New Microsoft Knowledgebase article

Paul Rogers paul.rogers at mis-cds.com
Wed Jan 12 18:00:46 GMT 2000 

> Paul Rogers <paul.rogers at mis-cds.com> wrote:
> 
> >In /etc/smb.conf, edit / add the following lines to be:
> >
> >domain master = no
> >local master = no
> >domain logons = no
> >os level = 20
> 
> No -- "local master" has nothing to do with being a primary domain 
> controller, it's purely a local master browser thing.

True, but trying to oust a PDC from being a local master, as far as I
understand, isn't a blindingly intelligent thing to do??

> Likewise, "os level" is only whether or not a machine can become the
> local master browser in the selection process with other machines, and
> has nothing to do with the PDC role.

Again, could someone (Luke) please verify this. I was of the understanding
that it is relevant.

> And "domain logons", so far as I can tell, has absolutely no effect when
> the security model is set to domain ("security=domain") -- it's a
> Win9X thing, and it's purely for workgroups, not for domains.

domain logons *does have* an affect. It did when installing our Samba
boxes - please see Luke's earlier posting confirming this when another
PDC exists on the network!

> All this illustrates my problem with this whole discussion --
> there's a lot of ego flying around about how certain users aren't
> "qualified" to have samba boxes....

Wooohhhhhh! Slow down! I was only posting in reply to the question asked
what would be a solution. This has worked for me and as far as I understand
it is correct. In my opinion to have options completely locked down rather
than unspecified is a more sensible way of implementing configurations for
any daemon because you then know *exactly* what each parameter is set to.

Sorry - will remember to post a disclaimer next time!

> when we're talking about a configuration that's clearly confusing even to
> some long-time samba users.

quite

> "DOmain master" and "local master" mean very different things, about
> entirely different roles (PDC/DMB vs LMB)

That's true - they do mean different things but they can affect the running
of an NT PDC if local master = yes (it did on our net).
 despite 
 
> Yes, MS didn't document the right remedy -- but then again, neither did
> alot of posts to this very list, the technical list for samba and
> NT domain controller code.

I haven't seen Luke disagree with the posts here? Perhaps Luke should post
his solution here?

Only trying to help!

> 
> /jason
> 

Paul Rogers,
Development Analyst.

MIS Corporate Defence Solutions Limited

Tel:		+44 (0)1622 723422 (Direct Line)
		+44 (0)1622 723400 (Switchboard)
Fax:		+44 (0)1622 728580 
Website:	http://www.mis-cds.com

The information contained in this message or any of its attachments may be
privileged and confidential and intended for the exclusive use of the
addressee. If you are not the addressee any disclosure, reproduction,
distribution or other dissemination or use of this communications is
strictly  prohibited. If you have received this transmission in error,
please contact our Security Manager on 44 (0) 1622 723400.

More information about the samba-ntdom mailing list