Samba as Domain Controller

Richard Sharpe sharpe at
Fri Mar 2 18:12:25 GMT 2001

At 12:47 PM 3/2/01 -0800, Greg J. Zartman wrote:
>But, if all you want to use the PDC for is a password server (i.e.,
>centralize the usernames and passwords), then a domain is a must.  While
>win9x may not be a true domain client, from the users standpoint the
>distinction is not noticeable.  The last thing I want to do is run around to
>every workstation in the office and update usernames and passwords everytime
>something changes.  By employing DHCP and a domain, I only have to change
>things in one place.  As far as my clients are concerned the OS doesn't
>matter.  I have 95, 98, ME, NT 4.0., and 2000.  From the users standpoint,
>they all act exactly the same on the network.   My win 9x people can't sneak
>into network shares they don't have access to any easier than a person on a
>2000 machine.

Ummm, I have a client who has Win95, Win98 and Win2000, and supports logon
scripts and so on, but does not run Samba as a Domain controller. They use
Samba 2.0.7, but do not use the domain controller stuff yet.

Secondly, they use a centralized password database (they actually use
encrypted passwords for security reasons) and DHCP for all the Windows boxes.

So, you do not need to run Samba as a domain controller for that function.

>I think we are talking about two different types of networks here.  In my
>line of work, the primary function of the network is to provide internet
>access,  tie all of our workstations together, and centralize usernames and
>passwords.  Really, what we are doing is operating as a workgroup, but
>calling it a domain.   Most all of our work is done locally and then
>uploaded to centralized project directories on a regular basis.
>For this function Samba 2.2 works much better than 2.0.7.  Maybe it's my
>hardware or my lack of experience with Linux, but I've tried both and 2.0.7
>falls short.

Ummm, in what way does it fall short? The only additional functionality in
2.2.0 that you would need, and it was only added in the last week or so, is
the ability to list users from Win9X for sharing etc.

>----- Original Message -----
>From: "Richard Sharpe" <sharpe at>
>To: "Greg J. Zartman" <greg at>; <samba-ntdom at>
>Sent: Friday, March 02, 2001 8:19 AM
>Subject: Re: Samba as Domain Controller
>> At 08:52 AM 3/2/01 -0800, Greg J. Zartman wrote:
>> >
>> >----- Original Message -----
>> >From: "Richard Sharpe" <sharpe at>
>> >To: "Adam Lang" <aalang at>;
><samba-ntdom at>
>> >Sent: Wednesday, February 28, 2001 9:08 AM
>> >Subject: Re: Samba as Domain Controller
>> >
>> >
>> >> At 04:23 PM 2/28/01 -0500, Adam Lang wrote:
>> >> >I'm looking into using Samba as the domain controller for my network
>> >(about
>> >> >75 users on windows 9x).
>> >>
>> >> For Win9X machines you do not need a PDC. Samba 2.0.7 will do fine for
>> >> these machines.
>> >
>> >This doesn't make any sense.  What does the client OS have to do with the
>> >weather or no you need a PDC???  A PDC basically centralizes netword
>> >on one machine.  The client OS makes no difference.
>> Sigh,
>> it makes eminent senses when you realize that Microsoft does not use the
>> Domain Controller protocols (Encrypted RPCs) for Win9X logons, but does
>> WinNT and Windows 2000.
>> Thus, the client OS makes a big difference. Take my word for it, lots of
>> people are using Samba 2.0.7 and below as a logon server for Windows 95,
>> and ME, and have been doing so for years.
>> You do need to set the parameter 'domain logons = yes'. And, you might
>> 'encrypt passwords = yes', but then again, you might not.
>> Regards
>> -------
>> Richard Sharpe, sharpe at
>> Samba (Team member,, Ethereal (Team member,
>> Contributing author, SAMS Teach Yourself Samba in 24 Hours
>> Author, Special Edition, Using Samba

Richard Sharpe, sharpe at
Samba (Team member,, Ethereal (Team member,
Contributing author, SAMS Teach Yourself Samba in 24 Hours
Author, Special Edition, Using Samba

More information about the samba-technical mailing list