[Samba] External Authentication

Rowland Penny rpenny at samba.org
Fri Apr 12 10:44:54 UTC 2019

On Fri, 12 Apr 2019 12:06:14 +0200
Julien TEHERY via samba <samba at lists.samba.org> wrote:

> @Rowland :
> |See the answer above, plus there is a very big hole in your proposed
> |set up, if your clients see the AD DC, they will not contact the NT4
> |PDC again.
> I've seen some setups where a company had a (real) AD domain and a
> samba3 domain working together on the same subnets with win7 or win10
> workstations who could join one or another domain without troubles.
> What you mean is if samba4 domain has the same name as samba3 domain,
> workstations won't be able so see the oldest anymore once joined to
> the new one? Or does it mean that whatever the name of the new samba4
> domain is, if a workstation joins it, it won't be able to join the
> old domain anymore? (never tried it)
> As my POC seems to work well, I intend ton install it in production
> soon. Is it recommended to set the new samba4 domain in production up
> on a different subnet or not?

From my understanding, if you classicupgrade a NT4-style domain to an
AD domain, once your clients see the new AD DC, they will not reconnect
to the old PDC. The classicupgrade reuses the domain name, SID, etc,
this is what matters.


More information about the samba mailing list