If you are looking merely to replace or emulate the ldap/kerberos functionality of AD you could take a look at freeIPA, a project under active development, sponsored by Redhat and based on Redhat/Fedora Directory Server, but with an enhanced web-GUI and some additional functionality
From my experience, in a small-to-medium Linux/*BSD/OS X environment, with NFSv4 or AFS, this will work fine.
However, as other posters here suggest: if you have predominantly windows clients, for your own sanity it would be better just to use AD from the outset.
I'd agree with the above: LDAP/GSSAPI/SASL is a challenge to set up correctly and administer using FOSS components.
I had a test system similar to the above at my work site, but it looks like it's going to be a non-flier now that the bosses have seen what Active Directory has to offer specifically in terms of account-management and replication.
This is a shame because it means that control over authentication to unix platforms will now be placed in the hands of the AD admins.
Slashdot Mirror
From my experience, in a small-to-medium Linux/*BSD/OS X environment, with NFSv4 or AFS, this will work fine.
However, as other posters here suggest: if you have predominantly windows clients, for your own sanity it would be better just to use AD from the outset.
I'd agree with the above: LDAP/GSSAPI/SASL is a challenge to set up correctly and administer using FOSS components. I had a test system similar to the above at my work site, but it looks like it's going to be a non-flier now that the bosses have seen what Active Directory has to offer specifically in terms of account-management and replication. This is a shame because it means that control over authentication to unix platforms will now be placed in the hands of the AD admins.