Stay with AD? why can't you use a legacy unix app? (Score 1)

Hello all At our company we have a big AD domain with 35 domain controllers. When AD was introduced we had o disable our unix dns server because windows comes with everything in it. So yes we build a few data centers with AD. Now we are also running a few hundred linux systems for SAP. We had to connect to AD because we already have that. So we were connecting our systems to AD with winbind and now it seems wibindd can't handle the load. People can't login so we have to trouble shoot that.When asking our AD guru's the only answer you get is everything is working fine ;()())&@%$#... Now we are going to only use the kerberos stack from AD in the AD domain, and authorizations will be done in our own directory. For other environments where we haven't got AD we are going to use our own kerberos/directory domain. The next step will be a solution like freeipa because why shouldn't we use our own native authentication services. Radius and LDAP have been used for years and are proven technology's. Kerberos can be used for authentication and bind 9.5 also supports gssapi to do ddns updates. So disable those windows ddns and stay at the save side before you can't disconnect your systems from AD because it is the defacto non standard. Use open software for your open servers. And let windows use their own directory services. Also you can use windows password sync for project 389 if you wanna have password synchronization. People before you know you can't get rid of AD anymore and you are forced to buy MS products. Check out zimbra for email and use apache for web aplications it's not hard and the performance is great. A unix researcher;)