diff options
| author | Samba Release Account <samba-bugs@samba.org> | 1997-08-25 23:28:18 +0000 |
|---|---|---|
| committer | Samba Release Account <samba-bugs@samba.org> | 1997-08-25 23:28:18 +0000 |
| commit | b9581f31412f73ce37e2bdcbf462d3d146cfc320 (patch) | |
| tree | c053ad6b44f0d0da9b991c0cc3974c98695508ae | |
| parent | 7f7d2faa07b81ad435b2acc9318bc39d813020c6 (diff) | |
| download | samba-b9581f31412f73ce37e2bdcbf462d3d146cfc320.tar.gz | |
More mods to DOMAIN.txt, preparing for meta-FAQ itegration. Dan
| -rw-r--r-- | docs/textdocs/DOMAIN.txt | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt index 5328dc7018b..a74de94c679 100644 --- a/docs/textdocs/DOMAIN.txt +++ b/docs/textdocs/DOMAIN.txt @@ -5,11 +5,13 @@ Subject: Network Logons and Roving Profiles =========================================================================== A domain and a workgroup are exactly the same thing in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (samba does not -support this, but NT server and other systems based on NT server do). +traffic, except for the client logon sequence. Some kind of distributed +authentication database is associated with a domain (there are quite a few +choices) and this adds so much flexibility that many people think of a +domain as a completely different entity to a workgroup. From Samba's +point of view a client connecting to a service presents an authentication +token, and it if it is valid they have access. Samba does not care what +mechanism was used to generate that token in the first place. The SMB client logging on to a domain has an expectation that every other server in the domain should accept the same authentication information. @@ -23,8 +25,10 @@ profiles. The support is still experimental, but it seems to work. The support is also not complete. Samba does not yet support the sharing of the Windows NT-style SAM database with other systems. However this is only one way of having a shared user database: exactly the same effect can -be achieved by having all servers in a domain share a distributed NIS or -Kerberos authentication database. +be achieved by having all servers in a domain share a distributed NIS, +Kerberos or other authentication database. These other options may or may +not involve changes to the client software, that depends on the combination +of client OS, server OS and authentication protocol. When an SMB client in a domain wishes to logon it broadcast requests for a logon server. The first one to reply gets the job, and validates its |