Tom Skeren wrote:
Andrew Bartlett wrote:
On Wed, 2005-04-13 at 16:41 -0700, Ephi Dror wrote:
Did you mean that "Yes", there is a way to prevent joining a domain with
using another server name or did you mean "Yes" that IT must make sure
the name is unique and no computer with this name is already part of
this domain when joining a domain.
This is the sole responsibility of the IT department. Like windows, Samba will use the name it is given.
It is not possible to reliably determine the difference between a
machine that is rejoining the domain (say after catastrophic hardware
failure, or simply an failure in the trust account) and a duplicate
machine, elsewhere in the domain.
True. However, if a machine named say SA1 is up and connected, and another SA1 shows up, a network error should occur. Especially if a WINS server is up.
Again, this is the responsibility of the network administrator. That's why a password is required to join a domain, so those who don't know the password (read: your users) can't mess up your network. As an administrator, it's your responsibility to make sure that a network name conflict does not occur, by knowing if there's a machine with THAT NAME on the network already.
In a purely Windows world, a naming conflict will be detected on the network as soon as the second machine boots up. You'll get a message on screen to the effect of "another computer with this name exists on the network." Since Samba works a little differently, you won't see a message like this unless you look in the logs (and your logging is set to an appropriate level).
This brings to mind two ideas for improving Samba:
- As part of its startup routine, Samba should check to see if there are any naming conflicts and refuse to start if there are (returning an error to the console so you know WHY it's not starting). Of course, if the other machine with that name is presently not on the network, no error would occur. An option could be added to allow operation where naming conflicts could occur, though the use of this option would be discouraged.
- As part of the 'net join' routine, Samba should check to see if the domain controller already has an account by that computer name, and if so, present a warning and a prompt to continue. ('A computer account with the name SAMBA already exists in the domain ABMAS. Replace account? (y/n) [n]') This would give Samba (even more) functionality that Windows doesn't do, and the administrator a sanity check before screwing something up. The default behaviour (if the admin just hits enter) should be to either re-ask the question, or assume "no" and not replace the account. If the answer is "no" then an error stating failure to join the domain should appear.
~Jonathan Johnson Sutinen Consulting, Inc. www.sutinen.com
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
