On Wed, Feb 23, 2005 at 07:51:25AM -0500, Marty Landman wrote: > Looking further down, I must be honest in saying don't even know what a > domain is. I use Samba to access shares from network 'nix boxes from > Windows boxes /only/. In Windows, when you're a member of a Domain, you sent your authentication request to a Domain Controller. If your login/password are authenticated, your machine/session is issued an authentiction token that is used thereafter to determine your rights to access domain-accessible shares (directories, printers, etc.) There are other features as well--the Domain Administrator can assign login (and logout) scripts, define the home directory and drive mapping, and specify the off-workstation storage location for profile information (roaming profiles). A Group Policy can be promulgated from the Domain Controller that specifies a number of behavioral characteristics of workstations in the domain. (Yes, this is greatly simplified.) Windows XP Home simply can't do this--it can't "join" the domain, and can't participate in the authentication process. BUT it can be set to be in the Workgroup that is the cognate of the Active Directory domain name (e.g., corp.mycompany.com has a workgroup cognate of, say, MYCOMPANY). (No, cognate isn't Microsoft's word for it--I can't remember the proper terminology before coffee.) When it tries to access a Domain resource--typically a printer or file share--and it's not authenticated, it will be queried for its credentials. It will, by default, provide the login/password of the current session. If those fail, you should be prompted for a login/password pair that exist in the Domain. Thus, if you set up an account for the XP Home user in the Domain, and give it the same name and password as the account they use on the XP Home box, they shouldn't see anything abnormal when they try to use Domain resources. At the worst, give 'em an account they can respond with when XP asks for it, and map persistent network connections in their account. Other problems do arise in this workaround. Their machine can't be managed by domain policies. They can't have a login or logout script assigned to their account, nor will they be assigned a home directory or roaming profile home. But at least they can be allowed to use shared resources. Cheers, -- Dave Ihnat ignatz@xxxxxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
