[Samba] Samba 3: is LDAP required?

John H Terpstra jht at samba.org
Tue Oct 21 21:43:03 GMT 2003 

On Tue, 21 Oct 2003, Derek T. Yarnell wrote:

> On Fri, Oct 17, 2003 at 09:00:48PM +0000, John H Terpstra wrote:
> > On Wed, 15 Oct 2003, tvsjr wrote:
> >
> > >  >Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for
> > >  >Active Directory support to work?  Active Directory support == "security =
> > >  >ads".
> > >
> > > Are you trying to make Samba act as an Active Directory server? If so, then
> > > Samba won't do that, you're SOL.
> > > If you're trying to make your Samba machine join an Active Directory, no,
> > > OpenLDAP is not required. The Active Directory must be running in Mixed or
> > > Native mode, not in Native 2003 (2k3 Server only) mode.
>
> Alright, does samba support joining a Samba Win2k3 domain in native 2003
> mode? I have asked this before and not gotten a straight answer. The
> HOWTO does not cover this specific topic, I get "Decrypt Integrity
> Failed" errors for the kerberos tickets from said domain. I see
> something about heimdal less than version 0.6 not working with Win2k3
> (no mention of native 2k3 or native or whatever).

It will work if Samba-3 has been compiled with MIT Kerberos 1.3.x, not
1.2.x. Alternately, Samba-3 compiled with Heimdal 0.6.1 or later should
work fine with Win2003 Native ADS.

>
> Am I screwed?

If you use the wrong version of Kerberos you are in a pickle (to put it
nicely).

 - John T.

>
> > Not quite! Samba-3.0.x can join a Win2K3 AD Domain that is in Native Mode.
> > This is documented in the Samba-HOWTO-Collection.pdf available with
> > Samba-3 in the chapter on "Domain Membership".
> >
> > PS: You can obtain this document from:
> > http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> >
> > It is also available from Amazon.Com as "The Official Samba-3 HOWTO and
> > Reference Guide" for those who want a hard copy. The book has more
> > information in it than the HOWTO.
> >
> > - John T.
> > --
> > John H Terpstra
> > Email: jht at samba.org
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list