diff options
-rw-r--r-- | docs/docbook/projdoc/Samba-BDC-HOWTO.sgml | 12 | ||||
-rw-r--r-- | docs/docbook/projdoc/ServerType.sgml | 2 | ||||
-rw-r--r-- | docs/docbook/projdoc/UNIX_INSTALL.sgml | 4 | ||||
-rw-r--r-- | docs/docbook/projdoc/passdb.sgml | 8 | ||||
-rw-r--r-- | docs/docbook/projdoc/samba-doc.sgml | 6 | ||||
-rw-r--r-- | docs/docbook/projdoc/securing-samba.sgml | 49 |
6 files changed, 54 insertions, 27 deletions
diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml index 8dbc007e4f..2f3b568471 100644 --- a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml @@ -57,9 +57,9 @@ parameters in the [global]-section of the smb.conf have to be set: </para> <para><programlisting> -workgroup = SAMBA -domain master = yes -domain logons = yes + workgroup = SAMBA + domain master = yes + domain logons = yes </programlisting></para> <para> @@ -201,9 +201,9 @@ by setting </para> <para><programlisting> -workgroup = samba -domain master = no -domain logons = yes + workgroup = samba + domain master = no + domain logons = yes </programlisting></para> <para> diff --git a/docs/docbook/projdoc/ServerType.sgml b/docs/docbook/projdoc/ServerType.sgml index b38a9c097d..7229a50201 100644 --- a/docs/docbook/projdoc/ServerType.sgml +++ b/docs/docbook/projdoc/ServerType.sgml @@ -85,7 +85,7 @@ LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc. <para> Please refer to the section on Howto configure Samba as a Primary Domain Controller and for more information regarding how to create a domain machine account for a -domain member server as well as for information regading how to enable the samba +domain member server as well as for information regarding how to enable the samba domain member machine to join the domain and to be fully trusted by it. </para> diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml index 1019e524f7..3ad83c1f9d 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.sgml +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -88,13 +88,13 @@ <para> SWAT is a web-based interface that helps you configure samba. SWAT might not be available in the samba package on your platform, - but in a seperate package. Please read the swat manpage + but in a separate package. Please read the swat manpage on compiling, installing and configuring swat from source. </para> <para>To launch SWAT just run your favorite web browser and point it at "http://localhost:901/". Replace <replaceable>localhost</replaceable> with the name of the computer you are running samba on if you - are running samba on a different computer then your browser.</para> + are running samba on a different computer than your browser.</para> <para>Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml index 6f256daddd..523a34603d 100644 --- a/docs/docbook/projdoc/passdb.sgml +++ b/docs/docbook/projdoc/passdb.sgml @@ -238,8 +238,8 @@ data is stored at all. <sect1> <title>TDB</title> <para>Samba can also store the user data in a "TDB" (Trivial Database). Using this backend -doesn't require any additional configuration. This backend is recommended for new installations who -don't require LDAP. +doesn't require any additional configuration. This backend is recommended for new installations that +don not require LDAP. </para> </sect1> @@ -284,7 +284,7 @@ Two additional Samba resources which may prove to be helpful are </sect2> <sect2> -<title>Introduction</title> +<title>Encrypted Password Database</title> <para> Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt @@ -327,7 +327,7 @@ API, and is still so named in the CVS trees). </para> <para> -There are a few points to stress about what the ldapsam +There are a few points to stress about that the ldapsam does not provide. The LDAP support referred to in the this documentation does not include: </para> diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index 3b5d054cad..a729caf99f 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -19,7 +19,7 @@ <abstract> <para> This book is a collection of HOWTOs added to Samba documentation over the years. -Samba is always under development, and so is it's documentation. This release of the +Samba is always under development, and so is its' documentation. This release of the documentation represents a major revision or layout as well as contents. The most recent version of this document can be found at <ulink url="http://www.samba.org/">http://www.samba.org/</ulink> @@ -35,8 +35,8 @@ or without their knowledge contributed to this update. The size and scope of thi project would not have been possible without significant community contribution. A not insignificant number of ideas for inclusion (if not content itself) has been obtained from a number of Unofficial HOWTOs - to each such author a big "Thank-you" is also offered. -Please keep publishing you Unofficial HOWTO's - they are a source of inspiration and -application knowledge that is most to be desired by may Samba users and administrators. +Please keep publishing your Unofficial HOWTO's - they are a source of inspiration and +application knowledge that is most to be desired by many Samba users and administrators. </para> </abstract> diff --git a/docs/docbook/projdoc/securing-samba.sgml b/docs/docbook/projdoc/securing-samba.sgml index e9e8c4f9f8..eedc7ba725 100644 --- a/docs/docbook/projdoc/securing-samba.sgml +++ b/docs/docbook/projdoc/securing-samba.sgml @@ -2,6 +2,7 @@ <chapterinfo> &author.tridge; + &author.jht; <pubdate>17 March 2003</pubdate> </chapterinfo> @@ -36,8 +37,8 @@ might be: </para> <para><programlisting> - hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 - hosts deny = 0.0.0.0/0 + hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 + hosts deny = 0.0.0.0/0 </programlisting></para> <para> @@ -66,8 +67,8 @@ You can change this behaviour using options like the following: </para> <para><programlisting> - interfaces = eth* lo - bind interfaces only = yes + interfaces = eth* lo + bind interfaces only = yes </programlisting></para> <para> @@ -105,10 +106,10 @@ UDP ports to allow and block. Samba uses the following: </para> <para><programlisting> -UDP/137 - used by nmbd -UDP/138 - used by nmbd -TCP/139 - used by smbd -TCP/445 - used by smbd + UDP/137 - used by nmbd + UDP/138 - used by nmbd + TCP/139 - used by smbd + TCP/445 - used by smbd </programlisting></para> <para> @@ -135,9 +136,9 @@ To do that you could use: </para> <para><programlisting> - [ipc$] - hosts allow = 192.168.115.0/24 127.0.0.1 - hosts deny = 0.0.0.0/0 + [ipc$] + hosts allow = 192.168.115.0/24 127.0.0.1 + hosts deny = 0.0.0.0/0 </programlisting></para> <para> @@ -164,6 +165,32 @@ methods listed above for some reason. </sect1> <sect1> +<title>NTLMv2 Security</title> + +<para> +To configure NTLMv2 authentication the following registry keys are worth knowing about: +</para> + +<para> +<programlisting> + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] + "lmcompatibilitylevel"=dword:00000003 + + 0x3 - Send NTLMv2 response only. Clients will use NTLMv2 authentication, + use NTLMv2 session security if the server supports it. Domain + controllers accept LM, NTLM and NTLMv2 authentication. + + [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0] + "NtlmMinClientSec"=dword:00080000 + + 0x80000 - NTLMv2 session security. If either NtlmMinClientSec or + NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2 + session security is not negotiated. +</programlisting> +</para> +</sect1> + +<sect1> <title>Upgrading Samba</title> <para> |