:: Re: [DNG] Request for comments - tr…
Pàgina inicial
Delete this message
Reply to this message
Autor: Rowland Penny
Data:  
A: dng
Assumpte: Re: [DNG] Request for comments - training room
On Mon, 3 Dec 2018 18:46:13 +0100
Alessandro Selli <alessandroselli@???> wrote:

> On 03/12/18 at 18:19, Tomasz Kundera wrote:
> > On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny <rpenny@???
> > <mailto:rpenny@samba.org>> wrote:
> >
> >     On Sun, 2 Dec 2018 14:28:25 +0100
> >     Tomasz Kundera <tnkundera@???
> > <mailto:tnkundera@gmail.com>> wrote:

> >
> >     > You can still use NIS if you don't need the power (and
> >     complexity) of
> >     > samba.
> >     >

> >
> >     NIS is a bit outdated and Samba isn't that complex from a Linux
> > point of view.

> >
> >
> > It is outdated because?
>
>
>   It's unencrypted, hard to firewall, unsecure by design.
>
>
> > It works, at least in simple cases.
>
>
>   Yeah, sure, even rsh works (sometimes), still it's a very outdated
> protocol.
>
>
> > The choice depends on your needs. Samba is not needed everywhere and
> > yes, it is more complex then a simple NIS installation.
>
>
>   My experience differs.  NIS relies on a number of RPC services,
> local and netwide settings (nisdomainname vs. fqdn), server- and
> client-side commands, files and related DBs that the first time I
> could get it to work I uncorked the finest sparkling wine I had and
> rushed to set everything I had done in virtual stone:
>
> http://alessandro.route-add.net/Unixalia/configurare_NIS.html (in
> Italian, sorry).
>
>
>   A few years later, my first Samba installations were not as painful
> and time-consuming, it's all in one config file (well, two with
> smbpasswd), but maybe that's because I was not using it from Windows
> PCs.
>
>
> > I do not suggest that samba is a bad choice. It depends on the needs
> > as I have written above.
>
>
>   I suggest to stay away from NIS except in a few cases:
>
> 1. it was already setup and configured by someone else and it's
> working; 2. it's operating in a secure, non critical environment;
> 3. people in the organization are already familiar with it (ie,
> they're all grey-haired or bald and gray-bearded or look like Yoda);
> 4. long-term support is not an issue.
>
>
>   In all other instances, run LDAP and/or Samba instead.


To be honest (did I say I was biased ?) I would go with a Samba AD
domain, the provision does it all for you. You end up with a
centralised server that runs a KDC, dns server and LDAP, all you have
to provide is users & groups. It provide native authentication for
Windows PCs and can very easily be used for Unix clients.

Rowland

>
>