1 |
Robert Larson wrote: |
2 |
> I know that I could probably just use samba for this, but my understanding is |
3 |
> that samba-tng aims to provide authentication mechanisms that are beyond the |
4 |
> general samba file serving crowd. This excerpt from |
5 |
> http://www.samba-tng.org/faq.html will support the general idea: |
6 |
http://www.samba-tng.org/status-0.4.html |
7 |
-no locking |
8 |
-no printing |
9 |
-no password sync |
10 |
|
11 |
I've never used TNG so I cannot judge about its merits but I note that |
12 |
lots of the information on their site is simply old/outdated. I've yet |
13 |
to see a feature TNG supports wich samba doesn't. |
14 |
|
15 |
> |
16 |
> "Samba-TNG is somewhat more advanced in terms of protocol support, although |
17 |
> Samba is catching up and may be ahead in some areas. If you want an NT |
18 |
> domain controller running with an LDAP backend, optionally integrated with |
19 |
> your LDAP-based Unix user database, you probably want to use Samba-TNG. Samba |
20 |
> has some experimental support for this, but Samba-TNG has had it working for |
21 |
> much longer so it is more mature." |
22 |
I doubt this is still true. There is no "last updated" info on that page. |
23 |
|
24 |
>> So this is a normal windows domain with a samba PDC? |
25 |
> Pretty much, although, it may be closer to a workgroup with one share machine |
26 |
> (file server) performing NTLM based authentication. I tried to keep it |
27 |
> simple, especially since not all of our clients are domain ready (only those |
28 |
> utilizing XP home edition to name a few). |
29 |
Hmm, I'm not trying to discourage you but I would be surprised if the MS |
30 |
consumer products will talk anything but NTLM (against w2k server, |
31 |
samba4, whatever) and I'm pretty sure none of the MS clients will do |
32 |
kerberos outside a domain context (prove me wrong please ;). |
33 |
|
34 |
One can get pretty far without krb5 though. cyrus-sasl can do NTLM so |
35 |
you can integrate Outlook with your SMTP/IMAP servers, squid can |
36 |
authenticate against a samba server, http-auth with NTLM should be |
37 |
possible (mod_ntlm) all reusing the logon credentials. |
38 |
|
39 |
cheers |
40 |
Paul |
41 |
|
42 |
-- |
43 |
gentoo-server@g.o mailing list |