Hi,
I'm currently debating migrating from an NT4 domain to an Active Directory domain or to a Samba domain. I would like ideas regarding this migration and the possibilities, or just people's opinion's and/or experiences.

I know AD is far ahead of Samba, but is it worth the money if all you're using it for is user authentication. Isn't it overcomplicated with LDAP and Kerberos?

The background: the company has around 50 people, 40 in london and 10 in another office abroad, connected via vpn. We have 40~ windows machines and 30+ linux servers plus a drizzle of macs (which aren't really important and don't need central authentication).

Will linux work ok with AD or will it be an uphill hackish struggle that will result in fragile authentication that could break at any time or have any unreliability?

Also, am I gonna get hammered for licensing if I try to connect linux clients to the AD because of CALs?


Talk to me please, people.

I'm not pro in these things (I am going to be), but as far as I know samba can work with AD and that samba can authenticates against AD windows server, but in recent release they have progressed and are working to integrate AD completely into samba. I know that simple domain without AD support works well with samba. I recall that AD was impossibel for system i'm talknig about because we weren't able to get kerberos. There was problem with US laws about transporting cyrptographical software outside US.

good luck going pro, it's just about the hardest career you could have chosen now that the market is full and nobody seems to want to take anyone without several years experience and qualifications so nobody seems to be able to get into it now (I know many guys who've failed to get jobs in it here in the last few years, after 2-3 years gave up and all work in different fields now). But don't let me put you off, maybe it's just that way in UK... Latvia is probably very different.

Anyway I'm going to authenticate linux to AD, I've already done the NT4 domain authentication so I just need to do kerberos and ldap in a new test I'm running now for an AD domain.

Tottally OFFTOPIC!

I think I'm in a good position - I already am telecomunication specialist (this is my education) and work with phone networks, but I learn IT in parallel. So I have a job already, but with posibility advance to IT departament . Computers and IT is my hobby (not to say more =). So I hope the situation you described in England won't apply to me.

hopefully not, if you're in a company, it will be much easier to change to IT department in that company than to get into new company. i'd recommend shifting position within your company.