Luke Kenneth Casson Leighton
lkcl at samba.org
Sun Dec 12 20:46:48 GMT 1999
just when you thought it was safe to do a cvs update, another cvs commit
hits the tree.
the first pass now has the following MSRPC services as separate daemons:
samr - samrd
lsarpc - lsarpcd
srvsvc - srvsvcd
wkssvc - wkssvcd
spoolss - spoolssd
NETLOGON - netlogond
browser - browserd
svcctl - svcctld
winreg - winregd
and guess what? if you don't want to run any of these services... YOU
DON'T HAVE TO!
however, if you want a minimum level of pdc support, you are going to
lsarpcd, srvsvcd, wkssvcd, netlogond.
if you want to be able to either change user passwords (NT-style) or run
usrmgr.exe or srvmgr.exe, you are going to need:
winregd and samrd.
if you just want samba as a member of a domain that does NOT support local
accounts, i don't think you need any of these msrpc services, i'd be
interested to see if people agree with this initial assessement.
if you want samba to be "browseable" in the network neighbourhood, you are
going to need:
wkssvcd and srvsvcd.
this configuration setup may change. in fact, i guarantee that it will.
one of the things that i wish to do is to ensure that smbd does not need
_any_ of the smb password database API calls, directly, it goes through
\PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account
information. apart from anything, direct verification of smb file access
using the password database API (getsmbpwnam etc) is wrong, as this
excludes trusted domains and your pdc.
so, a minimum requirement at some future point may be to run at least the
we live in interesting times!
luke (samba team)
p.s i'm back on samba-technical.
More information about the samba-ntdom