From SambaWiki

Samba4 can be a member of an AD or NT4 domain, and is quite a good file server, but currently it isn't very useful.

We have some parts, and a good base to write things from, and this is a TODO list for the rest:

Contents 1 TODO 1.1 Samba3 compatible IDMAP 1.2 Samba3 compatible POSIX ACLs 1.3 Winbindd 2 Key Existing components 2.1 RPC Layer 2.2 net join 2.3 File server 2.4 RPC Server

TODO

Samba3 compatible IDMAP

We need to be able to upgrade Samba3 installations. Even if we must rejoin and reconfigure, we must be able to keep the existing mappings between remote UIDs/GIDs and SIDs.

* A very good start has been made on this by Kai

Samba3 compatible POSIX ACLs

While we have support for NFSv4 ACLs, we do not yet have support for POSIX ACLs, and the translation between them. This requires the IDMAP above, and for sainity should be a similar mapping to what Samba3 uses.

Winbindd

While we have a base for a Samba4 winbindd, it needs a lot of work, including

• Offline mode
• Async LDB integration
• Kerberos ccache management for clients
• NTLM caching support
• PAC/info3 caching
• maybe a persistent LDAP cache using the LDAP_SERVER_DIRSYNC_OID in combination with the LDAP_SERVER_NOTIFICATION_OID would be usefull.
• or maybe a persistent cache using DsGetNCChanges without being a domain controller as we don't want password replicated.

Key Existing components

RPC Layer

The existing RPC layer is now in a very good state to support this work. But maybe some work is needed to add a client side serialization of calls when the authentication protocol doesn't support async calls.

net join

This command exists, and should be sufficient. We also have a SWAT connection to this code.

File server

Most of the fileserver is in a very good shape for this. Perhaps some more options from Samba3 need to be brought over. Parts missing: The stat cache.

RPC Server

Some parts of the SAMR, LSA, NETLOGON servers reply on the fact being a Domain Controller, this needs to be fixed.