Samba/Samba-TNG and LDAP/PDC State?

Doug Douglass samba at denverdata.com
Thu Nov 29 09:44:02 GMT 2001 

Michael,

I'll take a first stab at answering some of your questions.

As a frame of reference, we maintain all unix user/group, and samba domain
info in OpenLDAP 2.x on RH 7.1, using Samba 2.2.1a + LDAP support as PDC.
All Windows clients are domain members and are some version of 2000 (SP2,
Server). Plus we have a couple samba domain members. All authentication is
done against ldap. We are a smal network.

>
>    - PDC functionality

Samba works great. Samba-TNG works, but I believe the intent with TNG was to
prove the technology not produce a production system.

>    - Replication of SAM database/SID from PDC to BDC

Based on comments from this list, Samba does not properly act as a BDC.

>    - login script support/replication

Samba and TNG should both work fine

>    - Supports trust relationships between domains (NT or samba)

Based on comments from this list, Samba does support domain trusts

>    - Supports global and local groups

Samba supports two domain groups: Domain Admins, and Domain Users. From
having read the TNG docs over time, I believe it supports the full set of
domain groups.

>    - Ability to add and remove machine from the domain

Samba and TNG both do this (must do this for PDC support)

>    - Store SAM database/SID in LDAP?

Samba 2.2.2 has broken LDAP support. We use Samba 2.2.1a from
http://sking.mesd.k12.or.us/ at our site with good results. Note that this
implementation only looks to LDAP for sambaAccount objects.

TNG provides broader LDAP support for domain accounts, domain groups (more?)

>    - Wins server capability

Samba works well. Don't know about TNG.

>    - Able to to support roaming profiles

Samba works well. Don't know about TNG.

>    - Will allow all avaliable versions of windows to join/access the
>      domain.

Read the list. It seems many people have many problems with adding machines
with various Windows OS to a Samba domain. I have not had any difficulty
with 2K, so I leave it to yourself and others to judge.

>
> What is my best choice.. Samba or Samba-TNG?
>

One alternative I have heard suggested is combining the two, leveraging the
strengths of each: TNG for PDC (account and group management,
authentication) and Samba for file/print sharing.

HTH,
Doug

More information about the samba-ntdom mailing list