[Gllug] Samba 2 co-existance with AD

Anthony Newman anthony.newman at uk.clara.net
Tue Jun 28 10:35:05 UTC 2005


Ken Smith wrote:
> Hi - I hope you can help with a question about Samba 2. I'm supporting a
> config where there is an old Samba 2 (RH 7) system which has been running
> fine for years. Recently the original NT4 DC has been migrated to a W2K3
> machine and the NT4 box retired.
> 
> Now there are problems with XP SP2 machines unable to map shares. The shares
> were mapped by IP address so nmb/wins issues shouldn’t be a problem. 
> 
> I recall there being some changes to the password authentication
> methods/algorithms from NT4 to AD and I think port 445 began to be used
> rather than 13*. 

It's since Win2k(NT5.0) IIRC that port 445 was used for various things.

> 
> So the basic question - can an XP SP2 machine, which is otherwise part of an
> AD domain, map a share from a machine that would look as if it were share an
> NT4 machine that is not in the AD domain?

Password authentication on NT4/Win98 machines was via LANMAN hash I 
believe, which was "weak". Later schemes use challenge/response 
authentication and stronger encryption. "encrypted passwords = yes" 
should feature in your smb.conf for later machines to be able to connect 
to your Samba server, although it seems odd as you'd expect an XP 
machine to be able to revert to enable it to share from, say, a Win98 
machine.

There's no reason a domain-attached machine shouldn't be able to connect 
to a legacy machine (the other way around is the problem), although 
presumably there's some security policy that allows you to forbid it 
somehow or other.

YMMV, I Am Not A Windows Person :)

Ant
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list