[Samba] Windows XP SP3 cannot join to the Samba AD domain on Debian 11 4.17.10

Paulo Cesar paulo_rallye at yahoo.com.br
Thu Sep 14 17:42:38 UTC 2023

Hello everybody!

First of all, I'm sorry for the delay sending this response. In the last few days, I was also able to test a 32-bit version of Windows 2003 Server which, like the 64-bit version, worked correctly in the basic tests I ran (joining the domain and user authentication), without any need to modify the related parameters to the KDC, as occurred in the case of Windows XP SP3. I would like if someone could confirm this Windows XP SP3 behavior using a different OS installation image, just to rule out the possibility that the failure is not related to something specific to the installation image used in my case. I'm looking for another Windows XP installation image to carry out more tests, but so far I haven't been able to do so.
I would also like to try to answer some of the questions I received through the message list:
- Andrew Bartlett: Can you please write up a wiki page with these details?
A.: If the problem is confirmed by other people and also the workaround that I sent previously, I believe that the description of the problem with the workaround actions sent to this list would be sufficient. Unfortunately, I don't know where this information could be made available, maybe "https://wiki.samba.org"? 

- Michael Tokarev: which licensing concerns/issues do you have?
A: The organizations I serve do not have Windows 2003 Server licenses in the quantity necessary to replace the Windows XP licenses used and, in addition, some of them undergo external audit procedures that would point out this type of deviation. Here in Brazil, it is also common for Microsoft itself to notify organizations that are using unlicensed software. Another point is that applications that depend on Windows XP have not been approved to work on Windows 2003 Server and, therefore, may not work correctly on that system, a risk that IT personnel do not want to make commitment.

Regarding the general notes about the fact that obsolete operating systems, such as Windows XP, should no longer be in use, I believe that most of us agree with this, however, there are situations that are complex to deal with in the real world . Imagine, for example, an application, built for Windows 2000, in which the system's internal operating rules (RBAC) consume the objects provided through the domain (user accounts and groups) to control access to functions or data in that app, or even, the case where it is necessary to keep a legacy application available by court order until the legal process is completed. I am aware of the efforts that the Samba development team makes to maintain minimum compatibility with older systems and I greatly value this effort. For my part, I am also aware that at some point these old systems simply will no longer be able to use the infrastructure of a domain and work, within my possibilities, so that we have the minimum of problems related to this.
I remain at your disposal if any further clarification is necessary. If I identify any relevant information on the topic I can post it here again.

More information about the samba mailing list