SOTL wrote:
> MUST one have a primary domain controller?
>
I wouldn't have two domain controllers with the same Domain name that
aren't primary/backup if that's what you're asking.
You do NOT need do have a domain controller at all for Microsoft
networking. Simple peer-to-peer networking works just fine.
Granted, if you have a username that you want to use to map to any other
machine, you will need to have a local account on each remote machine
setup with that username/password for drive mappings to work.
This is where a "Domain Controller" comes in. It allows all Backup
Domain Controllers to replicate the SAM database from the Primary Domain
Controller, effectively sharing the usernames/passwords among the
machines in that Domain.
Machines that are part of a Domain "join" the domain, and have entries
that allow them to use the Domain Controllers for authentication.
Using a Domain is really the "old way" to share authentication
databases. Today, Microsoft servers use Active Directory Services
(typically referred to as AD) for the user authentication and shared
naming services.
AD is based on DNS/Kerberos. It provides a PDC/BDC compatibility layer
for migration from "legacy" Domain Controller networks. Some of the AD
servers act as PDC "gateways" for legacy networks to use until they are
upgraded to use AD natively.
> The issue is not MAY one have a primary domain controller but MUST one have
> one? Is it possible to set up all the Samba boxes as non primary domain
> controllers and have everything function correctly?
>
If you wish to use a Domain for user authentication, you will need a
Primary Domain Controller. You only want one Primary Domain Controller
for any given Domain.
If you don't want to use Domains, you do NOT need a Domain Controller.
You can use peer-to-peer networking and merely setup local accounts on
all of the servers that you want to connect to.
The default mode for Samba is to run in a peer-to-peer capacity. This
is probably what you're looking for.
If you're talking about the name that shows up in Network Neighborhood,
you can set the same "Workgroup" name on all of your peer-to-peer
configured boxes. A master browser will be elected after a while, making
Network Neighborhood browsing bearable (B-node announcements will be
learned and \\MAILSLOT\BROWSE will get populated on the master browser
elected box).
If you run a Domain controller on a segment, do NOT try and use that
Domain's name as a "Workgroup" name on non-Domain configured
peer-to-peer boxes. The domain controller _will_ win master browser
elections, and non-Domain members will not appear.
There are all kinds of weird behavior modes with Microsoft networking.
You will learn in time to hate them as I do.
I blame IBM and Xerox for starting this SMB mess, and Microsoft for
munging it year after year to suit their needs.
http://samba.anu.edu.au/cifs/docs/what-is-smb.html
ftp://ftp.microsoft.com/developr/drg/CIFS/
-- - Ian C. Blenke <icblenke@nks.net>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:53:20 EDT