[KLUG Members] LDAP and Active Directory

[Adam Tauno Williams]

>>Active Directory sits on top of LDAP and Kerberos,
>Who told you that?  AD is an Windows-specific implementation of LDAP
>using a modified Kerberos protocol.

Active directory is really an LDAP server in only the loosest sense of the
term.  It still (like NT4 domains) relies on alot of RPC stuff.

If they would open up on the format of the Kerberos PAC,  supporting their
implementation would be "trivial".  They did *not* *break* kerberos,  thier
kerberos interoperates with "standard" kerberos,  only WinY2k clients loose many
(most?) of the advantages of beloging to a domain.

>Novell NDS is also LDAP, so Linux should also directly support it with
>OpenLDAP, right?

OpenLDAP and NDS play quite nicely,  or so I have been told by lots of people. 
The only thing *I* have ever done with Novell products is replace them. :)
 
>>and both of the above can run on Linux,
>A lot of people look at the SMB spec and think they can write an
>SMB-compatible server.  Then they realize the specs don't match the
>implementation.
>>I think this should be possible, but I have almost no
>>idea how to make it work.
>Dozens of people are working on it.  I'm not familar with all the
>projects that have splintered out of Samba to address the various
>Windows-centric protocols, but you might start with the Samba/SambaTNG
>home pages.

Samba 2.2.x can act as a NT4.0 domain controller quite adequately (a few
caveats),  and use OpenLDAP as a backend.

>A better approach might be to just use legacy SMB interfaces with a
>network of UNIX servers using native LDAP/Kerberos, and possibly check
>out OpenAFS as well.
>The more Windows-centric protocols you use, especially relatively new
>ones, the less alternatives you have and more frustrating Windows
>networking becomes.

True.

Systems and Network Administrator
Morrison Industries
1825 Monroe Ave NW
Grand Rapids, MI. 49505