Robert Larson wrote: > I know that I could probably just use samba for this, but my understanding is > that samba-tng aims to provide authentication mechanisms that are beyond the > general samba file serving crowd. This excerpt from > http://www.samba-tng.org/faq.html will support the general idea: http://www.samba-tng.org/status-0.4.html -no locking -no printing -no password sync
I've never used TNG so I cannot judge about its merits but I note that lots of the information on their site is simply old/outdated. I've yet to see a feature TNG supports wich samba doesn't. > > "Samba-TNG is somewhat more advanced in terms of protocol support, although > Samba is catching up and may be ahead in some areas. If you want an NT > domain controller running with an LDAP backend, optionally integrated with > your LDAP-based Unix user database, you probably want to use Samba-TNG. Samba > has some experimental support for this, but Samba-TNG has had it working for > much longer so it is more mature." I doubt this is still true. There is no "last updated" info on that page. >> So this is a normal windows domain with a samba PDC? > Pretty much, although, it may be closer to a workgroup with one share machine > (file server) performing NTLM based authentication. I tried to keep it > simple, especially since not all of our clients are domain ready (only those > utilizing XP home edition to name a few). Hmm, I'm not trying to discourage you but I would be surprised if the MS consumer products will talk anything but NTLM (against w2k server, samba4, whatever) and I'm pretty sure none of the MS clients will do kerberos outside a domain context (prove me wrong please ;). One can get pretty far without krb5 though. cyrus-sasl can do NTLM so you can integrate Outlook with your SMTP/IMAP servers, squid can authenticate against a samba server, http-auth with NTLM should be possible (mod_ntlm) all reusing the logon credentials. cheers Paul -- [email protected] mailing list
