Samba/Samba-TNG and LDAP/PDC State?

Buchan Milne bgmilne at
Fri Nov 30 02:11:13 GMT 2001

Most of your questions have been answered, I just have one or two comments:

>Message: 13
>Date: Thu, 29 Nov 2001 10:34:23 -0500 (EST)
>From: Michael Cunningham <archive at>
>To: samba-ntdom at
>Subject: Samba/Samba-TNG and LDAP/PDC State?
>I am working on converting my entire company over 
>to using LDAP for all system authentication and information
>storage such as address info..etc. The unix portion 
>of the new system is working well. I now need to figure 
>out what is the best solution for our windows community. 
>It consists of 400+ win95/98/ME/NT 4.0 and most likely soon.. 
>Windows XP. Their are many domains throughout the company
>and no real standards. We plan on putting all systems in
>one or two main domains and implementing many corporate standards. 
>In order to accomplish this.. I would like to use Samba/Samba-TNG
>to authenticate everything off our LDAP system and have the capability to 
>do the following.. (according to my PC guys... I am a Unix guy)
>   - PDC functionality
>   - Replication of SAM database/SID from PDC to BDC
Why do you need a BDC? BDC's are only required for systems where you 
expect the PDC to go down. There are also other means of accomplishing 
failover PDC functionality.

>   - login script support/replication
>   - Supports trust relationships between domains (NT or samba)
Samba does not support trust relationships yet. But if you keep 
smbpasswd's in LDAP, you can have trust-relationship-like functionality 
between samba servers.

>   - Supports global and local groups
Not for clients, but if you can store all files on samba servers, unix 
groups are available.

>   - Ability to add and remove machine from the domain
samba-2.2.2 supports WinXP. Not sure about TNG

>   - Store SAM database/SID in LDAP?
There are patches for samba-2.2.2 that do this, don't have  a link hany 
now, but it should be in the archives.

>   - Wins server capability
>   - Able to to support roaming profiles
>   - Will allow all avaliable versions of windows to join/access the
>     domain. 
>What is my best choice.. Samba or Samba-TNG? 
>I have done a ton of reading about both products but nothing seems to 
>compare and contrast them. Any infomation you can offer will help
>make this critical crossroad decision. 
The other thing is that samba suports ACLs on ACL capable filesystems 
(notably XFS, or ext with patches), which TNG does not. This should be a 
further concern or your pc guys.

|----------------Registered Linux User #182071-----------------|
Buchan Milne                Mechanical Engineer, Network Manager
Cellphone * Work       +27 82 472 2231 * +27 21 808 2497 ext 202
Stellenbosch Automotive Engineering

More information about the samba-ntdom mailing list