[Samba] Security issues
phillipd at oem.doe.gov
Thu Dec 7 15:56:57 GMT 2006
We have a new Cyber Security professional on our staff that now says we
can't use Samba for the following reasons:
At this time any appearance that Samba-3 is capable of acting as a
domain controller in native ADS mode is limited and experimental in
nature. This functionality should not be used until the Samba Team
offers formal support for it. At such a time, the documentation will be
revised to duly reflect all configuration and management requirements.
Samba can act as a NT4-style domain controller in a Windows 2000/XP
environment. However, there are certain compromises:
1) No machine policy files.
2) No Group Policy Objects.
3) No synchronously executed Active Directory logon scripts.
4) Can't use Active Directory management tools to manage users and
5) Registry changes tattoo the main registry, while with Active
Directory they do not leave permanent changes in effect.
6)Without Active Directory you cannot perform the function of
exporting specific applications to specific users or groups.
Are these all true? I don't care about item 4...
More information about the samba