Thats what I'm saying here. Everyone wants to pull the race card, and the "well its the Colonial power's fault." excuse. I am saying this is a problem of belief and thought, and that thought needs changing.
I don't think the fact that you are Black, or White have has anything to do with whether your civilization is progressive or reactionary. The problem is idea and thought. The ideas and thinking people in Africa have to change en masse before things will really change. I don't know if its entirely colonialism's fault. You should look in the mirror before you blame yourself.
The DMCA has become the new method of censorship. Remember when the Bush Camp tried to shut down Jib Jab over the copyright of "This land is my land?" When the corporations and (some governments.) want you not to see something, they serve IP take down notices.
I don't agree with RMS's politics. RMS is a nut job. But, I have my fears. I tend to think that if bad and horrible things can happen, they are going to happen. They are going to happen to us. All we can do is do what we can to mitigate the damage.
There are powerful forces out there fanatically dedicated to the destruction of the open source movement. Its not so much I care about the license that, if there is one thing I can do to preserve what Linux is, and the spirit Linux represents one more year. It doesn't matter if Linux survives so long as what Linux represents as a social idea survives.
I do have things to hide. Things that are legal, but I still want to keep private. University Pin Numbers, System passwords, personal journals, stored E-mail documents. The government is not entitled to those things. The government is not entitled to any information about my computer. Even outside the realm of law enforcement, if I had nothing to hide, scammers and spammers, and bot net harvesters would have access to my boxen!
Now, yeah, I have porn. Legal consenting adult porn. I'm an adult, I get to have those things. If I have no expectation of privacy in my own affairs, in my own dealings, in what adult I choose to have sex with (or marry). I'm entitled to that. The fact is, in (western civilization) if you have porn on your computer, you are considered to be a 'bad person'.
The problem with the US Government and any other government, is the breakdown of probable cause. These days, cause is whatever the authorities want it to be. There is massive inequity in society, so, all of those who are vulnerable adults have things to hide, we do have something to fear, overbearing governments tend to be the enemies of free people.
In this current climate of fear, you have to be brain dead to think we all have nothing to hide or fear. We all have things to hide, we can only trust our law enforcement officials to a certain arms length extent.
Even worse is, the public at large in counties like Canada, the US, and UK, seem to be electing authoritarian governments that have no respect for the rule of law. I think there are large segments, even if still minorities of the populations of prominent Western nations who don't believe in the various constitutional traditions of their people. They want kings, and they want strong men who will 'keep the bad people away'.
This is an implementation of TCP Illinois invented by Shao Liu at University of Illinois. It is a another variant of Reno which adapts the alpha and beta parameters based on RTT. The basic idea is to increase window less rapidly as delay approaches the maximum.
Illinois Congestion control is helpful with network games as that tends to spike my connection.
Yes, Linux is more secure than Windows. We know that.
That doesn't mean that we can rest easy on Linux Security. We must never for a moment think that even with Linux we are ever completely safe. As long as any computer has power to it, it has a security risk, but I'd like to present an alternative way of thinking about it.
Linux must not only be better in security, but better in capability.
I know that design wise, OpenLDAP/Kerberos/Samba/FreeRadius/AFS will produce a far more secure network infrastructure than Active Directory will. But that combination will not produce as capable an infrastructure as the real ADS. The worst security vulnerability Linux could have is the security vulnerability produced when an orginization chooses Active Directory on Windows over Open Directory on Linux.
If you want to change this, contribute to OpenLDAP, to Samba, to FreeRadius, and Kerberos. Lets make Open Directory not only more secure to Active Directory, but outright superior.
What ID really was was an attempt to slip creation in under the door. This is because Creationists can't stand the following phrase. "I don't know."
Here are some things that do need to be understood.
1. Evolution does not disprove the existence of "God" but it may undermine the myth of Jehovah. That is to say, the creationists are afraid that if we get so much evidence to show that the religions of Abraham are false, or the world doesn't work the way they say it does, that God becomes impersonal and Alien to us. Which is a sane argument really. The creator of the Universe caring about what happens to us is like us caring about what happens to some Ant hill somewhere.
If that happens, then all our wars, and churches, and institutions we built up to serve religion will be for a "God" who is disconnected and we will have built these social institutions for the sake of ourselves. Alot of powerful people don't want that.
2. Our understanding of Evolution is incomplete. That is to say, we can see the trees, but not the entire forest. We aren't that far ahead. There are going to be errors we make in our determination in how evolution works. The creationists are going to come back and say "see! see! you screwed up! but God makes everything perfect!"
3. If you want to know the truth of whats out there, I'd imagine religious forces in this world would seek to prevent it, or cover it up. A lot of these religions created by Abraham revolve around the idea that Man is at the center of everything. If we discovered Alien life elsewhere in the Universe, at first everyone religious would panic. Gradually, Religion would change to accommodate the Aliens. But you damn well bet there would be people saying "Jebus died on the Cross for Humans/Terrans/Earthlings" whatever.
So, as an Agnostic, who isn't sure whats out there, I'd like to know, but I can't be sure until the technology exists for me to explore this universe in much greater depth. I'm very curious. But I feel comfortable saying "I don't know right now." The hard core religious people can't afford to be wrong. If their $Holy_Text is wrong, then they are going to realize the magnitude of some of the inexcusable things done in History.
I think some day it will happen. We will come out with concrete evidence that exposes the whole mythology, something so observable that religion can't adjust to it. Who knows if we will accept it and become better people, or deny it and kill each other. Again, I just don't know.
If a company, such as MS ever did make a "Bulletproof Piracy scheme" it would most certainly mean locking the BIOS down such that not only could you not install a pirated copy of Windows, but you couldn't install Linux or any other OS either because that would be the only way. (TCPA.) Because installing Linux means you are not buying Windows. To them, thats just as bad if not worse than pirating Windows.
So think twice about "Bulletproof Piracy to promote Windows." We want people to choose Linux because they want Linux, not because they are forced too.
Yes, I've had my share of problems with SE Linux on CentOS. I tend to disable it. I've had SE Linux cause badly configured CentOS Boxes on a CentOS 5.0 Beta (4.92) hang the machine because of SE Linux Policies. However, correctly configured, SE Linux can prevent a unit from being tampered with.
On the issue of security. There are some Network and Domain Level hiccups. Ideally, all Linux applications should support Kerberos for their Single Sign on facility. However, in a lapse of forethought, there are some important ones that do not.
One of these is KDE's Kontact when using XMLRPC. Why is this a problem? If you use Kolab, or eGroupware, you have to manually enter username and passwords for Users. This is a replay vulnerability, and, if your password is changed in LDAP and Kerberos, Kontact doesn't know it, and Kontact repeatedly sends the wrong User name and password to the XMLRPC Server until it blocks the user. Now, with IMAP4 and IMAPS? Click the "Use GSSAPI" Checkbox in server properties in Kontact, and Mail will use Kerberos no problem.
If advanced Linux projects like KDE are serious about security, and I think they are, extensive use of Kerberos in a Domain Environment like mine is a must.
Re:Public DNS is corrupt, but Private DNS is subli
on
DNS Complexity
·
· Score: 2, Insightful
Oh... well my point is still valid. DNS Should not be a tool for politicians.
Public DNS is corrupt, but Private DNS is sublime.
on
DNS Complexity
·
· Score: 4, Interesting
The Public DNS System has become corrupted. It used to be edu, com, org, net, and country codes.
Then the bribes started, now we have.info,.tv, and god knows what else.
Internally, I use DNS and I would never replace it. Just secure it. All my Internal Updates for my home DNS System work like this. Using the LDAPDNS system, my reverse lookup zones become distinguished containers, like
That. My zone updates are then wrapped up in SSL and replicated to my other Domain Controller. I would suggest that DNS return to its roots, restore the old Domain hierarchy and discontinue all these other TLDs, but they won't. There is too much money to be illegitimately made off the corruption of DNS.
I don't trust my family with computers. All they really see is the X Login prompt. (All the computers run Linux.) We are currently running Mandriva Linux 2007.1 to do all this. The good thing the Kerberos feature does is create an autologin feature for eGroupware from FireFox. I have a specially patched eGroupware that when our FireFox Groupware bookmark is clicked, FireFox sends the Kerberos Session ticket to eGroupware allowing the login stage to be skipped. (A Computer must have one of my Host Public keys, I assign them by host, and have valid Internal reverse DNS look up. for this to work.
