP and we were up and
running.
For what it's worth, our brand new Solaris storage system still seems
hacky in terms of getting things working, although to be honest, I'm not
the admin on that system.
Matt
On 09/23/2013 10:49 AM, Nick Danger wrote:
> The new plan for the IT Infrastructure is to use Windows AD as the be
> all end all data/authentication/organization of things. Which means I
> need to integrate the Linux infrastructure into using Windows. I have a
> bunch of them doing AD authentication for logging in but I am sure this
> was a not so great hacky way. There are lots of sites about how to get
> auth working, and other various bits working, but the methods are all
> over the place using various combinations of software. Its hard to get
> an idea of "best practice" from that.
>
> Anyone have books/sites/classes to recommend? I noticed there was an
> official RedHat class but it looks like mostly "How to do with LDAP"
> then a little but on windows ad. I could be wrong there, Im just going
> by the quick description.
>
> Any suggestions are welcome :-)
>
> Nick
More information about the Novalug
mailing list