[Samba] Security issues

Douglas Phillipson phillipd at oem.doe.gov
Thu Dec 7 15:56:57 GMT 2006

We have a new Cyber Security professional on our staff that now says we 
can't use Samba for the following reasons:

At this time any appearance that Samba-3 is capable of acting as a 
domain controller in native ADS mode is limited and experimental in 
nature. This functionality should not be used until the Samba Team 
offers formal support for it. At such a time, the documentation will be 
revised to duly reflect all configuration and management requirements. 
Samba can act as a NT4-style domain controller in a Windows 2000/XP 
environment. However, there are certain compromises:

     1) No machine policy files.
     2) No Group Policy Objects.
     3) No synchronously executed Active Directory logon scripts.
     4) Can't use Active Directory management tools to manage users and 
     5) Registry changes tattoo the main registry, while with Active 
Directory they do not leave permanent changes in effect.
     6)Without Active Directory you cannot perform the function of 
exporting specific applications to specific users or groups.


Are these all true? I don't care about item 4...


Doug P

More information about the samba mailing list