[Samba] Suggestions for argument for Samba over Windows 2003?

[tcg]

On Friday 17 October 2003 00:32, Andy Jones wrote:
> We then worked out what services were running and deliberated on
> where to run them in the new merged systems. As it turned out, the
> decision was to go for Windows Server 2003 for email, printing,
> virus scanning and so on.   However Web, Web Proxy, DHCP, DNS etc
> will continue to live on Unix.

First a disclaimer - although I've set up many Windows PDC's/Exchange Servers, 
etc. and now several Samba PDC installations they have all been for small 
businesses. Only one of the clients was sizeable enough to install a BDC.

With a Windows AD and also Exchange (you didn't specify which email server 
app) you may as well hand over the DNS, and possibly the DHCP, reigns over to 
the Windows guys as well as I believe (maybe wrongly so) that although you 
can allow dynamic updates from the clients they will not be secure. Plus you 
have to screw with all of those _ service zones. Maybe I'm all wet and it all 
works OK (I would like that to be the case), but I think there's a possible 
trap in the current assignment division.

Unless the plan is Exchange with Outlook for the groupware capabilities it 
would be much more preferable to put the email on the nix boxes.

> However the new domain will be one controlled by AD, the IT guys
> from the other School aren't Unix-skilled, and so I need to produce
> sound technical arguments for keeping Samba, not just my personal
> preference based on what is familiar/known...

The dangers of monoculture might be brought up. If something did take out 
every Windows box you could still get some work done with the nix boxes. With 
every system/user getting authenticated by the AD there would be no cost 
savings from a CAL viewpoint.

> Reasons FOR moving the home dirs to Windows 2003 are largely the
> same ones which got it decided upon in the first place.
>  ie. stability;  reliability;  complete integration with AD;
>      only one password source and so a single password across servers;

This would not be affected if you used winbind on the Samba box.

>      that it is adminnable by any IT support staff, not just Unix guys;

Are the Windows boxes adminable by any IT support staff, not just the Windows 
guys?

>      that it is an officially supported product.

Maybe it's just my experience but I've been on the horn to Redmond a few times 
and when you really have a Windows problem Google is a much better friend 
than Microsoft.

> So, anyway, from my reading of the doco so far, it would seem that
> we could integrate the Unix box one of two ways:
>
>  . Upgrade it to Samba 3, and have it join the Win 2003 domain.
>    Since the only access we're supporting into the box is SMB,
>    we don't need to worry about setting or syncing the Unix password.

Gets my vote.

>    I still need some way to create the underlying unix account though,
>    preferably with consistent, rather than randomly assigned uids/gids.

Doesn't Winbind handle all of this? If you got the email task with Cyrus then 
you may need to "manually" set up the Cyrus accounts.

>  . leave it on Samba 2.2.7, leave it off the whole domain thingo,
>    set  security=server  and point the password server at one of
>    the AD boxes, and touch wood.  

Doesn't sound pretty.
-- 
Chris

Do not reply to the email address.
Please use the contact page below for any desired direct replies.
Apologies for the inconvenience.

realcomputerguy dot com slash contact dot html