Debian Administration

I voted for "other" since SSHFS wasn't listed.

Hi altogether,

if you selected "other", please explain what it is.

It's sad but true, MS Active Directory seems to be the easiest, most secure solution to handle a small to medium size(20-30) bunch of users and their machines(?)
It brings all the needed technologies under one cup.

LDAP + Kerberos is more complicated to setup separately.
I installed the combination under OpenSuse using mix of the Yast Interface and the steps in the manual and it was very error prone and the whole procedure looks premature.
Made also installations under debian with only a few machines. Took also a while.
Routine operations are not supported in a user friendly way (Mean things like adding or removing users and resources etc).
I tried webmin as frontend. But that's
no permanent solution either.

Is there a secure, comfortable, robust, enterprise approved open source all in one package for the tasks of user and resource management and all associated stuff?
I mean including installation and configuration of kerberos and ldap for example.

Okay, a step by step manual that 100% works would be enough.
For a secure(TLS/SSL) LDAP Setup alone it's taking quite a lot of time to find one.
(Think of generating Certs using openssl, what a turd, there are 10^32 different descriptions and none really works out of the box)

I tried:

- passwd/shadow, distributed with rdist > doesn't scale + unsecure³> NO SOLUTION
- NIS, easy to setup, sometimes strange unpredictable behaviour when used in a master / slave configuration. Beside that, insecure -> NO SOLUTION
- LDAP alone: a bit more difficult to setup. Without encryption also unsecure.
--> NO SOLUTION
- LDAP + Kerberos: difficult² to setup. insufficient comfortable support for all days tasks.
--> BARELY SOLUTION

So our windows AD admins laughing at me.
they have a nice interface, easy to setup(a drunken ape could operate on it) and the whole thing is more secure than a hand weaved solution.
the dictum i heard most often last time was:
"open source is only for free if your time is worth nothing"
And in a way I recognize what they mean.

Any example to prove the opposite?

desperate,

Josh

I voted LDAP but our primary DS is Open Directory on OS X Leopard Server (which seems to just be a rebranded openldap, using objectclass schemas that aren't even compatible with its own Mac applications :) ). Most of the Linux servers (Zimbra, other stuff like Request Tracker, GLPI) hook into it via LDAP for authentication.

CowbolNeal Directory!

SAN Storage (NFS/CIFS) on our NetApp FAS platform.

I work with eDirectory at work, though not by choice. Still, given the options I might have chosen it, objections to Novell notwithstanding. Our biggest problem is that the LDAP structure created by Novell's tools have changed so much in the years since the whole thing was first set up, you can never quite count on any object having the property you need or not having a duplicate. For instance, half the user accounts don't have a UniqueID because they were created with old tools (NWadmin), and several of them have duplicate UniqueIDs (so much for the "unique" part).

I'm sure if it were re-done from scratch with current tools, it'd be much more manageable. As for AD, I've worked with it just enough to know that it very quickly gets out of hand, especially if you start monkeying with policies.

i use active directory for accounts and samba for phisical directory.

Does anyone know of good documentation for setting up LDAP + Kerberos?
Or if any of the people who voted "LDAP + Kerberos" have the time, I'm sure an article about it would make a good addition to the site.