R: Samba NTDOM FAQ Draft #2

Luke Kenneth Casson Leighton lkcl at switchboard.net
Fri Mar 6 19:07:08 GMT 1998

On Fri, 6 Mar 1998, Giampaolo Tomassoni wrote:

> >On-line at
> >
> > http://www.eng.auburn.edu/users/cartegw/samba_ntdom_faq.html
> >
> >
> >Thanks for all the comments on the first draft.
> Hi Gerald,
> I have a couple of questions regarding the section <<2. How do I get my NT
> Workstation / Server to login to the Samba controlled Domain?>> of the FAQ
> Draft:
> According to it, seems that a workstation entry shall be of the form:
>     my_workstation's_name$:LM_XXX:NT_XXX:0080:other_fields_are_ignored:

incorrect.  lines should be exactly same format as user accounts, except
that the :0080: should be added.  :0010: can be added to user accounts,
but that's another story.

this is only temporary anyway.
> I actually have declared my trusted workstations with lines like:
>     my_workstation's_name$:65534:LM_XXX:NT_XXX:0080::
>                              ^
>                         nobody's uid
> and they seem to work pretty well... Is it an alterante form?

> Later in the same section the FAQ states that a domain sid is of the form:
>     domain sid = S-1-5-21-XXX-XXX-XXX-XXX

this is wrong, as far as i know.
> while I am actually using a S-1-5-21-XXX-XXX-XXX sid. Is the sid

this is correct.

> Finally, I would like to read a deeper explanation of how to create roaming
> accounts, apart the ControlPanel->System->Profiles stuff which, at least for
> me, didn't work at all. Also what a NTUSER.DAT, ntuser.dat.LOG and
> ntlogin.pol files are and contains (at least roughly). This would help me a
> lot, so I believe it could help somebody else as well.

this kind of info is available from microsoft docs.  this is not to say
that we don't need equivalents, and to explicitly point out the previous
sentence as a source.

More information about the samba-ntdom mailing list