summaryrefslogtreecommitdiff
path: root/docs-xml/smbdotconf/security
diff options
context:
space:
mode:
authorSteven Danneman <steven.danneman@isilon.com>2009-05-22 16:57:52 -0700
committerSteven Danneman <steven.danneman@isilon.com>2009-05-26 19:43:40 -0700
commit6d91ac2a646ae47d359914503030cab51b2c9d16 (patch)
tree7d8485b3afe740dcefe07a934db9d730a3153e62 /docs-xml/smbdotconf/security
parent5264ad627d59e0f2cb03cb3bdd3baf8943d7fa5b (diff)
downloadsamba-6d91ac2a646ae47d359914503030cab51b2c9d16.tar.gz
samba-6d91ac2a646ae47d359914503030cab51b2c9d16.tar.bz2
samba-6d91ac2a646ae47d359914503030cab51b2c9d16.zip
s3/docs Add manpage for "map untrusted to domain" parameter
This fixes bug 6352.
Diffstat (limited to 'docs-xml/smbdotconf/security')
-rw-r--r--docs-xml/smbdotconf/security/mapuntrustedtodomain.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
new file mode 100644
index 0000000000..bcf65e6eb6
--- /dev/null
+++ b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="map untrusted to domain"
+ context="G"
+ type="boolean"
+ advanced="1"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ If a client connects to smbd using an untrusted domain name, such as
+ BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
+ attempting to authenticate that user. In the case where smbd is acting as
+ a PDC this will be DOMAIN\user. In the case where smbd is acting as a
+ domain member server or a standalone server this will be WORKSTATION\user.
+ </para>
+
+ <para>
+ In previous versions of Samba (pre 3.4), if smbd was acting as a domain
+ member server, the BOGUS domain name would instead be replaced by the
+ primary domain which smbd was a member of. In this case authentication
+ would be deferred off to a DC using the credentials DOMAIN\user.
+ </para>
+
+ <para>
+ When this parameter is set to <constant>yes</constant> smbd provides the
+ legacy behavior of mapping untrusted domain names to the primary domain.
+ When smbd is not acting as a domain member server, this parameter has no
+ effect.
+ </para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>