[Samba] Re: Vista SP1, Server 2008 joining NT4/Samba Domain
This is a discussion on [Samba] Re: Vista SP1, Server 2008 joining NT4/Samba Domain within the Samba forums, part of the Networking and Network Related category; > It seems, that Vista SP1 and Server 2008 cannot join an NT4/Samba-domain. According to my trials, the ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-20-2008
|
|||
|
|||
[Samba] Re: Vista SP1, Server 2008 joining NT4/Samba Domain
> It seems, that Vista SP1 and Server 2008 cannot join an NT4/Samba-domain.
According to my trials, the above statement is not true. Computer systems running Windows Vista SP1 or Windows 2008 server can be joined successfully to a domain controlled by a Samba 3.0.28a PDC. Opposingly, these systems cannot be joined to a domain hosted by a native Windows NT4.0 SP6 PDC. Unfortunately, netlogon is broken with the newest Samba version 3.0.30, and thus this version cannot be used for any trails in this field. Since Vista and 2008 are able to join a Samba 3.0.28a domain, a Samba server can be used as a proxy server for netlogon. In this way a Vista client is enabled to authenticate and autorize user and group accounts stored in a native NT4 PDC. With the help of a Samba proxy, Vista workstations can be run in an organization which still uses a NT4 PDC. In order to make Samba a netlogon proxy, the Samba server is set up as a PDC and then an interdomain trust is established where the Samba PDC is trusting the NT4 domain. Then the Vista workstations are joined to the Samba PDC. The Samba PDC stores only machine accounts, but no user accounts. User accounts are solely managed by the NT4 domain. This setup works fine for logon, but some other features associated with domain membership fail. So far I was not able to make netlogon scripts run. I also failed to add users of the NT4 domain to the domain groups of the Samba domain. Finally, the 'net localgroup' command has to be used on Vista clients to add NT4 domain users/groups to local groups. The Windows GUI tool for group management completely fails to list users and groups of the NT4 domain. [The listing operation is presumably done via a direct connection between Vista client and NT4 server and without involving the Samba proxy.] Peter Slickers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba 
|
|
06-20-2008
|
|||
|
|||
|
Re: [Samba] Re: Vista SP1, Server 2008 joining NT4/Samba Domain
On Fri, Jun 20, 2008 at 01:04:00AM +0200, Peter Slickers wrote:
> According to my trials, the above statement is not true. Computer systems > running Windows Vista SP1 or Windows 2008 server can be joined successfully > to a domain controlled by a Samba 3.0.28a PDC. > > Opposingly, these systems cannot be joined to a domain hosted by a native > Windows NT4.0 SP6 PDC. > > Unfortunately, netlogon is broken with the newest Samba version 3.0.30, and > thus this version cannot be used for any trails in this field. Can you tell us how to reproduce this? > Since Vista and 2008 are able to join a Samba 3.0.28a domain, a Samba > server can be used as a proxy server for netlogon. In this way a Vista client > is enabled to authenticate and autorize user and group accounts stored ina > native NT4 PDC. With the help of a Samba proxy, Vista workstations can berun > in an organization which still uses a NT4 PDC. > > In order to make Samba a netlogon proxy, the Samba server is set up as a PDC > and then an interdomain trust is established where the Samba PDC is trusting > the NT4 domain. Then the Vista workstations are joined to the Samba PDC. The > Samba PDC stores only machine accounts, but no user accounts. User accounts > are solely managed by the NT4 domain. > > This setup works fine for logon, but some other features associated with > domain membership fail. So far I was not able to make netlogon scripts > run. I also failed to add users of the NT4 domain to the domain groups > of the Samba domain. Same here, we would like to make this work. > Finally, the 'net localgroup' command has to be used on Vista clients to add > NT4 domain users/groups to local groups. The Windows GUI tool for group > management completely fails to list users and groups of the NT4 domain. > [The listing operation is presumably done via a direct connection between > Vista client and NT4 server and without involving the Samba proxy.] This *might* be because Vista assumes AD and is not able to list using RPCs. To diagnose this, a sniff (best done by wireshark on the Vista box) of the failure would be needed. Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFIW17SUzqjrWwMRl0RAnaIAJwL/TKgw6Xjszua+QXMrAPIINz7cwCeNfAw AulRDExj3qkYSjTxtpOHInU= =Feil -----END PGP SIGNATURE-----
|
Linear Mode
