Samba 4.0 questions

Simo Sorce idra at
Sat Oct 29 21:38:05 GMT 2005

On Wed, 2005-10-26 at 11:15 -0700, Krishna Ganugapati wrote:
> I just took a look at the Samba 4.0 SVN - nice to see an integrated
> KDC with an LDAP server. My question is as follows.
> 1) Given that a member server (non DC) doesn't run a KDC, I'm assuming
> that at configure time, I get the option whether to build a member
> server or a domain controller - is this the case?

No, our aim is to select subsystems based on configuration, so that no
recompilation is needed.

> 2) The documentation says that you can join a Win2K or WinXP box to a
> Samba 4.0 domain controller, but won't client based secure dns updates
> be broken given that BIND does not support gss TSIG

afaik, there should be some gss-tsig support in latest bind 9, but never
tested that so I can't really comment on the functionality, I'm sure we
will address the problem if still out there on next releases of samba4

> 3) Will the Samba LDAP server 
>     a) support NT security descriptors?


>     b) multiple naming contexts


>     c) dynamic schema updates


we will try to be as much compatible to AD Ldap server as needed to be
able to be an AD DC.

> 4) Is the LDAP server a fresh effort or are you leveraging OpenLDAP?

Currently we have a new LDAP implementation that is not based on


Simo Sorce    -  idra at
Samba Team    -
Italian Site  -

More information about the samba-technical mailing list