Differences between Active Directory Server and PDC

linux active-directory samba server-message-block

Solution 1:

I'm not sure where to find such a point-by-point comparison. I've done a quick search and I'm not coming uo with much. There is some comparison in the official Samba HOWTO at: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-pdc.html

Here's some of such a comparison based on what I know:

  • With a Samba "PDC", you get a centralized account / group database for your member computers, as you would with an Active Directory domain.

  • You can use the NT 4.0 "User Manager for Domains" tool to manage Samba PDC users. Active Directory can be managed with the (IMHO, cleaner and easier to use) "Active Directory Users and Computers" tool.

  • You can replicate the Samba PDC's security database in a single-master fashion or multi-master fashion between multiple domain controller computers (depending on the back-end you choose to store the password data in). Active Directory is multi-master.

  • A Samba PDC will perform NTLM-based authentication. Active Directory can also peform NTLMV2 and Kerberos-based authentication.

  • A Samba PDC cannot provide Group Policy functionality like an Active Directory domain controller computer can.

Functionally, Samba acts as an NT 4.0 "PDC", so you can use comparison documents between the Windows NT 4.0 domain system and Active directory to give you some additional ideas.

Samba 4.0, which is still under development, is supposed to fufill the Active Directory domain controller function. An experimental branch of the Samba code, called Frankly, also seeks to implement Active Directory domain controller functionality (see http://wiki.samba.org/index.php/Franky).

Solution 2:

HIGH LEVEL

An Active Directory domain controller is basically a server that provides access to the distributed system that is Active Directory. In an Active Directory domain any domain controller can provide full read-write access to the domain. It was the PDC (Primary Domain Controller) in NT4 domains that provided the write-access, then synced down to BDC's (Backup Domain Controllers).

One server in an Active Directory domain will hold the role of PDC Emulator for the purposes of backward compatibility with older NT4 domains. The server that holds this role acts as the middle-man between AD and the older domain's BDC's for the purposes of synchronization and whatnot.

You're good using Samba if you let it know that the PDC is the AD server in the domain that holds the PDC Emulator role.

EDIT: I'm assuming that you already have AD running in your environment. Not quite sure if that's a safe assumption or not, but since you already have some Windows machines up I think my brain just went there.

EDIT2: Ok, since no domain currently exists I would really recommend setting up Active Directory and integrating things into it. It's fairly straight-forward to set up a small AD environment and there are a ton of resources out there to help you get started.

Solution 3:

PDC-style setups are "flat" arrangements, where security is on a peering level. Identity/Authentication is performed inside of a "domain"; think of it as a castle wall with all of the "authenticated" users and computers and other representations living inside of it. When you need to do something in a different domain, you have to establish a trust relationship between the two.

ADS provides hierarchical controls, in a tree-like structure. It integrates Kerberos, DNS, and LDAP concepts into a unified, cohesive holistic approach. Domains using this structure can now be nested inside of a main domain.

Solution 4:

With a single server for authentication only, as seems to be the case in the question, there is probably no difference. Either go with Linux because that's what you know, or with Windows to learn something new.

Samba "PDC" mode is like the Windows NT 4.0 style domains. Active Directory came in with Windows 2000 adds more features on top of that. The more recent a version of Windows Server you have, the more features Active Directory has. (Whether you need them or not is another matter.)

An Active Directory domain controller will provide central authentication, and will also allow other AD features such as Group Policy to be used.

Apart from Group Policy, many of the other improvements in Active Directory really only come into their own with scale: either more clients on bigger networks over more locations, or with more domain controllers.

Related

Improved SharePoint/MOSS 2007 Wiki
How to have downloads be automatically unblocked?
New Windows 2008 Disk Partitioning Offset question - should I worry about it?
What is the button on power supply of the Dell Optiplex 760 workstation for?
How to mount a LVM partition on Ubuntu?
Using rsync to maintain a copy of a directory with a name that changes
Linux programme to show me how much the fans are running?
kaminsky bug - bailiwicks
Making hosted applications resilient to BGP failures
/usr/bin/ld: cannot find -ll
VMWare Fusion — Locked File after Power Cut
Repeatable, reliable SQL Server deployments