Server Questions

[Bart Silverstrim]

Patton Echols wrote:

> My understanding is that I can either have the samba server act as 
> another peer on the windows network, or have the server also be a domain 
> controller.  Having it be a domain controller is of interest because I 
> have had prior problems with the existing boxes not seeing each other, 
> and I am told that logging to a domain should solve that.
> 
> The real question is: what other benefits are there to having a domain 
> controller?  Yes, I can authenticate users, but this is a very small 
> network and security is really not that much of a problem.  So anything 
> else?

The real question is, why are your computers having trouble talking to 
each other on a small network?

If you have an internal DNS server that should solve most of the 
troubles you're describing with "seeing each other".  If you're a 
vigilant admin you can set up the DNS to work on the Linux system and 
have it handle name resolution internally.

The biggest advantages to having a domain controller (well, actually an 
active directory server) are single signon authentication for Windows 
systems (so you can log in and browse remote shares without constantly 
entering credentials) and the browsing of resources by name because the 
AD server running DHCP/DNS services will dynamically add and subtract 
names of systems from the server as needed.  At least, those are the 
advantages for us, but we have a thousand-some machines to administer :-)

I didn't see specs on your network but again if it's small and 
relatively static you can either add users to each machine and 
add/subtract IP addresses as needed from your internal DNS server or you 
can put a dedicated Windows system to handle that.  A second option, if 
you have a decent system laying around, is to use another Linux machine 
to run Windows in a VMWare Server session that just runs your DNS/AD 
services.  In a small network it shouldn't be very taxing to do that, 
plus VMWare VM's are a cinch to back up, especially if you can take it 
offline for an hour or two a week.

I would also warn about a lack of security in a Windows environment for 
another reason; just because you trust Mary in Accounting doesn't mean 
that someone isn't going to use Mary's login to do something bad.  If 
she gets infected with a virus/trojan/worm her system will traverse the 
network and infect everything that Mary has access to whether she meant 
to do it or not, and if someone manages to jump into your network 
(wireless, maybe?) then they could find or crack her login and use it to 
gain access to other material. Sometimes those access barriers are a 
GOOD thing. I don't think you said what your small business does but if 
you're accountable to customers (or you have payroll information on a 
computer) you should definitely have an eye on security, unless you 
don't mind a potential lawsuit for negligence.

Just some advice from my lack of experience :-)

-Bart