From bec3bd8f5863b044bca64b38ff037224bb652211 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 23 Nov 2004 18:03:33 +0000 Subject: [PATCH] Fixes and updates. --- docs/Samba-Guide/Chap07-2000UserNetwork.xml | 26 ++++++++++++++++++- docs/Samba-HOWTO-Collection/Group-Mapping.xml | 8 +++++- docs/Samba-HOWTO-Collection/ServerType.xml | 5 ---- docs/smbdotconf/logon/logonpath.xml | 4 +++ docs/smbdotconf/security/encryptpasswords.xml | 18 ++++++++++++- docs/smbdotconf/tuning/hostnamelookups.xml | 4 +-- 6 files changed, 55 insertions(+), 10 deletions(-) diff --git a/docs/Samba-Guide/Chap07-2000UserNetwork.xml b/docs/Samba-Guide/Chap07-2000UserNetwork.xml index fbcf10e02f2..e523751c270 100644 --- a/docs/Samba-Guide/Chap07-2000UserNetwork.xml +++ b/docs/Samba-Guide/Chap07-2000UserNetwork.xml @@ -899,6 +899,31 @@ passdb backend = ldapsam:ldap://master.abmas.biz \ matches the content of . + + Create a file called admin-accts.ldif with the following contents: + +dn: cn=updateuser,dc=abmas,dc=biz +objectClass: person +cn: updateuser +sn: updateuser +userpaddword: not24get + +dn: cn=sambaadmin,dc=abmas,dc=biz +objectClass: person +cn: sambaadmin +sn: sambaadmin +userpaddword: buttercup + + + + + Add an account called updateuser to the master LDAP server + as shown here: + +&rootprompt; slapadd -v -l admin-accts.ldif + + + LDIF @@ -1112,7 +1137,6 @@ access to * updatedn cn=updateuser,dc=abmas,dc=biz updateref ldap://massive.abmas.biz -replogfile /var/lib/ldap/replogfile directory /var/lib/ldap diff --git a/docs/Samba-HOWTO-Collection/Group-Mapping.xml b/docs/Samba-HOWTO-Collection/Group-Mapping.xml index eb8a68aa13d..278886092fb 100644 --- a/docs/Samba-HOWTO-Collection/Group-Mapping.xml +++ b/docs/Samba-HOWTO-Collection/Group-Mapping.xml @@ -477,8 +477,14 @@ Domain Guests (S-1-5-21-2547222302-1596225915-2414751004-514) -> domguest Sample &smb.conf; Add Group Script + smbgrpadd.sh + groupadd limitations A script to create complying group names for use by the Samba group interfaces - is provided in smbgrpadd.sh. + is provided in smbgrpadd.sh. This script will + add a temporary entry in the /etc/group file and then rename + it to to the desired name. This is an example of a method to get around operating + system maintenance tool limititations such as that present in some version of the + groupadd tool. smbgrpadd.sh diff --git a/docs/Samba-HOWTO-Collection/ServerType.xml b/docs/Samba-HOWTO-Collection/ServerType.xml index 8efebcb6c90..042303a3379 100644 --- a/docs/Samba-HOWTO-Collection/ServerType.xml +++ b/docs/Samba-HOWTO-Collection/ServerType.xml @@ -260,11 +260,6 @@ The &smb.conf; parameter that sets Share Level security is: securityshare - -There are reports that recent MS Windows clients do not like to work -with share mode security servers. You are strongly discouraged from using Share Level security. - - diff --git a/docs/smbdotconf/logon/logonpath.xml b/docs/smbdotconf/logon/logonpath.xml index b7c53b7011f..4cd04055c5d 100644 --- a/docs/smbdotconf/logon/logonpath.xml +++ b/docs/smbdotconf/logon/logonpath.xml @@ -40,6 +40,10 @@ This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. + + Do not quote the value. Setting this as \\%N\profile\%U + will break profile handling. + Note that this option is only useful if Samba is set up as a logon server. diff --git a/docs/smbdotconf/security/encryptpasswords.xml b/docs/smbdotconf/security/encryptpasswords.xml index 70ee97ee0ae..7c7ef2fcfef 100644 --- a/docs/smbdotconf/security/encryptpasswords.xml +++ b/docs/smbdotconf/security/encryptpasswords.xml @@ -8,7 +8,23 @@ will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed. To use encrypted passwords in - Samba see the chapter "User Database" in the Samba HOWTO Collection. + Samba see the chapter "User Database" in the Samba HOWTO Collection. + + + + MS Windows clients that expect Microsoft encrypted passwords and that + do not have plain text password support enabled will be able to + connect only to a Samba server that has encypted password support + enabled and for which the user accounts have a valid encrypted password. + Refer to the smbpasswd command man page for information regarding the + creation of encrypted passwords for user accounts. + + + + The use of plain text passwords is NOT advised as support for this feature + is no longer maintained in Microsoft Windows products. If you want to use + plain text passwords you must set this parameter to no. + In order for encrypted passwords to work correctly smbd diff --git a/docs/smbdotconf/tuning/hostnamelookups.xml b/docs/smbdotconf/tuning/hostnamelookups.xml index 20fd98ce309..890d25e4d9e 100644 --- a/docs/smbdotconf/tuning/hostnamelookups.xml +++ b/docs/smbdotconf/tuning/hostnamelookups.xml @@ -11,6 +11,6 @@ -yes -no +no +yes