diff options
author | Samba Release Account <samba-bugs@samba.org> | 1997-08-25 23:28:18 +0000 |
---|---|---|
committer | Samba Release Account <samba-bugs@samba.org> | 1997-08-25 23:28:18 +0000 |
commit | 1b8700a43b80e8c6e33c8a47844b087cc139e3ae (patch) | |
tree | 1f48a018513cf62b35ac52e29c88def0ce35ea56 /docs | |
parent | 4c319ad04699b236d038d141323c7586c5bf0983 (diff) | |
download | samba-1b8700a43b80e8c6e33c8a47844b087cc139e3ae.tar.gz samba-1b8700a43b80e8c6e33c8a47844b087cc139e3ae.tar.bz2 samba-1b8700a43b80e8c6e33c8a47844b087cc139e3ae.zip |
More mods to DOMAIN.txt, preparing for meta-FAQ itegration. Dan
(This used to be commit b9581f31412f73ce37e2bdcbf462d3d146cfc320)
Diffstat (limited to 'docs')
-rw-r--r-- | docs/textdocs/DOMAIN.txt | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt index 5328dc7018..a74de94c67 100644 --- a/docs/textdocs/DOMAIN.txt +++ b/docs/textdocs/DOMAIN.txt @@ -5,11 +5,13 @@ Subject: Network Logons and Roving Profiles =========================================================================== A domain and a workgroup are exactly the same thing in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (samba does not -support this, but NT server and other systems based on NT server do). +traffic, except for the client logon sequence. Some kind of distributed +authentication database is associated with a domain (there are quite a few +choices) and this adds so much flexibility that many people think of a +domain as a completely different entity to a workgroup. From Samba's +point of view a client connecting to a service presents an authentication +token, and it if it is valid they have access. Samba does not care what +mechanism was used to generate that token in the first place. The SMB client logging on to a domain has an expectation that every other server in the domain should accept the same authentication information. @@ -23,8 +25,10 @@ profiles. The support is still experimental, but it seems to work. The support is also not complete. Samba does not yet support the sharing of the Windows NT-style SAM database with other systems. However this is only one way of having a shared user database: exactly the same effect can -be achieved by having all servers in a domain share a distributed NIS or -Kerberos authentication database. +be achieved by having all servers in a domain share a distributed NIS, +Kerberos or other authentication database. These other options may or may +not involve changes to the client software, that depends on the combination +of client OS, server OS and authentication protocol. When an SMB client in a domain wishes to logon it broadcast requests for a logon server. The first one to reply gets the job, and validates its |