Re: Samba vs NFS
From: Michael Bartosh (local Account) (mbartosh_at_mac.com)
Date: Tue, 22 Feb 2005 11:15:16 -0700 To: Randy Williams <firstname.lastname@example.org>
On Feb 22, 2005, at 7:13 AM, Randy Williams wrote:
> Since Samba 3.0 came out, Samba has been able to imitate a Full
> Windows 2000 Active Directory domain and is quite powerful.
Nope, this is a focus of Samba 4 / TNG / Whatever.. Samba 3 can only
participate in an AD Domain, supporting kerberized authentication.
As long as you're using Kerberos (assuming a strong enc typ; the
default iirc is ArcFour for AD, which should be fine) or even NTLMv2
(corresponding to an lm security setting of 5 on the AD side) you
should be relatively secure on the authentication front. Encrypted
transport is another matter.
There's really no good, easily supportable way to do this without a
real VPN. Unless your users are relatively sophisticated ssh tunneling
is very cumbersome to support...no UDP support (oops NFS is mostly out)
unless you do ppp over the ssh tunnel which is an order of magnitude
Essential Mac OS X Server Administration