[Samba] samba 4 for new authentication domain?
morty+samba at frakir.org
Tue Apr 27 02:07:43 MDT 2010
On Tue, Apr 27, 2010 at 07:36:39PM +1200, David Harrison wrote:
> You should clarify what mechanisms those web apps use for authentication.
I don't know. :) The apps are black-box COTS apps which "use AD" for
authentication. I didn't pick them, and don't have much insight into
them. More apps might come later, so even if I can research and
answer this question based on the current profiles, requirements might
change. What I want to do is spec hardware and any necessary software
to support authentication for the apps. I'd prefer to use free/open
source software if it will work as a drop-in replacement for AD.
> Generally most web apps use LDAP/NTML for authentication and LDAP for
> pulling user information.
> These two things you can achieve more reliably using Samba3 with an LDAP
> backend compared to Samba 4 (at this stage).
I've played with samba3+openldap+kerberos+bind9 as a replacement for
AD before. It was extremely complex to setup and maintain, so I don't
want to do that in production. samba4 seemed like it would be
simpler and more compatible with AD. Ah, well. :(
It's a shame that samba4 is waiting on file+print services to ship.
samba3 is already a fine file+print services server. It might be
better to just ship samba4 as AD-style authentication-only for now,
and people who need AD-style auth, file, and print can run separate
instances of samba4 and samba3 on separate VMs or separate physical
servers. It wouldn't be as ideal as having a single combined server
that could run everything, but at least all functionality would be
shipped, and y'all would still have a roadmap towards an integrated
More information about the samba