security = server
Stephen Langasek
vorlon at netexpress.net
Sun Jan 14 20:05:52 GMT 2001
Jim,
> SS> In using the security = server option, does the specified server have to
> SS> be in the same domain?
> Yes - they MUST be in the same domain. Thats why its a "domain logon"
> for Windows. If you want to logon to another domain, you have to log
> out, and then log back into Windows specifying the other domain in the
> domain portion of the Windows Networking logon dialog.
If you're only using 'security = server', then your samba server does *not*
have to be in the same domain as the machine it's authenticating against.
Indeed, if you're using 'security = server', your Samba server isn't in a
domain at all. This is different than the behavior of 'security = domain',
where you'll always be authenticating against the PDC for the domain you're
in.
> SS> eg Two domains, room20 & room22 on two different physical servers. Can I
> SS> make all user/group authentication run off one of them?
> Again, the domain authenticaion is done PER DOMAIN. If you want all
> the users to authenticate against one server, then ALL of the users
> must be members of that domain.
... modulo the use of inter-domain trust relationships. With trust
relationships, each PDC would be able to authenticate users for all of the
trusted domains.
Steve Langasek
postmodern programmer
More information about the samba-ntdom
mailing list