Not a simple question, so not a simple fast answer. My original question is below. At this point I am leaning towards SAMBA. It sounds as though PC Netlink has more features, but some are mainly applicable for managing users from the PC side. And, I am really concerned that PC Netlink will be orphaned. Sun and Veritas are both supporting SAMBA in current or future releases. SAMBA seems to be under very active development. PC Netlink was developed from an AT&T project that had an MS NT source code license , and MS did not give that support with Windows 2000. And, I can't find anyone who is *using* PC Netlink! That alone is telling me something. I am still researching this. I am not very knowledgable about the Windows domains and dont' want to make any mistakes that can't be undone later. Also, although our users don't have Unix shell accounts, we do have a Unix mail server and I would like to synchronize passwords. That's probably not a critical thing in a shop this size, though. The only critical thing is that we can share files with all of our users including the ones on the Active Directory server (which we don't manage) I would like to stay out of the Active Directory business, at least this quarter! Thanks for all the responses Excerpts from answers: ---------------------- >From: "Wianecki, Christopher" <Christopher.Wianecki@sothebys.com> >We are using samba and we love it. We did try the other solution but we did >not like it as much. ---------------------- >From: "Karl Vogel" <vogelke@dnaco.net> >We use Samba in a production environment here, and it works dandy. --------------------------------------------------- From: "Malloy, Jim" <JMalloy@ibasis.net> Samba falls apart when ther are more than a few thousand files in a given directory. If this is an issue, look elsewhere. Veritas makes a SAMBA replacement that we are starting to evaluate, but I don't know much about it ------------------------ From: John Rowan Littell <littejo@earlham.edu> >I looked at PC Netlink for providing MS access to the Solaris boxes, >but I decided on Samba 2.2.x (I'm currently running 2.2.1a on the >Solaris boxes, 2.2.2 on some Linux and FreeBSD boxes). > >I believe you're correct that a W2K PDC requires Active Directory. > >If I recall correctly, Netlink could authenticate users either against >the Solaris box's own accounts (separate password file, though, I >believe, much like Samba's smbpasswd file) or against a W2K domain >controller. I don't know if it supported authentication against a >Samba domain controller or another Solaris/Netlink box. Samba can >authenticate using its own smbpasswd file (which can be tied very >closely to the /etc/passwd file), against a W2K PDC, or against >another Samba instance acting as a PDC. Since you don't currently >have users with Unix accounts, you don't need to worry about migrating >those users to both unix and Windows domain accounts (if you did, you >would not choose a W2K PDC, because that migration path is >nonexistent). > > >At my site, I run a W2K domain with a Samba 2.2.2 domain controller. I >wasn't aware that this was beta code -- the 2.2.x branch is the >current stable branch, and supports a large portion of the PDC >functionality -- at least, as much as I require of it. > > >In any case, though, one of the biggest reasons I chose Samba over >Netlink was to have the same software on all the servers. Since >Netlink doesn't exist for Linux or FreeBSD, Samba it was. If you've >got only Solaris as your unix platform, that particular benefit is >less of a concern. ----------------------- >From: Tim Chipman <chipman@ecopiabio.com> > > >centralized auth with samba, solaris, and windows can be tricky. Options >I know of include, > > >-use kerberos as your central auth mechanism ; install kerb support onto >windows clients and they will generate a ticket, then samba will use the >ticket from them to confirm their identity against the local kerb auth >server. A bit convoluted but it works. (alas requires kerb client >support install on all win clients) > > >-use Samba as your local auth server for everything via PAM (it can be >done, even for solaris shell accounts, crazy as it sounds). Let Windows >boxes auth against this samba box. Piece of cake. > > >-possibly there is a samba-windows arrangement (I've not used but have >read up on..) - requires a reg. patch for windows clients to send >username / password as cleartext for SMB share auth attempts (rather >than a hash). Then you can use kerberos (or whatever) PAM module support >in samba and authenticate against whatever you want via PAM. However, >(1) requires small reg patch for ALL windows boxen, (2) net security >folk always hate cleartext passwords on networks in my experience :-) > > >-remember that if you use per-user Active Dir auth scheme for a real >win2K box, then you will be paying one CAL of $$ per user that >authenticates against this box (typically, anyhow). It can add up, to >say the least :-) > > >I guess the bigger issue (unclear to me from your query) is - where are >Windows clients authenticating currently? What is the desired model? Are >they all running the novell client on their Windows workstations (ugh! >:-) > > >I've been using Samba here (even the "so-called beta" version) for quite >a while here and it is a delight. Painless to administer, setup, >re-configure as needed, and .. it just works. > > >I've played with the PDC functionality and IMHO it is fantastic as well. >At very least you might want to consider testing this in your >environment. The "core" samba has got the PDC features very solid under >its belt now (ie, no longer do you have to run "The Next Generation" aka >bleeding edge Samba to get this feature set). .. so IMHO it is not that >tricky. However, your environment will dictate your constraints .. ------------------------ >From: "D.A. Muran-de Assereto" <dmuran@tuad.org> >TWe've mucked about extensively with NetLink and Samba, and eventually >settled on Samba for various reasons. We support something like 250 NT4 >workstations and 10 NT servers using Samba. >The two products are quite different, as you can imagine. NetLink is based >on the AT&T-NT-on-UNIX server base, which we had run previously in it's >incarnation as Digital Advanced Server for UNIX. Samba is an independent >codebase. >You can set up Netlink to be a domain controller or a member server. Either >way, it authenticates against the NT domain. >Although Samba2+ is capable of acting as a domain controller, it can't do NT >replication, so we use it as a member server. >Netlink can be administered through a nice, slow Java GUI and the NT admin >tools. You can, of course, also use commandline tools. >Samba is adminstered through either a webGUI (swat) or from the commandline. >It can't be controlled from NT. >Some of the issues: >On an E250-class machine, Netlink is a performance loser. It's also more >vulnerable to system failures because it keeps extensive local databases for >configuration. The configuration is more difficult than Samba. It's disk >footprint is a lot larger than Samba's. >Samba is small and quick. The configuration is done primarily through an >ASCII text file. Samba's user mapping and configuration for 500 users takes >up minimal disk space (way less than a meg) and consequently, are very easy >to back up. >Samba requires local UNIX users with accounts to work. We've created a cript >which creates UNIX users with no login privileges. It's a standard shell >script, and is easy to maintain. >Samba has been far more stable than either ASU on Tru64 or Netlink on >Solaris. It has not failed us once in more than two years of use. We used to >have ASU failures on a weekly basis. >Samba is also far faster than ASU or Netlink. Our users (military types) >commented on a perceived 100% improvement over the prior setup. >Our take on the issue was that unless we needed DC functionailty, we'd use >Samba over ASU or Netlink for all purposes. We are currently using it to >service event logs dumps at half-hour intervals from all 260 machines, to >serve home directories, shared directories, and a public directory from a >server which then accesses the UNIX directories on a Veritas cluster through >NFS, and generally to solve all of our UNIX-NT filesharing concerns. > > >Dave Muran-de Assereto >General Dynamics Miami Field Office ---------------------- >From: Bertrand_Hutin@notes.amdahl.com >PCNetlink uses the domain PDC or BDC authentification, if it is a member. >It could also be set as PDC or a BDC. >It is managed by Windows server manager as any NT server. >PCNetlink is a Netbios porting (says Sun) on Solaris and should be >supported. >Samba is reverse engineering. Samba works great, but tuning is a bit more >complicated. I have used Samba on many unixes a few years ago. ------------------ >From: Christoph Haas <ch@acme1.ruhr.de> > > One unresolved question is whether we put a Win2k Active Directory > > server into this mix (it looks as though if you want a Win2k PDC, it > > has to be AD) > > >Now that's gonna be a rather tricky part. AFAIK neither Samba nor PC >Netlink are able to speak a native version of Active Directory (for PC >Netlink in its current version I know this for sure). Plans are (and >there is already a beta version available, but Sun won't tell you >about that) that the upcoming version of PC Netlink 2.0 will allow you >to seemlessly integrate PC Netlink into an Active Directory >Environment, but God only knows if (and when) PC Netlink 2.0 will ever >be released as a GA product. > > >Oh, by the way: Right now (using PC Netlink 1.2 that is) you are not >able to synchronize your passwords between the UNIX and the Windows >world. If you do not need this special feature, and you use PC Netlink >solely as a drop-in replacement for a Windows box, this does not >matter, since the "Windows-side" of PC Netlink will of course >synchonize its user database (including passwords) with any existing >PDC, so no problems here. > > >The above mentioned feature (synchonize passwords between UNIX and >Windows, so you have a single sign-on, using only one password to log >into your windows and your unix shell account) will be released as >part of PC Netlink 2.0, but about the availability of this product see >above. > > > > Another goal (my boss's) is to not run beta software on the > > production network, which seems to rule out using Samba as a > > full-featured PDC. > > >Hmm, as long as you don't want a PC Netlink server to be a PDC/BDC in >your Win2K environment you can use PC Netlink on a Sun box, but if the >server should provide more than just File&Print, you loose. (see above >for using PC Netlink in an Active Directory environment) > > >So this leaves you only two options, both of which include using beta >software: User either Samba or ask your Sun Sales Rep to give you a >copy of the current beta version of PC Netlink 2.0 > > >One last hint: Samba will be an officially supported product in the >upcoming version of Solaris 9, so it drops its status of being "beta >software". This seems to be the way to go, now that even Sun puts it >into its OS. ------------------- > > Checking the archives, it looks like this question hasn't been asked in a > few years, and I know SAMBA is changing rapidly: > What are thoughts on using SAMBA vs PC Netlink to serve Solaris files to > Wintel users? > > We've got users on Novell file servers that we want to migrate over to a > set of (to-be-created) Solaris file servers speaking SMB. One goal is to > get rid of every server that is not either Solaris or Windows 2000, but > that will take time. There's already one Solaris server running Netlink but > it's not talking to the Novell network. I am not sure yet how it is > authenticating the PC users but they are seeing the files as MS Networking > shares, not NFS or Novell, and they don't have accounts on the Unix box. > (the users have a mix of Win2k, XP, NT, and (ugh) Win98) > > One unresolved question is whether we put a Win2k Active Directory server > into this mix (it looks as though if you want a Win2k PDC, it has to be AD) > Another goal (my boss's) is to not run beta software on the production > network, which seems to rule out using Samba as a full-featured PDC. > > We do not, at this time, have end-users logging directly into unix servers. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Mar 6 13:35:14 2002
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:42:36 EST