[Samba] Help: justification for Linux PDC vs Windows...

Udo Rader udo.rader at bestsolution.at
Thu Apr 10 18:52:55 GMT 2008

On Thu, 2008-04-10 at 13:08 -0400, Adam Tauno Williams wrote:
> Now I realize I'll get tarred-n-feather for this, but...

of course you'll be :-)

> > > My IT department has implemented a samba PDC and now we are taking flack 
> > > for it. Can anyone help me out with some good justifications for doing 
> > > it this way vs the Microsoft way? Have a meeting about it in a short 
> > > while...
> > > We wanted to do it because Linux is more secure and more stable. But 
> > > there may be other good reasons and it would be good to know them. Or 
> > > maybe it would be better to go with the Microsoft solutions?
> > This is almost a troll question. what is better, beer or whine ... 
> > * samba is open source = support for any version of will will continue 
> >   as long as _you_ resp. your company are willing to support it
> Or as long as clients will continue to operate effectively in a NT4
> domain;  a window with is rapidly closing, IMO.

Show evidence for that. I know many big companies (airlines, yes
airlines) that still operate on WINNT (or alike => samba) based server

> > * beware that samba PDC == winnt PDC, no ADS PDC yet
> Yep - which is why I think your bosses are correct.  Deploying a *new*
> NT4 domain in 2008 is just nuts.  When most clients are XP or Vista and
> many applications have integration with AD.  You can always migrate to
> Samba4 if that ever becomes a viable DC option.   I've known of many
> SambaPDC+LDAP sites in my area and I believe we have one the last
> remaining;  just about everyone from my old LUG and other acquaintances
> have tossed in the towel due to policy implementation and application
> issues [and gone over to AD].

I agree. Policies coming with ADS are a true benefit for anybody
operating even mid sized networks.

Samba4 for sure is desperately awaited by many people :-)

> > * samba let's you control/configure much more things you could ever
> >   configure in a windows PDC
> > * all components of a samba PDC are well documented (like openldap etc.)
> This is *very* debatable.  Basic setup is well documented.  Implementing
> things like effective security policies (password requirements, etc...)
> is downright dodgy,  and very possible just not possible [see the recent
> ppolicy related thread].  Making use of technologies like Kerberos is
> really awkward.

I disagree. The only problem ie. with Kerberos is that there are so many
weird and misleading so called "HOWTOs" on the net (that should rather
be called "HOWNOTTOs") so that it seems to be "badly" documented. But as
usual, google/your local LUG/a "good" server distribution are your

Udo Rader

bestsolution.at EDV Systemhaus GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20080410/bd8bedb5/attachment.bin

More information about the samba mailing list