Throughout the last few weeks I've somewhat raped my soul and went against most things I believe in. Why? I've done a Windows AD implementation to solve a somewhat interesting problem.
I've been working with an organization to help them create a centralized way of having authentication across the border, this include Windows, Linux and OS X servers and clients. Looking at the problem initially I gave it a try to run Samba as a PDC, unfortunately the development hasn't come as far as I hoped so I gave up that idea.
The solution I ended up choosing (which I haven't completely finished yet) is to utilize Windows AD and all that comes with it. As many know AD + Linux has never been a fun thing to deal with until recently as Microsoft decided to implement rfc2307 for Unix attributes. Doing this makes life a lot easier and I managed to put together a working solution in just a few hours, including group definitions!
For now I'm still working on having Samba authenticate with ADS so that shares can be maintained on a Linux-box rather than a Windows server (who wants to run NTFS anyway?) there's still some issues with it but I hope to have it ironed out pretty soon.
Didn't think I would say this but thank you Microsoft for opening up for us Unix-hackers!
Showing posts with label AD. Show all posts
Showing posts with label AD. Show all posts
Wednesday, September 16, 2009
Friday, March 14, 2008
Sometimes you just want to kill yourself
Yes, sometimes you want to kill yourself and take others with you in the fall.
Since I came home today I've spent a great deal of time trying to collaborate Samba, OpenLDAP and BIND to act as an Active Directory server. By history I've dealt a great deal with Active Directory servers and like the idea behind it but I've never liked the implementation.
Anyhow, as I was reading up on how AD works and how to implement it I just realized minute by minute what a horrible LDAP implementation AD is. Surely I knew this before I started off but can someone really make LDAP _this_ bad?
Anyhow, 5 hours into it I gave up, I would describe the experience as trying to touch your toes with your hands when standing up. I bet there's someone who can do it but it's simply not normal!
To move on I was going to implement IPsec (the horrible VPN protocol) on the same server, but no-no, you can't run IPsec of 1 single interface, it has to be 2. Intellegent ideas such as bridging is something completely unknown to IPsec.
So to add up:
I'm not running any windows computers so I really don't have a need of AD, just wanted to see how it could be done.
IPsec, I was planning to run this along with OpenVPN, but why bother, OpenVPN it sure as hell a much better choice all categories.
Conclusion: Proprietary and old network standards can go to hell. Long live open source and innovation!
Since I came home today I've spent a great deal of time trying to collaborate Samba, OpenLDAP and BIND to act as an Active Directory server. By history I've dealt a great deal with Active Directory servers and like the idea behind it but I've never liked the implementation.
Anyhow, as I was reading up on how AD works and how to implement it I just realized minute by minute what a horrible LDAP implementation AD is. Surely I knew this before I started off but can someone really make LDAP _this_ bad?
Anyhow, 5 hours into it I gave up, I would describe the experience as trying to touch your toes with your hands when standing up. I bet there's someone who can do it but it's simply not normal!
To move on I was going to implement IPsec (the horrible VPN protocol) on the same server, but no-no, you can't run IPsec of 1 single interface, it has to be 2. Intellegent ideas such as bridging is something completely unknown to IPsec.
So to add up:
I'm not running any windows computers so I really don't have a need of AD, just wanted to see how it could be done.
IPsec, I was planning to run this along with OpenVPN, but why bother, OpenVPN it sure as hell a much better choice all categories.
Conclusion: Proprietary and old network standards can go to hell. Long live open source and innovation!
Subscribe to:
Posts (Atom)
