From owner-freebsd-questions@freebsd.org Fri Mar 13 15:06:46 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E72F7262707 for ; Fri, 13 Mar 2020 15:06:46 +0000 (UTC) (envelope-from 1983-01-06@gmx.net) Received: from mout.gmx.net (mout.gmx.net [212.227.17.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass Class 2 CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48f8DN3qQtz4sw4 for ; Fri, 13 Mar 2020 15:06:43 +0000 (UTC) (envelope-from 1983-01-06@gmx.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1584112001; bh=Hc4CozfLiJJi89HY+C7D7vA3D53vLnCjCmVIi+UlWT0=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=IbHTINUVd4K4h2VoraQ2JKroG/y1WZY0uX91hdGnSlVbJYer4esZl+Y6tv64nQ/ZA V/liERjK81HT0MKr9ZRH+yV+C7QpHJQOz2hf8vrFGOqUok1oC4Z9Qk/YpaUA2e/95G qTfN4SHO454cLy+fEDeiBP9eMaKFl8E53NcLrpmE= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.1.13] ([84.143.145.83]) by mail.gmx.com (mrgmx104 [212.227.17.168]) with ESMTPSA (Nemesis) id 1M7b6b-1jFpEq1hYz-0083Vr for ; Fri, 13 Mar 2020 16:06:41 +0100 Subject: Re: Centralized user/group/whatever management To: freebsd-questions@freebsd.org References: <20200313091923.GA98495@admin.sibptus.ru> <20200313143130.GA68871@geeks.org> From: Michael Osipov <1983-01-06@gmx.net> Message-ID: <96ed1afa-e0e1-51a2-997b-e95097a1d0b4@gmx.net> Date: Fri, 13 Mar 2020 16:06:37 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20200313143130.GA68871@geeks.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:3ilhpq9tijnCiJ6TohpTDOy8ypxFhIaAdAoAVcFmmmL4cwChVKD Rt/wCerhRKnPPSXJLCLrNMNt+2MpCxVk1xhHXfpxQ1ZmKCKAE2Vze7naBp+lJJRPpHNGJH0 acMJ3PMVgzLaZ6RLHhxOdl7GK7O9UvEuJ054XGd/VUdRUt/xvw7se3sDvT4+YEA6mPsgvty 03mJWcfuJGRYMqYQtMc2w== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:BHCmoQHECdQ=:6f2Ffwy3TVUixxCsJYWz6E sp9jZu3q+K9O5j2jggpfnyjJCP1H7oiWLPQMelpkY+fqCyYeJh062AC+YPetWFpMH5ZiHe8XG dafbdt/2uUxFXr0tHLKJlHALaaLrtBV6vy8dCZLRX9dTllC7NC/P9NLcJcX0piq5XdtVXWuAc xYXyg/ltnJ2ZAyCKTqhXXc0rxlZjJt8PoCxc8BhXVRupHzJl+1pEmAJa9XKkQ5ZuOtHojQLaB vA0h5xK32W5VfMURLrGo7xluRPQ9nfYz6NWrCeAnGG+YJdvCaHbGrsLNobadjE6rryDORrZjp hMLVLeXT4O/B0q5Zo040r1GNi3BCfjvmeVVq6aXxEmCOoWXmpy0FVvaOTwAqqo3c8JRSvHRY+ MzJXd+ZLqFyEivr7yHDtPgpiIfpx3jNpFPM96MsKxmI7S1wePfGeZiip9JRNSEUgiOsPlBdEb DVWfpIRvndLJaXYTLAFcPvvkmbJp67BxqFShvVn+7Ew+mIbwvOFCvpc2F2cSzLkcgcdjzOMbS QWUYpGQF4xE7huOU29uI4c8wOU5rjBPRxwd7REg8AXo7oO7B7qP5vHjwtUeVm5p+PYP3AHraD /L93qpDsTwWlZPKDUBkJjZvGUuNYDS3DI/DsMLt5YY6H8XigO2ctbhsOnxo7nYluX0cS9iOuZ ePvbou5RH+Eg1+WY2nUYHwrJtaBWR8tmkbzUdUR8XN8A84ZwUsqXfpUre2LRzMVvgYXOqjpr9 l+LrBPxMN/11ZIvVLoGVzzUqiYkX5CHwcI6XpxHkLQhc2wTop4Pnx3niGse1Zs+LXpvjdsPn8 Wxho20mizM7rV331dZQfeyGz+puE256vorY3ChtIPTnKYOJbkZPEDhnIpDTBjCKtVFHjDvg/+ afHbdqHAHLtyq4a12ixgFX17g+g69uVkx7LfEIsDHlKi4EUC1b44GUJP7ltinHEZmTff7fTpv