Luke Kenneth Casson Leighton
1997-Dec-08 18:46 UTC
Samba NT PDC capabilities: progress report.
[ the following report applies to the latest cvs version (tag of BRANCH_NTDOM). details of how to use public cvs to access the samba source repository are at http://samba.anu.edu.au/cvs.html. please note that this development is in parallel with, and therefore does not affect, the current development plan for samba: please see the Roadmap and WhatsNew files with the samba distribution. ] the next major milestone has been reached since the nt domain support was first introduced on the back of the 1.9.18alpha series: you can run "User Manager for Domains" (NT Server's USRMGR.EXE program) on a Samba server. a list of user accounts is available. viewing an individual user's account (including the profile, and what groups the user is in) will be the next immediate goal. please note that modifying or adding a new user to a Samba PDC via USRMGR.EXE will not be available for a few months. so, the state of play is: - Users of NT 3.51 and 4.0 Workstations and stand-alone NT Servers can log in to a Samba PDC server, and have their accounts configured through the normal unix methods, supplemented by the Samba encrypted password database (smbpasswd). - You can use USRMGR.EXE on NT server to view accounts on a Samba PDC. - smbclient has been reworked to support NT logins: you can use smbclient to log in to _any_ Primary Domain Controller, whether it be a Samba PDC or an NT PDC (not tried against an AT&T or SCO PDC - that'd be interesting to confirm :-) future plans: - BDC capabilities. trust relationships. this is likely to involve further work on the sam replication pipe, in order to get it right. - allowing an administrator to add a workstation to a domain, from that workstation. this will definitely involve lots of work on the sam replication pipe. - resolving the monotonic mapping between NT RIDs (relative ids. relative to SIDs, that is) and unix uid / gids (user ids / group ids). at the moment, this has not been finalised. i'd prefer that the NT domain support remained tagged as experimental until this is sorted, particularly as NT sets up workstation, server and inter-domain trust accounts. each of these has their own RID (equivalent of a unix user id). as far as i am aware, no unix system supports this concept, which is a pain. - "server manager" functionality. this will involve taking smbstatus reports and making them available through SRVMGR.EXE (on NT) and smbclient (under unix). - cgi-bin front end to smbclient, to present a "user manager for domains" and "server manager for domains" in html format. (to keep those people used to GUIs happy). a further report will be made once the next major piece of this drastically large puzzle has been solved. please remember that this does not in any way affect the current development cycle in samba, and is only available when compiling with -DNTDOMAIN. regards, luke <h1> SPAM not welcome. </h1> <a href="mailto:lkcl@switchboard.net" > Luke Kenneth Casson Leighton </a> <a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>