>People thing in single products/projects, not breaking down things into their multiple technologies. > >That's all I meant by "artificially limiting." > > > Well, MS made extensions to its LDAP implementation by giving it new RPC calls for its special MS Kerberos data did it not? So if I don't break it down, how else would I point out that ADS DC on open source is not possible unless these extensions are also available in open source implementations of these technoluogies? >>Even if you think you're right, leave some room for the >>possibility you're not. >> >> > >It has nothing to do with right/wrong. >There is just this farce out there that you must have ADS or every native Windows Server 2003 interface to have quality Windows client management. > > Right, but you got me interested in whether an actual open source solution to native Windows MS-Kerberos account management exists when you say that Samba 3.0 could be an ADS DC. >Various teams, including Samba, have done a wonderful job of reverse engineering many. > >But the reality is that if you can avoid deploying services that require MS' sprawling (and sometimes self-incomaptible) schema, >then you don't need native MS ADS DCs. >Enterprises do it all-the-time. > > and native MS account management on Unix?