summaryrefslogtreecommitdiff
path: root/docs/htmldocs/DOMAIN_MEMBER.html
diff options
context:
space:
mode:
Diffstat (limited to 'docs/htmldocs/DOMAIN_MEMBER.html')
-rw-r--r--docs/htmldocs/DOMAIN_MEMBER.html63
1 files changed, 56 insertions, 7 deletions
diff --git a/docs/htmldocs/DOMAIN_MEMBER.html b/docs/htmldocs/DOMAIN_MEMBER.html
index 6ae8e7a49d..051b72f8d0 100644
--- a/docs/htmldocs/DOMAIN_MEMBER.html
+++ b/docs/htmldocs/DOMAIN_MEMBER.html
@@ -1,7 +1,7 @@
<HTML
><HEAD
><TITLE
-></TITLE
+>security = domain in Samba 2.x</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
@@ -15,11 +15,20 @@ ALINK="#0000FF"
><DIV
CLASS="ARTICLE"
><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="AEN1"
+>security = domain in Samba 2.x</A
+></H1
+><HR></DIV
+><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
-NAME="AEN2"
+NAME="AEN3"
>Joining an NT Domain with Samba 2.2</A
></H1
><P
@@ -85,6 +94,11 @@ TARGET="_top"
> smbpasswd(8)</A
> man page for more details.</P
><P
+>There is existing development code to join a domain
+ without having to create the machine trust account on the PDC
+ beforehand. This code will hopefully be available soon
+ in release branches as well.</P
+><P
>This command goes through the machine account password
change protocol, then writes the new (random) machine account
password for this Samba server into a file in the same directory
@@ -104,11 +118,11 @@ CLASS="REPLACEABLE"
><I
>&lt;NT DOMAIN NAME&gt;</I
></TT
->.
- <TT
+>.<TT
CLASS="REPLACEABLE"
><I
->&lt;Samba Server Name&gt;</I
+>&lt;Samba
+ Server Name&gt;</I
></TT
>.mac</TT
></P
@@ -242,7 +256,32 @@ CLASS="SECT1"
><HR><H1
CLASS="SECT1"
><A
-NAME="AEN65"
+NAME="AEN67"
+>Samba and Windows 2000 Domains</A
+></H1
+><P
+>Many people have asked regarding the state of Samba's ability to participate in
+a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows
+2000 domain operating in mixed or native mode.</P
+><P
+>There is much confusion between the circumstances that require a "mixed" mode
+Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode
+Win2k domain controller is only needed if Windows NT BDCs must exist in the same
+domain. By default, a Win2k DC in "native" mode will still support
+NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and
+NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.</P
+><P
+>The steps for adding a Samba 2.2 host to a Win2k domain are the same as those
+for adding a Samba server to a Windows NT 4.0 domain. The only exception is that
+the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and
+Computers" MMC (Microsoft Management Console) plugin.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN72"
>Why is this better than security = server?</A
></H1
><P
@@ -256,7 +295,7 @@ CLASS="CONSTANT"
to be a local Unix user fred to represent that user in the Unix
filesystem. This is very similar to the older Samba security mode
<A
-HREF="smb.conf.5.html#SECURITYEQUALSERVER"
+HREF="smb.conf.5.html#SECURITYEQUALSSERVER"
TARGET="_top"
>security = server</A
>,
@@ -264,6 +303,16 @@ TARGET="_top"
NT server in the same way as a Windows 95 or Windows 98 server would.
</P
><P
+>Please refer to the <A
+HREF="winbind.html"
+TARGET="_top"
+>Winbind
+ paper</A
+> for information on a system to automatically
+ assign UNIX uids and gids to Windows NT Domain users and groups.
+ This code is available in development branches only at the moment,
+ but will be moved to release branches soon.</P
+><P
>The advantage to domain-level security is that the
authentication in domain-level security is passed down the authenticated
RPC channel in exactly the same way that an NT server would do it. This