samba - Aug 2005 - Samba PDC, ldap or mysql????

Hi all,
       I'm under the gun to rid ourselves of the nt4 PDC which we
currently use.  options are A/D, samba, pgina.  I really dig pgina,
but dont think I can pass citrix credentials properly :(  So I'm
left with samba vs A/D.  A/D is well,, ummmmm   A/D, so tyring to
avoid it.

Currently have used Samba file servers for years.
Have played with Samba PDC with2.2

Now, going to try Samba3 pdc.  Have about 300 users.

I'd really like to understand the advantages/disadvantages of ldap vs
mysql for backend.  Would like our other *windows admins* to be able to
add users,machines,groups etc. easily.

I think I'd like best to store in mysql, but want to know if there's any
functionality I'll miss using mysql instead of ldap.  seems ldap for
backend has been around a while.

I'd really like to hear from anyone using mysql for backend, or ldap

thanks
          Mark

Hi All,
      I'm really under the gun to rid ourselves of our existing nt4 pdc. 
I like the looks of pGina a lot, but have some issues with citrix:(
So, I'm ready to migrate to a samba pdc.
Trying to decide what's the best pdb to use.
info:
several samba servers in production for years, in the nt4domain
~300 users
would like other admins to be able to add users,machines,etc. easily
have played with ldap, not afraid of,have used for email address books.
NO current production level ldap here.
MySql running for several years.

I think I would like to use MySql as the backend.
Question:, is the mysql backend as well integrated as LDAP?
adduser scripts etc.

Would really like to hear peoples real-world experience with both.

thanks
          Mark

On Thursday 25 August 2005 10:48, Mark Nehemiah wrote:
> Hi all,
>        I'm under the gun to rid ourselves of the nt4 PDC which we
> currently use.  options are A/D, samba, pgina.  I really dig pgina,
> but dont think I can pass citrix credentials properly :(  So I'm
> left with samba vs A/D.  A/D is well,, ummmmm   A/D, so tyring to
> avoid it.
>
> Currently have used Samba file servers for years.
> Have played with Samba PDC with2.2
>
> Now, going to try Samba3 pdc.  Have about 300 users.
>
> I'd really like to understand the advantages/disadvantages of ldap vs
> mysql for backend.  Would like our other *windows admins* to be able to
> add users,machines,groups etc. easily.
>
> I think I'd like best to store in mysql, but want to know if
there's any
> functionality I'll miss using mysql instead of ldap.  seems ldap for
> backend has been around a while.
>
> I'd really like to hear from anyone using mysql for backend, or ldap
It your 300 users are all at one site, and you do not need BDCs, you could use 
the tdbsam for the passdb backend. I believe that LDAP is the preferred 
choice because it provides a lot more flexibility than the tdbsam backend.

I would not use the mysql backend because it is considered experimental only 
and support for it from the Samba Team is very limited.

The examples I used in my book "Samba-3 by Example" are all real-world
networks. I have deployed Samba-3 and LDAP in several large sites. It works 
reliably.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mark,

Mark Nehemiah wrote:
> I'd really like to understand the advantages/disadvantages of ldap
> vs mysql for backend. Would like our other *windows admins* to be
> able to add users,machines,groups etc. easily.
>
> I think I'd like best to store in mysql, but want to know if
> there's any functionality I'll miss using mysql instead of ldap.
> seems ldap for backend has been around a while.
The MySQL backend is currently still experimental. It's broken in
3.0.14a and 3.0.20, but we're working on fixing it. It also doesn't
have support for group mapping support (yet). If you have no specific
reasons for going with MySQL (such as already having another user
database in MySQL), I'd advice going with LDAP.

Cheers,

Jelmer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDDfl4Pa9Uoh7vUnYRAhzDAJ0cu99+Gd5imtaD/mQYmKDPTodJhgCfV/DC
T04yucwBhFdYCY4wOixo3sM=Wo5G
-----END PGP SIGNATURE-----

On Thu, August 25, 2005 12:10 pm, John H Terpstra said:
> On Thursday 25 August 2005 10:48, Mark Nehemiah wrote:
>> Hi all,
>>        I'm under the gun to rid ourselves of the nt4 PDC which we
>> currently use.  options are A/D, samba, pgina.  I really dig pgina,
>> but dont think I can pass citrix credentials properly :(  So I'm
>> left with samba vs A/D.  A/D is well,, ummmmm   A/D, so tyring to
>> avoid it.
>>
>> Currently have used Samba file servers for years.
>> Have played with Samba PDC with2.2
>>
>> Now, going to try Samba3 pdc.  Have about 300 users.
>>
>> I'd really like to understand the advantages/disadvantages of ldap
vs
>> mysql for backend.  Would like our other *windows admins* to be able to
>> add users,machines,groups etc. easily.
>>
>> I think I'd like best to store in mysql, but want to know if
there's any
>> functionality I'll miss using mysql instead of ldap.  seems ldap
for
>> backend has been around a while.
>>
>> I'd really like to hear from anyone using mysql for backend, or
ldap
>
> It your 300 users are all at one site, and you do not need BDCs, you could
> use
> the tdbsam for the passdb backend. I believe that LDAP is the preferred
> choice because it provides a lot more flexibility than the tdbsam backend.
>
> I would not use the mysql backend because it is considered experimental
> only
> and support for it from the Samba Team is very limited.
>
> The examples I used in my book "Samba-3 by Example" are all
real-world
> networks. I have deployed Samba-3 and LDAP in several large sites. It
> works
> reliably.
>
> - John T.
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
> Samba-3 by Example, 2 Ed., ISBN: 0131882221X
> Hardening Linux, ISBN: 0072254971
> Other books in production.
>
Thanks for the quick reply John,
  all users at 1 site,  other sites will use citrix servers here for
access.  Other than the obvious *LDAP* features of using ldap, can I get
the same functionality out of using tdbsam??  sorry this Samba PDC stuff
is really new to me.  mostly concerned with *windows admins* being able
to add users, machines, etc.  ??time restrictions??  I really only need
1 pdc with some kind of failover.  rsyncing tdbsam probably would work
fine, I think:)
Consider another copy of your book sold, I'll see if I can go pick a copy
up today at lunch, if not it'll be on order.  Have some older samba
oreilly books:(
   thx again,
                  Mark

Mark Nehemiah schrieb:
> Hi all,
>        I'm under the gun to rid ourselves of the nt4 PDC which we
> currently use.  options are A/D, samba, pgina.  I really dig pgina,
> but dont think I can pass citrix credentials properly :(  So I'm
> left with samba vs A/D.  A/D is well,, ummmmm   A/D, so tyring to
> avoid it.
> 
> Currently have used Samba file servers for years.
> Have played with Samba PDC with2.2
> 
> Now, going to try Samba3 pdc.  Have about 300 users.
> 
> I'd really like to understand the advantages/disadvantages of ldap vs
> mysql for backend.  Would like our other *windows admins* to be able to
> add users,machines,groups etc. easily.
LDAP would be a wiser choice.
It's widely supported, well described, and there are many tools for that.

For adding users, groups, machines, your Windows admins can use LAM - 
LDAP Account Manager - http://lam.sf.net - it's a nice web-based tool, 
where you can define pretty everything when it comes to users, groups 
etc. (logon hours, scripts etc.).


-- 
Tomek
http://wpkg.org
Software deployment with Samba