Until 2 years ago our AD was 2003. And that was a really big headache. And I think they dropped the last win2003 servers quite recently. Since moving to a more recent AD the win guys have been debating moving off NTLM. But it seems there are some oldish applications that don't talk Kerberos and require NTLM. Anyway, it's not my problem. But I thought I would just mention it when I saw your statement, in case anybody else does have NTLM still active.
-----Oorspronkelijk bericht----- Van: Linux on 390 Port [mailto:[email protected]] Namens David Boyes Verzonden: maandag 1 april 2019 07:23 Aan: [email protected] Onderwerp: Re: zLinux authentication on windows AD LDAP If you’ve been running in NTLM compatibility mode for nigh on 20 years (1999 was a long time ago), you’ve got much, much bigger headaches to worry about. There is a chapter in the document I referenced on what to do with NTLM-based authentication sources. Linux is actually a pretty decent AD client and server these days now that AD is relatively free of the weird wire protocols - even works with some GPO operations, which keeps the Windows folks happy. Just out of curiosity, how many pure NetBIOS/LAN Manager systems do you still have? They’re about the only thing I can think of that would still care about the old way. Anything post-Win9x with service packs should be able to do the Kerberos stuff. > On Mar 31, 2019, at 6:15 PM, Harder, Pieter <[email protected]> > wrote: > > Not if you AD is still running in NTLM... ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
