CentOS - Jul 2005 - Re: Fix passwd/shadow/group files? -- network architecture is always piecemeal

From:  Dag Wieers 
> Bryan, and you're still belittling people in discussions and get into
long
> arguments as a result. Pretty please stop doing that.
I apologize for any belittling.
It is not my intent, but I do see a repeat theme.
People thing in single products/projects, not breaking down things into their
multiple technologies.

That's all I meant by "artificially limiting."
> Even if you think you're right, leave some room for the
> possibility you're not.
It has nothing to do with right/wrong.
There is just this farce out there that you must have ADS or every native
Windows Server 2003 interface to have quality Windows client management.
Various teams, including Samba, have done a wonderful job of reverse engineering
many.

But the reality is that if you can avoid deploying services that require MS'
sprawling (and sometimes self-incomaptible) schema,
then you don't need native MS ADS DCs.
Enterprises do it all-the-time.
> People always need some room in arguments,
> unless you want to corner them.
> And I'm sure that's not your intent anyway.
I _did_ ask the questions, what is ...
- ADS?
- MS (schema) LDAP?

It goes to the heart of the viewpoints and dicussion.
Especially for components that are not Samba, but most people only look at for
_limited_ Samba use.
E.g., MS Kerberos _only_ for authentication of Samba as a member server in a MS
ADS DC controller domain (NOT ;-).
UNIX/Linux Kerberos servers can do _far_more_ than that, even for 200x/XP
clients.

Sometimes I think the best marketing done for Windows and Microsoft products is
by UNIX/Linux people because they don't even know what  services and
capabilities are actually offered by UNIX/Linux platforms - be it open source,
commercial, etc...  ;->

>People thing in single products/projects, not breaking down things into
their multiple technologies.
>
>That's all I meant by "artificially limiting."
>
>  
>
Well, MS made extensions to its LDAP implementation by giving it new RPC 
calls for its special MS Kerberos data did it not?

So if I don't break it down, how else would I point out that ADS DC on 
open source is not possible unless these extensions are also available  
in open source implementations of these technoluogies?
>>Even if you think you're right, leave some room for the
>>possibility you're not.
>>    
>>
>
>It has nothing to do with right/wrong.
>There is just this farce out there that you must have ADS or every native
Windows Server 2003 interface to have quality Windows client management.
>  
>
Right, but you got me interested in whether an actual open source 
solution to native Windows MS-Kerberos account management exists when 
you say that Samba 3.0 could be an ADS DC.
>Various teams, including Samba, have done a wonderful job of reverse
engineering many.
>
>But the reality is that if you can avoid deploying services that require
MS' sprawling (and sometimes self-incomaptible) schema,
>then you don't need native MS ADS DCs.
>Enterprises do it all-the-time.
>  
>
and native MS account management on Unix?