LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] 
  From: Boman, Jamz <jboman@netbridge.com.au>
  To  : 'glen.turner@aarnet.edu.au' <glen.turner@aarnet.edu.au>
  Date: Sat, 29 Jan 2000 04:28:49 +1000

Re: Linux as an NT Server replacement

----Original Message-----
   >From:     	Glen Turner <glen.turner@aarnet.edu.au>
   >To:         	linuxsa@linuxsa.org.au
   >Subject:     	Re: Linux as an NT Server replacement
   >Date:    	Thursday, January 27, 2000 8:18 PM
   >
<big-time snipage>
   >
   >> 8 DNS standard
   >
   >The ISC DNS is much better than the MS version.
   >
   >Depending on your client computers, you may need to install both
   >DHCP and DNS and do DNS Dynamic Updates.  Rumour is that Win2000
   >pretty much needs this in a corporate environment.

Well Microsoft appears to have realised that the chances of people
actually using their DNS for important stuff is pretty small.  Windows
2000 functions quite happliy just as long as you are running a version
of Bind 8.1.2 or above, or other DNS that supports SRV records (RFC
2052) and Dynamic updates (RFC 2136)

   >
   >Daryl Tester wrote:
   >>
   >> Active Directory is, I think, Microsoft's rebadging of LDAP.  I
wonder
   >> what they think a "Passive Whatever(TM)" is (probably a
blue-screened
   >> NT box)?
   >
   >Unfortunately not.  Microsoft's directory model varies significantly
   >from the LDAP model.  MS namespaces aren't really heirarchical, for
   >one.  AD will use LDAP as a replication mechanism.  So suppossedly,
   >you can change attributes in NDS and they will update in AD via
LDAP.
   >This sort of gatewaying has always been trouble, and you'd want to
   >test it well before relying on it to work.

Well more likely is that the syncronisation connectors for Active
Directory use a thing called ADSI, which is Microsoft's own native API
for talking to and programtically manipulating the Active Directory, I
havn't actually found out if all of the AD features are available under
LDAP, but you can expect MS will certainly make your life easier if you
use their ADSI.

   >
   >The Win2000 authentication environment is also a disaster zone.  I
   >think Richard is reverse engineering this for Samba right now.

Well this should be interesting because apparently the NTLM challenge
response has been replaced by a Kerberos authentication, which may in
the end make it easier for the SAMBA team.


Jamz.
Index: [thread] [date] [subject] [author]
Return to the LinuxSA Mailing List Information Page