Windows 2000/2003 Domain on Linux

Luis Daniel Lucio Quiroz dlucio at okay.com.mx
Tue Aug 10 11:49:45 EDT 2004


I'd like to help, how ever I have linuxchange.com project that is an Windows 
NT infrastructure replacement on une accout for all.  But I was thinking on 
migrating it on a 2k a-like domain that0s whay I ask.

I have read win doc and scaning windows-client trafic when adding into a 
domain but afert a   _ldap._tcp.WINDOMAIN SRV request I dont see any trafick 
of any type.

LD

El Mar 10 Ago 2004 16:55, g.w at hurderos.org escribió:
> On Aug 5,  7:28pm, Thomas Schweizer wrote:
> } Subject: Re: Windows 2000/2003 Domain on Linux
>
> Good afternoon to everyone on the list, hope that the week is
> progressing well for everyone.
>
> > Luis Daniel Lucio Quiroz wrote:
> > > Does anyone has tried to do a Win2k domain under linux?
> > >
> > > Any doc?
> > >
> > > I have al ready runing an configured
> > > Kerberos
> > > DNS - With all SRV entries
> > > Datetime service
> > > SAMBA domain (NT4 style)
> >
> > Well, an ADS domain consists of Kerberos 5, LDAP and DDNS all glued
> > together. It is unfortunately not sufficient just to have all of
> > these services running. As we all know MSFT, they have added their
> > own extensions (PAC, connectionless LDAP,...) to these protocols and
> > the clients do relay on them. Hence it would be necessary to
> > implement quite a lot of them. I think the major goal of Samba 4.0
> > will be the implementation of a complete ADS-compatible directory
> > service. But the time schedule is AFAIK not very concrete. So you've
> > got to be a little patient...
>
> A schedule that is not only not very concrete but ultimately very
> problematic as well, IMHO.  Problematic enough that we launched the
> Hurderos Project to see if there was an appetite for building an OSS
> Active Directory work-alike without entertaining all the problems
> secondary to building a clone.
>
> I've argued myself almost blue in the face with a number of prominent
> members of the Open-Source community over the glaring lack of response
> that OSS has in this area.  Middleware isn't very sexy but its the
> stuff that organizations spend lots of money and time on and don't
> change very much once they have it in place.  I think that AD has the
> potential to be one of the most overlooked cards that can be played in
> the arena of proprietary lock-down in the enterprise.
>
> AD's current Kerberos implementation may be 'RFC compliant' but this
> list is full of documentation for how little that means when it comes
> to making multiple implementations inter-operable.  If I was a CIO of
> a major corporation it wouldn't take me very long to be sold that AD
> 'just works' with the desktop and the host of other very popular
> applications that organizations depend on.
>
> Once that happens uprooting an increasingly complex and expansive AD
> implementation is going to be more and more problematic.  This opens
> the door for cutting the legs out from under the infiltration pathway
> that OSS solutions have been using in the enterprise.
>
> If I were a betting man I would wager that an exact Samba 4.x AD clone
> will be the arena where patent litigation gets used to slow down
> Open-Source.  Building a clone in this space is going to involve
> treading very close to some sensitive legal ground.
>
> > Cheers.
>
> It will be interesting to see how all this plays out.  In the meantime
> we are focusing on trying to give the community an alternative.
>
> }-- End of excerpt from Thomas Schweizer
>
> As always,
> GW
> ---------------------------------------------------------------------------
>--- The Hurderos Project
>          Open Identity, Service and Authorization Management
>                        http://www.hurderos.org
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos



More information about the Kerberos mailing list