[Samba] Anyone Pls? Domain function levels, etc

Andrew Bartlett abartlet at samba.org
Sun Jan 2 03:39:59 GMT 2005 

On Sat, 2005-01-01 at 21:24 +1100, Christopher Peter Welsh wrote:
> Hi, 
>  
> I have resent this, as I have had no replies so far.  
>  
> I'm gonna have to be putting a good argument to my ICT team against going to 
> 2003 in 2003 server mode ( I think thats what they call the highest mode for 
> 2003 server) to keep samba at our school. I like what windows 2003 has to 
> offer, but do not want to lock samba out forever. 
> I know samba will work at lower mode. And that's what I'm pushing. 
>  
> Can people chip in with some arguments and advice. 
>  
> What is the highest 2003 mode (forest and domain) that we can go to and still 
> have samba function as a member file server? 

I don't know of any limits, so long as Samba is configured correctly.

> Is there really better security in that higher 2003 mode? What in particular? 

There are many things broken security wise in NT, and the compatability
interfaces with it (mostly regarding anonymous access).

> Will winbind (ADS and kerb mode) break? As we use it for squid auth, etc. 

I don't think so, but you really should be doing your own functional
testing, on a test network.
 
> How long before SAMBA can work at the highest level with 2003? 

I don't know of any outstanding issues, but I'll need much more detail
on individual problems.

> I'm feeling that MS have provided some functional incentives to go with the 
> highest mode. Can someone suggest some ways to take the hype out this higher 
> level? I know from my reading, that once we make that jump, there is no 
> turning back 

By slowly moving away from the NT domain modal, MS allows themselves to
do some interesting and better things.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050102/8aaa7b1b/attachment.bin

More information about the samba mailing list