security=DOMAIN -> security=USER, authentication=DOMAINMEMBER

Mike Harris mike at psand.com
Sun Nov 14 11:25:48 GMT 1999 

Matthias,

Make's sense I'm going to try it out.  I know you'll probably hate me for
making this suggestion.  But wouldn't it be simpler to change the security=
parameter to use a simpler model that hides all of this from people?  I
still think the below scheme, although technically okay, will cause more
emails here and elsewell confused about what it means.  I agree people
should RTFM, but in a Windows world where in my experience the FMs are quite
often horrendously poor, perhaps people have forgotten how to.  May I
suggest the following:

Share Level:    security=SHARE
User Level:      security=USER
Server Level:   security=SERVER
Member:         security=MEMBER or DOMAINMEMBER or DOMAIN
PDC:              security=PDC (even though this is actually the same as
USER)

I know that's not quite complete but in this way, no-one's confused about
DOMAIN members and PDCs (PDC's just a symbol afterall), and no-one can try
to do security=SHARE, authentication=REMOTESERVER.

Just a thought,

Mike Harris

----- Original Message -----
From: Matthias Wächter <matthias at waechter.wol.at>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at samba.org>
Sent: Saturday, November 13, 1999 9:57 PM
Subject: security=DOMAIN -> security=USER, authentication=DOMAINMEMBER


On Fri, 12 Nov 1999, Michael Glauche wrote:

> >         security = DOMAIN
> If you want samba to be PDC this MUST be security=user !!!
> security=DOMAIN = Samba as a Domain member !

How long will we answer this question in a row? I mean, the question is
correct with that version of Samba (not everyone does RTFM), but the
answer should be: Wait for the next release, then this parameter will have
a SELF EXPLAINING and LOGICAL name.

Voila - here it is. I hope that noone feels steped on his shoes because he
likes to answer this question and becomes unemployed now ... :-)

The patch is separated into two pieces: One is a diff for the docs and one
for the source (should be complete and bug-free but is not tested yet for
something else than security=USER, authentication=LOCAL (== PDC
functionality).) The patch is against 2.0.6

In short: the "security=" option now (again) only has two valid choices:
"security=share" and "security=user". The other options are now
sub-options specified with the "authentication=" parameter.

Share level security:
=====================
Old: security = SHARE
New: security = SHARE
authentication = LOCAL (*)

User level security:
====================
Old: security = USER (*)
New: security = USER (*)
authentication = LOCAL (*)

Server level security:
======================
Old: security = SERVER
New: security = USER (*)
authentication = REMOTESERVER

Domain level security:
======================
Old: security = DOMAIN
New: security = USER (*)
authentication = DOMAINMEMBER

(*) denotes default values. If the default value is used the parameter
does not have to be specified.


Please, test it and feed comments to me and to the list!


Sehr Wus,
- Matthias

--
Wer reitet so spät durch Nacht und Wind?
- Wos waas I
----------------------------------------------------------------------------
-

More information about the samba-ntdom mailing list