[Samba] security = domain

Michael Herber michael.herber at spe-siemens.de
Tue Feb 11 13:57:46 GMT 2003 

Hm, but as I did understand, in both cases, the log in at the
samba-server is sent to the NT-machine to validate. After what I've
read, "server" means that only the username and the password is sent and
"domain" menas that more than these two values are sent. I am completely
wrong?

Anyhow, "server" also needs a "password server" for authentification (at
least this is what my sources are saying!). So what's the difference? Or
are my sources wrong?

Michael

Am Die, 2003-02-11 um 14.33 schrieb adam newton:
> 
> My understanding of this is that the domain and server setting represent
> different levels of functionality within a windows-like domain.
> 
> The security=server setting allows a machine to emulate some form of
> (P/B)domain controller, directly managing all authentication for the
> domain etc. The security=domain option enables the samba server to allow
> the PDC on the domain to take care of authentication of
> users (which is what its there fore, afterall).
> 
> For example, I'm setting up a samba server on a windows 2k network. I
> use security=domain and password server = <name of PDC>. This means that
> all incoming connections to the samba service are checked against the
> authentication mechanism on the PDC, rather than locally. The samba
> server trusts the PDC to only authenticate valid domain users, and the
> PDC trusts the samba server to only allow connections from
> PDC-authorised users.
> 
> 
> It allows me to offer a PDC-trusted fileserver service on a
> domain-controlled network, without actually being a domain controller.
> 
> 
> I hope that little explanation helped some.
> 
> 
> > Now, can anyone tell me
> > what exactly the NT-Server checks when I set "domain" as level and in
> > comparison, what's the difference to "server".
> > 
> 
> 
> -- 
> Adam Lee Newton, MSc
> ~
> IT Services
> University College Worcester
> a.newton at worc.ac.uk
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
>

More information about the samba mailing list