From owner-freebsd-questions@freebsd.org Fri Mar 13 14:31:33 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4C1A0261C28 for ; Fri, 13 Mar 2020 14:31:33 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (jacobs.geeks.org [204.153.247.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48f7Rm0gB8z3G1L for ; Fri, 13 Mar 2020 14:31:31 +0000 (UTC) (envelope-from merlyn@geeks.org) Received: from mail.geeks.org (localhost [127.0.0.1]) by after-clamsmtpd.geeks.org (Postfix) with ESMTP id 854E2110234 for ; Fri, 13 Mar 2020 09:31:30 -0500 (CDT) Received: by mail.geeks.org (Postfix, from userid 1003) id 5E155110233; Fri, 13 Mar 2020 09:31:30 -0500 (CDT) Date: Fri, 13 Mar 2020 09:31:30 -0500 From: Doug McIntyre To: freebsd-questions@freebsd.org Subject: Re: Centralized user/group/whatever management Message-ID: <20200313143130.GA68871@geeks.org> References: <20200313091923.GA98495@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200313091923.GA98495@admin.sibptus.ru> User-Agent: Mutt/1.10.1 (2018-07-13) X-Virus-Scanned: ClamAV using ClamSMTP X-Rspamd-Queue-Id: 48f7Rm0gB8z3G1L X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of merlyn@geeks.org designates 204.153.247.1 as permitted sender) smtp.mailfrom=merlyn@geeks.org X-Spamd-Result: default: False [-0.13 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ptr]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_SPAM_MEDIUM(0.55)[0.552,0]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.86)[-0.864,0]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[geeks.org]; IP_SCORE(0.48)[ipnet: 204.153.244.0/22(-1.28), asn: 7753(3.72), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7753, ipnet:204.153.244.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2020 14:31:33 -0000 On Fri, Mar 13, 2020 at 04:19:23PM +0700, Victor Sudakov wrote: > Do you think there exists a modern solution for centralized user/group/... > management compatible with FreeBSD and Linux? I think the best combination is probably a Windows AD setup, with FreeBSD/Linux clients attaching to it. (Although I still do external DNS importing the AD objects into it, really can't stand windows DNS). This does work really seamless, the GUI tools are well utilized. It really gets you the hard part (LDAP, Kerberos) in a pretty easy to use package. I don't know how many hours I've spent on OpenLDAP getting it to work with things, and management packages for OpenLDAP are pretty sucky overall.