mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
being a responsible developer for a change. Make sure to
update the docs wrt to the recent code changes. Can someone regenerate these in the SAMBA_3_0 tree please? Thanks.
This commit is contained in:
parent
1bd76a320e
commit
ba448e6eb8
@ -1,15 +0,0 @@
|
|||||||
<samba:parameter name="ads server"
|
|
||||||
context="G"
|
|
||||||
basic="1" advanced="1" wizard="1" developer="1"
|
|
||||||
xmlns:samba="http://samba.org/common">
|
|
||||||
<listitem>
|
|
||||||
<para>If this option is specified, samba does not try to figure out what
|
|
||||||
ads server to use itself, but uses the specified ads server. Either one
|
|
||||||
DNS name or IP address can be used.</para>
|
|
||||||
|
|
||||||
<para>Default: <command moreinfo="none">ads server = </command></para>
|
|
||||||
|
|
||||||
<para>Example: <command moreinfo="none">ads server = 192.168.1.2</command></para>
|
|
||||||
</listitem>
|
|
||||||
|
|
||||||
</samba:parameter>
|
|
@ -5,7 +5,8 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para>This option is used by the programs in the Samba
|
<para>This option is used by the programs in the Samba
|
||||||
suite to determine what naming services to use and in what order
|
suite to determine what naming services to use and in what order
|
||||||
to resolve host names to IP addresses. The option takes a space
|
to resolve host names to IP addresses. Its main purpose to is to
|
||||||
|
control how netbios name resolution is performed. The option takes a space
|
||||||
separated string of name resolution options.</para>
|
separated string of name resolution options.</para>
|
||||||
|
|
||||||
<para>The options are: "lmhosts", "host",
|
<para>The options are: "lmhosts", "host",
|
||||||
@ -16,7 +17,8 @@
|
|||||||
<listitem>
|
<listitem>
|
||||||
<para><constant>lmhosts</constant> : Lookup an IP
|
<para><constant>lmhosts</constant> : Lookup an IP
|
||||||
address in the Samba lmhosts file. If the line in lmhosts has
|
address in the Samba lmhosts file. If the line in lmhosts has
|
||||||
no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
|
no name type attached to the NetBIOS name (see the <ulink
|
||||||
|
url="lmhosts.5.html">lmhosts(5)</ulink> for details) then
|
||||||
any name type matches for lookup.</para>
|
any name type matches for lookup.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
@ -26,9 +28,10 @@
|
|||||||
</filename>, NIS, or DNS lookups. This method of name resolution
|
</filename>, NIS, or DNS lookups. This method of name resolution
|
||||||
is operating system depended for instance on IRIX or Solaris this
|
is operating system depended for instance on IRIX or Solaris this
|
||||||
may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename>
|
may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename>
|
||||||
file. Note that this method is only used if the NetBIOS name
|
file. Note that this method is used only if the NetBIOS name
|
||||||
type being queried is the 0x20 (server) name type, otherwise
|
type being queried is the 0x20 (server) name type or 0x1c (domain controllers).
|
||||||
it is ignored.</para>
|
The latter case is only useful for active directory domains and results in a DNS
|
||||||
|
query for the SRV RR entry matching _ldap._tcp.domain.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -59,6 +62,9 @@
|
|||||||
it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para>
|
it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para>
|
||||||
|
|
||||||
<para><command moreinfo="none">name resolve order = wins bcast</command></para>
|
<para><command moreinfo="none">name resolve order = wins bcast</command></para>
|
||||||
|
|
||||||
|
<para>DC lookups will still be done via DNS, but fallbacks to netbios names will
|
||||||
|
not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</para>
|
||||||
|
|
||||||
</listitem>
|
</listitem>
|
||||||
</samba:parameter>
|
</samba:parameter>
|
||||||
|
@ -6,14 +6,24 @@
|
|||||||
<para>This option allows the administrator to chose what
|
<para>This option allows the administrator to chose what
|
||||||
authentication methods <command moreinfo="none">smbd</command> will use when authenticating
|
authentication methods <command moreinfo="none">smbd</command> will use when authenticating
|
||||||
a user. This option defaults to sensible values based on <link linkend="SECURITY">
|
a user. This option defaults to sensible values based on <link linkend="SECURITY">
|
||||||
<parameter moreinfo="none">security</parameter></link>.</para>
|
<parameter moreinfo="none">security</parameter></link>. This should be considered
|
||||||
|
a developer option and used only in rare circumstances. In the majority (if not all)
|
||||||
|
of production servers, the default setting should be adequate.</para>
|
||||||
|
|
||||||
<para>Each entry in the list attempts to authenticate the user in turn, until
|
<para>Each entry in the list attempts to authenticate the user in turn, until
|
||||||
the user authenticates. In practice only one method will ever actually
|
the user authenticates. In practice only one method will ever actually
|
||||||
be able to complete the authentication.
