Chris Bullock wrote:
1. What could be a drop in replacement for our current NT4 domain? 2. What will give us AD type authentication/access and how easy or difficult will it be to set up, ie is there anything as easy as the click and add feature available in AD?
Being a bit more familiar with how your environment looked four years ago (but being in the dark about the strides made since then) I think you're probably going to want something more sophisticated than a single *NIX box with a local password file and Samba.
What I would probably suggest prioritizing is getting a directory service up first. Put user metadata in LDAP, passwords in Kerberos V. Get your toolkit together to effectively manage users in LDAP & Kerberos. Once you've got that done, you will need to dig deeply into Samba documentation and build a new Windows domain with Samba but have Samba use LDAP & Kerberos directly instead of local system auth. This way you don't have to have a samba password file with Windows passwords in it.
Once thing worth looking into, which I have not yet used in production, is Fedora Directory Server. From what I hear it makes life easier than keeping your user metadata in OpenLDAP, which is a fine back end but lacking in efficient front end tools.
Best of luck! -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
