APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Domain or not?

© November 2005 Anthony Lawrence

Computer networks are often just automatically set up without much thought: if it's a business, it's set up as a domain, if it's home, it's not. Often nobody even asks the owners of the computers what they might want or bothers to discuss the advantages and disadvantages. If it's business, the users authenticate to a domain, if it's home, they don't.

But not every business needs or even wants a domain login, and some home networks could find it quite useful.

Some things to consider

You don't necessarily need a domain to share resources or protect those shares from improper access. Even if you do use a domain for those purposes, you don't necessarily need a domain login because you can authenticate to specific resources.

Running simple shared resources, either wide open, password protected or with user authentication required, can be much simpler if you have a mixed bunch of servers. Linux and Unix servers running Samba can act very much like a Windows domain controller if desired, but Samba can also be much more flexible and less complicated. The Windows domain model is really at its best when deployed in a large organization with complex security needs, and can be extreme overkill when applied to a small business.

Advantages of a domain login

On the other hand.. having a single point to manage logins, passwords and the user's login environment can make the system administrator's life much more pleasant. If you have complicated security needs, the domain model allows you to finely control who has access to what. You can control who can log in and what happens after they log in, setting the level of control the user has to their own machine if desired. This sort of control is often necessary in a larger organization, but can be useful even in a small home network where you want to prevent children or visitors from making changes to systems. This can move most of the responsibility to the system administrator, and as policies can be applied to groups of users, the administration doesn't have to be particularly burdensome.

If you don't understand all the possibilities, and are unsure of what to do, you really should discuss this with a professional before allowing someone to set up a network that may not be right for you.

See Do you really need a domain controller?.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> Domain or not?

1 comment

Inexpensive and informative Apple related e-books:

Take control of Apple TV, Second Edition

Take Control of iCloud, Fifth Edition

Digital Sharing Crash Course

Take Control of Numbers

Take Control of Automating Your Mac

More Articles by © Anthony Lawrence

Tue Nov 1 23:11:26 2005: 1266   drag

I've setup a Linux/GNU/Debian (whatever) domain for my home.. this is my second serious attempt. First went so-so, but this time I understand more about what is going on. It's a basic one based around kerberos, ldap over ssl, and openafs.

Thing that's nice about it is that usually openafs has it's own Kerberos 4 style authentication system, but the way it's packaged is that it works now fine with a the default kerberos 5 setup. It's also nice to have multiple computers and have a symbolic link to my directories over afs. No having to sign multiply on all machines and have instant access to anything via ssh with no passwords or private/public keys is nice.

The downside is that it's much more complicated. On a normal system if DNS goes down then it's just tough luck with the internet for a bit. With mine I have a whole host of networked services that must be maintained just to be able to login and do normal desktop actitivies. More things that I depend on, the more things that can go wrong. Plus it's certainly a lot more work to setup and maintain.


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

The easy confidence with which I know another man's religion is folly teaches me to suspect that my own is also. (Mark Twain)

Linux posts

Troubleshooting posts

This post tagged:


Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode