Andrew Bartlett wrote:
Yes, but what's the underlying technical cause for the cause? ;-)
It would be interesting to see how two identical XP-maschines would
differ after having joined the one to a NT4-Domain and the other to an
ADS domain. Which regkyes differ? Has somebody tried to make a "back to
NT4-Style trust" conversation tool for Win2k/XP-maschines?
Otherwise I have to search a solution now for the task of letting 500
clients rejoin the domain unattended/automatically somehow.
So, back in the early days of Samba3, a new RPC (QueryInfoPolicy2 on
lsarpc) was added, as we started to understand a bit more about ADS.
The problem was, this was found to be the 'are you ADS' call, and seemed
to create a rachet like mechanism. Being the silly boy I am, I was
running early Samba 3.0 pre-release code in production, and I still have
a lab of machines that I joined to that domain, while it was 'sort of
ADS'. While in this case they still worked with Samba3, they would not
honour the NT4 style system policies.
Ok, but knowing that samba-3 is not ADS capable regarding maschine
accounts I'm now looking for howto make an ADS capable Windows client
use NT4-Style, not how to make samba accept ADS-Style login attempts ;-)
On the flip side, with Samba4 we can now really do ADS style logins, and
we really support the new RPCs, LDAP, Kerberos (including the PAC) and
all the rest...
You surely know that this is the type of statement which makes users ask
when a production ready version of samba 4 will be available... ;-)
Christoph
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
