From: Samba Release Account Date: Mon, 25 Aug 1997 23:28:18 +0000 (+0000) Subject: More mods to DOMAIN.txt, preparing for meta-FAQ itegration. Dan X-Git-Url: http://git.samba.org/samba.git/?p=kai%2Fsamba.git;a=commitdiff_plain;h=1b8700a43b80e8c6e33c8a47844b087cc139e3ae More mods to DOMAIN.txt, preparing for meta-FAQ itegration. Dan (This used to be commit b9581f31412f73ce37e2bdcbf462d3d146cfc320) --- diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt index 5328dc7018b..a74de94c679 100644 --- a/docs/textdocs/DOMAIN.txt +++ b/docs/textdocs/DOMAIN.txt @@ -5,11 +5,13 @@ Subject: Network Logons and Roving Profiles =========================================================================== A domain and a workgroup are exactly the same thing in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server (samba does not -support this, but NT server and other systems based on NT server do). +traffic, except for the client logon sequence. Some kind of distributed +authentication database is associated with a domain (there are quite a few +choices) and this adds so much flexibility that many people think of a +domain as a completely different entity to a workgroup. From Samba's +point of view a client connecting to a service presents an authentication +token, and it if it is valid they have access. Samba does not care what +mechanism was used to generate that token in the first place. The SMB client logging on to a domain has an expectation that every other server in the domain should accept the same authentication information. @@ -23,8 +25,10 @@ profiles. The support is still experimental, but it seems to work. The support is also not complete. Samba does not yet support the sharing of the Windows NT-style SAM database with other systems. However this is only one way of having a shared user database: exactly the same effect can -be achieved by having all servers in a domain share a distributed NIS or -Kerberos authentication database. +be achieved by having all servers in a domain share a distributed NIS, +Kerberos or other authentication database. These other options may or may +not involve changes to the client software, that depends on the combination +of client OS, server OS and authentication protocol. When an SMB client in a domain wishes to logon it broadcast requests for a logon server. The first one to reply gets the job, and validates its