[Samba] Samba 3.0 - a bunch of really high level questions
John H Terpstra
jht at samba.org
Wed Mar 26 09:08:18 GMT 2003
On Wed, 26 Mar 2003 th0th at th0th.com wrote:
> Hello everyone... I am a long time samba user (3 or 4 years), though I
> never ventured into the alpha stages until recently (alpha 21, I'll move
> to 22 in the near future once I get a better idea of what's going on). I
> am very interested in Samba being part of a ADS domain, but I have been
> a little frustrated due to the lack of documentation. Specifically, I've
> read the HOWTO's from the University of Navarre and idealx, and I've
> gotten to the stage where I have all users on my machine authenticating
> through LDAP, samba is using LDAP to authenticate, etc. And I've gotten
> it to act as what appears to be an NT4 PDC.
Welcome to alpha releases! We are still working on Documentation, you will
find the most up to date Samba-HOWTO in PDF format in the Samba HEAD
branch CVS Code tree. Periodically we update the 3.0.0 code tree from the
> Reading through the available documentation, the WHATSNEW.TXT, etc. I am
> reading all these entries like "Active Directory support. This release
> is able to join a ADS realm as a member server and authenticate users
> using LDAP/kerberos." etc. but I have found very little guides on how to
> implement this, or even what is meant by "member server". I am assuming
> this means that the 3.0 branch cannot yet act as an AD server in a
> native mode (i.e., non mixed mode) 2000 domain. Well what exactly CAN it
This is still being documented. Any pointers anyone discovers that may
help other users should be reported to jht at samba.org (at least while I
am working on documentation updates). In other words - your help is much
appreciated - and Yes, even you can help. As you spot errors or incomplete
information, please let me know. I will be working on updates throughout
> These may sound like stupid questions, but I've found very little on
> 1) what ./configure options I should be compiling samba with in
> order to use as much of the active directory member features
It is best to use the binary packages made available by the Samba-Team on
the samba FTP sites. These are usually built with maximum available
functionality for your platform.
> 2) whether I need to have a kerberos kdc installed on the smb
> server, or anywhere on the network, or not at all.
See the ADS-Howto in the samba HEAD branch docs area.
> 3) I know that ADS realms utilize special SRV records in the DNS,
> should I implement these, how?
> 4) trust relationships in 2000 environment. Is it possible, what
> needs to be done.
This is undocumented at this time. Sorry, we will get around to it soon.
> Basically, I have a reasonable amount of free time, am very interested
> in the project, have minimal coding skills but a pretty firm grasp on
> the technologies, have a basement full of linux, XP, and 2000 machines
> with a VPN into a "pure win2000 domain" for comparative testing, and
> want to help you people test this puppy out... just need a little more
> specific guidance on what it can do, and how to implement it.
Hope this helps a little.
- John T.
John H Terpstra
Email: jht at samba.org
More information about the samba