security = server

Jim Morris Jim at
Sun Jan 14 20:23:33 GMT 2001

Hello Stephen,

Sunday, January 14, 2001, 2:05:52 PM, you wrote:

SL> If you're only using 'security = server', then your samba server does *not*
SL> have to be in the same domain as the machine it's authenticating against.
SL> Indeed, if you're using 'security = server', your Samba server isn't in a
SL> domain at all.  This is different than the behavior of 'security = domain',
SL> where you'll always be authenticating against the PDC for the domain you're
SL> in.

Hmmm. It looks like I need to go review the differences between "server" and
"domain" security with Samba.  It's been a while since I've
authenticated Samba logons against an NT PDC - more recently, I've
been going the other way - authenticating NT workstation logons
against a Samba PDC.

SL> ... modulo the use of inter-domain trust relationships.  With trust
SL> relationships, each PDC would be able to authenticate users for all of the
SL> trusted domains.

Well, I guess I'm confused as to how to make that happen in an NT PDC
environment.  I know with Samba, I could have several Samba servers,
with all of them set to use the same logon server.  However, how do I
logon from an NT workstation using one domain, and gain access to
another domains resources?  Typically in NT, when you browse a share
on a domain that you did not logon to, you are prompted for the
username and password for that share - not the domain.

I am guessing that you can administer relationships between the PDC
and multiple domains using the NT server manager or user manager for
domains?  Guess I need to crank up VMWare, and play with my "virtual"
install of NT Server 4.0....

Best regards,
 Jim                            mailto:Jim at

More information about the samba-ntdom mailing list