summaryrefslogtreecommitdiff
path: root/docs/yodldocs/DOMAIN_MEMBER.yo
diff options
context:
space:
mode:
Diffstat (limited to 'docs/yodldocs/DOMAIN_MEMBER.yo')
-rw-r--r--docs/yodldocs/DOMAIN_MEMBER.yo35
1 files changed, 18 insertions, 17 deletions
diff --git a/docs/yodldocs/DOMAIN_MEMBER.yo b/docs/yodldocs/DOMAIN_MEMBER.yo
index 2b05c0e814..f52b6ab97c 100644
--- a/docs/yodldocs/DOMAIN_MEMBER.yo
+++ b/docs/yodldocs/DOMAIN_MEMBER.yo
@@ -1,6 +1,6 @@
mailto(samba-bugs@samba.org)
-article(Joining an NT Domain with Samba 2.0)(Jeremy Allison, Samba Team)(11th November 1998)
+article(Joining an NT Domain with Samba 2.0)(Jeremy Allison, Samba Team)(7th October 1999)
center(Joining an NT Domain with Samba 2.0)
center(-----------------------------------)
@@ -8,7 +8,8 @@ center(-----------------------------------)
In order for a Samba-2 server to join an NT domain, you must first add
the NetBIOS name of the Samba server to the NT domain on the PDC using
Server Manager for Domains. This creates the machine account in the
-domain (PDC) SAM.
+domain (PDC) SAM. Note that you should add the Samba server as a "Windows
+NT Workstation or Server", em(NOT) as a Primary or backup domain controller.
Assume you have a Samba-2 server with a NetBIOS name of tt(SERV1) and are
joining an NT domain called tt(DOM), which has a PDC with a NetBIOS name
@@ -21,7 +22,7 @@ command
tt(smbpasswd -j DOM -r DOMPDC)
as we are joining the domain DOM and the PDC for that domain (the only
-machine that has write access to the domain SAM database). If this is
+machine that has write access to the domain SAM database) is DOMPDC. If this is
successful you will see the message:
tt(smbpasswd: Joined domain DOM.)
@@ -31,8 +32,8 @@ man page for more details.
This command goes through the machine account password change
protocol, then writes the new (random) machine account password for
-this Samba server into the a file in the same directory in which an
-smbpasswd file would be stored (normally :
+this Samba server into a file in the same directory in which an
+smbpasswd file would be stored - normally :
tt(/usr/local/samba/private)
@@ -72,6 +73,10 @@ tt(workgroup = DOM)
as this is the name of the domain we are joining.
+You must also have the parameter url(bf("encrypt passwords"))(smb.conf.5.html#encryptpasswords)
+set to tt("yes") in order for your users to authenticate to the
+NT PDC.
+
Finally, add (or modify) a:
url(bf("password server ="))(smb.conf.5.html#passwordserver)
@@ -86,19 +91,15 @@ each of these servers in order, so you may want to rearrange this list
in order to spread out the authentication load among domain
controllers.
-Currently, Samba requires that a defined list of domain controllers be
-listed in this parameter in order to authenticate with domain-level
-security. NT does not use this method, and will either broadcast or
-use a WINS database in order to find domain controllers to
-authenticate against.
+Alternatively, if you want smbd to automatically determine the
+list of Domain controllers to use for authentication, you may set this line to be :
-Originally, I considered this idea for Samba, but dropped it because
-it seemed so insecure. However several Samba-2 alpha users have
-requested that this feature be added to make Samba more NT-like, so
-I'll probably add a special name of tt('*') (which means: act like NT
-when looking for domain controllers) in a future release of the
-code. At present, however, you need to know where your domain
-controllers are.
+tt(password server = *)
+
+This method, which is new in Samba 2.0.6 and above, allows Samba
+to use exactly the same mechanism that NT does. This method either broadcasts or
+uses a WINS database in order to find domain controllers to
+authenticate against.
Finally, restart your Samba daemons and get ready for clients to begin
using domain security!
generated by cgit (git 2.34.1) at 2024-06-02 08:44:48 +0000