libsmbclient: Browsing and a URI spec?
armand.welsh at sscims.com
Thu Jan 4 17:05:38 GMT 2001
well, the domain that authenticates you, is responsible for determining what
resources you are authorized, since the resource, whether in a workgroup, or
trusted domain, must verify who you are off from the PDC of the
authenticating domain. So with that in mind, the only place the workgroup
is of any benfit, is browsing.
Accessing shares requires only authentication information
(domain/username/password) and resource to be accessed
(host/share/dir/file). The workgroup is not needed in this case.
Now, in the case of samba, to use workgroup AND domain, would mean that
samba can run in a sort of hybrid mode. Since NT systems can only belong
(or be listed in) one workgroup (for domain accounts, this is the domain)
they will not be listed alternat workgroups, as participants; so in for
samba to do this, would be like having a system that can run in a hybrid (NT
and Win9x) mode at the same time. The only way NT systems can access
workgroups beyond the domain, is by having an NT server specificlly publish
the existance of these domains to clients, or by useing netbios broadcast
discovery of workgroups for browsing. If you are on any large network,
w/multiple subnets, the broadcast method will only expose workgroups within
the local subnet, which brings us back to needing an NT server to make the
systems aware of the additional workgroups.
so, in conclusion, my ramblings are trying to say, it can be done, but it
would not follow suite with microsoft way of handling domains/workgroups.
What would be nice, is for samba to allow the option of broadcasting the
existance of additional workgroups, just as NT Server does.
-> -----Original Message-----
-> From: Michael B. Allen [mailto:mballen at erols.com]
-> Sent: Wednesday, January 03, 2001 11:29 PM
-> To: Steve Langasek
-> Cc: Allen, Michael B (RSCH); Samba Technical
-> Subject: Re: libsmbclient: Browsing and a URI spec?
-> On Wed, Jan 03, 2001 at 07:20:03PM -0600, Steve Langasek wrote:
-> > By 'associated with', I mean 'bearing the same name as'.
-> If you have an NT
-> > domain called 'FOO', members of that domain will appear in
-> the workgroup 'FOO'
-> > on the network. Win9x machines may also appear in the
-> workgroup 'FOO', but
-> > they are not part of the domain.
-> Ok, I have talked to one of the NT guys and apparently we don't
-> have "workgroups" at all but rather use a "domain model" and "trust"
-> something-or-others(relationships?) ...blah, blah, blah. We
-> have a pretty
-> big network(1000s across many countries). If I look at the networking
-> configuration on my machine I have a domain specified that I thought
-> of as my "workgroup". Entering this information will only work if an
-> Administrator enables the machine name and my account
-> presumably on the
-> domain controller. The "domain" used for authentication
-> purposes(when I'm
-> connecting to shares and doing general stuff) is then
-> obtained from the
-> domain controller when I log in based on my username and
-> "domain"(the one
-> I have been calling workgroup). This is pretty much just a
-> brain dump of
-> a fairly casual discussion during chow so don't treat it as
-> anything more.
-> Now even having said that I think it's rather inconcequential to the
-> question at hand. That is; how and why would the domain(PrimaryDomain
-> field in SMB_COM_SESSION_SETUP_ANDX used for user authentication when
-> connecting to services) and the workgroup(used for name service and
-> browsing but now apparently a kind of "domain" itself)
-> differ? Fact is
-> they do in some cases so perhaps there should be a parameter
-> to specify
-> that like 'client auth domain =' for smbclient and
-> smbclient.so to use.
-> signature pending
More information about the samba-technical