From owner-freebsd-questions@FreeBSD.ORG Mon Jun 8 11:18:19 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 11C411065691 for ; Mon, 8 Jun 2009 11:18:19 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: from mail-fx0-f214.google.com (mail-fx0-f214.google.com [209.85.220.214]) by mx1.freebsd.org (Postfix) with ESMTP id 8BFFB8FC13 for ; Mon, 8 Jun 2009 11:18:18 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: by fxm10 with SMTP id 10so227730fxm.43 for ; Mon, 08 Jun 2009 04:18:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=hPTZgA5SXSSHU8ZwEesjEo2s715+OjlptNL9ZJc4xXA=; b=MwOFmC0OUPxv74ZNw3+qkj+tRGKoe2+3QSCATfRqw17dzlbCqdTra91CCzgvRYrd5T qsBORaPdinW5Ui3KA8xmT+PN9w/o+d2GY37kDKLiAvDPNKK8KJJYOquYNLsCnpb49POd NkMBUyB9xdiqCu2c2xEvwOWtjnnN1Lf3R3djU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:cc:in-reply-to:references:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; b=Kkj9CI/dWYQHoFRXzxlyONRDW7Wc4KAiaImX6A7IKg+dG42+DDjMAoHgmiDcbGirs4 p2ZQMj2CwuFln6x9GY9ZRAOC8fwLg4SzyLZvtO/WdqzNuqlDpOz5OgNhmCAiKcw1Skd5 ZgIRzP0Rjm0LAUu46FL/zeOUctWt7IeKjmHVE= Received: by 10.86.49.16 with SMTP id w16mr7129827fgw.4.1244459897582; Mon, 08 Jun 2009 04:18:17 -0700 (PDT) Received: from ?192.168.220.101? (Yb1a7.y.pppool.de [89.60.177.167]) by mx.google.com with ESMTPS id 12sm132565fgg.10.2009.06.08.04.18.16 (version=SSLv3 cipher=RC4-MD5); Mon, 08 Jun 2009 04:18:17 -0700 (PDT) From: Mister Olli To: Tim Judd In-Reply-To: References: <273384.34545.qm@web81206.mail.mud.yahoo.com> <200906080259.n582xtVg024068@banyan.cs.ait.ac.th> Content-Type: text/plain Date: Mon, 08 Jun 2009 13:18:13 +0200 Message-Id: <1244459893.12252.17.camel@phoenix.blechhirn.net> Mime-Version: 1.0 X-Mailer: Evolution 2.24.5 Content-Transfer-Encoding: 7bit Cc: Olivier Nicole , freebsd-questions@freebsd.org, redtick@sbcglobal.net Subject: Re: Samba3 domain controller howto? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mister.olli@googlemail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jun 2009 11:18:19 -0000 hi, > yes, you are mis-understanding > > samba itself is a NT4-type domain. not quite right. It depends on the samba version your using. - samba3 only provides NT4-type domains - samba4 provides active directory domain types including GPO (I have such a setup running in 7. with around 10 users. It works quite good, beside the fact that samba segfaults from time to time (which I covered by running samba4 in foreground within an endless bash.-loop)). there is even a new build-option that creates the 'samba franky' release which uses samba3 & samba4 at the same time to make nearly all samba3 feature in combination with AD environments available, but it didn't have the time to look into that. But it sounds quite promising, since samba4 lacks some features samba3 already has. Regards, --- Mr. Olli > samba can use authentication backends that include passwd files, LDAP > and kerberos. Active directory is a requirement to use LDAP, whereas > samba is offering it as a auth backend only. > > fine line, I know. > > IOW, whereas Active Directory - as a technology: > Uses kerberos for authorization > Uses LDAP for a storage backend for Kerberos > Uses user@domain logins (thanks to Kerberos), > Uses other techs not related to this thread > > NT4-style domains - as a technology: > Not using Kerberos > Not using LDAP storage > > Samba allows it's authorization backend to offer more possibilities > than NT4's own methods. Such as passwd files, LDAP, Kerberos, etc. > > > It's technology vs technology, not product vs product. > > > On 6/7/09, Olivier Nicole wrote: > > Hi, > > > >> Samba is still only a NT4-type > >> DC, no Active Directory type of function (Group Policies, user@domain > >> logins, kerberos, ldap, etc) > > > > I am not sure if I understand you well, but my samba is authenticating > > users agaiinst LDAP. > > > > Best regards, > > > > Olivier > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"