+ Post New Thread
Results 1 to 6 of 6
Windows Server 2008 R2 Thread, Server 2008R2 DCs and non-Windows clients in Technical; I currently run 2 Server 2003 DCs and have a number of non-Windows clients - Debian Lenny (Samba version is ...
  1. #1

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180

    Server 2008R2 DCs and non-Windows clients

    I currently run 2 Server 2003 DCs and have a number of non-Windows clients - Debian Lenny (Samba version is 3.2.5), OS X (Tiger and Leopard) and Sun 7110 stroage boxes... plus a couple of web apps like GLPI that auth against AD.

    Now the question that I can't find a definitive answer to is this... if I install a Server 2008R2 DC, I believe the cryptography algorithms will change which may stop things authenticating. There is a workaround noted at The Net Logon service on Windows Server 2008 and on Windows Server 2008 R2 domain controllers does not allow the use of older cryptography algorithms that are compatible with Windows NT 4.0 by default but I don't want to implement that if I don't have to... so will everything break when I create the 2008R2 DC?

  2. #2

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,751
    Thank Post
    1,622
    Thanked 1,876 Times in 1,394 Posts
    Blog Entries
    2
    Rep Power
    422
    Short answer is yes.

    We tried the above for our non windows clients (Edubuntu, OpenSUSE, MAC OSX Leopard) and it was crippled. We had to create a new server as a separate DC to keep those clients active.

  3. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,424
    Thank Post
    10
    Thanked 488 Times in 428 Posts
    Rep Power
    111
    Up to date versions of Samba and OS X 10.5 should be fine. The only thing I have altered is not to require ldap signing for Smoothwall.

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    Quote Originally Posted by DMcCoy View Post
    Up to date versions of Samba and OS X 10.5 should be fine. The only thing I have altered is not to require ldap signing for Smoothwall.
    What about OS X 10.4? Am I basically screwed when it comes to that?

    What bad things might happen if I change the cryptography settings as suggested by the MS workaround?

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,196
    Thank Post
    392
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    We had to enable that setting when we moved to 2008 DC's "I think" it was to allow XP WDS clients join the domain using NetJoinDomain. It's been set ever since with no issues.

    It does of course lower the level of required encryption, this shouldn't be a massive issue on a single secure firewalled LAN.
    Last edited by cookie_monster; 17th March 2010 at 10:42 AM.

  6. #6
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,025
    Thank Post
    97
    Thanked 158 Times in 107 Posts
    Rep Power
    58
    I have 2 2008 R2 DC's and have my Linux proxy successfully authorising users against them.

    We do have a 2003 DC still, but to all intents and purposes, the Linux proxy doesn't know about it. We are naturally still in 2003 Mode tho.

SHARE:
+ Post New Thread

Similar Threads

  1. Can I user server 2008R2?
    By keogk in forum Virtual Learning Platforms
    Replies: 1
    Last Post: 17th December 2009, 03:38 PM
  2. Windows 2008R2 & Hyper V Problem!
    By madman070578 in forum Windows Server 2008 R2
    Replies: 7
    Last Post: 28th November 2009, 10:27 AM
  3. Big Problems with Clients contacting DCs
    By Crispin in forum Windows
    Replies: 6
    Last Post: 15th September 2009, 10:18 PM
  4. Replies: 14
    Last Post: 12th May 2006, 09:48 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •