diff options
author | John Terpstra <jht@samba.org> | 2003-05-11 19:57:51 +0000 |
---|---|---|
committer | John Terpstra <jht@samba.org> | 2003-05-11 19:57:51 +0000 |
commit | 03589cf994e91a06a44e528d5864f2c85bcf8bef (patch) | |
tree | 214d688dba0907cb069107d7f47b5ce5ad312816 | |
parent | 0710bab071ddb589da65cc9f9674a7b8bfadd360 (diff) | |
download | samba-03589cf994e91a06a44e528d5864f2c85bcf8bef.tar.gz samba-03589cf994e91a06a44e528d5864f2c85bcf8bef.tar.bz2 samba-03589cf994e91a06a44e528d5864f2c85bcf8bef.zip |
Rolling in VL's changes.
(This used to be commit 02244dac83623dabe927f79780cf4b7313022495)
-rw-r--r-- | docs/docbook/projdoc/ServerType.xml | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/docs/docbook/projdoc/ServerType.xml b/docs/docbook/projdoc/ServerType.xml index 73c7d05212..ecfeb41735 100644 --- a/docs/docbook/projdoc/ServerType.xml +++ b/docs/docbook/projdoc/ServerType.xml @@ -342,17 +342,21 @@ in this HOWTO collection. <title>ADS Security Mode (User Level Security)</title> <para> -Samba-2.2.x could join and Active Directory domain so long as the Active Directory domain -controller is configured for mixed mode operation, and is running NetBIOS over TCP/IP. MS -Windows 2000 and later can be configured to run without NetBIOS over TCP/IP, instead it -can run SMB natively over TCP/IP. +Both Samba 2.2 and 3.0 can join an active directory domain. This is +possible even if the domain is run in native mode. Active Directory in +native mode perfectly allows NT4-style domain members, contrary to +popular belief. The only thing that Active Directory in native mode +prohibits is Backup Domain Controllers running NT4. </para> <para> -The ability to natively join an Active Directory domain requires the use of Kerberos -based authentication. The Kerberos protocols have been extended by Microsoft so that -a plain MIT Kerberos, or a Heimdal client is not sufficient. Samba-3 now has the ability -to be a native Active Directory member server. +If you are running Active Directory starting with Samba 3.0 you can +however join as a native AD member. Why would you want to do that? +Your security policy might prohibit the use of NT-compatible +authentication protocols. All your machines are running Windows 2000 +and above and all use full Kerberos. In this case Samba as a NT4-style +domain would still require NT-compatible authentication data. Samba in +AD-member mode can accept Kerberos. </para> <sect3> |