Starting to look like Active Directory...

Andrew Bartlett abartlet at
Sun May 4 05:33:46 GMT 2003

On Sun, 2003-05-04 at 14:07, John H Terpstra wrote:
> On Sun, 4 May 2003, Andrew Bartlett wrote:

> >
> > Where should we go from here?  Start disabling things, until it breaks
> > back into NT4 - but what do we loose by doing that?   Start providing an
> > example DNS zone file?
> Yes. We have no choice - we must move forwards. We need to interoperate
> cleanly with NT4 and Win 200x.
> I have no objection to specifying that we support ADS mode operations ONLY
> with Dynamic DNS. That is becoming the norm in DNS operations anyhow. This
> way we can use samba to register the correct zone info for ADS mode
> operations.

The problem is that existing operations with win2k clients are starting
to use ADS features.  The difficult bit is deciding how we should 'back
down' without breaking other features.

Anyway, I think my previous set of tests might have been on the reverse
- getting Samba to trust win2k.  I've setup Win2k to trust Samba, after
setting up the DNS, and adjusting the way the trust accounts work.

After fiddling with allowing my 'samba' identity (not an administrator
on the AD domain) to log onto the DC, I got a login!  It picked up my
profile and seems to work!

It doesn't like getting lists of users and the like, probably because
the DNS server tells it that LDAP is there, but that's actually
OpenLDAP, and not an AD schema...

The main detail I had to change was this:

The domain trust account used by the Win2k domain in the netlogon is
"" not AD$ as I had previously done.  (I have played
with this before we got our ADS changes).  Note the trailing "."

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list