Samba PDC/BDC

[Ben Scott]

On 1/16/06, Thomas Charron <twaffle at gmail.com> wrote:
>   Umm.  Note the features in Samba 3.0:
>
> 1)  Active Directory support.  Samba 3.0 is now able to
>      join a ADS realm as a member server and authenticate
>      users using LDAP/Kerberos.

  As everyone else pointed out, that means Samba 3.0 can be an AD
member (an AD client), but not a Domain Controller (an AD server). 
Microsoft's terminology is confusing (no surprise):

- A "domain controller" provides domain management services.  Unlike
nix, this isn't just a matter of running another process or two.  With
NT4, you actually had to choose this during OS install, and couldn't
change it later.  (That's right, you had to *reinstall the operating
system* to change a domain controller's status.  Great design there,
Microsoft.)  With 2000 and later, you (re)configure using DCPROMO (but
still have to reboot).

- A "member server" is a computer running Windows Server, but acting
as an AD (or NTLM) client.  (Remember, this is Microsoft's reality,
where you have to pay big bucks for the privilege of having more then
five people use a computer at once.)  So all DCs are servers, but not
all servers are DCs.

- A "client" is a computer running Windows Pro/Home/Workstation/etc. 
(Computers running non-Microsoft OSes don't exist.)

- A "domain member" (server or client) is an AD client.  A
"stand-alone" computer (server or client) has no knowledge of any
domain, period.

  The part in the Samba docs about being able to "authenticate users
using LDAP/Kerberos" means that the Samba server can authenticate
clients of the Samba server using AD (including LDAP, Kerberos,
MS-RPC, and chicken bones), rather then NTLM (moldy chicken bones).

-- Ben "I sometimes regret knowing this stuff"  Scott