summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamba Release Account <samba-bugs@samba.org>1997-08-26 00:50:33 +0000
committerSamba Release Account <samba-bugs@samba.org>1997-08-26 00:50:33 +0000
commit607b1ae416c798f7c75d3085dfeeee0c979f25a1 (patch)
treeabbcfd3747ac530d01e1ae7080b6b0b7f7695b63
parent1b8700a43b80e8c6e33c8a47844b087cc139e3ae (diff)
downloadsamba-607b1ae416c798f7c75d3085dfeeee0c979f25a1.tar.gz
samba-607b1ae416c798f7c75d3085dfeeee0c979f25a1.tar.bz2
samba-607b1ae416c798f7c75d3085dfeeee0c979f25a1.zip
Minor mods to DOMAIN.txt. In DOMAIN_CONTROL.txt made it clear that a PDC is
just one (major:) vendor's idea of domain authentication. Added refs to pwdump where it talks about the SAM. Dan (This used to be commit 2681ae0efbdb250854b56e75b2655ef367a5d733)
-rw-r--r--docs/textdocs/DOMAIN.txt7
-rw-r--r--docs/textdocs/DOMAIN_CONTROL.txt17
2 files changed, 24 insertions, 0 deletions
diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt
index a74de94c67..32ef53c088 100644
--- a/docs/textdocs/DOMAIN.txt
+++ b/docs/textdocs/DOMAIN.txt
@@ -18,6 +18,13 @@ server in the domain should accept the same authentication information.
However the network browsing functionality of domains and workgroups is
identical and is explained in BROWSING.txt.
+There are some implementation differences: Windows 95 can be a member of
+both a workgroup and a domain, but Windows NT cannot. Windows 95 also
+has the concept of an "alternative workgroup". Samba can only be a
+member of a single workgroup or domain, although this is due to change
+with a future version when nmbd will be split into two daemons, one
+for WINS and the other for browsing (NetBIOS.txt explains what WINS is.)
+
Issues related to the single-logon network model are discussed in this
document. Samba supports domain logons, network logon scripts, and user
profiles. The support is still experimental, but it seems to work.
diff --git a/docs/textdocs/DOMAIN_CONTROL.txt b/docs/textdocs/DOMAIN_CONTROL.txt
index 863ceb530e..13988b7145 100644
--- a/docs/textdocs/DOMAIN_CONTROL.txt
+++ b/docs/textdocs/DOMAIN_CONTROL.txt
@@ -9,6 +9,15 @@ Subject: Windows NT Domain Control & Samba
****NOTE:****
=============
+The term "Domain Controller" and those related to it refer to one specific
+method of authentication that can underly an SMB domain. Domain Controllers
+prior to Windows NT Server 3.1 were sold by various companies and based on
+private extensions to the LAN Manager 2.1 protocol. Windows NT introduced
+Microsoft-specific ways of distributing the user authentication database.
+See DOMAIN.txt for examples of how Samba can participate in or create
+SMB domains based on shared authentication database schemes other than the
+Windows NT SAM.
+
Microsoft Windows NT Domain Control is an extremely complex protocol.
We have received countless requests to implement Domain Control in Samba
and have seriously investigated the potential to support this. The Samba
@@ -24,6 +33,8 @@ Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
The same is true for OS/2 Warp Server, Digital Pathworks and other similar
products, all of which can participate in Domain Control along with Windows NT.
+However only those servers which have licenced Windows NT code in them can be
+a primary Domain Controller (eg Windows NT Server, Advanced Server for Unix.)
To many people these terms can be confusing, so let's try to clear the air.
@@ -69,6 +80,12 @@ is used for all user authentication as well as for authentication of inter-
process authentication (ie: to ensure that the service action a user has
requested is permitted within the limits of that user's privileges).
+The Samba team have produced a utility that can dump the Windows NT SAM into
+smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and
+/pub/samba/pwdump on your nearest Samba mirror for the utility. This
+facility is useful but cannot be easily used to implement SAM replication
+to Samba systems.
+
Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers
can participate in a Domain security system that is controlled by Windows NT
servers that have been correctly configured. At most every domain will have