[Samba] [found something] Problems making use of 2K PDC

Andreas Hasenack andreas at conectiva.com.br
Fri Jan 31 11:29:19 GMT 2003

Em Thu, Jan 30, 2003 at 10:14:47PM +0000, John H Terpstra escreveu:
> If your Win2K DC is your authentication server for your domain, then DO
> NOT set "domain logons = Yes" on samba - it can cripple your Win2K DC!
> Instead, in your smb.conf [globals] you want:
> 	security = domain
> 	password server = *
> Then join the domain by:
> 	smbpasswd -r 'PDC_name' -j 'Domain_Name'
> This way your MS Windows clients should be domain members and will log
> onto the Win2K DC and will be able to seemlessly access your samba server.

The win2k machine is on the other side of a WAN link, a different
subnet, but the windows clients will be accessing shares on the local samba server.
Users will be created and managed in the win2k machine, that's why I need the
samba server to check passwords against the remote win2k machine.

And, since the w2k server is on a different subnet, I don't think I can make it
the logon server for my clients, or can I? I mean, broadcasts mean a lot in a
MS network...

Should I then just make the clients authenticate against the remote w2k machine
anyway? I know, in both scenarios, the w2k server will be contacted anyway, either
by the samba server or by the linux client.

More information about the samba mailing list