On Sun, 2005-07-17 at 22:03 +0800, Feizhou wrote:
Are you saying that Samba can emulate ADS DCs?
Yes and no.
Yes, Samba 3.0 can provide ADS DC functionality such as: - Authentication (including full MS Kerberos as KDC**) - Naming (DNS SysRecs, NetBIOS/WINS, etc...) - Basic ADS Schema for DCs in LDAP
This includes: - Samba 3.0 being a "member server" to native Windows DCs
[ **NOTE: IIRC, Microsoft's Kerberos can one-way trust to UNIX Kerberos Realms without issue. But going the opposite way, that's where the MS Kerberos modifications were required. Hence how Samba 3.0 can be a member server in a native Windows DC ADS setup, or even completely emulate the ADS DC authentication facilities in the absence of any Windows DCs and it controls the ADS network. ]
But no, Samba 3.0 cannot: - Handle extensive, ADS-centric Schema (e.g., Exchange) and interfaces - Be a DC to other, native Windows DCs
These are likely _never_ to happen (especially the first one).