[Samba] Contradiction in samba documentation

Clint Sharp clint at typhoon.org
Thu May 20 09:47:07 GMT 2004

Sahibzada Junaid Noor wrote:

>  I have found some contradictions in the samba
>documentation. i am writing them down here so if you
>can please verify them.
>  in heading 4.3.3 of the documentation it says
>  " When samba is operating in security  = domain mode
>, the samba server has a domain security trust account
>( a machine account) and causes all authentication
>requests to be passed through to the domain
>ok this means the windows domain controller is going
>to do the authentication, authorizing stuff.
> now look here
> under heading 7.3 there is a note which says
>" when samba is configured to use an LDAP , or other
>indentity management and or directory service , it is
>samba that continues to perform user and machine
>authentication. it should be noted that the LDAP
>server does not perform authentication handling in
>place of what samba is designed to do"
>now what does this means?
>according to 4.3.3 samba sends all authentication
>requests to the windows AD. in 7.3 it says that it
>doesnt send requests at all. then why will it use an
>LDAP backend?
>plz comment on this.
>  Sahibzada Junaid Noor  
>  Ph   #  (+92) (051) 5950 940
>  Cell #   (+92) (0333) 5223586
>  Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
>  Rawalpindi
>  Islamic Republic of Pakistan 
I didn't lookup the documentation you're referring to, but to answer 
your question, LDAP authentication would not be performed in security = 
domain.  Security = domain is designed to allow your Samba server to 
authenticate against a Windows NT4 controlled domain (for Active 
Directory see security = ads, and for all options, please see the 
smb.conf manpage).


More information about the samba mailing list