security=DOMAIN -> security=USER, authentication=DOMAINMEMBER

Mike Harris mike at
Sun Nov 14 11:25:48 GMT 1999


Make's sense I'm going to try it out.  I know you'll probably hate me for
making this suggestion.  But wouldn't it be simpler to change the security=
parameter to use a simpler model that hides all of this from people?  I
still think the below scheme, although technically okay, will cause more
emails here and elsewell confused about what it means.  I agree people
should RTFM, but in a Windows world where in my experience the FMs are quite
often horrendously poor, perhaps people have forgotten how to.  May I
suggest the following:

Share Level:    security=SHARE
User Level:      security=USER
Server Level:   security=SERVER
Member:         security=MEMBER or DOMAINMEMBER or DOMAIN
PDC:              security=PDC (even though this is actually the same as

I know that's not quite complete but in this way, no-one's confused about
DOMAIN members and PDCs (PDC's just a symbol afterall), and no-one can try
to do security=SHARE, authentication=REMOTESERVER.

Just a thought,

Mike Harris

----- Original Message -----
From: Matthias Wächter <matthias at>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at>
Sent: Saturday, November 13, 1999 9:57 PM
Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER

On Fri, 12 Nov 1999, Michael Glauche wrote:

> >         security = DOMAIN
> If you want samba to be PDC this MUST be security=user !!!
> security=DOMAIN = Samba as a Domain member !

How long will we answer this question in a row? I mean, the question is
correct with that version of Samba (not everyone does RTFM), but the
answer should be: Wait for the next release, then this parameter will have

Voila - here it is. I hope that noone feels steped on his shoes because he
likes to answer this question and becomes unemployed now ... :-)

The patch is separated into two pieces: One is a diff for the docs and one
for the source (should be complete and bug-free but is not tested yet for
something else than security=USER, authentication=LOCAL (== PDC
functionality).) The patch is against 2.0.6

In short: the "security=" option now (again) only has two valid choices:
"security=share" and "security=user". The other options are now
sub-options specified with the "authentication=" parameter.

Share level security:
Old: security = SHARE
New: security = SHARE
authentication = LOCAL (*)

User level security:
Old: security = USER (*)
New: security = USER (*)
authentication = LOCAL (*)

Server level security:
Old: security = SERVER
New: security = USER (*)
authentication = REMOTESERVER

Domain level security:
Old: security = DOMAIN
New: security = USER (*)
authentication = DOMAINMEMBER

(*) denotes default values. If the default value is used the parameter
does not have to be specified.

Please, test it and feed comments to me and to the list!

Sehr Wus,
- Matthias

Wer reitet so spät durch Nacht und Wind?
- Wos waas I

More information about the samba-ntdom mailing list