Samba PDC as a password server

Gerald Carter cartegw at Eng.Auburn.EDU
Tue Apr 28 15:53:28 GMT 1998

I finally got around to testing this out and thought everyone would find
the results fairly interesting ( as well as their implications ).

Some basic testing between a Samba 1.9.18p4 and and Samba PDC indicates
that **it is possible** to use a Samba PDC as a password server for
other samba servers :)

I tested this by setting

	security = server
	password server = (ip address of server1)

on a normal 1.9.18p4 server ( server2 ) whichc was prividing files /
printers ( no domain logins for 95 or NT though ).  server1 is a Samba
PDC running the cvs distribution of the main branch.

'net use X: \\server2\apps' went through without a hitch!  

Here an exceprt from the smbd log

Connecting to at port 139
connected to password server
got session
password server OK
using password server validation
Selected protocol NT LM 0.12
04/28/1998 10:37:19 Transaction 2 of length 133
switch message SMBsesssetupX (pid 2092)
Domain=[LENORE]  NativeOS=[Windows NT 1381] NativeLanMan=[]
trying NetWkstaUserLogon with password server 131
NetWkstaUserLogon success
password server 131 accepted the password
---------------------------------------------------------- what does this exactly imply.  Well there should be no need to
distribute the smbpasswd to remote servers using rdist or anything
else.  Simply setup your Samba PDC in a tight security room, make it
accessible only from certain machines and by certain users using ssh or
something like that and then point all you samba server towards it for

Someone should test my theory, but the initial tests look promising.

                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at   

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list