Hi. I am tinkering with PADL and Kerberos PAM, so that I can have account authentication and directory directly to AD KDC/LDAP.
I always thought that windbind provided support for NT-style PDC for authentication and referencing account-directory, and thus only work in AD mixed-mode where PDC emulator is used for backwards compatibility. However, I was reading a book that seemed to indicate that winbind will talk directly to Active Directory (authenticate through KDC, reference account info from LDAP). Is this true? What I would like to do is: (1) direct authentication to AD KDC (2) referencing AD LDAP for account info (3) writing any mapped SID to UID/GID in SFU extended Active Directory LDAP, instead of local database. I've been digging through published and online documents, but most documentation is oriented to old-school PDC. I want to avoid NTLM and PDCs of the past for security and performance reasons (NTLM single DES vs. Kerberos triple DES for instance) -- Joaquin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba