That troublemaker again (replace domain logons =, domain master=)
Andrew Bartlett
abartlet at pcug.org.au
Sun Nov 11 21:38:01 GMT 2001
"Gerald (Jerry) Carter" wrote:
>
> On Mon, 12 Nov 2001, Andrew Bartlett wrote:
>
> > > We'll first off, the DMB does not really belong in this list.
> > > It is browsing related and not authentication.
> >
> > This is actually coming from the other end of things. This paramater
> > doesn't concern itself with authenticaion, it is an nmbd paramater. The
> > problem I have is that nmbd is currently dependent on where *smbd* is
> > checking its passwords, and it should have nothing to do with it.
> >
> > The crazy thing in that we don't actually have any paramters to
> > determine if PDC services are available, only settings to determine if
> > they are advertised. I'm trying to remove the dependency of nmbd on
> > security =, and I was told that this was the best way to do it.
>
> Please point me to the code in nmbd you are referring (or a string
> to grep for).
I refer you to the patch attached to the original message. In
particular grep for lp_server_role, the not-yet-paramater I changed into
a real paramater in my patch.
lp_server_role() depended on lp_security() and lp_domain_logons(). The
dependency on lp_secuirty() was problomatic.
> > Apart from the possiblity of providing sane defaults for the 'auth
> > order' paramater, the idea was that it would replace 'domain master ='
> > and 'domain logons = ' and allow 'security=server' and 'security=domain'
> > to be removed.
> >
> > As far as I can tell, no functionaity is lost but the flexability of the
> > new 'auth order' paramater is gained.
>
> So PDC means we register DOMAIN<1c> and DOMAIN<1b>. DMB means we register
> DOMAIN<1b>. BDC means ????? I don't see how we can register only
> DOMAIN<1c> and not be a BDC under your setup. Now granted I'm not
> necessarily saying this is a bad thing, but am pointing out my original
> question. Please provide a table of how the new functionality maps
> onto the old parameters. I know how to configure Samba very well
> in 2.2, and need you to hold my hand an articulate what advantage
> a "server role" parameter has. As well as how this affects the overhead
> of configuring and managing a Samba server.
It should decrese the overhead, becouse the option is clear. No more
'domain logons = pdc, but not if domain master = no, then its a bdc'
kind of stuff.
Table:
PDC BDC Standalone (also member) DMB
domain master = Y N N Y
domain logons = Y Y N N
> > OK, I set myself up for that one...
> >
> > If sombody can show a sane way to implement backward-compatablity on
> > this, I'll be happy to see it. It just seemed like it would a little
> > too messy. We will see.
>
> I'll need to understand it more and think some.
Thanks!
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list