[CentOS] Re: Fix passwd/shadow/group files? -- Samba 3.0 v. ADS v. CIFS

[Bryan J. Smith]

From:  Feizhou 
> You assume too much and you are not clear enough in what
> you post.

You didn't even know what a KDC was, so my assumptions were pretty easy to make.
You keep saying "Samba, Samba, Samba" over and over like Samba does it  all.
It does _not_.

> Geez....I've been trying to get whether you are saying there was a way 
> to do the whole ADS DC thing without a MS-Kerberos in the mix.

And I've been trying to tell you that:
1)  MS Kerberos extensions are now part of UNIX/Linux Kerberos 5 implementations
2)  Hence why Samba 3.0 does _not_ provide this, it merely uses it.

So _yes_, you _can_ bypass the need for a native Windows ADS DC on your network!
But _no_, Samba 3.0 does not provide functionality for sync'ing Samba DC to MS ADS DC.

It's an "all Samba" or "all MS DC" choice.

> How do you get centralized user account management without
> MS Kerberos?

Again, MS Kerberos are just extensions to Kerberos, ones supported in new, open source Kerberos 5 servers.
If they hadn't, then Samba 3.0 would not be able to act as either a member server in a MS ADS network,
or emultate a MS Kerberos KDC without one.
This has *0* to do with Samba.

There are thousands upon thousands of enterprises running with Novell eDirectory, NsDS, Sun One, etc.. using their own management suite for Windows clients.
In many cases, a few are vastly more experienced, featured and superior IMHO.

I think what you're looking for is an experience where all the interfaces and schema are emulated to you can run any Microsoft management tools,
tools written explicitly for undocumented MS schema and interfaces.
You're looking at the problem from an impossible solution standpoint.

That's the problem.