Both Samba-2.2, and Samba-3 can join an Active Directory domain using NT4 style RPC based security. This is
possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style
domain members. This is contrary to popular belief.
If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you
want to do that? Your security policy might prohibit the use of NT-compatible authentication protocols. All
your machines are running Windows 2000 and above and all use Kerberos. In this case, Samba, as an NT4-style
domain, would still require NT-compatible authentication data. Samba in AD-member mode can accept Kerberos
tickets.
Sites that use Microsoft Windows active directory services (ADS) should be aware of the significance of the
terms: native mode and mixed mode ADS operation. The term
realm is used to describe a Kerberos-based security architecture (such as is used by
Microsoft ADS).