Samba PDC/BDC
Ben Scott
dragonhawk at gmail.com
Tue Jan 17 12:20:01 EST 2006
On 1/17/06, Bill McGonigle <bill at bfccomputing.com> wrote:
> Hmmm. What I know empirically is that when I setup a linux server to
> participate in an AD domain, to authenticate the AD users I need to
> have k5 and winbind working on the linux machine. Without Kerberos,
> you go nowhere fast.
Yes. Samba uses Kerberos when running as an AD domain member (AD
client). It needs to, because AD uses Kerberos as an authentication
mechanism. Samba is also an LDAP client in the same role. In this
role, Samba is joined to the AD domain, more or less the same way a
"real" MS-Windows client would be. When other computers try to access
resources being shared by Samba, Samba checks the credentials from the
other computer against Active Directory, contacting an AD DC if
needed. If you use "smbclient" or whatever to contact another AD
member, you can use AD to authenticate yourself.
However, Samba does not support running an AD Domain Controller (AD
server). You need a Windows Server(TM)(C)(R) for that.
Samba can be an NTLM DC or an NTLM domain member, but NTLM does not
use Kerberos, LDAP, DNS, or anything else beyond NetBIOS and MS RPC.
-- Ben
More information about the gnhlug-discuss
mailing list