That troublemaker again (replace domain logons =, domain master=)

Andrew Bartlett abartlet at pcug.org.au
Sun Nov 11 21:38:01 GMT 2001


"Gerald (Jerry) Carter" wrote:
> 
> On Mon, 12 Nov 2001, Andrew Bartlett wrote:
> 
> > > We'll first off, the DMB does not really belong in this list.
> > > It is browsing related and not authentication.
> >
> > This is actually coming from the other end of things.  This paramater
> > doesn't concern itself with authenticaion, it is an nmbd paramater.  The
> > problem I have is that nmbd is currently dependent on where *smbd* is
> > checking its passwords, and it should have nothing to do with it.
> >
> > The crazy thing in that we don't actually have any paramters to
> > determine if PDC services are available, only settings to determine if
> > they are advertised.  I'm trying to remove the dependency of nmbd on
> > security =, and I was told that this was the best way to do it.
> 
> Please point me to the code in nmbd you are referring (or a string
> to grep for).

I refer you to the patch attached to the original message.  In
particular grep for lp_server_role, the not-yet-paramater I changed into
a real paramater in my patch.

lp_server_role() depended on lp_security() and lp_domain_logons().  The
dependency on lp_secuirty() was problomatic.

> > Apart from the possiblity of providing sane defaults for the 'auth
> > order' paramater, the idea was that it would replace 'domain master ='
> > and 'domain logons = ' and allow 'security=server' and 'security=domain'
> > to be removed.
> >
> > As far as I can tell, no functionaity is lost but the flexability of the
> > new 'auth order' paramater is gained.
> 
> So PDC means we register DOMAIN<1c> and DOMAIN<1b>.  DMB means we register
> DOMAIN<1b>.  BDC means ?????  I don't see how we can register only
> DOMAIN<1c> and not be a BDC under your setup. Now granted I'm not
> necessarily saying this is a bad thing, but am pointing out my original
> question.  Please provide a table of how the new functionality maps
> onto the old parameters.  I know how to configure Samba very well
> in 2.2, and need you to hold my hand an articulate what advantage
> a "server role" parameter has.  As well as how this affects the overhead
> of configuring and managing a Samba server.

It should decrese the overhead, becouse the option is clear.  No more
'domain logons = pdc, but not if domain master = no, then its a bdc'
kind of stuff.

Table:
                   PDC        BDC       Standalone (also member)     DMB
domain master =     Y          N                 N                    Y
domain logons =     Y          Y                 N                    N

> > OK, I set myself up for that one...
> >
> > If sombody can show a sane way to implement backward-compatablity on
> > this, I'll be happy to see it.  It just seemed like it would a little
> > too messy.  We will see.
> 
> I'll need to understand it more and think some.

Thanks!

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba-technical mailing list