summaryrefslogtreecommitdiff
path: root/docs/textdocs
diff options
context:
space:
mode:
Diffstat (limited to 'docs/textdocs')
-rw-r--r--docs/textdocs/samba-pdc-faq.txt18
-rw-r--r--docs/textdocs/samba-pdc-howto.txt33
2 files changed, 38 insertions, 13 deletions
diff --git a/docs/textdocs/samba-pdc-faq.txt b/docs/textdocs/samba-pdc-faq.txt
index 4b54c4d3ef..e6222ad422 100644
--- a/docs/textdocs/samba-pdc-faq.txt
+++ b/docs/textdocs/samba-pdc-faq.txt
@@ -133,13 +133,27 @@ State of Play
It should be noted that 2.2.0 in its pre-release form still has a few
problems, I'll try and keep this section current while things are
- still dynamic. At the time of this update (November 13, 2000) the
+ still dynamic. At the time of this update (December 15, 2000) the
current state of play is :
Comments here about W2K joining the domain apply only to Samba 2.2
from the CVS after November 27th. The 'snapshot' release
Samba2.2alpha1 does not work !!! See below on how to get a CVS tree.
+ Known Bug !W2K machines will not successfully join a domain with a
+ name that is made up from an even number of characters. Yep, thats
+ right ! BIOTEST is OK as is MYDOMAI but MYDOMAIN will not work until
+ this bug is fixed. Hmm.., we believe that this bug is fixed, but see
+ below.
+
+ Known Bug !After some bugs were fixed just before Christmas, W2K SP1
+ machines cannot join the domain. Expected to be fixed early in the new
+ year. Whats that ? yeah, samba developers have a Christmas break too !
+
+ Know Bug !NTs (and possibly W2K ?) are not told the logged on user is
+ a domain admin if the parameter "domain admin users = user" is used.
+ The alternative, "domain admin group" does work. See the HowTo.
+
Client Side creation of Machine accounts does work but is not
complete. Firstly, the add user script runs as the user who's name was
entered, not as root. Secondly, the machine name passed to the script
@@ -839,6 +853,8 @@ URLs and similar
* Lars Kneschke's site covers Samba-TNG at
http://www.kneschke.de/projekte/samba_tng, but again, a lot of it
does not apply to the main stream Samba.
+ * See how Scott Merrill simulates a BDC behaviour at
+ http://www.skippy.net/linux/smb-howto.html.
* Although 2.0.7 has almost had its day as a PDC, I (drb) will keep
the 2.0.7 PDC pages at http://bioserve.latrobe.edu.au/samba going
for a while yet.
diff --git a/docs/textdocs/samba-pdc-howto.txt b/docs/textdocs/samba-pdc-howto.txt
index 0073d2947b..5ed15cdf4a 100644
--- a/docs/textdocs/samba-pdc-howto.txt
+++ b/docs/textdocs/samba-pdc-howto.txt
@@ -7,7 +7,7 @@ David Bannon
_________________________________________________________________
_________________________________________________________________
- Comments, corrections and additions to <D.Bannon@latrobe.edu.au>
+ Comments, corrections and additions to <dbannon@samba.org>
This document explains how to setup Samba as a Primary Domain
Controller and applies to version 2.2.0. Before using these functions
@@ -251,7 +251,7 @@ A sample conf file
encrypt passwords = yes
domain logons =yes
logon script = scripts\%U.bat
- domain admin users = root dbannon andrew
+ domain admin group = @adm
add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/n
ull -s /bin/false %m$
guest account = ftp
@@ -287,10 +287,17 @@ PDC Config Parameters
and the other parameters are chosen as suitable for a machine
account. Works for RH Linux, your system may require changes.
+ domain admin group = @adm
+ This parameter specifies a unix group whose members will be
+ granted admin privileges on a NT workstation when logged onto
+ that workstation. See the section called Domain Admin Accounts.
+
domain admin users = user1 users2
- This parameter specifies a unix user who will be granted admin
- privileges on a NT workstation when logged onto that
- workstation. See the section called Domain Admin Accounts.
+ It appears that this parameter does not funtion correctly at
+ present. Use the 'domain admin group' instread. This parameter
+ specifies a unix user who will be granted admin privileges on a
+ NT workstation when logged onto that workstation. See the
+ section called Domain Admin Accounts.
encrypt passwords = yes
This parameter must be 'yes' to allow any of the recent service
@@ -462,16 +469,18 @@ Domain Admin Accounts
Samba 2.2 recognizes particular users as being domain admins and tells
the NTws when it thinks that it has got one logged on. In the smb.conf
- file we declare that the Domain Admin users = user1 user2. Any user
- mentioned here will be treated as a Domain Admin by a NTws when logged
- onto the Domain. They will have full Administrator rights including
- the rights to change permissions on files and run the system utilities
- such as Disk Administrator.
+ file we declare that the Domain Admin group = @adm. Any user who is a
+ menber of the unix group 'adm' is treated as a Domain Admin by a NTws
+ when logged onto the Domain. They will have full Administrator rights
+ including the rights to change permissions on files and run the system
+ utilities such as Disk Administrator. Add users to the group by
+ editing /etc/group/. You do not need to use the 'adm' group, choose
+ any one you like.
Further, and this is very new, they will be allowed to create a new
machine account when first connecting a new NT or W2K machine to the
- domain. At present, ie pre-release, only a Domain Admin who also
- happens to be root can do so.
+ domain. However, at present, ie pre-release, only a Domain Admin who
+ also happens to be root can do so.
_________________________________________________________________
Chapter 4. Profiles, Policies and Logon Scripts