Chapter 4. Domain Control
There are many who approach MS Windows networking with incredible misconceptions. That's okay, because it gives the rest of us plenty of opportunity to be of assistance. Those who really want help would be well advised to become familiar with information that is already available.
The reader is advised not to tackle this section without having first
The diagram in Figure 4.1 shows a typical MS Windows Domain Security network environment. Workstations A, B and C are representative of many physical MS Windows network
Figure 4.1. An Example Domain.
From the Samba mailing list one can readily identify many common networking issues. If you are not clear on the following subjects, then it will do much good to read the sections of this HOWTO that deal with it. These are the most common causes of MS Windows networking problems:
Do not be put off; on the surface of it MS Windows networking seems so simple that
Where is the right place to make mistakes? Only out of harm's way. If you are going to make mistakes, then
4.1 Features and Benefits
What is the key benefit of Microsoft Domain Security ?
In a word,
Single Sign On
, or SSO for short. To many, this is the Holy Grail of MS Windows NT and beyond networking. SSO allows users in a well-designed network to log onto any workstation that is a member of the domain that their
The benefits of Domain Security are available to those sites that deploy a Samba PDC. A Domain provides a unique network security identifier (SID). Domain user and group security identifiers are comprised of the network SID plus a relative identifier (RID) that is unique to the account. User and
The following functionalities are new to the Samba-3 release:
The following functionalities are not provided by Samba-3:
Windows 9x/Me/XP Home clients are not true members of a domain for reasons outlined in this chapter. The protocol for support of Windows 9x/Me style network (domain) logons is completely different from NT4/Windows 200x type domain
Samba-3 implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated to explain in a short space). This is discussed more fully in Chapter 11, Group Mapping ” MS Windows and UNIX .
Samba-3, like an MS Windows NT4 PDC or a Windows 200x Active Directory, needs to store user and Machine Trust Account information in a suitable backend datastore. Refer to Section 6.2. With Samba-3 there can be multiple backends for this. A complete discussion of account database backends can be found in Chapter 10, Account Information Databases .