Samba with Active Directory: getting bigger?

Samba with Active Directory: getting bigger?

Since it only considered GConf-based applications, and was started after the projects (shipping KDE only) for which I had time to look at some of these issues, I haven't investigated sabayon much, but documentation on LDAP support in Sabayon is by no means easy to find. Old links no longer work, and searches don't return any relevant results. Very little documentation is shipped with the packages, and I see no obvious way to do this in the sabayon admin GUI.

Yeah. Your right on both the Gconf accounts. My bad. Sayabon is useful for building gconf configurations. You still need some way to deliver them.

I knew that Likewise's commercial product supported using AD to integrate Gnome support. I thought it used a gconf backend, but actually it just turns out to be backed by the use of generated zip files to deliver configurations.

lease do (although, documentation should be sufficient, it has been for me for OpenLDAP, Heimdal, nss_ldap, pam_ldap, samba, sudo etc. etc.). Difficulty depends on many factors, for me it would probably take less time on a pure OSS solution than trying to arrange a Windows server license from the windows guys ...

Dude. Setting up a domain using Samba 4 involves a single command line (after it has been installed). For setting up a SBS requires even less effort then that. The basic functionality for most of this stuff has been around for nearly 20 years. It should be there by default.

And I know for a fact that setting up a active directory system, even with licensing, will be dramatically cheaper then trying to train a bunch of admins to create their own LDAP schema...

In the company I am at at present, HR sends a mail to the Windows admins, who create accounts in AD. In non-AD environments I have made web interfaces available, or (if samba is a requirement) made User Manager for Domains available.

Yes _you_made_it_yourself_. Right. How much does your salary cost? How much time did it take for you to set it up and get it working? How much training did you have to do and how many times did it take for people running into problems with your web interface before you got all the bugs worked out? In terms of dollars try to guestimate how much time and money was spent on that.

Yes it is very possible for people to use OSS solution to setup a Kerberos and LDAP domain for a large business. Its going to take a lot of time and it is going to be very expensive for them to do this.

And you STILL will need a Active Directory server for Windows support

Go and look at a average small or medium business (which is the VAST majority of people. Large corps only employee a minority number of people compared to small/medium enterprises) with 50-500 employees or so. People that cannot afford a full time IT staff or anything of that nature. Their IT person is probably on the level of "some guy that built his own computer". They rely on external support and buying out of the box solutions. They can have the choice of hundreds of Microsoft certified folks that can come in and bang out a AD solution for them in a matter of a couple hours.

Now tell me how well a OSS solution is going to work out for them. (and don't try to tell me that AD is overkill and they should not be using a domain. Small/Medium business still need proper ways to manage resources and security is still important. Also OSS is competing with a established player here and not on equal ground.)

Too much focus is given on "We need an AD-compatible server", and too little on "We need to ensure that we provide means of lowering the cost of configuration, allow less costly implementation of controls", deferring until the gaps are so obvious because a Samba4 deployment with Linux desktops doesn't do what people had hoped.

Right. Active Directory includes the administrative tools as well as the Windows RFC support and other things necessary to manipulate the Windows registry and various scripts integrated into Windows by default to get (very important things)

So yes the AD requires integration on the client side. This is true for Linux. I hinted at this in my other posts by saying you need to have distros with proper integration. I should have emphasized this point more.

The support for integration into a proper domain must be improved on the distro-side. Even with Samba4 making it trivial to create a domain system it still requires more client side configurations to make it work and that should be trivial for end users to accomplish also. Unless that happens then the whole thing is mute.

The other concern is that focusing on Samba4 may worsen the situation where people rely on Windows-based technologies unnecessarily, such as many cases I have seen where people struggle to set up CUPS to Samba to CUPS printing, when CUPS to CUPS works with so little effort.

For XP, at least, IPP support sucks. (this hopefully improved with Vista and Windows 7) So you will still need Samba printing support for Windows clients for the most part. Especially seeing how many businesses try to control costs by monitoring who uses what printer.

But your right that in many cases if your just using Linux/OS X clients then going from CUPS to CUPS is much easier then going from CUPS to Samba+CUPS. Unfortunately that does not eliminate the need for people to configure Samba to work with a CUPS server for most people, unless they go with a fully networked printer (which is likely running Samba anyways... ;) )