MS Windows workstations and servers that want to participate in domain security need to
be made domain members. Participating in domain security is often called
, or SSO for short. This
chapter describes the process that must be followed to make a workstation
(or another server be it an MS Windows NT4/200x
server) or a Samba server a member of an MS Windows domain security context.
Samba-3 can join an MS Windows NT4-style domain as a native member server, an
MS Windows Active Directory domain as a native member server, or a Samba domain
control network. Domain membership has many advantages:
MS Windows workstation users get the benefit of SSO.
Domain user access rights and file ownership/access controls can be set
from the single Domain Security Account Manager (SAM) database
(works with domain member servers as well as with MS Windows workstations
that are domain members).
Only MS Windows NT4/200x/XP Professional
workstations that are domain members can use network logon facilities.
Domain member workstations can be better controlled through the use of
policy files (
NTConfig.POL) and desktop profiles.
Through the use of logon scripts, users can be given transparent access to network
applications that run off application servers.
Network administrators gain better application and user access management
abilities because there is no need to maintain user accounts on any network
client or server other than the central domain database
(either NT4/Samba SAM-style domain, NT4 domain that is backend-ed with an
LDAP directory, or via an Active Directory infrastructure).