question regarding NTLM authentication

simo idra at
Wed May 24 02:53:07 GMT 2006

On Wed, 2006-05-24 at 08:32 +1000, Andrew Bartlett wrote:

> The first task is for someone to re-implement 'security=server' in
> Samba4, using the credentials system as the glue.

I would honestly like to NOT see security=server for samba4.
If you need to auth against a DC you can just use domain security,
that's right way to do it. I can understand why we made it into samba
and why we keep it in samba3 but I can't see why we should add something
like that in samba4.
In most cases it will not work anyway, today SMB signing is on by
default on most servers.

Let it just be a sort of hack in an auth module in security=user where
instead of checking the password locally we "check" it against a remote

I would also like to start moving away from the "security=" way of doing
stuff and just use a role= parameter which makes much more sense.


role = standalone
role = domain-member
role = domain-controller


Simo Sorce
Samba Team GPL Compliance Officer
email: idra at

More information about the samba-technical mailing list