Robert Larson wrote:
> I know that I could probably just use samba for this, but my understanding is 
> that samba-tng aims to provide authentication mechanisms that are beyond the 
> general samba file serving crowd.  This excerpt from 
> http://www.samba-tng.org/faq.html will support the general idea:
http://www.samba-tng.org/status-0.4.html
-no locking
-no printing
-no password sync

I've never used TNG so I cannot judge about its merits but I note that
lots of the information on their site is simply old/outdated. I've yet
to see a feature TNG supports wich samba doesn't.

> 
> "Samba-TNG is somewhat more advanced in terms of protocol support, although 
> Samba is catching up and may be ahead in some areas.  If you want an NT 
> domain controller running with an LDAP backend, optionally integrated with 
> your LDAP-based Unix user database, you probably want to use Samba-TNG. Samba 
> has some experimental support for this, but Samba-TNG has had it working for 
> much longer so it is more mature."
I doubt this is still true. There is no "last updated" info on that page.

>> So this is a normal windows domain with a samba PDC?
> Pretty much, although, it may be closer to a workgroup with one share machine 
> (file server) performing NTLM based authentication.  I tried to keep it 
> simple, especially since not all of our clients are domain ready (only those 
> utilizing XP home edition to name a few).
Hmm, I'm not trying to discourage you but I would be surprised if the MS
consumer products will talk anything but NTLM (against w2k server,
samba4, whatever) and I'm pretty sure none of the MS clients will do
kerberos outside a domain context (prove me wrong please ;).

One can get pretty far without krb5 though. cyrus-sasl can do NTLM so
you can integrate Outlook with your SMTP/IMAP servers, squid can
authenticate against a samba server, http-auth with NTLM should be
possible (mod_ntlm) all reusing the logon credentials.

cheers
 Paul

-- 
[email protected] mailing list

Reply via email to