diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2003-03-31 21:42:19 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2003-03-31 21:42:19 +0000 |
commit | 5130e1468e2028613a9f5369237db25b091fd548 (patch) | |
tree | 2f47b35421dff868470808982eb4227eedb6478c /docs/docbook/projdoc | |
parent | a219ba5ab23d6d0f52e87f005d1c88e562875e54 (diff) | |
download | samba-5130e1468e2028613a9f5369237db25b091fd548.tar.gz samba-5130e1468e2028613a9f5369237db25b091fd548.tar.bz2 samba-5130e1468e2028613a9f5369237db25b091fd548.zip |
More doc updates:
- Move information about compiling with ADS support to appendix about compiling
- Make DOMAIN_MEMBER NT4-domain only (because current ADS info was incomplete and becoming an ADS domain member is documented more properly in ADS-HOWTO)
(This used to be commit efe3dd876ac61af0abc46539369860216eeca79b)
Diffstat (limited to 'docs/docbook/projdoc')
-rw-r--r-- | docs/docbook/projdoc/ADS-HOWTO.sgml | 76 | ||||
-rw-r--r-- | docs/docbook/projdoc/Compiling.sgml | 58 | ||||
-rw-r--r-- | docs/docbook/projdoc/DOMAIN_MEMBER.sgml | 23 |
3 files changed, 71 insertions, 86 deletions
diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 887ecd74c2..a98fe14e31 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -14,67 +14,10 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again Windows2000 KDC. </para> -<para>Pieces you need before you begin:</para> -<para> -<simplelist> -<member>a Windows 2000 server.</member> -<member>samba 3.0 or higher.</member> -<member>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</member> -<member>the OpenLDAP development libraries.</member> -</simplelist> -</para> - -<sect1> -<title>Installing the required packages for Debian</title> - -<para>On Debian you need to install the following packages:</para> -<para> -<simplelist> -<member>libkrb5-dev</member> -<member>krb5-user</member> -</simplelist> -</para> -</sect1> - -<sect1> -<title>Installing the required packages for RedHat</title> - -<para>On RedHat this means you should have at least: </para> -<para> -<simplelist> -<member>krb5-workstation (for kinit)</member> -<member>krb5-libs (for linking with)</member> -<member>krb5-devel (because you are compiling from source)</member> -</simplelist> -</para> - -<para>in addition to the standard development environment.</para> - -<para>Note that these are not standard on a RedHat install, and you may need -to get them off CD2.</para> - -</sect1> - <sect1> -<title>Compile Samba</title> -<para>If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR.</para> +<title>Setup your <filename>smb.conf</filename></title> -<para>After you run configure make sure that include/config.h it - generates contains - lines like this:</para> - -<para><programlisting> -#define HAVE_KRB5 1 -#define HAVE_LDAP 1 -</programlisting></para> - -<para>If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it.</para> - -<para>Then compile and install Samba as usual. You must use at least the - following 3 options in smb.conf:</para> +<para>You must use at least the following 3 options in smb.conf:</para> <para><programlisting> realm = YOUR.KERBEROS.REALM @@ -93,13 +36,13 @@ In case samba can't figure out your ads server using your realm name, use the <para>You do *not* need a smbpasswd file, and older clients will be authenticated as if "security = domain", although it won't do any harm and allows you to have local users not in the domain. - I expect that the above - required options will change soon when we get better active - directory integration.</para> -</sect1> + I expect that the above required options will change soon when we get better + active directory integration.</para> +</sect1> + <sect1> -<title>Setup your /etc/krb5.conf</title> +<title>Setup your <filename>/etc/krb5.conf</filename></title> <para>The minimal configuration for krb5.conf is:</para> @@ -187,12 +130,11 @@ specify the -k option to choose kerberos authentication. <sect1> <title>Notes</title> -<para>You must change administrator password at least once after DC install, - to create the right encoding types</para> +<para>You must change administrator password at least once after DC +install, to create the right encoding types</para> <para>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in their defaults DNS setup. Maybe fixed in service packs?</para> - </sect1> </chapter> diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index 49aafebec0..ac98f34a32 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -217,6 +217,64 @@ on this system just substitute the correct package name </userinput></para> <para>if you find this version a disaster!</para> + + <sect2> + <title>Compiling samba with Active Directory support</title> + + <para>In order to compile samba with ADS support, you need to have installed + on your system: + <simplelist> + <member>the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work.</member> + <member>the OpenLDAP development libraries.</member> + </simplelist> + + <para>If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR.</para> + + <para>After you run configure make sure that <filename>include/config.h</filename> it generates contains lines like this:</para> + + <para><programlisting> +#define HAVE_KRB5 1 +#define HAVE_LDAP 1 + </programlisting></para> + + <para>If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it.</para> + + <sect3> + <title>Installing the required packages for Debian</title> + + <para>On Debian you need to install the following packages:</para> + <para> + <simplelist> + <member>libkrb5-dev</member> + <member>krb5-user</member> + </simplelist> + </para> + </sect3> + + <sect3> + <title>Installing the required packages for RedHat</title> + + <para>On RedHat this means you should have at least: </para> + <para> + <simplelist> + <member>krb5-workstation (for kinit)</member> + <member>krb5-libs (for linking with)</member> + <member>krb5-devel (because you are compiling from source)</member> + </simplelist> + </para> + + <para>in addition to the standard development environment.</para> + + <para>Note that these are not standard on a RedHat install, and you may need + to get them off CD2.</para> + + </sect3> + + </sect2> + </sect1> <sect1> diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index b178bfd2c2..8ac3520384 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -45,9 +45,7 @@ <parameter>security =</parameter></ulink> line in the [global] section of your smb.conf to read:</para> - <para><command>security = domain</command> or - <command>security = ads</command> depending on if the PDC is - NT4 or running Active Directory respectivly.</para> + <para><command>security = domain</command></para> <para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter> workgroup =</parameter></ulink> line in the [global] section to read: </para> @@ -86,7 +84,7 @@ <para>In order to actually join the domain, you must run this command:</para> - <para><prompt>root# </prompt><userinput>net join -S DOMPDC + <para><prompt>root# </prompt><userinput>net rpc join -S DOMPDC -U<replaceable>Administrator%password</replaceable></userinput></para> <para>as we are joining the domain DOM and the PDC for that domain @@ -124,19 +122,6 @@ </sect1> <sect1> -<title>Samba and Windows 2000 Domains</title> -<!-- FIXME: this section is partly obsoleted - jelmer@samba.org --> - -<para> -Many people have asked regarding the state of Samba's ability to participate in -a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode. The steps above apply -to both NT4 and Windows 2000. -</para> - -</sect1> - -<sect1> <title>Why is this better than security = server?</title> <para>Currently, domain security in Samba doesn't free you from @@ -178,11 +163,11 @@ to both NT4 and Windows 2000. reply, the Samba server gets the user identification information such as the user SID, the list of NT groups the user belongs to, etc. </para> - <para><emphasis>NOTE:</emphasis> Much of the text of this document + <note><para> Much of the text of this document was first published in the Web magazine <ulink url="http://www.linuxworld.com"> LinuxWorld</ulink> as the article <ulink url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html">Doing - the NIS/NT Samba</ulink>.</para> + the NIS/NT Samba</ulink>.</para></note> </sect1> |