[Samba] samba 4 authenticate with samba 3 ldap schema
Andrea Zagli
azagli at libero.it
Thu Jun 26 08:34:46 UTC 2025
Rowland Penny via samba <samba at lists.samba.org> writes:
> On Thu, 26 Jun 2025 09:16:23 +0200
> Andrea Zagli <azagli at libero.it> wrote:
>
>> Rowland Penny via samba <samba at lists.samba.org> writes:
>>
>> > On Wed, 18 Jun 2025 20:49:31 +0200
>> > Andrea Zagli <azagli at libero.it> wrote:
>> >
>> >> Rowland Penny via samba <samba at lists.samba.org> writes:
>> >>
>> >> > On Wed, 18 Jun 2025 15:39:43 +0200
>> >> > Andrea Zagli via samba <samba at lists.samba.org> wrote:
>> >> >
>> >> >>
>> >> >> Hi
>> >> >>
>> >> >> as the object: i have a samba 4 standalone server and i want to
>> >> >> authenticate it using the openldap created for the samba 3
>> >> >> domain controller
>> >> >>
>> >> >> is it possible?
>> >> >>
>> >> >
>> >> > Yes, it is still possible to set up Samba as an NT4-style PDC,
>> >> > but I suggest you do not, that requires NetBIOS which requires
>> >> > SMBv1 and that isn't secure. I suggest you investigate setting
>> >> > up a Samba AD domain instead.
>> >> >
>> >> > Rowland
>> >>
>> >>
>> >> sorry, i think i explained myself badly
>> >>
>> >> i don't want to have a samba 4 PDC NT4 (and neither an AD domain)
>> >
>> > What you are describing, while it might not be a PDC, is nearly the
>> > same thing and as such, is subject to the same problems. You will
>> > need to use SMBv1
>> >
>>
>>
>> not a problem to use SMB1
>
> Possibly not for you, but it is a very insecure protocol, it is
> deprecated everywhere and is highly likely to be removed everywhere. It
> is only hanging on for historical reasons and Microsoft is begging
> people to not use it.
>
> You seem to be trying to set up the next thing to an NT4-style PDC and
> I cannot recommend you do this and I will not help you shoot yourself
> in the foot. Another reason for not helping is, it must be over ten
> years since I set up a PDC and I have forgotten how to and I do not
> intend to rediscover how to now.
>
> In the time this thread has been discussed, you could easily have set
> up a new AD domain and the fact that you have more than one standalone
> server alludes to you really requiring a domain.
>
> Rowland
thanks...
More information about the samba
mailing list