[email protected] wrote: > I just scroll through the items and see WINS and NetBIOS. > I am not sure, if WINS is needed anymore. > From my point of view, modern Windows Clients donĀ“t need or use it. > Microsoft suggested it in the past only for compatbility reasons. > In modern certifications, WINS seems to be ignored. So from my point of > view there is no need anymore. >
I can only think of appliances that require this, and they are fewer and fewer as more and more support ActiveDirectory domains and, not-so-coincidentally, even IPA domains. It probably should just be a "DC" and "Member Server" now. > A suggestion for a new thing could be "Read only Domain Controller". This > is a hype in Microsoft world due to security reasons. Maybe this could be > done via Samba? > The "RODC" is really a Windows Server'ism. Samba has talked about the added 'flags,' but it's really a misnomer on many levels. Even a Windows Server RODC is really still a 'writable' DC, but the other DCs just don't trust it for replication purposes. It's very akin to why Windows requires the GDI (Graphical Display Interface) for applications.** I.e., just like Linux (or even OS/2 before Windows NT) doesn't need a GUI, LDAP doesn't need to be writable at all. It was a choice Microsoft purposely made, then had to 'revert' later ... hence RODC. E.g., when replication was added in the first, post-Michigan LDAP implementation at Netscape -- Netscape hired most of the Michigan LDAP to create a directory for its browser, just like they hired most of the Illinois Mosaic team to create its browser -- they came up with "producers" (writable masters -- up to 4 per LDAP tree, 20+ in 389 v1.1+) and "consumers" (read-only slaves -- unlimited). This continues in the iPlanet lineage -- Netscape licensed its LDAP server to other parties, Sun among others, AOL-Netscape eventually selling the division to Red Hat (2004) -- now version 8 (2005+) in "389 [Directory] Server" (100% open source). So ... the concept of a RODC is really a "consumer" LDAP tree + non-KDC (no Kerberos). It's really that simple. Again, it's really a Windows'ism that doesn't map well to a Samba DC. - bjs **P.S. Even if Windows apps are 100% text-based, even non-GUI WinForms components have GDI dependencies, and the WFC and Visual Studio always includes them (along with MS IE and other things of 1997+ too). This includes the fact that the GDI has to launch for Windows Server "Core," just to give a console (which is stupid IMPO, but Gates made that call personally). When Windows Server 2016 "Nano Edition" was introduced -- the first non-GDI Windows NT release ... EVER -- without the GDI, it broke 100% of existing Windows applications for that reason. -- Bryan J Smith - http://www.linkedin.com/in/bjsmith E-mail: b.j.smith at ieee.org or me at bjsmith.me <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
