[Samba] samba 3 as a pretend DC?

Andrew Bartlett abartlet at samba.org
Fri Apr 4 13:36:55 GMT 2003

On Fri, 2003-04-04 at 08:05, Byars, Jason M wrote:
> Hi, I'm stuck in a network enviroment where ADS has taken over and by 
> the end of the year the main DC's will only allow kerberos
> authentication.  The problem is I have several legacy systems that are
> equipment controllers that can't be upgraded.  They are running
> everything from OS/2 to NT4.  So I need something for them to
> authenticate against using Lanman/NTLM/etc.  
> Would it be possible to configure samba 3 to pretend to be a DC, but 
> instead of autheticating against it's own ldap database, make it
> authenticate against the main kerberos DC's?  Samba has gotten me out
> of several other situations, but I've never investigated using it this
> way before.  Is anyone in a similar situation?  Does anyone know if
> this is possible?  Thanks

If NT and LM authentication is really shut down (and that is not a usual
configuration), then there isn't anything much you can do.

However, this isn't a usual configuration, even for 'native mode' DCs. 

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20030404/b42de4a9/attachment.bin

More information about the samba mailing list