[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Saturday 13 June 2009 23:17, Grant Sewell wrote: > On Sat, 13 Jun 2009 09:31:08 +0100 .... > > With regard to "domain controllers". Essentially a Windows Active > Directory Domain consists of LDAP with Kerberos... however, they seem to > have been put together in a rather unholy manner by Microsoft (or at > least I'm finding it a P.I.T.A trying to get Linux to auth against our I've hear that MS went out of their way to ensure that AD was incompatible with LDAP - why let a 300,000 user setup do all their security on two or three linux boxes when you can sell them a whole MS server farm! I've also hear that the work done to do this prevents AD expanding easily -hence £16billion being wasted on the IT single sign on project. > SBS2008 "domain controller"). This has been the case since Windows > Server 2000. > > Windows NT, however, played by different rules. SAMBA can act as an NT > domain controller very nicely thank you, and Windows machines (even > Vista) can "join" an NT/SAMBA domain without any problems. I've heard that sine the samba group documented SMB MS now have an idea how it works and have since added a couple of parameters to Vista that need to be considered to make it work properly. > > With an "NT" style domain, however, you lose the ability to control > things with "group policies" (which, despite the name, have little to > do with the "security groups" you can create in an Active Directory > domain). You can do local group policies - not sure exactly how they compare though. Tom te tom te tom > > If you do decide to go down the "domain controller" route, I would > personally not recommend Small Business Server 2008. > > Grant. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html