Samba as Domain Controller

Richard Sharpe sharpe at
Fri Mar 2 18:32:38 GMT 2001

At 12:59 PM 3/2/01 -0800, Greg J. Zartman wrote:
>I'm catching alot of flake about my suggestion that win 9x machine be part
>of a domain.

No, you are not catching a lot of flack! (Flake, BTW, are shark fillets :-)

We are simply suggesting that you do not need the domain controller stuff.

In point of fact, there is almost no difference between a domain controller
setup and a non-domain controller setup :-)

The only difference is the presence of machine trust accounts and whether
or not the clients use MSRPC for logging on etc.

However, 2.0.7 should work for you except for the Win2K machines.

>Here is the question that I would ask anyone considering whether to use a
>workgroup setup of a domain?  Do you need to control access to certain
>shares and do you enjoy spending all of you time configuring peoples
>Personally, I like having the ability to restrict access to certain shares
>on my network.  I also don't like to spend all of my time configuring
>machines and updating usernames and passwords.  That's why I use a domain.
>If someone changes their password, the change is recorded in one place and
>accessible by all.

Ummm, for Win9X machines, there is no difference between a domain and a
workgroup. Samba only has a workgroup parameter, not a domain parameter.
That is because a domain, as far as the protocols are concerned, is a
workgroup with a centralized password server.

>From the typical users standpoint, the network functions exactly the same
>regardless of what type of client OS..  The typical Win 9x user can't sneak
>into network shares any easier than a Win NT client.
>----- Original Message -----
>From: "Kristyan Osborne" <kris.ozzy at>
>To: "samba" <samba-ntdom at>
>Sent: Friday, March 02, 2001 12:37 PM
>Subject: RE: Samba as Domain Controller
>> I agree! In my old job at a school all client machines were win 95. A 95
>> machine can only be part of a workgroup and not a domain. Thus a domain
>> controller with a machine password database would make no sence if win 95
>> only validating a username and password.
>> We used a 2.0.7 server as a file-server with the user password database.
>> I am currently working on a NT 4 network with all clients NT4 wks
>> by a samba server which is a PDC, as a machine database is required.
>> Cheers
>> Kris
>> -------------
>> Computers are like airconditioners: They stop working
>> properly if you open windows.
>> Win95:    A 32-bit patch for a 16-bit GUI shell running on top of an
>>           8-bit operating system written for a 4-bit processor by a
>>           2-bit company who cannot stand 1 bit of competition.
>> -----Original Message-----
>> From: samba-ntdom-admin at
>> [mailto:samba-ntdom-admin at]On Behalf Of Richard Sharpe
>> Sent: 02 March 2001 16:19
>> To: Greg J. Zartman; samba-ntdom at
>> Subject: Re: Samba as Domain Controller
>> At 08:52 AM 3/2/01 -0800, Greg J. Zartman wrote:
>> >
>> >----- Original Message -----
>> >From: "Richard Sharpe" <sharpe at>
>> >To: "Adam Lang" <aalang at>;
><samba-ntdom at>
>> >Sent: Wednesday, February 28, 2001 9:08 AM
>> >Subject: Re: Samba as Domain Controller
>> >
>> >
>> >> At 04:23 PM 2/28/01 -0500, Adam Lang wrote:
>> >> >I'm looking into using Samba as the domain controller for my network
>> >(about
>> >> >75 users on windows 9x).
>> >>
>> >> For Win9X machines you do not need a PDC. Samba 2.0.7 will do fine for
>> >> these machines.
>> >
>> >This doesn't make any sense.  What does the client OS have to do with the
>> >weather or no you need a PDC???  A PDC basically centralizes netword
>> >on one machine.  The client OS makes no difference.
>> Sigh,
>> it makes eminent senses when you realize that Microsoft does not use the
>> Domain Controller protocols (Encrypted RPCs) for Win9X logons, but does
>> WinNT and Windows 2000.
>> Thus, the client OS makes a big difference. Take my word for it, lots of
>> people are using Samba 2.0.7 and below as a logon server for Windows 95,
>> and ME, and have been doing so for years.
>> You do need to set the parameter 'domain logons = yes'. And, you might
>> 'encrypt passwords = yes', but then again, you might not.
>> Regards
>> -------
>> Richard Sharpe, sharpe at
>> Samba (Team member,, Ethereal (Team member,
>> Contributing author, SAMS Teach Yourself Samba in 24 Hours
>> Author, Special Edition, Using Samba

Richard Sharpe, sharpe at
Samba (Team member,, Ethereal (Team member,
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

More information about the samba-ntdom mailing list