diff options
Diffstat (limited to 'docs/htmldocs/samba-pdc.html')
| -rw-r--r-- | docs/htmldocs/samba-pdc.html | 513 |
1 files changed, 217 insertions, 296 deletions
diff --git a/docs/htmldocs/samba-pdc.html b/docs/htmldocs/samba-pdc.html index 98d735da06..93bbc727d4 100644 --- a/docs/htmldocs/samba-pdc.html +++ b/docs/htmldocs/samba-pdc.html @@ -2,10 +2,11 @@ <HTML ><HEAD ><TITLE ->Samba as an NT4 or Win2k Primary Domain Controller</TITLE +>How to Configure Samba as a NT4 Primary Domain Controller</TITLE ><META NAME="GENERATOR" -CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK +CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ +"><LINK REL="HOME" TITLE="SAMBA Project Documentation" HREF="samba-howto-collection.html"><LINK @@ -13,7 +14,7 @@ REL="UP" TITLE="Type of installation" HREF="type.html"><LINK REL="PREVIOUS" -TITLE="Samba as Stand-Alone server (User and Share security level)" +TITLE="User and Share security level (for servers not in a domain)" HREF="securitylevels.html"><LINK REL="NEXT" TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain" @@ -72,17 +73,13 @@ WIDTH="100%"></DIV CLASS="CHAPTER" ><H1 ><A -NAME="SAMBA-PDC" -></A ->Chapter 6. Samba as an NT4 or Win2k Primary Domain Controller</H1 +NAME="SAMBA-PDC">Chapter 6. How to Configure Samba as a NT4 Primary Domain Controller</H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN705" ->6.1. Prerequisite Reading</A -></H1 +NAME="AEN575">6.1. Prerequisite Reading</H1 ><P >Before you continue reading in this chapter, please make sure that you are comfortable with configuring basic files services @@ -96,42 +93,96 @@ CLASS="FILENAME" >smb.conf(5)</TT ></A > -manpage.</P +manpage and the <A +HREF="ENCRYPTION.html" +TARGET="_top" +>Encryption chapter</A +> +of this HOWTO Collection.</P ></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN710" ->6.2. Background</A -></H1 +NAME="AEN581">6.2. Background</H1 +><DIV +CLASS="NOTE" +><P +></P +><TABLE +CLASS="NOTE" +WIDTH="100%" +BORDER="0" +><TR +><TD +WIDTH="25" +ALIGN="CENTER" +VALIGN="TOP" +><IMG +SRC="../images/note.gif" +HSPACE="5" +ALT="Note"></TD +><TD +ALIGN="LEFT" +VALIGN="TOP" +><P +><SPAN +CLASS="emphasis" +><I +CLASS="EMPHASIS" +>Author's Note:</I +></SPAN +> This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". +Both documents are superseded by this one.</P +></TD +></TR +></TABLE +></DIV ><P ->This article outlines the steps necessary for configuring Samba as a PDC. -It is necessary to have a working Samba server prior to implementing the -PDC functionality.</P +>Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller + +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in <A +HREF="UNIX_INSTALL.html" +TARGET="_top" +> UNIX_INSTALL.html</A +>, please make sure +that your server is configured correctly before proceeding. Another +good resource in the <A +HREF="smb.conf.5.html" +TARGET="_top" +>smb.conf(5) man +page</A +>. The following functionality should work in 2.2:</P ><P ></P ><UL ><LI ><P -> domain logons for Windows NT 4.0 / 200x / XP Professional clients. +> domain logons for Windows NT 4.0/2000 clients. </P ></LI ><LI ><P -> placing Windows 9x / Me clients in user level security +> placing a Windows 9x client in user level security </P ></LI ><LI ><P > retrieving a list of users and groups from a Samba PDC to - Windows 9x / Me / NT / 200x / XP Professional clients + Windows 9x/NT/2000 clients </P ></LI ><LI ><P -> roaming user profiles +> roving (roaming) user profiles </P ></LI ><LI @@ -141,7 +192,7 @@ PDC functionality.</P ></LI ></UL ><P ->The following functionalities are new to the Samba 3.0 release:</P +>The following pieces of functionality are not included in the 2.2 release:</P ><P ></P ><UL @@ -152,19 +203,13 @@ PDC functionality.</P ></LI ><LI ><P -> Adding users via the User Manager for Domains +> SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa) </P ></LI -></UL -><P ->The following functionalities are NOT provided by Samba 3.0:</P -><P -></P -><UL ><LI ><P -> SAM replication with Windows NT 4.0 Domain Controllers - (i.e. a Samba PDC and a Windows NT BDC or vice versa) +> Adding users via the User Manager for Domains </P ></LI ><LI @@ -175,22 +220,13 @@ PDC functionality.</P ></LI ></UL ><P ->Please note that Windows 9x / Me / XP Home clients are not true members of a domain +>Please note that Windows 9x clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for support Windows 9x-style domain logons is completely different -from NT4 / Win2k type domain logons and has been officially supported for some +from NT4 domain logons and has been officially supported for some time.</P ><P -><SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->MS Windows XP Home edition is NOT able to join a domain and does not permit -the use of domain logons.</I -></SPAN -></P -><P ->Implementing a Samba PDC can basically be divided into 3 broad +>Implementing a Samba PDC can basically be divided into 2 broad steps.</P ><P ></P @@ -203,12 +239,8 @@ TYPE="1" ></LI ><LI ><P -> Creating machine trust accounts and joining clients to the domain - </P -></LI -><LI -><P -> Adding and managing domain user accounts +> Creating machine trust accounts and joining clients + to the domain </P ></LI ></OL @@ -216,26 +248,25 @@ TYPE="1" >There are other minor details such as user profiles, system policies, etc... However, these are not necessarily specific to a Samba PDC as much as they are related to Windows NT networking -concepts.</P +concepts. They will be mentioned only briefly here.</P ></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN748" ->6.3. Configuring the Samba Domain Controller</A -></H1 +NAME="AEN620">6.3. Configuring the Samba Domain Controller</H1 ><P >The first step in creating a working Samba PDC is to -understand the parameters necessary in smb.conf. Here we -attempt to explain the parameters that are covered in -<A +understand the parameters necessary in smb.conf. I will not +attempt to re-explain the parameters here as they are more that +adequately covered in <A HREF="smb.conf.5.html" TARGET="_top" > the smb.conf man page</A ->.</P +>. For convenience, the parameters have been +linked with the actual smb.conf description.</P ><P >Here is an example <TT CLASS="FILENAME" @@ -250,17 +281,21 @@ CLASS="PROGRAMLISTING" HREF="smb.conf.5.html#NETBIOSNAME" TARGET="_top" >netbios name</A -> = <VAR +> = <TT CLASS="REPLACEABLE" ->POGO</VAR +><I +>POGO</I +></TT > <A HREF="smb.conf.5.html#WORKGROUP" TARGET="_top" >workgroup</A -> = <VAR +> = <TT CLASS="REPLACEABLE" ->NARNIA</VAR +><I +>NARNIA</I +></TT > ; we should act as the domain and local master browser @@ -313,7 +348,8 @@ TARGET="_top" >logon path</A > = \\%N\profiles\%u - ; where is a user's home directory and where should it be mounted at? + ; where is a user's home directory and where should it + ; be mounted at? <A HREF="smb.conf.5.html#LOGONDRIVE" TARGET="_top" @@ -349,9 +385,11 @@ TARGET="_top" HREF="smb.conf.5.html#WRITELIST" TARGET="_top" >write list</A -> = <VAR +> = <TT CLASS="REPLACEABLE" ->ntadmin</VAR +><I +>ntadmin</I +></TT > ; share for storing user profiles @@ -411,18 +449,24 @@ CLASS="FILENAME" ></LI ></UL ><P ->Samba 3.0 offers a complete implementation of group mapping +>As Samba 2.2 does not offer a complete implementation of group mapping between Windows NT groups and Unix groups (this is really quite -complicated to explain in a short space).</P +complicated to explain in a short space), you should refer to the +<A +HREF="smb.conf.5.html#DOMAINADMINGROUP" +TARGET="_top" +>domain admin +group</A +> smb.conf parameter for information of creating "Domain +Admins" style accounts.</P ></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN790" ->6.4. Creating Machine Trust Accounts and Joining Clients to the Domain</A -></H1 +NAME="AEN663">6.4. Creating Machine Trust Accounts and Joining Clients to the +Domain</H1 ><P >A machine trust account is a Samba account that is used to authenticate a client machine (rather than a user) to the Samba @@ -433,127 +477,14 @@ Account."</P secure communication with the Domain Controller. This is a security feature to prevent an unauthorized machine with the same NetBIOS name from joining the domain and gaining access to domain user/group -accounts. Windows NT, 200x, XP Professional clients use machine trust -accounts, but Windows 9x / Me / XP Home clients do not. Hence, a -Windows 9x / Me / XP Home client is never a true member of a domain -because it does not possess a machine trust account, and thus has no -shared secret with the domain controller.</P +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller.</P ><P >A Windows PDC stores each machine trust account in the Windows -Registry. A Samba-3 PDC also has to stoe machine trust account information -in a suitable back-end data store. With Samba-3 there can be multiple back-ends -for this including:</P -><P -></P -><UL -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->smbpaswd</I -></SPAN -> - the plain ascii file stored used by - earlier versions of Samba. This file configuration option requires - a Unix/Linux system account for EVERY entry (ie: both for user and for - machine accounts). This file will be located in the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->private</I -></SPAN -> - directory (default is /usr/local/samba/lib/private or on linux /etc/samba). - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->smbpasswd_nua</I -></SPAN -> - This file is independant of the - system wide user accounts. The use of this back-end option requires - specification of the "non unix account range" option also. It is called - smbpasswd and will be located in the <TT -CLASS="FILENAME" ->private</TT -> directory. - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->tdbsam</I -></SPAN -> - a binary database backend that will be - stored in the <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->private</I -></SPAN -> directory in a file called - <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->passwd.tdb</I -></SPAN ->. The key benefit of this binary format - file is that it can store binary objects that can not be accomodated - in the traditional plain text smbpasswd file. - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->tdbsam_nua</I -></SPAN -> like the smbpasswd_nua option above, this - file allows the creation of arbitrary user and machine accounts without - requiring that account to be added to the system (/etc/passwd) file. It - too requires the specification of the "non unix account range" option - in the [globals] section of the smb.conf file. - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->ldapsam</I -></SPAN -> - An LDAP based back-end. Permits the - LDAP server to be specified. eg: ldap://localhost or ldap://frodo.murphy.com - </P -></LI -><LI -><P -> <SPAN -CLASS="emphasis" -><I -CLASS="EMPHASIS" ->ldapsam_nua</I -></SPAN -> - LDAP based back-end with no unix - account requirement, like smbpasswd_nua and tdbsam_nua above. - </P -></LI -></UL -><P ->A Samba PDC, however, stores each machine trust account in two parts, -as follows: +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: <P ></P @@ -606,9 +537,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN833" ->6.4.1. Manual Creation of Machine Trust Accounts</A -></H2 +NAME="AEN682">6.4.1. Manual Creation of Machine Trust Accounts</H2 ><P >The first step in manually creating a machine trust account is to manually create the corresponding Unix account in @@ -623,45 +552,55 @@ CLASS="COMMAND" used to create new Unix accounts. The following is an example for a Linux based Samba server:</P ><P -> <SAMP +> <TT CLASS="PROMPT" ->root# </SAMP +>root# </TT ><B CLASS="COMMAND" ->/usr/sbin/useradd -g 100 -d /dev/null -c <VAR +>/usr/sbin/useradd -g 100 -d /dev/null -c <TT CLASS="REPLACEABLE" +><I >"machine -nickname"</VAR -> -s /bin/false <VAR +nickname"</I +></TT +> -s /bin/false <TT CLASS="REPLACEABLE" ->machine_name</VAR +><I +>machine_name</I +></TT >$ </B ></P ><P -><SAMP +><TT CLASS="PROMPT" ->root# </SAMP +>root# </TT ><B CLASS="COMMAND" ->passwd -l <VAR +>passwd -l <TT CLASS="REPLACEABLE" ->machine_name</VAR +><I +>machine_name</I +></TT >$</B ></P ><P >On *BSD systems, this can be done using the 'chpass' utility:</P ><P -><SAMP +><TT CLASS="PROMPT" ->root# </SAMP +>root# </TT ><B CLASS="COMMAND" ->chpass -a "<VAR +>chpass -a "<TT CLASS="REPLACEABLE" ->machine_name</VAR ->$:*:101:100::0:0:Workstation <VAR +><I +>machine_name</I +></TT +>$:*:101:100::0:0:Workstation <TT CLASS="REPLACEABLE" ->machine_name</VAR +><I +>machine_name</I +></TT >:/dev/null:/sbin/nologin"</B ></P ><P @@ -678,20 +617,26 @@ CLASS="FILENAME" ><P ><PRE CLASS="PROGRAMLISTING" ->doppy$:x:505:501:<VAR +>doppy$:x:505:501:<TT CLASS="REPLACEABLE" ->machine_nickname</VAR +><I +>machine_nickname</I +></TT >:/dev/null:/bin/false</PRE ></P ><P ->Above, <VAR +>Above, <TT CLASS="REPLACEABLE" ->machine_nickname</VAR +><I +>machine_nickname</I +></TT > can be any descriptive name for the client, i.e., BasementComputer. -<VAR +<TT CLASS="REPLACEABLE" ->machine_name</VAR +><I +>machine_name</I +></TT > absolutely must be the NetBIOS name of the client to be joined to the domain. The "$" must be appended to the NetBIOS name of the client or Samba will not recognize @@ -709,20 +654,24 @@ CLASS="COMMAND" > command as shown here:</P ><P -><SAMP +><TT CLASS="PROMPT" ->root# </SAMP +>root# </TT ><B CLASS="COMMAND" ->smbpasswd -a -m <VAR +>smbpasswd -a -m <TT CLASS="REPLACEABLE" ->machine_name</VAR +><I +>machine_name</I +></TT ></B ></P ><P ->where <VAR +>where <TT CLASS="REPLACEABLE" ->machine_name</VAR +><I +>machine_name</I +></TT > is the machine's NetBIOS name. The RID of the new machine account is generated from the UID of the corresponding Unix account.</P @@ -740,7 +689,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TH @@ -776,9 +725,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN874" ->6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</A -></H2 +NAME="AEN723">6.4.2. "On-the-Fly" Creation of Machine Trust Accounts</H2 ><P >The second (and recommended) way of creating machine trust accounts is simply to allow the Samba server to create them as needed when the client @@ -813,9 +760,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN883" ->6.4.3. Joining the Client to the Domain</A -></H2 +NAME="AEN732">6.4.3. Joining the Client to the Domain</H2 ><P >The procedure for joining a client to the domain varies with the version of Windows.</P @@ -881,9 +826,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN898" ->6.5. Common Problems and Errors</A -></H1 +NAME="AEN747">6.5. Common Problems and Errors</H1 ><P ></P ><P @@ -937,9 +880,9 @@ CLASS="EMPHASIS" will remove all network drive connections: </P ><P -> <SAMP +> <TT CLASS="PROMPT" ->C:\WINNT\></SAMP +>C:\WINNT\></TT > <B CLASS="COMMAND" >net use * /d</B @@ -1002,9 +945,11 @@ CLASS="EMPHASIS" </P ><P > This problem is caused by the PDC not having a suitable machine trust account. - If you are using the <VAR + If you are using the <TT CLASS="PARAMETER" ->add user script</VAR +><I +>add user script</I +></TT > method to create accounts then this would indicate that it has not worked. Ensure the domain admin user system is working. @@ -1048,9 +993,11 @@ CLASS="COMMAND" </P ><P > In order to work around this problem in 2.2.0, configure the - <VAR + <TT CLASS="PARAMETER" ->account</VAR +><I +>account</I +></TT > control flag in <TT CLASS="FILENAME" @@ -1087,9 +1034,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN946" ->6.6. System Policies and Profiles</A -></H1 +NAME="AEN795">6.6. System Policies and Profiles</H1 ><P >Much of the information necessary to implement System Policies and Roving User Profiles in a Samba domain is the same as that for @@ -1264,9 +1209,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN990" ->6.7. What other help can I get?</A -></H1 +NAME="AEN839">6.7. What other help can I get?</H1 ><P >There are many sources of information available in the form of mailing lists, RFC's and documentation. The docs that come @@ -1684,9 +1627,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1104" ->6.8. Domain Control for Windows 9x/ME</A -></H1 +NAME="AEN953">6.8. Domain Control for Windows 9x/ME</H1 ><DIV CLASS="NOTE" ><P @@ -1701,7 +1642,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD @@ -1818,9 +1759,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1130" ->6.8.1. Configuration Instructions: Network Logons</A -></H2 +NAME="AEN979">6.8.1. Configuration Instructions: Network Logons</H2 ><P >The main difference between a PDC and a Windows 9x logon server configuration is that</P @@ -1853,7 +1792,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TH @@ -1873,20 +1812,20 @@ VALIGN="TOP" >There are a few comments to make in order to tie up some loose ends. There has been much debate over the issue of whether or not it is ok to configure Samba as a Domain Controller in security -modes other than <CODE +modes other than <TT CLASS="CONSTANT" ->USER</CODE +>USER</TT >. The only security mode -which will not work due to technical reasons is <CODE +which will not work due to technical reasons is <TT CLASS="CONSTANT" ->SHARE</CODE +>SHARE</TT > -mode security. <CODE +mode security. <TT CLASS="CONSTANT" ->DOMAIN</CODE -> and <CODE +>DOMAIN</TT +> and <TT CLASS="CONSTANT" ->SERVER</CODE +>SERVER</TT > mode security is really just a variation on SMB user level security.</P ><P @@ -1924,9 +1863,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1149" ->6.8.2. Configuration Instructions: Setting up Roaming User Profiles</A -></H2 +NAME="AEN998">6.8.2. Configuration Instructions: Setting up Roaming User Profiles</H2 ><DIV CLASS="WARNING" ><P @@ -1941,7 +1878,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TD @@ -1977,9 +1914,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1157" ->6.8.2.1. Windows NT Configuration</A -></H3 +NAME="AEN1006">6.8.2.1. Windows NT Configuration</H3 ><P >To support WinNT clients, in the [global] section of smb.conf set the following (for example):</P @@ -2008,7 +1943,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD @@ -2028,9 +1963,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1165" ->6.8.2.2. Windows 9X Configuration</A -></H3 +NAME="AEN1014">6.8.2.2. Windows 9X Configuration</H3 ><P >To support Win9X clients, you must use the "logon home" parameter. Samba has now been fixed so that "net use/home" now works as well, and it, too, relies @@ -2059,9 +1992,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1173" ->6.8.2.3. Win9X and WinNT Configuration</A -></H3 +NAME="AEN1022">6.8.2.3. Win9X and WinNT Configuration</H3 ><P >You can support profiles for both Win9X and WinNT clients by setting both the "logon home" and "logon path" parameters. For example:</P @@ -2085,7 +2016,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD @@ -2104,9 +2035,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1180" ->6.8.2.4. Windows 9X Profile Setup</A -></H3 +NAME="AEN1029">6.8.2.4. Windows 9X Profile Setup</H3 ><P >When a user first logs in on Windows 9X, the file user.DAT is created, as are folders "Start Menu", "Desktop", "Programs" and "Nethood". @@ -2264,9 +2193,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1216" ->6.8.2.5. Windows NT Workstation 4.0</A -></H3 +NAME="AEN1065">6.8.2.5. Windows NT Workstation 4.0</H3 ><P >When a user first logs in to a Windows NT Workstation, the profile NTuser.DAT is created. The profile location can be now specified @@ -2285,7 +2212,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD @@ -2343,7 +2270,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD @@ -2378,9 +2305,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1229" ->6.8.2.6. Windows NT Server</A -></H3 +NAME="AEN1078">6.8.2.6. Windows NT Server</H3 ><P >There is nothing to stop you specifying any path that you like for the location of users' profiles. Therefore, you could specify that the @@ -2392,9 +2317,7 @@ CLASS="SECT3" ><H3 CLASS="SECT3" ><A -NAME="AEN1232" ->6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</A -></H3 +NAME="AEN1081">6.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0</H3 ><DIV CLASS="WARNING" ><P @@ -2409,7 +2332,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TH @@ -2461,7 +2384,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/note.gif" +SRC="../images/note.gif" HSPACE="5" ALT="Note"></TD ><TD @@ -2485,9 +2408,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1242" ->6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A -></H1 +NAME="AEN1091">6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</H1 ><DIV CLASS="WARNING" ><P @@ -2502,7 +2423,7 @@ WIDTH="25" ALIGN="CENTER" VALIGN="TOP" ><IMG -SRC="/usr/share/sgml/docbook/stylesheet/dsssl/modular/images/warning.gif" +SRC="../images/warning.gif" HSPACE="5" ALT="Warning"></TD ><TH @@ -2562,16 +2483,16 @@ may need to know to interact with the rest of the system.</P >The registry files can be located on any Windows NT machine by opening a command prompt and typing:</P ><P -><SAMP +><TT CLASS="PROMPT" ->C:\WINNT\></SAMP +>C:\WINNT\></TT > dir %SystemRoot%\System32\config</P ><P >The environment variable %SystemRoot% value can be obtained by typing:</P ><P -><SAMP +><TT CLASS="PROMPT" ->C:\WINNT></SAMP +>C:\WINNT></TT >echo %SystemRoot%</P ><P >The active parts of the registry that you may want to be familiar with are @@ -2662,7 +2583,7 @@ ACCESSKEY="N" WIDTH="33%" ALIGN="left" VALIGN="top" ->Samba as Stand-Alone server (User and Share security level)</TD +>User and Share security level (for servers not in a domain)</TD ><TD WIDTH="34%" ALIGN="center" |