I guess this would be one for a Windows List but do you or anyone else
have any idea on how to "lock down" an NT machine as a PDC. I am starting
to like NIS more and more.......
-----Original Message-----
From: ">owner-ale@ale.org [mailto:">owner-ale@ale.org]On Behalf Of Jim Kinney
Sent: Thursday, March 02, 2000 3:59 PM
To: ">ale@ale.org
Subject: Re: [ale] Samba taking over as PDC on NT network?
Another aspect of this is if the samba machine wins PDC status and is NOT
setup for handeling domain logins. This will cause problems for users trying
to login. Their client (Winxx) requests a *whois PDC?* and then sends login
data to the PDC for verification. If the samba server has won as PDC, logins
are disallowed unless configured.
Either way I look at it, the NT admin hasn't done their job well if a
samba box can claim PDC without reconfiguring the main NT servers.
Jeff Hubbs wrote:
I've been reading up on this very thing (O'Reilly) so I know the
proverbial
"thing or two"
(but I don't claim Samba guru status, ok?).
There is a big giant difference between being a LOCAL MASTER BROWSER, a
DOMAIN MASTER BROWSER, and a PRIMARY DOMAIN CONTROLLER. Usually, an NT
PDC
is also the DMB. smb.conf doesn't appear to have any ONE thing you turn
on
to make it be a PDC for an NT domain; instead, you a) set user-level
security; b) enable domain logons c) Set domain master, preferred
master,
and local master to yes; d) set os level higher than 33. Do all these
things in smb.conf, and a PDC you'll have.
I would say that if your smb.conf deviates from that - you should
DEFINITELY
set "domain master = no" since there is an NT PDC on your network - then
your Samba machine is NOT a PDC.
All Robert's "local master = yes" means is that his Samba box was
participating in local master browser elections. Now, you can "rig" the
election so you can always win, but it's more interesting to see if you
can
win it fair and square.
According to O'Reilly, the local master browser election goes like this,
with each successive question coming into play in the event of a tie in
the
next highest question:
Which machine has the highest OS level? (you can dial in the number of
your
choice in smb.conf)
NT Server 4.0 33
NT Server 3.51 32
NT Wkstn 4.0 17
NT Wkstn 3.51 16
Win98 2
Win95 1
WfW 1
Which machine is set to be the "Preferred Master Browser?" (you can set
this
in smb.conf)
Which machine has been online the longest?
Which machine's name is in first alphabetical order?
My Samba machine has the following settings:
os level = 33 [Note - same level as NTS 4.0]
preferred master = no
domain master = no
local master = yes
So, I've set it up to go head-to-head with any NT 4.0 Server. Yet, even
though there are several NT servers on our LAN (including one PDC), my
Samba
machine wins the local master browser election. Because I have
"preferred
master = no," my machine should lose to our PDC, which is supposed to
have
that "preferred" bit set. This makes me wonder if our NT servers are
not be
set up to be local master browsers at all (i.e., my Samba machine runs
unopposed in the election), which is kind of scary. If I understand all
this correctly and if I'm right about there being no other machines
participating in elections, then my little pissant P120 is speeding up
Network Neighborhood browsing all over the office!!
I don't believe there is any harm done if a Samba machine wins the local
master browser election - I think your (Robert's) NT guy overreacted.
He
sure shut your Samba box down as far as winning the local master browser
election. If, on average, your Samba box is up longer than his NT
servers,
your browse list is going to be more complete than his will be and you'd
actually be doing him a favor by giving him a better-performing Windows
network.
I just now looked over Mike Warfield's Samba article from the first
issue
(Spring '99) of Linux Magazine and it appears to agree with what I'm
saying.
I would expect that there are a lot of NT people who find Samba very
threatening and therefore would react very irrationally to its presence;
this "taking over the NT network" thing is BS.
- Jeff
> -----Original Message-----
> From: Robert Butera [mailto:">rbutera@ece.gatech.edu]
> Sent: Thursday, March 02, 2000 1:32 PM
> To: Mike Smith
> Cc: ">ale@ale.org
> Subject: Re: [ale] Samba taking over as PDC on NT network?
>
>
> On Thu, 2 Mar 2000, Mike Smith wrote:
>
> > I just had an interesting call from my local network
> administrator stating
> > that my RH Linux 6.1 box had taken over the "NT" network
> and had become the
> > PDC(Primary Domain Controller). I was wondering if anyone
> has ever heard of
> > such a thing. I performed an upgrade from RH 6.0 to RH 6.1 and was
> > wondering if samba had changed it its defualt settings for
> domains. What
> > was really strange was that all the domain stuff(domain
> master, preferred
> > master, and domain logons) was commented out. Any ideas on
> why this would
> > happen?
>
> I got in trouble for the same thing (on the local domain)
> with my local NT
> administrator last Fall. I am runnin SuSE. The default smb
> configuration
> includes:
>
> domain master = no
> local master = yes
> preferred master = no
>
> Maybe RedHat changes some of these. The default "local master = yes"
> is what got me in "trouble."
>
> To quote from the smb.conf man page:
>
> Note that Windows NT Primary Domain Controllers
> expect to be able to claim this workgroup specific
> special NetBIOS name that identifies them as domain
> master browsers for that workgroup by default (i.e.
> there is no way to prevent a Windows NT PDC from
> attempting to do this). This means that if this
> parameter is set and nmbd claims the special name
> for a workgroup before a Windows NT PDC is able to
> do so then cross subnet browsing will behave
> strangely and may fail.
>
> Here is what my local NT admin added to my smb.conf file (obviously
> your details may be different)
>
> # Global parameters set by toddw
> local master = no
> domain master = no
> preferred master = no
> os level = 0
> name resolve order = wins lmhosts bcast
> wins support = no
> wins server = put.ip.address.here
> wins proxy = no
> lm announce = false
>
>
> Hope this helps.
>
>
> **************************************************************
> ****************
> **
> ** News! Georgia Tech and Emory announce new joint Biomedical
> Engineering PhD
> ** visit http://www.bme.gatech.edu for details
> **
> ** Dr. Robert Butera, Assistant Professor
> ** School of Electrical and Computer Engineering
> ** Institute for Bioengineering and Biosciences
> ** Georgia Institute of Technology, Atlanta, GA
> ** contact info --> http://www.ece.gatech.edu/users/rbutera/
>
>
>
> --
> To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale"
> in message body.
>
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message
body.
--
--
To unsubscribe: mail ">majordomo@ale.org with "unsubscribe ale" in message body.