On Sun, 2005-07-17 at 09:13 -0500, Bryan J. Smith wrote:
But no, Samba 3.0 cannot:
- Handle extensive, ADS-centric Schema (e.g., Exchange) and interfaces
- Be a DC to other, native Windows DCs
These are likely _never_ to happen (especially the first one).
But the good news with Samba 3.0 is that it _can_: - Be a BDC or PDC to native Windows NT 4.0 PDC or BDCs - Completely emulate all CIFS/PDC functionality
In other words, you can replace _all_ NT 4.0 PDCs and/or BDCs with Samba 3.0. You can even put in a Samba 3.0 instance as a BDCs, then promote it as a PDC with virtually no issue -- getting rid of any NT 4.0 requirement on your network.
You can then enable the ADS functionality, and have a network that looks like an ADS domain from the Windows clients and even native Windows member servers.
But no, it won't work with Windows services that extend the schema (e.g., Exchange) and not, it won't replicate with native Windows DCs.
How you address that -- either making your UNIX network native Windows ADS' bitch, or segment the UNIX and Windows networks, and use facilities to synchronize passwords, schema, etc... (be they free or various commercial utilities) -- is up to you.
But Samba on its own is _not_ an "enterprise directory solution." It is just the facility by which various Windows interfaces and services are supported. Even it still relies on external LDAP and Kerberos mechanisms for schemas/store and authentication/store, and you should remember that those LDAP and Kerberos mechanisms can be used for _real_ UNIX capabilities outside of just Samba. E.g., there are ways to store various, former NIS maps in LDAP (such as NFS automounter maps), as well as authentication UNIX systems _directly_ with Kerberos.
Sometimes people get so focused on Samba, and using 2nd or even 3rd compounded services upon compounded services through Samba -- they forget to use the native UNIX service. E.g., authenticating UNIX/Linux users with NTLM, instead of just using Kerberos.