summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/serverschannel.xml
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-04-04 15:21:04 +0000
committerVolker Lendecke <vlendec@samba.org>2003-04-04 15:21:04 +0000
commit02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b (patch)
tree099bc90dbf63fd218f7f6d45cf88223b172c0c34 /docs/docbook/smbdotconf/security/serverschannel.xml
parentd9613a1a3c37dca9f695b1361a0fd5d2b3f503cd (diff)
downloadsamba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.tar.gz
samba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.tar.bz2
samba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.zip
This is a merge of the NETLOGON schannel server code from Samba
TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG as I found out later :-) It adds a new parameter: server schannel = yes/auto/no defaulting to auto. What does this mean to the user: No requireSignOrSeal registry patch for XP anymore. Many thanks for this code to Luke Leighton, Elrond and anybody else I forgot to mention. My next thing will be to see if this applies cleanly to 3_0. Please test and comment! Volker (This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b)
Diffstat (limited to 'docs/docbook/smbdotconf/security/serverschannel.xml')
-rw-r--r--docs/docbook/smbdotconf/security/serverschannel.xml24
1 files changed, 24 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/security/serverschannel.xml b/docs/docbook/smbdotconf/security/serverschannel.xml
new file mode 100644
index 0000000000..05261fa417
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/serverschannel.xml
@@ -0,0 +1,24 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="SERVERSCHANNEL"/>server schannel (G)</term>
+ <listitem>
+
+ <para>This controls whether the server offers or even
+ demands the use of the netlogon schannel.
+ <parameter>server schannel = no</parameter> does not
+ offer the schannel, <parameter>server schannel =
+ auto</parameter> offers the schannel but does not
+ enforce it, and <parameter>server schannel =
+ yes</parameter> denies access if the client is not
+ able to speak netlogon schannel. This is only the case
+ for Windows NT4 before SP4.</para>
+
+ <para>Please note that with this set to
+ <parameter>no</parameter> you will have to apply the
+ WindowsXP requireSignOrSeal-Registry patch found in
+ the docs/Registry subdirectory.</para
+
+ <para>Default: <command>server schannel = auto</command></para>
+
+ <para>Example: <command>server schannel = yes</command>/para>
+ </listitem>
+ <samba:parameter> \ No newline at end of file