From 8ab8fe6c6094589216b174cd08c2c41049611bc1 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Sun, 4 May 2003 08:29:25 +0000 Subject: More updates. (This used to be commit d5fdd156e35aeaf7bbe5e6ce0795cba02993f912) --- docs/docbook/projdoc/Samba-PDC-HOWTO.xml | 125 ++++++++++++++++++++++++------- 1 file changed, 97 insertions(+), 28 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml index 9bbcb134b4..7952f7c75f 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml @@ -16,48 +16,96 @@ Domain Control +<emphasis>The Essence of Learning:</emphasis> -Before you continue reading in this chapter, please make sure -that you are comfortable with configuring basic files services -in smb.conf and how to enable and administer password -encryption in Samba. Theses two topics are covered in the -&smb.conf; manpage. +There are many who approach MS Windows networking with incredible misconceptions. +That's OK, because it give the rest of us plenty of opportunity to help someone. +Those who really want help would be well advised to not make too big a fool +of themselves by not being informed when are where the information needed is in +fact available. + + + + +The reader is well advised NOT to tackle this section until having first understood +and mastered some basics. MS Windows networking is not particularly forgiving of +misconfiguration. Users of MS Windows networking are likely to complain bitterly +of persistent niggles that may be caused by broken network or system configuration. +To a great many people however, MS Windows networking starts with a domain controller +that in some magical way is expected to solve all ills. + + + +From the Samba mailing list one can readilly identify many common networking issues. +If you are not clear on the following subjects, then it will do much good to read the +sections of this HOWTO that deal with it. These are the most common causes of MS Windows +networking problems: + + + + Basic TCP/IP configuration + NetBIOS name resolution + Authentication configuration + User and Group configuration + Basic File and Directory Permission Control in Unix/Linux + Understanding of how MS Windows clients interoperate in a network + environment + + + +Now, do not be put off too much, on the surface of it MS Windows networking seems so simple +that any fool can do it. In fact, only a fool would set up an MS Windows network with +inadequate training and preparation. So let's get our first indelible principle out of the +way: It is perfectly OK to make mistakes! In the right place and at +the right time, mistakes are the essence of learning. It is very much +not Ok to make mistakes that cause loss of productivity and impose an avoidable financial +burden on an organisation. + + + +So where is the right place to make mistakes? Only out of harms' way! If you are going to +make mistakes, then please do this on a test network, away from users and in such a way as +to not inflict pain on others. Do your learning on a test network. - -Background - +Background Domain Controller Over the years public perceptions of what Domain Control really is has taken on an -almost mystical nature. Before we branch into a brief overview of what Domain Control -is the following types of controller are known: +almost mystical nature. Before we branch into a brief overview of Domain Control +there are three basic types of domain controllers: Domain Controller Types - - Primary Domain Controller - Backup Domain Controller - ADS Domain Controller - + + Primary Domain Controller + Backup Domain Controller + ADS Domain Controller + The Primary Domain Controller or PDC plays an important role in the MS -Windows NT3 and NT4 Domain Control architecture, but not in the manner that so many -expect. The PDC seeds the Domain Control database (a part of the Windows registry) and -it plays a key part in synchronisation of the domain authentication database. +Windows NT4 and Windows 200x Domain Control architecture, but not in the manner that so many +expect. -New to Samba-3.0.0 is the ability to use a back-end file that holds the same type of data as +In the case of MS Windows NT4 style domaines it is the PDC seeds the Domain Control database, +a part of the Windows registry called the SAM (Security Accounts Management). It plays a key +part in NT4 type domain user authentication and in synchronisation of the domain authentication +database with Backup Domain Controllers. + + + +New to Samba-3 is the ability to use a back-end file that holds the same type of data as the NT4 style SAM (Security Account Manager) database (one of the registry files). -The samba-3.0.0 SAM can be specified via the smb.conf file parameter "passwd backend" and +The samba-3 SAM can be specified via the smb.conf file parameter "passwd backend" and valid options include smbpasswd tdbsam ldapsam nisplussam plugin unixsam. The smbpasswd, tdbsam and ldapsam options can have a "_nua" suffix to indicate that No Unix Accounts need to be created. In other words, the Samba SAM will be independant of Unix/Linux @@ -74,15 +122,36 @@ automatically demoted to a BDC. -At this time Samba is NOT capable of acting as an ADS Domain Controller. +With MS Windows NT4 it is an install time decision what type of machine the server will be. +It is possible to change the promote a BDC to a PDC and vica versa only, but the only way +to convert a domain controller to a domain member server or a stand-alone server is to +reinstall it. The install time choices offered are: + + + + Primary Domain Controller - The one that seeds the domain SAM + Backup Domain Controller - One that obtains a copy of the domain SAM + Stand-Alone Server - One that plays NO part is SAM synchronisation + + + +With MS Windows 2000 the configuration of domain control is done after the server has been +installed. Samba-3 is capable of acting fully as a native member of a Windows 200x server +Active Directory domain. + + + +At this time Samba-3 is capable of acting as an ADS Domain Controller but +in only a limited and experimental manner. This functionality should not be depended upon +until the samba-team offers formal support for it. At such a time, the documentation will +be revised to duely reflect all configuration and management requirements. -This article outlines the steps necessary for configuring Samba as a PDC. -It is necessary to have a working Samba server prior to implementing the -PDC functionality. +This article outlines the steps necessary for configuring Samba-3 as an MS Windows NT4 style PDC. +It is necessary to have a working Samba server prior to implementing the PDC functionality. @@ -116,12 +185,12 @@ that are covered separately in this document. -The following functionalities are new to the Samba 3.0 release: +The following functionalities are new to the Samba-3 release: - Windows NT 4 domain trusts + Windows NT4 domain trusts @@ -135,7 +204,7 @@ The following functionalities are NOT provided by Samba 3.0: - SAM replication with Windows NT 4.0 Domain Controllers + SAM replication with Windows NT4 Domain Controllers (i.e. a Samba PDC and a Windows NT BDC or vice versa) @@ -274,7 +343,7 @@ There are a couple of points to emphasize in the above configuration. - The server must support domain logons and a + The server must support domain logons and have a [netlogon] share -- cgit