diff options
Diffstat (limited to 'docs/htmldocs/Samba-PDC-HOWTO.html')
| -rw-r--r-- | docs/htmldocs/Samba-PDC-HOWTO.html | 726 |
1 files changed, 429 insertions, 297 deletions
diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html index 6dc467ed9ed..c2cdd9c60bb 100644 --- a/docs/htmldocs/Samba-PDC-HOWTO.html +++ b/docs/htmldocs/Samba-PDC-HOWTO.html @@ -29,6 +29,34 @@ CLASS="SECT1" CLASS="SECT1" ><A NAME="AEN3" +>Prerequisite Reading</A +></H1 +><P +>Before you continue readingin this chapter, please make sure +that you are comfortable with configuring basic files services +in smb.conf and how to enable and administrate password +encryption in Samba. Theses two topics are covered in the +<A +HREF="smb.conf.5.html" +TARGET="_top" +><TT +CLASS="FILENAME" +>smb.conf(5)</TT +></A +> +manpage and the <A +HREF="EMCRYPTION.html" +TARGET="_top" +>Encryption chapter</A +> +of this HOWTO Collection.</P +></DIV +><DIV +CLASS="SECT1" +><HR><H1 +CLASS="SECT1" +><A +NAME="AEN9" >Background</A ></H1 ><DIV @@ -48,14 +76,30 @@ Both documents are superceeded by this one.</P ></DIV ><P >Version of Samba prior to release 2.2 had marginal capabilities to -act as a Windows NT 4.0 Primary Domain Controller (PDC). The following -functionality should work in 2.2:</P +act as a Windows NT 4.0 Primary Domain Controller (PDC). Beginning with +Samba 2.2.0, we are proud to announce official support for Windows NT 4.0 +style domain logons from Windows NT 4.0 (through SP6) and Windows 2000 (through +SP1) clients. This article outlines the steps necessary for configuring Samba +as a PDC. It is necessary to have a working Samba server prior to implementing the +PDC functionality. If you have not followed the steps outlined in +<A +HREF="UNIX_INSTALL.html" +TARGET="_top" +> UNIX_INSTALL.html</A +>, please make sure +that your server is configured correctly before proceeding. Another good +resource in the <A +HREF="smb.conf.5.html" +TARGET="_top" +>smb.conf(5) man +page</A +>. The following functionality should work in 2.2:</P ><P ></P ><UL ><LI ><P -> domain logons for Windows NT 4.0/2000 clients +> domain logons for Windows NT 4.0/2000 clients. </P ></LI ><LI @@ -80,6 +124,32 @@ functionality should work in 2.2:</P </P ></LI ></UL +><DIV +CLASS="WARNING" +><P +></P +><TABLE +CLASS="WARNING" +BORDER="1" +WIDTH="100%" +><TR +><TD +ALIGN="CENTER" +><B +>Windows 2000 Service Pack 2 Clients</B +></TD +></TR +><TR +><TD +ALIGN="LEFT" +><P +> Samba 2.2.1 is required for PDC functionality when using Windows 2000 + SP2 clients. + </P +></TD +></TR +></TABLE +></DIV ><P >The following pieces of functionality are not included in the 2.2 release:</P ><P @@ -115,25 +185,6 @@ support Windows 9x style domain logons is completely different from NT4 domain logons and has been officially supported for some time.</P ><P ->Beginning with Samba 2.2.0, we are proud to announce official -support for Windows NT 4.0 style domain logons from Windows NT -4.0 and Windows 2000 (including SP1) clients. This article -outlines the steps necessary for configuring Samba as a PDC. -It is necessary to have a working Samba server prior to implementing the -PDC functionality. If you have not followed the steps outlined in -<A -HREF="UNIX_INSTALL.html" -TARGET="_top" -> UNIX_INSTALL.html</A ->, please make sure -that your server is configured correctly before proceeding. Another good -resource in the <A -HREF="smb.conf.5.html" -TARGET="_top" ->smb.conf(5) man -page</A ->.</P -><P >Implementing a Samba PDC can basically be divided into 2 broad steps.