Olaf Solutions wrote:>
> I just set up Samba to act as a PDC for Windows Clients.
>
> I changed the network settings in the clients to log onto to the domain.
> Everything with the domain login work ok. I asked myself "what is
> advantage of using a domain configuration vs. a workgroup setup in
samba?"
>
> Control over shares and more security right ?
>
> I cancelled the login process instead of loging into the domain. I
> couldn't access any shares except public ones. I said ok this good.
This
> is what I want.
>
> Then I disabled the "Login to domain" option in Windows ME and
rebooted.
> I logged back into Windows with a valid Windows user name. I can still
> access the samba shares.
>
> Isn't there a way to configure samba to only allow access if the client
> logs in the domain.
>
> If not, am I misunderstanding the purpose of a PDC ?
>
> Is the only advantage the ability to run login scripts ?
>
As Windows ME is not actuly a member of a domain - just a computer that
occasionly sends user-names and password hashes to the PDC - this is
about all you get. If you wan't that kind of secuity you need Windows
NT. (You also get your passwords checked at logon time - rather than
when you start using services, and can set policies to disable caching
this password).
> Thanks in advance,
> Steve
--
Andrew Bartlett
abartlet@pcug.org.au