Phil Mayers <[EMAIL PROTECTED]> wrote: > Why would samba4 be any different that samba3 in that regard?
Because Samba4 will be a full-fledged AD domain member. Samba3 is a second-class citizen of an AD domain, as it implements NT domains. > I assume we are talking about the same thing (samba as a member > server with a "real" microsoft PDC) in which case the code that > would need adding would be an API on the windows side - AD realms > (in fact NT domains all the way back to NT4 IIRC) can already store > the password in "reversibly encrypted" plaintext to support CHAP > (only via IAS and only running on the physical PDC) or Digest MD5 on > HTTP. Yes. And once Samba4 is a full-fledged member of an AD domain, the other AD servers will happily replicate data to it... including the clear-text password. Samba4 can then expose it in the userPassword field. The reason IAS works is that it does super-secret magic Microsoft calls that no one has figured out. If Samba4 is a member of the AD domain, it doesn't have to figure out those calls. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