</P ><P @@ -163,7 +214,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN41" +NAME="AEN49" >Configuring the Samba Domain Controller</A ></H1 ><P @@ -349,7 +400,9 @@ CLASS="FILENAME" ><LI ><P > The server must be the domain master browser in order for Windows - client to locate the server as a DC. + client to locate the server as a DC. Please refer to the various + Network Browsing documentation included with this distribution for + details. </P ></LI ></UL @@ -374,18 +427,18 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN84" +NAME="AEN92" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></H1 ><P >A machine trust account is a samba user account owned by a computer. The account password acts as the shared secret for secure -communication with the Domain Controller (This is a security feature +communication with the Domain Controller. This is a security feature to prevent an unauthorized machine with the same netbios name from -joining the domain). Hence a Windows 9x host is never a true member -of a domain because it does not posses a machine trust account, and thus -has no shared secret with the DC.</P +joining the domain and gaining access to domain user/group accounts. +Hence a Windows 9x host is never a true member of a domain because it does +not posses a machine trust account, and thus has no shared secret with the DC.</P ><P >On a Windows NT PDC, these machine trust account passwords are stored in the registry. A Samba PDC stores these accounts in the same location @@ -405,8 +458,45 @@ Future releases will alleviate the need to create <TT CLASS="FILENAME" >/etc/passwd</TT -> entries. For those who wish to avoid -editing the passwd file manually the command below should work well:</P +> entries. </P +><P +>There are two means of creating machine trust accounts.</P +><P +></P +><UL +><LI +><P +> Manual creation before joining the client to the domain. In this case, + the password is set to a known value -- the lower case of the + machine's netbios name. + </P +></LI +><LI +><P +> Creation of the account at the time of joining the domain. In + this case, the session key of the administrative account used to join + the client to the domain acts as an encryption key for setting the + password to a random value (This is the recommended method). + </P +></LI +></UL +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN106" +>Manually creating machine trust accounts</A +></H2 +><P +>The first step in creating a machine trust account by hand is to +create an entry for the machine in /etc/passwd. This can be done +using <B +CLASS="COMMAND" +>vipw</B +> or any 'add userr' command which is normally +used to create new UNIX accounts. The following is an example for a Linux +based Samba server:</P ><P ><TT CLASS="PROMPT" @@ -459,30 +549,17 @@ CLASS="REPLACEABLE" the netbios name of the pc to be added to the domain. The "$" must append the netbios name of the pc or samba will not recognize this as a machine account</P ><P ->Now that the UNIX account has been created, -the following command shows how to create a new machine account, -enabling the machine to join the domain.</P -><P ->There are two means of creating machine trust accounts.</P -><P -></P -><UL -><LI -><P -> Manual creation before joining the client to the domain. In this case, - the password is set to a known value -- the lower case of the - machine's netbios name. - </P -></LI -><LI -><P -> Creation of the account at the time of joining the domain. In - this case, the session key of the administrative account used to join - the client to the domain acts as an encryption key for setting the - password to a random value (This is the recommended method). - </P -></LI -></UL +>Now that the UNIX account has been created, the next step is to create +the smbpasswd entry for the machine containing the well known initial +trust account password. This can be done using the <A +HREF="smbpasswd.6.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbpasswd(8)</B +></A +> command +as shown here:</P ><P ><TT CLASS="PROMPT" @@ -500,33 +577,68 @@ CLASS="REPLACEABLE" >machine_name</I ></TT > is the machine's netbios -name. Will permit use of the first method.<I -CLASS="EMPHASIS" ->If you manually create a -machine account, immediately join the client to the domain.</I -> -An open account like this can allow intruders to gain access to user -account information in your domain.</P -><P ->The second, and again recommended way of creating machine trust accounts -is to add them on the fly at the time the client is joined to the domain. -You will need to include a value for the <A +name. </P +><DIV +CLASS="WARNING" +><P +></P +><TABLE +CLASS="WARNING" +BORDER="1" +WIDTH="100%" +><TR +><TD +ALIGN="CENTER" +><B +>Join the client to the domain immediately</B +></TD +></TR +><TR +><TD +ALIGN="LEFT" +><P +> Manually creating a machine trust account using this method is the + equivalent of creating a machine account on a Windows NT PDC using + the "Server Manager". From the time at which the account is created + to the time which th client joins the domain and changes the password, + your domain is vulnerable to an intruder joining your domain using a + a machine with the same netbios name. A PDC inherently trusts + members of the domain and will serve out a large degree of user + information to such clients. You have been warned! + </P +></TD +></TR +></TABLE +></DIV +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN134" +>Creating machine trust accounts "on the fly"</A +></H2 +><P +>The second, and most recommended way of creating machine trust accounts +is to create them as needed at the time the client is joined to +the domain. You will need to include a value for the <A HREF="smb.conf.5.html#ADDUSERSCRIPT" TARGET="_top" >add user script</A > -parameter. Below is an example I use on a RedHat 6.2 Linux system.</P +parameter. Below is an example from a RedHat 6.2 Linux system.</P ><P ><PRE CLASS="PROGRAMLISTING" >add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </PRE ></P ><P ->In Samba 2.2, <I +>In Samba 2.2.1, <I CLASS="EMPHASIS" >only the root account</I > can be used to create -machine accounts on the fly like this. Therefore, it is required to create +machine accounts like this. Therefore, it is required to create an entry in smbpasswd for <I CLASS="EMPHASIS" >root</I @@ -540,12 +652,13 @@ CLASS="FILENAME" >/etc/passwd</TT > entry for security reasons.</P ></DIV +></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN127" +NAME="AEN145" >Common Problems and Errors</A ></H1 ><P @@ -555,213 +668,183 @@ NAME="AEN127" ><UL ><LI ><P -> <I +> <I CLASS="EMPHASIS" >I cannot include a '$' in a machine name.</I > - </P -><A -NAME="AEN134" -></A -><BLOCKQUOTE -CLASS="BLOCKQUOTE" + </P ><P -> A 'machine name' in (typically) <TT +> A 'machine name' in (typically) <TT CLASS="FILENAME" >/etc/passwd</TT > - of the machine name with a '$' appended. FreeBSD (and other BSD - systems ?) won't create a user with a '$' in their name. - </P + of the machine name with a '$' appended. FreeBSD (and other BSD + systems ?) won't create a user with a '$' in their name. + </P ><P -> The problem is only in the program used to make the entry, once - made, it works perfectly. So create a user without the '$' and - use <B +> The problem is only in the program used to make the entry, once + made, it works perfectly. So create a user without the '$' and + use <B CLASS="COMMAND" >vipw</B > to edit the entry, adding the '$'. Or create - the whole entry with vipw if you like, make sure you use a - unique uid ! - </P -></BLOCKQUOTE + the whole entry with vipw if you like, make sure you use a + unique uid ! + </P ></LI ><LI ><P -> <I +> <I CLASS="EMPHASIS" >I get told "You already have a connection to the Domain...." - or "Cannot join domain, the credentials supplied conflict with an - existing set.." when creating a machine account.</I + or "Cannot join domain, the credentials supplied conflict with an + existing set.." when creating a machine account.</I > - </P -><A -NAME="AEN142" -></A -><BLOCKQUOTE -CLASS="BLOCKQUOTE" + </P ><P -> This happens if you try to create a machine account from the - machine itself and already have a connection (e.g. mapped drive) - to a share (or IPC$) on the Samba PDC. The following command - will remove all network drive connections: - </P +> This happens if you try to create a machine account from the + machine itself and already have a connection (e.g. mapped drive) + to a share (or IPC$) on the Samba PDC. The following command + will remove all network drive connections: + </P ><P -> <TT +> <TT CLASS="PROMPT" >C:\WINNT\></TT > <B CLASS="COMMAND" >net use * /d</B > - </P + </P ><P -> Further, if the machine is a already a 'member of a workgroup' that - is the same name as the domain you are joining (bad idea) you will - get this message. Change the workgroup name to something else, it - does not matter what, reboot, and try again. - </P -></BLOCKQUOTE +> Further, if the machine is a already a 'member of a workgroup' that + is the same name as the domain you are joining (bad idea) you will + get this message. Change the workgroup name to something else, it + does not matter what, reboot, and try again. + </P ></LI ><LI ><P -> <I +> <I CLASS="EMPHASIS" >The system can not log you on (C000019B)....</I > - </P -><A -NAME="AEN151" -></A -><BLOCKQUOTE -CLASS="BLOCKQUOTE" + </P ><P >I joined the domain successfully but after upgrading - to a newer version of the Samba code I get the message, "The system - can not log you on (C000019B), Please try a gain or consult your - system administrator" when attempting to logon. - </P + to a newer version of the Samba code I get the message, "The system + can not log you on (C000019B), Please try a gain or consult your + system administrator" when attempting to logon. + </P ><P -> This occurs when the domain SID stored in - <TT +> This occurs when the domain SID stored in + <TT CLASS="FILENAME" >private/WORKGROUP.SID</TT > is - changed. For example, you remove the file and <B + changed. For example, you remove the file and <B CLASS="COMMAND" >smbd</B > automatically - creates a new one. Or you are swapping back and forth between - versions 2.0.7, TNG and the HEAD branch code (not recommended). The - only way to correct the problem is to restore the original domain - SID or remove the domain client from the domain and rejoin. - </P -></BLOCKQUOTE + creates a new one. Or you are swapping back and forth between + versions 2.0.7, TNG and the HEAD branch code (not recommended). The + only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. + </P ></LI ><LI ><P -> <I +> <I CLASS="EMPHASIS" >The machine account for this computer either does not - exist or is not accessible.</I + exist or is not accessible.</I > - </P -><A -NAME="AEN159" -></A -><BLOCKQUOTE -CLASS="BLOCKQUOTE" + </P ><P -> When I try to join the domain I get the message "The machine account - for this computer either does not exist or is not accessible". Whats - wrong ? - </P +> When I try to join the domain I get the message "The machine account + for this computer either does not exist or is not accessible". Whats + wrong? + </P ><P -> This problem is caused by the PDC not having a suitable machine account. - If you are using the <TT +> This problem is caused by the PDC not having a suitable machine account. + If you are using the <TT CLASS="PARAMETER" ><I >add user script</I ></TT > method to create - accounts then this would indicate that it has not worked. Ensure the domain - admin user system is working. - </P -><P -> Alternatively if you are creating account entries manually then they - have not been created correctly. Make sure that you have the entry - correct for the machine account in smbpasswd file on the Samba PDC. - If you added the account using an editor rather than using the smbpasswd - utility, make sure that the account name is the machine netbios name - with a '$' appended to it ( ie. computer_name$ ). There must be an entry - in both /etc/passwd and the smbpasswd file. Some people have reported - that inconsistent subnet masks between the Samba server and the NT - client have caused this problem. Make sure that these are consistent - for both client and server. - </P -></BLOCKQUOTE + accounts then this would indicate that it has not worked. Ensure the domain + admin user system is working. + </P +><P +> Alternatively if you are creating account entries manually then they + have not been created correctly. Make sure that you have the entry + correct for the machine account in smbpasswd file on the Samba PDC. + If you added the account using an editor rather than using the smbpasswd + utility, make sure that the account name is the machine netbios name + with a '$' appended to it ( ie. computer_name$ ). There must be an entry + in both /etc/passwd and the smbpasswd file. Some people have reported + that inconsistent subnet masks between the Samba server and the NT + client have caused this problem. Make sure that these are consistent + for both client and server. + </P ></LI ><LI ><P -> <I +> <I CLASS="EMPHASIS" >When I attempt to login to a Samba Domain from a NT4/W2K workstation, - I get a message about my account being disabled.