WmkuwDyCJpUxxC6RNocOavjgv2vjiZCx+y3XI3GbQndMtq2Kb1TfcKbwF6nIInDDDMu7jONn2 YhSA9UKsrPCk2PNllHg7VoYf/94iKwcLw31PigXzUMF0ZJr3aYADHD5+nln0aKxkYf/LvLuFy w7jNLBzaE5/WKaQ7fvuqkGYN9rAzvYq2lsaYQGcwxbn+ktaUNZc9l3Hq8SzwwnfqJCRez5K+6 Y+weeodHwJ2DQUBkCQWVtpZuzxqSMEXku0TqPzBVC5Aa+2p0jEpFQjAWYxrYsdrbi+5VUh5xT LPl8rGhryEh9fpaCC X-Rspamd-Queue-Id: 48f8DN3qQtz4sw4 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmx.net header.s=badeba3b8450 header.b=IbHTINUV; dmarc=none; spf=pass (mx1.freebsd.org: domain of 1983-01-06@gmx.net designates 212.227.17.22 as permitted sender) smtp.mailfrom=1983-01-06@gmx.net X-Spamd-Result: default: False [-2.29 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:212.227.17.0/27]; FREEMAIL_FROM(0.00)[gmx.net]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmx.net:+]; RECEIVED_SPAMHAUS_PBL(0.00)[83.145.143.84.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; RCVD_IN_DNSWL_LOW(-0.10)[22.17.227.212.list.dnswl.org : 127.0.3.1]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmx.net.dwl.dnswl.org : 127.0.3.0]; ARC_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmx.net]; R_DKIM_ALLOW(-0.20)[gmx.net:s=badeba3b8450]; NEURAL_HAM_MEDIUM(-0.69)[-0.688,0]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; DMARC_NA(0.00)[gmx.net]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.00)[ip: (-6.05), ipnet: 212.227.0.0/16(-1.13), asn: 8560(2.17), country: DE(-0.02)]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Mar 2020 15:06:47 -0000 Am 2020-03-13 um 15:31 schrieb Doug McIntyre: > On Fri, Mar 13, 2020 at 04:19:23PM +0700, Victor Sudakov wrote: >> Do you think there exists a modern solution for centralized user/group/= ... >> management compatible with FreeBSD and Linux? > > I think the best combination is probably a Windows AD setup, with > FreeBSD/Linux clients attaching to it. (Although I still do external DNS > importing the AD objects into it, really can't stand windows DNS). > > This does work really seamless, the GUI tools are well utilized. > > It really gets you the hard part (LDAP, Kerberos) in a pretty easy to > use package. I don't know how many hours I've spent on OpenLDAP > getting it to work with things, and management packages for OpenLDAP > are pretty sucky overall. I agree here with Doug, as strange as it sounds, Samba is your best bet. When you provision your domain you shall enable the POSIX extensions. It will create all GECOS stuff. pam_winbind is also nice. One must simply admit that Active Directory is a wellthought system not just for Unix. You may join your machines either with Samba, more easily with msktutil (disclainer, I am a maintainer) with works flawlessly on FreeBSD. Michael