On Mon, 2005-11-14 at 11:59 +0100, Christoph Peus wrote: > Yes, but what's the underlying technical cause for the cause? ;-) > It would be interesting to see how two identical XP-maschines would > differ after having joined the one to a NT4-Domain and the other to an > ADS domain. Which regkyes differ? Has somebody tried to make a "back to > NT4-Style trust" conversation tool for Win2k/XP-maschines? > Otherwise I have to search a solution now for the task of letting 500 > clients rejoin the domain unattended/automatically somehow.
So, back in the early days of Samba3, a new RPC (QueryInfoPolicy2 on lsarpc) was added, as we started to understand a bit more about ADS. The problem was, this was found to be the 'are you ADS' call, and seemed to create a rachet like mechanism. Being the silly boy I am, I was running early Samba 3.0 pre-release code in production, and I still have a lab of machines that I joined to that domain, while it was 'sort of ADS'. While in this case they still worked with Samba3, they would not honour the NT4 style system policies. It was a mess, and we quickly removed this call from Samba, so that we would not over-state our capabilities. On the flip side, with Samba4 we can now really do ADS style logins, and we really support the new RPCs, LDAP, Kerberos (including the PAC) and all the rest... Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
