Re: FreeBSD Active Directory Server

From: Robert Slade (bsd_at_bathnetworks.com)
Date: 07/31/05

  • Next message: Robert Slade: "Re: version 6 ?" 
    To: freebsd-questions@freebsd.org
Date: Sun, 31 Jul 2005 09:57:34 +0000

    On Sun, 2005-07-31 at 08:43, Norberto Meijome wrote:
    > martin@orbweavers.co.uk wrote:
    > > Has anyone any experience trying to make FreeBSD an Active Directory
    > > Server? From my research and experiementation, I am under the impression
    > > that it is possible, but I have yet to come up with any articles where it
    > > has actual been done fully.
    >
    > it may be not relevant, or simply wrong, but IIRC, e-smith , a linux
    > distrib that was started by mitel, ( http://www.e-smith.com/ ), has
    > Samba *and* winXP sees it as a domain. I can't recall if it's an AD (I
    > *think* it is, as the esmith server runs LDAP, iirc).
    >
    > The trick to let the client see the linux/samba server as an AD server
    > was to disable some kind of encryption / cert related option in the
    > client's registry.
    >
    > I'll see if i get hold of the colleague that worked on this and ask him
    > the details.
    >
    > hope this is of some help.
    >
    > Beto

    I've been following this tread with some interest as I am looking to
    replace a small network running W2k server with a BSD centred one.

    The Samba site - http://us2.samba.org/samba/ has some very useful
    information including Howtos and examples. There is however, a warning:

    " At this time any appearance that Samba-3 is capable of acting as a
    domain controller in native ADS mode is limited and experimental in
    nature. This functionality should not be used until the Samba Team
    offers formal support for it. At such a time, the documentation will be
    revised to duly reflect all configuration and management requirements.
    Samba can act as a NT4-style domain controller in a Windows 2000/XP
    environment. However, there are certain compromises:

          * No machine policy files.
            
          * No Group Policy Objects.
            
          * No synchronously executed Active Directory logon scripts.
            
          * Can't use Active Directory management tools to manage users and
            machines.
            
          * Registry changes tattoo the main registry, while with Active
            Directory they do not leave permanent changes in effect.
            
          * Without Active Directory you cannot perform the function of
            exporting specific applications to specific users or groups. "
            
    I am currently working on setting up the network, and one of the things
    that is quite clear is that full ADS functionality is not necessary.
    My view is that for a small network, roaming profiles, printer and file
    sharing is all that is really necessary. It looks like Samba has no
    problem with that.

    I think that the real problem with answering the original post is that
    the question is too general. There are a number of different examples
    dependant on the network requirements on the Samba site which could be
    taken as a start point.

    Rob

    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Robert Slade: "Re: version 6 ?"

    Relevant Pages