Bryan J. Smith wrote:
On Sun, 2005-07-17 at 22:29 +0800, Feizhou wrote:
Since when did Samba manage to pull off become an ADS DC for Windows 2000/XP workstations?
At this point, you're hopelessly lost. I can keep talking about it, but you won't get it until you have some "technical background."
You assume too much and you are not clear enough in what you post.
First off, read up on Samba 3.0. It is a set of "technologies" for Windows interoperability. To emulate an ADS DC, you have to add LDAP and MS Kerberos into the mix. It _only_ emulates it to a point.
Geez....I've been trying to get whether you are saying there was a way to do the whole ADS DC thing without a MS-Kerberos in the mix.
The only "big issue" is what Microsoft is doing with ADS. MS is purposely tying its services to its own MS LDAP schema and interfaces into that schema, in order to make all networks completely reliant on its own, native ADS. This will be a "moving target" for Samba.
The key is to _not_ adopt MS services that require those ADS-only schema and interfaces -- e.g., MS Exchange, MS SQL Server, etc... Enterprise with 10,000+ nodes do _not_ because they do not scale. In the worst case, they limit their exposure to them -- "regionalize" or "departmentalize" their deployment.
How do you get centralized user account management without MS Kerberos?