Using remote announce w/ security=domain
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Apr 15 15:29:07 GMT 1999
On Wed, 14 Apr 1999, Andrew Perrin - Demography wrote:
> So, let me see if I understand the upshot here: what we're hoping to do on
> campus is (at least for now) not possible: that is, to plop samba servers
> in 'foreign' subnets where we are unable to control the configuration of
> the Win9x machines (except to guarantee that they have NetBIOS and TCP/IP)
> and have users on those machines be able to view our server's shares and
> grab stuff off of them.
basically correct.
solutions:
1) poison their WINS server database (either by using it as _your_ WINS
server or getting its admin to add an entry for your server OR by writing
a small program to register the samba server's ip address in TWO WINS
servers :-) :-)
2) sneak a samba server onto that subnet with "wins proxy = yes" where
that samba server uses the same WINS server as the rest of _your_ samba
servers+windows clients.
3) rely on the remote clients using dns, plus you using remote announce:
this is one of the _only_ situations under which i would recommend the use
of remote announce
4) hack into all of those machines on the remote network and put your
samba server in their lmhosts files (not recommended :-)
5) _ask_ individual users who wish to access your samba servers to add an
entry in the lmhosts file.
samba servers as PDCs need to have that odd #PRE DOMAIN_NAME system in
clients' lmhosts.
More information about the samba-ntdom
mailing list