On Tue, 4 Feb 2003, akshaysalkar wrote: > if Win NT is acting as a PDC, and Samba is added in the network, then when would it >be required to put > security = server > when > security = domain > already exists. > in other words why have security = server > when security = domain can be put.
Please note: "security = server" means: The samba server is NOT a domain controller. The samba server is NOT a member of the domain it is going to authenticate against. The samba server will NOT provide domain logon services. It also means that the samba server has to use a nasty method to work around bugs that are present in some versions of MS Windows NT servers. This method is necessary to prevent a potential security breach that could otherwise give un-authorized root access on a samba share. "security = domain" means: The samba server is a MEMBER of a domain. It does NOT mean that samba is a domain controller - it is NOT a domain controller is set this way. Samba therefore does NOT perform domain logons for users. This configuration does NOT require the nasty bug work-around that the "security = server" option needs. This mode DOES require that the samba machine has an account on the MS Windows NT/2K security domain (either NT4 style or ADS). With Samba-2.2.x series your Windows 2000 ADS server needs to run in "Mixed" or "Hybrid" mode otherwise Samba can not join the ADS security domain. With Samba-3.0.0alpha releases samba can join a "Native" mode ADS domain. I hope this helps. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
