summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorSamba Release Account <samba-bugs@samba.org>1997-08-25 23:28:18 +0000
committerSamba Release Account <samba-bugs@samba.org>1997-08-25 23:28:18 +0000
commit1b8700a43b80e8c6e33c8a47844b087cc139e3ae (patch)
tree1f48a018513cf62b35ac52e29c88def0ce35ea56 /docs
parent4c319ad04699b236d038d141323c7586c5bf0983 (diff)
downloadsamba-1b8700a43b80e8c6e33c8a47844b087cc139e3ae.tar.gz
samba-1b8700a43b80e8c6e33c8a47844b087cc139e3ae.tar.bz2
samba-1b8700a43b80e8c6e33c8a47844b087cc139e3ae.zip
More mods to DOMAIN.txt, preparing for meta-FAQ itegration. Dan
(This used to be commit b9581f31412f73ce37e2bdcbf462d3d146cfc320)
Diffstat (limited to 'docs')
-rw-r--r--docs/textdocs/DOMAIN.txt18
1 files changed, 11 insertions, 7 deletions
diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt
index 5328dc7018..a74de94c67 100644
--- a/docs/textdocs/DOMAIN.txt
+++ b/docs/textdocs/DOMAIN.txt
@@ -5,11 +5,13 @@ Subject: Network Logons and Roving Profiles
===========================================================================
A domain and a workgroup are exactly the same thing in terms of network
-browsing. The difference is that a distributable authentication
-database is associated with a domain, for secure login access to a
-network. Also, different access rights can be granted to users if they
-successfully authenticate against a domain logon server (samba does not
-support this, but NT server and other systems based on NT server do).
+traffic, except for the client logon sequence. Some kind of distributed
+authentication database is associated with a domain (there are quite a few
+choices) and this adds so much flexibility that many people think of a
+domain as a completely different entity to a workgroup. From Samba's
+point of view a client connecting to a service presents an authentication
+token, and it if it is valid they have access. Samba does not care what
+mechanism was used to generate that token in the first place.
The SMB client logging on to a domain has an expectation that every other
server in the domain should accept the same authentication information.
@@ -23,8 +25,10 @@ profiles. The support is still experimental, but it seems to work.
The support is also not complete. Samba does not yet support the sharing
of the Windows NT-style SAM database with other systems. However this is
only one way of having a shared user database: exactly the same effect can
-be achieved by having all servers in a domain share a distributed NIS or
-Kerberos authentication database.
+be achieved by having all servers in a domain share a distributed NIS,
+Kerberos or other authentication database. These other options may or may
+not involve changes to the client software, that depends on the combination
+of client OS, server OS and authentication protocol.
When an SMB client in a domain wishes to logon it broadcast requests for a
logon server. The first one to reply gets the job, and validates its