Samba PDC as a password server

Luke Kenneth Casson Leighton lkcl at regent.push.net
Tue Apr 28 16:16:36 GMT 1998


On Wed, 29 Apr 1998, Gerald Carter wrote:

> I finally got around to testing this out and thought everyone would find
> the results fairly interesting ( as well as their implications ).
> 
> Some basic testing between a Samba 1.9.18p4 and and Samba PDC indicates
> that **it is possible** to use a Samba PDC as a password server for
> other samba servers :)
> 
> I tested this by setting
> 
> 	security = server
> 	password server = xxx.xxx.xxx.xxx (ip address of server1)

ah.  you have to watch out for this "password server" specifies the
NetBIOS name of the server to connect to.  the NetBIOS session setup only
works [if you specify the ip address] because samba unconditionally
accepts NetBIOS connections with any called name: it's the only NetBIOS
server allowed to run on an ip address.

if you specify password server = ip.address.of.ntsrv then this will fail
unless the netbios name of the nt server is its own ip address.

> Hmmm...so what does this exactly imply.  Well there should be no need to
> distribute the smbpasswd to remote servers using rdist or anything
> else.

this is _really_ good to know.  also, gerald, jeremy is working on
"security = domain".  this will do an LsaSamLogon with type "network"
login to the password server, instead of an SMBnegprot/SMBsessetupX in
pass-through mode.

in other words, samba servers will be able to be members of a samba
domain.

luke




More information about the samba-ntdom mailing list