On Sun, Apr 25, 2010 at 07:56:12AM -0400, Edward Ned Harvey wrote: > > From: [email protected] [mailto:[email protected]] On > > Behalf Of Toby Burress > > > > "We don't have AD, and don't want one." > "Samba in quasi-domain, with LDAP password backend" > "works some of the time" > "very often does not work from version to version" > "So I was thinking of ditching Samba for AFS." > > Wow, you want to replace the native, included for free industry standard > protocol for something that has barely seen the light of day. And you think > this will somehow be more stable or more manageable than AD?
I'm not sure AFS can be considered immature. > > Sorry I'm not being helpful toward going the direction you want to go. But > you're way wrong here, and it sounds like you have a religious objection to > MS. We don't have any Windows servers at the moment, and we have OpenLDAP running with custom schemas. If you think OpenLDAP + MIT Kerberos + Samba is a workable replacement for Windows as an AD controller, that's something I'm willing to investigate, but (a) I've heard it doesn't work very well, and (b) many (most?) of our workers are on laptops, which they probably would not want to join to the domain, and we also have a significant population of OS X users. While I know that AD and group policy work very well in a homogeneous environment, I'm not convinced it's the best tool here. Also, I'm really only trying to solve one problem, which is reliable authentication to reliable file shares. It seems AD is a big hammer that hits more nails than I have. That said, if everyone with AFS experience says "oh man I tried it once and now I'm sterile", then sure, I'll look at other solutions. AD's (simulated, or with Windows servers) not off the list, but it's very low. Right now, AFS is at the top. _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
