[Samba] samba 4 for new authentication domain?

David Harrison david.harrison at stress-free.co.nz
Tue Apr 27 01:36:39 MDT 2010

On Tue, Apr 27, 2010 at 6:30 PM, Morty
<morty+samba at frakir.org<morty%2Bsamba at frakir.org>
> wrote:

> On Mon, Apr 26, 2010 at 09:59:02PM -0700, Kevin Keane wrote:
> > Exactly WHY do you need AD instead of NT domains? Without
> > understanding that, I don't think your question can be answered.
> I have some COTS Windows web apps that want to authenticate either
> using local accounts or against AD.

You should clarify what mechanisms those web apps use for authentication.
Generally most web apps use LDAP/NTML for authentication and LDAP for
pulling user information.
These two things you can achieve more reliably using Samba3 with an LDAP
backend compared to Samba 4 (at this stage).

Another pathway you should investigate is whether a single sign-on (SSO)
system is applicable/appropriate.
There are plenty of choices out there, but it does depend on what your COTS
applications are.
The benefit of SSO is that it abstracts web application authentication from
your underlying authentication service.
It is a bit more work, and not all web applications work with it, but once
in place the results are very good.


More information about the samba mailing list