RE: Re: Does 3.0 work with w2k sp3 and/or win 2003? Anyb ody had success?
Brian J. Murrell
brian at interlinx.bc.ca
Wed Apr 30 03:58:36 GMT 2003
On Wed, 30 Apr 2003 02:16:22 +0000, John H Terpstra wrote:
> What specific features of Active Directory are you seeking or do you
Indeed this is the question. I certainly cannot answer for our friend
here, but my question in all of this comes up when I wonder what "other"
services a network is going to run that does want to have the luxury of
SSO with AD.
> Please give us an example of what you understand that Active Directory
> will do for you.
Single-sign-on of all AD supported services (with the PAC). AFAIK (which
isn't very much in this MS-oriented scheme) SSO of AD enabled services
won't work without the PAC in the Kerberos credentials.
> There is OpenLDAP, there are two kerberos implementations (MIT Kerberos
> and Heimdal), are you asking if Samba will re-implement all of this
Again, I can't speak for our friend, but I doubt that is what he is
looking for. I suspect what he is asking is will Samba integrate with
Kerberos and OpenLDAP to provide the PAC data so that AD SSO works with
> Samba-3 will be able to run as your NT4 Domain Controller.
Which is cool in and of itself. Certainly sellable in smaller networks
where AD/SSO is not of great importance.
> It will be able
> to have an LDAP backend. It will co-exist with Kerberos5. There will be
> answers for many of the features of Active Directory environments. So,
> please help us to understand what it is that you need.
An MS client using using a Samba DC able to use other MS services with
the same sign-on credentials that were used with the Samba DC. If you can
do that without the PAC in a Kerberos ticket that would be great. My
limited knowlege of all this stuff tells me it cannot be done.
More information about the samba