Found this article via Linux Weekly News.
Personally, I don't like AD as the sole repository of all auth info. I see nothing wrong with using LDAP for auth (and the author makes a mistake in saying that you can change/reset passwords in LDAP), replication is tricky to setup but simple to maintain, and you can dump everything to a flat file for easy integration with your backup system.
But this article is a pretty good overview of how Linux nss <-> Windows AD works (not to mention a good summary of why directory services rock and a little historical context), and I haven't seen an explanation of how to use winbind before, so... here's the link.
Post a Comment