1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

being a responsible developer for a change. Make sure to

update the docs wrt to the recent code changes.

Can someone regenerate these in the SAMBA_3_0 tree please?
Thanks.
This commit is contained in:
Gerald Carter 0001-01-01 00:00:00 +00:00
parent 1bd76a320e
commit ba448e6eb8
4 changed files with 42 additions and 35 deletions

View File

@ -1,15 +0,0 @@
<samba:parameter name="ads server"
context="G"
basic="1" advanced="1" wizard="1" developer="1"
xmlns:samba="http://samba.org/common">
<listitem>
<para>If this option is specified, samba does not try to figure out what
ads server to use itself, but uses the specified ads server. Either one
DNS name or IP address can be used.</para>
<para>Default: <command moreinfo="none">ads server = </command></para>
<para>Example: <command moreinfo="none">ads server = 192.168.1.2</command></para>
</listitem>
</samba:parameter>

View File

@ -5,7 +5,8 @@
<listitem>
<para>This option is used by the programs in the Samba
suite to determine what naming services to use and in what order
to resolve host names to IP addresses. The option takes a space
to resolve host names to IP addresses. Its main purpose to is to
control how netbios name resolution is performed. The option takes a space
separated string of name resolution options.</para>
<para>The options are: &quot;lmhosts&quot;, &quot;host&quot;,
@ -16,7 +17,8 @@
<listitem>
<para><constant>lmhosts</constant> : Lookup an IP
address in the Samba lmhosts file. If the line in lmhosts has
no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
no name type attached to the NetBIOS name (see the <ulink
url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
any name type matches for lookup.</para>
</listitem>
@ -26,9 +28,10 @@
</filename>, NIS, or DNS lookups. This method of name resolution
is operating system depended for instance on IRIX or Solaris this
may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename>
file. Note that this method is only used if the NetBIOS name
type being queried is the 0x20 (server) name type, otherwise
it is ignored.</para>
file. Note that this method is used only if the NetBIOS name
type being queried is the 0x20 (server) name type or 0x1c (domain controllers).
The latter case is only useful for active directory domains and results in a DNS
query for the SRV RR entry matching _ldap._tcp.domain.</para>
</listitem>
<listitem>
@ -59,6 +62,9 @@
it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para>
<para><command moreinfo="none">name resolve order = wins bcast</command></para>
<para>DC lookups will still be done via DNS, but fallbacks to netbios names will
not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</para>
</listitem>
</samba:parameter>

View File

@ -6,14 +6,24 @@
<para>This option allows the administrator to chose what
authentication methods <command moreinfo="none">smbd</command> will use when authenticating
a user. This option defaults to sensible values based on <link linkend="SECURITY">
<parameter moreinfo="none">security</parameter></link>.</para>
<parameter moreinfo="none">security</parameter></link>. This should be considered
a developer option and used only in rare circumstances. In the majority (if not all)
of production servers, the default setting should be adequate.</para>
<para>Each entry in the list attempts to authenticate the user in turn, until
the user authenticates. In practice only one method will ever actually
be able to complete the authentication.
</para>
<para>Possible options include <constant>guest</constant> (anonymous access),
<constant>sam</constant> (lookups in local list of accounts based on netbios
name or domain name), <constant>winbind</constant> (relay authentication requests
for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd
method of authentication for remote domain users; deprecated in favour of winbind method),
<constant>trustdomain</constant> (authenticate trusted users by contacting the
remote DC directly from smbd; deprecated in favour of winbind method).</para>
<para>Default: <command moreinfo="none">auth methods = &lt;empty string&gt;</command></para>
<para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para>
<para>Example: <command moreinfo="none">auth methods = guest sam winbind</command></para>
</listitem>
</samba:parameter>

View File

@ -3,18 +3,22 @@
advanced="1" wizard="1" developer="1"
xmlns:samba="http://samba.org/common">
<listitem>
<para>By specifying the name of another SMB server (such
as a WinNT box) with this option, and using <command moreinfo="none">security = domain
</command> or <command moreinfo="none">security = server</command> you can get Samba
to do all its username/password validation via a remote server.</para>
<para>By specifying the name of another SMB server
or Active Directory domain controller with this option,
and using <command moreinfo="none">security = [ads|domain|server]</command>
it is possible to get Samba to
to do all its username/password validation using a specific remote server.</para>
<para>This option sets the name of the password server to use.
It must be a NetBIOS name, so if the machine's NetBIOS name is
different from its Internet name then you may have to add its NetBIOS
name to the lmhosts file which is stored in the same directory
as the <filename moreinfo="none">smb.conf</filename> file.</para>
<para>This option sets the name or IP address of the password server to use.
New syntax has been added to support defining the port to use when connecting
to the server the case of an ADS realm. To define a port other than the
default LDAP port of 389, add the port number using a colon after the
name or IP address (e.g. 192.168.1.100:389). If you do not specify a port,
Samba will use the standard LDAP port of tcp/389. Note that port numbers
have no effect on password servers for Windows NT 4.0 domains or netbios
connections.</para>
<para>The name of the password server is looked up using the
<para>If parameter is a name, it is looked up using the
parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name
resolve order</parameter></link> and so may resolved
by any method and order described in that parameter.</para>
@ -38,14 +42,14 @@
trust your clients, and you had better restrict them with hosts allow!</para>
<para>If the <parameter moreinfo="none">security</parameter> parameter is set to
<constant>domain</constant>, then the list of machines in this
<constant>domain</constant> or <constant>ads</constant>, then the list of machines in this
option must be a list of Primary or Backup Domain controllers for the
Domain or the character '*', as the Samba server is effectively
in that domain, and will use cryptographically authenticated RPC calls
to authenticate the user logging on. The advantage of using <command moreinfo="none">
security = domain</command> is that if you list several hosts in the
<parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
</command> will try each in turn till it finds one that responds. This
</command> will try each in turn till it finds one that responds. This
is useful in case your primary server goes down.</para>
<para>If the <parameter moreinfo="none">password server</parameter> option is set
@ -55,7 +59,7 @@
and then contacting each server returned in the list of IP
addresses from the name resolution source. </para>
<para>If the list of servers contains both names and the '*'
<para>If the list of servers contains both names/IP's and the '*'
character, the list is treated as a list of preferred
domain controllers, but an auto lookup of all remaining DC's
will be added to the list as well. Samba will not attempt to optimize
@ -93,6 +97,8 @@
<para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, *</command></para>
<para>Example: <command moreinfo="none">password server = windc.mydomain.com:389 192.168.1.101 *</command></para>
<para>Example: <command moreinfo="none">password server = *</command></para>
</listitem>
</samba:parameter>