On Sun, 2005-07-17 at 22:29 +0800, Feizhou wrote:
Since when did Samba manage to pull off become an ADS DC for Windows 2000/XP workstations?
At this point, you're hopelessly lost. I can keep talking about it, but you won't get it until you have some "technical background."
First off, read up on Samba 3.0. It is a set of "technologies" for Windows interoperability. To emulate an ADS DC, you have to add LDAP and MS Kerberos into the mix. It _only_ emulates it to a point.
At the _same_time_, read up on these "technologies" ...
1. Naming Services: DNS, UNIX resolver, DNS, Windows resolver modes, NetBIOS, WINS, SAP, NLSP
2. Network Authentication: NT Security Accounts Manager (SAM), NT/LAN Manager (NTLM), NTLMv2, RSA, DH/DSS Kerberos, MS Kerberos
3. Directory Services: X.500 DAP, LDAP, Common UNIX Schema, Common Windows Schema
4. File Services: NFSv2, NFSv3, NFSv4, SMB (various, incompatible versions), NCP, AFS
Once you have a "grasp" on the "technologies", you can understand how: - MS CIFS (NetBIOS/WINS, network-SAM, NTLM, SMB) - MS ADS (DNS, LDAP-SAM, MS Kerberos, SMB) - Novell Bindery (SAP, Bindery, RSA, NCP) - Novell NDS aka "eDirectory" (NLSP/DNS, X.500 DAP, RSA, NCP) - Sun NIS (UNIX resolver, flat-maps, UNIX local, NFS) - Sun NIS+ (UNIX resolver, DAP-like, RSA, NFS) - Sun One (DNS, LDAP, RSA, NFS)
_Everything_ is _always_ "piecemeal" in a network. CIFS, ADS, Bindery, NDS, Sun One, etc... just presents everything as "integrated."
A. And also read up on client modifications like: - pGINA (replacement NT/200x/XP Graphical Login) - NSSwitch (Linux, Solaris, others) - PAM (Linux, Solaris, others)
You can use different client/server solutions in different networks, _regardless_ of what the "real backend" may be.
The only "big issue" is what Microsoft is doing with ADS. MS is purposely tying its services to its own MS LDAP schema and interfaces into that schema, in order to make all networks completely reliant on its own, native ADS. This will be a "moving target" for Samba.
The key is to _not_ adopt MS services that require those ADS-only schema and interfaces -- e.g., MS Exchange, MS SQL Server, etc... Enterprise with 10,000+ nodes do _not_ because they do not scale. In the worst case, they limit their exposure to them -- "regionalize" or "departmentalize" their deployment.