none
关于nis for AD的配置最佳实践 RRS feed

  • 问题

  • Dear all

    由于公司需要上一套linux系统,需要是目前AD结合进行用户认证,查资料发现SFU可以进行交叉验证,于是实验之

    目前发现,很多方案都是local administration 验证,不符合要求

    MS AD(NIS MASTER)--RHEL(SLAVE NIS)--UBUNTU(NIS CLIENT)

    求最佳实践。

    2013年5月8日 9:44

全部回复

  • Dear all

    i found some article for uinx integration AD with LINUX

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/1b50d777-daf0-4163-be94-c4cd8153aea1

     

    While searching I got this information regarding UNIX integration. Is it right?

    SOLUTION

    PROS

    CONS

    Microsoft’s Server for NIS, Identity Management for UNIX and Kerberos for Directory and Authentication Services

    Uses standard components that ship with Windows and Linux

    Easy to setup on Linux, requires configuration on Windows Server

    Uses standards-based technology for all components (NIS, Kerberos)

     Centralized UID, GUI mapping

    Uses NIS for directory services rather than LDAP

    Does not allow for joining the Active Directory domain. Only provides centralized directory and authentication services.

    Self-supported solution

    Samba client technology and Kerberos for Active Directory-based identity management

    Requires no special configuration on the Windows Server side

     Easy to setup on the Linux side

    Mature technology that is widely used

    Allows Linux system to join Active Directory domain

    Stores some user information on each Linux system instead of centrally, requiring manual synchronization in some cases

    Proprietary solution (Samba) vs. standards-based solution (LDAP)

    Self-supported solution

    Native LDAP, native Kerberos and Windows Server Active Directory services and schema for cross-platform identity management

    Uses LDAP instead of NIS for directory services

    Standards-based solution (LDAP, Kerberos)

     Detailed setup instructions in Microsoft Solution Accelerator

     More complex to setup

    Does not allow for joining the Active Directory domain

    Self-supported solution

    Commercial solutions such as Centrify’s DirectControl or Quest’s Vintela Authentication Services

     Very easy to set up

    Provides virtually all AD client services to Linux and UNIX

    Allows Linux system to join Active Directory domain

    Fully supported commercial solution

    Proprietary software installed on both server and client

    Requires per system license to be purchased

    we are also use likewise,but when system crash or reboot by halt power, likewise will failed and need reinstall which will cost many times.

    so we want to use windows AD server for nis integrate with NIS server . how can we do?

    best regards

    2013年5月10日 9:21
  • Server for NIS was dropped since Windows server 2012 R2, what's your next best solution?
    2015年1月21日 18:16