Should security = server really be ROLE_DOMAIN_MEMBER ?

Jeremy Allison jra at samba.org
Sat Jul 1 19:44:46 GMT 2006


On Sat, Jul 01, 2006 at 12:23:42PM -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Anyone got any thoughts on this:
> 
> There seems to a lot of assumptions that lp_server_role() ==
> ROLE_DOMAIN_MEMBER means we can access for example a
> machine trust account password or domain sid in secrets.tdb.
> But if you look at set_server_role(), you'll see that
> SEC_SERVER is considered to be a domain member role.
> Maybe we need a new role ?  ROLE_WISH_THIS_SEC_DIDNT_EXIST ?

Yes, security = server shouldn't be ROLE_DOMAIN_MEMBER, it
should be ROLE_STANDALONE.

Jeremy.


More information about the samba-technical mailing list