Bryan J. Smith wrote: > It can _replace_ a native W2K ADS DC as of Samba 3.0, or > be its "bitch" -- i.e., a "member server" in a native W2K > ADS domain. It can't, however, be a peer DC to a native > W2K ADS DC, and it probably never will, at least completely. Feizhou <feizhou at graffiti.net> wrote: > Please explain this from the Samba Official Howto: > "Samba-3 is not, and cannot act as, an Active > Directory server. It cannot truly function as an > Active Directory PDC" The Samba documentation is saying the same thing I am. What I'm clarifying in addition is that you do _not_ need ADS to authenticate Windows clients, use SMB services, etc... *BUT* it cannot truly act as an ADS server, with all its services, compatibility, etc... > Are you saying that you can integrate Samba 3.0 with a > Kerberos server implementation, a LDAP server implementation > and dns to give a half-cooked (forget Exchange, blah) but > functional ADS DC to host a ADS domain for Windows XP > clients to logon to? In what context? First off, you _can_ authenticate Windows 2000+ clients against Kerberos for various services. Or you can use NTLMv2 instead. You can use SMB signing, or you can disable it. Etc... But, more directly, if you expect a Windows XP client to work with Samba+Kerberos+LDAP "out-of-the-box" you are greatly _mistaken_. Let me say that again, the "Windows XP _client_ to work ... out-of-the-box." GOLDEN INSIGHT: Windows domains and domain controllers (DCs) aren't about the server, they are about the _assumptions_ clients make. Until ADS, the DC functionality was really little more than a network-wise SAM database and a few services. With ADS, there are rich stores. At login, you're talking about the GINA. I know that's what everyone wants the _client_ "out-of-the-box," and maybe some of those "most basic" of services that the native XP GINA for ADS will be reverse engineered to the point they will work with Samba+Kerberos+LDAP. But for now, they do not. And it's very likely Samba will _never_ offer the full ADS RPC suite, just enough for the native GINA will be all they can do. And just in time for Microsoft to release Vista, which will make a whole new set of assumptions of services at the client. ;-> -- Bryan J. Smith | Sent from Yahoo Mail mailto:b.j.smith at ieee.org | (please excuse any http://thebs413.blogspot.com/ | missing headers)