ADS domain controller. what is left?

Andrew Bartlett abartlet at
Thu Nov 25 01:39:07 GMT 2004

On Wed, 2004-11-24 at 18:36 -0500, Sean O'Malley wrote:
> Is there a list of things that need to be implemented or fixed, tested to
> get Samba to work as the AD domain controller?
> I don't mind throwing some time at this.

There are actually quite a lot to do, but we have the framework that
makes it not only possible, but sane.

If you are serious about the AD domain controller side of things, have a
good read of my thesis on the topic - it provides a bit of a basis:

This document will, when I get a chance, become the basis for some of
our developer documentation.

So, we have quite a few protocols to cover, but behind all that will be
a single LDB database.  This is the LDAP-like database interface that we
put everything in.  

We already have a start on:
 - Kerberos Server
 - LDAP Server
 - RPC Servers (LSA, NETLOGON, SAMR etc).

We have an export of a zone file for BIND as well.

However, these are all starts, not finished products, and so there are
plenty of things to do.  For example, the RPC servers are actually
pretty well described in IDL and testsuites, but are unimplemented.  (We
test against windows, and write the testsuite to pass on windows).

We also need more tests, and research into other protocols used.  

This is hard work, but very rewarding.  

Andrew Bartlett
Andrew Bartlett <abartlet at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list