::Search Result::

Monday, August 11, 2008

Active Directory

So how does NIS stack up to Active Directory? Good question. The answer is “it doesn’t.”
Active Directory was designed to be much more than what NIS was designed for. This really
places the two into different classes of applications.

Active Directory (AD) is designed to be a generic solution to the problem of large sites
that need to have their different departments share administrative control—something that the
older Windows NT Domain model did very poorly. (Setting up interdomain trusts under NT
often required a great deal of patience and a willingness to fix “broken” trusts on a regular
basis.) AD is also an opportunity for Microsoft to fix many of its broken naming schemes and
move toward an Internet-centric scheme based on DNS. The result is quite beastly and requires
a lot of time to master. Mark Minasi’s book, Mastering Windows 2000 Server, Second Edition
(Sybex, 2000), dedicates well over 100 pages to the subject. However, in a smaller network,
most folks will find that it looks and feels mostly like the old-style NT domains with some
new whiz-bang features thrown in for good measure.

Don’t get me wrong, though—AD is a strong step in the right direction for Windows 2000
and presents solid competition for the Linux camp to think about how directory services can be
better integrated into their designs. But despite what Microsoft tells you, AD will not solve all
the world’s problems, let alone all of yours, in one easy step.

So does Linux have anything that compares to AD? Yes, actually, it does. Several
implementations of LDAP (Lightweight Directory Access Protocol) now exist for Linux, and
work is actively being done to allow NIS to tie into LDAP servers. (The RADIUS authentication
protocol is also becoming more common.) LDAP is also interesting because it uses the same
underlying technology that Active Directory uses in Windows 2000 and Windows .NET
Server. This means that, in theory, it is possible to share LDAP databases between both your
UNIX and Windows systems and possibly unify authentication between them.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

::Adsense::