Need simple NDS/AD alternative; moving to RH7.3 2

[snaildarter]

Wonderful Forum Ya'll've got here,

I am migrating our small business (20 employees) from Novell 4.2 (and GroupWise) to Red Hat 7.3 (provided that I can make it work, cheaply). As you can guess, our needs are minimal. Just one real server. We need file serving, security on those files (replace NDS), and an Instant Messaging Server (replace GroupWise, only needed on LAN).

I am much more familiar with W2kAD and NDS than Linux, generally. My question is:

What would best replace NDS and GroupWise, given our simple needs (and small budget)? I would like it to be directory based.

With my minimal Linux experience, it seems that I can maybe get this done with OpenLDAP, SAMBA, PAM, and some kind of IM server that allows authentication through OpenLDAP (aiming for the one-logon thing). I would GREATLY appreciate anyone's suggestions and opinions.

If you think that I shouldn't bother with LDAP, please let me know that as well. It's just that I am familiar with that type of system.

Thank you

 

[marsd]

LDAP is your best bet, not so simple to put together
in the way you might envision though..remember Novell
put it's best minds into nds. An admin implemented ldap
system will leave a lot to be desired.
Kerberos is another alternative., or ldap in conjunction
with kerberos.

 

[josepablomir]

Are you sure you want to replace Netware and GroupWise for Open Source because of the money?
Is $ 1250 too much investment for up-to-date strong and reliable platform, with easy upgrade/migration from Netware 4.2? Because this is the price of Novell 6 Small Business with 25 client (Netware 6, GroupWise 6, Border manager 6, ZENworks, VPN, and more).
I know open source is great, many times I recommend and install it for many customers, but to migrate a small platform because of $$$ is, in the case of Novell, not a very savvy option.

Regards,
_________________
Jose P. Mir
jpm@jpmir.net

 

[marsd]

Well, I can think of several things to say about that..

Strong and reliable?
Caveat Emptor. I have administered a primarily netware
served LAN and moved all of the internet services, including mail, from netware gear onto linux. Why? Because of the many thousands of issues with novell's tcp/ip, NAT, DNS and bordermanager.

Netware is easy to administer and probably better for
someone used to it. I would rather use netware 4.x-5.x
internally for file and db services than most of the similar solutions for linux.
As far as proxy,mail, firewall, etc.. services, Linux
is better and more flexible than any of the offerings
novell proffers.

 

[josepablomir]

Mr. "marsd" is right. Linux is more flexible, but remember that the needs here seem to be to upgrade an existing Netware platform, with budget and administrator’s experience (more related to Netware and GroupWise) as important issues.
I suggest you, snaildarter, to take a closer look at Novell's site, and give a good analysis to your present corporate needs, as well as those needs in the near and medium future.

Regards,

_________________
Jose P. Mir
jpm@jpmir.net

 

[snaildarter]

Firstly, thank you all for your opinions.

Secondly, I am very mad that I wrote about 600 words of reply only moments ago, and then accidentally closed the stupid window before posting. So let me sum up those lost words:

1- Seems like you are saying that there is no good open source alternative to NDS.
2- Marsd, would you mind supporting your statement of "An admin implemented ldap system will leave a lot to be desired"?
3- Also, I thought Kerberos was just a key-based authentication technology, not a directory. Do you just mean that it is a good way to enhance LDAP's security?
4- For about 300 words of reasons that I won't list again, I don't really need Border Manager, ZENworks, VPN, routing, or Internet connectivity. I have those taken care of already.
5- Of course, our clients are mostly Win98 and Win2k.
6- Only real needs are 1-password-logon (bosses really like that), secure IM, and secure file serving.
7- Let me be completely frank: We have a fairly new RAID server in the corner of my office left over from an aborted development project. Our NW4.2 server is getting old and is slow. I would rather put new technology (enter Red Hat 7.3) on the new hardware. If I have to instead put NW4.2 on the new hardware, then, so be it.
8- I would love to use this as a learning opportunity (translate: I don't care about how hard it is to set up, as long as the end result is professional, and I will have learned more about Linux)

Thank you for your excellent input.

 

[snaildarter]

Just thought that I would shake the box one more time to see if anything else falls out, as related to the final points I made.

Again, I sincerely thank you for your input.

 

[marsd]

Let me address your points quickly, I didn't see that you had reposted earlier.

"Seems like you are saying that there is no good open source alternative to NDS."

LDAP is the alternative and it is a good one. I am sure you know that novell bundles an ldap server so nds info can be propagated to non-nds aware platforms.

"Marsd, would you mind supporting your statement of "An admin implemented ldap system will leave a lot to be desired"?"

Okay..not to go into too great detail on this..

Unless you have a tool package that includes a way to
create new users, profiles, and other objects (plus a means to generate and add new ldap objects along with their data structure/definitions), that is relatively decent you
may have a long and thankless task ahead.

"Also, I thought Kerberos was just a key-based authentication technology, not a directory. Do you just mean that it is a good way to enhance LDAP's security?"

It's an ideal way (IMO) of integrating a secure applications environment ala the netware model with
more secure auth than PAM or ldap alone. YMMV.
Win2k took this route with their OD.

"Only real needs are 1-password-logon (bosses really like that), secure IM, and secure file serving."

Here again kerberos seems to be very nearly what you want
as samba can be kerberized. Your IM issues are basically
another tea party altogether. One password logon is a given for most kerberos aware clients. If you don't want to deal
with cifs/smb filesystems there is a decent howto here:

http://www.bayour.com/LDAPv3-HOWTO.html

, that details
using openafs. As a matter of fact that howto is a good
place to start all in all.

HTH

 

[jonconley]

Sorry to bring this one back from the dead, but I am having a similar issue. Would like to migrate from Novell Groupwise to any decent linux mailserver. I haven't seen anything on net for tutorials/programs that can migrate. These users have 8 yrs of mail that they cannot lose. Any idea on a program that will convert them to something for linux, similar to MS Exchange Wizard?

 

[pollux0]

jonconley

i recently switched from MS exchange 2000 to Linux Postfix mail server. Linux proves to be much more reliable and flexible. As for the "8 yrs of mail": Can the users download all their mail to thier mail client instead of keeping it on the server? After they have done that, make the switch. When they are through, put it back on the server. If you need help swithing to Postfix, we can help walk you through.

Linux forever