Thanks
SOTL
On Saturday 11 March 2006 06:19 pm, Ian Blenke wrote:
> SOTL wrote:
> > MUST one have a primary domain controller?
>
> I wouldn't have two domain controllers with the same Domain name that
> aren't primary/backup if that's what you're asking.
>
> You do NOT need do have a domain controller at all for Microsoft
> networking. Simple peer-to-peer networking works just fine.
>
> Granted, if you have a username that you want to use to map to any other
> machine, you will need to have a local account on each remote machine
> setup with that username/password for drive mappings to work.
>
> This is where a "Domain Controller" comes in. It allows all Backup
> Domain Controllers to replicate the SAM database from the Primary Domain
> Controller, effectively sharing the usernames/passwords among the
> machines in that Domain.
>
> Machines that are part of a Domain "join" the domain, and have entries
> that allow them to use the Domain Controllers for authentication.
>
> Using a Domain is really the "old way" to share authentication
> databases. Today, Microsoft servers use Active Directory Services
> (typically referred to as AD) for the user authentication and shared
> naming services.
>
> AD is based on DNS/Kerberos. It provides a PDC/BDC compatibility layer
> for migration from "legacy" Domain Controller networks. Some of the AD
> servers act as PDC "gateways" for legacy networks to use until they are
> upgraded to use AD natively.
>
> > The issue is not MAY one have a primary domain controller but MUST one
> > have one? Is it possible to set up all the Samba boxes as non primary
> > domain controllers and have everything function correctly?
>
> If you wish to use a Domain for user authentication, you will need a
> Primary Domain Controller. You only want one Primary Domain Controller
> for any given Domain.
>
> If you don't want to use Domains, you do NOT need a Domain Controller.
> You can use peer-to-peer networking and merely setup local accounts on
> all of the servers that you want to connect to.
>
> The default mode for Samba is to run in a peer-to-peer capacity. This
> is probably what you're looking for.
>
> If you're talking about the name that shows up in Network Neighborhood,
> you can set the same "Workgroup" name on all of your peer-to-peer
> configured boxes. A master browser will be elected after a while, making
> Network Neighborhood browsing bearable (B-node announcements will be
> learned and \\MAILSLOT\BROWSE will get populated on the master browser
> elected box).
>
> If you run a Domain controller on a segment, do NOT try and use that
> Domain's name as a "Workgroup" name on non-Domain configured
> peer-to-peer boxes. The domain controller _will_ win master browser
> elections, and non-Domain members will not appear.
>
> There are all kinds of weird behavior modes with Microsoft networking.
> You will learn in time to hate them as I do.
>
> I blame IBM and Xerox for starting this SMB mess, and Microsoft for
> munging it year after year to suit their needs.
>
> http://samba.anu.edu.au/cifs/docs/what-is-smb.html
> ftp://ftp.microsoft.com/developr/drg/CIFS/
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:53:53 EDT