</I + I get a message about my account being disabled.</I > - </P -><A -NAME="AEN167" -></A -><BLOCKQUOTE -CLASS="BLOCKQUOTE" + </P ><P -> This problem is caused by a PAM related bug in Samba 2.2.0. This bug is - fixed in 2.2.1. Other symptoms could be unaccessible shares on - NT/W2K member servers in the domain or the following error in your smbd.log: - passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% - </P +> This problem is caused by a PAM related bug in Samba 2.2.0. This bug is + fixed in 2.2.1. Other symptoms could be unaccessible shares on + NT/W2K member servers in the domain or the following error in your smbd.log: + passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% + </P ><P -> At first be ensure to enable the useraccounts with <B +> At first be ensure to enable the useraccounts with <B CLASS="COMMAND" >smbpasswd -e - %user%</B + %user%</B >, this is normaly done, when you create an account. - </P + </P ><P -> In order to work around this problem in 2.2.0, configure the - <TT +> In order to work around this problem in 2.2.0, configure the + <TT CLASS="PARAMETER" ><I >account</I ></TT > control flag in - <TT + <TT CLASS="FILENAME" >/etc/pam.d/samba</TT > file as follows: - </P + </P ><P ><PRE CLASS="PROGRAMLISTING" -> account required pam_permit.so - </PRE +> account required pam_permit.so + </PRE ></P ><P -> If you want to remain backward compatibility to samba 2.0.x use - <TT +> If you want to remain backward compatibility to samba 2.0.x use + <TT CLASS="FILENAME" >pam_permit.so</TT >, it's also possible to use - <TT + <TT CLASS="FILENAME" >pam_pwdb.so</TT >. There are some bugs if you try to - use <TT + use <TT CLASS="FILENAME" >pam_unix.so</TT >, if you need this, be ensure to use - the most recent version of this file. - </P -></BLOCKQUOTE + the most recent version of this file. + </P ></LI ></UL ></DIV @@ -770,7 +853,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN180" +NAME="AEN193" >System Policies and Profiles</A ></H1 ><P @@ -786,97 +869,112 @@ Profiles and Policies in Windows NT 4.0</A ><P >Here are some additional details:</P ><P -><I +></P +><UL +><LI +><P +> <I CLASS="EMPHASIS" >What about Windows NT Policy Editor ?</I -></P +> + </P ><P ->To create or edit <TT +> To create or edit <TT CLASS="FILENAME" >ntconfig.pol</TT > you must use -the NT Server Policy Editor, <B + the NT Server Policy Editor, <B CLASS="COMMAND" >poledit.exe</B > which -is included with NT Server but <I + is included with NT Server but <I CLASS="EMPHASIS" >not NT Workstation</I >. -There is a Policy Editor on a NTws -but it is not suitable for creating <I + There is a Policy Editor on a NTws + but it is not suitable for creating <I CLASS="EMPHASIS" >Domain Policies</I >. -Further, although the Windows 95 -Policy Editor can be installed on an NT Workstation/Server, it will not -work with NT policies because the registry key that are set by the policy templates. -However, the files from the NT Server will run happily enough on an NTws. -You need <TT + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need <TT CLASS="FILENAME" >poledit.exe, common.adm</TT > and <TT CLASS="FILENAME" >winnt.adm</TT >. It is convenient -to put the two *.adm files in <TT + to put the two *.adm files in <TT CLASS="FILENAME" >c:\winnt\inf</TT > which is where -the binary will look for them unless told otherwise. Note also that that -directory is 'hidden'.