New Microsoft Knowledgebase article

Martin Kuhne mkuhne at microsoft.com
Wed Jan 12 16:34:27 GMT 2000 

Thanks for the feedback. That's the proposed change:

CAUSE
=====

When adding a Samba server configured as Primary Domain Controller to an
existing Windows NT domain, there will be two PDCs in this domain. This is
not allowed in Windows NT.

RESOLUTION
==========

To restore PDC functionality, take the Samba server off the network and
restart the netlogon service on the original Windows NT PDC. 

To resolve this problem, disable the domain controller functionality on the
Samba server. This can be done by changing the following values in the Samba
configuration file (smb.conf):
domain master = no
preferred master = no
domain logons = no

For further information, please refer to the product documentation or to the
manufacturer's web site (http://www.samba.org)

MORE INFORMATION
================

SAMBA is a third-party implementation of the SMB networking protocol used by
Windows NT.
<third party product information boilerplate>

Regards,
Martin
Microsoft GmbH

-----Original Message-----
From: Luke Kenneth Casson Leighton [mailto:lkcl at samba.org]
Sent: Mittwoch, 12. Januar 2000 16:41
To: Martin Kuhne
Cc: Multiple recipients of list SAMBA-NTDOM
Subject: RE: New Microsoft Knowledgebase article


On Thu, 13 Jan 2000, Martin Kuhne wrote:

> I'm afraid what you wrote will be hard to get published.

yeah, it will a bit.

> Does anyone have a practical suggestion on how to instruct an
inexperienced
> administrator to disable PDC functionality in Samba?

"domain logons = no" to disable BDC / PDC functionality (NETLOGON)

this stops samba registering DOMAIN<1c> internet group name, and from
answering SAMLOGON, GETDC requests.


"domain master = no" to disable PDC / DMB functionality.
 
this stops samba registering DOMAIN<1c> pdc unique name.


these are the defaults, so anyone who enables them on an existing domain
clearly _doesn't_ know what they are doing.


alternatively, they can move the Samba Server to a different workgroup /
domain, which is a [good] suggestion of one of your other KB articles.

thx for responding, martin.

luke

> Regards,
> Martin
> Microsoft GmbH
> 
> -----Original Message-----
> From: Karl Denninger [mailto:karl at Denninger.Net]
> Sent: Mittwoch, 12. Januar 2000 01:39
> To: Multiple recipients of list SAMBA-NTDOM
> Subject: Re: New Microsoft Knowledgebase article
> 
> 
> Cute.
> 
> "Turn off the Samba server".
> 
> How about:
> 
> 	Format your disks, install Linux or FreeBSD, and tell Microsoft to
> 	go fuck themselves with a football - preferrably to the same
> 	regional sales force that sold you the NT crapware in the first
> 	place?
> 
> I hate corporate arrogance - especially this kind of arrogance.
> 
> This kind of bullshit is PRECISELY what the US DOJ was after when they
threw
> the whole library (instead of one book) at Microsoft.
> 
> --
> -- 
> Karl Denninger (karl at denninger.net)  Web: http://childrens-justice.org
> Isn't it time we started putting KIDS first?  See the above URL for
> a plan to do exactly that!
> 
> 
> On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote:
> >   I just ran across the following article in
> > Microsoft's Knowledbase.  See the following URL:
> > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP.
> >  Anyone know what this is about?
> > __________________________________________________
> > Do You Yahoo!?
> > Talk to your friends online with Yahoo! Messenger.
> > http://im.yahoo.com
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list