I'm being told by our sysadmin that a Linux box on the network that is a member of a Windows 2000 AD Domain requires that a cal be expended for a user to connect to a Samba server. Thus, you are not escaping the MS Licensing and CAL requirements for the operation of the business, even by using a Samba file server. Becasue you need to authenticate to a PDC to gain access to the samba server, you're still needing MS License CALS to connect and therefore - What's the use of going Linux?

I'm having a hard time with this and would like all the good input and clarifications I can get.

Thanks in advance,

This has been discussed on the Samba mailing list, albeit 3 years ago:

http://lists.samba.org/archive/samba...il/018995.html

You can also check the following link for an over view of the Win2000 CAL:

http://www.microsoft.com/windows2000...cing/model.asp

If your looking to avoid the CAL, remove your Win2000 PDC. Samba is perfectly capable of functioning as a PDC, and in many ways out preforms a windows based PDC.

See
here
and
here

Why not set up the Samba server as a PDC and stop paying the big bucks to MS?

Heh, yea that was my question .

Thanks to those who have replied. Your answers were really useful and enlightening. I find myself burning up over the idea that I put up a non windows machine using software that was not authored by MS and is not controlled by MS and itself has no connecttion licenses involved with it and yet the MS fee is still needed. It makes you come to the very stark realization that this MS notion that an MS Domain control - single sign in - is like buying a jail and then locking yourself up in it and then everyttime you try to escape, you sort of happily pay the jaoiler some more money to not let you escape. I've concluded that businesses are bilked of tons of money for this and they do not see that a kind of freedom to access and use their own bought and paid for resources is available to them using other software solutions.

However, as I look at moving foreward with technology, I find that customers that I have now are buying into the MS world and are also moving more and more into the W2K3 platform and would seriously ask - Why would you want to setup an NT4 Style Domain at this point in time. They would all consider that the Active Directory is the route to go. I'm not sure how to fight that. Seems to me that I'd really like to see the Samba team catch up to doing a Win2000 AD level PDC implementation. Some reading indicates that they cannot do this due to some issues with the MS closed Kerberos extensions??? Not sure on this area.

Thanks Again

If your licensing is USER based, then you would require CALS for your users, but you would not require a server license for the device. And if you are using node based licensing, you would have the same thing...you need to have a CAL for any device that authenticates against the DC. AD/Linux integration is not going to be a mechanism to avoid microsoft licensing, but rather a way to manage your linux resources with AD tools, I suppose.

Also, it's my understanding (second hand), that there is an LDAP GINA now for NT based devices (NT/2k/2k3/XP) that will allow authentication against an OpenLDAP environment. I am unsure of yet if that will require a Kerberos environment as well. Might be an interesting thing to look into, once I get back into the lab.

- If your customers are content with AD, don't mind paying licensing, and don't mind the constant patching, then just bill them for all of it and go on with your life. There's nothing wrong with that. It's not a sin, although some would have you believe so.

- If you truly want to rid them of AD -there's a simple question to ask. What is AD doing for them that NT Domain structure doesn't handle? Are they implementing group policies? Is it the redundancy you want? What's really being used in AD that's helping the business?