Web lists-archives.com

Re: [Samba] join W10-PCs to NT4-based samba-domain?




On Mon, 15 May 2017 11:14:06 -0400
Gaiseric Vandal via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 
> 
> 
> 
> On 05/15/17 08:06, Rowland Penny via samba wrote:
> > On Mon, 15 May 2017 13:25:03 +0200
> > "Stefan G. Weichinger via samba" <samba@xxxxxxxxxxxxxxx> wrote:
> >
> >> As you may remember I went through a classic-upgrade a few months
> >> ago.
> >>
> >> I have a second domain to migrate and I am again/still scared to
> >> attack that ;-)
> >>
> >> As I prepare my test VM and try to remember all those details the
> >> customer has purchase 2 new Windows 10 PCs and I was asked to take
> >> them into production.
> >>
> >> Is there a way to join them to the existing NT4-based Samba-domain
> >> or not?
> >>
> >> I find various results online and wonder if it's possible and if I
> >> have to prepare specific things for doing that (registry changes?)
> >>
> >> Thanks for an up to date statement on this,
> >> Stefan
> >>
> >> ps: I already tried that join 2 weeks ago and wasn't successful ...
> >>
> >>
> > Windows doesn't support joining Windows 7 to an NT4-style domain, so
> > they definitely won't support windows 10.
> >
> > You may find a way around this lack of Microsoft support, you may
> > also find that a subsequent Windows update stops it working again.
> >
> > I really think that it is time that anybody still running an
> > NT4-style domain starts making plans to upgrade to AD.
> >
> > Just look what has happened over the weekend with wanacry and XP.
> > Support for XP & Vista has ended, 7 is in extended support, you
> > really need to be running supported systems.
> >
> > Rowland
> >
> >   
> >
> Windows 7 may not be able to join to a true NT4 domain.  However you
> can (at least you good) set up a Samba  BDC in an NT4 domain and net
> vampire the accounts from the NT4 DC.     Windows 7 can join an
> "classic" domain.     Windows 10 can join a classic domain (with
> signandseal registry change) BUT you have to disable SMB3 on Samba.
> 
> 
> 

I did say that you might be able to find a way around the lack of 
windows support for a NT4-style domain, but it may suddenly stop
working if Microsoft decides that is what it wants, or if a fix for
something else stops it working.

My personal thoughts are that you would be better off upgrading to AD,
rather than struggling along with an NT4-style domain.

The potential problems of using something that Microsoft doesn't
support have been shown over the weekend, but it is your domain and
you get to pick up the pieces and dodge the brickbats if it goes
wrong ;-)

Rowland
   

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba