On 01/29/2014 06:51 AM, James B. Byrne wrote:
I would have to ask why you're doing such a thing in the first place? You have a perfectly good working Active Directory setup, that people are already familiar with, I suspect with existing MS clients which integrate fully (and "properly") and you want to replace it with a Samba based setup. Unless you have a relatively simple setup, I would say don't change. However, if you are looking to move to something else, then do that. Why fix to Samba? Why not go with a full on Kerberos/LDAP environment?
FWIW, we use CentOS 6 with Active Directory Authorization. Things have worked fine for us for about 1 year. It took a VERY long time to get setup and working, but it is now.
The main reason is the age of the equipment and software. The current domain controller host is from c.2004 and the software is Microsoft Advanced Server 2000. The Windows 7 workstations work with this AD but there are a few quirks.
As the equipment is well past its best before date we need to replace it. We have virtualised just about everything else saving only the desktop workstations and this is another candidate for virtualisation.
As a company we are moving everything we can to FOSS and away from proprietary interests. Therefore the combination of moving from MS-AS2000 and a dedicated host to Samba4 running on a virtualised guest seems an attractive option, provided that it works. Thus my question.
As a CentOS/Linux shop serving clients who are primarily Windows-based, this is also attractive to us. However, initial research indicates that while it probably can work, it's by no means trivial.
EG: http://news.idg.no/cw/art.cfm?id=07B0DED3-A627-9A9A-C05097D23C5FD44F
Our intentions (round tuit, etc) at this point are probably to work with Windows Live in more of a "client" role for SSO, though we haven't started, it's a second-level priority at this point. Personally, I'd love to see a website/project put together to document the needs and solutions of corporate/enterprise level Samba4 users, but I'm not aware of such already existing.
Ben