[Release Planning 3.6.] 3.6.0 final on June 21?
zombie_ryushu at yahoo.com
Fri Jun 10 00:28:11 MDT 2011
I have two topics to bring up, one is explaining Samba Domains to Windows Admins, the other is legacy Clients
Topic 1: Samba Domains
I was under the impression that Windows 7 saw Samba Domains are recognized as something other than NT4 Domains. When I try and explain this to lay-people or Microsoft Windows using friends not in the Linux using world I say the following:
Samba Domains appear to be NT4 Domains with NTLMv2 to XP and 2000, and 2000 level file servers, but they are actually an "mutation" of the NT Domain Concept. Samba Domain controllers have no "BDC rank" all Samba Domain Controllers are PDCs, and use multi-master OpenLDAP replication. So all domain controllers are read/write.
Samba File servers in Samba Domains can be authenticated via Kerberos by other Linux clients. Windows 2000 and XP think Samba 3 is NT4 those machines have their Kerberos deactivated. But MIT makes a third party utility to correct this.
Windows Vista is the same way except it doesn't support NT System policies where XP and 2000 do.
Windows 7 on the other hand has specialize instructions to use Windows 2003 Server style negotiation with the NT Style Domain, something to differentiate a Samba 3.4/3.5 Domain from a real NT4 Domain. In this respect Windows 7 explicitly supports Samba 3.4/3.5 and explicitly denies NT4. As such, Windows 7 calls these "Samba Domains".
Is this a correct explanation? It usually raises a few eyebrows among my Windows using peers who understand what NT4 was, understand what AD is, but don't understand this bizarre oddball mutation of NT Domains that Samba has become that breaks all the rules and limitations of NT, while still being "Not quite Active Directory."
Topic 2: Legacy Clients
Back on the topic of Legacy Clients:
Even Samba doesn't reccomend using anything not NTLMv2 capable, and that NTLM/LANMAN was disabled by default. has this changed. (disclaimer: I have one machine that is running LANMAN 2.2 for DOS 5.0.) So I am certain there are still
hold-outs out there that have that one machine that can't run anything other than DOS, Win9x, or NT4.
More information about the samba-technical