|
be able to complete the authentication.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
<para>Possible options include <constant>guest</constant> (anonymous access),
|
||||||
|
<constant>sam</constant> (lookups in local list of accounts based on netbios
|
||||||
|
name or domain name), <constant>winbind</constant> (relay authentication requests
|
||||||
|
for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd
|
||||||
|
method of authentication for remote domain users; deprecated in favour of winbind method),
|
||||||
|
<constant>trustdomain</constant> (authenticate trusted users by contacting the
|
||||||
|
remote DC directly from smbd; deprecated in favour of winbind method).</para>
|
||||||
|
|
||||||
<para>Default: <command moreinfo="none">auth methods = <empty string></command></para>
|
<para>Default: <command moreinfo="none">auth methods = <empty string></command></para>
|
||||||
<para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para>
|
<para>Example: <command moreinfo="none">auth methods = guest sam winbind</command></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</samba:parameter>
|
</samba:parameter>
|
||||||
|
@ -3,18 +3,22 @@
|
|||||||
advanced="1" wizard="1" developer="1"
|
advanced="1" wizard="1" developer="1"
|
||||||
xmlns:samba="http://samba.org/common">
|
xmlns:samba="http://samba.org/common">
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>By specifying the name of another SMB server (such
|
<para>By specifying the name of another SMB server
|
||||||
as a WinNT box) with this option, and using <command moreinfo="none">security = domain
|
or Active Directory domain controller with this option,
|
||||||
</command> or <command moreinfo="none">security = server</command> you can get Samba
|
and using <command moreinfo="none">security = [ads|domain|server]</command>
|
||||||
to do all its username/password validation via a remote server.</para>
|
it is possible to get Samba to
|
||||||
|
to do all its username/password validation using a specific remote server.</para>
|
||||||
|
|
||||||
<para>This option sets the name of the password server to use.
|
<para>This option sets the name or IP address of the password server to use.
|
||||||
It must be a NetBIOS name, so if the machine's NetBIOS name is
|
New syntax has been added to support defining the port to use when connecting
|
||||||
different from its Internet name then you may have to add its NetBIOS
|
to the server the case of an ADS realm. To define a port other than the
|
||||||
name to the lmhosts file which is stored in the same directory
|
default LDAP port of 389, add the port number using a colon after the
|
||||||
as the <filename moreinfo="none">smb.conf</filename> file.</para>
|
name or IP address (e.g. 192.168.1.100:389). If you do not specify a port,
|
||||||
|
Samba will use the standard LDAP port of tcp/389. Note that port numbers
|
||||||
|
have no effect on password servers for Windows NT 4.0 domains or netbios
|
||||||
|
connections.</para>
|
||||||
|
|
||||||
<para>The name of the password server is looked up using the
|
<para>If parameter is a name, it is looked up using the
|
||||||
parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name
|
parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name
|
||||||
resolve order</parameter></link> and so may resolved
|
resolve order</parameter></link> and so may resolved
|
||||||
by any method and order described in that parameter.</para>
|
by any method and order described in that parameter.</para>
|
||||||
@ -38,14 +42,14 @@
|
|||||||
trust your clients, and you had better restrict them with hosts allow!</para>
|
trust your clients, and you had better restrict them with hosts allow!</para>
|
||||||
|
|
||||||
<para>If the <parameter moreinfo="none">security</parameter> parameter is set to
|
<para>If the <parameter moreinfo="none">security</parameter> parameter is set to
|
||||||
<constant>domain</constant>, then the list of machines in this
|
<constant>domain</constant> or <constant>ads</constant>, then the list of machines in this
|
||||||
option must be a list of Primary or Backup Domain controllers for the
|
option must be a list of Primary or Backup Domain controllers for the
|
||||||
Domain or the character '*', as the Samba server is effectively
|
Domain or the character '*', as the Samba server is effectively
|
||||||
in that domain, and will use cryptographically authenticated RPC calls
|
in that domain, and will use cryptographically authenticated RPC calls
|
||||||
to authenticate the user logging on. The advantage of using <command moreinfo="none">
|
to authenticate the user logging on. The advantage of using <command moreinfo="none">
|
||||||
security = domain</command> is that if you list several hosts in the
|
security = domain</command> is that if you list several hosts in the
|
||||||
<parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
|
<parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd
|
||||||
</command> will try each in turn till it finds one that responds. This
|
</command> will try each in turn till it finds one that responds. This
|
||||||
is useful in case your primary server goes down.</para>
|
is useful in case your primary server goes down.</para>
|
||||||
|
|
||||||
<para>If the <parameter moreinfo="none">password server</parameter> option is set
|
<para>If the <parameter moreinfo="none">password server</parameter> option is set
|
||||||
@ -55,7 +59,7 @@
|
|||||||
and then contacting each server returned in the list of IP
|
and then contacting each server returned in the list of IP
|
||||||
addresses from the name resolution source. </para>
|
addresses from the name resolution source. </para>
|
||||||
|
|
||||||
<para>If the list of servers contains both names and the '*'
|
<para>If the list of servers contains both names/IP's and the '*'
|
||||||
character, the list is treated as a list of preferred
|
character, the list is treated as a list of preferred
|
||||||
domain controllers, but an auto lookup of all remaining DC's
|
domain controllers, but an auto lookup of all remaining DC's
|
||||||
will be added to the list as well. Samba will not attempt to optimize
|
will be added to the list as well. Samba will not attempt to optimize
|
||||||
@ -93,6 +97,8 @@
|
|||||||
|
|
||||||
<para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, *</command></para>
|
<para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, *</command></para>
|
||||||
|
|
||||||
|
<para>Example: <command moreinfo="none">password server = windc.mydomain.com:389 192.168.1.101 *</command></para>
|
||||||
|
|
||||||
<para>Example: <command moreinfo="none">password server = *</command></para>
|
<para>Example: <command moreinfo="none">password server = *</command></para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</samba:parameter>
|
</samba:parameter>
|
||||||
|
Loading…
Reference in New Issue
Block a user