Re: Fwd: Re: [squid-users] winbind authentication, mystical ?

Jerry Murdock wrote:
>
> ----- Original Message -----
> From: "Andrew Bartlett" <abartlet@samba.org>
> To: <squid-dev@squid-cache.org>
> Cc: "Henrik Nordstrom" <hno@squid-cache.org>; "Jerry Murdock"
> <jmurdock@itraktech.com>
> Sent: Saturday, July 06, 2002 7:19 AM
> Subject: Re: Fwd: Re: [squid-users] winbind authentication, mystical ?
>
> > This looks mostly correct to me.
> >
> > The 'encrypt passwords = yes' is actually irrelevent here, it refers to
> > what Samba negotiates with its SMB clients.
>
> I thought this was probably so. An artifact from my standard smb.conf.
>
> > nmbd must run due to bugs in NT, it replies to the wrong port - nmbd
> > spits 'unexpected' packets into a tdb for collection.
>
> It's been OK at my test site without nmbd, but that may just be luck, or no
> one has yelled yet. I'll note the docs accordingly that nmbd is required.

You got away with specifying the netbios name of the pdc as 'password
server'. If you don't, then you will get bitten. (I think this is the
main case that causes problems here).

> > Running smbd will allow the domain trust password to be changed, but
> > provides no other benifit. (In fact, it might not even do that, if no
> > users contact it...)
>
> So there is no way to change the trust pw with 2.2.x if the machine is not
> serving smb clients?

correct.

> What happens on 2.2.x install if nothing ever triggers a change?

Some PDC configurations might impose a 'maximum password age' on their
users. I think this applies to machines as well.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet@pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet@samba.org
Student Network Administrator, Hawker College   abartlet@hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net