Samba PDC as a password server

Gerald Carter cartegw at Eng.Auburn.EDU
Tue Apr 28 15:53:28 GMT 1998 

I finally got around to testing this out and thought everyone would find
the results fairly interesting ( as well as their implications ).

Some basic testing between a Samba 1.9.18p4 and and Samba PDC indicates
that **it is possible** to use a Samba PDC as a password server for
other samba servers :)

I tested this by setting

	security = server
	password server = xxx.xxx.xxx.xxx (ip address of server1)

on a normal 1.9.18p4 server ( server2 ) whichc was prividing files /
printers ( no domain logins for 95 or NT though ).  server1 is a Samba
PDC running the cvs distribution of the main branch.

'net use X: \\server2\apps' went through without a hitch!  

Here an exceprt from the smbd log

---------log.smb-----------------------------------------
Connecting to xxx.xxx.xxx.xxx at port 139
connected to password server xxx.xxx.xxx.xxx
got session
password server OK
using password server validation
Selected protocol NT LM 0.12
04/28/1998 10:37:19 Transaction 2 of length 133
[......snip......]
switch message SMBsesssetupX (pid 2092)
Domain=[LENORE]  NativeOS=[Windows NT 1381] NativeLanMan=[]
sesssetupX:name=[cartegw]
trying NetWkstaUserLogon with password server 131
NetWkstaUserLogon success
password server 131 accepted the password
----------------------------------------------------------

Hmmm...so what does this exactly imply.  Well there should be no need to
distribute the smbpasswd to remote servers using rdist or anything
else.  Simply setup your Samba PDC in a tight security room, make it
accessible only from certain machines and by certain users using ssh or
something like that and then point all you samba server towards it for
validation.

Someone should test my theory, but the initial tests look promising.


j-
________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-ntdom mailing list