Hi.
We're planning on using netgroups to control user access to the different servers within our organization, and the netgroups will be populated based on group memberships on the AD-side (we'll use WindowsSync to sync groups from AD to DS). The basic idea is this:
We're planning on using netgroups to control user access to the different servers within our organization, and the netgroups will be populated based on group memberships on the AD-side (we'll use WindowsSync to sync groups from AD to DS). The basic idea is this:
- Sync AD-group entry "group1" over to DS-group entry "group1". This is done automatically with WindowsSync.
- Populate netgroup entry "netgroup1" based on DS-group entry "group1". Alternately, add "netGroup" object class to DS-group entry.
- Configure clients to use netgroup based authentication.
A script will be created to manage netgroup membership dynamically, but creation of netgroups will probably be done manually.
Anyway, we need to decide on whether to have a separate netgroup entry and populate netgroup attributes here, or if we should simply add netgroup attributes to the DS-group itself. I believe that both options will work just fine, but would like to hear from others who may have implemented a similar scheme. Maybe there are some pitfalls that we should be aware of.
Regards,
Kenneth Holter
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
