Hi, Il 00.09 07/02/2003 [EMAIL PROTECTED] ha scritto:
Henrik Nordstrom <[EMAIL PROTECTED]>Sorry, but Your book is something wrong.
Sent by: [EMAIL PROTECTED]
02/05/2003 01:11 AM
To: Jack <[EMAIL PROTECTED]>
cc: Squid Users <[EMAIL PROTECTED]>
Subject: Re: [squid-users] squid proxy for W2K active directoty users
Jack wrote:
>> Is it possible to use W2K native mode active directory for
authenticating
>> proxy users.
>Yes.
>You can use either LDAP (always works) or winbind (requires that support
>for NTLM is enabled in your AD, is by default)
>Regards
>Henrik
Henrik, I am reading this from the Windows 2000 server MCSE training Kit
book:
(same info can be found here:
http://www.mrhahn.com/Docs/w2kserver/Ch06.htm)
Mixed mode
1. When you first install or upgrade a domain controller to Windows 2000
Server, the domain controller runs in mixed mode.
2. Mixed mode allows the domain controller to interact with any domain
controllers in the domain that are running Microsoft Windows NT 3.51 or
4.0.
3. Any clients using NT LAN Manager (NTLM) and the directory service in
Windows NT 3.51 and 4.0 need mixed mode to authenticate to the network.
Point Number 3 is making me wonder again. I thought that I had users
authenticating against my win2k native mode domain, but then I realized,
that the
only reason they were able to authenticate seems to be because of a trust
set up with a windows NT4 server and my win2k domain. This book makes
a point of saying that NTLM authentication is only possible if your win2k
server is running in mixed mode, and mine are all running native mode.
There is
a conflict of info here, and I wonder if you or anybody else has more
info, or possible a link to microsoft that could expand on this. I can't
bring this into
production until I know exactly what's going on.
(PS. I think you and others are doing a great job answering questions on
this list)
NTLM support (aka Windows 9x and NT 4 clients support) is not related to AD Native or Mixed mode, but to NTLM support enabled/disabled (Referred during DCPROMO as Pre Windows 2000 compatibility).
Regards
Guido
-jamie-
- ======================================================= Serassio Guido Via Albenga, 11/4 10134 - Torino - ITALY E-mail: [EMAIL PROTECTED] WWW: http://www.serassio.it
