Using Samba -- domain logins

Luke Kenneth Casson Leighton lkcl at samba.org
Wed Jan 5 03:50:14 GMT 2000 

i have a function that distinguishes and returns the "role" by going over
these option. exactly these optinons, actually.

On Wed, 5 Jan 2000, Gerald Carter wrote:

> Luke Kenneth Casson Leighton wrote:
> > 
> > > In my opinion (at the moment) the two are inseperable.  
> > > A Samba 
> > 
> > mine too.
> > 
> > if you answer a GETDC request, you will get a 
> > WNetWkstaUserLogon call from 95.  this contains 
> > the user profile location, and only _then_ is the w95
> > user's user/pdomain/pass uactually used - to obtain 
> > the user profile!  SMBsesssetupX, etc.
> > 
> > this is why win95 doesn't have the concept of 
> > domain logons, it's an abortion, instead.
> > 
> > the act of responding to the WNetWkstatUserLogon call 
> > is the job of a PDC or a BDC.  do the GETDC, you have 
> > to do the WNeWkUL too.
> 
> Thank you!  The issues we are getting into 
> is that Samba is no longer configured by setting
> individual options, but rather a capability matrix
> 
> 		PDC	BDC	stand alone
> domain logons	yes	yes	xx
> domain master 	yes	no	xx
> security	user	domain	xxx
> encrypt 
>   passwords	yes	yes	xxx
> 
> It is only when Samba is operating in stand alone
> mode that the smb.conf man pa	ge can be taken one
> parameter at a time.
> 
> (the above matrix was for example only...i  know 
> it's not complete and entirely accurate).
> 
> > > I know that.  I just think that we have to develop
> > > more parameters later on to mean, "No I really am a BDC!"
> > 
> > naah, the ones we have already are perfectly good enough.
> 
> Thanks again.  However if we allow a domain member 
> Samba server to perform domain logons and say this is 
> not a BDC, then we have to define more parameters
> to reallt imply that the server is a BDC.
> 
> IMO using domain logons = yes and security = domain 
> currently will work but is based on a design
> bug in Samba.  It should not.
> 
> However (and I'm backtracking a little), for be it from 
> me to say that someone must now go a buy a NT server 
> license to they can setup a real BDC.  There's a 
> need that should be filled while we are getting from 
> our current state of the code to one that sufficiently 
> supports true BDC capabilities.
> 
> I don't have an answer for this.
> 
> > > This is not an issue of whether or not we can do it, but
> > > whether or not it is a good idea.  I seem to be outvited
> > > on my opinion and so I will hush now. ;)
> > 
> > believe in yourself, jerry - i do :)
> 
> One last thanks. :-)
> 
> 
> 
> 
> jerry
> ________________________________________________________________________
>                             Gerald ( Jerry ) Carter	
> Engineering Network Services                           Auburn University 
> jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw
> 
>        "...a hundred billion castaways looking for a home."
>                                   - Sting "Message in a Bottle" ( 1979 )
>

More information about the samba-technical mailing list