W2K Native-Mode

[Scott Armstrong]

Without going too deep into it, the reason that W2K Native mode breaks Samba is because Native Mode no longer supports NT Challenge/Response Protocol which is how Samba authenticates users. When you activate W2K Native mode, you are essentially saying that you no longer need support for any other client other than other Windows 2000 systems running Active Directory. To make Samba conform to this requirement you must then make it act as a Windows 2000 Server - not an NT Server. To accomplish this, you need Samba a mechanism for working with Microsoft's implementation of Kerberos V5 to authenticate them and SSL enabled (and perhaps kerberized)LDAP to traverse through Active Directory. While this is by no means an insurmountable obstacle, it means that it's no trivial task for Samba's maintainers to build it in. Since I believe that even in Native mode, it will still work in trust relationships with other NT domains, it might be possible to implement it through a workaround with Samba as a member server of a domain that trusts the Windows 2000 Domain. This might further be extended by making a trust possible between a Samba PDC and a Windows 2000 Domain, although I would imagine this requires more work.

Scott


-------------- next part --------------
HTML attachment scrubbed and removed