I've been reading some documentation and can't find an answer to my question...
I work in an environment where we have a bunch of Solaris 2.8 servers and a bunch of developers using Windows 2000 and XP desktops. We support a client using a Windows 2000 Server ADS PDC, and they need to map some of the NFS drives on our Solaris 2.8 servers. Currently we run a PCNetLink PDC (don't worry much about that, it's basically the same as a Samba 2 NT4 PDC), and our PCNetLink PDC has a trust relationship to the Windows 2000 Server ADS PDC that our client has. Additionally our internal development staff uses the PCNetLink PDC for user authentication, netlogon services, file sharing, etc. Fairly soon the corporation that both our development group and our client belong to is going to disallow all NT4 domain services, including PCNetLink and legacy mode operations, so we are looking at switching to Samba 3, as we have heard that it can communicate with ADS servers. Here's my question: I would like to move to an OpenLDAP/Kerberos authentication scheme for our Solaris machines and have a Samba 3 PDC using this OpenLDAP/Kerb5 backend for authentication as the PDC for our Windows 2000 and XP workstations. Additionally, I would like to be able to have the same Samba 3 PDC interact with the Windows 2000 ADS Server that our client runs in either a trust relationship or as a member server to allow the customer clients to use the filesharing services on our Solaris servers. From my reading, it seems that the trust relationship is not possible (something about NT4 trusts vs. ADS trusts, and Samba 3 only supporting NT4 trusts). Is it possible to have one samba 3 PDC also be an ADS member server? Is there some better way to achieve what I've described? Thanks for any help. Greg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
