[Samba] security = domain and NetBIOS aliases

Barry, Christopher cbarry at infiniconsys.com
Mon Apr 7 18:03:00 GMT 2003 

Will the "*" do some type of broadcast each time it looks for a dc? Or does this occur once and is cached? I have setup a test machine and it does security = domain, and I set the password server as below:

password server = 192.168.0.20 192.168.0.25

each ip is for a dc, and this seems to work fine. Is the advantage of "*" that it will auto-detect additional dcs if/as they come on-line?

Regards,

--
Christopher Barry
Manager of Information Systems
InfiniCon Systems
http://www.infiniconsys.com



-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org]
Sent: Monday, April 07, 2003 1:41 PM
To: Barry, Christopher
Cc: Samba (E-mail)
Subject: Re: [Samba] security = domain and NetBIOS aliases


On Mon, 7 Apr 2003, Barry, Christopher wrote:

> Hi everyone,
> 	I rely on about 8 NetBIOS aliases on my samba filer. I have been using security = server, but I have been running to some strange issues where if a user just logs off and then back on, they are denied access to shares. If they reboot, they can then get back in ok. I've set debugging up, and it appears that samba does not recognize the user after a logoff/logon, and uses nobody as the user.
> 	It has been suggested using security = domain to resolve this issue. I had tried this (oh, back about 2 years ago), and I could not get it to work. I searched the web recently, and found another user with this problem, and his resolution was to include in his alias include file(s) a [global] section with:
>
> security = domain
> password server = xxx.xxx.xxx.xxx

In "security = domain" you want the default "password server = *"

> encrypt passwords = yes.
>
> Now to my question:
> Do I need to add each NetBIOS alias to the domain in Win2K?

No.

> AND, maybe more importantly, do I do a smbpasswd -j DOMAIN -r PDC for each as well?

That is how you join the domain. You may need to do:
	smbpasswd -j DOMAIN -r PDC -Uadministrator

- John T.

>
> This is a live production system, so I just want to have my ducks in a row before attempting this.
>
>
> Thanks,
>
> --
> Christopher Barry
> Manager of Information Systems
> InfiniCon Systems
> http://www.infiniconsys.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
John H Terpstra
Email: jht at samba.org

More information about the samba mailing list