On 6/26/07, Amos Shapira <[EMAIL PROTECTED]> wrote:
Hello,
I kept hearing that Samba 3 can join and do anything as a Windows
Domain Controller even better than Windows itself.
But now that I need it to replace a Backup Domain Controller (fka
Secondary Domain Controller?) to a Windows 2003 Active Directory
server I keep bumping into the following worrying FAQ:
You need to get your terminology straight first.
There's no such thing as a "PDC" or "BDC" in an Active Directory
environment - especially a 2003 AD environment.
There are PDC and BDC _emulator_ roles, which are only necessary if
you're in a mixed-mode network - I.E. you have both AD
(Win2000/2003,XP) and non-AD (NT 4) servers in your network.
However, this quote from chapter 4 of the SAMBA-3-HOWTO would indicate
you're out of luck
===
Samba ADS Domain Control
Samba-3 is not, and cannot act as, an Active Directory server. It
cannot truly function as an Active Directory PDC. The protocols for
some of the functionality of Active Directory domain controllers has
been partially implemented on an experimental only basis. Please do
not expect Samba-3 to support these protocols. Do not depend on any
such functionality either now or in the future. The Samba Team may
remove these experimental features or may change their behavior. This
is mentioned for the benefit of those who have discovered secret
capabilities in Samba-3 and who have asked when this functionality
will be completed. The answer is maybe someday or maybe never!
To be sure, Samba-3 is designed to provide most of the functionality
that Microsoft Windows NT4-style domain controllers have. Samba-3 does
not have all the capabilities of Windows NT4, but it does have a
number of features that Windows NT4 domain controllers do not have. In
short, Samba-3 is not NT4 and it is not Windows Server 200x: it is not
an Active Directory server. We hope this is plain and simple enough
for all to understand.
===
My read on that is that while Samba can be an AD member server, it
can't be a domain controller, or host any of the emulator roles
provided by AD domain controllers.
You'll need to install another WindoZe box and DCPROMO it to get the
distributed domain controller functionality you want.
DaZZa
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
