Re: Samba vs NFS
From: Michael Bartosh (local Account) (mbartosh_at_mac.com)
Date: 02/22/05
- Previous message: Steve Barnet: "Re: Samba vs NFS"
- In reply to: Randy Williams: "Re: Samba vs NFS"
- Next in thread: Randy Williams: "Re: Samba vs NFS"
- Reply: Randy Williams: "Re: Samba vs NFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 22 Feb 2005 11:15:16 -0700 To: Randy Williams <randyw@techsource.com>
On Feb 22, 2005, at 7:13 AM, Randy Williams wrote:
> Since Samba 3.0 came out, Samba has been able to imitate a Full
> Windows 2000 Active Directory domain and is quite powerful.
Nope, this is a focus of Samba 4 / TNG / Whatever.. Samba 3 can only
participate in an AD Domain, supporting kerberized authentication.
As long as you're using Kerberos (assuming a strong enc typ; the
default iirc is ArcFour for AD, which should be fine) or even NTLMv2
(corresponding to an lm security setting of 5 on the AD side) you
should be relatively secure on the authentication front. Encrypted
transport is another matter.
There's really no good, easily supportable way to do this without a
real VPN. Unless your users are relatively sophisticated ssh tunneling
is very cumbersome to support...no UDP support (oops NFS is mostly out)
unless you do ppp over the ssh tunnel which is an order of magnitude
more complicated..
__
Michael Bartosh
Essential Mac OS X Server Administration
O'Reilly, forthcoming
http://www.pantherserver.org/buy
- Previous message: Steve Barnet: "Re: Samba vs NFS"
- In reply to: Randy Williams: "Re: Samba vs NFS"
- Next in thread: Randy Williams: "Re: Samba vs NFS"
- Reply: Randy Williams: "Re: Samba vs NFS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
