On Mon, 3 Dec 2018 18:46:13 +0100 Alessandro Selli <alessandrose...@linux.com> wrote:
> On 03/12/18 at 18:19, Tomasz Kundera wrote: > > On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny <rpe...@samba.org > > <mailto:rpe...@samba.org>> wrote: > > > > On Sun, 2 Dec 2018 14:28:25 +0100 > > Tomasz Kundera <tnkund...@gmail.com > > <mailto:tnkund...@gmail.com>> wrote: > > > > > You can still use NIS if you don't need the power (and > > complexity) of > > > samba. > > > > > > > NIS is a bit outdated and Samba isn't that complex from a Linux > > point of view. > > > > > > It is outdated because? > > > It's unencrypted, hard to firewall, unsecure by design. > > > > It works, at least in simple cases. > > > Yeah, sure, even rsh works (sometimes), still it's a very outdated > protocol. > > > > The choice depends on your needs. Samba is not needed everywhere and > > yes, it is more complex then a simple NIS installation. > > > My experience differs. NIS relies on a number of RPC services, > local and netwide settings (nisdomainname vs. fqdn), server- and > client-side commands, files and related DBs that the first time I > could get it to work I uncorked the finest sparkling wine I had and > rushed to set everything I had done in virtual stone: > > http://alessandro.route-add.net/Unixalia/configurare_NIS.html (in > Italian, sorry). > > > A few years later, my first Samba installations were not as painful > and time-consuming, it's all in one config file (well, two with > smbpasswd), but maybe that's because I was not using it from Windows > PCs. > > > > I do not suggest that samba is a bad choice. It depends on the needs > > as I have written above. > > > I suggest to stay away from NIS except in a few cases: > > 1. it was already setup and configured by someone else and it's > working; 2. it's operating in a secure, non critical environment; > 3. people in the organization are already familiar with it (ie, > they're all grey-haired or bald and gray-bearded or look like Yoda); > 4. long-term support is not an issue. > > > In all other instances, run LDAP and/or Samba instead. To be honest (did I say I was biased ?) I would go with a Samba AD domain, the provision does it all for you. You end up with a centralised server that runs a KDC, dns server and LDAP, all you have to provide is users & groups. It provide native authentication for Windows PCs and can very easily be used for Unix clients. Rowland > > _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
