On Sun, 2005-07-17 at 09:54 -0500, Bryan J. Smith wrote:
At this point, you're hopelessly lost. I can keep talking about it, but you won't get it until you have some "technical background."
I hope you don't take that as an insult (I know you will though). You didn't know what a KDC is, so you aren't familiar with how ADS works, which is a _core_component_ to Samba 3.0's functionality.
Microsoft is the "king of buy/reuse/non-development," and ADS is little more than the NT SAM stored with LDAP, with a sprawling amount of (poorly designed IMHO) schema with MS-centric Kerberos for authentication. Microsoft was under contractual obligation with MIT to disclose their Kerberos modifications, and even then they sat on it for 2 years, but that it is now well documented and other interfaces reverse engineered from it. The kicker is the sprawling MS LDAP schema, and the interfaces used on the Windows side -- that's a "moving target" reverse engineering issue that will probably _never_ be fully supported.
Now I'm going to take the rest of the day and enjoy my wife, hence why I won't follow-up on any more questions. If anyone needs me for further discussion that is clearly getting "OT" for this list, you can contact me off-list or, better yet, hire me as an independent architect for your organization. ;->