Erwin Fritz wrote:
Paul Gienger wrote:
It sounds like you need to pick a network directory service and go with it, I'd suggest LDAP over NIS any day. I have had a solaris (9 I think) box running happily over LDAP and AD2000, although it was just for test.
Oh, I totally agree with you on choosing LDAP over NIS. The problem is that if I go LDAP, I'd prefer a non-proprietary solution, and that means OpenLDAP. There are known conflicts between Solaris's built-in LDAP libraries and OpenLDAP (but those can, in theory, be gotten around, although I've run into grief attempting to do so).
Solaris 9 works fine with OLDAP, maybe even AD if your structure looks right, and provided you add some non-standard things (DUAConfig) to your schema it will even stop complaining about most things, 8 not so much. 8 was a PITA in general.
You need a central structure to hold your SID mappings if you're traversing machines, AFAICT, the only network structure supported is LDAP.
In theory, AD is LDAP-compliant, although Microsoft's added a bunch of tweaks. So I was hoping to us AD as the LDAP repository. That many not work, though, and may be the cause of a lot of my problems.
When you got it to work, did you use a separate LDAP repository for SID mappings? Or did you manage to store them in AD?
We went oldap, but I believe I've seen someone using AD for that. I'm no AD wizard, so I can't offer too much of a suggestion there.
I'd prefer to have only one LDAP server running, and the architecture here already has AD. So I'd like to keep things simple and use AD as that repository if I can. I'm willing to build an OpenLDAP server if I have to, but that seems redundant to me.
As an FYI, you'll have to build the oldap server to compile samba against, but that doesn't mean you have to 'run' it.
I am an old school Sun guy (but System V, not BSD!), but I agree that NIS is obsolete, has a million security holes in it, and deserves to be given a decent burial.
I'd settle for burning it at the stake. Most of my hostility for NIS comes from NIS+ (or NIS- as I called it 'round these parts), but a NIS by a different name... still stinks like poo.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto: [EMAIL PROTECTED]
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
