1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
5 >Nomenclature of Server Types</TITLE
8 CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
10 TITLE="SAMBA Project Documentation"
11 HREF="samba-howto-collection.html"><LINK
13 TITLE="Type of installation"
14 HREF="type.html"><LINK
16 TITLE="Type of installation"
17 HREF="type.html"><LINK
19 TITLE="Samba as Stand-Alone Server"
20 HREF="securitylevels.html"></HEAD
31 SUMMARY="Header navigation table"
40 >SAMBA Project Documentation</TH
62 HREF="securitylevels.html"
77 >Chapter 5. Nomenclature of Server Types</H1
87 HREF="servertype.html#AEN846"
88 >Stand Alone Server</A
92 HREF="servertype.html#AEN853"
93 >Domain Member Server</A
97 HREF="servertype.html#AEN859"
103 >Adminstrators of Microsoft networks often refer to there being three
104 different type of servers:</P
110 >Stand Alone Server</P
114 >Domain Member Server</P
118 >Domain Controller</P
124 >Primary Domain Controller</P
128 >Backup Domain Controller</P
132 >ADS Domain Controller</P
138 >A network administrator who is familiar with these terms and who
139 wishes to migrate to or use Samba will want to know what these terms mean
140 within a Samba context.</P
147 >5.1. Stand Alone Server</A
154 >stand alone server</I
156 > means that the server
157 will provide local authentication and access control for all resources
158 that are available from it. In general this means that there will be a
159 local user database. In more technical terms, it means that resources
160 on the machine will either be made available in either SHARE mode or in
161 USER mode. SHARE mode and USER mode security are documented under
162 discussions regarding "security mode". The smb.conf configuration parameters
163 that control security mode are: "security = user" and "security = share".</P
165 >No special action is needed other than to create user accounts. Stand-alone
166 servers do NOT provide network logon services, meaning that machines that
167 use this server do NOT perform a domain logon but instead make use only of
168 the MS Windows logon which is local to the MS Windows workstation/server.</P
170 >Samba tends to blur the distinction a little in respect of what is
171 a stand alone server. This is because the authentication database may be
172 local or on a remote server, even if from the samba protocol perspective
173 the samba server is NOT a member of a domain security context.</P
175 >Through the use of PAM (Pluggable Authentication Modules) and nsswitch
176 (the name service switcher) the source of authentication may reside on
177 another server. We would be inclined to call this the authentication server.
178 This means that the samba server may use the local Unix/Linux system
179 password database (/etc/passwd or /etc/shadow), may use a local smbpasswd
180 file (/etc/samba/smbpasswd or /usr/local/samba/lib/private/smbpasswd), or
181 may use an LDAP back end, or even via PAM and Winbind another CIFS/SMB
182 server for authentication.</P
190 >5.2. Domain Member Server</A
193 >This mode of server operation involves the samba machine being made a member
194 of a domain security context. This means by definition that all user authentication
195 will be done from a centrally defined authentication regime. The authentication
196 regime may come from an NT3/4 style (old domain technology) server, or it may be
197 provided from an Active Directory server (ADS) running on MS Windows 2000 or later.</P
203 >Of course it should be clear that the authentication back end itself could be from any
204 distributed directory architecture server that is supported by Samba. This can be
205 LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc.</I
209 >Please refer to the section on Howto configure Samba as a Primary Domain Controller
210 and for more information regarding how to create a domain machine account for a
211 domain member server as well as for information regading how to enable the samba
212 domain member machine to join the domain and to be fully trusted by it.</P
220 >5.3. Domain Controller</A
223 >Over the years public perceptions of what Domain Control really is has taken on an
224 almost mystical nature. Before we branch into a brief overview of what Domain Control
225 is the following types of controller are known:</P
232 >5.3.1. Domain Controller Types</A
241 >Primary Domain Controller</TD
245 >Backup Domain Controller</TD
249 >ADS Domain Controller</TD
260 >Primary Domain Controller</I
262 > or PDC plays an important role in the MS
263 Windows NT3 and NT4 Domain Control architecture, but not in the manner that so many
264 expect. The PDC seeds the Domain Control database (a part of the Windows registry) and
265 it plays a key part in synchronisation of the domain authentication database. </P
267 >New to Samba-3.0.0 is the ability to use a back-end file that holds the same type of data as
268 the NT4 style SAM (Security Account Manager) database (one of the registry files).
269 The samba-3.0.0 SAM can be specified via the smb.conf file parameter "passwd backend" and
270 valid options include <SPAN
274 > smbpasswd tdbsam ldapsam nisplussam plugin unixsam</I
277 The smbpasswd, tdbsam and ldapsam options can have a "_nua" suffix to indicate that No Unix
278 Accounts need to be created. In other words, the Samba SAM will be independant of Unix/Linux
279 system accounts, provided a uid range is defined from which SAM accounts can be created.</P
285 >Backup Domain Controller</I
287 > or BDC plays a key role in servicing network
288 authentication requests. The BDC is biased to answer logon requests so that on a network segment
289 that has a BDC and a PDC the BDC will be most likely to service network logon requests. The PDC will
290 answer network logon requests when the BDC is too busy (high load). A BDC can be promoted to
291 a PDC. If the PDC is on line at the time that the BDC is promoted to PDC the previous PDC is
292 automatically demoted to a BDC.</P
294 >At this time Samba is NOT capable of acting as an <SPAN
298 >ADS Domain Controller</I
309 SUMMARY="Footer navigation table"
329 HREF="samba-howto-collection.html"
338 HREF="securitylevels.html"
348 >Type of installation</TD
362 >Samba as Stand-Alone Server</TD