Answer the question
In order to leave comments, you need to log in
Linux domain perhaps?
Good day!
Available: domain on windows (ad, dns, dhcp, file server, exchange, etc.): servers + workstations.
Problem: transfer of ALL infrastructure to domestic software.
Question: which platform to choose?
Deciphering the question: the problem is not in using linux as an OS. The problem is in using a system that allows you to create the same infrastructure or as similar as possible to Windows, namely:
- a single point of authentication (analogous to active directory);
- distributing configurations to domain machines: admin groups, connecting remote resources, browser settings, distributing symlinks to resources, distributing program configurations, etc. (similar to group policies);
- the use of SSO when accessing various resources: web resources, remote resources, i.e. the user should not enter his login and password 100-500 times.
It is desirable that it be from one vendor and in one bottle. The price does not matter (they paid for Windows).
I ask the GREAT GURUS to share their experience, if any, or kick in the right direction. Time is limited, so I'm very afraid of making the wrong choice, otherwise I'll have to live with this choice and implement this choice.
PS: I'm looking towards alt, astra and rosa, if anyone has experience in using these systems, unsubscribe.
Answer the question
In order to leave comments, you need to log in
samba the last is able to emulate AD in some form. We tried it at home, ran into a bummer with UPN suffixes, but in principle you can live without them. Group policies are also able, but replication must be configured. SSO is not directly related to the authentication method. In one bottle - will not work.
Have you considered the option of moving AD to a virtual machine? Samba 4 will allow you to do authorization, the main and most commonly used gpo, but the convenience in samba is not that much.
If you want everything on Linux, consider freeipa.
Well, or a paid analogue from RedHat.
True, I’ll say right away that if you still use debian-based distributions, then problems with kerberos in nfs and samba will begin. Everything works fine on centos, it also integrates with AD.
But if you partially leave Windows, then samba is better at once.
Covering 100% with the same convenience will not work, but there are options:
1) Classics of the genre - samba. It hurts, it's difficult, it will take a long time, but it will be almost AD.
2) FreeIPA
3) UCS linux
4) Because , I understand that everything will be completely unixway, then why not go exactly their way? Let's say nis + nfs is very simple and, let's say, will give balls and user management in a native way. Further postfix which is also fastened to nis, etc. It will turn out not very hemorrhoids, but the most necessary functionality, and even in the native environment. In windows, by the way, there is support for nis and nfs, but at what level and how convenient I never checked =)
By the way, for quick tests, you can try openSuse, it has very convenient guis for setting up all the outrages and it will be quite familiar when switching from windows, incl. and servers.
If "domestic software" is a cornerstone and unchanging requirement (and most likely it is - I have seen this topic for the third time since the beginning of the year) - you need to start by making a list of what is allowed to use. And then choose from what is.
From pure theory:
- Samba DC + Samba client. It seems like it was promised that almost "windows without vidnovs". The devil, as always, is in the details, but it would be possible to test
- IPA. This thing is used in the redhat domain, there is freeipa
- Exchange is nowhere to be found here - the UNIX principle, as KISS knows, so as a replacement for the ekscha, you will have to screw something similar - Zimbra, Zafara, OpenXchange - but I don’t know how much this is consistent with "domestic software". Although, if necessary, you can stupidly take raw materials and make a fork :)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question