Multiple RHEL 5 Servers running Bind

folkrm · 01-13-2010, 01:21 PM

All;
I am a realitive newcommer to Linux Networking, and I hope I am posting in the proper forum here.

I have 6 RHEL 5 Servers, 1 5.2 32-bit Master Login Server, which services the other 5 RHEL 5.3 64-bit App Servers, for Login and Authentication. I am wanting to intigrate these with my Windows AD. I use Windows Server 2003 R2 Standard.

Background:
I currently have the RHEL servers setup to have the 32-bit (5.2) server as the NIS Master, serving NIS out to the remaining 64-bit(5.3) servers.

I also have a Windows Server 2003 R2 Domain Controller serviceing my Windows AD. I would like to be able to inigrate them to be able to use Password Sync and Single Sign-on. I am not real worried about having Kerberos or LDAP running, because the systems are NOT physically connected to any external source. (The network is completely self-contained) I am just wanting to be able to use Password-Sync and DNS between the different networks.

My questions are as follows:

1) Would it be better/easier to make the Windows Server the NIS Master or the RHEL 5.2 Server?
2) If I make the Windows Server the NIS Master, how would that effect the remaing servers who get their NIS info from the Redhat Master?
3) If I keep the RHEL Master as NIS Master, how would I intigrate that with AD and have both shared Passwords and DNS?

Thanks in advance.

acid_kewpie · 01-13-2010, 04:02 PM

Unrelated to networking, moved to Linux - Server.

1) What Windows NIS server would that be?? NIS on windows? No thanks.
2) ... 3) ...

Get rid of NIS, that's the way to go. Whether you have security motivations or not, you're kidding yourself if you think persisting with NIS is a good thing.

You can NOT do single sign on with archaic systems like NIS. Single Sign On = Kerberos. That's becuase Kerberos issues a ticket guarenteeing your identity and that ticket can basically be securely used to log you in to subsequent servers, forwarding the ticket as you go. There is no concept anything like this with NIS, which just individually provides passwords for local verification from a central server. Additionally SSO between Windows and Linux doesn't generally happen at all.

Knowing as little as I do about your envionment IF you want the same accounts to work on AD and Linux, go and install the MS Services For Unix AD schema extensions and that will provide a semi-posix compliant LDAP server for your Linux boxes to authenticate. No need to sync anything if this is only for 6 servers.