That troublemaker again (replace domain logons =, domain master=)

Andrew Bartlett abartlet at
Sun Nov 11 22:05:04 GMT 2001

"Gerald (Jerry) Carter" wrote:
> On Mon, 12 Nov 2001, Andrew Bartlett wrote:
> > I refer you to the patch attached to the original message.  In
> > particular grep for lp_server_role, the not-yet-paramater I changed into
> > a real paramater in my patch.
> >
> > lp_server_role() depended on lp_security() and lp_domain_logons().  The
> > dependency on lp_secuirty() was problomatic.
> ok.  I'll dig it back up.  (too much mail :-( )
> > It should decrese the overhead, becouse the option is clear.  No more
> > 'domain logons = pdc, but not if domain master = no, then its a bdc'
> > kind of stuff.
> >
> > Table:
> >                    PDC        BDC       Standalone (also member)     DMB
> > domain master =     Y          N                 N                    Y
> > domain logons =     Y          Y                 N                    N
> But "BDC" implies that we have a read only SAM/smbpasswd.  Which I assume
> will be closely tied to the domain mode security code.  Follow where I'm
> going?

No, there is no reason for a BDC to use the domain security code.  That
is behind the auth interface, and the rest of samba *doesn't care* where
that auth came from.

> And I still think DMB should not be in this list.  Frankly, I prefer the
> "domain master" and "domain logons" combinations.  I still don't see what
> advantage this has.  From what I understand, it is not required for you to
> be able to implement the "auth order" parameter.  Or am I mistaken.

We have to advertise on the wire our status as either 'PDC', 'BDC' or
other.  That is what MS does.  In addition I am told that samba alone
has the ability to become a DMB without advertising logon facilities.

Currently we do this partly on the basis of 'secruity='.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at

More information about the samba-technical mailing list