From 77bad62134d412f7fb32b1448edc027ada02f794 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Thu, 24 Apr 2003 23:25:13 +0000 Subject: Corrections and edits from Jesse Jacobs (This used to be commit 5a38f1cc60b0f1036c19aa591a4c4e92c1ac797d) --- docs/docbook/projdoc/DOMAIN_MEMBER.sgml | 2 +- docs/docbook/projdoc/NetworkBrowsing.sgml | 4 ++-- docs/docbook/projdoc/PolicyMgmt.sgml | 4 ++-- docs/docbook/projdoc/Samba-PDC-HOWTO.sgml | 12 ++++++------ docs/docbook/projdoc/passdb.sgml | 16 ++++++++-------- docs/docbook/projdoc/security_level.sgml | 14 +++++++------- 6 files changed, 26 insertions(+), 26 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index 6f995af286..9470688089 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -14,7 +14,7 @@ Joining an NT Domain with Samba 3.0 Assume you have a Samba 3.0 server with a NetBIOS name of - SERV1 and are joining an or Win2k NT domain called + SERV1 and are joining a Win2k or NT domain called DOM, which has a PDC with a NetBIOS name of DOMPDC and two backup domain controllers with NetBIOS names DOMBDC1 and DOMBDC2 diff --git a/docs/docbook/projdoc/NetworkBrowsing.sgml b/docs/docbook/projdoc/NetworkBrowsing.sgml index 7743cb9c75..e8d1b40710 100644 --- a/docs/docbook/projdoc/NetworkBrowsing.sgml +++ b/docs/docbook/projdoc/NetworkBrowsing.sgml @@ -883,7 +883,7 @@ name resolve order = wins lmhosts (eliminates bcast and host) The default is: name resolve order = host lmhost wins bcast -. + where "host" refers the the native methods used by the Unix system to implement the gethostbyname() function call. This is normally controlled by /etc/host.conf, /etc/nsswitch.conf and /etc/resolv.conf. @@ -927,7 +927,7 @@ that can NOT be provided by any other means of name resolution. Samba facilitates browsing. The browsing is supported by &nmbd; and is also controlled by options in the &smb.conf; file. Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. +to support domain logons and scripts is now available. diff --git a/docs/docbook/projdoc/PolicyMgmt.sgml b/docs/docbook/projdoc/PolicyMgmt.sgml index 9ec9d452a7..333fe6ad0b 100644 --- a/docs/docbook/projdoc/PolicyMgmt.sgml +++ b/docs/docbook/projdoc/PolicyMgmt.sgml @@ -183,7 +183,7 @@ known as the group policy template (GPT). -With NT4 clients the policy file is read and executed upon only aas each user log onto the network. +With NT4 clients the policy file is read and executed upon only as each user logs onto the network. MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine startup (machine specific part) and when the user logs onto the network the user specific part is applied. In MS Windows 200x style policy management each machine and/or user may be subject @@ -278,7 +278,7 @@ This has considerable advanage compared with the use of NTConfig.POL (NT4) style -Inaddition to user access controls that may be imposed or applied via system and/or group policies +In addition to user access controls that may be imposed or applied via system and/or group policies in a manner that works in conjunction with user profiles, the user management environment under MS Windows NT4/200x/XP allows per domain as well as per user account restrictions to be applied. Common restrictions that are frequently used includes: diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml index 2e5f436769..7295a15875 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -109,7 +109,7 @@ The following functionalities are NOT provided by Samba 3.0: Please note that Windows 9x / Me / XP Home clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for -support Windows 9x-style domain logons is completely different +support of Windows 9x-style domain logons is completely different from NT4 / Win2k type domain logons and has been officially supported for some time. @@ -263,7 +263,7 @@ shared secret with the domain controller. A Windows PDC stores each machine trust account in the Windows -Registry. A Samba-3 PDC also has to stoe machine trust account information +Registry. A Samba-3 PDC also has to store machine trust account information in a suitable back-end data store. With Samba-3 there can be multiple back-ends for this including: @@ -665,7 +665,7 @@ the network and download their preferences, desktop and start menu. Before launching into the configuration instructions, it is -worthwhile lookingat how a Windows 9x/ME client performs a logon: +worthwhile to look at how a Windows 9x/ME client performs a logon: @@ -705,7 +705,7 @@ worthwhile lookingat how a Windows 9x/ME client performs a logon: The client then sends a NetUserGetInfo request to the server, to retrieve the user's home share, which is used to search for profiles. Since the - response to the NetUserGetInfo request does not contain much more + response to the NetUserGetInfo request does not contain much more then the user's home share, profiles for Win9X clients MUST reside in the user home directory. @@ -774,7 +774,7 @@ Actually, this issue is also closely tied to the debate on whether or not Samba must be the domain master browser for its workgroup when operating as a DC. While it may technically be possible to configure a server as such (after all, browsing and domain logons -are two distinctly different functions), it is not a good idea to +are two distinctly different functions), it is not a good idea to do so. You should remember that the DC must register the DOMAIN#1b NetBIOS name. This is the name used by Windows clients to locate the DC. Windows clients do not distinguish between the DC and the DMB. @@ -786,7 +786,7 @@ Now back to the issue of configuring a Samba DC to use a mode other than "security = user". If a Samba host is configured to use another SMB server or DC in order to validate user connection requests, then it is a fact that some other machine on the network -(the "password server") knows more about user than the Samba host. +(the "password server") knows more about the user than the Samba host. 99% of the time, this other host is a domain controller. Now