New Microsoft Knowledgebase article

Jason Levine jlevine at siphoto.com
Wed Jan 12 19:02:03 GMT 2000 

>> No -- "local master" has nothing to do with being a primary domain
>> controller, it's purely a local master browser thing.
>
>True, but trying to oust a PDC from being a local master, as far as I
>understand, isn't a blindingly intelligent thing to do??

Again, so far as I understand, the PDC cannot be ousted as a local master; 
even if it *can*, though, the "local master" setting isn't a definitive 
samba-will-become-LMB setting, it's a samba-will-try-to-become-an-LMB setting.

>> Likewise, "os level" is only whether or not a machine can become the
>> local master browser in the selection process with other machines, and
>> has nothing to do with the PDC role.
>
>Again, could someone (Luke) please verify this. I was of the understanding
>that it is relevant.

It's relevant only to the master browser election process, but there can only 
be one PDC, and there's no election process for that per se.

>> And "domain logons", so far as I can tell, has absolutely no effect when
>> the security model is set to domain ("security=domain") -- it's a
>> Win9X thing, and it's purely for workgroups, not for domains.
>
>domain logons *does have* an affect. It did when installing our Samba
>boxes - please see Luke's earlier posting confirming this when another
>PDC exists on the network!

If it does have an effect, then the docs need to be changed; the DOMAIN.TXT 
file says that it's only relevant in two security settings (the ones that they 
are I don't remember, and I don't have access to that file right now).

>> All this illustrates my problem with this whole discussion --
>> there's a lot of ego flying around about how certain users aren't
>> "qualified" to have samba boxes....
>
>Wooohhhhhh! Slow down! I was only posting in reply to the question asked
>what would be a solution. This has worked for me and as far as I understand
>it is correct. In my opinion to have options completely locked down rather
>than unspecified is a more sensible way of implementing configurations for
>any daemon because you then know *exactly* what each parameter is set to.
>
>Sorry - will remember to post a disclaimer next time!

Me too -- I wasn't impugning you specifically, Paul.  I was talking about the 
whole conversation -- you just posted the solution that I corrected, but 
specifically did NOT trash the notion of Windows users with samba boxes.  I 
apologize for the implication otherwise.

On the whole, I like Jeremy Jones's post today that it's idiotic to turn the 
samba wrath onto all WinNT admins -- a lot of us are quite competent, and also 
are learning samba the same way that everyone else did, by docs and by 
experience.  But this animosity makes me not want to use the product, which I 
know most people here couldn't care less about... which I guess is also part 
of the problem.

/jason

/--------------------------------------------------------------\

For PGP public key, go to: http://www.queso.com/keys/siphoto.txt

Fingerprint: DB4C C56A 74ED 5F6E 1A7C  39B4 7354 01FD 8793 E537

More information about the samba-ntdom mailing list