From: Feizhou
> I know what a Kerberos authentication system is.
> You mean a core component in Samba 3.0's functionality as an ADS client.
You're still artificially limiting your understanding.
Kerberos (with the MS extensions in the case of 200x/XP) is how objects authenticate each other and grant tickets for access in a Kerberos realm.
Samba can use Kerberos how it sees fit.
As a client/member server (with MS Extensions) to native MS ADS DCs,
or to 200x/XP clients in the absence of native MS ADS DCs.
The issue is when you have native MS ADS DCs,
because Samba doea not understand MS ADS DC-to-DC replication.
Otherwise, the authentication process to clients is no different.
But that's only authentication.
Again, stop thining "aggregate," think naming, directory, authentication and file services individually.
