John, You said,
"If Samba-3.0.0 is configured as a domain controller with Windows 200x/XP lients these clients can work fine as domain members. There are some compromises that you must accept, none of these are serious issues. " Please clarify these compromises. "At this time the Samba-3.0.0 domain controller will function as a Windows NT4 style domain controller". Do you mean that it will work as a BDC and keep a non-writeable duplicate of the SAM database? "NO! I hope that is clear". Clear as a bell. Are there any plans to add this functionality in the future? Thank you. "John H Terpstra" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Sat, 12 Jul 2003, John Brown wrote: > > > I have been following the development ot Samba 3.0 with great interest. > > There is something that still confuses me. > > > > Can Samba 3.0 join a Windows 2000 network as a domain controller and > > replicate Active Directory information with existing Windows 2000 domain > > controllers? > > NO! I hope that is clear. > > When you hear "Active Directory" you should immediately think, "Oh, that's > LDAP plus Kerberos - with Microsoft proprietary extensions of course." > > When you hear "Domain Control" you should immediately think, "Oh, that > means a CIFS (common internet file system) server." > > Samba is a CIFS server. Got that? It's a CIFS file and print server. > > OpenLDAP and Kerberos are services that can substitute for Microsoft > Active Directory. Got that too? These bits handle the authentication > backend technology. Where it gets messy is that with the introduction of > Kerberos authentication Microsoft married this into the CIFS server > functionality. > > Samba is NOT a Kerberos (KDC) server. > > Samba is not an LDAP server. > > Now to add to this, Samba-3.0.0 CAN work fine with an LDAP backend, and > also within an MIT Kerberos, or a Heimdal Kerberos, environment. These > provide 'alternatives' to Active Directory, but are not the same as Active > Driectory. For example, none of the Active Directory administration tools > that come with Windows XP Pro will work against the "Samba-3.0.0 + > OpenLDAP + Kerberos" combination. > > Microsoft Windows 200x Active Directory CAN be used apart from the CIFS > server functionality. This allows native UNIX / Linux clients to use an > Active Directory server for Kerberos based authentication. It's very messy > - but it can be done. > > The answer to your question is: > > 1. Samba-3.0.0 can natively join an Active Directory as a MEMBER server > > 2. Samba-3.0.0 can natively join an Active Directory as a MEMBER server > that does have domain control capability. > > 3. Samba-3.0.0 CAN NOT participate in Active Directory Replication AT ALL! > > At this time the Samba-3.0.0 domain controller will function as a Windows > NT4 style domain controller. > > Samba can use an LDAP authentication backend, this effectively substitutes > for the registry based User Accounts part of the NT4 SAM (security account > manager). > > > > If Samba 3.0 is the only domain controller on a network with Windows 2000/XP > > clients, will the clients see it as a domain controller running Active > > Directory? > > If Samba-3.0.0 is configured as a domain controller with Windows 200x/XP > clients these clients can work fine as domain members. There are some > compromises that you must accept, none of these are serious issues. For > example > > > - John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba