That troublemaker again (replace domain logons =, domain master=)
Andrew Bartlett
abartlet at pcug.org.au
Sun Nov 11 22:05:04 GMT 2001
"Gerald (Jerry) Carter" wrote:
>
> On Mon, 12 Nov 2001, Andrew Bartlett wrote:
>
> > I refer you to the patch attached to the original message. In
> > particular grep for lp_server_role, the not-yet-paramater I changed into
> > a real paramater in my patch.
> >
> > lp_server_role() depended on lp_security() and lp_domain_logons(). The
> > dependency on lp_secuirty() was problomatic.
>
> ok. I'll dig it back up. (too much mail :-( )
>
> > It should decrese the overhead, becouse the option is clear. No more
> > 'domain logons = pdc, but not if domain master = no, then its a bdc'
> > kind of stuff.
> >
> > Table:
> > PDC BDC Standalone (also member) DMB
> > domain master = Y N N Y
> > domain logons = Y Y N N
>
> But "BDC" implies that we have a read only SAM/smbpasswd. Which I assume
> will be closely tied to the domain mode security code. Follow where I'm
> going?
No, there is no reason for a BDC to use the domain security code. That
is behind the auth interface, and the rest of samba *doesn't care* where
that auth came from.
> And I still think DMB should not be in this list. Frankly, I prefer the
> "domain master" and "domain logons" combinations. I still don't see what
> advantage this has. From what I understand, it is not required for you to
> be able to implement the "auth order" parameter. Or am I mistaken.
We have to advertise on the wire our status as either 'PDC', 'BDC' or
other. That is what MS does. In addition I am told that samba alone
has the ability to become a DMB without advertising logon facilities.
Currently we do this partly on the basis of 'secruity='.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list