losing connections to password server

Steve Langasek vorlon at netexpress.net
Fri Jun 20 15:43:06 GMT 2003


On Thu, Jun 19, 2003 at 02:46:08PM -0400, David Collier-Brown -- Customer Engineering wrote:
> On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
> >>"security = server" may be a nasty hack, but it is an important
> >>'feature' in an organization like my university.  We have centrally
> >>managed services which include user accounts.  This hack lets me add
> >>users to samba services without having to manage accounts.

> Steve Langasek wrote:
> >So does "security = domain"; except that "security = domain" works,
> >using the same protocols that Microsoft supports for their own
> >authentication systems.

> >The "security = server" hack is /inherently/ flaky, and has /inherently/
> >limited security.  Fixing these inherent flaws has been done: that's
> >what domain security is.

> 	Alas, security = domain only works if I'm running an
> 	NT domain, while security = server works with an
> 	authentication server which is using the underlying
> 	Unix authentication system.

> 	Do the limitations and errors of security = server
> 	generally affect or not affect servers using Unix
> 	authentication?  We've not encountered (or perhaps
> 	not noticed (;-)) them in Sun, and we run a worldwide
> 	SMB service, managed out of Australia.

So you're using 'security = server' with 'encrypted passwords = no'?
Hmm, I've never seen a configuration like that before...  Maybe it's
more resilient because your network and/or SMB servers are more
reliable? :)

-- 
Steve Langasek
postmodern programmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20030620/eb36eb0a/attachment.bin


More information about the samba-technical mailing list