Hello Rene,

I have actually set this up as an NT domain, as close to ADS as I could 
possibly get.  The implementation was a little tricky, but it involves 
(heimdal)kerberos, sasl, openldap, pam, djbdns, dhcp, and samba.  A web 
document I had found helped me significantly when I approached technical 
issues:
http://www.opentechnet.com/auth-howto/

Along the lines of replacing ADS, I think this is as close as you may get.  
The thing that sets Microsoft's ADS apart is that they use a form of Remote 
Procedure Calls that implements a lot of the leg work.  This makes microsoft 
incompatible against samba.

In AD mode, a Microsoft computer won't authenticate against a linux host 
(though it would as a PDC in NT mode) since it would be trying to communicate 
in misc forms of RPC talk.  On the flip side, it should be possible to 
authenticate samba against ADS.  Here is a tool that allows for flexibilty 
with authentication under windows:
http://pgina.xpasystems.com/info/

As far as drawbacks, that's it.  I haven't seen anything wrong with doing it 
NT style, and with all of the added bells and whistles.  

I don't know the specifics, but the SMB-TNG is a lot more bleeding edge 
technology when it comes to samba in an enterprise environment.  It may 
provide you with a solution closer to what you are looking for:
http://www.samba-tng.org

I had a lot of fun setting this up!  ;)

Regards,

Robert


On Monday 25 April 2005 04:25 am, Rene Zbinden wrote:
> Has anyone experience using samba as PDC and BDC with OpenLDAP as backend?
> Is it possible to totally go away from Windows Active Directories Servers
> to the above solution? What are the Drawbacks?
> --
> cheers,
> rene

-- 
gentoo-server@g.o mailing list