And you expect the monkeys to be sysadmining your network???? (ref. cartoon of
all the monkees sitting in a tree)
Keep it simple, install linux, clean the dust out every 6 months, you'll be
fine.
As soon as some-one says "XYZ must be able to login and change ABC" I worry,
because (at least in the company I work for) "XYZ" hasn't got a clue and
it'll take me an age to sort out "ABC" properly afterwards. I'm quite happy
to use config files. at least you need some idea of what you're doing before
you change them!
What I like about MS Software is that it doesn't interoperate seamlessly with
other systems from MS. Half the time I find myself running linux to
troubleshoot Windows issues.
Tim B.
Oh, it's good to have broad-band again.
On Saturday 22 September 2007 18:43, Graham wrote:
> On Sat, 2007-09-22 at 18:17 +0100, Stuart Sears wrote:
> > Vic wrote:
> > > Now the thing to realise about AD - the real salient point - is that
> > > it's a perversion of LDAP. It's *almost* LDAP, which is a nice,
> > > well-defined standard. But it isn't LDAP. It's a Microsoft-only
> > > protocol Embraced and Extended from LDAP, just ready for the
> > > Extinguish...
> >
> > Surely it's really only LDAP + Kerberos + custom LDAP schema?
> > You can authenticate directly against AD as it stands using only pam_ldap
> > and pam_krb5 - no samba requirement at all.
> >
> > Don't get me wrong, I am not a particular fan of AD, but exactly *what*
> > have they done that makes it an "extended" version of LDAP?
>
> Microsoft's LDAP implementation which a client accesses for joining a
> domain uses a custom ldap schema, connectionless LDAP (RFC1485) but most
> importantly uses a whole bucket of undocumented RPC calls.
>
> Also, there is the famous PAC extensions added to their Kerberos
> implementation:
>
> http://searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_
>gci1014058,00.html
>
> I used to think all this was more about Microsoft excluding
> non-microsoft based technology whilst still being able to stamp
> 'interoperable' on the box. On reflection, I think it is true that
> Microsoft's implementation was as much to do with finding a solution
> that works well. Non-windows clients and servers can interoperate
> perfectly well in a Windows environment.
>
> It's really the centralised and simple unified management tools that
> sell their products. I don't think any of the big Linux players have
> really produced anything comparable in terms of out of the box
> monkey-capable manageability.
>
>
> Graham
