Re: Samba vs NFS

From: Michael Bartosh (local Account) (
Date: 02/22/05

  • Next message: net shark: "RE: Samba vs NFS"
    Date: Tue, 22 Feb 2005 11:15:16 -0700
    To: Randy Williams <>

    On Feb 22, 2005, at 7:13 AM, Randy Williams wrote:

    > Since Samba 3.0 came out, Samba has been able to imitate a Full
    > Windows 2000 Active Directory domain and is quite powerful.

    Nope, this is a focus of Samba 4 / TNG / Whatever.. Samba 3 can only
    participate in an AD Domain, supporting kerberized authentication.

    As long as you're using Kerberos (assuming a strong enc typ; the
    default iirc is ArcFour for AD, which should be fine) or even NTLMv2
    (corresponding to an lm security setting of 5 on the AD side) you
    should be relatively secure on the authentication front. Encrypted
    transport is another matter.

    There's really no good, easily supportable way to do this without a
    real VPN. Unless your users are relatively sophisticated ssh tunneling
    is very cumbersome to UDP support (oops NFS is mostly out)
    unless you do ppp over the ssh tunnel which is an order of magnitude
    more complicated..

    Michael Bartosh
    Essential Mac OS X Server Administration
    O'Reilly, forthcoming

  • Next message: net shark: "RE: Samba vs NFS"