[Samba] Samba as Active Directory replacement - is it possible?

Tomasz Chmielewski mangoo at interia.pl
Wed Sep 22 07:32:06 GMT 2004

Andrew Bartlett wrote:
> On Tue, 2004-09-21 at 20:49, Tomasz Chmielewski wrote:

>>Where can I find any HOWTOS/documents on this? I spent an hour googling 
>>but found nothing promising so far.
> It all very much depends on what you want to do with it.  Samba 3.0 is
> an NT4 level domain controller, as far as windows clients see it, but is
> fully backed by whatever directory server you attach it to.  

OK, so at the bottom I describe more or less what I want.

> So, if you just want to move to a directory based system, with the
> benefits of directory management, then the standard Samba 3.0 will do
> what you want.
> If you would like to add kerberos, then it is possible with snapshots of

I don't think kerberos is needed in my case.

> The other area of ongoing work is in Samba4, were we have demonstrated
> an 'Active Directory' join of WinXP SP2 to Samba4.  This is an ongoing
> area of research, but also an area that is moving surprisingly fast. 
> More assistance (programming wise) is always appreciated :-)

This is what I actually want from this AD replacement:

- it has to store users, groups and passwords
- it has to store "computer accounts"
- it has to store "policies" - for users, computers

So by example:

Clients are purely Windows machines. Now with Active Directory the below 
can be achieved:

1) PC1 (client) is booted.

2) it connects to the server, reads its "computer account" and "policy":
- what settings should it have, what programs installed - and if a 
program is missing, it should be automatically installed/deinstalled 
(according to the policy)

3) login box appears - user logs in
- he/she is authenticated against the server, and his/her settings are 

Well, I'm certain that I can store passwords, users, groups, either with 
Samba or Samba + OpenLDAP, but what I'm afraid of, is how can I set 
different "policies" for users and computers with Samba/OpenLDAP.

Any help if it's possible is appreciated.


Bar w Internecie wciaz bez cenzury! >>> http://link.interia.pl/f1835 

More information about the samba mailing list