1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/docs-xml/smbdotconf/security/passwordserver.xml
Ralph Boehme 24905ba82d docs-xml: remove explicit "constant"
The constant mark applied to types "string" and "ustring". The previous patches
in this patchset already markes all string options as either constant or
substituted, but it's still possible to add options or change existing ones to
be neither constant nor substituted.

In order to enforce strings to be either constant or substitued, remove the
explicit constant marker. Instead, any option that is not marked as substituted
is implicitly made constant.

This patch doesn't change behaviour and all generated files are the same before
and after this change.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-11-27 10:25:37 +00:00

47 lines
2.3 KiB
XML

<samba:parameter name="password server"
context="G"
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>By specifying the name of a domain controller with this option,
and using <command moreinfo="none">security = [ads|domain]</command>
it is possible to get Samba
to do all its username/password validation using a specific remote server.</para>
<para>Ideally, this option
<emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
to determine the best DC to contact dynamically, just as all other hosts in an
AD domain do. This allows the domain to be maintained (addition
and removal of domain controllers) without modification to
the smb.conf file. The cryptographic protection on the authenticated RPC calls
used to verify passwords ensures that this default is safe.</para>
<para><emphasis>It is strongly recommended that you use the
default of '*'</emphasis>, however if in your particular
environment you have reason to specify a particular DC list, then
the list of machines in this option must be a list of names or IP
addresses of Domain controllers for the Domain. If you use the
default of '*', or list several hosts in the <parameter
moreinfo="none">password server</parameter> option then <command
moreinfo="none">smbd </command> will try each in turn till it
finds one that responds. This is useful in case your primary
server goes down.</para>
<para>If the list of servers contains both names/IP's and the '*'
character, the list is treated as a list of preferred
domain controllers, but an auto lookup of all remaining DC's
will be added to the list as well. Samba will not attempt to optimize
this list by locating the closest DC.</para>
<para>If parameter is a name, it is looked up using the
parameter <smbconfoption name="name resolve order"/> and so may resolved
by any method and order described in that parameter.</para>
</description>
<related>security</related>
<value type="default">*</value>
<value type="example">NT-PDC, NT-BDC1, NT-BDC2, *</value>
<value type="example">windc.mydomain.com:389 192.168.1.101 *</value>
</samba:parameter>