Sorry if I came off as wanting Samba to be a clone of AD - not at all the case. :-) In fact, I speak as someone who has -never- admin'ed a Windows network, has no idea what AD is capable of, etc.... I've spent all of 5 minutes in front of an AD server, and that's about it. I suddenly find this network dropped in my lap and need to solve these problems quickly. My interest in minimizing the role of AD is as much about self-preservation as anything else. :-)
All I'm trying to assure is that the types of things that we -do- rely on AD for right now can be sufficently replaced by some alternative functionality that Samba provides. It certainly sounds like this is the case. I just think that either the language of that excerpt was a little vague, or (more likely) it's my fault for jumping right to that section and thus not realizing that the context was "XP operating natively as a member of an AD domain", and that there were other options available.
I think the angle that I want to see is this - I think there are a lot of people like me who are traditionally on the Unix/Linux side of the fence, and are suddenly faced with people wanting Windows clients (or inheriting such a network). Instead of embracing that, they fear it, they wall it off, they make Windows it's own world and their network suffers for it. So the angle I want is "Samba: Making Windows Play In Unix's Ballpark" (as opposed to how Samba is more often billed at making Unix play more nicely on a Windows network or appear more like a Windows network....it's a blurry distinction but one which does make things less transparent for me). You'd be surprised (well maybe not -you- seeing as how you've already seen the need for more documentation on this topic) at how most literature on Samba sort of touches on these topics, but ultimately dances around them, or fails to answer them concisely all in one place.
I have enough info to start playing with things - I am currently setting up a testbed consisting of a Linux laptop with a VMWare'd Windows XP on it. I will be sure to document the project and share that documentation with this list. Thanks for the kick-start and the assurance that what I will end up with will be highly functional. :-)
-Fran
At 07:19 AM 11/20/2003 +0000, you wrote:
On Thu, 20 Nov 2003, Fran Fabrizio wrote:
Hrmm. It seems that this (from the HOWTO) puts a MAJOR damper on things....
A damper is a state of mind and an attitude that is routed in what you can not do. Let's focus on what we CAN do - that's more productive. :)
------------------------------------- Samba can act as a NT4-style DC in a Windows 2000/XP environment. However, there are certain compromises: � No machine policy files. � No Group Policy Objects. � No synchronously executed AD logon scripts. � Can't use Active Directory management tools to manage users and machines. � Registry changes tattoo the main registry, while with AD they do not leave permanent changes in effect. � Without AD you cannot perform the function of exporting specific applications to specific users or groups. --------------------------------------
Considering my goal #6....
6. Preserve as much of the functionality that Active Directory is >>currently providing. This includes login scripts, roaming profiles, all >>the permissions management and authentication, serving a dfs, etc....I >>understand that Samba cannot be an Active Directory server, but I also >>understand that it can do a lot of the same things AD does.
So...no login scripts and some of these other things (policy files, temp
You can have a logon script. You can use NTConfig.POL files.
When we figure out how to implement Group Policy Objects, we will document how to do that. Right now you can have Group settings in NTConfig.POL, and then apply that Policy File to a group.
changes to the registry that get wiped at logout, etc...) are common on our network. Almost all of our Windows clients are XP. Do you truly lose the
What I have described as being possible works perfectly with Windows XP Professional clients.
ability to do all of those things, or can you do older, NT-style versions of some of them by having the XP clients fallback into NT domain compatibility?
You can do with Samba-3 most of what you can do with Windows NT4. There are still millions of networks that have only Windows NT4 servers that are running fine with Windows XP Professional clients. Samba-3 is perfect alternative, which when fully deployed significantly reduces the need for Active Directory.
You can get a highly scalable Samba-3 based network (using an LDAP backend). You can store UNIX POSIX account information in LDAP. You can get a very functional Windows network with Samba-3.
Samba-3 is not a cake that has no icing on it. The issue is that Samba-3 gives you most of what Windows NT4 Server gives you. Samba-3 offers a more scalable solution that NT4 (through use of LDAP). Samba-3 is NOT an Active Directory Server -but do you need Active Directory for you site? In most cases the answer is not, Samba-3 is a more than adequate and provides a total solution architecture that can more than suffice.
I am writing a new book that documents step-by-step how to implement the type of solution you described as what would meet your needs. It expands on chapter 2 of "The Official Samba-3 HOWTO and Reference Guide" and goes all the way to providing detailed complex solutions. That chapter is not in the Samba-HOWTO-Collection.pdf because until April next year it is under delayed release - at that time it will come out under the GPL and will become part of the Samba-HOWTO-Collection.pdf.
The comments I put in the HOWTO documents regarding Samba-3 not being an AD Server (and what you can no do with it) are specific answers to people who absolutely must have a total and complete knock-off of Windows 200x and Active Directory. I can tell you now, that will never happen. Samba is Samba, it will never be a Microsoft server. Samba has enhancements (yes, even now) that give it distinctive advantages over Windows NT4 and 200x. My advice is to use its strengths and do not focus on what Microsoft do and how they do it. If the documentation can do with improvement (I sure it can) and you see an angle that will help someone else, then document it and your name may also end up in the attribution list.
Above all, if you have a specific problem or question - ask me. If I can possibly spare the time, or have something to contribute I will.
- John T. -- John H Terpstra Email: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
