losing connections to password server

Gerald (Jerry) Carter jerry at samba.org
Thu Jun 26 04:22:53 GMT 2003

Hash: SHA1

On Thu, 19 Jun 2003, David Collier-Brown -- Customer Engineering wrote:

> On Thu, Jun 19, 2003 at 08:53:17AM -0700, David Bear wrote:
> >>"security = server" may be a nasty hack, but it is an important
> >>'feature' in an organization like my university.  We have centrally
> >>managed services which include user accounts.  This hack lets me add
> >>users to samba services without having to manage accounts.
> Steve Langasek wrote:
> > So does "security = domain"; except that "security = domain" works,
> > using the same protocols that Microsoft supports for their own
> > authentication systems.
> > 
> > The "security = server" hack is /inherently/ flaky, and has /inherently/
> > limited security.  Fixing these inherent flaws has been done: that's
> > what domain security is.
> 	Alas, security = domain only works if I'm running an
> 	NT domain, while security = server works with an
> 	authentication server which is using the underlying
> 	Unix authentication system.

Setup a Samba PDc and run the second Samba server as a domain member.
Sorry Dave, but there are so many other ways to get distributed 
authentication to work in the case without using server mode security.

Or setup Samba PDC's and BDC's or trusts once they are finished.

cheers, jerry
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/


More information about the samba-technical mailing list