On VLOG 161 8:30, Tom says that he doesn’t use Active Directory.
If you have a Windows computer how to would you access files off another computer?
For example, I have a raspberryPi that I move files back and foward using SAMBA (which is AD?)
Is he only saying “I don’t use Active Directory” because he is a only Linux person?
How in the world do you live with out using Windows? /s
I am not a sysadmin, just a hobbyist that just finish deploying his first (badly done) freenas server.
In its simplest form Samba does not use active directory.
It does have the capability though to use active directory and be an ad server. Most simple hobby type setups don’t use active directory for file sharing.
I am interested to see comments here as most large companies are heavy into active directory. This is due to them being heavy into windows.
One way I’ve seen it in the enterprise is by going with an IAM provider like JumpCloud or Okta. They have their own directory systems you can leverage in place of AD. Both integrate with AD, but you can use the directories as the source of truth and push configurations to AD. The benefit is that you have more flexibility. You can integrate with AD, but you could just as easily integrate with LDAP as well. You also get great logging/auditing capabilities, and the tend to play well with SIEM tools (not saying AD doesn’t). They also both provide SSO capabilities as well. They’re not the only players in the IAM space, but that is how I’ve seen them leveraged as opposed to a traditional AD environment. Personally, I prefer them to AD because the integrate better with Linux.
Also, you could use SAMBA, and just use an alternate directory service is what I was getting at.
We see a lot of companies that are using GSuite SSO for managing users and applications as well.
https://support.google.com/a/topic/7417510
While we do have local user on our FreeNAS system for file sharing, it is very rarely used for that internally. Most all of our daily project workflow is done in Gsuite using Google Docs.
RHDS is good for local directories, but I agree with Tom in finding an IDP provider (SSO) instead. Azure AD, DUO, and Okta are other good commercial options.
You can also directly join PCs (tablets, phones, etc – Windows, MAC, Android, iOS) to Azure Active directory and manage them with the Endpoint Management tool or Intune. This gets you some of familiar active directory features (user pc permissons, polices, etc) in a more cloud like function.
If you want the standard Microsoft ActiveDirectory experience without managing your own domain controllers that can also be spun up in the cloud via Microsoft’s Active Directory Domain Services.
LDAP Anyone?
There’s all sorts of non-microsquash directory services and file sharing stuff that can play nice with a windows network.
This is an issue that’s been on my mind for a long time. Tom keeps repeating in videos over and over that he doesn’t use it and doesn’t have much interest in univention or other open source solutions. However, I’m plagued by not coming up with a solution yet to manage users and permissions centrally especially in the case of HIPPA at dental and medical offices. So is Tom just saying he doesn’t use active directory personally or what does he use for his clients? I tend to think his clients have active directory but does anyone have personal experience with univention or another? I’ve even wondered how well qnap and synology handle their equivalent of managing it.
Correct, we don’t use AD at our office but our clients do use it. For many of them it is a necessary tool as their software relies on AD to handle authentication. I don’t really trust using third party systems to emulate AD and be completely compatible with the clients software.
Something that may be of interest is the linux version of Active Directory
Interoperability with win systems (or anything else) is never a guarantee with open source.
Linux is free as in free beer, as often happens with free stuff you don’t get the right to pick and choose what the ingredients are (features or packages may work or they may not…).
It’s an option. Especially for those times when you don’t want to go full board Windows and still have control over your systems.