Windows Server 2008 R2 Thread, Server 2008R2 DCs and non-Windows clients in Technical; I currently run 2 Server 2003 DCs and have a number of non-Windows clients - Debian Lenny (Samba version is ...
17th March 2010, 10:21 AM #1
Server 2008R2 DCs and non-Windows clients
I currently run 2 Server 2003 DCs and have a number of non-Windows clients - Debian Lenny (Samba version is 3.2.5), OS X (Tiger and Leopard) and Sun 7110 stroage boxes... plus a couple of web apps like GLPI that auth against AD.
Now the question that I can't find a definitive answer to is this... if I install a Server 2008R2 DC, I believe the cryptography algorithms will change which may stop things authenticating. There is a workaround noted at The Net Logon service on Windows Server 2008 and on Windows Server 2008 R2 domain controllers does not allow the use of older cryptography algorithms that are compatible with Windows NT 4.0 by default but I don't want to implement that if I don't have to... so will everything break when I create the 2008R2 DC?
17th March 2010, 10:28 AM #2
Short answer is yes.
We tried the above for our non windows clients (Edubuntu, OpenSUSE, MAC OSX Leopard) and it was crippled. We had to create a new server as a separate DC to keep those clients active.
17th March 2010, 10:50 AM #3
Up to date versions of Samba and OS X 10.5 should be fine. The only thing I have altered is not to require ldap signing for Smoothwall.
17th March 2010, 11:15 AM #4
What about OS X 10.4? Am I basically screwed when it comes to that?
Originally Posted by DMcCoy
What bad things might happen if I change the cryptography settings as suggested by the MS workaround?
17th March 2010, 11:33 AM #5
We had to enable that setting when we moved to 2008 DC's "I think" it was to allow XP WDS clients join the domain using NetJoinDomain. It's been set ever since with no issues.
It does of course lower the level of required encryption, this shouldn't be a massive issue on a single secure firewalled LAN.
Last edited by cookie_monster; 17th March 2010 at 11:42 AM.
17th March 2010, 12:13 PM #6
I have 2 2008 R2 DC's and have my Linux proxy successfully authorising users against them.
We do have a 2003 DC still, but to all intents and purposes, the Linux proxy doesn't know about it. We are naturally still in 2003 Mode tho.
By keogk in forum Virtual Learning Platforms
Last Post: 17th December 2009, 04:38 PM
By madman070578 in forum Windows Server 2008 R2
Last Post: 28th November 2009, 11:27 AM
By Crispin in forum Windows
Last Post: 15th September 2009, 11:18 PM
Last Post: 12th May 2006, 10:48 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread