Re: Samba 2.2 and Windows 2003 AD
Hi list, I saw this on the Samba general list server: So it sounds like Samba will work with Windows 2003 if an extra step is taken: I am wondering if winbind works with win 2003. I can get winbind working just fine with 2k servers, but when I run wbinfo -t, all I get is can not check secret. it joined the domain fine, but can not get it any info using wbinfo. It seems that there are a number of different windows 2003 configurations out there - but this one is known as 'restrict anonymous = 2'. The solution is to make Samba store a password for an unprivileged user into a tdb. This is done by running 'wbinfo -Ausername%password'. Winbind can then act on an authenticated connection. Andrew Bartlett -Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
Re: Samba 2.2 and Windows 2003 AD
Assuming you are working at present with a Win2K + Samba setup, and are perfectly happy and content with the way it is going, should it not be incumbent upon you, according to the general principles of Due Diligence - which regularly scrap companies that ignore them - to ask Microsoft why? Microsoft is in effect advising your company that Win2K3 will not interoperate with Win2K. If you need to make expensive changes which will invalidate your current setup, and Microsoft is adamant that that is the case, then Microsoft should take upon itself the cost of that restructuring, instead of handing it on to you. After all, Microsoft has regularly advised the world that it only makes changes because of the customers who _demand_ them - and if your company didn't make those demands, then you are not under any licensing or contractual obligation to tolerate the changes made. Anything less and I would advise you to take it to the shareholders and get them asking embarrassing questions about Due Diligence. And BTW, IANAL, BILA (But I like Acronyms). Wesley Parish On Thu, 12 Jun 2003 05:20, you wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? thx. Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck -- Mau e ki, He aha te mea nui? You ask, What is the most important thing? Maku e ki, He tangata, he tangata, he tangata. I reply, It is people, it is people, it is people.
Re: Samba 2.2 and Windows 2003 AD
I think it's a question of whether Win2003 retains the ability to operate in mixed-mode (ie, partial AD, partial domain). Samba 2.x still emulates a NT domain, and if they've dropped support completely for NT domains in Win2003, then they're right. That said, it would seem to be fairly stupid to do so since a significant chunk of their clientele hasn't converted to Win2K yet -- but consider the source. Samba 3.x plays better with AD, but I don't know about Win2003. -- db - Original Message - From: Lionel Dyck [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 1:20 PM Subject: Samba 2.2 and Windows 2003 AD We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims?
Re: Samba 2.2 and Windows 2003 AD
The bottom line is that MS is making an assumption that to do the consolidation that we will have to convert to W2003 AD and our plans actually call for W2K AD in mixed mode. But trying to convince them of this has been a 'challenge'. Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck
Re: Samba 2.2 and Windows 2003 AD
I think the issue is that Win2003 AD will not work with Samba. It should still work with Win2K. -Original Message- From: Wesley Parish [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 2:22 AM To: [EMAIL PROTECTED] Subject: Re: Samba 2.2 and Windows 2003 AD Assuming you are working at present with a Win2K + Samba setup, and are perfectly happy and content with the way it is going, should it not be incumbent upon you, according to the general principles of Due Diligence - which regularly scrap companies that ignore them - to ask Microsoft why? Microsoft is in effect advising your company that Win2K3 will not interoperate with Win2K. If you need to make expensive changes which will invalidate your current setup, and Microsoft is adamant that that is the case, then Microsoft should take upon itself the cost of that restructuring, instead of handing it on to you. After all, Microsoft has regularly advised the world that it only makes changes because of the customers who _demand_ them - and if your company didn't make those demands, then you are not under any licensing or contractual obligation to tolerate the changes made. Anything less and I would advise you to take it to the shareholders and get them asking embarrassing questions about Due Diligence. And BTW, IANAL, BILA (But I like Acronyms). Wesley Parish On Thu, 12 Jun 2003 05:20, you wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? thx. Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck -- Mau e ki, He aha te mea nui? You ask, What is the most important thing? Maku e ki, He tangata, he tangata, he tangata. I reply, It is people, it is people, it is people.
