APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Domain or not?

Computer networks are often just automatically set up without much thought: if it's a business, it's set up as a domain, if it's home, it's not. Often nobody even asks the owners of the computers what they might want or bothers to discuss the advantages and disadvantages. If it's business, the users authenticate to a domain, if it's home, they don't.

But not every business needs or even wants a domain login, and some home networks could find it quite useful.

Some things to consider

You don't necessarily need a domain to share resources or protect those shares from improper access. Even if you do use a domain for those purposes, you don't necessarily need a domain login because you can authenticate to specific resources.

Running simple shared resources, either wide open, password protected or with user authentication required, can be much simpler if you have a mixed bunch of servers. Linux and Unix servers running Samba can act very much like a Windows domain controller if desired, but Samba can also be much more flexible and less complicated. The Windows domain model is really at its best when deployed in a large organization with complex security needs, and can be extreme overkill when applied to a small business.

Advantages of a domain login

On the other hand.. having a single point to manage logins, passwords and the user's login environment can make the system administrator's life much more pleasant. If you have complicated security needs, the domain model allows you to finely control who has access to what. You can control who can log in and what happens after they log in, setting the level of control the user has to their own machine if desired. This sort of control is often necessary in a larger organization, but can be useful even in a small home network where you want to prevent children or visitors from making changes to systems. This can move most of the responsibility to the system administrator, and as policies can be applied to groups of users, the administration doesn't have to be particularly burdensome.

If you don't understand all the possibilities, and are unsure of what to do, you really should discuss this with a professional before allowing someone to set up a network that may not be right for you.

See Do you really need a domain controller?.

Got something to add? Send me email.

1 comment

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Tue Nov 1 23:11:26 2005: 1266   drag

I've setup a Linux/GNU/Debian (whatever) domain for my home.. this is my second serious attempt. First went so-so, but this time I understand more about what is going on. It's a basic one based around kerberos, ldap over ssl, and openafs.

Thing that's nice about it is that usually openafs has it's own Kerberos 4 style authentication system, but the way it's packaged is that it works now fine with a the default kerberos 5 setup. It's also nice to have multiple computers and have a symbolic link to my directories over afs. No having to sign multiply on all machines and have instant access to anything via ssh with no passwords or private/public keys is nice.

The downside is that it's much more complicated. On a normal system if DNS goes down then it's just tough luck with the internet for a bit. With mine I have a whole host of networked services that must be maintained just to be able to login and do normal desktop actitivies. More things that I depend on, the more things that can go wrong. Plus it's certainly a lot more work to setup and maintain.

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Doing linear scans over an associative array is like trying to club someone to death with a loaded Uzi. (Larry Wall)

This post tagged: