Hi Christopjer,
"Christopher Barry" christopher.barry@qlogic.com writes:
"Christopher Barry" christopher.barry@qlogic.com writes:
[...]
My question really is what are others doing to solve this type of problem? Architecturally, what is the best approach given the above desired outcome?
If you administer a homogenous windows network, keep AD as primary domain controller (just KDC) and configure samba as backup controller. If you administer a heterogenous network, get, in addition to the above mentioned design, OpenLDAP plus heimdal kerberos to administer Unix hosts and users and create a trust relation to AD.
[...]
Thanks Dieter.
Why heimdal as opposed to MIT? Is is better at AD interop, or are you thinking about crypto restrictions?
The reason for heimdal achtually is that credentials can be stored in OpenLDAP, an other argument is better threading beaviour.
Also, would you recommend keeping all user/group data in AD proper, but all other NIS related stuff in OpenLDAP?
This really depends on the whole design, I wouldn't give any recommendation here.
-Dieter