The company that I am working for is embarking on replacing the current locally developed NIS/YP structure with LDAP.
We already have AD in house for the Windows stuff and would like to consider using an AD system. The AD people are quite restrictive and would not support extensive modifications.
We have needs to have the replacement include the support the full capabilities of the NIS/YP suite include netgroups, login restrictions to specific servers for specific users or groups of users, consistent passwords between the *nix and Windows environment,etc.
Our environment is a mixture of Linux (suse, RH, Debian), Sun, IBM, HP and MPRAS as well as a NETAPP. So whatever we use must be totally inclusive to all environment.
We have looked at Likewise, but our management wants other alternatives to compare with.
What other things should I be looking at and what is you assessment of the alternative?
Thanks
Best Answer
Microsoft used to have something called Services For Unix (It's still around but with a different name: It's now "Subsystem for UNIX-based Applications (SUA)") -- Among the features it included was an AD-to-NIS gateway that allows you to create a NIS domain that is effectively slaved to your AD domain.
This is probably the the path of least resistance for you since your unix environment is heterogeneous -- Anything that understood NIS will understand the MS NIS server, because as far as your unix systems are concerned it's still just a plain old NIS server.
Another option is pam_ldapd (or pam_ldap + nss_ldap) -- This would query against your AD servers directly & gets away from some of the limitations of NIS, but I don't know how good the netgroup support and such is on these (I know pam_ldap + nss_ldap doesn't have working netgroup support on FreeBSD).