> It seems, that Vista SP1 and Server 2008 cannot join an NT4/Samba-domain.
According to my trials, the above statement is not true. Computer systems running Windows Vista SP1 or Windows 2008 server can be joined successfully to a domain controlled by a Samba 3.0.28a PDC. Opposingly, these systems cannot be joined to a domain hosted by a native Windows NT4.0 SP6 PDC. Unfortunately, netlogon is broken with the newest Samba version 3.0.30, and thus this version cannot be used for any trails in this field. Since Vista and 2008 are able to join a Samba 3.0.28a domain, a Samba server can be used as a proxy server for netlogon. In this way a Vista client is enabled to authenticate and autorize user and group accounts stored in a native NT4 PDC. With the help of a Samba proxy, Vista workstations can be run in an organization which still uses a NT4 PDC. In order to make Samba a netlogon proxy, the Samba server is set up as a PDC and then an interdomain trust is established where the Samba PDC is trusting the NT4 domain. Then the Vista workstations are joined to the Samba PDC. The Samba PDC stores only machine accounts, but no user accounts. User accounts are solely managed by the NT4 domain. This setup works fine for logon, but some other features associated with domain membership fail. So far I was not able to make netlogon scripts run. I also failed to add users of the NT4 domain to the domain groups of the Samba domain. Finally, the 'net localgroup' command has to be used on Vista clients to add NT4 domain users/groups to local groups. The Windows GUI tool for group management completely fails to list users and groups of the NT4 domain. [The listing operation is presumably done via a direct connection between Vista client and NT4 server and without involving the Samba proxy.] Peter Slickers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
