From: Andreas Moroder on
> What I found works exceedingly well (although not flawlessly) is a Windows AD Domain Controller, and then Samba servers for file and print sharing.
>
Hello Kevin,

but what if you already have >1000 users in a samba domain. Is there a
way to migrate them to a MS AD without loosing the uidNumber, Samba SID
and such things ? We don't like the idea to set new users an groups for
every directory we have on ous samba servers

Bye
Andreas

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Morty on
On Tue, Apr 27, 2010 at 01:27:35AM -0700, Kevin Keane wrote:

> You can usually find out simply by reading the documentation on how
> to set up authentication. Just as David said, almost all of them
> would use LDAP. The only exception is anything that supports
> Single-Sign-On via Internet Exploder. In that case, it's probably
> Kerberos.

I'm reading the docs for one of the major apps, and unfortunately, it
doesn't say. Although regardless, I wouldn't want to be pigeonholed.
We could be required to install something new at any time. I'd prefer
to be maximally AD-compatible.

> You won't find true drop-in replacements anywhere.

Sounds like AD is the most AD-compatible package. :(

- Morty
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
From: Andrew Bartlett on
On Mon, 2010-04-26 at 21:59 -0700, Kevin Keane wrote:
> Exactly WHY do you need AD instead of NT domains? Without
> understanding that, I don't think your question can be answered. In
> some cases, you can use a stand-alone Kerberos and/or LDAP server. Or
> conversely, some application you use may require a Microsoft AD
> server, sometimes even a specific version.
>
> Basically, your tradeoff is between cost and risk. Windows 2008 R2 is
> all but guaranteed to work no matter what AD issue you throw at it,
> but it can get expensive, especially if you have many users.
>
> On the other hand, Samba is free, but Samba 4 is pretty unproven at
> this point.

I would strongly contradict your assertion that Samba4 is unproven.
Could you please try Samba4 before you comment on it with such
authority?

We are still at the alpha stage, but given the very real production use
I've personally assisted administrators with, I can attest that it does
really work.

Thanks,

Andrew Bartlett

--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.