Samba + Kerberos backend - AD backend

Andrew Bartlett abartlet at
Wed Dec 17 00:02:58 GMT 2008

On Tue, 2008-12-16 at 23:45 +0100, paul wrote:
> kronda schrieb:

> > But this means that setting up Samba with Kerberos backend is impossible to
> > do without special configuration on each modern windows machine accessing
> > the server (because the default is encrypted password on Windows 2000,XP),
> > right? I did not want to hear that:( And I still do not see why samba can
> > pass (encrypted password) authentication to AD (which is basically
> > LDAP+Kerberos)
> I often hear this from the linux freetard crowd. They use the word 
> "basically" to gloss over things they don't want to realize.

Paul: I don't think the insult (intentional or otherwise) was called
for.   That said, I agree there is a common perception in some Linux
communities that Active Directory is nothing more than LDAP + Kerberos.
This perception was reinforced by Microsoft's marketing material at the
time, trumpeting how they had adopted internet standard technologies. 

The reality is that AD is far more than either of these two
technologies, because of the heavy reliance on a number of DCE/RPC
protocols to do much of the 'real work'.  As I mentioned before, Samba4
is being build to handle the 'real work' part of this puzzle.

It is unfortunate that some are mislead by those advocates who's
enthusiasm for the great and better Linux is not matched by their
understanding of the technologies they seek to advance.  

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list