Re: [Samba] QUESTION: security=ads vs. security=domain
On Wed, 15 Oct 2003 [EMAIL PROTECTED] wrote: Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Have you read the Samba-HOWTO-Collection.pdf that ships with Samba-3.0.x? It might answer your question. Quote: 4.3.4 ADS Security Mode (User Level Security) Both Samba-2.2, and Samba-3 can join an Active Directory domain. This is possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style Domain Members. This is contrary to popular belief. Active Directory in native mode prohibits only the use of Backup Domain Controllers running MS Windows NT4. If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you want to do that? Your security policy might prohibit the use of NT-compatible authentication protocols. All your machines are running Windows 2000 and above and all use Kerberos. In this case Samba as an NT4-style domain would still require NT-compatible authentication data. Samba in AD-member mode can accept Kerberos tickets. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] QUESTION: security=ads vs. security=domain
Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Errol Fouquet - UNIX SysAdmin Minerals Management Service, DOI -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] QUESTION: security=ads vs. security=domain
It gives native membership to Windows 2K (Active Directory) domains which is required to participate in a W2k domain if you are not running in mixed mode. Also gives kerberised authentication to Samba shares which is nice for security and single sign-on. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 15:53 To: [EMAIL PROTECTED] Subject: [Samba] QUESTION: security=ads vs. security=domain Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Errol Fouquet - UNIX SysAdmin Minerals Management Service, DOI -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
