summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/docbook/projdoc/Samba-BDC-HOWTO.sgml12
-rw-r--r--docs/docbook/projdoc/ServerType.sgml2
-rw-r--r--docs/docbook/projdoc/UNIX_INSTALL.sgml4
-rw-r--r--docs/docbook/projdoc/passdb.sgml8
-rw-r--r--docs/docbook/projdoc/samba-doc.sgml6
-rw-r--r--docs/docbook/projdoc/securing-samba.sgml49
6 files changed, 54 insertions, 27 deletions
diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
index 8dbc007e4f..2f3b568471 100644
--- a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
+++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml
@@ -57,9 +57,9 @@ parameters in the [global]-section of the smb.conf have to be set:
</para>
<para><programlisting>
-workgroup = SAMBA
-domain master = yes
-domain logons = yes
+ workgroup = SAMBA
+ domain master = yes
+ domain logons = yes
</programlisting></para>
<para>
@@ -201,9 +201,9 @@ by setting
</para>
<para><programlisting>
-workgroup = samba
-domain master = no
-domain logons = yes
+ workgroup = samba
+ domain master = no
+ domain logons = yes
</programlisting></para>
<para>
diff --git a/docs/docbook/projdoc/ServerType.sgml b/docs/docbook/projdoc/ServerType.sgml
index b38a9c097d..7229a50201 100644
--- a/docs/docbook/projdoc/ServerType.sgml
+++ b/docs/docbook/projdoc/ServerType.sgml
@@ -85,7 +85,7 @@ LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc.
<para>
Please refer to the section on Howto configure Samba as a Primary Domain Controller
and for more information regarding how to create a domain machine account for a
-domain member server as well as for information regading how to enable the samba
+domain member server as well as for information regarding how to enable the samba
domain member machine to join the domain and to be fully trusted by it.
</para>
diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml
index 1019e524f7..3ad83c1f9d 100644
--- a/docs/docbook/projdoc/UNIX_INSTALL.sgml
+++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml
@@ -88,13 +88,13 @@
<para>
SWAT is a web-based interface that helps you configure samba.
SWAT might not be available in the samba package on your platform,
- but in a seperate package. Please read the swat manpage
+ but in a separate package. Please read the swat manpage
on compiling, installing and configuring swat from source.
</para>
<para>To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/". Replace <replaceable>localhost</replaceable> with the name of the computer you are running samba on if you
- are running samba on a different computer then your browser.</para>
+ are running samba on a different computer than your browser.</para>
<para>Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml
index 6f256daddd..523a34603d 100644
--- a/docs/docbook/projdoc/passdb.sgml
+++ b/docs/docbook/projdoc/passdb.sgml
@@ -238,8 +238,8 @@ data is stored at all.
<sect1>
<title>TDB</title>
<para>Samba can also store the user data in a "TDB" (Trivial Database). Using this backend
-doesn't require any additional configuration. This backend is recommended for new installations who
-don't require LDAP.
+doesn't require any additional configuration. This backend is recommended for new installations that
+don not require LDAP.
</para>
</sect1>
@@ -284,7 +284,7 @@ Two additional Samba resources which may prove to be helpful are
</sect2>
<sect2>
-<title>Introduction</title>
+<title>Encrypted Password Database</title>
<para>
Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt
@@ -327,7 +327,7 @@ API, and is still so named in the CVS trees).
</para>
<para>
-There are a few points to stress about what the ldapsam
+There are a few points to stress about that the ldapsam
does not provide. The LDAP support referred to in the this documentation does not
include:
</para>
diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml
index 3b5d054cad..a729caf99f 100644
--- a/docs/docbook/projdoc/samba-doc.sgml
+++ b/docs/docbook/projdoc/samba-doc.sgml
@@ -19,7 +19,7 @@
<abstract>
<para>
This book is a collection of HOWTOs added to Samba documentation over the years.
-Samba is always under development, and so is it's documentation. This release of the
+Samba is always under development, and so is its' documentation. This release of the
documentation represents a major revision or layout as well as contents.
The most recent version of this document can be found at
<ulink url="http://www.samba.org/">http://www.samba.org/</ulink>
@@ -35,8 +35,8 @@ or without their knowledge contributed to this update. The size and scope of thi
project would not have been possible without significant community contribution. A not
insignificant number of ideas for inclusion (if not content itself) has been obtained
from a number of Unofficial HOWTOs - to each such author a big "Thank-you" is also offered.
-Please keep publishing you Unofficial HOWTO's - they are a source of inspiration and
-application knowledge that is most to be desired by may Samba users and administrators.
+Please keep publishing your Unofficial HOWTO's - they are a source of inspiration and
+application knowledge that is most to be desired by many Samba users and administrators.
</para>
</abstract>
diff --git a/docs/docbook/projdoc/securing-samba.sgml b/docs/docbook/projdoc/securing-samba.sgml
index e9e8c4f9f8..eedc7ba725 100644
--- a/docs/docbook/projdoc/securing-samba.sgml
+++ b/docs/docbook/projdoc/securing-samba.sgml
@@ -2,6 +2,7 @@
<chapterinfo>
&author.tridge;
+ &author.jht;
<pubdate>17 March 2003</pubdate>
</chapterinfo>
@@ -36,8 +37,8 @@ might be:
</para>
<para><programlisting>
- hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
- hosts deny = 0.0.0.0/0
+ hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
+ hosts deny = 0.0.0.0/0
</programlisting></para>
<para>
@@ -66,8 +67,8 @@ You can change this behaviour using options like the following:
</para>
<para><programlisting>
- interfaces = eth* lo
- bind interfaces only = yes
+ interfaces = eth* lo
+ bind interfaces only = yes
</programlisting></para>
<para>
@@ -105,10 +106,10 @@ UDP ports to allow and block. Samba uses the following:
</para>
<para><programlisting>
-UDP/137 - used by nmbd
-UDP/138 - used by nmbd
-TCP/139 - used by smbd
-TCP/445 - used by smbd
+ UDP/137 - used by nmbd
+ UDP/138 - used by nmbd
+ TCP/139 - used by smbd
+ TCP/445 - used by smbd
</programlisting></para>
<para>
@@ -135,9 +136,9 @@ To do that you could use:
</para>
<para><programlisting>
- [ipc$]
- hosts allow = 192.168.115.0/24 127.0.0.1
- hosts deny = 0.0.0.0/0
+ [ipc$]
+ hosts allow = 192.168.115.0/24 127.0.0.1
+ hosts deny = 0.0.0.0/0
</programlisting></para>
<para>
@@ -164,6 +165,32 @@ methods listed above for some reason.
</sect1>
<sect1>
+<title>NTLMv2 Security</title>
+
+<para>
+To configure NTLMv2 authentication the following registry keys are worth knowing about:
+</para>
+
+<para>
+<programlisting>
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
+ "lmcompatibilitylevel"=dword:00000003
+
+ 0x3 - Send NTLMv2 response only. Clients will use NTLMv2 authentication,
+ use NTLMv2 session security if the server supports it. Domain
+ controllers accept LM, NTLM and NTLMv2 authentication.
+
+ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
+ "NtlmMinClientSec"=dword:00080000
+
+ 0x80000 - NTLMv2 session security. If either NtlmMinClientSec or
+ NtlmMinServerSec is set to 0x80000, the connection will fail if NTLMv2
+ session security is not negotiated.
+</programlisting>
+</para>
+</sect1>
+
+<sect1>
<title>Upgrading Samba</title>
<para>