Hi, what are the essential differences between a Samba 3 controlled domain (thus an NT4-legacy domain) vs an ADS Microsoft controlled domain? AFAICT single-sign on, common password backends etc. can be modelled with LDAP & KRB. Without ADS I cannot use some Microsoft GUIs to add/edit/remove users/printers/file shares. Also deploying group policies seems to be harder. What are the true reasons for going ADS, and what can be done against it? ;) And what are blockers for a Linux/Unix environment to go ADS? Is LDAP scripting with ADS as easy as with OpenLDAP for instance? Can I place all my NIS schemes onto ADS' LDAP, or will I stumble over proprietary "extensions". Background: A medium sized educational facility (order 1000 nodes and users) considers consolidating Linux and Windows >= 2000 authentication services and the Win-fraction praises ADS for it, while the Linux fraction shivers with the idea of having the most important piece of security lost to a black box ... Thanks! -- Axel.Thimm at ATrpms.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20041109/569d3f81/attachment.bin
Tomasz Chmielewski
2004-Nov-09 09:54 UTC
[Samba] Differences: ADS vs Samba-3 controlled domain
Axel Thimm wrote:> what are the essential differences between a Samba 3 controlled domain > (thus an NT4-legacy domain) vs an ADS Microsoft controlled domain? > > AFAICT single-sign on, common password backends etc. can be modelled > with LDAP & KRB. Without ADS I cannot use some Microsoft GUIs to > add/edit/remove users/printers/file shares. Also deploying group > policies seems to be harder. > > What are the true reasons for going ADS, and what can be done against > it? ;) > > And what are blockers for a Linux/Unix environment to go ADS? Is LDAP > scripting with ADS as easy as with OpenLDAP for instance? Can I place > all my NIS schemes onto ADS' LDAP, or will I stumble over proprietary > "extensions". > > Background: A medium sized educational facility (order 1000 nodes and > users) considers consolidating Linux and Windows >= 2000 > authentication services and the Win-fraction praises ADS for it, while > the Linux fraction shivers with the idea of having the most important > piece of security lost to a black box ...One thing Samba can't do is deploying software installation to all of its clients (consider updating Office on 1000 machines, by going from one to another). Of course it can be achieved by other means, but there is no "golden" method yet - see "distribute/deploy software to clients" topic which started a couple of days ago and is still alive. Tomek