[Samba] security = domain
Michael Heironimus
mkh01 at earthlink.net
Tue Feb 11 18:50:54 GMT 2003
On Tue, Feb 11, 2003 at 02:57:46PM +0100, Michael Herber wrote:
> Hm, but as I did understand, in both cases, the log in at the
> samba-server is sent to the NT-machine to validate. After what I've
> read, "server" means that only the username and the password is sent and
> "domain" menas that more than these two values are sent. I am completely
> wrong?
As I recall, one major difference is that "security = server" requires
that a connection to the password server machine remain open for the
entire duration of the client's connection to Samba. "security = domain"
opens and closes connections for authentication as needed, just like a
Windows server in an NT domain would.
This makes "domain" a better choice in general, since temporary network
problems are less likely to cause problems. It also produces less of a
load on your password server: if you have several servers with many
clients each, your password server would have to support one connection
for each user on each server.
> Anyhow, "server" also needs a "password server" for authentification (at
> least this is what my sources are saying!). So what's the difference? Or
> are my sources wrong?
Yes, you need a password server if the Samba machine isn't
authenticating locally. The difference is mainly in how it accesses that
server to check the user/pass.
--
Michael Heironimus
More information about the samba
mailing list