LISTSERV - SCIENTIFIC-LINUX-USERS Archives

I've never heard of SCCM but the Microsoft's AD thing is doable but difficult.
The Unix extensions help but they don't automatically assign UID numbers or GID numbers to users so people often time use 3rd party software to do it for them.
Kerberos integration is simple all you need is the Pam Kerberos5 module but if you want to be able to change passwords from a linux host you will have to manually create and deploy keytabs. On the Kerberos level Microsoft is surprisingly compliant with the RFC's.

-- Sent from my HP Pre3

On Aug 5, 2014 10:12 AM, Steven Timm <[log in to unmask]> wrote:

When Fermilab deployed Kerberos 5 on all of our unix and linux,
and simultaneously Windows 2000 on our Windows side, it was the
intent that eventually everything would run off of the windows
Active Directory side. 14 years later that has never happened.
There are others on this list that know in detail why that is.

There are some Microsoft services for Unix that in theory
can do all the things you need to do to make the windows
domain controller serve as a master kdc for Linux machines.

I have never heard anyone use or try to use SCCM for Linux. It
is certainly worth the money within the Windows domain though.

I've never heard of anyone hooking Macs into Active Directory.

Steve Timm

On Tue, 5 Aug 2014, Yasha Karant wrote:

> The administrative computing and network unit at my institution seem to want
> to force us to use Microsoft Active Directory and SCCM. The generalities that
> have been released to date are quoted below:
>
> *Recommendation*
>
> 1.
>
> Work with the ITC’s across the University to join all University
> owned PC’s and Mac’s to an organizational unit (OU) of the CSUSB AD
> Domain.
>
> 2.
>
> Provide training to all ITC’s on Microsoft Active Directory and SCCM
> Administration
>
> *Cost:* $25,000 Estimated
>
> *Rationale:* With the availability of advanced tools to maintain and upgrade
> machines from a central console, Faculty and Staff will greatly benefit from
> patches and updates being done for them remotely and in an automated fashion.
> They will also be able to install campus licensed software themselves.
>
> NB: ITC Information Technology Consultant (a California State University
> staff position designation) -- a technician, typically with a BS in IT or a
> related field, who has hardware and software control over
> non-administrative-computing "Faculty" MS Windows or Mac OS X workstations.
>
> End quote.
>
> Does anyone on the list have to use these Microsoft proprietary systems with
> EL open systems -- both servers and workstations? If so, what are your
> experiences and how does one do the integration? Under no circumstances are
> we willing to share root passwords with the administrative unit. Replies off
> list are welcome.
>
> Yasha Karant
>

------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
[log in to unmask] http://home.fnal.gov/~timm/
Fermilab Scientific Computing Division, Scientific Computing Services Quad.
Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing