[Samba] Samba as Active Directory replacement - is it possible?

Andrew Bartlett abartlet at samba.org
Tue Sep 21 23:38:24 GMT 2004

On Tue, 2004-09-21 at 20:49, Tomasz Chmielewski wrote:
> Hello,
> I've been trying to figure out if it's possible to replace Active 
> Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but 
> from what I've found I'm not sure.
> Is it possible, or partially possible (I don't need every feature of AD)?
> What additional software (besides Samba) will I need?
> What functionality will I loose?
> Where can I find any HOWTOS/documents on this? I spent an hour googling 
> but found nothing promising so far.

It all very much depends on what you want to do with it.  Samba 3.0 is
an NT4 level domain controller, as far as windows clients see it, but is
fully backed by whatever directory server you attach it to.  

So, if you just want to move to a directory based system, with the
benefits of directory management, then the standard Samba 3.0 will do
what you want.

If you would like to add kerberos, then it is possible with snapshots of
Heimdal kerberos for unix clients to use their 'Samba' passwords for
keberos.  These are kept in the same directory (and indeed same entries)
as Samba's passwords.

The other area of ongoing work is in Samba4, were we have demonstrated
an 'Active Directory' join of WinXP SP2 to Samba4.  This is an ongoing
area of research, but also an area that is moving surprisingly fast. 
More assistance (programming wise) is always appreciated :-)

Andrew Bartlett

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040922/ae1aa20f/attachment.bin

More information about the samba mailing list