Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 14
Hi there all, the idea here is to migrate a NT5 Domain to a pure Linux environment. The user has Replicataion set up on his Active Directory. Without going into ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! adamdaughterson's Avatar
    Join Date
    Mar 2003
    Location
    Denver, Colorado, USA
    Posts
    78

    NIS as pseudo-Active Directory?


    Hi there all,
    the idea here is to migrate a NT5 Domain to a pure Linux environment. The user has Replicataion set up on his Active Directory. Without going into huge amounts of detail (which I really wouldn't feel comfortable doing as I am not all that familiar with the inner workings of AD), would it be possible to use NIS under the same sort of capacity as AD? Can user Accounts/Profiles/Rights be migrated?
    Thanks,
    Adam

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I don't know at all how AD works, since I haven't been doing Windows administration since NT4, and hardly even then. Could you explain what it does, really?

  3. #3
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    I dont think that is possible to migrate all user specifications from the Ad-domain.

    Since AD keep in track of every single file,directory and what permissions the current user should have anywhere. NIS dont as far as i know have that functionality. Its mostly used to distribute password-files to make it possible for sinlge signon solutions for Unix and Linux.

    What are you planning to use instead for the Active directory as a Domaincontroller?? and userdatabase??

    Regards
    Regards

    Andutt

  4. #4
    Just Joined! adamdaughterson's Avatar
    Join Date
    Mar 2003
    Location
    Denver, Colorado, USA
    Posts
    78

    Hmm...

    I guess that is the general idea. What can I use to migrate info on file/dir permissions, group membership, etc...
    These things seem intuitive enough when looked at broadly, and UX of all varieties have seemed to be mostly intuitive.
    I was under the impression (as we removed all passwords except necessary system accounts from /etc/passwd) that NIS is a distributed authentication system. NFS would be the filesystem counterpart. Correct me if I am wrong, but wouldn't that mean that if you can make a diskless node stream content/binaries from a cluster (if you will) using NIS/NFS that you could then use them as a sort of answer to AD?
    All comments are appreciated...
    Adam

  5. #5
    Just Joined! adamdaughterson's Avatar
    Join Date
    Mar 2003
    Location
    Denver, Colorado, USA
    Posts
    78

    Aha!

    OK, after further review, Samba can act as a NT4 DC/PDC. That is a step in the right direction. I guess since MS is kinda picky about how much info the rest of the world can have about MS Networking, the developers working on the Samba trip are having to reverse-engineer all of the AD functionality. Evidently (to answer andutt), one can use Samba as some sort of DC, and a combination of LDAP and MySQL to keep track of the accounts/password hash's.
    Sorry to have bothered all of you without first looking deeper into it.
    Adam

  6. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    To clarify some things for you, NIS isn't really a distributed authentication system. You know, NIS stands for Network Information Service, and that is really its task; it distributes the system information databases, like /etc/hosts, /etc/services, /etc/group, and also /etc/passwd. Since the password digests are typically stored in either /etc/passwd or /etc/shadow (in which case NIS merges them into the passwd map), they can also be distruted, and thus NIS can be used as a distributed authentication system. However, that is just a consequence of its functionality, and if you have a production environment, you should really consider turning the password digest distribution off, use NIS only for sharing the information databases and instead use something like Kerberos to do the actual authentication.
    Even if you use Kerberos authentication, you'll still need NIS, though. Many programs depend on having, for example, user name to UID mappings distributed, and that is the sort of things that NIS is really meant to distribute.

    However, I'm a bit confused about what you're saying about AD. How do you mean the AD holds the permission settings for every file in the system? It seems as if that would accumulate to a huge database if every system on the network stores file permissions in AD. And also, why would you really want to have file permissions stored in a distributed database? Isn't the file permissions supposed to be saved along with the file itself (ie. in the inode info in UNIX; don't know the counterpart on Windows)?

  7. #7
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    The thing about AD and microsoft in genereally is to ake things as easy as possible. AD:t keep in track of permissions of the domain therefore its easy to give specific users or group of users permissions to specific structures or whole systems. Its s big Ldap-catalog and a outbuild on the X500-catalog. But of cource easy makes it a little bit dangerous also.

    Regards
    Regards

    Andutt

  8. #8
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Well, I don't know, but to me that sounds like a big, incredibly ugly hack. Maybe that's just me, though...

  9. #9
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    Probably is...but no one will no for sure because as all knows we can´t view any source....its MICROSOFT!!

    Regards
    Regards

    Andutt

  10. #10
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Does AD have hierarchical authority delegation and such things? Or is it just a collection of linear databases?

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •