samba - Feb 2001 - Samba authentication against W2K Active Directory

Please could a Samba developer or user answer these questions.  

Background:  We use Samba for serving files, and it has worked extremely
well in this simple mode for 20,000 plus users in this university for the
previous 3/4 years.  Thanks to all those involved for this excellent
software.  

We are soon to implement Windows 2K and Active Directory as the university's
primary authentication mechanism.  We will still want to serve files from
the existing Samba servers.  Currently, our Samba servers authenticate
against existing NIS services running on Unix which will become redundant
once W2K/AD is up and running.   

1. Will the LDAP support being developed in Samba be sufficient to
authenticate requests for Samba shares against Active Directory running
under a w2k server?
  
2. Will other software be required in such a configuration (OpenLDAP)?.

3. When will the LDAP support become product, both product baseline and
expected date?  Is there any product LDAP support in 2.2.0?  

4. Can Samba do this sort of LDAP authentication as a stand-alone fileserver
or does it need to be configured as a DC?

I would be very grateful for any feedback from anyone who has already
trialled this sort of configuration.

Andrew

=====================================================================Dr Andrew
Boswell	              email : A.Boswell@uea.ac.uk
School Liaison Consultant       phone : +44-1603-593856
IT and Computing Services       fax   : +44-1603-593467
University of East Anglia	  Room  : ITCS 0.09A
Norwich, NR4 7TJ, UK

On Wed, 28 Feb 2001 09:52:25 Boswell Andrew Dr (ITCS)
wrote:
> 
> 1. Will the LDAP support being developed in Samba be 
> sufficient to authenticate requests for Samba shares 
> against Active Directory running under a w2k server?
>   
> 2. Will other software be required in such a configuration
> (OpenLDAP)?.
> 
> 3. When will the LDAP support become product, both 
> product baseline and expected date?  Is there any product 
> LDAP support in 2.2.0?  
> 
> 4. Can Samba do this sort of LDAP authentication as a 
> stand-alone fileserver or does it need to be configured 
> as a DC?
> 
> I would be very grateful for any feedback from anyone 
> who has already trialled this sort of configuration.
Andrew,

Samba 2.0 is able to act as a member of a native Windows
2000 domain as long as the DC is still offering service
to "pre-Windows 2000" clients (this means netbios and 
ntlmv1 is still enabled).  The proposed LDAP backend support
is not necessary for this.




cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter@valinux.com
       http://www.samba.org/       SAMBA Team          jerry@samba.org
       http://www.plainjoe.org/                     jerry@plainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )