Should security = server really be ROLE_DOMAIN_MEMBER ?
Gerald (Jerry) Carter
jerry at samba.org
Sat Jul 1 19:52:13 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeremy Allison wrote:
> On Sat, Jul 01, 2006 at 12:23:42PM -0500, Gerald (Jerry) Carter wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Anyone got any thoughts on this:
>>
>> There seems to a lot of assumptions that lp_server_role() ==
>> ROLE_DOMAIN_MEMBER means we can access for example a
>> machine trust account password or domain sid in secrets.tdb.
>> But if you look at set_server_role(), you'll see that
>> SEC_SERVER is considered to be a domain member role.
>> Maybe we need a new role ? ROLE_WISH_THIS_SEC_DIDNT_EXIST ?
>
> Yes, security = server shouldn't be ROLE_DOMAIN_MEMBER, it
> should be ROLE_STANDALONE.
ok. That was my feeling as well. I'll make the change.
Thanks.
ciao, jerry
=====================================================================
Samba ------- http://www.samba.org
Centeris ----------- http://www.centeris.com
"What man is a man who does not make the world better?" --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEptJtIR7qMdg1EfYRAqmHAJ0W3/e7/lHFNqh6LOoRsCrwlR78LwCbBYeZ
mYf3lUBpebs3bFfT5nT4z6I=
=Hw/j
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list