diff options
| author | John Terpstra <jht@samba.org> | 2003-04-05 07:42:29 +0000 |
|---|---|---|
| committer | John Terpstra <jht@samba.org> | 2003-04-05 07:42:29 +0000 |
| commit | 50c54ae56f8e50efcdcf72b54b9aeef6201499ac (patch) | |
| tree | a2fc922af925da96528a5c79485b275a04ed3116 /docs/docbook/projdoc/ADS-HOWTO.sgml | |
| parent | dfa7c87a189529ac77a0308a4f98e3a3a9129c44 (diff) | |
| download | samba-50c54ae56f8e50efcdcf72b54b9aeef6201499ac.tar.gz samba-50c54ae56f8e50efcdcf72b54b9aeef6201499ac.tar.bz2 samba-50c54ae56f8e50efcdcf72b54b9aeef6201499ac.zip | |
Merging HEAD to 3.0.0
(This used to be commit 0160a8c1ea1aefbbbaaeeccb8f3ab3487d588df2)
Diffstat (limited to 'docs/docbook/projdoc/ADS-HOWTO.sgml')
| -rw-r--r-- | docs/docbook/projdoc/ADS-HOWTO.sgml | 45 |
1 files changed, 24 insertions, 21 deletions
diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index a98fe14e31..5e93c62876 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -1,10 +1,9 @@ <chapter id="ADS"> <chapterinfo> - <author> - <firstname>Andrew</firstname><surname>Tridgell</surname> - </author> - <pubdate>2002</pubdate> + &author.tridge; + &author.jelmer; + <pubdate>2002/2003</pubdate> </chapterinfo> <title>Samba as a ADS domain member</title> @@ -33,18 +32,19 @@ In case samba can't figure out your ads server using your realm name, use the </programlisting> </para> -<para>You do *not* need a smbpasswd file, and older clients will - be authenticated as if "security = domain", although it won't do any harm +<note><para>You do *not* need a smbpasswd file, and older clients will + be authenticated as if <command>security = domain</command>, + although it won't do any harm and allows you to have local users not in the domain. I expect that the above required options will change soon when we get better - active directory integration.</para> + active directory integration.</para></note> </sect1> <sect1> <title>Setup your <filename>/etc/krb5.conf</filename></title> -<para>The minimal configuration for krb5.conf is:</para> +<para>The minimal configuration for <filename>krb5.conf</filename> is:</para> <para><programlisting> [realms] @@ -53,10 +53,10 @@ In case samba can't figure out your ads server using your realm name, use the } </programlisting></para> -<para>Test your config by doing a "kinit USERNAME@REALM" and making sure that +<para>Test your config by doing a <userinput>kinit <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput> and making sure that your password is accepted by the Win2000 KDC. </para> -<para>NOTE: The realm must be uppercase. </para> +<note><para>The realm must be uppercase. </para></note> <para> You also must ensure that you can do a reverse DNS lookup on the IP @@ -67,27 +67,30 @@ followed by the realm. </para> <para> -The easiest way to ensure you get this right is to add a /etc/hosts -entry mapping the IP address of your KDC to its netbios name. If you -don't get this right then you will get a "local error" when you try -to join the realm. +The easiest way to ensure you get this right is to add a +<filename>/etc/hosts</filename> entry mapping the IP address of your KDC to +its netbios name. If you don't get this right then you will get a +"local error" when you try to join the realm. </para> <para> If all you want is kerberos support in smbclient then you can skip -straight to step 5 now. Step 3 is only needed if you want kerberos +straight to <link linkend="ads-test-smbclient">Test with smbclient</link> now. +<link linkend="ads-create-machine-account">Creating a computer account</link> +and <link linkend="ads-test-server">testing your servers</link> +is only needed if you want kerberos support for smbd and winbindd. </para> </sect1> -<sect1> +<sect1 id="ads-create-machine-account"> <title>Create the computer account</title> <para> As a user that has write permission on the Samba private directory (usually root) run: -<command>net ads join</command> +<userinput>net ads join</userinput> </para> <sect2> @@ -104,19 +107,19 @@ As a user that has write permission on the Samba private directory </sect1> -<sect1> +<sect1 id="ads-test-server"> <title>Test your server setup</title> <para> -On a Windows 2000 client try <command>net use * \\server\share</command>. You should +On a Windows 2000 client try <userinput>net use * \\server\share</userinput>. You should be logged in with kerberos without needing to know a password. If -this fails then run <command>klist tickets</command>. Did you get a ticket for the +this fails then run <userinput>klist tickets</userinput>. Did you get a ticket for the server? Does it have an encoding type of DES-CBC-MD5 ? </para> </sect1> -<sect1> +<sect1 id="ads-test-smbclient"> <title>Testing with smbclient</title> <para> |