[Samba] Samba Domain member server - using domain part within authentication

Michal Bruncko michal.bruncko at gmail.com
Tue Aug 7 05:15:03 MDT 2012


Yes, of course, this is the main reason of BDC role. But there is not any
reason to have so much BDC how much (non-PDC) Samba servers are within
network. Or other way - there is no such reason using always BDC role
instead of classic "domain member server" role within network. And I
understood that you have try to tell me this...


thanks

michal

On Tue, Aug 7, 2012 at 12:43 PM, Daniel Müller <mueller at tropenklinik.de>wrote:

> The advantage to work with BDCs you will see when your PDC is down.
>
>
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
>
> Von: Michal [mailto:timeosko at gmail.com]
> Gesendet: Dienstag, 7. August 2012 10:59
> An: mueller at tropenklinik.de
> Cc: samba at lists.samba.org
> Betreff: Re: [Samba] Samba Domain member server - using domain part within
> authentication
>
> Hello Daniel,
>
> I understand the role of domain member server. But I have not understood
> why
> I have needed to type also domain name prefix during authentication - and
> this was changed in some of previous relases of samba - currently this
> needs
> to be explicitly defined that you want to map "any domain name" provided
> from computer to "right domain name" used in samba domain.
>
> On other way - I dont thnik that the better way is using BDC with direct
> connection to LDAP server...
>
> thanks
>
> michal
>
> On Mon, Jul 30, 2012 at 8:39 AM, Daniel Müller <mueller at tropenklinik.de>
> wrote:
> Hello,
>
> Memberserver:
> With security=domain, your auth request will be send to your dc and to its
> success it needs domain\user password.
> If your logon fails the memberserver tries to authenticate the user local.
> The better way: work with BDCs/LDAP
>
> Greetings
> Daniel
>
> -----------------------------------------------
> EDV Daniel Müller
>
> Leitung EDV
> Tropenklinik Paul-Lechler-Krankenhaus
> Paul-Lechler-Str. 24
> 72076 Tübingen
>
> Tel.: 07071/206-463, Fax: 07071/206-499
> eMail: mueller at tropenklinik.de
> Internet: www.tropenklinik.de
> -----------------------------------------------
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
> Im
> Auftrag von Michal Bruncko
> Gesendet: Freitag, 27. Juli 2012 14:40
> An: samba at lists.samba.org
> Betreff: [Samba] Samba Domain member server - using domain part within
> authentication
>
> Hello list,
>
> We are using several file servers in our enviroment in following way:
> - 1st fileserver is PDC
> - 2nd ... Xth are domain memeber server (with security = domain, and joined
> in domain via "net rpc join" command)
>
> When user is logging into 1st fileserver, he can be successfully
> authenticated with typing only "username" (without domain part) and his
> password from client computer which is NOT part of this domain.
> But when user is trying to log in to some domain member server, the
> authentication willl not be successful until hi use login in form
> "DOMAIN\username" and his password.
> I need to note here, that winbind is not running on member servers, just
> pure smbd and nmbd daemons.
>
> Is there any way how to authenticate to member servers without using domain
> part in authentication name?
>
> I am using:
> - on Server: samba on CentOS 6 - samba-3.5.10-125.el6.x86_64
> - on Client: windows 7
>
> many thanks
>
> michal
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>


More information about the samba mailing list