LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-12-2011, 04:00 PM   #1
Rike255
LQ Newbie
 
Registered: Apr 2011
Distribution: Red Hat
Posts: 17

Rep: Reputation: 0
Is RHDS a good alternative to AD in Linux world?


A couple years ago I tried to enable LDAP/Kerberos sign-on from Active Directory 2003. Ran into a whole bunch of issues (mostly related to our Red Hat ES3 servers).

I'm going to start looking into this again. We still have our old Red Hat ES3 servers (along with AS4 and 5.5).

So my options are basically this:
- Try again to integrate with Active Directory
- Setup an RHDS server (completely separate from AD)
- Setup an RHDS server and sync with AD

I'm looking for a simple method that is reliable. Integrating with AD left a bad taste because of all the weird issues we ran into but I was trying to integrate using LDAP and Kerberos (and as I understand it we can authenticate using LDAP only) . I need to be able to restrict access to groups of users and groups of servers which I know is possible in RHDS.

I've read a few documents from Red Hat about RHDS and it sounds like a good product, but there aren't many impressions from actual users on the internet.

Thanks!
 
Old 04-12-2011, 04:08 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
rhds is pretty ropey, it's a very old product that's been sold onwards to various different companies over the years and each one has patched it up and moved it on. I mean it works OK, and is enterprise grade, but it breaks and is very tricky to fix again. Or at least, or extensive multi-layered deployments of it are. You can use replication plugins - passsync I think it's called - which run as a serivce on your AD servers (or actually any windows domain member) which will replicate data into DS to allow full integration of relevant data between the two directories, and separate data for unrelated parts, e.g. uids. UID generation was not possible on the 8.0 systems we were using, so that required an additional external script for uid generation, which kinda undermines the product in various conceptual ways.

IF you already have AD working, then you will probably get better results using samba to join the domain rather than a separate / partially integrated DS system, but if it's a blank canvas, I'd say DS is fine, although note that 389DS is the "open" fork of the project and worth looking at too. openldap is also generally "fine" and a lot easier to deal with and more forgiving.
 
1 members found this post helpful.
Old 04-12-2011, 04:20 PM   #3
Rike255
LQ Newbie
 
Registered: Apr 2011
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
Very interesting information, thanks.
AD is currently running (used to authenticate to the windows environment), but I don't really know what Samba is. I'll take a look at 389 DS too.
 
Old 04-12-2011, 04:35 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
You're a unix admin and don't know what samba is?? blimey.

so join domains with samba and (i think) use a simple ldap install like openldap to store uid maps for samba. job done.
 
Old 04-12-2011, 05:29 PM   #5
Rike255
LQ Newbie
 
Registered: Apr 2011
Distribution: Red Hat
Posts: 17

Original Poster
Rep: Reputation: 0
I'm what you'd call a "new" unix admin.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: digiKam 1.0.0 - good Photoshop alternative for Linux LXer Syndicated Linux News 0 12-23-2009 09:10 PM
Is there a good Linux alternative to Windows Mobile? krdan4th Linux - Mobile 3 02-17-2009 02:16 AM
Whats good Linux World mike_44 LinuxQuestions.org Member Intro 1 08-02-2008 07:15 AM
Good day, Linux world! yellowyard LinuxQuestions.org Member Intro 6 10-06-2007 05:34 AM
what's a good alternative to iTunes for Linux? rastavideo Ubuntu 4 08-06-2006 09:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:14 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration