[KLUG Members] LDAP and Active Directory

[Bryan-TheBS-Smith]

Mike Williams wrote:
> I have on my practice network, a Windows 2000 Server and a
> Linux box running roughly SuSE 7.1.  I would like the Linux
> box to act like an Active Directory Domain Controller and
> synchronize with the 2000 server. 

<SMART@$$ MODE>
Yeah, Linux should ship 'out-of-the-box' supporting all latest Windows
networking interfaces.
</SMART@$$ MODE>

> Active Directory sits on top of LDAP and Kerberos,

Who told you that?  AD is an Windows-specific implementation of LDAP
using a modified Kerberos protocol.

Novell NDS is also LDAP, so Linux should also directly support it with
OpenLDAP, right?

> and both of the above can run on Linux,

A lot of people look at the SMB spec and think they can write an
SMB-compatible server.  Then they realize the specs don't match the
implementation.

> I think this should be possible, but I have almost no
> idea how to make it work.

Dozens of people are working on it.  I'm not familar with all the
projects that have splintered out of Samba to address the various
Windows-centric protocols, but you might start with the Samba/SambaTNG
home pages.

A better approach might be to just use legacy SMB interfaces with a
network of UNIX servers using native LDAP/Kerberos, and possibly check
out OpenAFS as well.

The more Windows-centric protocols you use, especially relatively new
ones, the less alternatives you have and more frustrating Windows
networking becomes.

-- TheBS

-- 
Bryan "TheBS" Smith    mailto:b.j.smith@ieee.org   chat:thebs413
Engineer  AbsoluteValue Systems, Inc.  http://www.linux-wlan.org
President     SmithConcepts, Inc.   http://www.SmithConcepts.com
----------------------------------------------------------------
"Men tend to be better at dealing with visual concepts, while
 women are better at complex lignuistic communication.  Yes,
 men are from Macs, women are from VMS." -- Erwin, User Friendly