Bryan J. Smith wrote: >On Sun, 2005-07-17 at 22:03 +0800, Feizhou wrote: > > >>Are you saying that Samba can emulate ADS DCs? >> >> > >Yes and no. > >Yes, Samba 3.0 can provide ADS DC functionality such as: >- Authentication (including full MS Kerberos as KDC**) > > What is this KDC**? >- Basic ADS Schema for DCs in LDAP > > >This includes: >- Samba 3.0 being a "member server" to native Windows DCs > >[ **NOTE: IIRC, Microsoft's Kerberos can one-way trust to UNIX Kerberos >Realms without issue. But going the opposite way, that's where the MS >Kerberos modifications were required. Hence how Samba 3.0 can be a >member server in a native Windows DC ADS setup, or even completely >emulate the ADS DC authentication facilities in the absence of any >Windows DCs and it controls the ADS network. ] > >But no, Samba 3.0 cannot: >- Handle extensive, ADS-centric Schema (e.g., Exchange) and interfaces >- Be a DC to other, native Windows DCs > > Are you then saying that we can get a Samba 3.0 box to be an ADS DC for Windows 2000/XP workstations?