On Mon, 14 Mar 2005, Brian E. Conklin wrote:
Can someone tell me which would be better for performance and manageability for authentications lookups against a Windows2000 Active Directory group, LDAP or the SAMBA helper?
LDAP requires less components to install, but may have troubles with a AC Forest of more than one tree and is somewhat tricky to configure unless you know a little of how MS AD structure exposes itself via LDAP. First playing a little with ldapserach or an interactive LDAP browser is recommended.
Using Samba requires Samba to be fully installed and joined to the AD, the rest is automatic.
If you want to use the "Microsoft Integrated Loing / NTLM" authentication method wherby MSIE automatically logs in to the proxy with the current user credentials then you must use Samba. LDAP is not an option for this due to the Windows specific integration requirements (Samba Winbindd using schannel to the NT Domain controller component of AD in the same manner as an NT member server)
Regards Henrik.
