Introduction

This chapter describes how to set up, and configure, a HP CIFS Server as a Primary Domain Controller (PDC).

The following are a list of recent enhancements for the HP CIFS Server. Those that are new for version A.01.08 have been identified as such.

Continue the support for joining a Samba server to the Windows NT domain as a member server
New for A.01.08: provide the ability to act as a Primary Domain Controller (PDC) for Windows clients which include Windows 95, 98, NT, XP and 2000
New for A.01.08: provide Domain login feature for Windows NT 4.0 SP3+, XP and 2000 member servers and Samba member servers
New for A.01.08: support mapping for Windows built-in group and username to a Unix group
New for A.01.08: support Windows NT logon scripts
New for A.01.08: view resources on a Samba PDC using Microsoft’s “Server manager for Domain” tool
New for A.01.08: support local and roaming profiles
New for A.01.08: support the specified logon home share to a Samba server




	NOTE: Version A.01.08 of the SIFS/9000 Server does not support Security Accounts Manager (SAM) databases (containing NT user account information) nor does it provide any Backup Domain Controller (BDC) features, and will not support BDCs in a domain for which it is serving as a PDC.

The Windows NT domain model provides a number of advantages:

Windows NT administrators may group workstations and servers under the authority of a domain controller
Domain members may be centrally administered by using domains to group related machines. One of the benefits of this is the ability for user accounts to be common for multiple systems. A user may now make one password change which will affect multiple systems accessed by that user. Another benefit is that IT administration work is reduced, since there is no longer a need for individual accounts to be administered on each system

The Primary Domain Controller (PDC) is responsible for several tasks within the domain. These include:

Authenticating user logons for users and workstations that are members of the domain
Acting as a centralized point for managing user account and group information for the domain
A user logged on to the Primary Domain Controller (PDC) as the domain administrator can add, remove or modify Windows domain account information on any machine that is part of the domain
It should be noted that the current version of the PDC does not support having a BDC in the domain. Because of this, if the PDC fails, there is no way for Windows Client users of the domain to be authenticated. And, if a disk fails on the PDC, there is no backup on the domain with the critical credential data. This means that it is very important to make backups of users credential files. It also means that there is no system that can be easily promoted to a PDC to take the place of the existing PDC

The following member servers are supported:
- Windows NT
- Windows 2000
- Windows XP
- HP CIFS
- AS/U
Users on a domain member machine can access network resources within the domain. Some examples of these resources are file and printer shares and application servers
Domain members do not perform the user authentication for user logons. Instead, the member sends the credentials to a domain controller via a secure channel. The domain controller checks the credentials against those in its database and returns the results to the member server. Access is granted based on the results returned

Technical documentation