From afcd3c625d883e84666990ce759615f16d45c596 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 10 Nov 2011 21:16:18 +1100 Subject: docs: Add documentation for server role --- docs-xml/smbdotconf/security/security.xml | 7 ++- docs-xml/smbdotconf/security/serverrole.xml | 69 +++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 docs-xml/smbdotconf/security/serverrole.xml (limited to 'docs-xml/smbdotconf') diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml index 55e147e8dc..74ea569b86 100644 --- a/docs-xml/smbdotconf/security/security.xml +++ b/docs-xml/smbdotconf/security/security.xml @@ -42,9 +42,14 @@ The different settings will now be explained. + SECURITY = AUTO + + This is the default security setting in Samba, and causes Samba to consult + the parameter (if set) to determine the security mode. + SECURITY = USER - This is the default security setting in Samba. + If is not specified, this is the default security setting in Samba. With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the parameter). Encrypted passwords (see the parameter) can also diff --git a/docs-xml/smbdotconf/security/serverrole.xml b/docs-xml/smbdotconf/security/serverrole.xml new file mode 100644 index 0000000000..5832887040 --- /dev/null +++ b/docs-xml/smbdotconf/security/serverrole.xml @@ -0,0 +1,69 @@ + + + This option determines the basic operating mode of a Samba + server and is one of the most important settings in the smb.conf file. + + The default is server role = auto, as causes + Samba to operate according to the setting, or if not + specified as a simple file server that is not connected to any domain. + + The alternatives are + server role = standalone or server role = member server + , which support joining Samba to a Windows domain, along with server role = domain controller, which run Samba as a Windows domain controller. + + You should use server role = standalone and + if you + want to mainly setup shares without a password (guest shares). This + is commonly used for a shared printer server. + + SERVER ROLE = AUTO + + This is the default server role in Samba, and causes Samba to consult + the parameter (if set) to determine the server role, giving compatable behaviours to previous Samba versions. + + SERVER ROLE = STANDALONE + + If is also not specified, this is the default security setting in Samba. + In standalone operation, a client must first "log-on" with a + valid username and password (which can be mapped using the + parameter) stored on this machine. Encrypted passwords (see the parameter) are by default + used in this security mode. Parameters such as and if set are then applied and + may change the UNIX user to use on this connection, but only after + the user has been successfully authenticated. + + SERVER ROLE = MEMBER SERVER + + This mode will only work correctly if net + 8 has been used to add this + machine into a Windows Domain. It expects the + parameter to be set to yes. In this + mode Samba will try to validate the username/password by passing + it to a Windows or Samba Domain Controller, in exactly + the same way that a Windows Server would do. + + Note that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to. Winbind can provide this. + + See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION. + + SERVER ROLE = DOMAIN CONTROLLER + + This mode of operation runs Samba as a domain controller, providing domain logon services to Windows and Samba clients of the domain. Clients must be joined to the domain to create a secure, trusted path across the network. + + + +security +realm +encrypt passwords + +AUTO +DOMAIN CONTROLLER + -- cgit