New Microsoft Knowledgebase article

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Jan 12 19:38:54 GMT 2000 

martin, thx very much.

On Wed, 12 Jan 2000, Martin Kuhne wrote:

> Thanks for the feedback. That's the proposed change:
> 
> CAUSE
> =====
> 
> When adding a Samba server configured as Primary Domain Controller to an
> existing Windows NT domain, there will be two PDCs in this domain. This is
> not allowed in Windows NT.

[you damn right it isn't!!!!]

personally, i would say, "This is not allowed in a Windows NT Domain
Environment".

> 
> RESOLUTION
> ==========
> 
> To restore PDC functionality, take the Samba server off the network and
> restart the netlogon service on the original Windows NT PDC. 
> 
> To resolve this problem, disable the domain controller functionality on the
> Samba server. This can be done by changing the following values

... ", to the manufacturer default values,"

> in the Samba
> configuration file (smb.conf):
> domain master = no
> domain logons = no

delete the "preferred master = no", it's to do with browsing, not LOGON
functionality, and will have no effect if it's changed or not changed.



an _alternative_ is to move the samba server to be a Domain Controller for
a different domain, for example:

workgroup = A_DIFFERENT_DOMAIN

which is the suggestion of one of the other KB articles that someone
quoted on samba-ntdom.

> For further information, please refer to the product documentation or to the
> manufacturer's web site (http://www.samba.org)

this can be http://samba.org (which i personally prefer) but it doesn't
make much odds either way.

> 
> MORE INFORMATION
> ================
> 
> SAMBA is a third-party implementation of the SMB networking protocol used by
> Windows NT.
> <third party product information boilerplate>
> 
> Regards,
> Martin
> Microsoft GmbH
> 
> -----Original Message-----
> From: Luke Kenneth Casson Leighton [mailto:lkcl at samba.org]
> Sent: Mittwoch, 12. Januar 2000 16:41
> To: Martin Kuhne
> Cc: Multiple recipients of list SAMBA-NTDOM
> Subject: RE: New Microsoft Knowledgebase article
> 
> 
> On Thu, 13 Jan 2000, Martin Kuhne wrote:
> 
> > I'm afraid what you wrote will be hard to get published.
> 
> yeah, it will a bit.
> 
> > Does anyone have a practical suggestion on how to instruct an
> inexperienced
> > administrator to disable PDC functionality in Samba?
> 
> "domain logons = no" to disable BDC / PDC functionality (NETLOGON)
> 
> this stops samba registering DOMAIN<1c> internet group name, and from
> answering SAMLOGON, GETDC requests.
> 
> 
> "domain master = no" to disable PDC / DMB functionality.
>  
> this stops samba registering DOMAIN<1c> pdc unique name.
> 
> 
> these are the defaults, so anyone who enables them on an existing domain
> clearly _doesn't_ know what they are doing.
> 
> 
> alternatively, they can move the Samba Server to a different workgroup /
> domain, which is a [good] suggestion of one of your other KB articles.
> 
> thx for responding, martin.
> 
> luke
> 
> > Regards,
> > Martin
> > Microsoft GmbH
> > 
> > -----Original Message-----
> > From: Karl Denninger [mailto:karl at Denninger.Net]
> > Sent: Mittwoch, 12. Januar 2000 01:39
> > To: Multiple recipients of list SAMBA-NTDOM
> > Subject: Re: New Microsoft Knowledgebase article
> > 
> > 
> > Cute.
> > 
> > "Turn off the Samba server".
> > 
> > How about:
> > 
> > 	Format your disks, install Linux or FreeBSD, and tell Microsoft to
> > 	go fuck themselves with a football - preferrably to the same
> > 	regional sales force that sold you the NT crapware in the first
> > 	place?
> > 
> > I hate corporate arrogance - especially this kind of arrogance.
> > 
> > This kind of bullshit is PRECISELY what the US DOJ was after when they
> threw
> > the whole library (instead of one book) at Microsoft.
> > 
> > --
> > -- 
> > Karl Denninger (karl at denninger.net)  Web: http://childrens-justice.org
> > Isn't it time we started putting KIDS first?  See the above URL for
> > a plan to do exactly that!
> > 
> > 
> > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote:
> > >   I just ran across the following article in
> > > Microsoft's Knowledbase.  See the following URL:
> > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP.
> > >  Anyone know what this is about?
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> > 
> 
> <a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
> <a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
> <a href="http://samba.org"        > Samba Web site                  </a>
> <a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
> <a href="http://mcp.com"          > Macmillan Technical Publishing  </a>
> 
>  ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-ntdom mailing list