[Samba] Differences: ADS vs Samba-3 controlled domain

Tomasz Chmielewski mangoo at interia.pl
Tue Nov 9 09:53:47 GMT 2004


Axel Thimm wrote:

> what are the essential differences between a Samba 3 controlled domain
> (thus an NT4-legacy domain) vs an ADS Microsoft controlled domain?
> 
> AFAICT single-sign on, common password backends etc. can be modelled
> with LDAP & KRB. Without ADS I cannot use some Microsoft GUIs to
> add/edit/remove users/printers/file shares. Also deploying group
> policies seems to be harder.
> 
> What are the true reasons for going ADS, and what can be done against
> it? ;)
> 
> And what are blockers for a Linux/Unix environment to go ADS? Is LDAP
> scripting with ADS as easy as with OpenLDAP for instance? Can I place
> all my NIS schemes onto ADS' LDAP, or will I stumble over proprietary
> "extensions".
> 
> Background: A medium sized educational facility (order 1000 nodes and
> users) considers consolidating Linux and Windows >= 2000
> authentication services and the Win-fraction praises ADS for it, while
> the Linux fraction shivers with the idea of having the most important
> piece of security lost to a black box ...

One thing Samba can't do is deploying software installation to all of 
its clients (consider updating Office on 1000 machines, by going from 
one to another).
Of course it can be achieved by other means, but there is no "golden" 
method yet - see "distribute/deploy software to clients" topic which 
started a couple of days ago and is still alive.


Tomek


More information about the samba mailing list