</P + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'. + </P ><P ->The Windows NT policy editor is also included with the -Service Pack 3 (and later) for Windows NT 4.0. Extract the files using -<B +> The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using <B CLASS="COMMAND" >servicepackname /x</B ->, ie thats <B +>, + ie thats <B CLASS="COMMAND" ->Nt4sp6ai.exe -/x</B -> for service pack 6a. The policy editor, <B +>Nt4sp6ai.exe /x</B +> for service pack 6a. The policy editor, + <B CLASS="COMMAND" >poledit.exe</B -> and the -associated template files (*.adm) should -be extracted as well. It is also possible to downloaded the policy template -files for Office97 and get a copy of the policy editor. Another possible -location is with the Zero Administration Kit available for download from Microsoft.</P +> and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft. + </P +></LI +><LI ><P -><I +> <I CLASS="EMPHASIS" >Can Win95 do Policies ?</I -></P +> + </P ><P ->Install the group policy handler for Win9x to pick up group -policies. Look on the Win98 CD in <TT +> Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in <TT CLASS="FILENAME" >\tools\reskit\netadmin\poledit</TT >. -Install group policies on a Win9x client by double-clicking -<TT + Install group policies on a Win9x client by double-clicking + <TT CLASS="FILENAME" >grouppol.inf</TT >. Log off and on again a couple of -times and see if Win98 picks up group policies. Unfortunately this needs -to be done on every Win9x machine that uses group policies....</P + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... + </P ><P ->If group policies don't work one reports suggests getting the updated -(read: working) grouppol.dll for Windows 9x. The group list is grabbed -from /etc/group.</P +> If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group. + </P +></LI +><LI ><P -><I +> <I CLASS="EMPHASIS" >How do I get 'User Manager' and 'Server Manager'</I -></P +> + </P ><P ->Since I don't need to buy an NT Server CD now, how do I get -the 'User Manager for Domains', the 'Server Manager' ?</P +> Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager' ? + </P ><P ->Microsoft distributes a version of -these tools called nexus for installation on Windows 95 systems. The -tools set includes</P +> Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes + </P ><P ></P ><UL @@ -894,26 +992,30 @@ tools set includes</P ></LI ></UL ><P ->Click here to download the archived file <A +> Click here to download the archived file <A HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE" TARGET="_top" >ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</A -></P +> + </P ><P ->The Windows NT 4.0 version of the 'User Manager for -Domains' and 'Server Manager' are available from Microsoft via ftp -from <A +> The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from <A HREF="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE" TARGET="_top" >ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</A -></P +> + </P +></LI +></UL ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN220" +NAME="AEN237" >What other help can I get ?</A ></H1 ><P @@ -922,11 +1024,16 @@ of mailing lists, RFC's and documentation. The docs that come with the samba distribution contain very good explanations of general SMB topics such as browsing.</P ><P -><I +></P +><UL +><LI +><P +> <I CLASS="EMPHASIS" >What are some diagnostics tools I can use to debug the domain logon -process and where can I find them?</I -></P + process and where can I find them?</I +> + </P ><P > One of the best diagnostic tools for debugging problems is Samba itself. You can use the -d option for both smbd and nmbd to specifiy what @@ -968,7 +1075,7 @@ CLASS="COMMAND" ></UL ><P > An SMB enabled version of tcpdump is available from - <A + <A HREF="http://www.tcpdump.org/" TARGET="_top" >http://www.tcpdup.org/</A @@ -991,12 +1098,15 @@ TARGET="_top" local subnet. Be aware that Ethereal can read and write netmon formatted files. </P +></LI +><LI ><P -><I +> <I CLASS="EMPHASIS" >How do I install 'Network Monitor' on an NT Workstation -or a Windows 9x box?</I -></P + or a Windows 9x box?