[Samba] Samba 3 PDC and ADS member server

Greg Adams grega at rnmiller.net
Thu May 20 20:30:24 GMT 2004

I've been reading some documentation and can't find an answer to my

I work in an environment where we have a bunch of Solaris 2.8 servers and
a bunch of developers using Windows 2000 and XP desktops. We support a
client using a Windows 2000 Server ADS PDC, and they need to map some of
the NFS drives on our Solaris 2.8 servers. Currently we run a PCNetLink
PDC (don't worry much about that, it's basically the same as a Samba 2 NT4
PDC), and our PCNetLink PDC has a trust relationship to the Windows 2000
Server ADS PDC that our client has. Additionally our internal development
staff uses the PCNetLink PDC for user authentication, netlogon services,
file sharing, etc.

Fairly soon the corporation that both our development group and our client
belong to is going to disallow all NT4 domain services, including
PCNetLink and legacy mode operations, so we are looking at switching to
Samba 3, as we have heard that it can communicate with ADS servers.

Here's my question: I would like to move to an OpenLDAP/Kerberos
authentication scheme for our Solaris machines and have a Samba 3 PDC
using this OpenLDAP/Kerb5 backend for authentication as the PDC for our
Windows 2000 and XP workstations. Additionally, I would like to be able to
have the same Samba 3 PDC interact with the Windows 2000 ADS Server that
our client runs in either a trust relationship or as a member server to
allow the customer clients to use the filesharing services on our Solaris
servers. From my reading, it seems that the trust relationship is not
possible (something about NT4 trusts vs. ADS trusts, and Samba 3 only
supporting NT4 trusts). Is it possible to have one samba 3 PDC also be an
ADS member server? Is there some better way to achieve what I've

Thanks for any help. Greg

More information about the samba mailing list