New Microsoft Knowledgebase article

Greg Dickie greg at discreet.com
Wed Jan 12 19:21:31 GMT 2000



All of this is neatly avoided if you set up and use a WINS server is it not? Or
are there still gotchas? Besides browsing.

Greg

On 12-Jan-00 Jason Levine wrote:
>>> No -- "local master" has nothing to do with being a primary domain
>>> controller, it's purely a local master browser thing.
>>
>>True, but trying to oust a PDC from being a local master, as far as I
>>understand, isn't a blindingly intelligent thing to do??
> 
> Again, so far as I understand, the PDC cannot be ousted as a local master; 
> even if it *can*, though, the "local master" setting isn't a definitive 
> samba-will-become-LMB setting, it's a samba-will-try-to-become-an-LMB
> setting.
> 
>>> Likewise, "os level" is only whether or not a machine can become the
>>> local master browser in the selection process with other machines, and
>>> has nothing to do with the PDC role.
>>
>>Again, could someone (Luke) please verify this. I was of the understanding
>>that it is relevant.
> 
> It's relevant only to the master browser election process, but there can only
> be one PDC, and there's no election process for that per se.
> 
>>> And "domain logons", so far as I can tell, has absolutely no effect when
>>> the security model is set to domain ("security=domain") -- it's a
>>> Win9X thing, and it's purely for workgroups, not for domains.
>>
>>domain logons *does have* an affect. It did when installing our Samba
>>boxes - please see Luke's earlier posting confirming this when another
>>PDC exists on the network!
> 
> If it does have an effect, then the docs need to be changed; the DOMAIN.TXT 
> file says that it's only relevant in two security settings (the ones that
> they 
> are I don't remember, and I don't have access to that file right now).
> 
>>> All this illustrates my problem with this whole discussion --
>>> there's a lot of ego flying around about how certain users aren't
>>> "qualified" to have samba boxes....
>>
>>Wooohhhhhh! Slow down! I was only posting in reply to the question asked
>>what would be a solution. This has worked for me and as far as I understand
>>it is correct. In my opinion to have options completely locked down rather
>>than unspecified is a more sensible way of implementing configurations for
>>any daemon because you then know *exactly* what each parameter is set to.
>>
>>Sorry - will remember to post a disclaimer next time!
> 
> Me too -- I wasn't impugning you specifically, Paul.  I was talking about the
> whole conversation -- you just posted the solution that I corrected, but 
> specifically did NOT trash the notion of Windows users with samba boxes.  I 
> apologize for the implication otherwise.
> 
> On the whole, I like Jeremy Jones's post today that it's idiotic to turn the 
> samba wrath onto all WinNT admins -- a lot of us are quite competent, and
> also 
> are learning samba the same way that everyone else did, by docs and by 
> experience.  But this animosity makes me not want to use the product, which I
> know most people here couldn't care less about... which I guess is also part 
> of the problem.
> 
> /jason
> 
> /--------------------------------------------------------------\
> 
> For PGP public key, go to: http://www.queso.com/keys/siphoto.txt
> 
> Fingerprint: DB4C C56A 74ED 5F6E 1A7C  39B4 7354 01FD 8793 E537

---------------------------------------------------------------------
Greg Dickie
Just A Guy*
*from discreet (the logic is gone)
Montreal 
(514) 954-7171
greg at discreet.com



More information about the samba-ntdom mailing list