losing connections to password server
Gerald (Jerry) Carter
jerry at samba.org
Thu Jun 26 04:22:53 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 19 Jun 2003, David Collier-Brown -- Customer Engineering wrote:
> On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
> >>"security = server" may be a nasty hack, but it is an important
> >>'feature' in an organization like my university. We have centrally
> >>managed services which include user accounts. This hack lets me add
> >>users to samba services without having to manage accounts.
>
> Steve Langasek wrote:
> > So does "security = domain"; except that "security = domain" works,
> > using the same protocols that Microsoft supports for their own
> > authentication systems.
> >
> > The "security = server" hack is /inherently/ flaky, and has /inherently/
> > limited security. Fixing these inherent flaws has been done: that's
> > what domain security is.
>
> Alas, security = domain only works if I'm running an
> NT domain, while security = server works with an
> authentication server which is using the underlying
> Unix authentication system.
Setup a Samba PDc and run the second Samba server as a domain member.
Sorry Dave, but there are so many other ways to get distributed
authentication to work in the case without using server mode security.
Or setup Samba PDC's and BDC's or trusts once they are finished.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE++nUeIR7qMdg1EfYRAjpLAJ0SpSdtyclaLs/lxkRZa4LkjDSqPACfZHFX
JGEbce51F7LTdRjRI0L0hFc=
=a/ki
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list