Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Samba HowTo Guide
Prev Home Next

Note

Network clients of an MS Windows domain security environment must be domain members to be able to gain access to the advanced features provided. Domain membership involves more than just setting the workgroup name to the domain name. It requires the creation of a domain trust account for the workstation (called a machine account). Refer to Domain Membership for more information.

The following functionalities are new to the Samba-3 release:

  • Samba-3 supports the use of a choice of backends that may be used in which user, group and machine accounts may be stored. Multiple passwd backends can be used in combination, either as additive backend data sets, or as fail-over data sets.

    An LDAP passdb backend confers the benefit that the account backend can be distributed and replicated, which is of great value because it confers scalability and provides a high degree of reliability.

  • Windows NT4 domain trusts. Samba-3 supports workstation and server (machine) trust accounts. It also supports Windows NT4 style interdomain trust accounts, which further assists in network scalability and interoperability.

  • Operation without NetBIOS over TCP/IP, rather using the raw SMB over TCP/IP. Note, this is feasible only when operating as a Microsoft active directory domain member server. When acting as a Samba domain controller the use of NetBIOS is necessary to provide network browsing support.

  • Samba-3 provides NetBIOS name services (WINS), NetBIOS over TCP/IP (TCP port 139) session services, SMB over TCP/IP (TCP port 445) session services, and Microsoft compatible ONC DCE RPC services (TCP port 135) services.

  • Management of users and groups via the User Manager for Domains. This can be done on any MS Windows client using the Nexus.exe toolkit for Windows 9x/Me, or using the SRVTOOLS.EXE package for MS Windows NT4/200x/XP platforms. These packages are available from Microsoft's Web site.

  • Implements full Unicode support. This simplifies cross-locale internationalization support. It also opens up the use of protocols that Samba-2.2.x had but could not use due to the need to fully support Unicode.

The following functionalities are not provided by Samba-3:

  • SAM replication with Windows NT4 domain controllers (i.e., a Samba PDC and a Windows NT BDC, or vice versa). This means Samba cannot operate as a BDC when the PDC is Microsoft-based Windows NT PDC. Samba-3 can not participate in replication of account data to Windows PDCs and BDCs.

  • Acting as a Windows 2000 active directory domain controller (i.e., Kerberos and Active Directory). In point of fact, Samba-3 does have some Active Directory domain control ability that is at this time purely experimental. Active directory domain control is one of the features that is being developed in Samba-4, the next generation Samba release. At this time there are no plans to enable active directory domain control support during the Samba-3 series life-cycle.

  • The Windows 200x/XP Microsoft Management Console (MMC) cannot be used to manage a Samba-3 server. For this you can use only the MS Windows NT4 Domain Server Manager and the MS Windows NT4 Domain User Manager. Both are part of the SVRTOOLS.EXE package mentioned later.

Windows 9x/Me/XP Home clients are not true members of a domain for reasons outlined in this chapter. The protocol for support of Windows 9x/Me-style network (domain) logons is completely different from NT4/Windows 200x-type domain logons and has been officially supported for some time. These clients use the old LanMan network logon facilities that are supported in Samba since approximately the Samba-1.9.15 series.

Samba-3 implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated to explain in a short space). This is discussed more fully in Group Mapping: MS Windows and UNIX.

Samba-3, like an MS Windows NT4 PDC or a Windows 200x Active Directory, needs to store user and Machine Trust Account information in a suitable backend data-store. Refer to MS Windows Workstation/Server Machine Trust Accounts. With Samba-3 there can be multiple backends for this. A complete discussion of account database backends can be found in Account Information Databases.

Samba HowTo Guide
Prev Home Next

 
 
  Published under the terms fo the GNU General Public License Design by Interspire