[Samba] Server authentication

Michael Wood esiotrot at gmail.com
Mon Aug 19 03:01:38 MDT 2013


On 19 August 2013 09:58, Miroslav Prýmek <m.prymek at gmail.com> wrote:

> Hello,
> I can't find any precise technical information about how the client
> computer in Windows domain (NT,AD) verifies the identity of the PDC. Can
> you please point
> me to any source of relevant information or give me a brief explanation?
> Situation:
> I'm going to replace a Windows Server 2003 PDC with samba. I've
> successfully extracted the PDC's ldap contents (with ldifde tool) and
> account passwords (ntds.dit and system hive copied, data extracted, all
> password hashes cracked).
> Problem description:
> If I install samba3 as PDC, populate LDAP with the data dumped from WS,
> copy the users' data and shut down the old PDC, would the client computers
> notice the change? Would I have to re-add all the computers to the new PDC
> or not?
> i.e. would the users notice the server change or not?
I believe that once a Windows client has been joined to an AD domain it
will not work with that domain converted to an NT-style domain.  (e.g. if
you had upgraded a Samba 3 PDC to a Samba 4 AD DC and your clients
interacted with the new DC, you would no longer be able to shut down the
Samba 4 DC and boot up the Samba 3 PDC and still have the clients working
properly without rejoining them to the domain.)  At least that's the
impression I got from previous discussions on the Samba lists.

So I think you would have to rejoin all the machines to the domain.

> I'm interested in behavior of Win XP, Vista, 7 and I can't install samba4.
> Thank you for any suggestions and pointing to further reading.
> M. Prymek

Michael Wood <esiotrot at gmail.com>

More information about the samba mailing list