I also use KDE Kiosktool to maintain policies, and I've paired SSH with Kerberos to make urpmi-parallel-ssh feature able to install updates on all the units in a given Domain. Its not perfect yet.
TCPA and DRM (Especially Palladium) are not means of improving computer security. They are there to subvert the ownership of users of technology in favor of powerful companies. DRM isn't going to safe guard medical records. And TCPA isn't going to stop a space ship from Self Destructing.
What will help computer security are good security practices.
At my house, everyone logs in to a Linux powered Domain, LDAP coated in SSL for Authorization, Kerberos for Authentication. Traffic (especially Wifi) encapsulated with IPSec. SE Linux policies in place. Directory service authorized Radius Server with MySQL server Accounting, and cataloged MAC Addresses in OpenLDAP. These are good security policies. Everyone should have some variation of this.
If I were on a space ship, I damned well better be able to secure my systems against unauthorized access. But DRM and TCPA do not make this happen.
I use Mandriva. Unofficially I tend to call Linux domain controllers in large networks "Destroyer Class" Linux Machines (That is just my slang for it. Think Babylon 5.)
Generally a Destroyer Class Linux Box:
Runs OpenLDAP, Samba, Bind, Kerberos Manages Wifi and VPNs with FreeRadius. Can use SSH to deploy applications to an entire network in one command Runs a Groupware Solution, like Scalix. Runs a Mail Server that also retrieves information from LDAP Maybe runs an Apache server, but thats rather common. Usually includes PHP, or Perl, and a MySQL server. Uses Nagios or some other NMS Uses Snort for traffic monitoring.
I could go on. But you get the idea. These things are hard to build, and hard, and time consuming.
Microsoft may not be the biggest enemy Linux has, but they are an enemy. They still want to destroy us, they won't stop until we are all destroyed. They will attempt to subvert us. Linux Users are starting to have troubles with "taking the easy way out." in some cases. They probably want to slow the march of Linux advancement. Giving us something sweet and sugary, something we don't have we really want, like a MS SQL Server Client, or, something related to AD, or a better MAPI Exchange server.
Like idiots, we will take it, because like the binary Nvidia driver it will be "free as in beer." this will slow our research into our own F/OSS replacements. It may not kill us, just let us be slowed to the point of getting MS far enough ahead to make us unable to compete.
You do have to think "outside the box" its not simple. I'm easily findable of FreeNode's LDAP Channel. I try and use a combination of OpenLDAP, Bind, Kerberos, Samba, SSH, rsync, Apache with mod_auth_kerb, FreeRadius, OpenSwan, dhcpd
You mean OpenLDAP, Samba, Kerberos, Bind. I can give you one better.
I use Mandriva Linux as my Domain Controllers and workstations.
With urpmi's parallel operation with SSH support is a Godsend. See my Secure Shell server is GSSAPI enabled (Kerberos.) Because of the fact every machine is authorized by LDAP, and authenticated by Kerberos, I can do this:
urpmi samba-server --auto --parallel dcs
This will install Samba on all Domain Controllers
urpmi gnumeric --auto --parallel all
This will install gnumeric on every machine in my Domain.
urpmi.update -a urpmi --auto --auto-select --parallel all
This will update every machine I have in my Domain while resolving dependancies. There are problems with doing it this way. The big one is, under AD, updates can be pushed to offline machines. For this to work, all machiess must be online.
Also this does not update the urpmi catalogue synthesis.
Bind and dhcpd come with their own schemas in OprnLDAP. The Bind-sdb Schema is known as dnszone.schema, and dhcp.schema Then all you do is change the "file" commands in named.conf to say "database" and give them a DN Suffix.
ldap-server "localhost";
ldap-port 389;
ldap-username "cn=DHCP User, dc=ntelos, dc=net";
ldap-password "blah";
ldap-base-dn "dc=ntelos, dc=net";
ldap-method dynamic;
ldap-debug-file "/var/log/dhcp-ldap-startup.log";
This goes in dhcpd.conf, it connects DHCP to LDAP.
(Except put your correct DN information in here.
Samba with Kerberos is rather simple. Add cifs/ entries for all of your servers attached in the KDC, distribute copies of the new keytab. Then, add 'use kerberos keytab = Yes' to Samba, and realm = MYREALM to smb.conf
Assuming everything is peachy, you should be able to test the bind with smbclient -kd 3//Server/share, and watch the Kerberos SPNEGO take place,.
I believe I have one of the most advanced LDAP/Kerberos/Samba/Bind "Open Directory" setups. I have two Samba 3 Domain Controllers, both Kerberos and Bind Enabled. with OpenLDAP and MIT Kerberos. I have no need for NFS.
My OpenLDAP stores:
POSIX User Attributes Samba User Attributes Radius User Attributes eGroupware User Attributes (Egroupware accounts.) DNS Information for our internal DNS Server DHCP Lease information.
I use Kerberos with ssh-agent to distribute software RPMS for Mandriva Linux to mass distibute RPMs with a single command.
I have Samba Kerberos enabled so that Samba will not repeatedly ask for usernames and passwords, and requires zero configuration.
I have had the code to Egroupware modified so that eGroupware, and Nagios can use Apache's mod_auth_kerb addon to authenticate eGroupware users with a single click instead of a whole second login process.
I'm currently workong on creating a Samba Authenticated gateway with NTLM-SPNEGO support so that kerberos will handle Squid too.
All I need now is for someone to make the modifications nesessary to eGroupware's XMLRPC so that Kontact could use Kerberos and I would have the "Exchange Killer" I always wanted.
All of my users use Samba for network browsing under KDE's Konqueror, with Kerberos and LDAP, it just works.
I consider this my shining accomplishment. I like to have myself believe that I accomplished "Active Direrctory" under Linux now. I don't use Windows at all in this network, so keep that in mind. The eGroupware people can attest to what a past I am. bugging them to include Kerberos detection in session management. But it all works.
Slashdot Mirror
Well, Microsoft will just setup an Ambush of 5 monsters, For the newly combined Thunder KDE and then this will happen.
http://www.youtube.com/watch?v=nqdBBZweKuQ
Start watching at about 5:00
Thats what I'm saying here. Everyone wants to pull the race card, and the "well its the Colonial power's fault." excuse. I am saying this is a problem of belief and thought, and that thought needs changing.
I don't think the fact that you are Black, or White have has anything to do with whether your civilization is progressive or reactionary. The problem is idea and thought. The ideas and thinking people in Africa have to change en masse before things will really change. I don't know if its entirely colonialism's fault. You should look in the mirror before you blame yourself.
Okay so maybe I was wrong.
The DMCA has become the new method of censorship. Remember when the Bush Camp tried to shut down Jib Jab over the copyright of "This land is my land?" When the corporations and (some governments.) want you not to see something, they serve IP take down notices.
I don't agree with RMS's politics. RMS is a nut job. But, I have my fears. I tend to think that if bad and horrible things can happen, they are going to happen. They are going to happen to us. All we can do is do what we can to mitigate the damage.
There are powerful forces out there fanatically dedicated to the destruction of the open source movement. Its not so much I care about the license that, if there is one thing I can do to preserve what Linux is, and the spirit Linux represents one more year. It doesn't matter if Linux survives so long as what Linux represents as a social idea survives.
I do have things to hide. Things that are legal, but I still want to keep private. University Pin Numbers, System passwords, personal journals, stored E-mail documents. The government is not entitled to those things. The government is not entitled to any information about my computer. Even outside the realm of law enforcement, if I had nothing to hide, scammers and spammers, and bot net harvesters would have access to my boxen!
Now, yeah, I have porn. Legal consenting adult porn. I'm an adult, I get to have those things. If I have no expectation of privacy in my own affairs, in my own dealings, in what adult I choose to have sex with (or marry). I'm entitled to that. The fact is, in (western civilization) if you have porn on your computer, you are considered to be a 'bad person'.
The problem with the US Government and any other government, is the breakdown of probable cause. These days, cause is whatever the authorities want it to be. There is massive inequity in society, so, all of those who are vulnerable adults have things to hide, we do have something to fear, overbearing governments tend to be the enemies of free people.
In this current climate of fear, you have to be brain dead to think we all have nothing to hide or fear. We all have things to hide, we can only trust our law enforcement officials to a certain arms length extent.
