seeking clarification- Samba CAL License usage with W2K AD Domain network environment
Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
seeking clarification- Samba CAL License usage with W2K AD Domain network environment
I'm being told by our sysadmin that a Linux box on the network that is a member of a Windows 2000 AD Domain requires that a cal be expended for a user to connect to a Samba server. Thus, you are not escaping the MS Licensing and CAL requirements for the operation of the business, even by using a Samba file server. Becasue you need to authenticate to a PDC to gain access to the samba server, you're still needing MS License CALS to connect and therefore - What's the use of going Linux?
I'm having a hard time with this and would like all the good input and clarifications I can get.
If your looking to avoid the CAL, remove your Win2000 PDC. Samba is perfectly capable of functioning as a PDC, and in many ways out preforms a windows based PDC.
Thanks to those who have replied. Your answers were really useful and enlightening. I find myself burning up over the idea that I put up a non windows machine using software that was not authored by MS and is not controlled by MS and itself has no connecttion licenses involved with it and yet the MS fee is still needed. It makes you come to the very stark realization that this MS notion that an MS Domain control - single sign in - is like buying a jail and then locking yourself up in it and then everyttime you try to escape, you sort of happily pay the jaoiler some more money to not let you escape. I've concluded that businesses are bilked of tons of money for this and they do not see that a kind of freedom to access and use their own bought and paid for resources is available to them using other software solutions.
However, as I look at moving foreward with technology, I find that customers that I have now are buying into the MS world and are also moving more and more into the W2K3 platform and would seriously ask - Why would you want to setup an NT4 Style Domain at this point in time. They would all consider that the Active Directory is the route to go. I'm not sure how to fight that. Seems to me that I'd really like to see the Samba team catch up to doing a Win2000 AD level PDC implementation. Some reading indicates that they cannot do this due to some issues with the MS closed Kerberos extensions??? Not sure on this area.
If your licensing is USER based, then you would require CALS for your users, but you would not require a server license for the device. And if you are using node based licensing, you would have the same thing...you need to have a CAL for any device that authenticates against the DC. AD/Linux integration is not going to be a mechanism to avoid microsoft licensing, but rather a way to manage your linux resources with AD tools, I suppose.
Also, it's my understanding (second hand), that there is an LDAP GINA now for NT based devices (NT/2k/2k3/XP) that will allow authentication against an OpenLDAP environment. I am unsure of yet if that will require a Kerberos environment as well. Might be an interesting thing to look into, once I get back into the lab.
- If your customers are content with AD, don't mind paying licensing, and don't mind the constant patching, then just bill them for all of it and go on with your life. There's nothing wrong with that. It's not a sin, although some would have you believe so.
- If you truly want to rid them of AD -there's a simple question to ask. What is AD doing for them that NT Domain structure doesn't handle? Are they implementing group policies? Is it the redundancy you want? What's really being used in AD that's helping the business?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.