Microsoft SFU 3.5 and Vintela VAS
Microsoft Services for UNIX (SFU) 3.5 is a free suite of utilities and services for interoperating with UNIX systems. Among the things it contains are:
an updated POSIX subsystem for running recompiled UNIX applications within Windows, running UNIX-style shell scripts and a shell-based environment running the POSIX and bash shells
an NFS client and server connectivity, and (last but not least)
a method of mapping Active Directory accounts to equivalents on UNIX and Linux systems.
SFU achieves Active Directory integration with Linux and UNIX systems by not actually implementing native AD connectivity at all. Instead, Linux and UNIX clients communicate with the Windows network using their native NIS (yp) authentication stack already installed on every copy of Linux and UNIX, which communicates with a native NIS server service installed on every Active Directory Domain Controller on your network, which in turn runs a User Name Mapping Service that translates NIS logins to Active Directory logins. (Whew.) Each user account and group within Active Directory can be configured to correspond with a discrete UserID and GroupID on the Linux/UNIX side.
In theory, with a completely clean and uncomplicated Active Directory implementation and a fully cooperative IT staff, Microsoft Services for UNIX is a good solution. However, as we well know, not all ADs are clean, and not all IT departments are completely centralized or cooperative.
Perhaps one of the main issues why SFU is a difficult pill to swallow is that it requires Schema Extension. That means that the functions that SFU needs to perform the UserID/GroupID translation requires logical and physical modifications to the Active Directory database. The SFU installation adds new fields to the AD database to accommodate these new functions, and to store the extended user and group data on the Linux/UNIX side.
For many IT departments, schema extension is a deal-breaker – and it's even less desirable because there is no way to back out of the schema extension once it is done. Once the SFU schema extensions are added to your AD database, you have to live with them – permanently. In order to deal with this issue better (or rather, to force this down your throat) Microsoft is integrating the SFU schema extensions in the next major revision of Windows Server, 2003 R2.
What Vintela Does
A similar product to Microsoft SFU is Vintela Authentication Services (VAS), a spin-off of SCO which was recently acquired by Quest Software. Like SFU, Vintela uses NSS and NIS to "trick" Linux and UNIX systems into believing they are talking to a native network authentication scheme. However, unlike SFU, it doesn't require installing a NIS server or a User Name Mapping Service on your Windows servers. Most of the magic occurs at the VAS client-side level, which is supplied as a bunch of PAM modules and a service running on the client.
Unfortunately, to make this product work, it also requires schema extensions, which may or may not be palatable to your particular IT environment. However, once Vintela VAS is installed on your clients and the schema extensions are installed into your AD, it does work very well. Vintela also supplies Microsoft Management Console (MMC) modules for administrating your Linux and UNIX machines from Windows-based workstations.
Brak komentarzy:
Prześlij komentarz