Samba3 domain controller howto?

Mister Olli mister.olli at
Mon Jun 8 11:18:19 UTC 2009


> yes, you are mis-understanding
> samba itself is a NT4-type domain.
not quite right. It depends on the samba version your using.
- samba3 only provides NT4-type domains
- samba4 provides active directory domain types including GPO (I have
such a setup running in 7.<SOMETHING> with around 10 users. It works
quite good, beside the fact that samba segfaults from time to time
(which I covered by running samba4 in foreground within an endless

there is even a new build-option that creates the 'samba franky' release
which uses samba3 & samba4 at the same time to make nearly all samba3
feature in combination with AD environments available, but it didn't
have the time to look into that. But it sounds quite promising, since
samba4 lacks some features samba3 already has.

Mr. Olli

> samba can use authentication backends that include passwd files, LDAP
> and kerberos.  Active directory is a requirement to use LDAP, whereas
> samba is offering it as a auth backend only.
> fine line, I know.
> IOW, whereas Active Directory - as a technology:
>   Uses kerberos for authorization
>   Uses LDAP for a storage backend for Kerberos
>   Uses user at domain logins (thanks to Kerberos),
>   Uses other techs not related to this thread
> NT4-style domains - as a technology:
>   Not using Kerberos
>   Not using LDAP storage
> Samba allows it's authorization backend to offer more possibilities
> than NT4's own methods.  Such as passwd files, LDAP, Kerberos, etc.
> It's technology vs technology, not product vs product.
> On 6/7/09, Olivier Nicole <on at> wrote:
> > Hi,
> >
> >> Samba is still only a NT4-type
> >> DC, no Active Directory type of function (Group Policies, user at domain
> >> logins, kerberos, ldap, etc)
> >
> > I am not sure if I understand you well, but my samba is authenticating
> > users agaiinst LDAP.
> >
> > Best regards,
> >
> > Olivier
> >
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list