[Samba] samba 4 authenticate with samba 3 ldap schema
Rowland Penny
rpenny at samba.org
Thu Jun 26 08:15:52 UTC 2025
On Thu, 26 Jun 2025 09:16:23 +0200
Andrea Zagli <azagli at libero.it> wrote:
> Rowland Penny via samba <samba at lists.samba.org> writes:
>
> > On Wed, 18 Jun 2025 20:49:31 +0200
> > Andrea Zagli <azagli at libero.it> wrote:
> >
> >> Rowland Penny via samba <samba at lists.samba.org> writes:
> >>
> >> > On Wed, 18 Jun 2025 15:39:43 +0200
> >> > Andrea Zagli via samba <samba at lists.samba.org> wrote:
> >> >
> >> >>
> >> >> Hi
> >> >>
> >> >> as the object: i have a samba 4 standalone server and i want to
> >> >> authenticate it using the openldap created for the samba 3
> >> >> domain controller
> >> >>
> >> >> is it possible?
> >> >>
> >> >
> >> > Yes, it is still possible to set up Samba as an NT4-style PDC,
> >> > but I suggest you do not, that requires NetBIOS which requires
> >> > SMBv1 and that isn't secure. I suggest you investigate setting
> >> > up a Samba AD domain instead.
> >> >
> >> > Rowland
> >>
> >>
> >> sorry, i think i explained myself badly
> >>
> >> i don't want to have a samba 4 PDC NT4 (and neither an AD domain)
> >
> > What you are describing, while it might not be a PDC, is nearly the
> > same thing and as such, is subject to the same problems. You will
> > need to use SMBv1
> >
>
>
> not a problem to use SMB1
Possibly not for you, but it is a very insecure protocol, it is
deprecated everywhere and is highly likely to be removed everywhere. It
is only hanging on for historical reasons and Microsoft is begging
people to not use it.
You seem to be trying to set up the next thing to an NT4-style PDC and
I cannot recommend you do this and I will not help you shoot yourself
in the foot. Another reason for not helping is, it must be over ten
years since I set up a PDC and I have forgotten how to and I do not
intend to rediscover how to now.
In the time this thread has been discussed, you could easily have set
up a new AD domain and the fact that you have more than one standalone
server alludes to you really requiring a domain.
Rowland
More information about the samba
mailing list