What does the Samba Team plan to do to
integrate Samba servers into native Windows
2000 domains?
The Samba Team hope to gain more volunteers to
help with this
effort. There are basically three areas of
functionality in regards to
this.
A Kerberos 5 client implementation in Samba
that understands
the proprietary MS PAC
A UNIX based Kerberos 5 KDC that can issue
Windows 2000
PACs
The ability to read data from an Active
(i.e. LDAP) Directory
Server via the authorization credentials
(TGT) received from
the Windows 2000 Domain KDC
If SAMBA is the ONLY server in a system with MS clients, and assuming a
KDC
and a LDAP server set up to use MS schema etc, WHY is a PAC with
information
which is just in the LDAP schema anyway required. The KDC could
generate a
dummy PAC, it is encrypted so that the client cant interfere with and
just passes it
around. When SAMBA get the tokens for a user requesting authentication
it can
ignore the dummy PAC and get required info via LDAP.
cheers
Jim