gcarter at gcarter at
Thu Oct 19 21:31:15 GMT 2000

Torsten Curdt wrote:
> In our Intranet we use samba 2.0.6 as PDC for quite a while now.
> Works great.
> But know we need samba as PDC for W2000 and auth against a LDAP
> server (rfc2307). These stuff came to my mind.
> 1. using samba 2.0.7 as fileserver auth against another
>    samba TNG 2.6 which only holds the profiles and auth
>    against the LDAP server.

If anyone wants to use or ask questions about SAMBA_TNG,
you should post to the tng lists at
I'm afraid the Samba team will not be able to offer much help.

Also be aware that LDAP support was always experimental 
and is being reworked in the 2.2 release for general 
comsumption.  Some thing will change.

> 2. using samba 2.0.7 as fileserver and auth against PAM
>    (which auth with pam_ldap/nss_ldap against the LDAP server)
>    and samba TNG 2.6 holds the profiles and auth against
>    the other samba.
>    negative: need to disable encrypted passwords for PAM
> I heard the 2.2 branch now already can join a domain. So a
> all in one sollution might not be far away. But I don't know
> about the LDAP support (especially the schema). I know TNG
> was supposed to support rfc2307.

The RFC2307 schema is not really relavent to 
Windows client.  We are planning on using the AD schema.
Since you will need to validate a username upon lookup,
Samba will need to do a getpwnam().  This of course could be
piped to LDAP via nss_ldap.  But Samba's LDAP backend
will not replace the standard UNIX getpwxxx() calls.

Cheers, jerry
   /\  Gerald (Jerry) Carter                     Professional Services
 \/  VA Linux Systems   gcarter at       SAMBA Team          jerry at                     jerry at

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list