Even worse is, the public at large in counties like Canada, the US, and UK, seem to be electing authoritarian governments that have no respect for the rule of law. I think there are large segments, even if still minorities of the populations of prominent Western nations who don't believe in the various constitutional traditions of their people. They want kings, and they want strong men who will 'keep the bad people away'.
This is an implementation of TCP Illinois invented by Shao Liu at University of Illinois. It is a another variant of Reno which adapts the alpha and beta parameters based on RTT. The basic idea is to increase window less rapidly as delay approaches the maximum.
Illinois Congestion control is helpful with network games as that tends to spike my connection.
Yes, Linux is more secure than Windows. We know that.
That doesn't mean that we can rest easy on Linux Security. We must never for a moment think that even with Linux we are ever completely safe. As long as any computer has power to it, it has a security risk, but I'd like to present an alternative way of thinking about it.
Linux must not only be better in security, but better in capability.
I know that design wise, OpenLDAP/Kerberos/Samba/FreeRadius/AFS will produce a far more secure network infrastructure than Active Directory will. But that combination will not produce as capable an infrastructure as the real ADS. The worst security vulnerability Linux could have is the security vulnerability produced when an orginization chooses Active Directory on Windows over Open Directory on Linux.
If you want to change this, contribute to OpenLDAP, to Samba, to FreeRadius, and Kerberos. Lets make Open Directory not only more secure to Active Directory, but outright superior.
You can't build your own Laptop. I ordered an Ubuntu Laptop.
But I ordered it because it was the cheapest laptop with a Linux-Preload.
What ID really was was an attempt to slip creation in under the door. This is because Creationists can't stand the following phrase. "I don't know."
Here are some things that do need to be understood.
1. Evolution does not disprove the existence of "God" but it may undermine the myth of Jehovah. That is to say, the creationists are afraid that if we get so much evidence to show that the religions of Abraham are false, or the world doesn't work the way they say it does, that God becomes impersonal and Alien to us. Which is a sane argument really. The creator of the Universe caring about what happens to us is like us caring about what happens to some Ant hill somewhere.
If that happens, then all our wars, and churches, and institutions we built up to serve religion will be for a "God" who is disconnected and we will have built these social institutions for the sake of ourselves. Alot of powerful people don't want that.
2. Our understanding of Evolution is incomplete. That is to say, we can see the trees, but not the entire forest. We aren't that far ahead. There are going to be errors we make in our determination in how evolution works. The creationists are going to come back and say "see! see! you screwed up! but God makes everything perfect!"
3. If you want to know the truth of whats out there, I'd imagine religious forces in this world would seek to prevent it, or cover it up. A lot of these religions created by Abraham revolve around the idea that Man is at the center of everything. If we discovered Alien life elsewhere in the Universe, at first everyone religious would panic. Gradually, Religion would change to accommodate the Aliens. But you damn well bet there would be people saying "Jebus died on the Cross for Humans/Terrans/Earthlings" whatever.
So, as an Agnostic, who isn't sure whats out there, I'd like to know, but I can't be sure until the technology exists for me to explore this universe in much greater depth. I'm very curious. But I feel comfortable saying "I don't know right now." The hard core religious people can't afford to be wrong. If their $Holy_Text is wrong, then they are going to realize the magnitude of some of the inexcusable things done in History.
I think some day it will happen. We will come out with concrete evidence that exposes the whole mythology, something so observable that religion can't adjust to it. Who knows if we will accept it and become better people, or deny it and kill each other. Again, I just don't know.
If a company, such as MS ever did make a "Bulletproof Piracy scheme" it would most certainly mean locking the BIOS down such that not only could you not install a pirated copy of Windows, but you couldn't install Linux or any other OS either because that would be the only way. (TCPA.) Because installing Linux means you are not buying Windows. To them, thats just as bad if not worse than pirating Windows.
So think twice about "Bulletproof Piracy to promote Windows." We want people to choose Linux because they want Linux, not because they are forced too.
Yes, I've had my share of problems with SE Linux on CentOS. I tend to disable it. I've had SE Linux cause badly configured CentOS Boxes on a CentOS 5.0 Beta (4.92) hang the machine because of SE Linux Policies. However, correctly configured, SE Linux can prevent a unit from being tampered with.
On the issue of security. There are some Network and Domain Level hiccups. Ideally, all Linux applications should support Kerberos for their Single Sign on facility. However, in a lapse of forethought, there are some important ones that do not.
One of these is KDE's Kontact when using XMLRPC. Why is this a problem? If you use Kolab, or eGroupware, you have to manually enter username and passwords for Users. This is a replay vulnerability, and, if your password is changed in LDAP and Kerberos, Kontact doesn't know it, and Kontact repeatedly sends the wrong User name and password to the XMLRPC Server until it blocks the user. Now, with IMAP4 and IMAPS? Click the "Use GSSAPI" Checkbox in server properties in Kontact, and Mail will use Kerberos no problem.
If advanced Linux projects like KDE are serious about security, and I think they are, extensive use of Kerberos in a Domain Environment like mine is a must.
Oh... well my point is still valid. DNS Should not be a tool for politicians.
The Public DNS System has become corrupted. It used to be edu, com, org, net, and country codes.
.info, .tv, and god knows what else.
r pa,dc=0,dc=168,dc=192,dc=in-addr,dc=arpa
1 90073
Then the bribes started, now we have
Internally, I use DNS and I would never replace it. Just secure it. All my Internal Updates for my home DNS System work like this. Using the LDAPDNS system, my reverse lookup zones become distinguished containers, like
relativeDomainName=1+zoneName=0.168.192.in-addr.a
(I'm the guy who wrote this.)
http://slashdot.org/comments.pl?sid=235321&cid=19
That. My zone updates are then wrapped up in SSL and replicated to my other Domain Controller. I would suggest that DNS return to its roots, restore the old Domain hierarchy and discontinue all these other TLDs, but they won't. There is too much money to be illegitimately made off the corruption of DNS.
I don't trust my family with computers. All they really see is the X Login prompt. (All the computers run Linux.) We are currently running Mandriva Linux 2007.1 to do all this. The good thing the Kerberos feature does is create an autologin feature for eGroupware from FireFox. I have a specially patched eGroupware that when our FireFox Groupware bookmark is clicked, FireFox sends the Kerberos Session ticket to eGroupware allowing the login stage to be skipped. (A Computer must have one of my Host Public keys, I assign them by host, and have valid Internal reverse DNS look up. for this to work.
I also use KDE Kiosktool to maintain policies, and I've paired SSH with Kerberos to make urpmi-parallel-ssh feature able to install updates on all the units in a given Domain. Its not perfect yet.
TCPA and DRM (Especially Palladium) are not means of improving computer security. They are there to subvert the ownership of users of technology in favor of powerful companies. DRM isn't going to safe guard medical records. And TCPA isn't going to stop a space ship from Self Destructing.
What will help computer security are good security practices.
At my house, everyone logs in to a Linux powered Domain, LDAP coated in SSL for Authorization, Kerberos for Authentication. Traffic (especially Wifi) encapsulated with IPSec. SE Linux policies in place. Directory service authorized Radius Server with MySQL server Accounting, and cataloged MAC Addresses in OpenLDAP. These are good security policies. Everyone should have some variation of this.
If I were on a space ship, I damned well better be able to secure my systems against unauthorized access. But DRM and TCPA do not make this happen.
Has it occurred to you that this is Regeneration number 10 for the doctor if you count Paul McGann? He has two more, then what will they do?
I use Mandriva. Unofficially I tend to call Linux domain controllers in large networks "Destroyer Class" Linux Machines (That is just my slang for it. Think Babylon 5.)
Generally a Destroyer Class Linux Box:
Runs OpenLDAP, Samba, Bind, Kerberos
Manages Wifi and VPNs with FreeRadius.
Can use SSH to deploy applications to an entire network in one command
Runs a Groupware Solution, like Scalix.
Runs a Mail Server that also retrieves information from LDAP
Maybe runs an Apache server, but thats rather common. Usually includes PHP, or Perl, and a MySQL server.
Uses Nagios or some other NMS
Uses Snort for traffic monitoring.
I could go on. But you get the idea. These things are hard to build, and hard, and time consuming.
There was a project to bring Warcraft I to Linux, it died ogf lack of intrest. Warcraft II is availible as stratagus.
