diff options
author | Jelmer Vernooij <jelmer@samba.org> | 2003-07-10 23:12:00 +0000 |
---|---|---|
committer | Jelmer Vernooij <jelmer@samba.org> | 2003-07-10 23:12:00 +0000 |
commit | 38e71c101cfb975b99c4cf3ebbfb45f4e8f6e10e (patch) | |
tree | ef7c435313d05eef2d3f63afae6cbbea65a2d1dc /docs/docbook/smbdotconf | |
parent | d4494204fe91f8497cb2b1162a2da7c47e5273dc (diff) | |
download | samba-38e71c101cfb975b99c4cf3ebbfb45f4e8f6e10e.tar.gz samba-38e71c101cfb975b99c4cf3ebbfb45f4e8f6e10e.tar.bz2 samba-38e71c101cfb975b99c4cf3ebbfb45f4e8f6e10e.zip |
Document 'security = ads'
(This used to be commit f197e458b59d7d0c271514bedb9ff3063023cf6f)
Diffstat (limited to 'docs/docbook/smbdotconf')
-rw-r--r-- | docs/docbook/smbdotconf/security/security.xml | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/docs/docbook/smbdotconf/security/security.xml b/docs/docbook/smbdotconf/security/security.xml index c9d6a7034e..030abc1de1 100644 --- a/docs/docbook/smbdotconf/security/security.xml +++ b/docs/docbook/smbdotconf/security/security.xml @@ -214,7 +214,7 @@ it must have a valid <filename moreinfo="none">smbpasswd</filename> file to check users against. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up.</para> - <para><emphasis>Note</emphasis> this mode of operation has + <note><para>This mode of operation has significant pitfalls, due to the fact that is activly initiates a man-in-the-middle attack on the remote SMB server. In particular, this mode of operation can cause significant resource consuption on @@ -222,13 +222,13 @@ of the user's session. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authenticaions to the Samba server may fail. (From a single client, till it disconnects). - </para> + </para></note> - <para><emphasis>Note</emphasis> that from the client's point of + <note><para>From the client's point of view <command moreinfo="none">security = server</command> is the same as <command moreinfo="none">security = user</command>. It only affects how the server deals with the authentication, it does - not in any way affect what the client sees.</para> + not in any way affect what the client sees.</para></note> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -245,6 +245,23 @@ <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"> <parameter moreinfo="none">encrypted passwords</parameter></link> parameter.</para> + + <para><anchor id="SECURITYEQUALSADS"/><emphasis>SECURITY = ADS</emphasis></para> + + <para>In this mode, Samba will act as a domain member in an ADS realm. To operate + in this mode, the machine running Samba will need to have Kerberos installed + and configured and Samba will need to be joined to the ADS realm using the + net utility. </para> + + <para>Note that this mode does NOT make Samba operate as a Active Directory Domain + Controller. </para> + + <para>Read the chapter about Domain Membership in the HOWTO for details.</para> + + <para>See also the <link linkend="ADSSERVER"><parameter moreinfo="none">ads server + </parameter></link> parameter, the <link linkend="REALM"><parameter moreinfo="none">realm + </parameter></link> paramter and the <link linkend="ENCRYPTPASSWORDS"> + <parameter moreinfo="none">encrypted passwords</parameter></link> parameter.</para> <para>Default: <command moreinfo="none">security = USER</command></para> <para>Example: <command moreinfo="none">security = DOMAIN</command></para> |