[Samba] Samba 2.0.0 and Active Directory 2003

John H Terpstra jht at samba.org
Tue Apr 12 19:05:07 GMT 2005


On Tuesday 12 April 2005 12:53, Thomas, Richard C. wrote:
> We have an AIX 4.3.3 box with Samba 2.0.0. Is Samba 2.0.0 compatible
> with Active Directory 2003 with respect to making it a Domain member using
> Kerberos authentication?

No. Only Samba-3.0.x has the ability to be compiled with MIT or Heimdal 
Kerberos support to enable it to join an ADS domain as a kerberized client.

Samba-2.0.0 is very old and does not support many features that have been 
added during the life of the Windows 200X series of servers and clients. 
Additionally, there have been many security releases and updates since 2.0.0 
shipped and it would be most unwise to use a version that old today unless it 
is wholly contained within a private network space.

> The requirement for SMB signing in our AD 2003 has been disabled so this
> should not be an issue.

Samba-2.x does not have support for schannel and smb signing, Samba-3.x does 
have this support and it is desirable to operate with these security features 
enabled.

I recommend that you update to Samba-3.0.14 or later.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.


More information about the samba mailing list