On Mon, 2017-11-27 at 15:32 +0100, Reindl Harald via samba wrote:> > Am 27.11.2017 um 15:13 schrieb Maxence SARTIAUX via samba: > > One of our customer has a Samba 3 domain and they have troubles when they try to join a Windows 10 computer, i'm pretty sure it's because we need to set > > server max protocol = NT1 > > on the domain configuration like the wiki says. > > > > But i'm wondering, what about other workstations ? There's no bad behavior limiting the maximum protocol to the current joined workstations (windows xp / 7 / 8 & some linux servers) ? > > just performance - NT1 is the lowest common version > > i find it really pervert that you need for the newest windows limit your > config to the oldest protocolThe point is more that the NT4 domain support remains in Windows only by the thinist of margins. If you have a Samba 3.x domain or a Samba 4.x install running in the 'classic' or NT4-like mode, upgrade it to AD with urgency before something forces it broken! (This could very well include security updates, as noticed with a password change patch recently!) Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
On Tue, 28 Nov 2017 09:58:41 +1300 Andrew Bartlett via samba <samba at lists.samba.org> wrote:> On Mon, 2017-11-27 at 15:32 +0100, Reindl Harald via samba wrote: > > > > Am 27.11.2017 um 15:13 schrieb Maxence SARTIAUX via samba: > > > One of our customer has a Samba 3 domain and they have troubles > > > when they try to join a Windows 10 computer, i'm pretty sure it's > > > because we need to set server max protocol = NT1 on the domain > > > configuration like the wiki says. > > > > > > But i'm wondering, what about other workstations ? There's no bad > > > behavior limiting the maximum protocol to the current joined > > > workstations (windows xp / 7 / 8 & some linux servers) ? > > > > just performance - NT1 is the lowest common version > > > > i find it really pervert that you need for the newest windows limit > > your config to the oldest protocol > > The point is more that the NT4 domain support remains in Windows only > by the thinist of margins. If you have a Samba 3.x domain or a Samba > 4.x install running in the 'classic' or NT4-like mode, upgrade it to > AD with urgency before something forces it broken! > > (This could very well include security updates, as noticed with a > password change patch recently!) > > Andrew Bartlett >Hi Andrew, I think you understand what I have been saying for some time now, upgrade from an NT4-style to AD before it is too late. However, are you ready yet to admit that Samba should mark NT domains as deprecated ? Rowland
On Mon, 2017-11-27 at 21:50 +0000, Rowland Penny wrote:> > Hi Andrew, > I think you understand what I have been saying for some time now, > upgrade from an NT4-style to AD before it is too late. > > However, are you ready yet to admit that Samba should mark NT domains > as deprecated ?I don't see it as admitting or otherwise, the Samba NT4 domain code remains a fully supported and functional part of Samba. We don't however control the clients however, so we give this warning. To me, deprecated refers to code we plan to remove from Samba in the short or medium term, and that is not the case here. I also think using that word will just make it more complex for the organisations undertaking the transition to Samba AD. Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba