[Samba] security = domain
Michael Herber
michael.herber at spe-siemens.de
Tue Feb 11 13:57:46 GMT 2003
Hm, but as I did understand, in both cases, the log in at the
samba-server is sent to the NT-machine to validate. After what I've
read, "server" means that only the username and the password is sent and
"domain" menas that more than these two values are sent. I am completely
wrong?
Anyhow, "server" also needs a "password server" for authentification (at
least this is what my sources are saying!). So what's the difference? Or
are my sources wrong?
Michael
Am Die, 2003-02-11 um 14.33 schrieb adam newton:
>
> My understanding of this is that the domain and server setting represent
> different levels of functionality within a windows-like domain.
>
> The security=server setting allows a machine to emulate some form of
> (P/B)domain controller, directly managing all authentication for the
> domain etc. The security=domain option enables the samba server to allow
> the PDC on the domain to take care of authentication of
> users (which is what its there fore, afterall).
>
> For example, I'm setting up a samba server on a windows 2k network. I
> use security=domain and password server = <name of PDC>. This means that
> all incoming connections to the samba service are checked against the
> authentication mechanism on the PDC, rather than locally. The samba
> server trusts the PDC to only authenticate valid domain users, and the
> PDC trusts the samba server to only allow connections from
> PDC-authorised users.
>
>
> It allows me to offer a PDC-trusted fileserver service on a
> domain-controlled network, without actually being a domain controller.
>
>
> I hope that little explanation helped some.
>
>
> > Now, can anyone tell me
> > what exactly the NT-Server checks when I set "domain" as level and in
> > comparison, what's the difference to "server".
> >
>
>
> --
> Adam Lee Newton, MSc
> ~
> IT Services
> University College Worcester
> a.newton at worc.ac.uk
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
More information about the samba
mailing list