On Mon, Apr 26, 2010 at 09:59:02PM -0700, Kevin Keane wrote: > Exactly WHY do you need AD instead of NT domains? Without > understanding that, I don't think your question can be answered. In > some cases, you can use a stand-alone Kerberos and/or LDAP > server. Or conversely, some application you use may require a > Microsoft AD server, sometimes even a specific version.
I have some COTS Windows web apps that want to authenticate either using local accounts or against AD. They've been doing local accounts, but account and password management is increasingly problematic, so it would really help to have central password mangement. The apps doesn't support NT domain auth. It might be possible to do this with OpenLDAP+kerberos, but that sounds like a whole lot of manual work, so I'd rather get something more integrated (AD or samba4). I like *nix servers better than Windows, so I'd rather do samba4, but don't have a good feel for samba4's stability as an authentication server. Hence the earlier question. > Basically, your tradeoff is between cost and risk. Windows 2008 R2 > is all but guaranteed to work no matter what AD issue you throw at > it, but it can get expensive, especially if you have many users. > On the other hand, Samba is free, but Samba 4 is pretty unproven at > this point. Software cost will probably not be a factor. Functionality is. Sounds like I/we need AD. :( - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
