Problems with samba as PDC

Mike Harris mike at
Fri Nov 19 18:32:02 GMT 1999


Apologies for re-iterating the same thing again, just realised something.

The point of all this to me is that really the only point of confusing is
when Samba is acting as a PDC.  The settings for this are security=USER and
domain logons=YES.  Even though these are exactly specifying what's really
going on from the SMB point of view, I believe that this is the cause of the

Under NT, a PDC and a Server are taken to be very different things
(requiring the re-installation of the OS to change!) although in essence
they're actually very similar bar the Domain Groups etc.  So all that needs
to happen is clarification of this action by making a value, PDC the same as
USER, therefore advoiding the confusion.

Hope this is useful,


----- Original Message -----
From: Mike Harris <mike at>
To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at>
Sent: Friday, November 19, 1999 11:30 AM
Subject: RE: Problems with samba as PDC

> Matthias,
> I have checked out your patch, but I'm inclined to agree with Kevin, we
> shouldn't further over-complicate the parameter settings.  As I mentioned
> before, perhaps we should make the secuiry parameter more Windows world
> friendly (even though this creates duplicity and redundancy in the
> parameters.  Another suggestion, how about:
> security=
> SHARE (level), USER (level), SERVER (remote server), MEMBER (domain
> PDC and BDC ?
> In that way, I think there'll be less confusion for newbies (especially
> those well-versed in a Windows environment)
> ??
> Mike Harris,
> Psand España.
> ----- Original Message -----
> From: Kevin Colby <kevinc at>
> To: Multiple recipients of list SAMBA-NTDOM <samba-ntdom at>
> Sent: Friday, November 19, 1999 12:22 AM
> Subject: Re: Problems with samba as PDC
> > Matthias Wächter wrote:
> > >
> > > Sigh. Is really noone interested in my patch?
> >
> > *chuckle*
> >
> > While your patch certainly does a more accurate job of modeling
> > the security mechanism, I must admit that I think it is even
> > more complicated than the current system.  I find it hard to
> > justify creating yet another option that will inevitably confuse
> > the users further.  Adding an alias or two to the current system
> > to clarify things sounds a lot simpler.
> >
> > - Kevin Colby
> >   kevinc at

More information about the samba-ntdom mailing list