Joining Ubuntu Server 17.04 to Windows AD: Likewise vs Centrify vs Winbind vs SSSD

sssd winbind likewise-open

I have quite a few Ubuntu Server 17.04 hosts that must be joined to an existing Windows AD domain (Windows Server 2016). I've never done it before, but I'm aware about several ways to achieve this, such as: Likewise, Centrify, SSSD and Winbind.

Could you share your general experience and tell how reliable, easy to configure / maintain are each of these solutions?

Would be also great if you can share any links to the up-to-date articles/manuals that cover this topic as I can only find a couple of 3 to 5-year-old ones and they don't really work as expected.

Thank you so much for assistance!


Solution 1:

I've actually used Centrify commercial version and can totally recommend it. However, it's not worth buying the full version for a pair of Linux hosts, really.

Winbind is a good free alternative though. Here's an updated guidance on how to deploy and configure it: https://www.starwindsoftware.com/blog/ubuntu-join-a-server-to-an-active-directory-domain

Solution 2:

Sssd was pretty simple on Ubuntu. I followed the docs on their site https://help.ubuntu.com/lts/serverguide/sssd-ad.html and it worked perfectly. I liked that it was very simple to implement and there were no changes required to the DCs.

Solution 3:

I would second Mr. Raspberry's comment that Centrify is a good option for joining linux/unix hosts to an AD domain.

In my opinion, Centrify has a few advantages over SSSD.

  • Its easy to implement and maintain and not just for a few systems (like SSSD 30 machine limit), but enterprise wide as well.

  • It works on well on complex systems that are not your basic vanilla setup (ie. multi-forest, one-way trusts, read only domain controllers (RODC), etc)

  • It works on multiple OS types (Mac OSX, Linux, Unix and Windows)

  • It has also been around for awhile (10+ years), so it has been tried and tested

  • Centrify covers the classic "Triple A's" of secure Access Control; Authentication, Authorization and Auditing, instead of just authentication with SSSD.

  • Centrify addresses the issue with Linux environments that have complex UID namespaces.

  • There is also have a free version, Centrify Express, that has most of the same functionality as the paid version.

http://blog.centrify.com/centrify-vs-sssd-for-integrating-linux-with-active-directory/

Related

A few websites are not reachable using Linux gateway
Can a developer change the minimum payment threshold?
How to transfer voice memo with their titles?
Restarting or resetting diplay and/or GPU without logging out or rebooting?
Suspended (tty output) when launching editors like vim, vi, emacs, or nano
Where can I purchase Female Thunderbolt to HDMI cable?
Can't restore iPhone 6S to latest iPhone 5 backup
Acceptable CPU usage for 4 core 3.4gHz i7
OS X - how to check if installer is signed
Where are iOS updates in El Capitan located on Mac
How to order and merge many .ts files?
How can I move my notes from one folder (gmail) to another (iCloud)?