[Samba] Samba PDC on FreeBSD problem?
Bill Moran
wmoran at potentialtech.com
Thu Mar 14 20:05:17 GMT 2002
Erik Ranà wrote:
> Problem: Samba running as a PDC on a FreeBSD, the clients can connect
> without computer accounts and browse the shares in the domain.
>
> Should the PDC allow that?
Depends on how you set it up. I'm assuming that you're using NT/W2K/XP
stations.
Remember that W95/98/ME machines don't have the proper security system
to honestly
log into a Domain. If you're using one of those Wintendo systems,
you'll not have near
the security you have with the real operating systems.
> As far as i have understood the PDC should refuse since the computer
> does not have a account in the domain regardless that the user have a
> user account?
Yes, assuming the workstation is NT/W2k/XP.
> Can it somehow be that i have named the computers as the users, user
> bob with computer bob
No
> But samba shuld not do that since it require a $ and W istead of U in
> smbpasswd file?
Exactly.
> Also i get this in the samba.log???
> [2002/03/13 16:08:49, 0] smbd/password.c:domain_client_validate(1517)
> domain_client_validate: could not fetch trust account password for
> domain DOMAIN
See below:
>
>
> /Erik Ranà
>
> --copy of smb.conf--
> [global]
> log level = 10
>
> message command = cat %s | logger -t message-%U@%f -p local3.notice &
> netbios name = PDC
> workgroup = DOMAIN
> server string = Samba server
> hosts allow = 10.0.0.0/255.0.0.0 172.16.0.0/255.248.0.0
> 192.168.0.0/255.255.0.0
>
>
> ; for NT domain
> domain master = yes
> preferred master = yes
> os level = 64
> local master = yes
> domain logons = yes
>
> wins support = no
> wins server = 10.0.0.12
> wins proxy = yes
>
> security = domain
If you want this to be a PDC, you need to use "security = user". The
"domain" setting
is only if this machine is part of a domain hosted by a Windows PDC.
<SNIP ADDITIONAL CONFIG>
More information about the samba
mailing list