summaryrefslogtreecommitdiff
path: root/docs/docbook/projdoc
diff options
context:
space:
mode:
authorJelmer Vernooij <jelmer@samba.org>2003-03-31 21:42:19 +0000
committerJelmer Vernooij <jelmer@samba.org>2003-03-31 21:42:19 +0000
commit5130e1468e2028613a9f5369237db25b091fd548 (patch)
tree2f47b35421dff868470808982eb4227eedb6478c /docs/docbook/projdoc
parenta219ba5ab23d6d0f52e87f005d1c88e562875e54 (diff)
downloadsamba-5130e1468e2028613a9f5369237db25b091fd548.tar.gz
samba-5130e1468e2028613a9f5369237db25b091fd548.tar.bz2
samba-5130e1468e2028613a9f5369237db25b091fd548.zip
More doc updates:
- Move information about compiling with ADS support to appendix about compiling - Make DOMAIN_MEMBER NT4-domain only (because current ADS info was incomplete and becoming an ADS domain member is documented more properly in ADS-HOWTO) (This used to be commit efe3dd876ac61af0abc46539369860216eeca79b)
Diffstat (limited to 'docs/docbook/projdoc')
-rw-r--r--docs/docbook/projdoc/ADS-HOWTO.sgml76
-rw-r--r--docs/docbook/projdoc/Compiling.sgml58
-rw-r--r--docs/docbook/projdoc/DOMAIN_MEMBER.sgml23
3 files changed, 71 insertions, 86 deletions
diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml
index 887ecd74c2..a98fe14e31 100644
--- a/docs/docbook/projdoc/ADS-HOWTO.sgml
+++ b/docs/docbook/projdoc/ADS-HOWTO.sgml
@@ -14,67 +14,10 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again
Windows2000 KDC.
</para>
-<para>Pieces you need before you begin:</para>
-<para>
-<simplelist>
-<member>a Windows 2000 server.</member>
-<member>samba 3.0 or higher.</member>
-<member>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</member>
-<member>the OpenLDAP development libraries.</member>
-</simplelist>
-</para>
-
-<sect1>
-<title>Installing the required packages for Debian</title>
-
-<para>On Debian you need to install the following packages:</para>
-<para>
-<simplelist>
-<member>libkrb5-dev</member>
-<member>krb5-user</member>
-</simplelist>
-</para>
-</sect1>
-
-<sect1>
-<title>Installing the required packages for RedHat</title>
-
-<para>On RedHat this means you should have at least: </para>
-<para>
-<simplelist>
-<member>krb5-workstation (for kinit)</member>
-<member>krb5-libs (for linking with)</member>
-<member>krb5-devel (because you are compiling from source)</member>
-</simplelist>
-</para>
-
-<para>in addition to the standard development environment.</para>
-
-<para>Note that these are not standard on a RedHat install, and you may need
-to get them off CD2.</para>
-
-</sect1>
-
<sect1>
-<title>Compile Samba</title>
-<para>If your kerberos libraries are in a non-standard location then
- remember to add the configure option --with-krb5=DIR.</para>
+<title>Setup your <filename>smb.conf</filename></title>
-<para>After you run configure make sure that include/config.h it
- generates contains
- lines like this:</para>
-
-<para><programlisting>
-#define HAVE_KRB5 1
-#define HAVE_LDAP 1
-</programlisting></para>
-
-<para>If it doesn't then configure did not find your krb5 libraries or
- your ldap libraries. Look in config.log to figure out why and fix
- it.</para>
-
-<para>Then compile and install Samba as usual. You must use at least the
- following 3 options in smb.conf:</para>
+<para>You must use at least the following 3 options in smb.conf:</para>
<para><programlisting>
realm = YOUR.KERBEROS.REALM
@@ -93,13 +36,13 @@ In case samba can't figure out your ads server using your realm name, use the
<para>You do *not* need a smbpasswd file, and older clients will
be authenticated as if "security = domain", although it won't do any harm
and allows you to have local users not in the domain.
- I expect that the above
- required options will change soon when we get better active
- directory integration.</para>
-</sect1>
+ I expect that the above required options will change soon when we get better
+ active directory integration.</para>
+</sect1>
+
<sect1>
-<title>Setup your /etc/krb5.conf</title>
+<title>Setup your <filename>/etc/krb5.conf</filename></title>
<para>The minimal configuration for krb5.conf is:</para>
@@ -187,12 +130,11 @@ specify the -k option to choose kerberos authentication.
