On 1/16/06, Thomas Charron <[EMAIL PROTECTED]> wrote: > Umm. Note the features in Samba 3.0: > > 1) Active Directory support. Samba 3.0 is now able to > join a ADS realm as a member server and authenticate > users using LDAP/Kerberos.
As everyone else pointed out, that means Samba 3.0 can be an AD member (an AD client), but not a Domain Controller (an AD server). Microsoft's terminology is confusing (no surprise): - A "domain controller" provides domain management services. Unlike nix, this isn't just a matter of running another process or two. With NT4, you actually had to choose this during OS install, and couldn't change it later. (That's right, you had to *reinstall the operating system* to change a domain controller's status. Great design there, Microsoft.) With 2000 and later, you (re)configure using DCPROMO (but still have to reboot). - A "member server" is a computer running Windows Server, but acting as an AD (or NTLM) client. (Remember, this is Microsoft's reality, where you have to pay big bucks for the privilege of having more then five people use a computer at once.) So all DCs are servers, but not all servers are DCs. - A "client" is a computer running Windows Pro/Home/Workstation/etc. (Computers running non-Microsoft OSes don't exist.) - A "domain member" (server or client) is an AD client. A "stand-alone" computer (server or client) has no knowledge of any domain, period. The part in the Samba docs about being able to "authenticate users using LDAP/Kerberos" means that the Samba server can authenticate clients of the Samba server using AD (including LDAP, Kerberos, MS-RPC, and chicken bones), rather then NTLM (moldy chicken bones). -- Ben "I sometimes regret knowing this stuff" Scott _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss