Should security = server really be ROLE_DOMAIN_MEMBER ?
Jeremy Allison
jra at samba.org
Sat Jul 1 19:44:46 GMT 2006
On Sat, Jul 01, 2006 at 12:23:42PM -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Anyone got any thoughts on this:
>
> There seems to a lot of assumptions that lp_server_role() ==
> ROLE_DOMAIN_MEMBER means we can access for example a
> machine trust account password or domain sid in secrets.tdb.
> But if you look at set_server_role(), you'll see that
> SEC_SERVER is considered to be a domain member role.
> Maybe we need a new role ? ROLE_WISH_THIS_SEC_DIDNT_EXIST ?
Yes, security = server shouldn't be ROLE_DOMAIN_MEMBER, it
should be ROLE_STANDALONE.
Jeremy.
More information about the samba-technical
mailing list