ERROR: in 'security=domain' mode the 'encrypt passwords' parameter must also be set to 'true'

Steve Langasek vorlon at
Tue Jul 9 13:32:04 GMT 2002

On Tue, Jul 09, 2002 at 03:57:02PM -0400, David Collier-Brown wrote:
> Steve Langasek wrote:
> > Playing with my smb.conf on a new server (2.2.5), I noticed that the
> > 'security=domain' and 'encrypt passwords=yes' parameters are somewhat
> > redundant.  

> 	I owe the team a set of self-check code for options
> 	that can contradict each other... I just finished
> 	some book stuff last week, so maybe Real Soon Now (;-))

Ah, cool. :)

One other thing I noticed while digging around was the current
description of 'preferred master':

              This boolean parameter controls if nmbd(8)is a pre­
              ferred master browser for its workgroup.

              If this is set to true, on startup, nmbd will force
              an election, and it will have a slight advantage in
              winning  the  election. It is recommended that this
              parameter is used in conjunction with  domain  mas­
              ter  =  yes, so that  nmbd can guarantee becoming a
              domain master.

              Use this option with caution, because if there  are
              several hosts (whether Samba servers, Windows 95 or
              NT) that are preferred master browsers on the  same
              subnet,  they  will  each periodically and continu­
              ously attempt to become the local  master  browser.
              This  will  result in unnecessary broadcast traffic
              and reduced browsing capabilities.

              See also os level .

              Default: preferred master = auto

A glance at the source confirms my suspicion that 'preferred master = auto'
depends on the value of 'domain master', but this doesn't make any sense
to me: 'preferred master' affects LMB elections, whereas 'domain master'
is used to make the server the DMB (PDC) for the workgroup (domain). 
Aren't local master browsers and domain master browsers orthogonal?
This has always been my understanding -- and indeed, I've been running a
network with a non-LMB PDC for quite some time, with no adverse effects
that I was aware of!  Is it time for me to change this?

Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the samba-technical mailing list