domain controller promotion
akopps at CSUA.Berkeley.EDU
Tue Sep 12 16:48:21 GMT 2000
On Tue, 12 Sep 2000, Simo Sorce wrote:
> > This option is not used to designate a machine as PDC.
> > >From smb.conf man page:
> > preferred master (G)
> > This boolean parameter controls if nmbd is a preferred
> > master browser for its workgroup.
> > If this is set to true, on startup, nmbd will force an
> > election, and it will have a slight advantage in win-
> > ning the election. It is recommended that this parame-
> > ter is used in conjunction with "domain master = yes",
> > so that nmbd can guarantee becoming a domain master.
> > ...
> > If you don't want your Samba box to be a PDC, make sure you do not
> > set "domain logons" in smb.conf or use "domain logons = no"
> > in smb.conf file.
> > Akop
> "domain logons = yes" is needed to retrieve the passwords from the PDC.
> to avoid beeing PDC you should set "domain master = no".
Not true. "domain master = no" tells nmbd not to become a domain
master browser. A machine can be a PDC without being a domain master
If "domain logons = yes" then samba becomes a PDC and authentication
is done on the samba server. If you want samba to authenticate users
from some other PDC then you certainly can't have "domain logons =
yes" option on the samba server because that promotes it into a PDC as
well. (you need to use "password server = *" , and "security =
domain" options for that.)
More information about the samba-ntdom