Contributor: Luke Kenneth Casson Leighton (samba-bugs@samba.org) Copyright (C) 1997 Luke Kenneth Casson Leighton Created: October 20, 1997 Updated: February 25, 1999 (Jerry Carter) Subject: NT Domain Logons =========================================================================== As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations, without the need, use or intervention of NT Server. This document describes how to set this up. Over the continued development of the 1.9.18alpha series, this process (and therefore this document) should become simpler. One useful thing to do is to get this version of Samba up and running with Win95 profiles, as you would for the current stable version of Samba (currently at 1.9.17p4), and is fully documented. You will need to set up encrypted passwords. Even if you don't have any Win95 machines, using your Samba Server to store the profile for one of your NT Workstation users is a good test that you have 1.9.18alpha1 correctly configured *prior* to attempting NT Domain Logons. The support is still experimental, so should be used at your own risk. NT is not as robust as you might have been led to believe: during the development of the Domain Logon Support, one person reported having to reinstall NT from scratch: their workstation had become totally unuseable. [further reports on ntsec@iss.net by independent administrators showing similar symptoms lead us to believe that the SAM database file may be corruptible. this _is_ recoverable (or, at least the machine is accessible), by deleting the SAM file, under which circumstances all user account details are lost, but at least the Administrator can log in with a blank password. this is *not* possible except if the NT system is installed in a FAT partition.] This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest. ========================================================================== Please note that Samba 2.0 does not **officially** support domain logons for Windows NT clients. Of course, domain logon support for Windows 9x clients is complete and official. These are two different issues. Samba's capability to act as a Primary Domain Controller for Windows NT domains is not advertised as it is not completed yet. For more information regarding how to obtain the latest development (HEAD branch) source code and what features are available, please refer to the NT Domain FAQ on-line at the Samba web site under the documentation page.