[Samba] AD<->Linux: Thoughts

Turbo Fredriksson turbo at bayour.com
Tue Apr 20 06:26:54 GMT 2004

Hash: SHA1

I have a small planning problem...

I built an environment for a customer about six (or so) months
ago based on RH8 which authenticate and mount homes from an
AD server... The Linux stuff was straigt forward - using LibNSS/LDAP
and LibPAM/{LDAP,Krb5} for authentication and samba (2.x something)
to mount the home directories.

Unfortunatly, this required the SFU (M$ 'version' of the AD4UNIX). This
was proven to be _EXTREAMLY_ unstable! We managed to get it working,
but as a long-time Linux/UNIX administrator, all I can do is shrug my
sholders for the stability of this system.... It sucks, to be frank.

But it's not much I can do about this. Windows clients are a majority,
only some of the clients are Linux...

Now, the customer seems to be bitten by the "must upgrade because there's
newer versions" bug (as opposed to the 'standard' UNIX way - "only upgrade
if you'r absolutly forced" I'm used to :). The Linux version this time
is open for discussion (SuSE have been mentioned - have no opinion there).

But the SFU part is the main problem. Quite naturaly, the customer have
also grown weary about this. To many problems, to many 'unexplained'
(Doh! :) crashes.

I personaly would like to replace the AD with OpenLDAP/Kerberos V on
a Linux/UNIX box, but then we'd get into (some) trouble with the rest
of the network. There's to much softwares and services that depend on
the AD, it would be very difficult to switch.

My initial idea was to put a Samba server in between the Linux clients
and the AD, but that still needs the SFU (for the RFC2307 stuff) from
what I can tell.

Another idea would be to setup a OpenLDAP/Kerberos V/Samba box, which
will replicate (manually or automatic) any AD accounts to the 'Linux
auth server'...

Does anyone have an opinion on how to proceed, because I'm lost.
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>


More information about the samba mailing list