[Samba] auth to two diff PDCs? (success, sort of)
Matthew Hannigan
mlh at zip.com.au
Mon Oct 28 06:26:00 GMT 2002
On Mon, Oct 28, 2002 at 04:56:03PM +1100, Andrew Bartlett wrote:
> Andrew Bartlett wrote:
> >
> > Matthew Hannigan wrote:
> > >
> > > With a single server, settings "security = server" and
> > > "password server = pdc1 pdc2', I can successfully
> > > authenticate against two entirely different PDCs
> > > depending on which order I put the two machines in
> > > the 'password server' list.
> > >
> > > Is there someway of forcing clients from either
> > > domain to authenticate against the 'right' pdc,
> > > regardless of the order in the 'password server'
> > > config?
> > >
> > > What is the algo for choosing auth server out of a
> > > list, anyway?
> > >
> > > If so it'd be a nice cheap way of getting what
> > > we would otherwise have to wait for trust relationship
> > > support for.
> >
> > The reason we don't support this already is that while the auth works, a
> > *lot* of other things break.
>
> But if one PDC trusts the other, then secrutiy=domain will do this stuff
Except that the users would have to be on the server, right? Since
(according to the docs (smb.conf)) the network logon comes from the
server, not the workstation.
What precisely does 'on the server' mean anyway? In the smbpasswd
file? We don't use that; we just have the unix user (/etc/passwd)
Matt
More information about the samba-technical
mailing list