--=-zYXq9tBoc4NXejFELJQL
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

I figured it was time to update the list on exactly what I have (and
have not) got working on the move to make Samba4 an 'Active Directory'
compatible domain controller.

It has been demonstrated that a 'CIFS and RPC only' join is possible,
but this is not very interesting, as aside from some additional
information in control panel, it appears 'normal'. =20

There is a long way to go, but we now have a kerberos server, that
actively participates in the domain join. We also join to the 'long'
form of the name.

The kerberos server reads it's data from the same database as Samba4 -
that is, ldb. This work was performed by metze and myself, with lha
(Love Hornquist-Astrand) pointing out numerous bugs, mostly mine, along
the way.

Using clapd (from the IBM project in this area a while back) and DNS
setup, I have enabled the use of kerberos. This involved fixing a
number of kerberos bugs in our GENSEC library, but it's finally settling
down.

This all allows a WinXP join to progress to the stage of attempting to
access our LDAP server. I'm promised this will appear any day now :-)

The next step will be to generate the PAC (as I know how to handle
that), and to wait for an LDAP server to become viable.

Andrew Bartlett
--=20
Andrew Bartlett abartlet@samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet@hawkerc.net

--=-zYXq9tBoc4NXejFELJQL
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBQ/Ynw6AkmCjZ77cRAoqXAJ0VpNFJUIO4ZaK35/fYLAcE7pGarQCghEQN
+rRIEag+bBRpegZ0fmfG638=
=Pqgp
-----END PGP SIGNATURE-----

--=-zYXq9tBoc4NXejFELJQL--