Re: Samba 2.2 and Windows 2003 AD
Now that you mention it I had been told that the next version of Windows would not support mixed mode. I know that next is relative, but I suspect that Win2003 is the next version I was told about. Note that mixed mode is (was) a transition aid. You can use AD with win98/ME with a patch from Microsoft, so you don't really need mixed mode once the servers are converted. I think that WinNT server will not support AD, so you need to make all the servers NT, 2000, or 2003. -Original Message- From: David Boyes [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 6:54 AM To: [EMAIL PROTECTED] Subject: Re: Samba 2.2 and Windows 2003 AD I think it's a question of whether Win2003 retains the ability to operate in mixed-mode (ie, partial AD, partial domain). Samba 2.x still emulates a NT domain, and if they've dropped support completely for NT domains in Win2003, then they're right. That said, it would seem to be fairly stupid to do so since a significant chunk of their clientele hasn't converted to Win2K yet -- but consider the source. Samba 3.x plays better with AD, but I don't know about Win2003. -- db - Original Message - From: Lionel Dyck [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 1:20 PM Subject: Samba 2.2 and Windows 2003 AD We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims?
Re: Samba 2.2 and Windows 2003 AD
It sounds to me like Microsoft is correct. I think you said before that you had decided to use AD. Mixed mode was (is) a conversion aid, with full AD being the eventual mode of operation. -Original Message- From: Lionel Dyck [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 7:01 AM To: [EMAIL PROTECTED] Subject: Re: Samba 2.2 and Windows 2003 AD The bottom line is that MS is making an assumption that to do the consolidation that we will have to convert to W2003 AD and our plans actually call for W2K AD in mixed mode. But trying to convince them of this has been a 'challenge'. Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck
Re: Samba 2.2 and Windows 2003 AD
Kinda what I figured. Grab my presentation on Ganymede and user identity management and show them that there are at least three other ways to accomplish the same objective as AD w/o any MS code. -- db - Original Message - From: Lionel Dyck [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 12, 2003 10:00 AM Subject: Re: Samba 2.2 and Windows 2003 AD The bottom line is that MS is making an assumption that to do the consolidation that we will have to convert to W2003 AD and our plans actually call for W2K AD in mixed mode. But trying to convince them of this has been a 'challenge'.
Re: Samba 2.2 and Windows 2003 AD
We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? Lionel: /amba 2.2 NEVER worked with Active Directory (AD) on Win2k either. However, with Win2K you could configure the PDC to tolerate NT servers in the domain (which Samba 2.2 looked like). Now MS did a major redesign of AD between Win2000 and Win2003 servers. Samba 2.2 will not connect to a Win2003 PDC in full AD mode. Now I don't know if Win2003 has the same compatibility support for WinNT that Win2000 had. If it does, you can turn on the compatability support and it MAY work. All that being said, Samba 3.0 (now in beta) has full AD support and supports Win2003 servers. Regards, Jim
Re: Samba 2.2 and Windows 2003 AD
On Thu, 12 Jun 2003, Jim Elliott wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? Lionel: /amba 2.2 NEVER worked with Active Directory (AD) on Win2k either. However, with Win2K you could configure the PDC to tolerate NT servers in the domain (which Samba 2.2 looked like). Now MS did a major redesign of AD between Win2000 and Win2003 servers. Samba 2.2 will not connect to a Win2003 PDC in full AD mode. Now I don't know if Win2003 has the same compatibility support for WinNT that Win2000 had. If it does, you can turn on the compatability support and it MAY work. All that being said, Samba 3.0 (now in beta) has full AD support and supports Win2003 servers. Is anyone watching Samba-TNG? See http://www.samba-tng.org/ -- Cheers John. Join the Linux Support by Small Businesses list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
Re: Samba 2.2 and Windows 2003 AD
I believe MS, since they can change Windows in any way they want. Do you really care? Active Directory support only gives you authentication. You can use Sambas' password support for that. -Original Message- From: Lionel Dyck [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: Samba 2.2 and Windows 2003 AD We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? thx. Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck
Re: Samba 2.2 and Windows 2003 AD
