Using Samba -- domain logins
Luke Kenneth Casson Leighton
lkcl at samba.org
Wed Jan 5 03:50:14 GMT 2000
i have a function that distinguishes and returns the "role" by going over
these option. exactly these optinons, actually.
On Wed, 5 Jan 2000, Gerald Carter wrote:
> Luke Kenneth Casson Leighton wrote:
> >
> > > In my opinion (at the moment) the two are inseperable.
> > > A Samba
> >
> > mine too.
> >
> > if you answer a GETDC request, you will get a
> > WNetWkstaUserLogon call from 95. this contains
> > the user profile location, and only _then_ is the w95
> > user's user/pdomain/pass uactually used - to obtain
> > the user profile! SMBsesssetupX, etc.
> >
> > this is why win95 doesn't have the concept of
> > domain logons, it's an abortion, instead.
> >
> > the act of responding to the WNetWkstatUserLogon call
> > is the job of a PDC or a BDC. do the GETDC, you have
> > to do the WNeWkUL too.
>
> Thank you! The issues we are getting into
> is that Samba is no longer configured by setting
> individual options, but rather a capability matrix
>
> PDC BDC stand alone
> domain logons yes yes xx
> domain master yes no xx
> security user domain xxx
> encrypt
> passwords yes yes xxx
>
> It is only when Samba is operating in stand alone
> mode that the smb.conf man pa ge can be taken one
> parameter at a time.
>
> (the above matrix was for example only...i know
> it's not complete and entirely accurate).
>
> > > I know that. I just think that we have to develop
> > > more parameters later on to mean, "No I really am a BDC!"
> >
> > naah, the ones we have already are perfectly good enough.
>
> Thanks again. However if we allow a domain member
> Samba server to perform domain logons and say this is
> not a BDC, then we have to define more parameters
> to reallt imply that the server is a BDC.
>
> IMO using domain logons = yes and security = domain
> currently will work but is based on a design
> bug in Samba. It should not.
>
> However (and I'm backtracking a little), for be it from
> me to say that someone must now go a buy a NT server
> license to they can setup a real BDC. There's a
> need that should be filled while we are getting from
> our current state of the code to one that sufficiently
> supports true BDC capabilities.
>
> I don't have an answer for this.
>
> > > This is not an issue of whether or not we can do it, but
> > > whether or not it is a good idea. I seem to be outvited
> > > on my opinion and so I will hush now. ;)
> >
> > believe in yourself, jerry - i do :)
>
> One last thanks. :-)
>
>
>
>
> jerry
> ________________________________________________________________________
> Gerald ( Jerry ) Carter
> Engineering Network Services Auburn University
> jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
>
> "...a hundred billion castaways looking for a home."
> - Sting "Message in a Bottle" ( 1979 )
>
More information about the samba-technical
mailing list