Harmon, Leigh
2004-Jan-14 16:57 UTC
[Samba] Difference Between Domain and ADS security In Reference to Realms
Hi, I've been researching which type of security to use with Samba 3.0.1 and I still don't understand what the difference is between "security=DOMAIN" versus "security=ADS." I complied Samba to include ADS support, and I initially chose "security=DOMAIN." When I use the "net" command I can add it to my domain. However, if I set "realm=our.ads.realm" and do the same "net" command, then I get a message saying that server was added to the realm. What is the difference between adding the Samba server to the realm using "security=DOMAIN" versus adding it to the realm using "security=ADS?" Thanks!!
John H Terpstra
2004-Jan-14 17:44 UTC
[Samba] Difference Between Domain and ADS security In Reference to Realms
On Wed, 14 Jan 2004, Harmon, Leigh wrote:> > Hi, > > I've been researching which type of security to use with Samba 3.0.1 and I still > don't understand what the difference is between "security=DOMAIN" versus > "security=ADS." I complied Samba to include ADS support, and I initially chose > "security=DOMAIN." When I use the "net" command I can add it to my domain. > However, if I set "realm=our.ads.realm" and do the same "net" command, then I > get a message saying that server was added to the realm. What is the difference > between adding the Samba server to the realm using "security=DOMAIN" versus > adding it to the realm using "security=ADS?""security = DOMAIN" causes Samba to work with your Active Directory domain as if it is an NT4 server - using remote procedure call (RPC) authentication. This requires NetBIOS over TCP/IP. "security = ADS" causes Samba to communicate with Active Directory using Kerberos authentication protocols and does not require NetBIOS over TCP/IP support. - John T. -- John H Terpstra Email: jht@samba.org
Andrew Bartlett
2004-Jan-21 00:26 UTC
[Samba] Difference Between Domain and ADS security In Reference to Realms
On Thu, 2004-01-15 at 03:57, Harmon, Leigh wrote:> Hi, > > I've been researching which type of security to use with Samba 3.0.1 and I still > don't understand what the difference is between "security=DOMAIN" versus > "security=ADS." I complied Samba to include ADS support, and I initially chose > "security=DOMAIN." When I use the "net" command I can add it to my domain. > However, if I set "realm=our.ads.realm" and do the same "net" command, then I > get a message saying that server was added to the realm. What is the difference > between adding the Samba server to the realm using "security=DOMAIN" versus > adding it to the realm using "security=ADS?"Not much, but you should set 'security=ads' first. It is my long-term aim to remove the need for the artificial distinction here, and this is why 'net join' tries an ADS join always, then falls back to RPC. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20040120/1b226ca7/attachment.bin