On Thu, Nov 01, 2001 at 11:19:41AM -0000, Darrell May <[EMAIL PROTECTED]> wrote: > [...] > Gordon, IMHO I don't think anything should be guarded. Let me explain... > > Many clients still have DOS/Win3x computers running a single specific > application. Accpac, POS, building security, PLC devices, etcetera. > These computers can network to a workgroup server but can not join a > domain. So some people may wish to keep the Mitel server as a workgroup > server. Yet even as a workgroup server you can still utilize the > netlogon, profile and any other hidden or browseable share. In workgroup > mode, you simply have to do this manually at the client. Of course samba > must have these shares enabled so to guard/disable these in workgroup > mode makes this connectivity impossible.
OK, but if we provide a [netlogon] share when an NT server is also providing the equivalent share, nasty things happen. Client machines access the network and choose one of the available machines providing netlogon services, and we are often faster to respond than the NT server which is really providing the logon service. My belief is that the [Profiles] share falls into the same category. As I understand it, multiple machines may provide these services, but they had better be consistent for life to be any fun :-) At the moment we try to play nicely with another NT server by not enabling any of these advertised services when SambaDomainMaster is "no". We default it to "yes" if you are providing DHCP - a rough heuristic for wanting the SME Server to control the local network. So, if you have SambaDomainMaster set, all of the special shares exist. If you turn it off, the special shares go away. > Anyone else remember 'MSDOS for Workgroups'? Uggh. Gordon -- Gordon Rowell [EMAIL PROTECTED] VP Engineering Network Server Solutions Group http://www.e-smith.com Mitel Networks Corporation http://www.mitel.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