Microsoft may not be the biggest enemy Linux has, but they are an enemy. They still want to destroy us, they won't stop until we are all destroyed. They will attempt to subvert us. Linux Users are starting to have troubles with "taking the easy way out." in some cases. They probably want to slow the march of Linux advancement. Giving us something sweet and sugary, something we don't have we really want, like a MS SQL Server Client, or, something related to AD, or a better MAPI Exchange server.
Like idiots, we will take it, because like the binary Nvidia driver it will be "free as in beer." this will slow our research into our own F/OSS replacements. It may not kill us, just let us be slowed to the point of getting MS far enough ahead to make us unable to compete.
You do have to think "outside the box" its not simple. I'm easily findable of FreeNode's LDAP Channel. I try and use a combination of OpenLDAP, Bind, Kerberos, Samba, SSH, rsync, Apache with mod_auth_kerb, FreeRadius, OpenSwan, dhcpd
You mean OpenLDAP, Samba, Kerberos, Bind.
I can give you one better.
I use Mandriva Linux as my Domain Controllers and workstations.
With urpmi's parallel operation with SSH support is a Godsend. See my Secure Shell server is GSSAPI enabled (Kerberos.) Because of the fact every machine is authorized by LDAP, and authenticated by Kerberos, I can do this:
urpmi samba-server --auto --parallel dcs
This will install Samba on all Domain Controllers
urpmi gnumeric --auto --parallel all
This will install gnumeric on every machine in my Domain.
urpmi.update -a
urpmi --auto --auto-select --parallel all
This will update every machine I have in my Domain while resolving dependancies. There are problems with doing it this way. The big one is, under AD, updates can be pushed to offline machines. For this to work, all machiess must be online.
Also this does not update the urpmi catalogue synthesis.
Bind and dhcpd come with their own schemas in OprnLDAP. The Bind-sdb Schema is known as dnszone.schema, and dhcp.schema Then all you do is change the "file" commands in named.conf to say "database" and give them a DN Suffix. ldap-server "localhost"; ldap-port 389; ldap-username "cn=DHCP User, dc=ntelos, dc=net"; ldap-password "blah"; ldap-base-dn "dc=ntelos, dc=net"; ldap-method dynamic; ldap-debug-file "/var/log/dhcp-ldap-startup.log"; This goes in dhcpd.conf, it connects DHCP to LDAP. (Except put your correct DN information in here. Samba with Kerberos is rather simple. Add cifs/ entries for all of your servers attached in the KDC, distribute copies of the new keytab. Then, add 'use kerberos keytab = Yes' to Samba, and realm = MYREALM to smb.conf Assuming everything is peachy, you should be able to test the bind with smbclient -kd 3 //Server/share, and watch the Kerberos SPNEGO take place,.
I believe I have one of the most advanced LDAP/Kerberos/Samba/Bind "Open Directory" setups. I have two Samba 3 Domain Controllers, both Kerberos and Bind Enabled. with OpenLDAP and MIT Kerberos. I have no need for NFS.
My OpenLDAP stores:
POSIX User Attributes
Samba User Attributes
Radius User Attributes
eGroupware User Attributes (Egroupware accounts.)
DNS Information for our internal DNS Server
DHCP Lease information.
I use Kerberos with ssh-agent to distribute software RPMS for Mandriva Linux to mass distibute RPMs with a single command.
I have Samba Kerberos enabled so that Samba will not repeatedly ask for usernames and passwords, and requires zero configuration.
I have had the code to Egroupware modified so that eGroupware, and Nagios can use Apache's mod_auth_kerb addon to authenticate eGroupware users with a single click instead of a whole second login process.
I'm currently workong on creating a Samba Authenticated gateway with NTLM-SPNEGO support so that kerberos will handle Squid too.
All I need now is for someone to make the modifications nesessary to eGroupware's XMLRPC so that Kontact could use Kerberos and I would have the "Exchange Killer" I always wanted.
All of my users use Samba for network browsing under KDE's Konqueror, with Kerberos and LDAP, it just works.
I consider this my shining accomplishment.
I like to have myself believe that I accomplished "Active Direrctory" under Linux now. I don't use Windows at all in this network, so keep that in mind. The eGroupware people can attest to what a past I am. bugging them to include Kerberos detection in session management. But it all works.