[Samba] Re: Machine trust account confusion

Mark gmane at tippingmar.com
Tue Apr 20 19:29:20 GMT 2004


"JB" <jbarton at technicalworks.net> wrote in message
news:c63i92$sk7$1 at sea.gmane.org...
> The result is that I have a samba PDC setup with a single workstation
> that authenticates users off the PDC and everyone has proper access.
> However, I can place a laptop on the network with no trust account, and
> using since I log onto it with the same username and password, I can
> browse the domain resources as if I had authenticated off of the PDC.

That's right.  The laptop can connect to resources in "workgroup mode", like
simple peer-to-peer networking.  Having a domain just allows you to
centralize the authentication.  It allows, for example, a user to log on
from any machine that has a trust account, even without a local user account
on that machine.

You can restrict access by IP address of course.  I suppose you could use
fixed addresses for your workstations and then use dhcp to give out
addresses in a range that samba won't accept.  That would fool them for a
while.

Mark





More information about the samba mailing list