losing connections to password server

David Collier-Brown -- Customer Engineering David.Collier-Brown at Sun.COM
Thu Jun 19 18:46:08 GMT 2003

On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
>>"security = server" may be a nasty hack, but it is an important
>>'feature' in an organization like my university.  We have centrally
>>managed services which include user accounts.  This hack lets me add
>>users to samba services without having to manage accounts.

Steve Langasek wrote:
> So does "security = domain"; except that "security = domain" works,
> using the same protocols that Microsoft supports for their own
> authentication systems.
> The "security = server" hack is /inherently/ flaky, and has /inherently/
> limited security.  Fixing these inherent flaws has been done: that's
> what domain security is.

	Alas, security = domain only works if I'm running an
	NT domain, while security = server works with an
	authentication server which is using the underlying
	Unix authentication system.

	Do the limitations and errors of security = server
	generally affect or not affect servers using Unix
	authentication?  We've not encountered (or perhaps
	not noticed (;-)) them in Sun, and we run a worldwide
	SMB service, managed out of Australia.

David Collier-Brown,           | Always do right. This will gratify
Sun Microsystems DCMO          | some people and astonish the rest.
Toronto, Ontario               |
(905) 415-2849 or x52849       | davecb at canada.sun.com

More information about the samba-technical mailing list