<sect1>
<title>Notes</title>
-<para>You must change administrator password at least once after DC install,
- to create the right encoding types</para>
+<para>You must change administrator password at least once after DC
+install, to create the right encoding types</para>
<para>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in
their defaults DNS setup. Maybe fixed in service packs?</para>
-
</sect1>
</chapter>
diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml
index 49aafebec0..ac98f34a32 100644
--- a/docs/docbook/projdoc/Compiling.sgml
+++ b/docs/docbook/projdoc/Compiling.sgml
@@ -217,6 +217,64 @@ on this system just substitute the correct package name
</userinput></para>
<para>if you find this version a disaster!</para>
+
+ <sect2>
+ <title>Compiling samba with Active Directory support</title>
+
+ <para>In order to compile samba with ADS support, you need to have installed
+ on your system:
+ <simplelist>
+ <member>the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work.</member>
+ <member>the OpenLDAP development libraries.</member>
+ </simplelist>
+
+ <para>If your kerberos libraries are in a non-standard location then
+ remember to add the configure option --with-krb5=DIR.</para>
+
+ <para>After you run configure make sure that <filename>include/config.h</filename> it generates contains lines like this:</para>
+
+ <para><programlisting>
+#define HAVE_KRB5 1
+#define HAVE_LDAP 1
+ </programlisting></para>
+
+ <para>If it doesn't then configure did not find your krb5 libraries or
+ your ldap libraries. Look in config.log to figure out why and fix
+ it.</para>
+
+ <sect3>
+ <title>Installing the required packages for Debian</title>
+
+ <para>On Debian you need to install the following packages:</para>
+ <para>
+ <simplelist>
+ <member>libkrb5-dev</member>
+ <member>krb5-user</member>
+ </simplelist>
+ </para>
+ </sect3>
+
+ <sect3>
+ <title>Installing the required packages for RedHat</title>
+
+ <para>On RedHat this means you should have at least: </para>
+ <para>
+ <simplelist>
+ <member>krb5-workstation (for kinit)</member>
+ <member>krb5-libs (for linking with)</member>
+ <member>krb5-devel (because you are compiling from source)</member>
+ </simplelist>
+ </para>
+
+ <para>in addition to the standard development environment.</para>
+
+ <para>Note that these are not standard on a RedHat install, and you may need
+ to get them off CD2.</para>
+
+ </sect3>
+
+ </sect2>
+
</sect1>
<sect1>
diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
index b178bfd2c2..8ac3520384 100644
--- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
+++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml
@@ -45,9 +45,7 @@
<parameter>security =</parameter></ulink> line in the [global] section
of your smb.conf to read:</para>
- <para><command>security = domain</command> or
- <command>security = ads</command> depending on if the PDC is
- NT4 or running Active Directory respectivly.</para>
+ <para><command>security = domain</command></para>
<para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter>
workgroup =</parameter></ulink> line in the [global] section to read: </para>
@@ -86,7 +84,7 @@
<para>In order to actually join the domain, you must run this
command:</para>
- <para><prompt>root# </prompt><userinput>net join -S DOMPDC
+ <para><prompt>root# </prompt><userinput>net rpc join -S DOMPDC
-U<replaceable>Administrator%password</replaceable></userinput></para>
<para>as we are joining the domain DOM and the PDC for that domain
@@ -124,19 +122,6 @@
</sect1>
<sect1>
-<title>Samba and Windows 2000 Domains</title>
-<!-- FIXME: this section is partly obsoleted - jelmer@samba.org -->
-
-<para>
-Many people have asked regarding the state of Samba's ability to participate in
-a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows
-2000 domain operating in mixed or native mode. The steps above apply
-to both NT4 and Windows 2000.
-</para>
-
-</sect1>
-
-<sect1>
<title>Why is this better than security = server?</title>
<para>Currently, domain security in Samba doesn't free you from
@@ -178,11 +163,11 @@ to both NT4 and Windows 2000.
reply, the Samba server gets the user identification information such
as the user SID, the list of NT groups the user belongs to, etc. </para>
- <para><emphasis>NOTE:</emphasis> Much of the text of this document
+ <note><para> Much of the text of this document
was first published in the Web magazine <ulink url="http://www.linuxworld.com">
LinuxWorld</ulink> as the article <ulink
url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html">Doing
- the NIS/NT Samba</ulink>.</para>
+ the NIS/NT Samba</ulink>.</para></note>
</sect1>