Is anyone following the Active Directory services in samba4 (http://www.zdnet.com.au/news/software/soa/New_Samba_targets_Active_Directory/0,2000061733,39234687,00.htm) enough to comment on how it would compare to FDS for network authentication purposes? -- Les Mikesell lesmikesell@gmail.com
On 1/25/06, Les Mikesell <les@futuresource.com> wrote:> Is anyone following the Active Directory services in samba4 > (http://www.zdnet.com.au/news/software/soa/New_Samba_targets_Active_Directory/0,2000061733,39234687,00.htm) > enough to comment on how it would compare to FDS for network > authentication purposes? > > -- > Les Mikesell > lesmikesell@gmail.com > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >Well at least I think you could still use FDS as a meta directory server that has to play with a M$ ADS. On the other hand SMB 4 features a new mini ldap inside, let alone the kerberos. So ther are chances you could play that way too. Please list correct me if I am stupid.;-) -- ########################################3 Zaharioudakis Nikos mob: +30 6947204063 A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail?
Les Mikesell wrote:>Is anyone following the Active Directory services in samba4 >(http://www.zdnet.com.au/news/software/soa/New_Samba_targets_Active_Directory/0,2000061733,39234687,00.htm) >enough to comment on how it would compare to FDS for network >authentication purposes? > > >It isn''t really a case of versus. There is a high likelyhood that in any large deployment you will want FDS as the backend server to SAMBA. Indeed, the SAMBA team appear to realise that writing it all themselves is not the best idea when there are perfectly good existing, scalable open source solutions available for the components they need. The standalone LDAP services for instance will likely not be intended to replace an existing LDAP deployment or indeed to displace the need for one - rather I suspect the internal LDAP functionality is intended for cases where a directory server is overkill and the additional services of directory servers are unrequired, and what is really required is an even lighter LDAP sufficient to get the job done in these cases. Ditto Kerberos. So to sum up, if you have a need now that is best filled by a fully fledged directory server, you should probably not expect that to change when SAMBA4 releases. This all of course, IMO. -- Pete
On Wed, 2006-01-25 at 14:19 -0800, Pete Rowley wrote:> Les Mikesell wrote: > > >Is anyone following the Active Directory services in samba4 > >(http://www.zdnet.com.au/news/software/soa/New_Samba_targets_Active_Directory/0,2000061733,39234687,00.htm) > >enough to comment on how it would compare to FDS for network > >authentication purposes? > > > > > > > It isn''t really a case of versus. There is a high likelyhood that in > any large deployment you will want FDS as the backend server to SAMBA. > Indeed, the SAMBA team appear to realise that writing it all themselves > is not the best idea when there are perfectly good existing, scalable > open source solutions available for the components they need. The > standalone LDAP services for instance will likely not be intended to > replace an existing LDAP deployment or indeed to displace the need for > one - rather I suspect the internal LDAP functionality is intended for > cases where a directory server is overkill and the additional services > of directory servers are unrequired, and what is really required is an > even lighter LDAP sufficient to get the job done in these cases. Ditto > Kerberos. > > So to sum up, if you have a need now that is best filled by a fully > fledged directory server, you should probably not expect that to change > when SAMBA4 releases. > > This all of course, IMO.---- It is the only way they can really provide a complete turnkey type solution as an AD alternative. The samba list is replete of examples of people trying to obtain a samba integration with LDAP and for these people, an integrated - even if simplistic adaptation of LDAP and kerberos server should be more accommodating. Craig