Current ideas on kerberos requirements for Samba4

Stefan (metze) Metzmacher metze at
Wed May 25 11:44:18 EDT 2005

Hash: SHA1

Michael Ströder schrieb:
> Andrew Bartlett wrote:
>>On Tue, 2005-05-24 at 08:09 -0500, Gerald (Jerry) Carter wrote:
>>>I'm not getting into this thread for obvious reasons, but
>>>I think this is a very dangerous statement (and assumption)
>>>to make. You are claiming to match against AD.  That's a
>>>big order from the LDAP side of things.  People will expect
>>>you to get the LDAP part right if you are taking it over.
>>Indeed, and this is actually something that I do worry about with Samba4
>>going forward.
> Will Samba4 implement the very same LDAP schema like MS AD? You might
> have to since some LDAP-based management applications assuming to access
> AD might expect certain schema elements. And maybe you also have to
> implement some very special things like handling of attribute
> 'unicodePwd' etc.
yes, but we still need to analyse what is so special with this attribute...

the current idea is this:
a) we are the first DC in the ADS Forest:
   then we provide a very small part of the real MS AD schema,
   just enough to provide services for standard MS Clients
b) if we are not the first DC in the Forest, we just fetch the Schema Partition in the first
   replication cycle from an existing DC in the forest. And then we have the same schema
   as all other DC's

- --

Stefan Metzmacher <metze at>
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird -


More information about the krbdev mailing list