Samba/Samba-TNG and LDAP/PDC State?

Kervin Pierre kpierre at fit.edu
Thu Nov 29 20:05:02 GMT 2001 

Hi,

Are you using Win2K in "native mode" or the NT4 compartible "mixed mode"?

Can Samba serve as a PDC in a Win2K "native mode" domain?

I am not very familar with Win2K, but I was told that Win2K "native 
mode" does not have a PDC perse but may have multiple PDCs, can Samba 
act has one of those?

I'm trying to integrate Win2K into our ldap/UNIX network.  I'm hoping 
that Samba can be used as a sought of "gateway" or "bridge" by using 
LDAP as it's back-end while supplying authenication services to the 
Win2K domain.

--Kervin


Doug Douglass wrote:

> Michael,
> 
> I'll take a first stab at answering some of your questions.
> 
> As a frame of reference, we maintain all unix user/group, and samba domain
> info in OpenLDAP 2.x on RH 7.1, using Samba 2.2.1a + LDAP support as PDC.
> All Windows clients are domain members and are some version of 2000 (SP2,
> Server). Plus we have a couple samba domain members. All authentication is
> done against ldap. We are a smal network.
> 
> 
>>   - PDC functionality
>>
> 
> Samba works great. Samba-TNG works, but I believe the intent with TNG was to
> prove the technology not produce a production system.
> 
> 
>>   - Replication of SAM database/SID from PDC to BDC
>>
> 
> Based on comments from this list, Samba does not properly act as a BDC.
> 
> 
>>   - login script support/replication
>>
> 
> Samba and TNG should both work fine
> 
> 
>>   - Supports trust relationships between domains (NT or samba)
>>
> 
> Based on comments from this list, Samba does support domain trusts
> 
> 
>>   - Supports global and local groups
>>
> 
> Samba supports two domain groups: Domain Admins, and Domain Users. From
> having read the TNG docs over time, I believe it supports the full set of
> domain groups.
> 
> 
>>   - Ability to add and remove machine from the domain
>>
> 
> Samba and TNG both do this (must do this for PDC support)
> 
> 
>>   - Store SAM database/SID in LDAP?
>>
> 
> Samba 2.2.2 has broken LDAP support. We use Samba 2.2.1a from
> http://sking.mesd.k12.or.us/ at our site with good results. Note that this
> implementation only looks to LDAP for sambaAccount objects.
> 
> TNG provides broader LDAP support for domain accounts, domain groups (more?)
> 
> 
>>   - Wins server capability
>>
> 
> Samba works well. Don't know about TNG.
> 
> 
>>   - Able to to support roaming profiles
>>
> 
> Samba works well. Don't know about TNG.
> 
> 
>>   - Will allow all avaliable versions of windows to join/access the
>>     domain.
>>
> 
> Read the list. It seems many people have many problems with adding machines
> with various Windows OS to a Samba domain. I have not had any difficulty
> with 2K, so I leave it to yourself and others to judge.
> 
> 
>>What is my best choice.. Samba or Samba-TNG?
>>
>>
> 
> One alternative I have heard suggested is combining the two, leveraging the
> strengths of each: TNG for PDC (account and group management,
> authentication) and Samba for file/print sharing.
> 
> HTH,
> Doug
> 
> 
> 
>

More information about the samba-ntdom mailing list