[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Setting up a UNIX domain
- From: korann <
>
- To: Todd Cullen <
>
- Cc: NET-ADMIN-L <
>, cslug-l <
>
- Subject: Re: Setting up a UNIX domain
- Date: Fri, 14 Sep 2007 13:22:44 -0400
On Thursday 13 September 2007, Todd Cullen wrote:
> Folks,
>
> I am running Windows Server 2003 as a domain controller with ~100
> clients running primarily Windows XP. I have just finished setting up a
> UNIX computer lab that consists of 8 clients running FC5 (with the
> potential of adding more). I would prefer to set up a domain for these
> clients so users, passwords, shares, etc ... can be centrally managed
> and would like some feedback before I start. I have three options at
> this point (ranked from my least to most favorite):
>
> Option 1:
> NFS and NIS. This does not seem to difficult to implement and would
> handle the UNIX clients just fine as a separate domain. It also appears
> that you can add Windows clients to a NFS domain by adding Windows
> Services for UNIX to the client. Has anyone ever done this?
This is simple for the Unix side, but the worst issue is that NFS and NIS are
not secure and do not scale well (roughly on the level of NT).
>
> Option 2:
> Integrate the new UNIX clients into the already existing Windows
> domain. It looks like you can run a number of services (smb, nmb,
> winbind, etc ...) and add a UNIX computer to a Windows domain although I
> seem to recall that there were some issues with this in a Windows Server
> 2003 / PDC / AD setup. In this situation, users would have access to
> their already existing network shares (files and printers).
Samba does this easily (that is where smbd, nmbd and winbind come from). You
do not necessarily need winbind as there are other methods (ie flat file,
LDAP, ... ) of mapping uids to Windows SIDS. Recent versions of Samba have
no problems interacting with 2003 Server, Active Directory or indeed Vista.
You can also treat the windows domain primarily as a kerberos realm and use it
for domain logins, printing, shares, etc.
>
> Option 3:
> Run Samba as a separate PDC. This option gives me the ability to start
> out as a separate UNIX domain and slowly integrate existing Windows
> computers into it as I see fit. The advantage here is that Samba is
> created to handle both Windows and UNIX clients although the UNIX users
> would not have access to their network shares on the Windows domain.
Samba 3 will function as a NT-style PDC to allow you to setup the separate
domain. You can even establish trusts with the Windows domain to allow Unix
folks access to their network shares.
Samba 4 is currently in alpha and has most of the capabilities of an AD domain
controller. It is VERY MUCH ALPHA. Security is not complete. Emphasis has
been on function during most of the development.
>
> Does anyone have any suggestions or recommendations, etc ...
>
> Thanks in advance,
>
> - Todd
>
> * * * * * * * * * *
>
> Net-Admin-L: A forum for network administrators and technology support
> providers at Cornell University
>
> Related Wikis: <http://helpdesk.cit.cornell.edu/techsupportwiki/> and
> <http://netadminwiki.ece.cornell.edu/>
>
> CIT TSP Support Channel: 607-255-8690 or 
--
Mch(Michael Hammond)
(607)255-8575 
(607)277-4565voice (607)277-2216fax
All that is necessary for the triumph of evil is that good men do
nothing - commonly attributed to Edmund Burke (with many variations)
http://www.tartarus.org/~martin/essays/burkequote.html