[Samba] Choosing Domain vs. Workgroup

Jonathan Johnson jon at sutinen.com
Tue Sep 26 15:45:49 GMT 2006

On 9/19/2006 9:01 AM, David Dyer-Bennet wrote:
> On 9/19/06, Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
> wrote:
>> On 09/18/2006 12:08 PM, David Dyer-Bennet escreveu:
>> > I thought I wanted to set up my Solaris file-server as domain
>> > controller for my small home network, but the more I look at it the
>> > less I'm sure.  Plus I'm having trouble doing it :-).
> [snip]
>> > And some of the machines are running XP home, since that's what came
>> > on at least one of the laptops.  And one of them is a Mac.
>>         AFAIK, WinXP Home is not allowed to join domains.
> That's what I've read, as well.  I was trolling for confirmation, kinda.
That's not to say that XP Home cannot communicate with a Samba domain as
a workgroup member. You'll just have to maintain user security
information separately on the Home machines, you won't be able to take
advantages of the features of a domain. (Remember, a domain is just a
workgroup with centralized security management.) Likewise, the Mac will
have its own security database, unless you can figure out how to make it
use kerberos authentication against the Samba domain (theoretically
possible if you are running OS X).

With more than a few machines, user management is a nightmare on XP
Home. Also, for NTFS filesystem security, XP Home is missing the GUI
tools. The security features are there, you just have to use CACLS from
the command line and that gets ugly.

-Jonathan Johnson
Sutinen Consulting, Inc.

More information about the samba mailing list