Samba PDC/BDC

[Paul Lussier]

Ben Scott <dragonhawk at gmail.com> writes:

> Footnotes
> ---------
> [1] To the best of my knowledge, anyway.  If someone know of a
> working, stable Samba AD DC implementation, please let me know!

Currently it is non-existent.

> [2] I understand work is underway to add AD control eventually, but
> until then, for stable releases of Samba, the only AD support is for
> Samba as an AD member (AD client).

It is a *looooooong* way off.

> [3] I expect that would include keeping the NTLM password hashes in
> LDAP, but I don't really know.

That is correct, which is one of the reasons you can almost
approximate Kerberos authentication with Samba if you use the Heimdal
Kerberos implementation.  Heimdal allows you to store the krb5
passphrases in LDAP, which means Samba can get at them.
-- 

Seeya,
Paul