[Samba] RE: Re: Does 3.0 work with w2k sp3 and/or win 2003? Anyb ody had success?

[Brian J. Murrell]

On Wed, 30 Apr 2003 02:16:22 +0000, John H Terpstra wrote:

G'day John!

> What specific features of Active Directory are you seeking or do you
need?

Indeed this is the question.  I certainly cannot answer for our friend
here, but my question in all of this comes up when I wonder what "other"
services a network is going to run that does want to have the luxury of
SSO with AD.

> Please give us an example of what you understand that Active Directory
> will do for you.

Single-sign-on of all AD supported services (with the PAC).  AFAIK (which
isn't very much in this MS-oriented scheme) SSO of AD enabled services
won't work without the PAC in the Kerberos credentials.

> There is OpenLDAP, there are two kerberos implementations (MIT Kerberos
> and Heimdal), are you asking if Samba will re-implement all of this
> technology?

Again, I can't speak for our friend, but I doubt that is what he is
looking for.  I suspect what he is asking is will Samba integrate with
Kerberos and OpenLDAP to provide the PAC data so that AD SSO works with
Samba.

> Samba-3 will be able to run as your NT4 Domain Controller.

Which is cool in and of itself.  Certainly sellable in smaller networks
where AD/SSO is not of great importance.

> It will be able
> to have an LDAP backend. It will co-exist with Kerberos5. There will be
> answers for many of the features of Active Directory environments. So,
> please help us to understand what it is that you need.

An MS client using using a Samba DC able to use other MS services with
the same sign-on credentials that were used with the Samba DC.  If you can
do that without the PAC in a Kerberos ticket that would be great.  My
limited knowlege of all this stuff tells me it cannot be done.

Cheers mate.

b.