Re: RFT0001 : Request For Thoughts

["Dieter Kluenter" <dieter@dkluenter.de>]

"Christopher Barry" <christopher.barry@qlogic.com> writes:

> Hi everyone,

[..]
> The Parts Bin:
> There's a bunch of parts around, and they all kind of fit together, but
> to my current understanding anyway, seem to create a few different
> incomplete solutions, such as:
> * Samba/Winbind/Kerberos (possibly backed by OpenLDAP)

No, this is not possible, ask on a samba list for reasons.

> * OpenLDAP/Kerberos with trusts to AD

yes, this can be done, 

> * AD using 2003R2 and possibly custom schema modifications if
>   required.

this could be done
>  
> My question really is what are others doing to solve this type of
> problem? Architecturally, what is the best approach given the above
> desired outcome?

 If you administer a homogenous windows network, keep AD as primary
 domain controller (just KDC) and configure samba as backup
 controller. 
If you administer a heterogenous network, get, in addition to  the
above mentioned design, OpenLDAP plus heimdal kerberos to administer
Unix hosts and users and create a trust relation to AD.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6
53°08'09,95"N
10°08'02,42"E