security = DOMAIN??
Matthias Wächter
matthias at waechter.wol.at
Tue May 25 15:31:45 GMT 1999
On Tue, 25 May 1999, Jae Chi wrote:
> I actually don't have a PASSWORDSERVER set up. I had
> %m. But that didn't make any difference. And I
> remember reading that says I shouldn't have the samba
> server as the password server because it would cause
> the system to go into infinite loop or something. What
> should it be set to?
> I downloaded the code from the CVS tree last Friday.
Arghh!
Read the FAQ and/or the help file about "security=", especially
"security=DOMAIN".
If you want to have a PDC you mustn't use "security=DOMAIN". This setting
would authenticate using _another_ server, and in difference to
"security=SERVER", to another PDC. So: If you setup "security=DOMAIN" and
"%m" as the password server, Samba tries to validate a login by calling
itself. This way, it tries to validate using itself and since in this case
it should call itself, it goes into a loop never returning from that.
Using "security=DOMAIN" disables any local user authentification!!!
Simply spoken: Don't ever use "security=DOMAIN" unless you want to
authenticate by another PDC actually capable of doing the authentication
by itself.
If you just want to set up a standalone PDC server (f.e. as a replacement
or an equivalent to a Windows NT PDC), set up "security=USER". Neither
"SERVER" nor "DOMAIN" is correct and both of them will produce a lot of
problems (and unclear log file entries).
To all the others: Again, let me ask for a redesign of the "security="
setting, please!
Security=Share/User
User authentication=Local/OtherServer/OtherDomainController
Sehr Wus,
- Matthias
--
Bunt ist das Dasein und granatenstark. Und: Volle Kanne, Hoschis!
aus: "Bill und Teds verrückte Reise durch die Zeit"
-----------------------------------------------------------------------------
More information about the samba-ntdom
mailing list