</I +> + </P ><P > Installing netmon on an NT workstation requires a couple of steps. The following are for installing Netmon V4.00.349, which comes @@ -1091,14 +1201,11 @@ CLASS="FILENAME" information on how to do this. Copy the files from a working Netmon installation. </P -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN267" ->URLs and similar</A -></H2 +></LI +><LI +><P +> The following is a list if helpful URLs and other links: + </P ><P ></P ><UL @@ -1164,44 +1271,44 @@ TARGET="_top" ></P ></LI ></UL -></DIV -><DIV -CLASS="SECT2" -><HR><H2 -CLASS="SECT2" -><A -NAME="AEN291" ->Mailing Lists</A -></H2 +></LI +></UL ><P -><I +></P +><UL +><LI +><P +> <I CLASS="EMPHASIS" >How do I get help from the mailing lists ?</I -></P +> + </P ><P ->There are a number of Samba related mailing lists. Go to <A +> There are a number of Samba related mailing lists. Go to <A HREF="http://samba.org" TARGET="_top" >http://samba.org</A >, click on your nearest mirror -and then click on <B + and then click on <B CLASS="COMMAND" >Support</B > and then click on <B CLASS="COMMAND" ->Samba related mailing lists</B ->.</P +> Samba related mailing lists</B +>. + </P ><P ->For questions relating to Samba TNG go to -<A +> For questions relating to Samba TNG go to + <A HREF="http://www.samba-tng.org/" TARGET="_top" >http://www.samba-tng.org/</A > -It has been requested that you don't post questions about Samba-TNG to the -main stream Samba lists.</P + It has been requested that you don't post questions about Samba-TNG to the + main stream Samba lists.</P ><P ->If you post a message to one of the lists please observe the following guide lines :</P +> If you post a message to one of the lists please observe the following guide lines : + </P ><P ></P ><UL @@ -1269,48 +1376,76 @@ CLASS="EMPHASIS" smb.conf in their attach directory ?</P ></LI ></UL +></LI +><LI ><P -><I +> <I CLASS="EMPHASIS" >How do I get off the mailing lists ?</I -></P +> + </P ><P >To have your name removed from a samba mailing list, go to the - same place you went to to get on it. Go to <A + same place you went to to get on it. Go to <A HREF="http://lists.samba.org/" TARGET="_top" >http://lists.samba.org</A ->, click - on your nearest mirror and then click on <B +>, + click on your nearest mirror and then click on <B CLASS="COMMAND" >Support</B > and - then click on <B + then click on <B CLASS="COMMAND" > Samba related mailing lists</B >. Or perhaps see - <A + <A HREF="http://lists.samba.org/mailman/roster/samba-ntdom" TARGET="_top" >here</A -></P +> + </P ><P > Please don't post messages to the list asking to be removed, you will just - be referred to the above address (unless that process failed in some way...) - </P -></DIV + be referred to the above address (unless that process failed in some way...) + </P +></LI +></UL ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN330" +NAME="AEN351" >DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></H1 +><DIV +CLASS="WARNING" ><P ->This appendix was originally authored by John H Terpstra of the Samba Team -and is included here for posterity.</P +></P +><TABLE +CLASS="WARNING" +BORDER="1" +WIDTH="100%" +><TR +><TD +ALIGN="CENTER" +><B +>Possibly Outdated Material</B +></TD +></TR +><TR +><TD +ALIGN="LEFT" +><P +> This appendix was originally authored by John H Terpstra of + the Samba Team and is included here for posterity. + </P +></TD +></TR +></TABLE +></DIV ><P ><I CLASS="EMPHASIS" @@ -1327,12 +1462,9 @@ Windows NT SAM.</P ><P >Windows NT Server can be installed as either a plain file and print server (WORKGROUP workstation or server) or as a server that participates in Domain -Control (DOMAIN member, Primary Domain controller or Backup Domain controller).</P -><P ->The same is true for OS/2 Warp Server, Digital Pathworks and other similar -products, all of which can participate in Domain Control along with Windows NT. -However only those servers which have licensed Windows NT code in them can be -a primary Domain Controller (eg Windows NT Server, Advanced Server for Unix.)</P +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT.</P ><P >To many people these terms can be confusing, so let's try to clear the air.</P ><P |