From f84893a54b27828946ca75e72542116a560315d6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Sep 2012 11:57:05 -0700 Subject: docs: remove references to security=server --- docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 66 -------------------------- 1 file changed, 66 deletions(-) (limited to 'docs-xml/Samba3-HOWTO') diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml index d0178632ee..53b7d1aedc 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml @@ -797,72 +797,6 @@ but in most cases the following will suffice: - -Why Is This Better Than <parameter>security = server</parameter>? - - -domain security -UNIX users -authentication -Currently, domain security in Samba does not free you from having to create local UNIX users to represent the -users attaching to your server. This means that if domain user DOM\fred attaches to your -domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file -system. This is similar to the older Samba security mode server, where Samba would pass through the authentication request to a Windows -NT server in the same way as a Windows 95 or Windows 98 server would. - - - -winbind -UID -GID -Please refer to Winbind: Use of Domain Accounts, for information on a system -to automatically assign UNIX UIDs and GIDs to Windows NT domain users and groups. - - - -domain-level -authentication -RPC -The advantage of domain-level security is that the authentication in domain-level security is passed down the -authenticated RPC channel in exactly the same way that an NT server would do it. This means Samba servers now -participate in domain trust relationships in exactly the same way NT servers do (i.e., you can add Samba -servers into a resource domain and have the authentication passed on from a resource domain PDC to an account -domain PDC). - - - -PDC -BDC -connection resources -In addition, with server, every Samba daemon on a server has to -keep a connection open to the authenticating server for as long as that daemon lasts. This can drain the -connection resources on a Microsoft NT server and cause it to run out of available connections. With -domain, however, the Samba daemons connect to the PDC or BDC -only for as long as is necessary to authenticate the user and then drop the connection, thus conserving PDC -connection resources. - - - -PDC -authentication reply -SID -NT groups -Finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the -authentication reply, the Samba server gets the user identification information such as the user SID, the list -of NT groups the user belongs to, and so on. - - - - -Much of the text of this document was first published in the Web magazine -LinuxWorld as the article -Doing the NIS/NT Samba. - - - - -- cgit