FW: [Samba] AIX and libldap.a

Jim McDonough jmcd at us.ibm.com
Sat Apr 16 00:05:38 GMT 2005

>As far as I know, no ldap or kerberos means no support for Active 
>Directory "net ads".
Yes, true.

>In other words, you won't be able to join as a member server of a 2000 
>or 2003 AD in native mode, but old fashioned NT40 "net rpc" commands 
>ought to work with a NT40 PDC or 2000 in mixed mode.  Or just old peer 
>to peer workgroup.  Maybe someone who's used samba3 "net rpc" or "net 
>rap" will correct me if I'm wrong.
Well, you're halfway here.  You _can_ *absolutely* join as a member server 
of a 2000 or 2003 AD in _native_ mode (yes, native mode!).  You just won't 
be doing things via krb/ldap, you'll be doing it using rpcs.

Remember, an NT server can join a native mode domain.  It just can't be a 
_DC_ of that domain.  That's what native/mixed is about...domain 
controllers, not server.

However, there is another setting that you specify when you promote the 
first DC of an AD domain...whether or not you have any pre-win2k machines 
(and yes, you can go back by adding "Everyone" to the group "Pre-Windows 
2000 Compatible Access".  That's the setting that determines whether you 
can join/function in an AD domain.

Everything else you say in that paragraph is correct.

Sorry, it's just a common misconception that MS has done nothing to 
dissuade people from thinking (after all, you'll buy more licenses if you 
think you have to).

Jim McDonough
IBM Linux Technology Center
Samba Team
6 Minuteman Drive
Scarborough, ME 04074

jmcd at us dot ibm dot com 
jmcd at samba dot org

Phone: 1-877-228-1846
IBM tie-line: 349-5335

More information about the samba mailing list