Using Samba -- domain logins

Gerald Carter cartegw at Eng.Auburn.EDU
Wed Jan 5 03:50:17 GMT 2000 

Luke Kenneth Casson Leighton wrote:
> 
> > In my opinion (at the moment) the two are inseperable.  
> > A Samba 
> 
> mine too.
> 
> if you answer a GETDC request, you will get a 
> WNetWkstaUserLogon call from 95.  this contains 
> the user profile location, and only _then_ is the w95
> user's user/pdomain/pass uactually used - to obtain 
> the user profile!  SMBsesssetupX, etc.
> 
> this is why win95 doesn't have the concept of 
> domain logons, it's an abortion, instead.
> 
> the act of responding to the WNetWkstatUserLogon call 
> is the job of a PDC or a BDC.  do the GETDC, you have 
> to do the WNeWkUL too.

Thank you!  The issues we are getting into 
is that Samba is no longer configured by setting
individual options, but rather a capability matrix

		PDC	BDC	stand alone
domain logons	yes	yes	xx
domain master 	yes	no	xx
security	user	domain	xxx
encrypt 
  passwords	yes	yes	xxx

It is only when Samba is operating in stand alone
mode that the smb.conf man pa	ge can be taken one
parameter at a time.

(the above matrix was for example only...i  know 
it's not complete and entirely accurate).

> > I know that.  I just think that we have to develop
> > more parameters later on to mean, "No I really am a BDC!"
> 
> naah, the ones we have already are perfectly good enough.

Thanks again.  However if we allow a domain member 
Samba server to perform domain logons and say this is 
not a BDC, then we have to define more parameters
to reallt imply that the server is a BDC.

IMO using domain logons = yes and security = domain 
currently will work but is based on a design
bug in Samba.  It should not.

However (and I'm backtracking a little), for be it from 
me to say that someone must now go a buy a NT server 
license to they can setup a real BDC.  There's a 
need that should be filled while we are getting from 
our current state of the code to one that sufficiently 
supports true BDC capabilities.

I don't have an answer for this.

> > This is not an issue of whether or not we can do it, but
> > whether or not it is a good idea.  I seem to be outvited
> > on my opinion and so I will hush now. ;)
> 
> believe in yourself, jerry - i do :)

One last thanks. :-)




jerry
________________________________________________________________________
                            Gerald ( Jerry ) Carter	
Engineering Network Services                           Auburn University 
jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw

       "...a hundred billion castaways looking for a home."
                                  - Sting "Message in a Bottle" ( 1979 )

More information about the samba-technical mailing list