in order to operate in domain mode security, the "workgroup" parameter must be set to the name of the Windows NT domain (which already diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml index 776c79f095..6f256daddd 100644 --- a/docs/docbook/projdoc/passdb.sgml +++ b/docs/docbook/projdoc/passdb.sgml @@ -140,7 +140,7 @@ record passwords going to the SMB server. WinNT doesn't like talking to a server - that SM not support encrypted passwords. It will refuse + that does not support encrypted passwords. It will refuse to browse the server if the server is also in user level security mode. It will insist on prompting the user for the password on each connection, which is very annoying. The @@ -300,7 +300,7 @@ in the thousands). The first is that all lookups must be performed sequentially. Given that there are approximately two lookups per domain logon (one for a normal session connection such as when mapping a network drive or printer), this -is a performance bottleneck for lareg sites. What is needed is an indexed approach +is a performance bottleneck for large sites. What is needed is an indexed approach such as is used in databases. @@ -394,7 +394,7 @@ url="mailto:jerry@samba.org">jerry@samba.org -Just as the smbpasswd file is mean to store information which supplements a +Just as the smbpasswd file is meant to store information which supplements a user's /etc/passwd entry, so is the sambaAccount object meant to supplement the UNIX user account information. A sambaAccount is a STRUCTURAL objectclass so it can be stored individually @@ -528,7 +528,7 @@ use with an LDAP directory could appear as # The password for this DN is not stored in smb.conf. Rather it # must be set by using 'smbpasswd -w secretpw' to store the # passphrase in the secrets.tdb file. If the "ldap admin dn" values - # changes, this password will need to be reset. + # change, this password will need to be reset. ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org" # Define the SSL option when connecting to the directory @@ -566,12 +566,12 @@ use with an LDAP directory could appear as As users accounts are managed thru the sambaAccount objectclass, you should -modify you existing administration tools to deal with sambaAccount attributes. +modify your existing administration tools to deal with sambaAccount attributes. Machines accounts are managed with the sambaAccount objectclass, just -like users accounts. However, it's up to you to stored thoses accounts +like users accounts. However, it's up to you to store thoses accounts in a different tree of you LDAP namespace: you should use "ou=Groups,dc=plainjoe,dc=org" to store groups and "ou=People,dc=plainjoe,dc=org" to store users. Just configure your @@ -581,7 +581,7 @@ file). In Samba release 3.0, the group management system is based on posix -groups. This means that Samba make usage of the posixGroup objectclass. +groups. This means that Samba makes usage of the posixGroup objectclass. For now, there is no NT-like group system management (global and local groups). @@ -733,7 +733,7 @@ the logon home string is expanded to \\TASHTEGO\becky. If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", this value is used. However, if this attribute does not exist, then the value of the logon home parameter is used in its place. Samba -will only write the attribute value to the directory entry is the value is +will only write the attribute value to the directory entry if the value is something other than the default (e.g. \\MOBY\becky). diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/docbook/projdoc/security_level.sgml index 4ce5955e35..e840ff6c17 100644 --- a/docs/docbook/projdoc/security_level.sgml +++ b/docs/docbook/projdoc/security_level.sgml @@ -136,7 +136,7 @@ MS Windows clients may use encrypted passwords as part of a challenege/response authentication model (a.k.a. NTLMv1) or alone, or clear text strings for simple password based authentication. It should be realized that with the SMB protocol the password is passed over the network either in plain text or encrypted, but -not both in the same authentication requests. +not both in the same authentication request. @@ -203,10 +203,10 @@ However, passwords on UNIX systems often make use of mixed case characters. This means that in order for a user on a Windows 9x client to connect to a Samba server using clear text authentication, the password level must be set to the maximum number of upper case letter which could -appear is a password. Note that is the server OS uses the traditional DES version -of crypt(), then a password level of 8 will result in case +appear is a password. Note that the server OS uses the traditional DES version +of crypt(), a password level of 8 will result in case insensitive passwords as seen from Windows users. This will also result in longer -login times as Samba hash to compute the permutations of the password string and +login times as Samba has to compute the permutations of the password string and try them one by one until a match is located (or all combinations fail). @@ -235,7 +235,7 @@ This method involves the additions of the following parameters in the &smb.conf; There are two ways of identifying whether or not a username and password pair was valid or not. One uses the reply information provided as part of the authentication messaging process, the other uses -just and error code. +just an error code. @@ -304,8 +304,8 @@ MS Windows NT security domain. This is done as follows: Use of this mode of authentication does require there to be a standard Unix account for the user in order to assign a uid once the account has been authenticated by -the remote Windows DC. This account can be blocked to prevent logons by other than -MS Windows clients by things such as setting an invalid shell in the +the remote Windows DC. This account can be blocked to prevent logons by clients other than +MS Windows through things such as setting an invalid shell in the /etc/passwd entry. -- cgit