2024-12-31 17:18:04 +03:00 · 2003-04-25 04:36:08 +00:00 · 2003-04-25 04:36:08 +00:00 · 7aa3d6c2ad
commit 7aa3d6c2ad
parent 803f257032
6 changed files with 54 additions and 27 deletions
--- a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
@ -57,9 +57,9 @@ parameters in the [global]-section of the smb.conf have to be set:
 </para>

 <para><programlisting>
-workgroup = SAMBA
-domain master = yes
-domain logons = yes
+	workgroup = SAMBA
+	domain master = yes
+	domain logons = yes
 </programlisting></para>

 <para>
@ -201,9 +201,9 @@ by setting
 </para>

 <para><programlisting>
-workgroup = samba
-domain master = no
-domain logons = yes
+	workgroup = samba
+	domain master = no
+	domain logons = yes
 </programlisting></para>

 <para>
--- a/docs/docbook/projdoc/ServerType.sgml
+++ b/docs/docbook/projdoc/ServerType.sgml
@ -85,7 +85,7 @@ LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc.
 <para>
 Please refer to the section on Howto configure Samba as a Primary Domain Controller
 and for more information regarding how to create a domain machine account for a
-domain member server as well as for information regading how to enable the samba
+domain member server as well as for information regarding how to enable the samba
 domain member machine to join the domain and to be fully trusted by it.
 </para>

--- a/docs/docbook/projdoc/UNIX_INSTALL.sgml
+++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml
@ -88,13 +88,13 @@
 	<para>
 	SWAT is a web-based interface that helps you configure samba. 
 	SWAT might not be available in the samba package on your platform, 
-	but in a seperate package. Please read the swat manpage 
+	but in a separate package. Please read the swat manpage 
 	on compiling, installing and configuring swat from source.
 	</para>

 	<para>To launch SWAT just run your favorite web browser and 
 	point it at "http://localhost:901/". Replace <replaceable>localhost</replaceable> with the name of the computer you are running samba on if you 
-	are running samba on a different computer then your browser.</para>
+	are running samba on a different computer than your browser.</para>

 	<para>Note that you can attach to SWAT from any IP connected 
 	machine but connecting from a remote machine leaves your 
--- a/docs/docbook/projdoc/passdb.sgml
+++ b/docs/docbook/projdoc/passdb.sgml
@ -238,8 +238,8 @@ data is stored at all.
 <sect1>
 <title>TDB</title>
 <para>Samba can also store the user data in a "TDB" (Trivial Database). Using this backend 
-doesn't require any additional configuration. This backend is recommended for new installations who 
-don't require LDAP.
+doesn't require any additional configuration. This backend is recommended for new installations that 
+don not require LDAP.
 </para>
 </sect1>

@ -284,7 +284,7 @@ Two additional Samba resources which may prove to be helpful are
 </sect2>

 <sect2>
-<title>Introduction</title>
+<title>Encrypted Password Database</title>

 <para>
 Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt
@ -327,7 +327,7 @@ API, and is still so named in the CVS trees).
 </para>

 <para>
-There are a few points to stress about what the ldapsam
+There are a few points to stress about that the ldapsam
 does not provide.  The LDAP support referred to in the this documentation does not
 include:
 </para>
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@ -19,7 +19,7 @@
 <abstract>
 <para>
 This book is a collection of HOWTOs added to Samba documentation over the years.
-Samba is always under development, and so is it's documentation. This release of the
+Samba is always under development, and so is its' documentation. This release of the
 documentation represents a major revision or layout as well as contents.
 The most recent version of this document can be found at
 <ulink url="http://www.samba.org/">http://www.samba.org/</ulink>
@ -35,8 +35,8 @@ or without their knowledge contributed to this update. The size and scope of thi
 project would not have been possible without significant community contribution. A not
 insignificant number of ideas for inclusion (if not content itself) has been obtained
 from a number of Unofficial HOWTOs - to each such author a big "Thank-you" is also offered.
-Please keep publishing you Unofficial HOWTO's - they are a source of inspiration and
-application knowledge that is most to be desired by may Samba users and administrators.
+Please keep publishing your Unofficial HOWTO's - they are a source of inspiration and
+application knowledge that is most to be desired by many Samba users and administrators.
 </para>

 </abstract>
--- a/docs/docbook/projdoc/securing-samba.sgml
+++ b/docs/docbook/projdoc/securing-samba.sgml
@ -2,6 +2,7 @@

 <chapterinfo>
 	&author.tridge;
+	&author.jht;
 	<pubdate>17 March 2003</pubdate>
 </chapterinfo>

@ -36,8 +37,8 @@ might be:
 </para>

 <para><programlisting>
-  hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
-  hosts deny = 0.0.0.0/0
+	hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
+	hosts deny = 0.0.0.0/0
 </programlisting></para>

 <para>
@ -66,8 +67,8 @@ You can change this behaviour using options like the following:
 </para>

 <para><programlisting>
-  interfaces = eth* lo
-  bind interfaces only = yes
+	interfaces = eth* lo
+	bind interfaces only = yes
 </programlisting></para>

 <para>
@ -105,10 +106,10 @@ UDP ports to allow and block. Samba uses the following:
 </para>

 <para><programlisting>
-UDP/137    - used by nmbd
-UDP/138    - used by nmbd
-TCP/139    - used by smbd
-TCP/445    - used by smbd
+	UDP/137    - used by nmbd
+	UDP/138    - used by nmbd
+	TCP/139    - used by smbd
+	TCP/445    - used by smbd
 </programlisting></para>

 <para>
@ -135,9 +136,9 @@ To do that you could use:
 </para>

 <para><programlisting>
-  [ipc$]
-     hosts allow = 192.168.115.0/24 127.0.0.1
-     hosts deny = 0.0.0.0/0
+	[ipc$]
+	     hosts allow = 192.168.115.0/24 127.0.0.1
+	     hosts deny = 0.0.0.0/0
 </programlisting></para>

 <para>
@ -163,6 +164,32 @@ methods listed above for some reason.

 </sect1>

+<sect1>
+<title>NTLMv2 Security</title>
+
+<para>
+To configure NTLMv2 authentication the following registry keys are worth knowing about:
+</para>
+
+<para>
+<programlisting>
+	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+	"lmcompatibilitylevel"=dword:00000003
+
+	0x3 - Send NTLMv2 response only. Clients will use NTLMv2 authentication,
+	use NTLMv2 session security if the server supports it. Domain
+	controllers accept LM, NTLM and NTLMv2 authentication.
+
+	[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
+	"NtlmMinClientSec"=dword:00080000
+
+	0x80000 - NTLMv2 session security. If either NtlmMinClientSec or
+	NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2
+	session security is not negotiated.
+</programlisting>
+</para>
+</sect1>
+
 <sect1>
 <title>Upgrading Samba</title>