PDC acceptance criteria
David Collier-Brown
David.Collier-Brown at canada.sun.com
Wed Oct 4 14:13:19 GMT 2000
Kevin Colby wrote:
> Well, I came up with a few distinct groupings.
>
> The first level is the minimum needed, even by the brave of heart.
> The second is really also required for general consumption, but
> may not be needed by everyone. The third is for features that
> really only help administrators, not users, and the fourth is for
> quite site-specific demands.
>
> Domain controlling _minimum_ requirements:
> - Support for Domain logons by Windows NT 4.0 SP3+ clients
> - Support for Domain logons by Windows 2000 clients (legacy)
> - Proper user and group mapping between NT users/groups
> and UNIX users/groups. This included enumeration functions
>
> Robust, "production" domain controlling requirements:
> - Support for initiating Trust relationships [full domain]
> - PDC <-> BDC replication [With native NT, both as BDC and as PDC.]
> - fault tolerance features
>
> NT migration features:
> - Working support for User Manager and Server Manager
> - Domain controller transfer (with fixed RIDs?)
>
> Specific client software features:
> - Extended "Exchange" requirements
Another useful breakdown is to distinguish between
- features that can be supported directly by the underlying
Unix system (such as ACLs on machines which have them,
or authentication via Keberos/NIS/NIS+/LDAP)
- features which require Samba "be it's own middleware",
such as MS-format encrypted passwords and replication
protocols.
Lets characterize Kevin's groups this way, which gives
us an initial measure of difficulty:
> Domain controlling _minimum_ requirements:
> - Support for Domain logons by Windows NT 4.0 SP3+ clients
password storage middleware required (and exists)
may be implemented with nis, nis+ or ldap
> - Support for Domain logons by Windows 2000 clients (legacy)
ditto, modulo some debugging time
> - Proper user and group mapping between NT users/groups
> and UNIX users/groups. This included enumeration functions
can be supported by nis or ldap, with "business logic"
in Samba.
> Robust, "production" domain controlling requirements:
> - Support for initiating Trust relationships [full domain]
must be implemented in Samba.
> - PDC <-> BDC replication [With native NT, both as BDC and as PDC.]
all the data can be be stored and replicated without
Samba implementing protocols, but mixed Samba/NT4 domains
may require the replication protocol to be implemented,
or the MS Windows 2000 LDAP structures used.
> - fault tolerance features
mostly provided by the OS or a layer, but requires some
Samba-side hooks
> NT migration features:
> - Working support for User Manager and Server Manager
must be implemented in Samba
> - Domain controller transfer (with fixed RIDs?)
<insufficent information>
> Specific client software features:
> - Extended "Exchange" requirements
<insufficent information>
Conclusion: there is an existing requirement for a storage
layer at or just above Unix, which can be replicated
across multiple machines. It is advantageous to use such
to provide replicable storage for other things than
/etc/passwd. There is a distinct advantage to using
LDAP, given a willingness by MS to publish stable schemas.
Suspicion: the order of delivery may change with the
implementation.
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list