Alternative Directory

David Collier-Brown davecb at canada.sun.com
Wed Jan 30 09:41:23 GMT 2002 

James Campbell wrote:
> 
> Hi,
> This may not be the correct place for Samba 3 (alpha 13).
>  discussion but here goes:
>   Currently Samba is working with two schema for ldap that
> for sambaAccount AND that for AD. (if you require the
> smbpasswd data base to be LDAP and authenticate to ADS)
>  I  am trying to implement an alternative AD using Heimdal
> and OPENldap etc that can authenticate *nix as well as MS
> clients (note I do not require MS servers so dont need PAC,
> samba, for eg ignores and just passes it around).
>  Consequently I am using an LDAP data base for Unix auth.
> and authorisation (Kerberos data base in LDAP also) and also
> want to include the MS schema so I need some sort of merged
> schema - so any suggestions.
>  MS do this by adding an msSFUPosix schema to handle UNIX
> to the normal MS AD schema, with nsswitch and PAM this
> can be used by *nix but is this the way to go?

	If memory serves, the team did some initial
	work in this area, independent of the AD
	effort.

	As a Professional Unix Bigot[1], the best
	of all possible worlds is to be independent
	of AD, but able to pass any AD structure around
	without interfering.

	This **tends** to imply a strong similarity
	between how we and MS represent Unix-specific
	data, thus implying a weak merge (i.e., in the
	sense that we present a view[2] that matches)
	Opinion???

> I  dont require all the fancy cross-trust etc of full AD, just a
> a cluster of Win2k clients and *nix clients in a single domain
> with simple common user names and synchronised password
> (via kerberos) sharing files and printers etc via Samba with
> the added advantage of kerberos security (and SSL etc).

	That actually sounds like you'll have to
	have the PAC... am I misunderstanding?

--dave
[1.  Ok, I'm really a Multics bigot, but I work on Unix]
[2.  View in the database sense: not necessarily the actual
     representation, but a set of like fields in what
     looks like a relation]
-- 
David Collier-Brown,           | Always do right. This will gratify 
Performance & Engineering      | some people and astonish the rest.
Americas Customer Engineering, |                      -- Mark Twain
(905) 415-2849                 | davecb at canada.sun.com

More information about the samba-technical mailing list