Changes
Page history
Rework Overview section
authored
Aug 28, 2018
by
Tim Beale
Show whitespace changes
Inline
Side-by-side
samba-functionality/overview.md
View page @
e3066fce
...
@@ -53,6 +53,9 @@ and Samba (specifically the `samba` binary) acts as server for each protocol.
...
@@ -53,6 +53,9 @@ and Samba (specifically the `samba` binary) acts as server for each protocol.
The server responsibilties include:
The server responsibilties include:
*
_File Server_. The AD DC must always provide file server functionality.
Note that the file server always runs as a separate binary (
[
smbd
](
https://git.samba.org/?p=samba.git;a=tree;f=source3/smbd
)
).
*
_LDAP Server_. LDAP (Lightweight Directory Access Protocol) is one way
*
_LDAP Server_. LDAP (Lightweight Directory Access Protocol) is one way
AD clients look up user information or to perform administration.
AD clients look up user information or to perform administration.
LDAP is the primary administrative
LDAP is the primary administrative
...
@@ -100,19 +103,20 @@ replication support.
...
@@ -100,19 +103,20 @@ replication support.
## [Domain member](https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member)
## [Domain member](https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member)
A domain member is
a server or workstation joined
to an AD
or NT4
A
_
domain member
_
is
essentially a machine that forwards authentication requests
to an AD
DC.
domain
which
uses that domain as the source of authentication and
The
domain
member joins an AD domain and
uses that domain as the source of authentication and
authorization for connecting users. This allows transparent access to
authorization for connecting users. This allows transparent access to
the resources on that server without maintaining a distinct password list.
the resources on that server, without the server maintaining a distinct password list.
The primary use of a domain member server is as a file server, however
there are other interesting use cases:
*
[
source3/winbindd
](
https://git.samba.org/?p=samba.git;a=tree;f=source3/winbindd
)
The domain member is often used when Samba is run solely as a file server (rather than an AD DC).
The domain member plumbs the authentication required by the file server through to another AD DC in the network.
The domain member can also query domain information on the AD DC.
The domain member functionality uses
[
winbindd
](
https://git.samba.org/?p=samba.git;a=tree;f=source3/winbindd
)
.
### Kerberos
A linux-based workstation can also use the domain member functionality to authenticate itself (i.e. allow desktop login).
There is a similar mode for NT4.
A domain member holds a
k
erberos principal in the realm (domain) and
A domain member holds a
K
erberos principal in the realm (domain) and
so the
*machine account*
(the object in the domain that represents the
so the
*machine account*
(the object in the domain that represents the
domain member) can be used to make or accept Kerberised network
domain member) can be used to make or accept Kerberised network
requests.
requests.
...
...
...
...
