Windows 2000 domain development [was Re: TNG-stable]

Mon Oct 2 19:40:33 GMT 2000

Gerald Carter
        Windows 2000 domain development [was Re: TNG-stable]

[Cross posted to samba-technical.  Please post follow ups
there.  Thanks.]

Mike Brodbelt wrote:
> > We haven't even really started on Win2K 
> > domains, either, as far as I know.
> What are the plans with regard to this? Are there any? 
> The mess MS made of Kerberos caused a lot of discussion 
> a while ago, but I've heard little since. Is anyone 
> working from the MS document on the grounds that
> their position that it is a trade secret is legally 
> untenable, or is anyone trying to clean room 
> reverse engineer the protocol? Or is it just
> too soon for anything to happen in this arena yet?

Here is my line of thinking. 

  o First project is to get an AD compatible schema 
    implemented in OpenLDAP so we can store user account 
    attributes for Samba.  This is only a stepping stone.

  o By implementing the previous step, it will be a little
    easier to incorporate Samba as a Windows 2000 domain 

  o The final piece is a UNIX based KDC that knows 
    about the infamous Windows 2000 PAC.

I realize this is **extremely** simplified.  Just a quick
attempt to map development out. 

Of course, from a development standpoint, this comes after 
the solidified NT 4 domain controller support.  We need
a more complete MS-RPC subsystem to move ahead. 

btw...Jean-Francois is making progress on porting SAMR
functions from TNG into HEAD.  Just a little "Hooray!" for
JF.  :-)

"Hooray ! Hooray ! Hooray !"


Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com  VA Linux Systems    gcarter at valinux.com
       http://www.samba.org       SAMBA Team           jerry at samba.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

