[TriLUG] LDAP vs AD vs NT domains vs eDirectory vs RHEL directory server

[Magnus]

Chris Bullock wrote:
> 1.  What could be a drop in replacement for our current NT4 domain?
> 2.  What will give us AD type authentication/access and how easy or difficult will it be to set up, ie is there anything as easy as the click and add feature available in AD?

Being a bit more familiar with how your environment looked four years 
ago (but being in the dark about the strides made since then) I think 
you're probably going to want something more sophisticated than a single 
*NIX box with a local password file and Samba.

What I would probably suggest prioritizing is getting a directory 
service up first.  Put user metadata in LDAP, passwords in Kerberos V.  
Get your toolkit together to effectively manage users in LDAP & 
Kerberos.  Once you've got that done, you will need to dig deeply into 
Samba documentation and build a new Windows domain with Samba but have 
Samba use LDAP & Kerberos directly instead of local system auth.  This 
way you don't have to have a samba password file with Windows passwords 
in it.

Once thing worth looking into, which I have not yet used in production, 
is Fedora Directory Server.  From what I hear it makes life easier than 
keeping your user metadata in OpenLDAP, which is a fine back end but 
lacking in efficient front end tools. 

Best of luck!