Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 Mar 2020 08:30:20 +0000
From:      Michael Howard <>
Subject:   Re: Centralized user/group/whatever management
Message-ID:  <>
In-Reply-To: <>
References:  <> <> <> <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 15/03/2020 06:17, Victor Sudakov wrote:
> Michael Howard via freebsd-questions wrote:
>>>>>> Do you think there exists a modern solution for centralized user/group/...
>>>>>> management compatible with FreeBSD and Linux?
>>>>> I think the best combination is probably a Windows AD setup, with
>>>>> FreeBSD/Linux clients attaching to it. (Although I still do external DNS
>>>>> importing the AD objects into it, really can't stand windows DNS).
>>>>> This does work really seamless, the GUI tools are well utilized.
>>>>> It really gets you the hard part (LDAP, Kerberos) in a pretty easy to
>>>>> use package. I don't know how many hours I've spent on OpenLDAP
>>>>> getting it to work with things, and management packages for OpenLDAP
>>>>> are pretty sucky overall.
>>>> I agree here with Doug, as strange as it sounds, Samba is your best bet.
>>>> When you provision your domain you shall enable the POSIX extensions. It
>>>> will create all GECOS stuff. pam_winbind is also nice.
>>> So pam_winbind it is, if you want to use AD for user/group management?
>>> Does winbindd not crash any more under FreeBSD?
>>> Do you need to also enable winbind somehow in nsswitch.conf?
>>>> One must simply admit that Active Directory is a wellthought system not
>>>> just for Unix. You may join your machines either with Samba, more easily
>>>> with msktutil (disclainer, I am a maintainer) with works flawlessly on
>>>> FreeBSD.
>>> I'll certainly look at it if I have to integrate FreeBSD into Windows AD.
>>> However first I'd like to find a free, open source solution for a
>>> Unix-only office. Hope it will not eventually come to buying a Windows
>>> server to manage Linux and FreeBSD workstations.
>> Samba is free and open source. Absolutely no need to buy MS Windows.
> What do you mean by "Samba" in this context? A centralized user/group
> management server? A centralized user/group management client?
Both of course. One without the other is not much use in your context.

You still leave yourself at the mercy of one of your original issues 
with NIS and that is you need the server available over the network. I 
doubt you'll find any system _without_ drawbacks but Samba is good and 
free. It can be managed through a MS gui, albeit from a MS Windows based 
PC and has a very large user base.

Want to link to this message? Use this URL: <>