No, the point is.. User verfications Computer verification And Authentication. These are 3 different things. The differences, in terms. NTLM KERBEROS DNS-lookups and how this all works together. But i only type with lots of errors, this is better to read ;-) https://docs.microsoft.com/en-us/windows-server/security/windows-authentication/credentials-processes-in-windows-authentication I cant hammer enough on.. DNS/RESOLVING MUST BE PERFECT A + PTR for the "real" registed server names. CNAME for aliasses. So much relies on this these days. When its not perfect well, something "just" wont work. And i run exacty what you want.. I have 3 separated domains. A samba NT4DOM (3.6.X) A Samba AD DOM 4.12.6 A Windows 2008R2 All my pcs and user login against the samba AD All other re-uses the user/passwords from the AD login. And i dont change registry keys to "make things work".. All defaults in the clients except what i push with GPO's. You know what you need todo.. Make it perfect again. Because in computer good is not good enough.. You want perfect, or as close you can be to perfect. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Piviul via samba > Verzonden: donderdag 27 augustus 2020 16:24 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] accessing foreign AD users to NT domain > > Rowland penny via samba ha scritto il 27/08/20 alle 15:49: > > On 27/08/2020 14:19, Piviul via samba wrote: > >> > >>> > >>> Microsoft is enforcing more securitybut it's Microsoft > that develop > >>> NetBIOS and LLMNR and if it's enforcing > >> security should enforce these protocols or remove them > from their OS > >> isn't it? > > > > Microsoft ended support of NT4 servers over 15 years ago, > but kept the > > client code, but it is now actively trying to remove it, hence new > > Windows 10 installs have SMBv1 turned off. You can never > know just when > > they will totally remove it, but I am sure it will be removed. > If I have well understood the article that Louis send in a previous > message, to enforce security it is very important use FQDN to > refers to > samba server and don't use netBIOS or LLMNR names. I don't know samba > very well so I don't know if NetBIOS is tied to SMBv1 > protocol but I'm > pretty sure that LLMNR isn't: so you don't agree with me if Microsoft > should emforce security should enforce security on LLMNR protocol or > remove it from his OS ? ...but perhaps I ignore something more... > > Best regards > > Piviul > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Mandi! L.P.H. van Belle via samba In chel di` si favelave...> And i dont change registry keys to "make things work"..A light blink in my head. Louis, you have keeped WINS server (in old or new domain)? Your client use it? When i had, as you, two domain (NT and AD), the NT domain was also a WINS server, and i propagate the WINS server info to client via DHCP. Paolo, you have enabled WINS? You assign it to your client? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Ah,. Wait a sec.. That a good one.. And yes,.. Your totaly correct. I have the OLD wins server running on the PDC and DHCP point to the wins server. But all other parts point to the AD-DC's of the AD-domain. And The master browser in my networks is one of the new Member servers. When everything is moved, i switch to only DNS resolving. Its a mess :-/ , if you read it like this,.. but techincaly its all working fine. :-) Few months and im finaly back to 1 normal domain.. Good point here Marco.. Thank you for thinking with us :-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: vrijdag 28 augustus 2020 9:54 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] accessing foreign AD users to NT domain > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > And i dont change registry keys to "make things work".. > > A light blink in my head. Louis, you have keeped WINS server > (in old or > new domain)? Your client use it? > > When i had, as you, two domain (NT and AD), the NT domain was also a > WINS server, and i propagate the WINS server info to client via DHCP. > > > Paolo, you have enabled WINS? You assign it to your client? > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bont?, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Marco Gaiarin via samba ha scritto il 28/08/20 alle 09:53:> Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > >> And i dont change registry keys to "make things work".. > > A light blink in my head. Louis, you have keeped WINS server (in old or > new domain)? Your client use it? > > When i had, as you, two domain (NT and AD), the NT domain was also a > WINS server, and i propagate the WINS server info to client via DHCP. > > Paolo, you have enabled WINS? You assign it to your client?yes of course: the dhcp send the wins server that is the NTdomain DC IP. Piviul