security = server

Stephen Langasek vorlon at
Sun Jan 14 20:05:52 GMT 2001


> SS> In using the security = server option, does the specified server have to
> SS> be in the same domain?

> Yes - they MUST be in the same domain.  Thats why its a "domain logon"
> for Windows. If you want to logon to another domain, you have to log
> out, and then log back into Windows specifying the other domain in the
> domain portion of the Windows Networking logon dialog.

If you're only using 'security = server', then your samba server does *not*
have to be in the same domain as the machine it's authenticating against.
Indeed, if you're using 'security = server', your Samba server isn't in a
domain at all.  This is different than the behavior of 'security = domain',
where you'll always be authenticating against the PDC for the domain you're

> SS> eg Two domains, room20 & room22 on two different physical servers. Can I
> SS> make all user/group authentication run off one of them?

> Again, the domain authenticaion is done PER DOMAIN.  If you want all
> the users to authenticate against one server, then ALL of the users
> must be members of that domain.

... modulo the use of inter-domain trust relationships.  With trust
relationships, each PDC would be able to authenticate users for all of the
trusted domains.

Steve Langasek
postmodern programmer

More information about the samba-ntdom mailing list