domain controller promotion

Akop Pogosian akopps at CSUA.Berkeley.EDU
Tue Sep 12 16:48:21 GMT 2000


On Tue, 12 Sep 2000, Simo Sorce wrote:

> > This option is not used to designate a machine as PDC.
> > >From smb.conf man page:
> > 
> >      preferred master (G)
> > 
> >           This boolean parameter controls if nmbd is a  preferred
> >           master browser for its workgroup.
> > 
> >           If this is set to true, on startup, nmbd will force  an
> >           election,  and  it will have a slight advantage in win-
> >           ning the election.  It is recommended that this parame-
> >           ter  is used in conjunction with "domain master = yes",
> >           so that nmbd can guarantee becoming a domain master.
> >                   ...
> > 
> > If you don't want your Samba box to be a PDC, make sure you do not
> > set "domain logons" in smb.conf or use "domain logons = no"
> > in smb.conf file.
> > 
> > Akop
> 
> "domain logons = yes" is needed to retrieve the passwords from the PDC.
> to avoid beeing PDC you should set "domain master = no".
> 
> Simo.
> 

Not true. "domain master = no" tells nmbd not to become a domain
master browser. A machine can be a PDC without being a domain master
browser.

If "domain logons = yes" then samba becomes a PDC and authentication
is done on the samba server. If you want samba to authenticate users
from some other PDC then you certainly can't have "domain logons =
yes" option on the samba server because that promotes it into a PDC as
well.  (you need to use "password server = *" , and "security  =
domain" options for that.)

Akop






More information about the samba-ntdom mailing list