[Samba] AD Functional Level vs very old SaMBa member server
Rowland Penny
rpenny at samba.org
Fri Mar 10 13:04:32 UTC 2023
On 10/03/2023 12:31, Tamás Németh via samba wrote:
> Thank you for your help. I'm further analyzing the problem: I'm trying to
> migrate to a brand new SaMBa server, but the deadlines are too tight, and
> it's possible I won't be able to finish in time. So, preparing for this
> worst case scenario:
So you have had over 10 years to upgrade and now everything has to be
done in a rush, (though your idea of rush and mine appears to be different).
>
> What if I enable the 'domain logons' option on a fairly up-to-date SaMBa
> MEMBER server in this AD?
You cannot do this, 'domain logons' is an NT4-style thing and doesn't
work with AD.
Can this new SaMBa MEMBER server (despite not
> being a DC) serve as "proxy" server as the 'password server' for the
> ancient fileserver?
No, the administrators of truths in an AD domain are the Domain
Controllers, that is where the passwords etc will come from.
Do i have to rejoin the domain with the ancient SaMBa
> or is it enough to restart it? Anyway: Can a MEMBER server provide 'domain
> logons' service and act like a proxy between an ancient member and a
> kerberos based AD?
No, several times, No
I am beginning to think that everything in your network is ancient, next
you will be telling me that you are still using XP.
Rowland
More information about the samba
mailing list