17 Jul
2005
17 Jul
'05
4:20 p.m.
Bryan J. Smith wrote:
On Sun, 2005-07-17 at 22:03 +0800, Feizhou wrote:
Are you saying that Samba can emulate ADS DCs?
Yes and no.
Yes, Samba 3.0 can provide ADS DC functionality such as:
- Authentication (including full MS Kerberos as KDC**)
What is this KDC**?
- Basic ADS Schema for DCs in LDAP
This includes:
- Samba 3.0 being a "member server" to native Windows DCs
[ **NOTE: IIRC, Microsoft's Kerberos can one-way trust to UNIX Kerberos Realms without issue. But going the opposite way, that's where the MS Kerberos modifications were required. Hence how Samba 3.0 can be a member server in a native Windows DC ADS setup, or even completely emulate the ADS DC authentication facilities in the absence of any Windows DCs and it controls the ADS network. ]
But no, Samba 3.0 cannot:
- Handle extensive, ADS-centric Schema (e.g., Exchange) and interfaces
- Be a DC to other, native Windows DCs
Are you then saying that we can get a Samba 3.0 box to be an ADS DC for Windows 2000/XP workstations?