New Microsoft Knowledgebase article
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 12 19:38:54 GMT 2000
martin, thx very much.
On Wed, 12 Jan 2000, Martin Kuhne wrote:
> Thanks for the feedback. That's the proposed change:
>
> CAUSE
> =====
>
> When adding a Samba server configured as Primary Domain Controller to an
> existing Windows NT domain, there will be two PDCs in this domain. This is
> not allowed in Windows NT.
[you damn right it isn't!!!!]
personally, i would say, "This is not allowed in a Windows NT Domain
Environment".
>
> RESOLUTION
> ==========
>
> To restore PDC functionality, take the Samba server off the network and
> restart the netlogon service on the original Windows NT PDC.
>
> To resolve this problem, disable the domain controller functionality on the
> Samba server. This can be done by changing the following values
... ", to the manufacturer default values,"
> in the Samba
> configuration file (smb.conf):
> domain master = no
> domain logons = no
delete the "preferred master = no", it's to do with browsing, not LOGON
functionality, and will have no effect if it's changed or not changed.
an _alternative_ is to move the samba server to be a Domain Controller for
a different domain, for example:
workgroup = A_DIFFERENT_DOMAIN
which is the suggestion of one of the other KB articles that someone
quoted on samba-ntdom.
> For further information, please refer to the product documentation or to the
> manufacturer's web site (http://www.samba.org)
this can be http://samba.org (which i personally prefer) but it doesn't
make much odds either way.
>
> MORE INFORMATION
> ================
>
> SAMBA is a third-party implementation of the SMB networking protocol used by
> Windows NT.
> <third party product information boilerplate>
>
> Regards,
> Martin
> Microsoft GmbH
>
> -----Original Message-----
> From: Luke Kenneth Casson Leighton [mailto:lkcl at samba.org]
> Sent: Mittwoch, 12. Januar 2000 16:41
> To: Martin Kuhne
> Cc: Multiple recipients of list SAMBA-NTDOM
> Subject: RE: New Microsoft Knowledgebase article
>
>
> On Thu, 13 Jan 2000, Martin Kuhne wrote:
>
> > I'm afraid what you wrote will be hard to get published.
>
> yeah, it will a bit.
>
> > Does anyone have a practical suggestion on how to instruct an
> inexperienced
> > administrator to disable PDC functionality in Samba?
>
> "domain logons = no" to disable BDC / PDC functionality (NETLOGON)
>
> this stops samba registering DOMAIN<1c> internet group name, and from
> answering SAMLOGON, GETDC requests.
>
>
> "domain master = no" to disable PDC / DMB functionality.
>
> this stops samba registering DOMAIN<1c> pdc unique name.
>
>
> these are the defaults, so anyone who enables them on an existing domain
> clearly _doesn't_ know what they are doing.
>
>
> alternatively, they can move the Samba Server to a different workgroup /
> domain, which is a [good] suggestion of one of your other KB articles.
>
> thx for responding, martin.
>
> luke
>
> > Regards,
> > Martin
> > Microsoft GmbH
> >
> > -----Original Message-----
> > From: Karl Denninger [mailto:karl at Denninger.Net]
> > Sent: Mittwoch, 12. Januar 2000 01:39
> > To: Multiple recipients of list SAMBA-NTDOM
> > Subject: Re: New Microsoft Knowledgebase article
> >
> >
> > Cute.
> >
> > "Turn off the Samba server".
> >
> > How about:
> >
> > Format your disks, install Linux or FreeBSD, and tell Microsoft to
> > go fuck themselves with a football - preferrably to the same
> > regional sales force that sold you the NT crapware in the first
> > place?
> >
> > I hate corporate arrogance - especially this kind of arrogance.
> >
> > This kind of bullshit is PRECISELY what the US DOJ was after when they
> threw
> > the whole library (instead of one book) at Microsoft.
> >
> > --
> > --
> > Karl Denninger (karl at denninger.net) Web: http://childrens-justice.org
> > Isn't it time we started putting KIDS first? See the above URL for
> > a plan to do exactly that!
> >
> >
> > On Wed, Jan 12, 2000 at 11:30:32AM +1100, Larry Blunk wrote:
> > > I just ran across the following article in
> > > Microsoft's Knowledbase. See the following URL:
> > > http://support.microsoft.com/support/kb/articles/Q250/2/63.ASP.
> > > Anyone know what this is about?
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> >
>
> <a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
> <a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
> <a href="http://samba.org" > Samba Web site </a>
> <a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
> <a href="http://mcp.com" > Macmillan Technical Publishing </a>
>
> ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
>
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href="http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list