From 01f0236f58775e2bf60250caf2b9740bd9f988ea Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 30 Mar 2003 11:22:22 +0000 Subject: - Regenerate docs - Document 'preload modules' (This used to be commit 57407401d0f261d4b8e42fdc64479afef10211c3) --- docs/htmldocs/samba-pdc.html | 352 +++++++++++++++++++++++++------------------ 1 file changed, 209 insertions(+), 143 deletions(-) (limited to 'docs/htmldocs/samba-pdc.html') diff --git a/docs/htmldocs/samba-pdc.html b/docs/htmldocs/samba-pdc.html index 7c4caf4f30..98d735da06 100644 --- a/docs/htmldocs/samba-pdc.html +++ b/docs/htmldocs/samba-pdc.html @@ -2,7 +2,7 @@ Samba as a NT4 or Win2k Primary Domain ControllerSamba as an NT4 or Win2k Primary Domain ControllerChapter 5. Samba as a NT4 or Win2k Primary Domain ControllerChapter 6. Samba as an NT4 or Win2k Primary Domain Controller

5.1. Prerequisite Reading6.1. Prerequisite Reading

Before you continue reading in this chapter, please make sure @@ -96,98 +96,42 @@ CLASS="FILENAME" >smb.conf(5) -manpage and the Encryption chapter -of this HOWTO Collection.

5.2. Background6.2. Background

Author's Note: This document is a combination -of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". -Both documents are superseded by this one.

Versions of Samba prior to release 2.2 had marginal capabilities to act -as a Windows NT 4.0 Primary Domain Controller - -(PDC). With Samba 2.2.0, we are proud to announce official support for -Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows -2000 clients. This article outlines the steps -necessary for configuring Samba as a PDC. It is necessary to have a -working Samba server prior to implementing the PDC functionality. If -you have not followed the steps outlined in UNIX_INSTALL.html, please make sure -that your server is configured correctly before proceeding. Another -good resource in the smb.conf(5) man -page. The following functionality should work in 2.2:

This article outlines the steps necessary for configuring Samba as a PDC. +It is necessary to have a working Samba server prior to implementing the +PDC functionality.

The following pieces of functionality are not included in the 2.2 release:

The following functionalities are new to the Samba 3.0 release:

The following functionalities are NOT provided by Samba 3.0:

Please note that Windows 9x clients are not true members of a domain +>Please note that Windows 9x / Me / XP Home clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for support Windows 9x-style domain logons is completely different -from NT4 domain logons and has been officially supported for some +from NT4 / Win2k type domain logons and has been officially supported for some time.

Implementing a Samba PDC can basically be divided into 2 broad +>MS Windows XP Home edition is NOT able to join a domain and does not permit +the use of domain logons.

Implementing a Samba PDC can basically be divided into 3 broad steps.

  • Creating machine trust accounts and joining clients - to the domain +> Creating machine trust accounts and joining clients to the domain +

  • Adding and managing domain user accounts

    • There are other minor details such as user profiles, system policies, etc... However, these are not necessarily specific to a Samba PDC as much as they are related to Windows NT networking -concepts. They will be mentioned only briefly here.

    5.3. Configuring the Samba Domain Controller6.3. Configuring the Samba Domain Controller

    The first step in creating a working Samba PDC is to -understand the parameters necessary in smb.conf. I will not -attempt to re-explain the parameters here as they are more that -adequately covered in the smb.conf man page. For convenience, the parameters have been -linked with the actual smb.conf description.

    .

    Here is an example logon path = \\%N\profiles\%u - ; where is a user's home directory and where should it - ; be mounted at? + ; where is a user's home directory and where should it be mounted at?

    As Samba 2.2 does not offer a complete implementation of group mapping +>Samba 3.0 offers a complete implementation of group mapping between Windows NT groups and Unix groups (this is really quite -complicated to explain in a short space), you should refer to the -domain admin -group smb.conf parameter for information of creating "Domain -Admins" style accounts.

