samba - Jan 2005 - Anyone Pls? Domain function levels, etc

Hi, 
 
I have resent this, as I have had no replies so far.  
 
I'm gonna have to be putting a good argument to my ICT team against going to
2003 in 2003 server mode ( I think thats what they call the highest mode for 
2003 server) to keep samba at our school. I like what windows 2003 has to 
offer, but do not want to lock samba out forever. 
I know samba will work at lower mode. And that's what I'm pushing. 
 
Can people chip in with some arguments and advice. 
 
What is the highest 2003 mode (forest and domain) that we can go to and still 
have samba function as a member file server? 
 
What are the advantages for a school with only 2 domains and no geographical 
displacement in going to the highest 2003 server level (list of GPO 
advantages?, etc). We have the money to upgrade to 2003 on all our 20 
servers(20 win2000 server and 2 samba servers). But could save money by 
consolidating and mixing samba and 2000. 
 
Is there really better security in that higher 2003 mode? What in particular? 
 
Will winbind (ADS and kerb mode) break? As we use it for squid auth, etc. 
 
How long before SAMBA can work at the highest level with 2003? 
 
I'm feeling that MS have provided some functional incentives to go with the 
highest mode. Can someone suggest some ways to take the hype out this higher 
level? I know from my reading, that once we make that jump, there is no 
turning back 
 
:-( 
 
 
Chris

On Sat, 2005-01-01 at 21:24 +1100, Christopher Peter Welsh
wrote:
> Hi, 
>  
> I have resent this, as I have had no replies so far.  
>  
> I'm gonna have to be putting a good argument to my ICT team against
going to
> 2003 in 2003 server mode ( I think thats what they call the highest mode
for
> 2003 server) to keep samba at our school. I like what windows 2003 has to 
> offer, but do not want to lock samba out forever. 
> I know samba will work at lower mode. And that's what I'm pushing. 
>  
> Can people chip in with some arguments and advice. 
>  
> What is the highest 2003 mode (forest and domain) that we can go to and
still
> have samba function as a member file server? 
I don't know of any limits, so long as Samba is configured correctly.
> Is there really better security in that higher 2003 mode? What in
particular?
There are many things broken security wise in NT, and the compatability
interfaces with it (mostly regarding anonymous access).
> Will winbind (ADS and kerb mode) break? As we use it for squid auth, etc. 
I don't think so, but you really should be doing your own functional
testing, on a test network.
 
> How long before SAMBA can work at the highest level with 2003? 
I don't know of any outstanding issues, but I'll need much more detail
on individual problems.
> I'm feeling that MS have provided some functional incentives to go with
the
> highest mode. Can someone suggest some ways to take the hype out this
higher
> level? I know from my reading, that once we make that jump, there is no 
> turning back 
By slowly moving away from the NT domain modal, MS allows themselves to
do some interesting and better things.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@samba.org
Authentication Developer, Samba Team            http://samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.samba.org/archive/samba/attachments/20050102/8aaa7b1b/attachment.bin