[CentOS] Re: Fix passwd/shadow/group files? -- Samba 3.0 v. ADS v. CIFS

Mon Jul 18 04:10:52 UTC 2005
Bryan J. Smith <b.j.smith at ieee.org>

On Mon, 2005-07-18 at 08:41 +0800, Feizhou wrote:
> Ok. Which ones? heimdal? MIT?

Both have some compatibility with MS Kerberos -- both its non-compliant
with Kerberos 5 handshakes/datagrams as well as some extensions.

Can they act like a Windows ADS DC?  Of course *NOT*!  Why?
Kerberos is just the authentication portion, it does not provide RPC
services for Windows.  Samba uses these newer Kerberos services, with
its RPC capabilities, to provide those features at winlogon and other
points.

All I'm saying is that if you purposely put on the (actually _invalid_)
constraint that Windows systems can only be managed by a combined set of
services that act 100% like a MS ADS DC, then there's no point in even
discussing this.  The idea that every Microsoft administrative tools,
schema extension and its tools, etc... will work with a 100% Samba 3.0
(_no_ MS ADS DCs) using Kerberos and LDAP for stores will simply be
unlikely in the near future.

But can an set of "open systems" authentication, directory, naming and
file services completely replace all the functionality you expect in a
well-managed Windows network?  Of course!  But no, native MS ADS DCs
aren't going to listen to it.  But MS Windows 2000 Server and even
Server 2003 _can_ be "member servers" under it -- just like Samba 3.0
can be a "member server" when true MS ADS DCs are "in charge."

It all depends on what you use.


-- 
Bryan J. Smith                                     b.j.smith at ieee.org 
--------------------------------------------------------------------- 
It is mathematically impossible for someone who makes more than you
to be anything but richer than you.  Any tax rate that penalizes them
will also penalize you similarly (to those below you, and then below
them).  Linear algebra, let alone differential calculus or even ele-
mentary concepts of limits, is mutually exclusive with US journalism.
So forget even attempting to explain how tax cuts work.  ;->