diff options
Diffstat (limited to 'docs/docbook')
-rw-r--r-- | docs/docbook/projdoc/ServerType.xml | 9 | ||||
-rw-r--r-- | docs/docbook/projdoc/StandAloneServer.xml | 19 |
2 files changed, 10 insertions, 18 deletions
diff --git a/docs/docbook/projdoc/ServerType.xml b/docs/docbook/projdoc/ServerType.xml index 8b567ca16f..73c7d05212 100644 --- a/docs/docbook/projdoc/ServerType.xml +++ b/docs/docbook/projdoc/ServerType.xml @@ -432,15 +432,6 @@ be determined from a domain name. In essence a samba server that is in workgroup mode. </para></note> -<note><para> -<emphasis>Server level</emphasis> security is incompatible with the newer security features -in recent MS Windows networking protocols. In particular it is incompatible with NTLMv2. -Server Mode security also breaks Sign and Seal interoperability because only a domain member -can sign packets in the manner in which it is currently implemented in Samba-3. -If you chose to use Server Mode security this means it is necessary to disable Sign and Seal -on all workstations. -</para></note> - <sect3> <title>Example Configuration</title> <para><emphasis> diff --git a/docs/docbook/projdoc/StandAloneServer.xml b/docs/docbook/projdoc/StandAloneServer.xml index 1246ff0f3a..4646755b50 100644 --- a/docs/docbook/projdoc/StandAloneServer.xml +++ b/docs/docbook/projdoc/StandAloneServer.xml @@ -5,7 +5,7 @@ <title>Stand-Alone Servers</title> <para> -Stand-Alone servers are independant of an Domain Controllers on the network. +Stand-Alone servers are independant of Domain Controllers on the network. They are NOT domain members and function more like workgroup servers. In many cases a stand-alone server is configured with a minimum of security control with the intent that all data served will be readilly accessible to all users. @@ -42,11 +42,11 @@ a great solution. <title>Background</title> <para> -The term <emphasis>stand alone server</emphasis> means that the server +The term <emphasis>stand-alone server</emphasis> means that the server will provide local authentication and access control for all resources that are available from it. In general this means that there will be a local user database. In more technical terms, it means that resources -on the machine will either be made available in either SHARE mode or in +on the machine will be made available in either SHARE mode or in USER mode. </para> @@ -70,11 +70,11 @@ the samba server is NOT a member of a domain security context. <para> Through the use of PAM (Pluggable Authentication Modules) and nsswitch (the name service switcher) the source of authentication may reside on -another server. We would be inclined to call this the authentication server. -This means that the samba server may use the local Unix/Linux system -password database (/etc/passwd or /etc/shadow), may use a local smbpasswd -file, or may use an LDAP back end, or even via PAM and Winbind another CIFS/SMB -server for authentication. +another server. We call this the authentication server. This means that +the samba server may use the local Unix/Linux system password database +(/etc/passwd or /etc/shadow), may use a local smbpasswd file, or may use +an LDAP back end, or even via PAM and Winbind another CIFS/SMB server +for authentication. </para> </sect1> @@ -121,7 +121,8 @@ Put one here! <title>Common Errors</title> <para> -Put stuff here. +The greatest mistake so often made is to make a network configuration too complex. +It pays to use the simplest solution that will meet the needs of the moment. </para> </sect1> |