[OpenIndiana-discuss] Any document for Samba and LDAP integration

[Christopher Chan]

On Wednesday, January 23, 2013 04:41 PM, Jim Klimov wrote:
> On 2013-01-23 06:41, Christopher Chan wrote:
>> On Wednesday, January 23, 2013 10:39 AM, Robbie Crash wrote:
>>> How full featured of a DC are we talking about in terms of Microsoft AD
>>> compatibility?
>>>
>>
>> Nil unless someone builds a samba4 package.
>
> I believe, older Samba's support a limited DC of older (contemporary)
> Windows - namely, keeping track of computer, user and group accounts.
> Probably, if coupled with an LDAP/DBMS backend common to a DHCP service,
> this can be a full-enough solution for many shops.
Which is not AD and therefore the answer is still nil. Older samba 
supports NT domains but that, as you know, is not AD.

>
> Samba4, AFAIK, as a main feature, adds support for storage of group
> policies which are important for centralized domain management, and
> thus can replace Win2003/2008 domains. And probably adds support for
> newer protocols, encryption methods, etc. as applicable.

samba4 can be a complete replacement for a Windows AD DC. That's more 
than just supporting group policies, it is tying directory services, 
kerberos and dns management all together in a manner that Windows 
clients and servers expect.

>
> Also, old and new Samba can be a DC backing up the native MS AD DC,
> which may be a step in migration strategy also.

Wrong. Please make sure you know what you are talking about before you 
make assertions. Only samba4 can be a replication partner to a native MS 
AD DC. samba3 has no such ability but samba3 daemons will be necessary 
to provide SMB2/CIFS and printing services but none of the AD functions.

>
> But I disclaim that I know of this "from aside", thought of implementing
> this stuff in a LAN but never got around to it so far.

Well, I have a production samba3 file server tied into a Windows AD so 
perhaps I am in a better position than you to say what can or cannot be 
done with "old/new" samba versions.