[EMAIL PROTECTED] wrote:
Brett Lymn wrote:
So, regarding these claims of interoperability, can you put
LDAP+Kerberos+DNS services on an OpenBSD in a network of Windows clients
and removed the need for any other machines running AD?
have a look at this:
http://www.kernel-panic.it/openbsd/pdc/
Thanks, it clarifies that it is possible to serve standard LDAP, at
least, to AD clients with the help of Samba. It also looks like it
might save some time/effort/money by reducing the number of unsecurable
systems on the server end of things.
Samba leads to this item from July 2006:
"It so happens that Microsoft Windows clients depend
on and expect the contents of the unspecified fields
in the Kerberos 5 communications data stream for their
Windows interoperability, particularly when Samba is
expected to emulate a Windows Server 200x domain controller.
But the interoperability issue goes far deeper than this.
In the domain control protocols that are used by MS Windows
XP Professional, there is a tight interdependency between
the Kerberos protocols and the Microsoft distributed
computing environment (DCE) RPCs that themselves are an
integral part of the SMB/CIFS protocols as used by Microsoft."
From "Active Directory Replacement with Kerberos, LDAP, and Samba"
Chapter 11. Active Directory, Kerberos, and Security.
_Samba-3 by Example_
July, 2006
So the kerberos question still remains unless there is more recent
material somewhere that can show that these problems have been resolved.
I would have expected some documentation.
As of 2002, definitely not:
http://www.pcworld.com/article/id,97504/article.html
If you don't need to supoort Windows Vista client machines, you should be
all right.
Nope.
My clients are stuck with windows (ISVs and Exchange groupware features),
but one day...
MS Exchange was one of the productivity killers I referred to earlier.
For people that use e-mail, it's an albatross. For people that need to
use e-mail for their job, well, they can't work.
We plan to evaluate Kolab or Citadel soon.
Regards
-Lars
