ADS Server Status

Andrew Bartlett abartlet at
Sun Sep 12 07:09:28 GMT 2004

I figured it was time to update the list on exactly what I have (and
have not) got working on the move to make Samba4 an 'Active Directory'
compatible domain controller.

It has been demonstrated that a 'CIFS and RPC only' join is possible,
but this is not very interesting, as aside from some additional
information in control panel, it appears 'normal'.  

There is a long way to go, but we now have a kerberos server, that
actively participates in the domain join.  We also join to the 'long'
form of the name.

The kerberos server reads it's data from the same database as Samba4 -
that is, ldb.  This work was performed by metze and myself, with lha
(Love Hornquist-Astrand) pointing out numerous bugs, mostly mine, along
the way.

Using clapd (from the IBM project in this area a while back) and DNS
setup, I have enabled the use of kerberos.  This involved fixing a
number of kerberos bugs in our GENSEC library, but it's finally settling

This all allows a WinXP join to progress to the stage of attempting to
access our LDAP server.  I'm promised this will appear any day now :-)

The next step will be to generate the PAC (as I know how to handle
that), and to wait for an LDAP server to become viable.

Andrew Bartlett
Andrew Bartlett                                 abartlet at
Authentication Developer, Samba Team  
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list