[nflug] I am windows inept

Cyber Source peter at thecybersource.com
Thu Jul 3 09:56:35 EDT 2008


There always has to be at least 1 "local" account  in both windows and 
Linux, this local account is either the administrator (windows, even 
though it may just show the user name, that user will have full admin 
rights if it's the only user on the box) or user with sudo or root (LInux).
Now, this same pc can then join a domain. This domain can be on the 
local network, remote network, vpn, etc..
Domains are a way to have more control for network administrators. When 
the pc joins a domain, the current user may have script run via the 
domain, network access only available when on the domain, user desktop 
settings, etc, etc,.

The reasoning for setting up a domain would be to have more control over 
a network. If anyone would like to add to this explanation, please do.

Eric Benoit wrote:
> ok.  So, what would be the point of joining a machine to a domain but 
> only having local accounts, or would you have both in case the Domain 
> server goes down?  Sorry, I'm just trying to find the reasoning, so I 
> can set up my systems here appropriately.
>
> Cyber Source wrote:
>> Yes, a "machine" with local accounts can also join a domain.
>>
>> Eric Benoit wrote:
>>> Cyber Source wrote:
>>>> 1. Domain Account;
>>>> When a pc is part of a domain, it's "machine" (pc name) name is 
>>>> used in part of the authentication process for joining the domain, 
>>>> along with user and password which obtain user and group permissions.
>>>> 2. User Account;
>>>> On the very same pc, you may also have a user account for using the 
>>>> pc without joining the domain, and based on permissions again, have 
>>>> access to whatever was granted by the admin of the pc.
>>> so what your saying in the above statement is a machine can be 
>>> "logged in" to the Domain, but still have local users?
>>>
>>>
>>>>
>>>> In this thinking, everyone is a "roaming" user, whether logging 
>>>> onto the pc or the domain.
>>>>
>>>> eric wrote:
>>>>> ok yes.
>>>>>
>>>>> Lets say I log into my domain called "ubuntu" with user "eric", 
>>>>> I'm not necessarily a roaming user however the machine is logged 
>>>>> into the domain with it said machine name "winxp" for example.
>>>>> Gathering what you said I should always create roaming users... 
>>>>> but what about adding a machine to the domain when would that be 
>>>>> necessary... or is it impossible to have roaming users on a 
>>>>> machine that was not added to a domain?
>>>>>
>>>>> thank you please keep going  :)
>>>>>
>>>>> Darin Perusich wrote:
>>>>>> When you say "machines with users" I'm going to assume that you 
>>>>>> mean local accounts on said workstation/laptop, and by "roaming 
>>>>>> users" network/domain users.
>>>>>>
>>>>>> IMHO in a networked environment where you have a domain 
>>>>>> controller there is almost never any reason for local user 
>>>>>> accounts with the exception of administrative accounts or local 
>>>>>> account which can perform admin tasks in the event the network 
>>>>>> user repository is unavailable. On Windows once you login to the 
>>>>>> system your domain username and password are cached temporarily 
>>>>>> which allows you to logoff, take the machine off-site and login 
>>>>>> with the domain account. You can do the same on Linux if you have 
>>>>>> certain pam modules installed.
>>>>>>
>>>>>> Eric Benoit wrote:
>>>>>>> Hi I configured an LDAP-Samba ADS which works perfectly now, 
>>>>>>> except I don't know that much about Windows and methods of 
>>>>>>> configuring workstations/users...
>>>>>>>
>>>>>>> I have my smb/ldap automatically adding machines when I 
>>>>>>> authenticate as admin and can add roaming users as well, but my 
>>>>>>> issue is I don't know if both can be the same...
>>>>>>>
>>>>>>> can a roaming user be apart of a machine... this doesn't seem 
>>>>>>> likely to me because they are both users in smb/ldap
>>>>>>>
>>>>>>> if this is true then my question would be..
>>>>>>>
>>>>>>> when should I use roaming users and when should I use machines 
>>>>>>> with users
>>>>>>>
>>>>>>> I would love to read something about this, but all the 
>>>>>>> documentation I can find is weighted towards setting up samba 
>>>>>>> and LDAP.
>>>>>>>
>>>>>>> Can anyone point me in the right direction?
>>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> nflug mailing list
>>>>> nflug at nflug.org
>>>>> http://www.nflug.org/mailman/listinfo/nflug
>>>> _______________________________________________
>>>> nflug mailing list
>>>> nflug at nflug.org
>>>> http://www.nflug.org/mailman/listinfo/nflug
>>>
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug


More information about the nflug mailing list