Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Product Review: Symark PowerADvantage 1.5

Symark's Symark PowerADvantage allows Unix hosts to become member servers of an AD forest and leverage AD's centralized user management and authentication capabilities.



Symark PowerADvantage 1.5

Price: $290 per Unix/Linux server, $45 per workstation

Centralized directory services such as Active Directory are key to identity management initiatives, but one of the stumbling points has been integrating non-Microsoft platforms into the authentication infrastructure. Symark PowerADvantage eases integration of Unix/Linux and AD authentication.


Platform Coverage B+  

PowerADvantage allows Unix hosts to become member servers of an AD forest and leverage AD's centralized user management and authentication capabilities.

All major enterprise Unix and Linux platforms are supported. Other Linux platforms such as Fedora are likely to work, provided they have relatively modern Kerberos and LDAP implementations.


Installation/Configuration A  

Installation consists of a Windows-based service on the AD domain controllers and an agent with associated libraries on the managed Unix/Linux hosts. The Windows components do not require the schema to be modified, but do create some Symark-specific objects within AD.

Installation is a breeze: a straightforward MSI install on Windows and a tarball under Unix, which includes a text-based install script that walks you through the setup.

Normally, setting up Kerberos/LDAP on Unix hosts can be tricky, since each platform implements the protocols slightly differently with different flavors and locations of configuration files. Symark addresses this, abstracting Keberos/LDAP protocol implementation quirks on many Unix implementations, easing the headaches of configuring protocols on a given platform.



Management B  

PowerADvantage adds a tab to the standard Properties screen of both AD User and Group objects, which allows access to all the PowerADvantage-specific attributes required to get the users authenticating on the Unix hosts. It can be managed from the Unix or the Windows side.

Our testing focused on managing from AD. Power-ADvantage uses the concept of contexts to manage Unix hosts with the same login configurations (username, primary group, home directory and shell). Contexts are mainly used to compartmentalize unique user and group attributes.

Once the contexts are created, admins can add users and groups from AD to the Unix hosts and use them to secure file system data as if they were local user accounts. PowerADvantage gives you the ability to map existing user/group IDs to AD accounts and import existing local Unix accounts to AD.

There are some rough spots, mainly around integrating smoothly with the Active Directory MMC console. For example, we found ourselves jumping back and forth between Symark's management console and the Active Directory Users and Computers MMC.

Unix GPO support is limited to managing various PowerADvantage settings on the hosts that will be authenticating against AD. A successful large-scale integration depends on other related components functioning properly (e.g., Kerberos auth will fail if KDC DNS entries are incorrect or if system time skew is too great), so it would be great to be able to centrally manage DNS and NTP settings on the Unix hosts.

PowerADvantage provides basic reporting that can keep the administrator informed on day-to-day activity.



Symark does a great job streamlining a lot of underlying complexity and will get you rapidly standardized on AD. After our testing was completed, Symark was close to a new release that includes improved SSO for Kerberized applications and better GPO support.


Testing methodology: We installed the PowerADvantage Windows components on a Windows 2003 SP2 domain controller running in Windows 2003 Native Mode, and agents on Unix clients.



Article 10 of 15

Dig Deeper on Active Directory security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All