From owner-freebsd-questions@freebsd.org  Sat Mar 14 08:34:03 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0E9BA27B46C
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Sat, 14 Mar 2020 08:34:03 +0000 (UTC)
 (envelope-from sniffer@dewberryfields.co.uk)
Received: from ictmail.ictprovision.com (ictmail.ictprovision.com
 [35.178.134.240])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48fbSp1m2yz3Hcq
 for <freebsd-questions@freebsd.org>; Sat, 14 Mar 2020 08:34:01 +0000 (UTC)
 (envelope-from sniffer@dewberryfields.co.uk)
Subject: Re: Centralized user/group/whatever management
To: freebsd-questions@freebsd.org
References: <20200313091923.GA98495@admin.sibptus.ru>
 <20200313143130.GA68871@geeks.org>
 <96ed1afa-e0e1-51a2-997b-e95097a1d0b4@gmx.net>
 <20200314060747.GH27346@admin.sibptus.ru>
From: Michael Howard <sniffer@dewberryfields.co.uk>
Message-ID: <fc467be1-6a08-9492-7b07-1ee05dc068ed@dewberryfields.co.uk>
Date: Sat, 14 Mar 2020 08:33:55 +0000
MIME-Version: 1.0
In-Reply-To: <20200314060747.GH27346@admin.sibptus.ru>
Content-Language: en-GB
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=dewberryfields.co.uk; s=2019; t=1584174871;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=0VcJVi0EwCQBesh8/yx+s8jFZC16jM/0wTxlUtOY6s4=;
 b=Lf9MLTeNi9YLIGA9Z7fSCDTUpA0hr+3OxToz/N43epfu0exfrMtRO7F9ZZ2XAA6tme1jg4
 y7AsMETZ3yrHWgR7P4PUw/Ca1hnXO+CstJOCEeoCUXqPMdHNkoSGGCsgHDrQAzBErLMxSb
 ygchzuyD24szY3H9cytjaNW14Nrf9dE=
ARC-Seal: i=1; s=2019; d=dewberryfields.co.uk; t=1584174871; a=rsa-sha256;
 cv=none;
 b=A7/nbkZ+vOKkYeZkQmj13rAOAF94+6UI+yA7I1KSeuc0s894W7wBnmPS+UBGiAGnfrQGyP
 mXEZEJkmnw6l2t8L+B9YEsVIjzQRrTlq3HU51PxDBdm/UXCaC1H7/OXYZvNxedVqI+//LO
 uovtDfwRs4bA6yPdgDw59cQWFRa0udg=
ARC-Authentication-Results: i=1; ORIGINATING;
 auth=pass smtp.auth=sniffer@dewberryfields.co.uk
 smtp.mailfrom=sniffer@dewberryfields.co.uk
X-Rspamd-Queue-Id: 48fbSp1m2yz3Hcq
X-Spamd-Bar: --
X-Spamd-Result: default: False [-2.43 / 15.00];
 R_DKIM_ALLOW(-0.20)[dewberryfields.co.uk:s=2019];
 FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+a:ictmail.ictprovision.com];
 TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 NEURAL_SPAM_MEDIUM(0.79)[0.788,0]; RCPT_COUNT_ONE(0.00)[1];
 DKIM_TRACE(0.00)[dewberryfields.co.uk:+];
 DMARC_POLICY_ALLOW(-0.50)[dewberryfields.co.uk,reject];
 RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 IP_SCORE(-0.22)[asn: 16509(-1.04), country: US(-0.05)];
 ASN(0.00)[asn:16509, ipnet:35.178.0.0/15, country:US];
 ARC_ALLOW(-1.00)[i=1]; MID_RHS_MATCH_FROM(0.00)[]
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2020 08:34:03 -0000

On 14/03/2020 06:07, Victor Sudakov wrote:
> Michael Osipov wrote:
>> Am 2020-03-13 um 15:31 schrieb Doug McIntyre:
>>> On Fri, Mar 13, 2020 at 04:19:23PM +0700, Victor Sudakov wrote:
>>>> Do you think there exists a modern solution for centralized user/group/...
>>>> management compatible with FreeBSD and Linux?
>>> I think the best combination is probably a Windows AD setup, with
>>> FreeBSD/Linux clients attaching to it. (Although I still do external DNS
>>> importing the AD objects into it, really can't stand windows DNS).
>>>
>>> This does work really seamless, the GUI tools are well utilized.
>>>
>>> It really gets you the hard part (LDAP, Kerberos) in a pretty easy to
>>> use package. I don't know how many hours I've spent on OpenLDAP
>>> getting it to work with things, and management packages for OpenLDAP
>>> are pretty sucky overall.
>> I agree here with Doug, as strange as it sounds, Samba is your best bet.
>> When you provision your domain you shall enable the POSIX extensions. It
>> will create all GECOS stuff. pam_winbind is also nice.
> So pam_winbind it is, if you want to use AD for user/group management?
> Does winbindd not crash any more under FreeBSD?
>
> Do you need to also enable winbind somehow in nsswitch.conf?
>
>> One must simply admit that Active Directory is a wellthought system not
>> just for Unix. You may join your machines either with Samba, more easily
>> with msktutil (disclainer, I am a maintainer) with works flawlessly on
>> FreeBSD.
> I'll certainly look at it if I have to integrate FreeBSD into Windows AD.
>
> However first I'd like to find a free, open source solution for a
> Unix-only office. Hope it will not eventually come to buying a Windows
> server to manage Linux and FreeBSD workstations.
>
Samba is free and open source. Absolutely no need to buy MS Windows.
-- 
Michael Howard