Alternative Directory
David Collier-Brown
davecb at canada.sun.com
Wed Jan 30 09:41:23 GMT 2002
James Campbell wrote:
>
> Hi,
> This may not be the correct place for Samba 3 (alpha 13).
> discussion but here goes:
> Currently Samba is working with two schema for ldap that
> for sambaAccount AND that for AD. (if you require the
> smbpasswd data base to be LDAP and authenticate to ADS)
> I am trying to implement an alternative AD using Heimdal
> and OPENldap etc that can authenticate *nix as well as MS
> clients (note I do not require MS servers so dont need PAC,
> samba, for eg ignores and just passes it around).
> Consequently I am using an LDAP data base for Unix auth.
> and authorisation (Kerberos data base in LDAP also) and also
> want to include the MS schema so I need some sort of merged
> schema - so any suggestions.
> MS do this by adding an msSFUPosix schema to handle UNIX
> to the normal MS AD schema, with nsswitch and PAM this
> can be used by *nix but is this the way to go?
If memory serves, the team did some initial
work in this area, independent of the AD
effort.
As a Professional Unix Bigot[1], the best
of all possible worlds is to be independent
of AD, but able to pass any AD structure around
without interfering.
This **tends** to imply a strong similarity
between how we and MS represent Unix-specific
data, thus implying a weak merge (i.e., in the
sense that we present a view[2] that matches)
Opinion???
> I dont require all the fancy cross-trust etc of full AD, just a
> a cluster of Win2k clients and *nix clients in a single domain
> with simple common user names and synchronised password
> (via kerberos) sharing files and printers etc via Samba with
> the added advantage of kerberos security (and SSL etc).
That actually sounds like you'll have to
have the PAC... am I misunderstanding?
--dave
[1. Ok, I'm really a Multics bigot, but I work on Unix]
[2. View in the database sense: not necessarily the actual
representation, but a set of like fields in what
looks like a relation]
--
David Collier-Brown, | Always do right. This will gratify
Performance & Engineering | some people and astonish the rest.
Americas Customer Engineering, | -- Mark Twain
(905) 415-2849 | davecb at canada.sun.com
More information about the samba-technical
mailing list