[CentOS] Re: Fix passwd/shadow/group files? -- Samba is not an enterprise directory solution ...
Feizhou
feizhou at graffiti.net
Sun Jul 17 14:20:58 UTC 2005
Bryan J. Smith wrote:
>On Sun, 2005-07-17 at 22:03 +0800, Feizhou wrote:
>
>
>>Are you saying that Samba can emulate ADS DCs?
>>
>>
>
>Yes and no.
>
>Yes, Samba 3.0 can provide ADS DC functionality such as:
>- Authentication (including full MS Kerberos as KDC**)
>
>
What is this KDC**?
>- Basic ADS Schema for DCs in LDAP
>
>
>This includes:
>- Samba 3.0 being a "member server" to native Windows DCs
>
>[ **NOTE: IIRC, Microsoft's Kerberos can one-way trust to UNIX Kerberos
>Realms without issue. But going the opposite way, that's where the MS
>Kerberos modifications were required. Hence how Samba 3.0 can be a
>member server in a native Windows DC ADS setup, or even completely
>emulate the ADS DC authentication facilities in the absence of any
>Windows DCs and it controls the ADS network. ]
>
>But no, Samba 3.0 cannot:
>- Handle extensive, ADS-centric Schema (e.g., Exchange) and interfaces
>- Be a DC to other, native Windows DCs
>
>
Are you then saying that we can get a Samba 3.0 box to be an ADS DC for
Windows 2000/XP workstations?
More information about the CentOS
mailing list