-August 22, 1996
-===============
-
-Contributor: John H Terpstra
+Initial Release: August 22, 1996
+Contributor: John H Terpstra <samba-bugs@samba.anu.edu.au>
+Updated: June 27, 1997
+Status: Current - New Content
Subject: Windows NT Domain Control & Samba
- =================================
+============================================================================
+
+****NOTE:****
+=============
+Microsoft Windows NT Domain Control is an extremely complex protocol.
+We have received countless requests to implement Domain Control in Samba
+and have seriously investigated the potential to support this. The Samba
+Team have now concluded that since Domain Control is a completely
+undocumented protocol we ought NOT to implement our best guess of this
+technology. It is a Microsoft business policy NOT to release the information
+necessary to enable this to be implemented in a dependable manner.
+============================================================================
Windows NT Server can be installed as either a plain file and print server
-or as a server that participates in Domain Control. The same is true for
-OS/2 Warp Server, Digital Pathworks and other similar products, all of which
-can participate in Domain Control along with Windows NT.
+(WORKGROUP workstaion or server) or as a server that participates in Domain
+Control (DOMAIN member, Primary Domain controller or Backup Domain controller).
+
+The same is true for OS/2 Warp Server, Digital Pathworks and other similar
+products, all of which can participate in Domain Control along with Windows NT.
To many people these terms can be confusing, so let's try to clear the air.
In fact, the registry contains entries that describes everything that anything
may need to know to interact with the rest of the system.
+The registry files will can be located on any Windows NT machine by opening a
+command prompt and typing:
+ dir %SystemRoot%\System32\config
+
+The environment variable %SystemRoot% value can be obtained by typing:
+ echo %SystemRoot%
+
+The active parts of the registry that you may want to be familiar with are
+the files called: default, system, software, sam and security.
+
+In a domain environment, Microsoft Windows NT domain controllers participate
+in replication of the SAM and SECURITY files so that all controllers within
+the domain have an exactly identical copy of each.
+
The Microsoft Windows NT system is structured within a security model that
says that all applications and services must authenticate themselves before
they can obtain permission from the security manager to do what they set out
Every Windows NT system (workstation as well as server) will have it's own
registry. Windows NT Servers that participate in Domain Security control
-have a database that they share in common - thus they do NOT own a complete
-and independant full registry database of their own, as do Workstations and
+have a database that they share in common - thus they do NOT own an
+independant full registry database of their own, as do Workstations and
plain Servers.
The User database is called the SAM (Security Access Manager) database and
When Samba is configured with the 'security = server' option and the
'password server = Your_Windows_NT_Server_Name' option, then it will
-redirect all access authentication to that server.
+redirect all access authentication to that server. This way you can
+use Windows NT to act as your password server with full support for
+Microsoft encrypted passwords.
git.samba.org / nivanova / samba-autobuild / .git / blobdiff