On Tue, Apr 27, 2010 at 07:36:39PM +1200, David Harrison wrote: > You should clarify what mechanisms those web apps use for authentication.
I don't know. :) The apps are black-box COTS apps which "use AD" for authentication. I didn't pick them, and don't have much insight into them. More apps might come later, so even if I can research and answer this question based on the current profiles, requirements might change. What I want to do is spec hardware and any necessary software to support authentication for the apps. I'd prefer to use free/open source software if it will work as a drop-in replacement for AD. > Generally most web apps use LDAP/NTML for authentication and LDAP for > pulling user information. > These two things you can achieve more reliably using Samba3 with an LDAP > backend compared to Samba 4 (at this stage). I've played with samba3+openldap+kerberos+bind9 as a replacement for AD before. It was extremely complex to setup and maintain, so I don't want to do that in production. samba4 seemed like it would be simpler and more compatible with AD. Ah, well. :( It's a shame that samba4 is waiting on file+print services to ship. samba3 is already a fine file+print services server. It might be better to just ship samba4 as AD-style authentication-only for now, and people who need AD-style auth, file, and print can run separate instances of samba4 and samba3 on separate VMs or separate physical servers. It wouldn't be as ideal as having a single combined server that could run everything, but at least all functionality would be shipped, and y'all would still have a roadmap towards an integrated product. - Morty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
