I have actually set this up as an NT domain, as close to ADS as I could
possibly get. The implementation was a little tricky, but it involves
(heimdal)kerberos, sasl, openldap, pam, djbdns, dhcp, and samba. A web
document I had found helped me significantly when I approached technical
Along the lines of replacing ADS, I think this is as close as you may get.
The thing that sets Microsoft's ADS apart is that they use a form of Remote
Procedure Calls that implements a lot of the leg work. This makes microsoft
incompatible against samba.
In AD mode, a Microsoft computer won't authenticate against a linux host
(though it would as a PDC in NT mode) since it would be trying to communicate
in misc forms of RPC talk. On the flip side, it should be possible to
authenticate samba against ADS. Here is a tool that allows for flexibilty
with authentication under windows:
As far as drawbacks, that's it. I haven't seen anything wrong with doing it
NT style, and with all of the added bells and whistles.
I don't know the specifics, but the SMB-TNG is a lot more bleeding edge
technology when it comes to samba in an enterprise environment. It may
provide you with a solution closer to what you are looking for:
I had a lot of fun setting this up! ;)
On Monday 25 April 2005 04:25 am, Rene Zbinden wrote:
> Has anyone experience using samba as PDC and BDC with OpenLDAP as backend?
> Is it possible to totally go away from Windows Active Directories Servers
> to the above solution? What are the Drawbacks?
firstname.lastname@example.org mailing list