Other stuff to look out for...this has been a nagging problem in RHEL 3 but it might be fixed in 4:
If your Windows 2000/2003 Active Directory (AD) Domain Controller (DC) is functioning in Mixed mode, it is recommend that you join your Samba server to the domain in RPC mode. The RPC (Remote Procedure Call) mode of domain membership is the "NT4" style of domain membership and works quite well with Windows 2000/2003 DC's, so long as the DC is still operating in Mixed Mode (which is the default mode).
ADS (Active Directory Services) mode is the other option for joining a Samba server to a 2000/2003 domain.
At this time, avoid joining a Samba server to a Windows 2000 or 2003 Domain Controller in ADS mode. There are known compatibility problems with Microsoft's proprietary implementation of Kerberos and LDAP in AD and the versions of the MIT Kerberos packages available for Red Hat Enterprise Linux 3 systems.
While you may be successful in initially joining a domain in "ADS" mode, it is a known issue that eventually the domain controller will start issuing Kerberos tickets that the Samba server cannot understand. This has been known to take as long as three months to occur, but once it starts happening, the Samba server will not be able to function properly on the domain. At this point, the only options available for re-joining the Samba server to the domain are:
* To remove the Samba server from the domain (on the Windows domain controller), reconfigure the Samba server to be an RPC-type member of the domain, and rejoin the domain in RPC mode.
Note: A 2000/2003 DC must be functioning in Mixed Mode to be able to join a Samba server to the domain in RPC mode
-or-
* If the DC has already been changed to operate in Native mode, unfortunately, the only option is to rebuild the DC.
Since Mixed Mode is the default mode of operation, the system administrator would have to choose to set a 2000/2003 DC into Native mode for it to be functioning this way. Once a DC has been set to Native mode, the only way to get it back to Mixed mode is to rebuild the domain controller.
|