SAMBA and upgrading from Windows 2000 interim mode to 2003 nativemode

[Rob Gordon]

I currently have two Windows 2003 AD servers, that are configured as
'Windows 2000 interim' mode. A number of *nix clients are
authenticating to these servers via Samba 3.x.

I want to bring the domain up to Windows 2003 native mode, but am
concerned about what this might do to the ability for the *nix machines
to authenticate against AD once this change happens.

Does anyone know the gotchas of going from Windows 2000 interim mode, to
Windows 2003 native mode and the effect it has on Samba client
authentication?

 

[Dusko Savatovic]

Re: SAMBA and upgrading from Windows 2000 interim mode to 2003 native mode

You are talking about:
Domain Functional Level
Forest Functional Level

In either case, this has nothing to do with clients authenticating on these
domain controllers. It is important for domain controllers' replication
process (how DC's talk to each other).

In Interim Domain Functional level, you can have only Windows NT and Windows
2003 DC's (and any other kind of clients). This is special mode when you
transition from NT to Win 2003. When you get rid of all Windows NT DC's
(*DC's*, not clients, like NT Workstations and NT member servers), then you
can raise Domain and forest functional levels to Win 2003.

In either case, after you raise domain or forest functional level your SAMBA
will not be affected, it will continue to work as before.



"Rob Gordon" wrote in message
news:eijoPelMKHA.560@TK2MSFTNGP04.phx.gbl...
> I currently have two Windows 2003 AD servers, that are configured as
> 'Windows 2000 interim' mode. A number of *nix clients are authenticating
> to these servers via Samba 3.x.
>
> I want to bring the domain up to Windows 2003 native mode, but am
> concerned about what this might do to the ability for the *nix machines to
> authenticate against AD once this change happens.
>
> Does anyone know the gotchas of going from Windows 2000 interim mode, to
> Windows 2003 native mode and the effect it has on Samba client
> authentication?

 

[Rob G]

This was exactly the information I was looking for. None of the DCs
are anything less than Windows 2003, which is why I was surprised to see
the domain configured for 2000 interim mode. My main concern was the
SMB authentication.

Thanks again!

Dusko Savatovic wrote:
> You are talking about:
> Domain Functional Level
> Forest Functional Level
>
> In either case, this has nothing to do with clients authenticating on
> these domain controllers. It is important for domain controllers'
> replication process (how DC's talk to each other).
>
> In Interim Domain Functional level, you can have only Windows NT and
> Windows 2003 DC's (and any other kind of clients). This is special mode
> when you transition from NT to Win 2003. When you get rid of all Windows
> NT DC's (*DC's*, not clients, like NT Workstations and NT member
> servers), then you can raise Domain and forest functional levels to Win
> 2003.
>
> In either case, after you raise domain or forest functional level your
> SAMBA will not be affected, it will continue to work as before.
>
>
>
> "Rob Gordon" wrote in message
> news:eijoPelMKHA.560@TK2MSFTNGP04.phx.gbl...
>> I currently have two Windows 2003 AD servers, that are configured as
>> 'Windows 2000 interim' mode. A number of *nix clients are
>> authenticating to these servers via Samba 3.x.
>>
>> I want to bring the domain up to Windows 2003 native mode, but am
>> concerned about what this might do to the ability for the *nix
>> machines to authenticate against AD once this change happens.
>>
>> Does anyone know the gotchas of going from Windows 2000 interim mode,
>> to Windows 2003 native mode and the effect it has on Samba client
>> authentication?
>