 |
教程: Linux教程-网络管理-使samba 2.0 加入NT域 |
 |
|
|
| 教程: Linux教程-网络管理-使samba 2.0 加入NT域 |
|
|
|
|
br>
This method, which is new in Samba 2.0.6 and above, allows Samba to use
exactly the same mechanism that NT does. This method either broadcasts or
uses a WINS database in order to find domain controllers to authenticate
against.
这个在samba 2.0.6及以上版本出现的方法,允许samba采用与NT同样精确的方式,用广播
或者使用WINS数据库来查找域控制器作反向验证。
Finally, restart your Samba daemons and get ready for clients to begin using
domain security!
最后,重启你的samba守护程序并准备好客户以域安全级来使用!
Why is this better than security = server?
为什么域安全级比服务器安全级更好
------------------------------------------
Currently, domain security in Samba doesn't free you from having to create
local Unix users to represent the users attaching to your server. This means
that if domain user DOMfred attaches to your domain security Samba server,
there needs to be a local Unix user fred to represent that user in the Unix
filesystem. This is very similar to the older Samba security mode
"security=server", where Samba would pass through the authentication request
to a Windows NT server in the same way as a Windows 95 or Windows 98 server
would.
通常,在samba中采用域安全级对你来说并不是件轻松的事儿,你必须建立了本地unix用
户来访问你的服务器。这意味着如果域用户DOMfred访问你采用域安全级的samba服务器
时,需要成为一个能访问unix文件系统的本地unix用户。这个情况和先前的samba安全模
式"security=server"非常相似,samba能在NT服务器上通过认证请求,同样也可以作为
windows 95和windows 98的服务器。
The advantage to domain-level security is that the authentication in
domain-level security is passed down the authenticated RPC channel in exactly
the same way that an NT server would do it. This means Samba servers now
participate in domain trust relationships in exactly the same way NT servers
do (i.e., you can add Samba servers into a resource domain and have the
authentication passed on from a resource domain PDC to an account domain
PDC.
域安全级的优势在于通过此级的认证是在已得到认证的RPC通道上继承而来的,而NT服务
器就是以这样同样精确的方法来操作的。这意味着samba服务器可以NT服务器同样精确的
方法参与域委托关系(例如,你可以把samba服务器加入到资源域中并能在一个资源域PDC
上通过认证从而取得域PDC中的账号)。
In addition, with "security=server" every Samba daemon on a server has to
keep a connection open to the authenticating server for as long as that
daemon lasts. This can drain the connection resources on a Microsoft NT
server and cause it to run out of available connections. With "security
=domain", however, the Samba daemons connect to the PDC/BDC only for as long
as is necessary to authenticate the user, and then drop the connection, thus
conserving PDC connection resources.
另外,使用"security=server"参数的每个samba守护程序可以保持联接已开放认证服务的
服务器,只要守护程序支持。这样做会耗尽NT服务器上的联接资源并导致可联接资源被用
完。而使用"security =domain",samba守护程序只保持向PDC/BDC认证用户时必需的联接
,然后结束这个联接,因而保存了PDC的联接资源。
And finally, acting in the same manner as an NT server authenticating to a
PDC means that as part of the authentication reply, the Samba server gets the
user identification information such as the user SID, the list of NT groups
the user belongs to, etc. All this information will allow Samba to be
extended in the future into a mode the developers currently call appliance
mode. In this mode, no local Unix users will be necessary, and Samba will
generate Unix uids and gids from the information passed back from the PDC
when a user is authenticated, making a Samba server truly plug and play in an
NT domain environment. Watch for this code soon.
最后,通过用与NT服务器认证相同的风格来运作而得到的认证回复部分,samba服务器可
以获得象用户SID这样的证明信息及用户所属的NT组列表等等。所有这些信息将使samba可
以在未来被扩展到开发者们通常称为工具的模式。在这样的模式中,不需要本地unix用户
,并且当用户认证时samba将以PDC传回的信息来产生unix用户账号和组账号,使samba服
务器真正在NT域环境中做到即插即用。请关注这样的代码信息。
NOTE: Much of the text of this document was first published in the Web
magazine "LinuxWorld" as the article "Doing the NIS/NT Samba".
注意:这份文档中的很多文字首先在网络杂志"LinuxWorld"上以文章"Doing the NIS/NT
Samba"公布
上一页 [1] [2]
|
|
| 教程录入:admin 责任编辑:admin |
|
|
上一篇教程: 教程: Linux教程-网络管理-利用Linux的Samba服务模拟NT域
下一篇教程: 教程: Linux教程-网络管理-如何使用UUCP |
|
|
|
|
|
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
|
|
|
