directory services and interoperability
play

Directory Services and Interoperability A short chronicle of FAIL! - PowerPoint PPT Presentation

Feb 16, 2024 •107 likes •280 views

Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team / Red Hat, Inc. Directory Services Centralize: management of users management of machines control of security settings configuration management

  1. Directory Services and Interoperability A short chronicle of FAIL! :-) Simo Sorce Samba Team / Red Hat, Inc.

  2. Directory Services Centralize: management of users management of machines control of security settings configuration management

  3. Windows – Active Directory Good LDAP/Kerberos integration Excellent support for Windows machines Support for Linux/Unix machines Good configuration management for Windows machines (Group Policies)

  4. Linux / Unix Good LDAP and Kerberos implementations but integration left to end-users * Good support for Linux / Unix machines No real support for Windows clients No integrated configuration management but there are excellent solutions like Puppet *FreeIPA is Red Hat attempt to fix this

  5. Problems Ownership of the Directory/Data Semantics mismatches between OSs. Custom Extensions/Data Configuration management for different OSs.

  6. What is FreeIPA ? Why FreeIPA ? IPA – Identity, Policy, Audit FreeIPA is an integrated security information management solution combining 389 DS, MIT Kerberos, NTP, ISC Bind. It is managed through a web interface and command line tools.

  7. What is FreeIPA ? Currently supports users and credentials synchronization with AD domains through the DS winsync/passsync plugins. Samba Integration is the next target.

  8. Integration Strategies Users replicated between AD and other LDAP Samba4 on top of your LDAP Server Trust relationship between AD and integrated LDAP/Kerberos/Samba solution

  9. Replicating identities Synchronization issues: - out of sync trees - conflicts - single point of failure Groups? - I want my own! - Nested Groups ? - Foreign Groups ? Authentication? - password synchronization - no Single-Sign-On

  10. Samba-AD on pre-existing Directory

  11. Trust relationship diagram KDC, REALM.A KDC, REALM.B 5 1 2 4 3 user@REALM.A CIFS/SRV@REALM.B

  12. What kind of trust ? Simple AD-MIT Kerberos trust Full External/Forest level trust

  13. Required protocols for full AD trust DNS KRB5 (+MS-PAC) NETLOGON LSARPC CLDAP(?)

  14. What would it look like ? DNS Data DNS Updates LDAP KDC Users/Machines/Trust PAC Generation/Validation Credentials SAMBA AD NETLOGON / LSA

  15. Problems ? Foreign domain users/groups Custom groups to manage foreign users PAC for Unix/Linux users that want to access Windows Resources

  16. Questions ? * Picture by user sfllaw from flickr, Creative Common Sharealike license

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Roadmap for Section C.1 Windows Services for UNIX 3.5 NFS client/server Lightweight Directory

Roadmap for Section C.1 Windows Services for UNIX 3.5 NFS client/server Lightweight Directory

Unit OS C: Interoperability C.1. File and Command Interoperability Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section C.1 Windows Services for UNIX 3.5 NFS client/server

381 views • 17 slides
Interoperability in Ten Minutes What is interoperability? How do we achieve interoperability How

Interoperability in Ten Minutes What is interoperability? How do we achieve interoperability How

Interoperability in Ten Minutes What is interoperability? How do we achieve interoperability How can TEI support interoperability? Wendell Piez Interedition Think Tank Wrzburg, Lower Franconia October 12, 2011 Costs and Benefits of

982 views • 5 slides
Directory Services Landscape Services, Technologies, Protocols, Products, and the Medium Mohsen

Directory Services Landscape Services, Technologies, Protocols, Products, and the Medium Mohsen

Directory Services Landscape Services, Technologies, Protocols, Products, and the Medium Mohsen Banan <public@mohsen.banan.1.byname.net> 07/08/2000 1 Outline Directory Concepts X.500 & OSI Directory X.509 & PKI

666 views • 50 slides
Chapter 9: Name Services 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory

Chapter 9: Name Services 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory

Chapter 9: Name Services 9.1 Introduction 9.2 Name services and the DNS 9.3 Directory services 9.6 Summary Learning objectives To understand the need for naming systems in distributed systems To be familiar with the design

682 views • 20 slides
Interoperability of retail DFS What is Interoperability? DFS interoperability models

Interoperability of retail DFS What is Interoperability? DFS interoperability models

Interoperability of retail DFS What is Interoperability? DFS interoperability models The essentials of interoperability State of retail DFS interoperability in Malawi Benefits of interoperability Challenges of

257 views • 10 slides
WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

WHAT IS THE SERVICE DIRECTORY? USING THE DIRECTORY Simple format- search by Service Name (if

A one-stop shop , district and borough-wide register of local services , events and other assets Professional directory- the information on it is not made available to the wider public. Users can see at a glance what the service can do

294 views • 11 slides
Directories and directory implementation Introduction to directory implementation and the art of

Directories and directory implementation Introduction to directory implementation and the art of

Directories and directory implementation Introduction to directory implementation and the art of attributes Miroslav Milinovic, University Computing Centre, University of Zagreb Jasmina Hodzic, Center for Information Technology Services,

1.65k views • 20 slides
Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory

Active Directory By: Kishor Datar 10/25/2007 What is a directory service? Directory Collection of related objects Files, Printers, Fax servers etc. Directory Service Information needed to use and manage the objects. Source

438 views • 27 slides
Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and

Directory Services A service that stores collections of bindings between names and attributes, and looks up entries that match attribute-based specifications (e.g., Microsoft's Active Directory Service, X.500 and LDAP) Case Study - X.500

515 views • 12 slides
Directory Services Status Update (including ARP Op:miza:on) Donald Eastlake, Li Yizhou (Huawei)

Directory Services Status Update (including ARP Op:miza:on) Donald Eastlake, Li Yizhou (Huawei)

Directory Services Status Update (including ARP Op:miza:on) Donald Eastlake, Li Yizhou (Huawei) d3e3e3@gmail.com liyizhou@huawei.com July 2016 TRILL WG 1 Directory Services Related Dra>s In RFC Editors queue

437 views • 11 slides
Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr

Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr

Next Generation Next Generation gTLD Dir gTLD Directory Services ectory Services Pr Presentation by the esentation by the Expert W Expert Working Gr orking Group (EWG) oup (EWG) Next Generation gTLD Directory Services

569 views • 15 slides
Video Services Forum Over 20 years of Innovation and Interoperability Develops and promotes

Video Services Forum Over 20 years of Innovation and Interoperability Develops and promotes

Video Services Forum Over 20 years of Innovation and Interoperability Develops and promotes media networking specifications Supports multi-vendor interoperability tests and pre-staging events with personnel, facilities and funding

339 views • 4 slides
Interoperability in Geospatial Web Services Jeff de La Beaujardire, PhD NASA Geospatial

Interoperability in Geospatial Web Services Jeff de La Beaujardire, PhD NASA Geospatial

Geospatial Interoperability Office Interoperability in Geospatial Web Services Jeff de La Beaujardire, PhD NASA Geospatial Interoperability Office Editor, WMS 1.1 Specification jeff2002@sunrise.gsfc.nasa.gov +1 301-286-1569 Geospatial

580 views • 23 slides
Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core

Stash Directory: A Scalable Directory for Many-Core Coherence Socrates Demetriades and Sangyeun Cho 20 th Interna+onal Symposium On High Performance

782 views • 31 slides
Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory

Integration with Active Directory Jeremy Allison Samba Team Benefits of using Active Directory Unlike the earlier Microsoft Windows NT 4.x Domain directory service which used proprietary DCE/RPC calls, Active Directory is based on standard

557 views • 27 slides
Infrastructure Systems Fred Seaton, Sr. UNIX Administrator SERVICES PROVIDED

