[389-users] ADS <==> FedoraDS <==> Linux/Unix Clients?
Ajeet S Raina
ajeetraina at gmail.com
Mon Jan 4 11:40:59 UTC 2010
Hello Kenneho,
Thanks for the quick response. I appreciate your helpful words on these
queries.
I would be thankful if yu can provide me with the tutorials or documents or
links which you followed for the same setup.
May I know what should be approach for syncing ADS to Fedora DS?
Any step by step approach for the sa
On Mon, Jan 4, 2010 at 2:37 PM, Kenneth Holter <kenneho.ndu at gmail.com>wrote:
> Hi.
>
>
> We're currently working on a similar setup.
>
> Regarding your first question: Using the Windows Sync plugin on the FDS you
> sync specific users from AD over to FDS. Just move your sysadmin users to an
> LDAP organization unit (OU), and sync that over to FDS. Next, you'll need to
> add posix attributes (user ID, group ID, home directory, etc) to these users
> on the FDS side. You can create simple scripts for doing this. In our setup,
> we're going to use groups defined on the AD side as basis for NIS netgroups
> on linux, so that we can control access to and sudo privileges on linux
> servers based on these groups. This adds to the complexity, but lets us
> manage users and access from the AD side.
>
> When you delete a user on the AD side, it will get deleted on the FDS side
> too.
>
>
> Regards,
> Kenneth Holter
>
>
> On Tue, Dec 29, 2009 at 5:41 PM, Ajeet S Raina <ajeetraina at gmail.com>wrote:
>
>>
>> I have a certain query regarding the following structure:
>> Code:
>>
>> Active Directory Server
>> ||
>> ||
>> Fedora Directory Server <=> Client(Linux | Fedora | Ubuntu | Solaris | HP)
>>
>> Let me explain you what I want:
>>
>> 1.There is a company Active Directory Server under domain intinfra.com.As<http://intinfra.com.as/>of now there are limited Windows Desktop Machine under that domain.I have
>> few Linux / Unix Machines which I want to authenticate through ADS(which are
>> presently not under ADS).Why? Becoz' everytime I need to delete the users
>> whenver they leave the project.Thats Cumbersome.
>>
>> So what I want is Setup Fedora DS(Wonder if We can do that without Fedora
>> DS).Now I can ads join to Fedora DS(I have administrative privileges for
>> ADS).What I really want to know is:
>>
>> If I join Fedora DS to ADS then all employee can login to the Linux
>> Machine through their login credentials. I dont want that to happen.We have
>> 3000 employee in intinfra Domain but We are only 30 Admins. I only want
>> those 30-40 admins to login restrictly.Is it possible to restrict at
>> FedoraDS level.
>>
>> 2.Say, I joined ADS and fedora DS and say after 30 days one of System
>> Admin left the company.So his name will be removed from ADS. Is it possible
>> that ADS and Fedora DS are synchronized in such a way that a user whose name
>> gets deleted in ADS, gets deleted too from fedora .Do fedora DS has the
>> capability to synchronize to ADS everytime.
>>
>> Pls Suggest.
>>
>>
>>
>>
>> --
>> 389 users mailing list
>> 389-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
”It is not possible to rescue everyone who is caught in the Windows
quicksand
--Make sure you are on solid Linux ground before trying.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20100104/ddad1130/attachment.htm>
More information about the Fedora-directory-users
mailing list