NT 3.5 / 4.0 Domains for UNIX
Luke Kenneth Casson Leighton
NT domain logins, and some experimental administrative capabilities,
have been added to a development branch of SAMBA,
the publicly available file/print share program that makes UNIX servers look like
Microsoft windows NT server.
Further work is needed, but the goal is to make UNIX look like Windows
NT, over a network. This will include full UNIX command-line administrative capability as
The implications of this are that UNIX will be fully adminsterable by
the standard NT server tools (e.g "user manager for domains"; "server
manager for domains"), and both UNIX and NT will be fully administerable using HTML
(cgi-bin wrappers around the smbclient program).
Some of this functionality (both client and server) is already
available. The latest version can be obtained by following the instructions in http://samba.anu.edu.au/cvs.html.
At present, SAMBA and smbclient can only provide or obtain information
using DCE/RPC: no capability has been added to administer domain servers. This can
(should) only be possible to do by administrators. Adding or changing SAM user accounts or
domain groups is encrypted. The "backup domain controller" and
"inter-domain trust relationships" also needs to be researched.
Final point: anyone running windows NT who allows SMB access through
their firewall (ports 137-139) is strongly advised to look up and enable the
"RestrictAnonymous" registry key in the microsoft KB articles, and to look for
information on the "red button" bug in NT.
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.