MSRPC daemons

[C.Lee Taylor]

Great Idea ... and interesting times are here to stay ...

----- Original Message -----
From: Luke Kenneth Casson Leighton <lkcl at samba.org>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
Sent: Sunday, December 12, 1999 10:51 PM
Subject: MSRPC daemons


> just when you thought it was safe to do a cvs update, another cvs commit
> hits the tree.
>
> the first pass now has the following MSRPC services as separate daemons:
>
> samr - samrd
> lsarpc - lsarpcd
> srvsvc - srvsvcd
> wkssvc - wkssvcd
> spoolss - spoolssd
> NETLOGON - netlogond
> browser - browserd
> svcctl - svcctld
> winreg - winregd
>
> and guess what?  if you don't want to run any of these services... YOU
> DON'T HAVE TO!
>
> however, if you want a minimum level of pdc support, you are going to
> need:
>
> lsarpcd, srvsvcd, wkssvcd, netlogond.
>
> if you want to be able to either change user passwords (NT-style) or run
> usrmgr.exe or srvmgr.exe, you are going to need:
>
> winregd and samrd.
>
> if you just want samba as a member of a domain that does NOT support local
> accounts, i don't think you need any of these msrpc services, i'd be
> interested to see if people agree with this initial assessement.
>
> if you want samba to be "browseable" in the network neighbourhood, you are
> going to need:
>
> wkssvcd and srvsvcd.
>
>
> this configuration setup may change.  in fact, i guarantee that it will.
> one of the things that i wish to do is to ensure that smbd does not need
> _any_ of the smb password database API calls, directly, it goes through
> \PIPE\NETLOGON or \PIPE\lsarpc or \PIPE\samr to verify user account
> information.  apart from anything, direct verification of smb file access
> using the password database API (getsmbpwnam etc) is wrong, as this
> excludes trusted domains and your pdc.
>
> so, a minimum requirement at some future point may be to run at least the
> netlogond.
>
> we live in interesting times!
>
> luke (samba team)
>
> p.s i'm back on samba-technical.
>