[Samba] Re: Machine trust account confusion
Mark
gmane at tippingmar.com
Tue Apr 20 19:29:20 GMT 2004
"JB" <jbarton at technicalworks.net> wrote in message
news:c63i92$sk7$1 at sea.gmane.org...
> The result is that I have a samba PDC setup with a single workstation
> that authenticates users off the PDC and everyone has proper access.
> However, I can place a laptop on the network with no trust account, and
> using since I log onto it with the same username and password, I can
> browse the domain resources as if I had authenticated off of the PDC.
That's right. The laptop can connect to resources in "workgroup mode", like
simple peer-to-peer networking. Having a domain just allows you to
centralize the authentication. It allows, for example, a user to log on
from any machine that has a trust account, even without a local user account
on that machine.
You can restrict access by IP address of course. I suppose you could use
fixed addresses for your workstations and then use dhcp to give out
addresses in a range that samba won't accept. That would fool them for a
while.
Mark
More information about the samba
mailing list