As a member of the Samba development team working on Samba4, I'm
interested to try and gain some more integration with directory vendors,
as we work out how our projects might work together.
I see Samba4 as a powerful addition to any directory or identity
management solution, able to provide an AD Domain Controller-like
front-end to Native windows clients. In particular, this is about
deploying non-Microsoft directories on windows networks, without falling
back to the 'MIT compatibility mode' or inter-realm trusts to handle the
'single sign on' and 'identity management part of it.
Samba4 is at this time able to act as an AD domain controller, including
providing LDAP, Kerberos (including the PAC) and RPC logon services. We
are accepted as AD by Win2k, WinXP and Win2k3 clients. (I am working on
Mac/Samba/similar clients).
While Samba4 includes it's own LDAP server, we have made extensive
provision to back our data onto something like Fedora Directory, but I
want to work with fellow interested developers on the details: What
would be reasonable for each end of the connection to do, particularly
as we try and map behaviours/schemas/expectations.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team
http://samba.org
Student Network Administrator, Hawker College
http://hawkerc.net