[Samba] Help: justification for Linux PDC vs Windows...

Adam Tauno Williams adamtaunowilliams at gmail.com
Thu Apr 10 17:08:31 GMT 2008

Now I realize I'll get tarred-n-feather for this, but...

> > My IT department has implemented a samba PDC and now we are taking flack 
> > for it. Can anyone help me out with some good justifications for doing 
> > it this way vs the Microsoft way? Have a meeting about it in a short 
> > while...
> > We wanted to do it because Linux is more secure and more stable. But 
> > there may be other good reasons and it would be good to know them. Or 
> > maybe it would be better to go with the Microsoft solutions?
> This is almost a troll question. what is better, beer or whine ... 
> * samba is open source = support for any version of will will continue 
>   as long as _you_ resp. your company are willing to support it

Or as long as clients will continue to operate effectively in a NT4
domain;  a window with is rapidly closing, IMO.

> * beware that samba PDC == winnt PDC, no ADS PDC yet

Yep - which is why I think your bosses are correct.  Deploying a *new*
NT4 domain in 2008 is just nuts.  When most clients are XP or Vista and
many applications have integration with AD.  You can always migrate to
Samba4 if that ever becomes a viable DC option.   I've known of many
SambaPDC+LDAP sites in my area and I believe we have one the last
remaining;  just about everyone from my old LUG and other acquaintances
have tossed in the towel due to policy implementation and application
issues [and gone over to AD].

> * samba let's you control/configure much more things you could ever
>   configure in a windows PDC
> * all components of a samba PDC are well documented (like openldap etc.)

This is *very* debatable.  Basic setup is well documented.  Implementing
things like effective security policies (password requirements, etc...)
is downright dodgy,  and very possible just not possible [see the recent
ppolicy related thread].  Making use of technologies like Kerberos is
really awkward.

> * samba is - of course - muchmuch cheaper due to the lack of license 
>   costs


Adam Tauno Williams, Network & Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org

More information about the samba mailing list