[Samba] Is Samba for me? (win2k sp4 pdc -> samba)

Gary Dale garydale at torfree.net
Wed Sep 21 18:44:18 GMT 2005 

ADS is Active Directory Server. This was a new feature with W2K. Think
of it as LDAP plus bugs. In an ADS domain, all domain controllers are
equal - there are no PDCs and BDCs. While Samba can function as server
in an ADS domain, it cannot act as an Active Directory Server. That is,
it cannot authenticate logins in an AD domain.

However, it can act as an NT4-style domain controller (not using Active
Directory) and authentic logins.

The difference is in M$-style directory services. Using Samba with LDAP
gives you the same advantages as ADS but they are not implemented
identically. A Samba domain controller cannot inter-operate with Windows
ADS domain controllers, but it can inter-operate with the NT4-style
domain controllers.

If you only have one Windows ADS DC in your network, then you will have
no problems with Samba. Otherwise, you may want to consider either
dropping ADS (reverting to the NT4-style domains) or switching all of
your domain controllers to Samba.

 From what I've read, the Samba team is trying to make it interoperate
with ADS, but this is not easy, esp. given that M$ don't publish the
specifications or source for their software.



N.J. Thomas wrote:

>I have a Microsoft Windows 2000 SP4 PDC (AD backend) that I'd like to
>replace with Samba.
>
>The docs on samba.org are a bit confusing though, here is an excerpt
>from Chapter 4, "Domain Controller Types":
>
>    Samba-3 servers can readily be converted to and from domain
>    controller roles through simple changes to the smb.conf file.
>    Samba-3 is capable of acting fully as a native member of a Windows
>    200x server Active Directory domain.
>
>But a bit later it says:
>
>    At this time any appearance that Samba-3 is capable of acting as a
>    domain controller in native ADS mode is limited and experimental in
>    nature. This functionality should not be used until the Samba Team
>    offers formal support for it.
>
>I'm not sure what is meant by "native" ADS mode. Is that some esoteric
>and rarely used feature?
>
>FWIW, we are not doing anything fancy with the Microsoft Windows 2000
>PDC currently, just using it to authenticate logins. Can I do what I
>want with Samba-3?
>
>thanks,
>Thomas
>
>  
>

More information about the samba mailing list