F&P Proof Of Concept

Andrew Bartlett abartlet at samba.org
Fri Jul 18 23:48:53 GMT 2003 

On Thu, Jul 17, 2003 at 11:00:00PM -0400, Matthew Carpenter wrote:
> I am in need of help and direction, please.
> 
> I work for a multi-billion dollar international organization currently using
> Novell technology for F&P/Directory/etc...
> A project has just arisen to develop several potential replacement proofs of
> concept.  Several solutions are being evaluated, including:
> *	Microsoft CIFS
> *	Some NAS device using AD or eDirectory
> *	Linux/Samba
> 
> I was chosen as part of the Linux/Samba team and I'd like to make sure our POC
> solution does the technology justice.  I am a firm Open Source evangelist, so
> my reasons are many and varied.
> 
> The solution which seems most palatible is Distributed Samba, using a central
> directory for administration of authentication and rights.  While I would
> ordinarily choose OpenLDAP, the company has a strong push for AD and a large
> dependence upon eDirectory currently, so we would like to use one of these
> directory services for said administration.
> 
> I know that there has been a bit of work in the past to make Samba do
> authentication against LDAP, and even act as a member server in a AD (as well
> as a great deal of NT Domain support).  The last time I used Samba in this
> fashion, I recall there were several limitations, which required
> system-administration on each server.  

This being Linux, this just means that you need to do a bit more devlopment
of certain componets, or scripting to write config files out of LDAP.

I've been pushing my site towards using LDAP to store everything, and have
been supprised ath the number of projects like LDAP/DNS gateways, DHCP backed
by DNS and other intergration tools.

> What progress (or near-term progress) has been completed with integration and
> administration against LDAP, AD, or the combination of the two?  
> What is the best direction you see for our solution to compete effectively
> against AD/M$?

This is a very vauge question, which is why nobody has had the time to give you
a decent answer.  Our LDAP intergartion is good - but could always be better.

There is research-stage work being done on becoming an active directory DC,
but this is not something we can suggest you rely on for some time yet.

There is also some commerical research in this area, which looks very
promising.

Our AD domain member support is getting pretty good - but it's not things
like group policies, just how to authenticate a user.

eDirectory is an interesting game - eDirectory has a lot to gain from good 
Samba intergartion, but I've not heard anything from them, and the best
that we do at the moment is use them as an LDAP server, with no intergration
into the single password change etc.

Andrew Bartlett

More information about the samba-technical mailing list