From: Feizhou > I know what a Kerberos authentication system is. > You mean a core component in Samba 3.0's functionality as an ADS client. You're still artificially limiting your understanding. Kerberos (with the MS extensions in the case of 200x/XP) is how objects authenticate each other and grant tickets for access in a Kerberos realm. Samba can use Kerberos how it sees fit. As a client/member server (with MS Extensions) to native MS ADS DCs, or to 200x/XP clients in the absence of native MS ADS DCs. The issue is when you have native MS ADS DCs, because Samba doea not understand MS ADS DC-to-DC replication. Otherwise, the authentication process to clients is no different. But that's only authentication. Again, stop thining "aggregate," think naming, directory, authentication and file services individually.