Samba NT PDC capabilities: progress report.

Luke Kenneth Casson Leighton lkcl at
Mon Dec 8 18:46:37 GMT 1997

 the following report applies to the latest cvs version (tag of 
 BRANCH_NTDOM).  details of how to use public cvs to access the samba 
 source repository are at

 please note that this development is in parallel with, and therefore does
 not affect, the current development plan for samba: please see the 
 Roadmap and WhatsNew files with the samba distribution.

the next major milestone has been reached since the nt domain support was 
first introduced on the back of the 1.9.18alpha series: you can run "User 
Manager for Domains" (NT Server's USRMGR.EXE program) on a Samba server.

a list of user accounts is available.  viewing an individual user's
account (including the profile, and what groups the user is in) will be
the next immediate goal.  please note that modifying or adding a new user
to a Samba PDC via USRMGR.EXE will not be available for a few months.

so, the state of play is:

- Users of NT 3.51 and 4.0 Workstations and stand-alone NT Servers can log
in to a Samba PDC server, and have their accounts configured through the
normal unix methods, supplemented by the Samba encrypted password database

- You can use USRMGR.EXE on NT server to view accounts on a Samba PDC.

- smbclient has been reworked to support NT logins: you can use smbclient
to log in to _any_ Primary Domain Controller, whether it be a Samba PDC or
an NT PDC (not tried against an AT&T or SCO PDC - that'd be interesting to
confirm :-)

future plans:

- BDC capabilities.  trust relationships.  this is likely to involve further 
work on the sam replication pipe, in order to get it right.

- allowing an administrator to add a workstation to a domain, from that
workstation.  this will definitely involve lots of work on the sam
replication pipe. 

- resolving the monotonic mapping between NT RIDs (relative ids.  relative
to SIDs, that is) and unix uid / gids (user ids / group ids).  at the
moment, this has not been finalised.  i'd prefer that the NT domain
support remained tagged as experimental until this is sorted, particularly
as NT sets up workstation, server and inter-domain trust accounts.  each
of these has their own RID (equivalent of a unix user id).  as far as i am
aware, no unix system supports this concept, which is a pain. 

- "server manager" functionality.  this will involve taking smbstatus
reports and making them available through SRVMGR.EXE (on NT) and smbclient
(under unix). 

- cgi-bin front end to smbclient, to present a "user manager for domains" 
and "server manager for domains" in html format.  (to keep those people
used to GUIs happy). 

a further report will be made once the next major piece of this
drastically large puzzle has been solved.

please remember that this does not in any way affect the current
development cycle in samba, and is only available when compiling with



<h1> SPAM not welcome. </h1>
<a href="mailto:lkcl at"  > Luke Kenneth Casson Leighton  </a>
<a href=""> Samba Consultancy and Support </a>

More information about the samba mailing list