Tomasz Chmielewski
2004-Sep-21 10:50 UTC
[Samba] Samba as Active Directory replacement - is it possible?
Hello, I've been trying to figure out if it's possible to replace Active Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but from what I've found I'm not sure. Is it possible, or partially possible (I don't need every feature of AD)? What additional software (besides Samba) will I need? What functionality will I loose? Where can I find any HOWTOS/documents on this? I spent an hour googling but found nothing promising so far. Tomek ---------------------------------------------------------------------- Startuj z INTERIA.PL... >>> link.interia.pl/f1834
John H Terpstra
2004-Sep-21 15:35 UTC
[Samba] Samba as Active Directory replacement - is it possible?
On Tuesday 21 September 2004 04:49, Tomasz Chmielewski wrote:> Hello, > > I've been trying to figure out if it's possible to replace Active > Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but > from what I've found I'm not sure. > > Is it possible, or partially possible (I don't need every feature of AD)? > What additional software (besides Samba) will I need? > > What functionality will I loose? > > Where can I find any HOWTOS/documents on this? I spent an hour googling > but found nothing promising so far.samba.org/samba/docs/Samba-Guide.pdf Check chapters 5,6,7,9 If you need more information contact me direct. - John T.> > > Tomek > > ---------------------------------------------------------------------- > Startuj z INTERIA.PL... >>> link.interia.pl/f1834-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production.
Andrew Bartlett
2004-Sep-21 23:38 UTC
[Samba] Samba as Active Directory replacement - is it possible?
On Tue, 2004-09-21 at 20:49, Tomasz Chmielewski wrote:> Hello, > > I've been trying to figure out if it's possible to replace Active > Directory with Samba (+ OpenLDAP, Kerberos, DNS etc.) on Linux - but > from what I've found I'm not sure. > > Is it possible, or partially possible (I don't need every feature of AD)? > What additional software (besides Samba) will I need? > > What functionality will I loose? > > Where can I find any HOWTOS/documents on this? I spent an hour googling > but found nothing promising so far.It all very much depends on what you want to do with it. Samba 3.0 is an NT4 level domain controller, as far as windows clients see it, but is fully backed by whatever directory server you attach it to. So, if you just want to move to a directory based system, with the benefits of directory management, then the standard Samba 3.0 will do what you want. If you would like to add kerberos, then it is possible with snapshots of Heimdal kerberos for unix clients to use their 'Samba' passwords for keberos. These are kept in the same directory (and indeed same entries) as Samba's passwords. sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap The other area of ongoing work is in Samba4, were we have demonstrated an 'Active Directory' join of WinXP SP2 to Samba4. This is an ongoing area of research, but also an area that is moving surprisingly fast. More assistance (programming wise) is always appreciated :-) Andrew Bartlett -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : lists.samba.org/archive/samba/attachments/20040922/ae1aa20f/attachment.bin