[Samba] Samba 3.0 - a bunch of really high level questions

John H Terpstra jht at samba.org
Wed Mar 26 09:08:18 GMT 2003

On Wed, 26 Mar 2003 th0th at th0th.com wrote:

> Hello everyone... I am a long time samba user (3 or 4 years), though I
> never ventured into the alpha stages until recently (alpha 21, I'll move
> to 22 in the near future once I get a better idea of what's going on). I
> am very interested in Samba being part of a ADS domain, but I have been
> a little frustrated due to the lack of documentation. Specifically, I've
> read the HOWTO's from the University of Navarre and idealx, and I've
> gotten to the stage where I have all users on my machine authenticating
> through LDAP, samba is using LDAP to authenticate, etc. And I've gotten
> it to act as what appears to be an NT4 PDC.

Welcome to alpha releases! We are still working on Documentation, you will
find the most up to date Samba-HOWTO in PDF format in the Samba HEAD
branch CVS Code tree. Periodically we update the 3.0.0 code tree from the
HEAD branch.

> Reading through the available documentation, the WHATSNEW.TXT, etc. I am
> reading all these entries like "Active Directory support. This release
> is able to join a ADS realm as a member server and authenticate users
> using LDAP/kerberos." etc. but I have found very little guides on how to
> implement this, or even what is meant by "member server". I am assuming
> this means that the 3.0 branch cannot yet act as an AD server in a
> native mode (i.e., non mixed mode) 2000 domain. Well what exactly CAN it
> do?

This is still being documented. Any pointers anyone discovers that may
help other users should be reported to jht at samba.org (at least while I
am working on documentation updates). In other words - your help is much
appreciated - and Yes, even you can help. As you spot errors or incomplete
information, please let me know. I will be working on updates throughout
this week.

> These may sound like stupid questions, but I've found very little on
> exactly:
>     1) what ./configure options I should be compiling samba with in
> order to use as much of the active directory member features
> available.

It is best to use the binary packages made available by the Samba-Team on
the samba FTP sites. These are usually built with maximum available
functionality for your platform.

>     2) whether I need to have a kerberos kdc installed on the smb
> server, or anywhere on the network, or not at all.

See the ADS-Howto in the samba HEAD branch docs area.

>     3) I know that ADS realms utilize special SRV records in the DNS,
> should I implement these, how?

Ditto above.

>     4) trust relationships in 2000 environment. Is it possible, what
> needs to be done.

This is undocumented at this time. Sorry, we will get around to it soon.

> Basically, I have a reasonable amount of free time, am very interested
> in the project, have minimal coding skills but a pretty firm grasp on
> the technologies, have a basement full of linux, XP, and 2000 machines
> with a VPN into a "pure win2000 domain" for comparative testing, and
> want to help you people test this puppy out... just need a little more
> specific guidance on what it can do, and how to implement it.

Hope this helps a little.

- John T.
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list