From 921761fb979922af3f9b1b20266a0cbd766792eb Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 19 Jul 2001 09:06:50 +0000 Subject: Added some documentation for using -U with -j in order to join a domain without first having to create an account using the server manager. (This used to be commit 5edfb53d7c3fe809256f080d5cd46ebc62c194fb) --- docs/docbook/manpages/smbpasswd.8.sgml | 96 ++++++++++++++++++++-------------- 1 file changed, 56 insertions(+), 40 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml index 8233234d35..3af636715d 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -25,7 +25,7 @@ -R <name resolve order> -m -j DOMAIN - -U username + -U username[%password] -h -s username @@ -274,52 +274,68 @@ - -j DOMAIN - This option is used to add a Samba server - into a Windows NT Domain, as a Domain member capable of authenticating - user accounts to any Domain Controller in the same way as a Windows - NT Server. See the security = domain option in - the smb.conf(5) man page. - - In order to be used in this way, the Administrator for - the Windows NT Domain must have used the program "Server Manager - for Domains" to add the primary NetBIOS name of the Samba server - as a member of the Domain. - - After this has been done, to join the Domain invoke - smbpasswd with this parameter. smbpasswd will then - look up the Primary Domain Controller for the Domain (found in - the smb.conf file in the parameter - password server and change the machine account - password used to create the secure Domain communication. This - password is then stored by smbpasswd in a TDB, writeable only by root, - called secrets.tdb + -j DOMAIN This option is used + to add a Samba server into a Windows NT Domain, as a Domain + member capable of authenticating user accounts to any + Domain Controller in the same way as a Windows NT + Server. See the security = domain option + in the smb.conf(5) man page. + + The Samba server can be joined to the Windows NT + Domain in one of two ways. The Administrator for the + domain can use the "Server Manager for Domains" program to + add the primary NetBIOS name of the Samba server as a + member of the Domain. + + After this has been done, to join the Domain invoke + smbpasswd with this + parameter. smbpasswd will then look up the Primary Domain + Controller for the Domain (found in the + smb.conf file in the parameter + password server and change the + machine account password used to create the secure Domain + communication. This password is then stored by smbpasswd + in a TDB, writeable only by root, called + secrets.tdb Once this operation has been performed the - smb.conf file may be updated to set the - security = domain option and all future logins - to the Samba server will be authenticated to the Windows NT - PDC. - - Note that even though the authentication is being - done to the PDC all users accessing the Samba server must still - have a valid UNIX account on that machine. - - - This option is only available when running smbpasswd as root. - + smb.conf file may be updated to set the + security = domain option and all future + logins to the Samba server will be authenticated to the + Windows NT PDC. + + Note that even though the authentication is being + done to the PDC all users accessing the Samba server must + still have a valid UNIX account on that machine. + + The second method for joining the domain is to + use the -U option in addition to the + -j to specify an administrator + username and optional password. This method does not + require the use of the "Server Manager for Domains" + program. This method is more secure as the machine account + password is set to a well known value before the member + server is joined to the domain. + + This option is only available when running smbpasswd + as root. - -U username - This option may only be used in conjunction - with the -r option. When changing - a password on a remote machine it allows the user to specify - the user name on that machine whose password will be changed. It - is present to allow users who have different user names on - different systems to change these passwords. + -U username[%password] This + option may only be used in conjunction with the + -r or -j + options. When changing a password on a remote machine it + allows the user to specify the user name on that machine + whose password will be changed. It is present to allow + users who have different user names on different systems to + change these passwords. When changing the password on a + machine account using the -j option + the username and password of an administrator is specified + here. Non-administrator users with the 'Add workstations + to domain' user right can also be used. -- cgit