diff options
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml index d0178632ee..53b7d1aedc 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml @@ -797,72 +797,6 @@ but in most cases the following will suffice: </sect2> -<sect2> -<title>Why Is This Better Than <parameter>security = server</parameter>?</title> - -<para> -<indexterm><primary>domain security</primary></indexterm> -<indexterm><primary>UNIX users</primary></indexterm> -<indexterm><primary>authentication</primary></indexterm> -Currently, domain security in Samba does not free you from having to create local UNIX users to represent the -users attaching to your server. This means that if domain user <constant>DOM\fred</constant> attaches to your -domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file -system. This is similar to the older Samba security mode <smbconfoption -name="security">server</smbconfoption>, where Samba would pass through the authentication request to a Windows -NT server in the same way as a Windows 95 or Windows 98 server would. -</para> - -<para> -<indexterm><primary>winbind</primary></indexterm> -<indexterm><primary>UID</primary></indexterm> -<indexterm><primary>GID</primary></indexterm> -Please refer to <link linkend="winbind">Winbind: Use of Domain Accounts</link>, for information on a system -to automatically assign UNIX UIDs and GIDs to Windows NT domain users and groups. -</para> - -<para> -<indexterm><primary>domain-level</primary></indexterm> -<indexterm><primary>authentication</primary></indexterm> -<indexterm><primary>RPC</primary></indexterm> -The advantage of domain-level security is that the authentication in domain-level security is passed down the -authenticated RPC channel in exactly the same way that an NT server would do it. This means Samba servers now -participate in domain trust relationships in exactly the same way NT servers do (i.e., you can add Samba -servers into a resource domain and have the authentication passed on from a resource domain PDC to an account -domain PDC). -</para> - -<para> -<indexterm><primary>PDC</primary></indexterm> -<indexterm><primary>BDC</primary></indexterm> -<indexterm><primary>connection resources</primary></indexterm> -In addition, with <smbconfoption name="security">server</smbconfoption>, every Samba daemon on a server has to -keep a connection open to the authenticating server for as long as that daemon lasts. This can drain the -connection resources on a Microsoft NT server and cause it to run out of available connections. With -<smbconfoption name="security">domain</smbconfoption>, however, the Samba daemons connect to the PDC or BDC -only for as long as is necessary to authenticate the user and then drop the connection, thus conserving PDC -connection resources. -</para> - -<para> -<indexterm><primary>PDC</primary></indexterm> -<indexterm><primary>authentication reply</primary></indexterm> -<indexterm><primary>SID</primary></indexterm> -<indexterm><primary>NT groups</primary></indexterm> -Finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the -authentication reply, the Samba server gets the user identification information such as the user SID, the list -of NT groups the user belongs to, and so on. -</para> - -<note> -<para> -Much of the text of this document was first published in the Web magazine -<ulink url="http://www.linuxworld.com"><emphasis>LinuxWorld</emphasis></ulink> as the article <ulink -url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"/> -<emphasis>Doing the NIS/NT Samba</emphasis>. -</para> -</note> - -</sect2> </sect1> <sect1 id="ads-member"> |