"Christopher Barry" christopher.barry@qlogic.com writes:
Hi everyone,
[..]
The Parts Bin: There's a bunch of parts around, and they all kind of fit together, but to my current understanding anyway, seem to create a few different incomplete solutions, such as:
- Samba/Winbind/Kerberos (possibly backed by OpenLDAP)
No, this is not possible, ask on a samba list for reasons.
- OpenLDAP/Kerberos with trusts to AD
yes, this can be done,
- AD using 2003R2 and possibly custom schema modifications if required.
this could be done
My question really is what are others doing to solve this type of problem? Architecturally, what is the best approach given the above desired outcome?
If you administer a homogenous windows network, keep AD as primary domain controller (just KDC) and configure samba as backup controller. If you administer a heterogenous network, get, in addition to the above mentioned design, OpenLDAP plus heimdal kerberos to administer Unix hosts and users and create a trust relation to AD.
-Dieter