[Samba] samba 4 for new authentication domain?

Morty morty+samba at frakir.org
Tue Apr 27 00:30:18 MDT 2010


On Mon, Apr 26, 2010 at 09:59:02PM -0700, Kevin Keane wrote:

> Exactly WHY do you need AD instead of NT domains? Without
> understanding that, I don't think your question can be answered. In
> some cases, you can use a stand-alone Kerberos and/or LDAP
> server. Or conversely, some application you use may require a
> Microsoft AD server, sometimes even a specific version.

I have some COTS Windows web apps that want to authenticate either
using local accounts or against AD.  They've been doing local
accounts, but account and password management is increasingly
problematic, so it would really help to have central password
mangement.  The apps doesn't support NT domain auth.  It might be
possible to do this with OpenLDAP+kerberos, but that sounds like a
whole lot of manual work, so I'd rather get something more integrated
(AD or samba4).  I like *nix servers better than Windows, so I'd
rather do samba4, but don't have a good feel for samba4's stability as
an authentication server.  Hence the earlier question.

> Basically, your tradeoff is between cost and risk. Windows 2008 R2
> is all but guaranteed to work no matter what AD issue you throw at
> it, but it can get expensive, especially if you have many users.

> On the other hand, Samba is free, but Samba 4 is pretty unproven at
> this point.

Software cost will probably not be a factor.  Functionality is.
Sounds like I/we need AD.  :(

- Morty


More information about the samba mailing list