On Wed, 2003-06-11 at 12:20, Lionel Dyck wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? It certainly seems, if nothing else, that Samba 3.0 is much easier to integrate with AD. I know nothing about Win2k vs. Win2k3, though. Adam
Re: Samba 2.2 and Windows 2003 AD
Sadly we won't be able to use Samba's password support as they are interested in AD (for whatever that will buy them) Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck Fargusson.Alan [EMAIL PROTECTED] Sent by: Linux on 390 Port [EMAIL PROTECTED] 06/11/2003 11:03 AM Please respond to Linux on 390 Port [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject Re: Samba 2.2 and Windows 2003 AD I believe MS, since they can change Windows in any way they want. Do you really care? Active Directory support only gives you authentication. You can use Sambas' password support for that. -Original Message- From: Lionel Dyck [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 11, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: Samba 2.2 and Windows 2003 AD We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? thx. Lionel B. Dyck, Systems Software Lead Kaiser Permanente Information Technology 25 N. Via Monte Ave Walnut Creek, Ca 94598 Phone: (925) 926-5332 (tie line 8/473-5332) E-Mail:[EMAIL PROTECTED] Sametime: (use Lotus Notes address) AIM:lbdyck
Re: Samba 2.2 and Windows 2003 AD
On Mer, 2003-06-11 at 18:20, Lionel Dyck wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? If its not true I'm sure Microsoft will make sure its true in the next release of their software. Its more important to ask why is this problem occurring, who caused it and how do we stop it happening again
Re: Samba 2.2 and Windows 2003 AD
I guess Microslop has learned their lesson. It use to be, Windows (Windows 3.x) wasn't done until 123 is broke. Now it is Windows isn't done until Linux is broke. Microslop has never played well with others. The people working on Samba will come up with the changes to allow it to work with 2003 AD, and then Microslop will change it with a service pack to keep Samba at bay (at least they will tout that it doesn't work). Tom Duerbusch THD Consulting [EMAIL PROTECTED] 06/11 2:14 PM On Mer, 2003-06-11 at 18:20, Lionel Dyck wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Can anyone shed any light on this that would help rebut the MS claims? If its not true I'm sure Microsoft will make sure its true in the next release of their software. Its more important to ask why is this problem occurring, who caused it and how do we stop it happening again
Re: Samba 2.2 and Windows 2003 AD
On Wed, 11 Jun 2003, Lionel Dyck wrote: We are doing a TCO (with Microsoft - please don't laugh - crying is allowed) and they are being very adament that Samba 2.2 can not play with a Windows 2003 Active Directory environment. I found some info that indicated that Samba 2.2 can play with a Windows 2000 AD but MS is claiming that Windows 2003 AD is different. Tell them that, if true, W2003 isn't an option. Can anyone shed any light on this that would help rebut the MS claims? In my ignorance, seems likely;-) Why woulnd't MS change things to ensure it doesn't? Earlier Windows can be fixed with a patch. Try the Samba 3 beta. FWIW I have Windows Server 2003 Enterprise Edition Evaluation Edition sitting here on my desk while I think about what to put it on. I don't have an available system that meets the recommended configuration. -- Cheers John. Join the Linux Support by Small Businesses list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb
Re: Samba 2.2 and Windows 2003 AD
On Wed, 11 Jun 2003, Lionel Dyck wrote: Sadly we won't be able to use Samba's password support as they are interested in AD (for whatever that will buy them) ATM we have a leader of the opposition, of a particularly unpopular opposition, who's determined to hold on to his position. I see him as a leader, who having set a course, has wrapped a blindfold round his head so as to be able to not see the signs, and he's sailing forward to a cliff. Some of his colleagues have read the chooks entrails, and see that, following the next election, they will be ex-MPs, They have decided they want another leader (the one who lead them to losses at the past two elections, it's true) to lead them in a different direction. If you want to explore interoperability of Windows 2003 with Samba, then you need to know what features are required and why. Of course, MS isn't going to suggest any alternatives: for that you need someone without a pro-MS bias. A leader who will sail you away from that cliff. -- Cheers John. Join the Linux Support by Small Businesses list at http://mail.computerdatasafe.com.au/mailman/listinfo/lssb