Using Samba -- domain logins
Gerald Carter
cartegw at Eng.Auburn.EDU
Wed Jan 5 03:50:17 GMT 2000
Luke Kenneth Casson Leighton wrote:
>
> > In my opinion (at the moment) the two are inseperable.
> > A Samba
>
> mine too.
>
> if you answer a GETDC request, you will get a
> WNetWkstaUserLogon call from 95. this contains
> the user profile location, and only _then_ is the w95
> user's user/pdomain/pass uactually used - to obtain
> the user profile! SMBsesssetupX, etc.
>
> this is why win95 doesn't have the concept of
> domain logons, it's an abortion, instead.
>
> the act of responding to the WNetWkstatUserLogon call
> is the job of a PDC or a BDC. do the GETDC, you have
> to do the WNeWkUL too.
Thank you! The issues we are getting into
is that Samba is no longer configured by setting
individual options, but rather a capability matrix
PDC BDC stand alone
domain logons yes yes xx
domain master yes no xx
security user domain xxx
encrypt
passwords yes yes xxx
It is only when Samba is operating in stand alone
mode that the smb.conf man pa ge can be taken one
parameter at a time.
(the above matrix was for example only...i know
it's not complete and entirely accurate).
> > I know that. I just think that we have to develop
> > more parameters later on to mean, "No I really am a BDC!"
>
> naah, the ones we have already are perfectly good enough.
Thanks again. However if we allow a domain member
Samba server to perform domain logons and say this is
not a BDC, then we have to define more parameters
to reallt imply that the server is a BDC.
IMO using domain logons = yes and security = domain
currently will work but is based on a design
bug in Samba. It should not.
However (and I'm backtracking a little), for be it from
me to say that someone must now go a buy a NT server
license to they can setup a real BDC. There's a
need that should be filled while we are getting from
our current state of the code to one that sufficiently
supports true BDC capabilities.
I don't have an answer for this.
> > This is not an issue of whether or not we can do it, but
> > whether or not it is a good idea. I seem to be outvited
> > on my opinion and so I will hush now. ;)
>
> believe in yourself, jerry - i do :)
One last thanks. :-)
jerry
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-technical
mailing list