I have always found it hard to understand why Canonical just don't include LDAP/AD authentication as an option out of the box like RedHat do.
I should be able to install an Ubuntu desktop and during setup, it should ask me whether or not I want to authenticate against a central authentication source like Active Directory. Centralised authentication really shouldn't require add-on software. Cheers, Chris On Wed, Dec 5, 2012 at 11:28 AM, Risberg, Ove <ove.risb...@tieto.com> wrote: > Hi Florian, > > Yes this is a bit confusing. > > You have a number of commercial alternatives for AD integration: > VAS/QAS/DAS? - http://www.quest.com/authentication-services/ > PBIS/Likewise Enterprise - http://www.beyondtrust.com/ > > These companies should be able to give you commercial support but I have > not used them myself. > > There are also a number of free alternatives: > Samba/winbind - http://www.samba.org/ > PBIS/Likewise Open - http://www.powerbrokeropen.org/ > sssd - https://fedorahosted.org/sssd/ > > I have used winbind a few years ago and it worked fine most of the time > but was a bit slow and the cached credentials was sometimes invalid... this > might have changed by now. > > We tested Likewise Open but they autogenerated/calculated the Unix UID > from some information in the AD so you can not set this yourself. This made > it impossible for us to use it. > > Today we use sssd on our Ubuntu clients and it works almost perfectly. > The only problem we have it that the package is not in the main Ubuntu > repository so it is not officially supported by Canonical (?). > > Most of these tools give you a Kerberos ticket so you should be able to > use this to login to your internal web pages... if the servers and your > browser is configured correctly. > > We have a database where we allocate unique Unix UIDs for all users. > If you do not have filesystems where users have alredy stored files with a > specific UID it may be easier to configure your AD integration software to > calculate the UID from the AD information (just like Likewise open does). > The UID will still be unique but the UID number will probably be quite > large (above 65535) and this can cause problems on older Unix machines. > > The license terms for the commercial alternatives have changed during the > last 2 years and also the owner of the Likewise product have changed. > What if they stop releasing new versions or updates? > It is not the first time a commercial company lost interrest in their > Linux version and they only focus on the the products where they make most > money. > > I hope this answered some of your questions. > > Best regards > Ove > > > > On Tue, Dec 4, 2012 at 4:05 PM, Florian Bieber <florian.bie...@conti.de>wrote: > >> >> Hello, >> >> I am a little bit puzzled. The are solutions for ad integration of linux >> clients available, but it is hard for me to find out, what to use when. >> >> For what reason / use-cases the use of win-bind and the kerberos libs >> (e.g. >> described for openSUSE here >> >> http://doc.opensuse.org/documentation/html/openSUSE/opensuse-security/cha.security.ad.html >> )are enough and when/why e.g. PowerBrokerOpen/Likewise-open ( >> http://www.powerbrokeropen.org/ ) should better be used? >> >> Likewise-open has a package in ubuntu and powerbroker has or will have >> one, >> so one advantage I see is that you receive updates for the packages, if >> maintained. >> >> But with which solution problems like >> offline ad login >> single sign on to browser/share ressources >> a pass-through-authentication >> mapping of SID (so that you have on UID/GID on all Systems >> (local, on >> a Share, on a Windows-System etc.) >> get access rights to files (e.g can I create a file on a NFS >> share so >> that another user sees my username instead of SID in the access field?) >> how is the unix user ID generated >> is solved on the most sustainable way? What should you use when? >> >> What are the pros and cons for likewise/powerbroker or other solutions? >> What else is it good for? >> >> Sorry for so many question, but what are your experiences? what would you >> suggest for which case? >> >> Thanks for help in advance! >> >> regards, >> Florian >> >> >> -- >> Mailing list: https://launchpad.net/~enterprise-ubuntu >> Post to : enterprise-ubuntu@lists.launchpad.net >> Unsubscribe : https://launchpad.net/~enterprise-ubuntu >> More help : https://help.launchpad.net/ListHelp >> > > > -- > Mailing list: https://launchpad.net/~enterprise-ubuntu > Post to : enterprise-ubuntu@lists.launchpad.net > Unsubscribe : https://launchpad.net/~enterprise-ubuntu > More help : https://help.launchpad.net/ListHelp > >
-- Mailing list: https://launchpad.net/~enterprise-ubuntu Post to : enterprise-ubuntu@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-ubuntu More help : https://help.launchpad.net/ListHelp
