ADWS support for Samba

Douglas Bagnall douglas.bagnall at catalyst.net.nz
Wed Oct 25 00:10:06 UTC 2023


hi Stefan,

On 21/10/23 03:00, Stefan Kania via samba-technical wrote:
> With Samba 4.19 it is possible (using FL 2016) to create "authentication 
> policies" and "authentzicationsilos" but to realy work with the policies 
> and silos "Active Directory Administrative Center" must be used. This is 
> not working together with a Samba DC because of the missing ADWS-support. 
> Will this be possible in the future? Or is there a way to use policies and 
> silos without ADAC?

As covered in the samba list thread, the samba-tool interface is a work 
in progress, so I won't go into that other than to say I am glad you are 
trying it.

Regarding ADWS, it is not likely soon, unless someone funds the work.
It needs a new server talking a new protocol (not "web", despite "Active 
Directory Web Services"). As far as I remember, the actual database 
manipulations are unremarkable -- you can do all the same things with 
LDAP and RPCs (samba-tool is using LDAP for silos).

As ADWS is an occasional admin thing, not an N-connections-per-second 
thing, I think it would be a good chance to write the server in Python 
or some other language other than C, though that would put renewed 
scrutiny on our bindings to LDB and so forth.

That is about as far as we got. It's possible but not trivial.

cheers,
Douglas



More information about the samba-technical mailing list