[Samba] how 2003 domain can force samba to use ADS mode

pablo at compugenic.com pablo at compugenic.com
Sun Nov 23 20:48:04 GMT 2008

I've inherited someone else's 2003 domain.  Upon trying to join a new
samba server to the domain using 'security = domain' mode, I realized
the 2003 DC's were not having it.

I setup a krb.conf file, added my 'realm = ' line to smb.conf, and
changed 'security = domain' to 'security = ads'.  I was then able to
join the 2003 domain using 'net ads join ...'.

My question is where & how is the 2003 domain forcing the use of
kerberos authentication to join a domain?  I've looked thru all the
GPO's and googled this, but am still at a loss.

I mainly want to know now for educational purposes.  It's not urgent, as
samba is working fine in ADS mode.  But this will drive me nuts until I
figure out how it's doing this.

TIA for your help.


More information about the samba mailing list