[Samba] Samba Server inside AD Realm

[Richard Greaney]

This one has been puzzling me for quite a while now. I have been able to 
set up Samba 3 as an NT4 DC replacement, using the passdb backend. For 
other applications, I have run Samba and Winbind alongside a Windows 
Server 2003 Domain Controller and used distributed authentication across 
the two platforms.

What I would like to do now is to use Samba in what is effectively a 
BDC-type role. I have read a few resources, in particular the Samba 
Howto Collection, which mention that this is not possible. However, I'm 
not giving up hope yet.


If I am running Winbind successfully, I can set a Windows domain 
user/group as the owner of a file.

If I add POSIX ACL support, then I also gain the ability to extend 
permissions in a Windows-ish manner.

What's missing, then, is an authentication medium. In short, the Samba 
passdb backend is the hurdle. Am I correct in this assumption? If so, 
then why can we not run Samba in backend-less mode? As the user database 
is already distributed across onto the Samba server (by correct setup of 
winbind) I don't see why we need another backend at all. Sure, grab the 
username and password from the clients, but PAM-ify the authentication 
medium so we use the database already in existence.

Is it possible to run Samba in this mode?

Hoping someone can help.  I may be totally ambitious too, I realise :)

Cheers
Richard