How can linux do this?

Luke Kenneth Casson Leighton lkcl at switchboard.net
Tue May 19 15:06:40 GMT 1998 

[this message cross-posted by richard sharpe to samba-technical.  in
addition to original posters, reply is to both redhat-list and
samba-technical: bounce expected from redhat-list as i am not subscribed
to that list]. 

>Hello David,
>
>Yes, NT does do that,

correct.

> no Linux can not do that.

using the latest (pre-alpha) version of samba, any version of unix can do
that.

> It is a function of user management within NT.

> NT would recognize the difference because of the
>security token that is passed during logon.

the difference between NT and non-NT is detected by an NT (and
incidentally also by a Win95 client) by doing a dce/rpc-over-SMB
connection to \PIPE\srvsvc.

if a valid response is received, the client assumes that the server is an
NT 3.5 / NT 4.0 server, which immediately gets you into trouble if you
then do not follow up by providing full NT logon, print and administrative
services.

NONE of these (NT LANMAN 2.0 i think) services are documented in any way
by microsoft. 

SOMETIMES you can fool the NT client into "thunking" down to the old
(documented, LANMAN 1.0) if you give it the right error message.  e.g for
network neighbourhood browsing, but not for viewing shares on a server
_in_ the network neighbourhood.

> The ACL is read telling the
> token what profile to use and file/directory rights the user has.

in the \PIPE\NETLOGON and \PIPE\ntlsa support that we had to add to
provide full NT 3.51 / 4.0 support to samba as a "Primary Domain
Controller" no ACLs were seen.

we did have to provide support for "LsaLookupNames" and "LsaLookupSIDs",
as each _locally_ stored ACL (constructed at file create time by the
client from the information obtained from the server) has SIDs in it which
the client expects the PDC (in this case the samba server) to individually
resolve for it.

the lookup occurs when the user logs back in and the workstation wishes to
verify that the locally stored copy of the user's profile does in fact
belong to that user, so that the workstation can overwrite it if it is out
of date compared to the copy of the profile kept on the server.


> The profiles could quite possibly be stored on an Linux system,

the profiles can be stored on any SMB server, including a samba server
running on linux.  [there are caveats here: the SMB server must support
encrypted passwords - NT and LM 16 byte clear-text equivalent hashes].

the ability to _specify_ to the NT workstation the location of the profile
must be done by a Domain Controller, including a samba pre-alpha server
running on linux.


> but the drive
>would have to "mapped" before the logon took place. Linux does not have the
>ability (yet) to do this.

samba does.  samba runs on most modern versions of unix; lots of old ones
(apollo, NeXT although there are a couple of compiler errors being sorted
out in the latest version of samba, for NeXT3_0 at the moment); the free
ones (linux, freebsd); a few real-time OSes; VMS;  AmigaOS; crays;  the
works.

in fact the only major os it doesn't yet run on is Win32. 

luke (samba team)


>Shon Nixon, MCSE and avid Linux user.
>Chief Information Technology
>Midrex Direct Reduction Corp.
>
>-----Original Message-----
>From: David Masterson <david at batcave.bungi.com>
>To: M. Neidorff <neidorff at cybernex.net>
>Cc: redhat-list at redhat.com <redhat-list at redhat.com>
>Date: Monday, May 18, 1998 3:50 AM
>Subject: How can linux do this?
>
>
>>>>>>> "Mark" == M Neidorff <neidorff at cybernex.net> writes:
>>
>>> Hi folks, One of the things that a nt server can do for a win based
>>> network is store each user's profile so that no matter what machine
>>> the user logs on at they get the same icons, etc. on the desktop.
>>> Could that kind of nt server be replaced with a linux server?  If
>>> so, what would do the user profile storage?
>>
>>NT can do that??  Not where I work.  It's unlikely that two different
>>systems have the same setup of software, so its unlikely that a user's
>>profile or icons could be the same on two separate systems.  The only
>>way I could see that working is if most (if not all) of the system was
>>accessed over the network from a file server.  If that's how it works,
>>then I see no reason that Linux couldn't be the file server (using
>>Samba) -- the NTs wouldn't know the difference.
>>
>>--
>>David Masterson
>>david at batcave.bungi.com
>>
>>
>>--
>>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>>         To unsubscribe: mail redhat-list-request at redhat.com with
>>                       "unsubscribe" as the Subject.
>>
>
>
>-- 
>  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
>         To unsubscribe: mail redhat-list-request at redhat.com with 
>                       "unsubscribe" as the Subject.
>
>

Regards
-------
Richard Sharpe, sharpe at ns.aus.com, NIC-Handle:RJS96
NS Computer Software and Services P/L, 
Ph: +61-8-8281-0063, FAX: +61-8-8250-2080, 
Samba, Linux, Apache, Digital UNIX, AIX, Netscape, Stronghold, C, ...

More information about the samba-technical mailing list