On Tue, Feb 11, 2003 at 02:57:46PM +0100, Michael Herber wrote: > Hm, but as I did understand, in both cases, the log in at the > samba-server is sent to the NT-machine to validate. After what I've > read, "server" means that only the username and the password is sent and > "domain" menas that more than these two values are sent. I am completely > wrong?
As I recall, one major difference is that "security = server" requires that a connection to the password server machine remain open for the entire duration of the client's connection to Samba. "security = domain" opens and closes connections for authentication as needed, just like a Windows server in an NT domain would. This makes "domain" a better choice in general, since temporary network problems are less likely to cause problems. It also produces less of a load on your password server: if you have several servers with many clients each, your password server would have to support one connection for each user on each server. > Anyhow, "server" also needs a "password server" for authentification (at > least this is what my sources are saying!). So what's the difference? Or > are my sources wrong? Yes, you need a password server if the Samba machine isn't authenticating locally. The difference is mainly in how it accesses that server to check the user/pass. -- Michael Heironimus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba