losing connections to password server
Gerald (Jerry) Carter
jerry at samba.org
Thu Jun 26 04:22:53 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 19 Jun 2003, David Collier-Brown -- Customer Engineering wrote:
> On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
> >>"security = server" may be a nasty hack, but it is an important
> >>'feature' in an organization like my university. We have centrally
> >>managed services which include user accounts. This hack lets me add
> >>users to samba services without having to manage accounts.
> Steve Langasek wrote:
> > So does "security = domain"; except that "security = domain" works,
> > using the same protocols that Microsoft supports for their own
> > authentication systems.
> > The "security = server" hack is /inherently/ flaky, and has /inherently/
> > limited security. Fixing these inherent flaws has been done: that's
> > what domain security is.
> Alas, security = domain only works if I'm running an
> NT domain, while security = server works with an
> authentication server which is using the underlying
> Unix authentication system.
Setup a Samba PDc and run the second Samba server as a domain member.
Sorry Dave, but there are so many other ways to get distributed
authentication to work in the case without using server mode security.
Or setup Samba PDC's and BDC's or trusts once they are finished.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
More information about the samba-technical