Login to domains

[Matthew Enger]

Hello,
	At school we run a samba server (2.0.4b) providing domain logins
for approx 150 computers. Where we are having a problem.

	When a student comes to login, they can login bypass the domain
login secuirty by loging in as anyone with any password as long as the
domain is not the domain controled by the domain controler.

	Anyone know why this is happening and how we can stop it? Does it
have anything to do with samba? I have encolsed a copy of the samba config
of our PDC below.

	from,
		Matthew Enger
		menger at dhs.org


# Global parameters
	workgroup = KGV
	netbios name = !KGV_SERVER1
	server string = KGV Intranet Server (kgv.tj)
	interfaces = 10.1.0.4/255.255.0.0 152.101.128.2/255.255.255.128
	encrypt passwords = Yes
	log file = /usr/log/samba/log.%m
	log level = 2
	max log size = 1000
	deadtime = 30
	time server = Yes
	socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
	logon drive = h:
	logon path =
	logon script = bat\startup-%m.bat
	domain master = Yes
	domain logons = Yes
	unix realname = Yes
	preferred master = Yes
	os level = 65
	wins support = Yes
	create mask = 0755
	directory mask = 0755
	force create mode = 0755
	force directory mode = 0755
	veto files = /_borders/_derived/_fpclass/_overlay/_themes/_vti_cnf/_vti_bin/_vti_pvt/_vti_txt/mbox/mail/.htaccess/.mailboxlist/_vti_map/_vti_bot/_share/httpd/
	delete veto files = Yes
	force user = %U
	force group = %U
	read only = No
	mangle case = Yes
	printcap name = /etc/printcap
        print command = /usr/bin/lpr -r -P%p %s        
	lpq command = /usr/bin/lpq -P%p
        lprm command = /usr/bin/lprm -P%p %j
	queuepause command = /usr/sbin/lpc stop %p
	queueresume command = /usr/sbin/lpc start %p

# Share stuffs
[admin1]
	comment = Admin Share 1
	path = /home1
	valid users = @sys
	force user = root
	force group = root
	read only = Yes

[admin2]
	comment = Admin Share 2
	path = /home2
	valid users = @adm
	force user = root
	force group = root
	read only = Yes

[departments]
	comment = Departments Share
	path = /home1/_share/departments
	valid users = @adm
	write list = @adm
	create mask = 0660
	directory mask = 2770
	force create mode = 0660
	force directory mode = 2770

[public]
	comment = Public File Share
	path = /home1/_share/public
	write list = @adm
	create mask = 0664
	directory mask = 2775
	force create mode = 0664
	force directory mode = 2775

[netlogon]
	comment = Network Logon Share
	path = /usr/local/share/netlogon
	guest ok = Yes
	write list = @sys
	locking = No
	oplocks = No
	create mask = 0664
	directory mask = 2775
	force create mode = 0664
	force directory mode = 2775
	root preexec = /usr/sbin/lg %U %m

[homes]
	comment = Homes Share
	browseable = No

# Printer stuffs
[Printer1]
	comment = Apple LaserWriter Pro 630-A in Computer Room 1
	path = /tmp
	printable = Yes
	printer driver = HP LaserJet 4

[Printer2]
	comment = Apple LaserWriter Pro 630-B in Computer Room 1
	path = /tmp
	printable = Yes
	printer driver = Apple LaserWriter Pro 630

[C2Printer1]
	comment = Apple LaserWriter Pro 630-A in Computer Room 2
	path = /tmp
	printable = Yes
	printer driver = Apple LaserWriter Pro 630

[C2Printer2]
	comment = Apple LaserWriter Pro 630-B in Computer Room 2
	path = /tmp
	printable = Yes
	printer driver = Apple LaserWriter Pro 630

# Student stuffs
[alcomp]
	comment = A-Level Computing Student Share
	path = /home2/_share/alcomp
	valid users = @alcomp
	write list = @alcomp
	create mask = 0660
	directory mask = 2770
	force create mode = 0660
	force directory mode = 2770