[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Samba setup w/ ldap vs NIS/NT domain



Tom,

We are looking to deploy directory services to the schools in our service
unit area.  We have sun servers supporting our teacher's e-mail accounts
and doing things such as dns, mail virus scanning etc... We are using
linux boxes in our schools for filtering and firewall purposes.  Several
of our schools have NT servers and we have looked at taking the NT
information and snychronizing the account information with the Solaris
server via an LDAP server.  I have not seen anything out there for
openldap that will do what you suggest. I would be very interested if you
find something.

I do know that the iplanet directory server has an addon for NT
Synchronization services that will allow the sams database and/or the NT
user database to snyc up with an iplanet ldap server. There are two
software packages, one gets installed on the iplanet ldap server and the
other is installed on the NT server.  From what I have read commmunications
takes place between servers in clear text; ahh--more work to make it
secure.   I took this info from "Solaris and LDAP Naming Services" by Tom
Bialaski and Michael Haines.

I guess one of the things I am getting out of this book and a couple of
others is that LDAP or directory services adhere to standards in may ways,
but their access control instructions can be vendor  specific and
thus different.  This is a big "Oh Shucks!" because it only makes sense
for budget straped schools to have operational transparency all across the
board with differences saved for the front-end.  There are glue products
out there that make them behave as one, but I suspect they require a
chunk of time and monies.

That being said, there is no doubt the industry will head the directory
server route.  I suspect that everything from library automation
systems to school management systems will be directory service
enabled.  More vendors seem to be going this route!  Wouldn't it be
nice if your school just purchased a library automation system and
you only had to ldap point to your users instead of typing in another set
of accounts.

Our service unit will be doing everything ldap or directory server
authentication/authorization next year.  Being faced with a situation
similar to yours, but without a timeline yet, we will probably take
advantage of the commercial iplanet directory server software and use
links in openldap to the things we need.  Having one stop shopping
autorization/authentication and large scale management of computer
resources is only possible with directory services.


On another note, I have heard that Novell's NDS and OpenLdap work real
well together.

Mike Danahy
NOC Director Educational Service Unit #2
Fremont, NE


On Sun, 14 Apr 2002, Tom Possin wrote:

> Hi,
> I have been reading the thread about using ldap and have seen this talked
> about before and I'm curious.
>
> My situation is basically an NT shop that is slowly being overwhelmed with
> RedHat linux primarily in the form of LTSP (k12) servers (20% K12 terminals
> as we speak). Currently my strategy is using NIS with my K12 servers (and
> other one RH boxes)and using one of the old domain controllers for domain
> authentication on a shared /home server running samba this allows both NT
> and linux users to all have the same home dir no matter what kind of machine
> they are using. All good. But...
>
> It is confusing to administrate this overlapping Unix/NIS/NT domain
> structure. I am finding it difficult to explain this system to new wannabe
> admins I am trying to train.
>
> The future is a move to make this complex about 90% pure linux this summer
> with only a few machines running legacy Access apps holding out. Here is my
> question. (sorry for the big build-up)
>
> Is there a simpler way to manage this situation with LDAP? If so.. does
> anybody have roll-out notes or something that would take me from step 1
> since I have 0 experience with LDAP. I have looked at some of the howto's
> and so forth but they are not contextualized for (k12) type setups and
> don't really address some of the issues. Plus most of them are nightmarish
> if you do not already know a fair amount about using LDAP. If it is not
> easier to administrate and more importantly for me train new administrators
> then just say so and I will work on this from another angle and not waste my
> time.
>
> I am really looking for the advice of people that have done this so I can
> get advice based on real word experience because I can not afford to try
> anything experimental in this environment at this time. Any disruption would
> be catastrophic from a PR standpoint and everyone is already a little edgy
> about how difficult this transition is going to be. (taking away Word is
> like taking the last cigarette from a chain smoker sometimes)
>
> Thanks to all,
>
> Tom Possin
>
> P.S. if there are other strategies out there that work in this kind of
> environment I am all ears to that as well.
>
>
>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://listman.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]