Without going too deep into it, the reason that W2K Native mode breaks Samba is
because Native Mode no longer supports NT Challenge/Response Protocol which is
how Samba authenticates users. When you activate W2K Native mode, you are
essentially saying that you no longer need support for any other client other
than other Windows 2000 systems running Active Directory. To make Samba conform
to this requirement you must then make it act as a Windows 2000 Server - not an
NT Server. To accomplish this, you need Samba a mechanism for working with
Microsoft's implementation of Kerberos V5 to authenticate them and SSL
enabled (and perhaps kerberized)LDAP to traverse through Active Directory. While
this is by no means an insurmountable obstacle, it means that it's no
trivial task for Samba's maintainers to build it in. Since I believe that
even in Native mode, it will still work in trust relationships with other NT
domains, it might be possible to implement it through a workaround with Samba as
a member server of a domain that trusts the Windows 2000 Domain. This might
further be extended by making a trust possible between a Samba PDC and a Windows
2000 Domain, although I would imagine this requires more work.
Scott
-------------- next part --------------
HTML attachment scrubbed and removed