[nflug] I am windows inept

Cyber Source peter at thecybersource.com
Thu Jul 3 08:50:23 EDT 2008 

Yes, a "machine" with local accounts can also join a domain.

Eric Benoit wrote:
> Cyber Source wrote:
>> 1. Domain Account;
>> When a pc is part of a domain, it's "machine" (pc name) name is used 
>> in part of the authentication process for joining the domain, along 
>> with user and password which obtain user and group permissions.
>> 2. User Account;
>> On the very same pc, you may also have a user account for using the 
>> pc without joining the domain, and based on permissions again, have 
>> access to whatever was granted by the admin of the pc.
> so what your saying in the above statement is a machine can be "logged 
> in" to the Domain, but still have local users?
>
>
>>
>> In this thinking, everyone is a "roaming" user, whether logging onto 
>> the pc or the domain.
>>
>> eric wrote:
>>> ok yes.
>>>
>>> Lets say I log into my domain called "ubuntu" with user "eric", I'm 
>>> not necessarily a roaming user however the machine is logged into 
>>> the domain with it said machine name "winxp" for example.
>>> Gathering what you said I should always create roaming users... but 
>>> what about adding a machine to the domain when would that be 
>>> necessary... or is it impossible to have roaming users on a machine 
>>> that was not added to a domain?
>>>
>>> thank you please keep going  :)
>>>
>>> Darin Perusich wrote:
>>>> When you say "machines with users" I'm going to assume that you 
>>>> mean local accounts on said workstation/laptop, and by "roaming 
>>>> users" network/domain users.
>>>>
>>>> IMHO in a networked environment where you have a domain controller 
>>>> there is almost never any reason for local user accounts with the 
>>>> exception of administrative accounts or local account which can 
>>>> perform admin tasks in the event the network user repository is 
>>>> unavailable. On Windows once you login to the system your domain 
>>>> username and password are cached temporarily which allows you to 
>>>> logoff, take the machine off-site and login with the domain 
>>>> account. You can do the same on Linux if you have certain pam 
>>>> modules installed.
>>>>
>>>> Eric Benoit wrote:
>>>>> Hi I configured an LDAP-Samba ADS which works perfectly now, 
>>>>> except I don't know that much about Windows and methods of 
>>>>> configuring workstations/users...
>>>>>
>>>>> I have my smb/ldap automatically adding machines when I 
>>>>> authenticate as admin and can add roaming users as well, but my 
>>>>> issue is I don't know if both can be the same...
>>>>>
>>>>> can a roaming user be apart of a machine... this doesn't seem 
>>>>> likely to me because they are both users in smb/ldap
>>>>>
>>>>> if this is true then my question would be..
>>>>>
>>>>> when should I use roaming users and when should I use machines 
>>>>> with users
>>>>>
>>>>> I would love to read something about this, but all the 
>>>>> documentation I can find is weighted towards setting up samba and 
>>>>> LDAP.
>>>>>
>>>>> Can anyone point me in the right direction?
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list