Infrastructure Systems Fred Seaton, Sr. UNIX Administrator SERVICES PROVIDED

Infrastructure Systems Fred Seaton, Sr. UNIX Administrator SERVICES PROVIDED Infrastructure: VMWare, UNIX, Windows, and Mac servers Authentication Services: CAS , LDAP, Active Directory, Open Directory Email Services:

128 views • 8 slides
CS 839: Design the Next-Generation Database Lecture 1: Introduction Xiangyao Yu 1/21/2020 Who

CS 839: Design the Next-Generation Database Lecture 1: Introduction Xiangyao Yu 1/21/2020 Who

CS 839: Design the Next-Generation Database Lecture 1: Introduction Xiangyao Yu 1/21/2020 Who am I? Xiangyao Yu Pronounced like Shiang-Yao Yu. Assistant Professor in Computer Science PhD (in computer architecture) and postdoc (in

919 views • 32 slides
1 Device I/O Port Locations on PCs (partial) Polling Computer system determines state of

1 Device I/O Port Locations on PCs (partial) Polling Computer system determines state of

Outline CMSC 421 Section 0202 I/O Hardware Application I/O Interface Kernel I/O Subsystem Transforming I/O Requests to Hardware Operations Streams Performance I/O Systems Chapter 13: I/O Systems Silberschatz, Galvin and

336 views • 8 slides
Operating Systems Spring 2003 Ittai Abraham Zinovi Rabinovich The School of Computer Science

Operating Systems Spring 2003 Ittai Abraham Zinovi Rabinovich The School of Computer Science

Operating Systems Spring 2003 Ittai Abraham Zinovi Rabinovich The School of Computer Science and Engineering The Hebrew University of Jerusalem Operating Systems p.1 Course Information Lecturer: Gregory (Grisha) Chockler

738 views • 41 slides
I/O / Filesystems 1 1 last time when LRU fails special-case for single-access fjle data

I/O / Filesystems 1 1 last time when LRU fails special-case for single-access fjle data

I/O / Filesystems 1 1 last time when LRU fails special-case for single-access fjle data readahead handle scans by predicting reads device driver halfs top: from system call, use bufger, request data, wait for data bottom: from interrupt,

1.13k views • 84 slides
Ext3/4 file systems Don Porter CSE 506 Ext2 review Very reliable, best-of-breed

Ext3/4 file systems Don Porter CSE 506 Ext2 review Very reliable, best-of-breed

Ext3/4 file systems Don Porter CSE 506 Ext2 review Very reliable, best-of-breed traditional file system design Much like the JOS file system you are building now Fixed location super blocks A few direct blocks in

515 views • 32 slides
The File/Directory Abstraction: Working with files Prof. Patrick G. Bridges 1 University of New

The File/Directory Abstraction: Working with files Prof. Patrick G. Bridges 1 University of New

University of New Mexico The File/Directory Abstraction: Working with files Prof. Patrick G. Bridges 1 University of New Mexico Persistent Storage Keep a data intact even if there is a power loss. Hard disk drive Solid-state

509 views • 18 slides
Dealing with le systems COMMAN D LIN E AUTOMATION IN P YTH ON Noah Gift Lecturer,

Dealing with le systems COMMAN D LIN E AUTOMATION IN P YTH ON Noah Gift Lecturer,

Dealing with le systems COMMAN D LIN E AUTOMATION IN P YTH ON Noah Gift Lecturer, Northwestern & UC Davis & UC Berkeley | Founder, Pragmatic AI Labs Computer User log les build artifacts directory trees structured data

555 views • 32 slides
File system exploration Its not unusual for a bash script to search a directory tree To

File system exploration Its not unusual for a bash script to search a directory tree To

File system exploration Its not unusual for a bash script to search a directory tree To do so, it needs to be able to check that a directory is actually accessible, look at its contents, distinguish between files and directories, call

222 views • 4 slides

More recommend