Hrmm. It seems that this (from the HOWTO) puts a MAJOR damper on things....
A damper is a state of mind and an attitude that is routed in what you can not do. Let's focus on what we CAN do - that's more productive. :)
------------------------------------- Samba can act as a NT4-style DC in a Windows 2000/XP environment. However, there are certain compromises: � No machine policy files. � No Group Policy Objects. � No synchronously executed AD logon scripts. � Can't use Active Directory management tools to manage users and machines. � Registry changes tattoo the main registry, while with AD they do not leave permanent changes in effect. � Without AD you cannot perform the function of exporting specific applications to specific users or groups. --------------------------------------
Considering my goal #6....
6. Preserve as much of the functionality that Active Directory is >>currently providing. This includes login scripts, roaming profiles, all >>the permissions management and authentication, serving a dfs, etc....I >>understand that Samba cannot be an Active Directory server, but I also >>understand that it can do a lot of the same things AD does.
So...no login scripts and some of these other things (policy files, temp
You can have a logon script. You can use NTConfig.POL files.
When we figure out how to implement Group Policy Objects, we will document how to do that. Right now you can have Group settings in NTConfig.POL, and then apply that Policy File to a group.
changes to the registry that get wiped at logout, etc...) are common on our network. Almost all of our Windows clients are XP. Do you truly lose the
What I have described as being possible works perfectly with Windows XP Professional clients.
ability to do all of those things, or can you do older, NT-style versions of some of them by having the XP clients fallback into NT domain compatibility?
You can do with Samba-3 most of what you can do with Windows NT4. There are still millions of networks that have only Windows NT4 servers that are running fine with Windows XP Professional clients. Samba-3 is perfect alternative, which when fully deployed significantly reduces the need for Active Directory.
You can get a highly scalable Samba-3 based network (using an LDAP backend). You can store UNIX POSIX account information in LDAP. You can get a very functional Windows network with Samba-3.
Samba-3 is not a cake that has no icing on it. The issue is that Samba-3 gives you most of what Windows NT4 Server gives you. Samba-3 offers a more scalable solution that NT4 (through use of LDAP). Samba-3 is NOT an Active Directory Server -but do you need Active Directory for you site? In most cases the answer is not, Samba-3 is a more than adequate and provides a total solution architecture that can more than suffice.
I am writing a new book that documents step-by-step how to implement the type of solution you described as what would meet your needs. It expands on chapter 2 of "The Official Samba-3 HOWTO and Reference Guide" and goes all the way to providing detailed complex solutions. That chapter is not in the Samba-HOWTO-Collection.pdf because until April next year it is under delayed release - at that time it will come out under the GPL and will become part of the Samba-HOWTO-Collection.pdf.
The comments I put in the HOWTO documents regarding Samba-3 not being an AD Server (and what you can no do with it) are specific answers to people who absolutely must have a total and complete knock-off of Windows 200x and Active Directory. I can tell you now, that will never happen. Samba is Samba, it will never be a Microsoft server. Samba has enhancements (yes, even now) that give it distinctive advantages over Windows NT4 and 200x. My advice is to use its strengths and do not focus on what Microsoft do and how they do it. If the documentation can do with improvement (I sure it can) and you see an angle that will help someone else, then document it and your name may also end up in the attribution list.
Above all, if you have a specific problem or question - ask me. If I can possibly spare the time, or have something to contribute I will.
- John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
