Alternative Directory

James Campbell J.Campbell at
Wed Jan 30 06:40:19 GMT 2002

This may not be the correct place for Samba 3 (alpha 13).
 discussion but here goes:
  Currently Samba is working with two schema for ldap that
for sambaAccount AND that for AD. (if you require the
smbpasswd data base to be LDAP and authenticate to ADS)
 I  am trying to implement an alternative AD using Heimdal
and OPENldap etc that can authenticate *nix as well as MS
clients (note I do not require MS servers so dont need PAC,
samba, for eg ignores and just passes it around).
 Consequently I am using an LDAP data base for Unix auth.
and authorisation (Kerberos data base in LDAP also) and also
want to include the MS schema so I need some sort of merged
schema - so any suggestions.
 MS do this by adding an msSFUPosix schema to handle UNIX
to the normal MS AD schema, with nsswitch and PAM this
can be used by *nix but is this the way to go?
I  dont require all the fancy cross-trust etc of full AD, just a
a cluster of Win2k clients and *nix clients in a single domain
with simple common user names and synchronised password
(via kerberos) sharing files and printers etc via Samba with
the added advantage of kerberos security (and SSL etc).


More information about the samba-technical mailing list