diff options
Diffstat (limited to 'docs/docbook/smbdotconf/protocol')
| -rw-r--r-- | docs/docbook/smbdotconf/protocol/nameresolveorder.xml | 24 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/protocol/usespnego.xml | 2 |
2 files changed, 19 insertions, 7 deletions
diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml index 897d04ad1c..4e88495489 100644 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml @@ -5,7 +5,8 @@ <listitem> <para>This option is used by the programs in the Samba suite to determine what naming services to use and in what order - to resolve host names to IP addresses. The option takes a space + to resolve host names to IP addresses. Its main purpose to is to + control how netbios name resolution is performed. The option takes a space separated string of name resolution options.</para> <para>The options are: "lmhosts", "host", @@ -16,7 +17,8 @@ <listitem> <para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then any name type matches for lookup.</para> </listitem> @@ -26,9 +28,10 @@ </filename>, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename> - file. Note that this method is only used if the NetBIOS name - type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para> + file. Note that this method is used only if the NetBIOS name + type being queried is the 0x20 (server) name type or 0x1c (domain controllers). + The latter case is only useful for active directory domains and results in a DNS + query for the SRV RR entry matching _ldap._tcp.domain.</para> </listitem> <listitem> @@ -50,9 +53,18 @@ <para>Default: <command moreinfo="none">name resolve order = lmhosts host wins bcast</command></para> <para>Example: <command moreinfo="none">name resolve order = lmhosts bcast host</command></para> - + <para>This will cause the local lmhosts file to be examined first, followed by a broadcast attempt, followed by a normal system hostname lookup.</para> + + <para>When Samba is functioning in ADS security mode (<command moreinfo="none">security = ads</command>) + it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para> + + <para><command moreinfo="none">name resolve order = wins bcast</command></para> + + <para>DC lookups will still be done via DNS, but fallbacks to netbios names will + not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</para> + </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/usespnego.xml b/docs/docbook/smbdotconf/protocol/usespnego.xml index 88c9f1df7a..7dddbd3f74 100644 --- a/docs/docbook/smbdotconf/protocol/usespnego.xml +++ b/docs/docbook/smbdotconf/protocol/usespnego.xml @@ -5,7 +5,7 @@ <listitem> <para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. + WindowsXP and Windows2000 clients to agree upon an authentication mechanism. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled.</para> |