On Fri, Jun 20, 2008 at 01:04:00AM +0200, Peter Slickers wrote: > According to my trials, the above statement is not true. Computer systems > running Windows Vista SP1 or Windows 2008 server can be joined successfully > to a domain controlled by a Samba 3.0.28a PDC. > > Opposingly, these systems cannot be joined to a domain hosted by a native > Windows NT4.0 SP6 PDC. > > Unfortunately, netlogon is broken with the newest Samba version 3.0.30, and > thus this version cannot be used for any trails in this field.
Can you tell us how to reproduce this? > Since Vista and 2008 are able to join a Samba 3.0.28a domain, a Samba > server can be used as a proxy server for netlogon. In this way a Vista client > is enabled to authenticate and autorize user and group accounts stored in a > native NT4 PDC. With the help of a Samba proxy, Vista workstations can be run > in an organization which still uses a NT4 PDC. > > In order to make Samba a netlogon proxy, the Samba server is set up as a PDC > and then an interdomain trust is established where the Samba PDC is trusting > the NT4 domain. Then the Vista workstations are joined to the Samba PDC. The > Samba PDC stores only machine accounts, but no user accounts. User accounts > are solely managed by the NT4 domain. > > This setup works fine for logon, but some other features associated with > domain membership fail. So far I was not able to make netlogon scripts > run. I also failed to add users of the NT4 domain to the domain groups > of the Samba domain. Same here, we would like to make this work. > Finally, the 'net localgroup' command has to be used on Vista clients to add > NT4 domain users/groups to local groups. The Windows GUI tool for group > management completely fails to list users and groups of the NT4 domain. > [The listing operation is presumably done via a direct connection between > Vista client and NT4 server and without involving the Samba proxy.] This *might* be because Vista assumes AD and is not able to list using RPCs. To diagnose this, a sniff (best done by wireshark on the Vista box) of the failure would be needed. Volker
pgpH1BR6gxlAf.pgp
Description: PGP signature
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
