[BBLISA] Chucking samba

[Toby Burress]

On Sun, Apr 25, 2010 at 07:56:12AM -0400, Edward Ned Harvey wrote:
> > From: bblisa-bounces at bblisa.org [mailto:bblisa-bounces at bblisa.org] On
> > Behalf Of Toby Burress
> > 
> 
> "We don't have AD, and don't want one."
> "Samba in quasi-domain, with LDAP password backend"
> "works some of the time"
> "very often does not work from version to version"
> "So I was thinking of ditching Samba for AFS."
> 
> Wow, you want to replace the native, included for free industry standard
> protocol for something that has barely seen the light of day.  And you think
> this will somehow be more stable or more manageable than AD?

I'm not sure AFS can be considered immature.

> 
> Sorry I'm not being helpful toward going the direction you want to go. But
> you're way wrong here, and it sounds like you have a religious objection to
> MS.

We don't have any Windows servers at the moment, and we have OpenLDAP
running with custom schemas.  If you think OpenLDAP + MIT Kerberos +
Samba is a workable replacement for Windows as an AD controller, that's
something I'm willing to investigate, but (a) I've heard it doesn't
work very well, and (b) many (most?) of our workers are on laptops,
which they probably would not want to join to the domain, and we also
have a significant population of OS X users.  While I know that AD
and group policy work very well in a homogeneous environment, I'm not
convinced it's the best tool here.

Also, I'm really only trying to solve one problem, which is reliable
authentication to reliable file shares.  It seems AD is a big hammer
that hits more nails than I have.

That said, if everyone with AFS experience says "oh man I tried it
once and now I'm sterile", then sure, I'll look at other solutions.
AD's (simulated, or with Windows servers) not off the list, but it's
very low.  Right now, AFS is at the top.