Date: Sun, 31 Jul 2005 09:57:34 +0000 From: Robert Slade <bsd@bathnetworks.com> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD Active Directory Server Message-ID: <1122803853.16431.45.camel@lmail.bathnetworks.co.uk> In-Reply-To: <42EC8F3E.20202@meijome.net> References: <4377.192.168.0.200.1122725036.squirrel@192.168.0.5> <42EC8F3E.20202@meijome.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2005-07-31 at 08:43, Norberto Meijome wrote: > martin@orbweavers.co.uk wrote: > > Has anyone any experience trying to make FreeBSD an Active Directory > > Server? From my research and experiementation, I am under the impression > > that it is possible, but I have yet to come up with any articles where it > > has actual been done fully. > > it may be not relevant, or simply wrong, but IIRC, e-smith , a linux > distrib that was started by mitel, ( http://www.e-smith.com/ ), has > Samba *and* winXP sees it as a domain. I can't recall if it's an AD (I > *think* it is, as the esmith server runs LDAP, iirc). > > The trick to let the client see the linux/samba server as an AD server > was to disable some kind of encryption / cert related option in the > client's registry. > > I'll see if i get hold of the colleague that worked on this and ask him > the details. > > hope this is of some help. > > Beto I've been following this tread with some interest as I am looking to replace a small network running W2k server with a BSD centred one. The Samba site - http://us2.samba.org/samba/ has some very useful information including Howtos and examples. There is however, a warning: " At this time any appearance that Samba-3 is capable of acting as a domain controller in native ADS mode is limited and experimental in nature. This functionality should not be used until the Samba Team offers formal support for it. At such a time, the documentation will be revised to duly reflect all configuration and management requirements. Samba can act as a NT4-style domain controller in a Windows 2000/XP environment. However, there are certain compromises: * No machine policy files. * No Group Policy Objects. * No synchronously executed Active Directory logon scripts. * Can't use Active Directory management tools to manage users and machines. * Registry changes tattoo the main registry, while with Active Directory they do not leave permanent changes in effect. * Without Active Directory you cannot perform the function of exporting specific applications to specific users or groups. " I am currently working on setting up the network, and one of the things that is quite clear is that full ADS functionality is not necessary. My view is that for a small network, roaming profiles, printer and file sharing is all that is really necessary. It looks like Samba has no problem with that. I think that the real problem with answering the original post is that the question is too general. There are a number of different examples dependant on the network requirements on the Samba site which could be taken as a start point. Rob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1122803853.16431.45.camel>