summaryrefslogtreecommitdiff
path: root/docs/docbook
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2003-04-04 15:21:04 +0000
committerVolker Lendecke <vlendec@samba.org>2003-04-04 15:21:04 +0000
commit02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b (patch)
tree099bc90dbf63fd218f7f6d45cf88223b172c0c34 /docs/docbook
parentd9613a1a3c37dca9f695b1361a0fd5d2b3f503cd (diff)
downloadsamba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.tar.gz
samba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.tar.bz2
samba-02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b.zip
This is a merge of the NETLOGON schannel server code from Samba
TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG as I found out later :-) It adds a new parameter: server schannel = yes/auto/no defaulting to auto. What does this mean to the user: No requireSignOrSeal registry patch for XP anymore. Many thanks for this code to Luke Leighton, Elrond and anybody else I forgot to mention. My next thing will be to see if this applies cleanly to 3_0. Please test and comment! Volker (This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b)
Diffstat (limited to 'docs/docbook')
-rw-r--r--docs/docbook/manpages/smb.conf.5.sgml26
-rw-r--r--docs/docbook/smbdotconf/security/serverschannel.xml24
2 files changed, 50 insertions, 0 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 2fbd27b934..40c4963c8d 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -744,6 +744,7 @@ alias|alias|alias|alias...
<listitem><para><link linkend="ROOTDIR"><parameter>root dir</parameter></link></para></listitem>
<listitem><para><link linkend="ROOTDIRECTORY"><parameter>root directory</parameter></link></para></listitem>
<listitem><para><link linkend="SECURITY"><parameter>security</parameter></link></para></listitem>
+ <listitem><para><link linkend="SERVERSCHANNEL"><parameter>server schannel</parameter></link></para></listitem>
<listitem><para><link linkend="SERVERSTRING"><parameter>server string</parameter></link></para></listitem>
<listitem><para><link linkend="SETPRIMARYGROUPSCRIPT"><parameter>set primary group script</parameter></link></para></listitem>
<listitem><para><link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para></listitem>
@@ -6923,6 +6924,31 @@ print5|My Printer 5
<varlistentry>
+ <term><anchor id="SERVERSCHANNEL"/>server schannel (G)</term>
+ <listitem>
+
+ <para>This controls whether the server offers or even
+ demands the use of the netlogon schannel.
+ <parameter>server schannel = no</parameter> does not
+ offer the schannel, <parameter>server schannel =
+ auto</parameter> offers the schannel but does not
+ enforce it, and <parameter>server schannel =
+ yes</parameter> denies access if the client is not
+ able to speak netlogon schannel. This is only the case
+ for Windows NT4 before SP4.</para>
+
+ <para>Please note that with this set to
+ <parameter>no</parameter> you will have to apply the
+ WindowsXP requireSignOrSeal-Registry patch found in
+ the docs/Registry subdirectory.</para
+
+ <para>Default: <command>server schannel = auto</command></para>
+
+ <para>Example: <command>server schannel = yes</command>/para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><anchor id="SERVERSTRING"/>server string (G)</term>
<listitem><para>This controls what string will show up in the
printer comment box in print manager and next to the IPC connection
diff --git a/docs/docbook/smbdotconf/security/serverschannel.xml b/docs/docbook/smbdotconf/security/serverschannel.xml
new file mode 100644
index 0000000000..05261fa417
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/serverschannel.xml
@@ -0,0 +1,24 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="SERVERSCHANNEL"/>server schannel (G)</term>
+ <listitem>
+
+ <para>This controls whether the server offers or even
+ demands the use of the netlogon schannel.
+ <parameter>server schannel = no</parameter> does not
+ offer the schannel, <parameter>server schannel =
+ auto</parameter> offers the schannel but does not
+ enforce it, and <parameter>server schannel =
+ yes</parameter> denies access if the client is not
+ able to speak netlogon schannel. This is only the case
+ for Windows NT4 before SP4.</para>
+
+ <para>Please note that with this set to
+ <parameter>no</parameter> you will have to apply the
+ WindowsXP requireSignOrSeal-Registry patch found in
+ the docs/Registry subdirectory.</para
+
+ <para>Default: <command>server schannel = auto</command></para>
+
+ <para>Example: <command>server schannel = yes</command>/para>
+ </listitem>
+ <samba:parameter> \ No newline at end of file