Windows 2000 domain development [was Re: TNG-stable]

Gerald Carter gcarter at
Mon Oct 2 03:47:17 GMT 2000

[Cross posted to samba-technical.  Please post follow ups
there.  Thanks.]

Mike Brodbelt wrote:
> > We haven't even really started on Win2K 
> > domains, either, as far as I know.
> What are the plans with regard to this? Are there any? 
> The mess MS made of Kerberos caused a lot of discussion 
> a while ago, but I've heard little since. Is anyone 
> working from the MS document on the grounds that
> their position that it is a trade secret is legally 
> untenable, or is anyone trying to clean room 
> reverse engineer the protocol? Or is it just
> too soon for anything to happen in this arena yet?

Here is my line of thinking.  

  o First project is to get an AD compatible schema 
    implemented in OpenLDAP so we can store user account 
    attributes for Samba.  This is only a stepping stone.

  o By implementing the previous step, it will be a little
    easier to incorporate Samba as a Windows 2000 domain 

  o The final piece is a UNIX based KDC that knows 
    about the infamous Windows 2000 PAC.

I realize this is **extremely** simplified.  Just a quick
attempt to map development out.  

Of course, from a development standpoint, this comes after 
the solidified NT 4 domain controller support.  We need
a more complete MS-RPC subsystem to move ahead.  

btw...Jean-Francois is making progress on porting SAMR
functions from TNG into HEAD.  Just a little "Hooray!" for
JF.  :-)

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/  VA Linux Systems    gcarter at       SAMBA Team           jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list