    5.4. Creating Machine Trust Accounts and Joining Clients to the -Domain6.4. Creating Machine Trust Accounts and Joining Clients to the Domain

    A machine trust account is a Samba account that is used to @@ -480,14 +433,127 @@ Account."

    A Windows PDC stores each machine trust account in the Windows -Registry. A Samba PDC, however, stores each machine trust account -in two parts, as follows: +Registry. A Samba-3 PDC also has to stoe machine trust account information +in a suitable back-end data store. With Samba-3 there can be multiple back-ends +for this including:

    A Samba PDC, however, stores each machine trust account in two parts, +as follows:

    5.4.1. Manual Creation of Machine Trust Accounts6.4.1. Manual Creation of Machine Trust Accounts

    The first step in manually creating a machine trust account is to @@ -710,8 +776,8 @@ CLASS="SECT2" >

    5.4.2. "On-the-Fly" Creation of Machine Trust Accounts6.4.2. "On-the-Fly" Creation of Machine Trust Accounts

    The second (and recommended) way of creating machine trust accounts is @@ -747,8 +813,8 @@ CLASS="SECT2" >

    5.4.3. Joining the Client to the Domain6.4.3. Joining the Client to the Domain

    The procedure for joining a client to the domain varies with the @@ -815,8 +881,8 @@ CLASS="SECT1" >

    5.5. Common Problems and Errors6.5. Common Problems and Errors

    5.6. System Policies and Profiles6.6. System Policies and Profiles

    Much of the information necessary to implement System Policies and @@ -1198,8 +1264,8 @@ CLASS="SECT1" >

    5.7. What other help can I get?6.7. What other help can I get?

    There are many sources of information available in the form @@ -1618,8 +1684,8 @@ CLASS="SECT1" >

    5.8. Domain Control for Windows 9x/ME6.8. Domain Control for Windows 9x/ME

    5.8.1. Configuration Instructions: Network Logons6.8.1. Configuration Instructions: Network Logons

    The main difference between a PDC and a Windows 9x logon @@ -1858,8 +1924,8 @@ CLASS="SECT2" >

    5.8.2. Configuration Instructions: Setting up Roaming User Profiles6.8.2. Configuration Instructions: Setting up Roaming User Profiles

    5.8.2.1. Windows NT Configuration6.8.2.1. Windows NT Configuration

    To support WinNT clients, in the [global] section of smb.conf set the @@ -1962,8 +2028,8 @@ CLASS="SECT3" >

    5.8.2.2. Windows 9X Configuration6.8.2.2. Windows 9X Configuration

    To support Win9X clients, you must use the "logon home" parameter. Samba has @@ -1993,8 +2059,8 @@ CLASS="SECT3" >

    5.8.2.3. Win9X and WinNT Configuration6.8.2.3. Win9X and WinNT Configuration

    You can support profiles for both Win9X and WinNT clients by setting both the @@ -2038,8 +2104,8 @@ CLASS="SECT3" >

    5.8.2.4. Windows 9X Profile Setup6.8.2.4. Windows 9X Profile Setup

    When a user first logs in on Windows 9X, the file user.DAT is created, @@ -2198,8 +2264,8 @@ CLASS="SECT3" >

    5.8.2.5. Windows NT Workstation 4.06.8.2.5. Windows NT Workstation 4.0

    When a user first logs in to a Windows NT Workstation, the profile @@ -2312,8 +2378,8 @@ CLASS="SECT3" >

    5.8.2.6. Windows NT Server6.8.2.6. Windows NT Server

    There is nothing to stop you specifying any path that you like for the @@ -2326,8 +2392,8 @@ CLASS="SECT3" >

    5.8.2.7. Sharing Profiles between W95 and NT Workstation 4.06.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

    5.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba6.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

    User and Share security level (for servers not in a domain)Samba as Stand-Alone server (User and Share security level)