samba - Apr 2008 - Help: justification for Linux PDC vs Windows...

Hello,

My IT department has implemented a samba PDC and now we are taking flack 
for it. Can anyone help me out with some good justifications for doing 
it this way vs the Microsoft way? Have a meeting about it in a short 
while...

We wanted to do it because Linux is more secure and more stable. But 
there may be other good reasons and it would be good to know them. Or 
maybe it would be better to go with the Microsoft solutions?

Thanks,

Joel

Windows Server CAL's are not required when using a Samba server, so costs
are going to be lower. Apple shouts that from the highest mountains when
they discuss Mac OS X Servers in a mixed environment.

Andrew Philipoff
Programmer Analyst
Department of Medicine IT Services, UCSF
Phone: 415-476-1344
http://medicine.ucsf.edu/domit
DOM Helpdesk: 415-476-6827


-----Original Message-----
From: samba-bounces+aphilipoff=medicine.ucsf.edu@lists.samba.org
[mailto:samba-bounces+aphilipoff=medicine.ucsf.edu@lists.samba.org] On
Behalf Of JJB
Sent: Wednesday, April 09, 2008 1:41 PM
To: samba@lists.samba.org
Subject: [Samba] Help: justification for Linux PDC vs Windows...

Hello,

My IT department has implemented a samba PDC and now we are taking flack 
for it. Can anyone help me out with some good justifications for doing 
it this way vs the Microsoft way? Have a meeting about it in a short 
while...

We wanted to do it because Linux is more secure and more stable. But 
there may be other good reasons and it would be good to know them. Or 
maybe it would be better to go with the Microsoft solutions?

Thanks,

Joel


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Wed, Apr 9, 2008 at 4:40 PM, JJB <onephatcat@earthlink.net>
wrote:
> Hello,
>
>  My IT department has implemented a samba PDC and now we are taking flack
> for it. Can anyone help me out with some good justifications for doing it
> this way vs the Microsoft way? Have a meeting about it in a short while...
>
>  We wanted to do it because Linux is more secure and more stable. But there
> may be other good reasons and it would be good to know them. Or maybe it
> would be better to go with the Microsoft solutions?
>
I do not have much time but here are a few off the top of my head.

1) Linux is much easier to move the PDC from one machine to a
completely different / new box by just mirroring the hard drive of the
old.

2) You never ever have to reboot the linux server (well unless you add
new hardware) so its uptime tends to be better than a windows PDC.

John

On Wed, 2008-04-09 at 13:40 -0700, JJB wrote:
> Hello,
> 
> My IT department has implemented a samba PDC and now we are taking flack 
> for it. Can anyone help me out with some good justifications for doing 
> it this way vs the Microsoft way? Have a meeting about it in a short 
> while...
> 
> We wanted to do it because Linux is more secure and more stable. But 
> there may be other good reasons and it would be good to know them. Or 
> maybe it would be better to go with the Microsoft solutions?
This is almost a troll question. what is better, beer or whine ... 

But let's try anyway:

* samba is faster (ie. network performance)

* samba deals better with load (scalability)

* samba provides an additional security level by having linux accounts 
  in place

* samba is open source = support for any version of will will continue 
  as long as _you_ resp. your company are willing to support it

* beware that samba PDC == winnt PDC, no ADS PDC yet

* samba let's you control/configure much more things you could ever
  configure in a windows PDC

* all components of a samba PDC are well documented (like openldap etc.)

* samba is - of course - muchmuch cheaper due to the lack of license 
  costs

just some initial thoughts ...

For more technical information check the samba HP and/or one of the many
comparisons you will find on the net.

-- 
?Udo Rader

bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20080409/3169bc18/attachment.bin

>  * samba is - of course - muchmuch cheaper due to the lack of license
>   costs
>
This to me makes it more flexible and better performing. I mean i can
design my network how I want and not with restrictive licenses that
force me to a suboptimal configuration.

John

Greg J. Zartman, P.E.
>
> Fact is, most of us don't have farms of domain controllers and hundreds
and hundreds of users.  Most of us manage small to medium sized networks
that can benefit hugely by the cost savings of deploying Samba instead
of Windows.  I'm not talking about just costs of software licenses; but
cost of hardware, sys admin staff, and down time.

Yup.  For small-ish networks, nt4 servers are 'good enough'.

Last I checked, MS imposes an artificial limit on its servers, where a
server can only serve its own subnet.  Samba doesn't have this limit.  So
a single multi-homed samba server can do the work of several MS servers.

So you don't need AD with samba as much since everything is on one server
anyway whereas with MS you need multiple servers and all the management
overhead that entails.

I could be wrong on this; it was true the last time I ripped out a bunch
of MS servers and replaced them with samba.  This was some time ago.... 
Anyone know if it's still a limitation?

-- 
Windows is like a canary in a coal mine, it's the first thing to die on
your network.



-- 
Windows is like a canary in a coal mine, it's the first thing to die on
your network.

JJB
> Yan Seiner wrote:
>> Yup.  For small-ish networks, nt4 servers are 'good enough'.
>>
>> Last I checked, MS imposes an artificial limit on its servers, where a
>> server can only serve its own subnet.  Samba doesn't have this
limit.
>> So
>> a single multi-homed samba server can do the work of several MS
servers.
>>
>> So you don't need AD with samba as much since everything is on one
>> server
>> anyway whereas with MS you need multiple servers and all the management
>> overhead that entails.
>>
>> I could be wrong on this; it was true the last time I ripped out a
bunch
>> of MS servers and replaced them with samba.  This was some time ago....
>> Anyone know if it's still a limitation?
>>
>>
>
> As I understand it, you need a WINS server for every subnet - we figured
> this out after the fact, so we now have 3 servers running Samba so that
> everyone can see all members of the workgroups (we are rolling out the
> domain slowly - in the meanwhile, we don't want to lose functionality.
> If anyone has a written proceedure for how to get this working with only
> one multi-homed server (does that mean one server with 1 network card
> for each subnet, or one card with 3 addresses somehow associated with
> it?) please post a link or email it to me.
It's been a while, so bear with me.

You assign multiple IP addresses to your ethernet card:

ifconfig eth0 192.168.128.1
ifconfig eth0:1 192.168.129.1
ifconfig eth0:2 192.168.130.1

and so on.  You can also do this through your distro's network
configuration.

Then in smb.conf you tell samba to listen on those interfaces.

I think that's it.  You end up with one workgroup that different subnets
can see.

If you want different workgroups I think you can run multiple samba
daemons with different interfaces set up and different workgroup names. 
You'd probably have to separate out all of the volatile files like *tbd,
but I can't say.  As long as the IP addresses are different this should
not cause problems.

ISTR I had to do some voodoo with wins forwarding but that may be because
I had remote servers connected via VPN.

Not written down in any detail but perhaps others can fill in.

-- 
Windows is like a canary in a coal mine, it's the first thing to die on
your network.