PDC acceptance criteria

David Collier-Brown David.Collier-Brown at canada.sun.com
Wed Oct 4 14:13:19 GMT 2000


Kevin Colby wrote:
> Well, I came up with a few distinct groupings.
> 
> The first level is the minimum needed, even by the brave of heart.
> The second is really also required for general consumption, but
> may not be needed by everyone.  The third is for features that
> really only help administrators, not users, and the fourth is for
> quite site-specific demands.
> 
> Domain controlling _minimum_ requirements:
>  - Support for Domain logons by Windows NT 4.0 SP3+ clients
>  - Support for Domain logons by Windows 2000 clients (legacy)
>  - Proper user and group mapping between NT users/groups
>        and UNIX users/groups.  This included enumeration functions
> 
> Robust, "production" domain controlling requirements:
>  - Support for initiating Trust relationships  [full domain]
>  - PDC <-> BDC replication  [With native NT, both as BDC and as PDC.]
>  - fault tolerance features
> 
> NT migration features:
>  - Working support for User Manager and Server Manager
>  - Domain controller transfer (with fixed RIDs?)
> 
> Specific client software features:
>  - Extended "Exchange" requirements


	Another useful breakdown is to distinguish between
	- features that can be supported directly by the underlying
	  Unix system (such as ACLs on machines which have them,
	  or authentication via Keberos/NIS/NIS+/LDAP)
	- features which require Samba "be it's own middleware",
	  such as MS-format encrypted passwords and replication
	  protocols.

	Lets characterize Kevin's groups this way, which gives
	us an initial measure of difficulty:

> Domain controlling _minimum_ requirements:
>  - Support for Domain logons by Windows NT 4.0 SP3+ clients
	password storage middleware required (and exists)
	may be implemented with nis, nis+ or ldap

>  - Support for Domain logons by Windows 2000 clients (legacy)
	ditto, modulo some debugging time

>  - Proper user and group mapping between NT users/groups
>        and UNIX users/groups.  This included enumeration functions
	can be supported by nis or ldap, with "business logic"
	in Samba.
 
> Robust, "production" domain controlling requirements:
>  - Support for initiating Trust relationships  [full domain]
	must be implemented in Samba.

>  - PDC <-> BDC replication  [With native NT, both as BDC and as PDC.]
	all the data can be be stored and replicated without
	Samba implementing protocols, but mixed Samba/NT4 domains
	may require the replication protocol to be implemented,
	or the MS Windows 2000 LDAP structures used.

>  - fault tolerance features
	mostly provided by the OS or a layer, but requires some
	Samba-side hooks
 
> NT migration features:
>  - Working support for User Manager and Server Manager
	must be implemented in Samba

>  - Domain controller transfer (with fixed RIDs?)
	<insufficent information>
 
> Specific client software features:
>  - Extended "Exchange" requirements
	<insufficent information>


	Conclusion: there is an existing requirement for a storage
	layer at or just above Unix, which can be replicated
	across multiple machines. It is advantageous to use such
	to provide replicable storage for other things than 
	/etc/passwd.  There is a distinct advantage to using
	LDAP, given a willingness by MS to publish stable schemas.

	Suspicion: the order of delivery may change with the 
	implementation.

 --dave
-- 
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com




More information about the samba-technical mailing list