Linux ADS authentication in AD environment

[Anderson, Brandie]

Hi,

I am a subscriber to this list and have probably just missed this.
Someone on our campus wants to put up a Samba 3 server for Linux ADS
integration - I have some issues, but not many. One of my subordinates
sent this as a reason we should deny the request and I am not sure he is
completely up on everything ya'll are doing. Could you tell me if he is
correct? 

"This is possible to do yet not advisable. It requires extensive
management and do to the methods of implementing this it is very taxing
on the system itself. We have found it to be an issue when smbbrowsing
occurs. If your not familiar with smb_acls you run the risk of
automatically creating up to 80K user objects in /etc/password
/etc/groups /etc/shadow. Everyone who has the ability to send an smb
request to the server is able to " Browse " and with the way the smb_pam
works it will create a local account."

 

Many thanks, 

Brandie Anderson, MCSE, CAN

Information Security Officer