From fbe0299e54df9173859182fad0071c7a3217b403 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Fri, 5 Jan 2001 17:50:50 +0000 Subject: Merge of documentation updates to HEAD. These got missed somewhere along the way. (This used to be commit afad150bacfd02ec83c57ea9ba9152ff59fb7eee) --- docs/docbook/samba-pdc-faq.sgml | 25 ++++++++++++++++++++++--- docs/docbook/samba-pdc-howto.sgml | 26 +++++++++++++++++++------- 2 files changed, 41 insertions(+), 10 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/samba-pdc-faq.sgml b/docs/docbook/samba-pdc-faq.sgml index 10d3ec6a04..4034987480 100644 --- a/docs/docbook/samba-pdc-faq.sgml +++ b/docs/docbook/samba-pdc-faq.sgml @@ -8,7 +8,7 @@ DavidBannon La Trobe University -
D.Bannon@latrobe.edu.au
+
dbannon@samba.org
November 2000 @@ -45,11 +45,26 @@ State of Play It should be noted that 2.2.0 in its pre-release form still has a few problems, I'll try and keep this section current while things are still dynamic. - At the time of this update (November 13, 2000) the current state of play is : + At the time of this update (December 15, 2000) the current state of play is : Comments here about W2K joining the domain apply only to Samba 2.2 from the CVS after November 27th. The 'snapshot' release Samba2.2alpha1 does not work !!! See below on how to get a CVS tree. + Known Bug !W2K machines will not successfully join a domain with a name that + is made up from an even number of characters. Yep, thats right ! BIOTEST is OK as is MYDOMAI + but MYDOMAIN will not work until this bug is fixed. Hmm.., we believe + that this bug is fixed, but see below. + + Known Bug !After some bugs were fixed just before + Christmas, W2K SP1 machines cannot join the domain. Expected to be + fixed early in the new year. Whats that ? yeah, samba developers + have a Christmas break too ! + + + Know Bug !NTs (and possibly W2K ?) are not told the logged on user is a domain + admin if the parameter "domain admin users = user" is used. The alternative, "domain admin group" + does work. See the HowTo. + Client Side creation of Machine accounts does work but is not complete. Firstly, the add user script runs as the user who's name was entered, not as root. Secondly, the machine name passed to the script (%U) @@ -799,7 +814,7 @@ and documentation. The docs that come with the samba distribution contain very good explanations of general SMB topics such as browsing. -URLs and similar +URLs and similar @@ -824,6 +839,10 @@ http://www.kneschke.de/projekte/samba_tng, but again, a lot of it does not apply to the main stream Samba. + See how Scott Merrill simulates a BDC behaviour at + + http://www.skippy.net/linux/smb-howto.html. + Although 2.0.7 has almost had its day as a PDC, I (drb) will keep the 2.0.7 PDC pages at http://bioserve.latrobe.edu.au/samba going for a while yet. diff --git a/docs/docbook/samba-pdc-howto.sgml b/docs/docbook/samba-pdc-howto.sgml index 38e1ecf056..4b8380dd9e 100644 --- a/docs/docbook/samba-pdc-howto.sgml +++ b/docs/docbook/samba-pdc-howto.sgml @@ -25,7 +25,7 @@ - Comments, corrections and additions to D.Bannon@latrobe.edu.au + Comments, corrections and additions to dbannon@samba.org This document explains how to setup Samba as a Primary Domain Controller and @@ -255,7 +255,7 @@ developmental versions of Samba, particularly encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat - domain admin users = root dbannon andrew + domain admin group = @adm add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ guest account = ftp share modes=no @@ -294,8 +294,19 @@ developmental versions of Samba, particularly + +domain admin group = @adm + This parameter specifies a unix group whose members will be granted + admin privileges on a NT workstation when + logged onto that workstation. See the section called + Domain Admin Accounts. + + + domain admin users = user1 users2 - This parameter specifies a unix user who will be granted admin privileges + It appears that this parameter does not funtion correctly at present. + Use the 'domain admin group' instread. This parameter specifies a unix user who will + be granted admin privileges on a NT workstation when logged onto that workstation. See the section called Domain Admin Accounts. @@ -510,15 +521,16 @@ developmental versions of Samba, particularly Samba 2.2 recognizes particular users as being domain admins and tells the NTws when it thinks that it has got one logged on. In the smb.conf file we declare - that the Domain Admin users = user1 user2. - Any user mentioned here will be treated as a Domain Admin by a NTws when + that the Domain Admin group = @adm. + Any user who is a menber of the unix group 'adm' is treated as a Domain Admin by a NTws when logged onto the Domain. They will have full Administrator rights including the rights to change permissions on files and run the system - utilities such as Disk Administrator. + utilities such as Disk Administrator. Add users to the group by editing + /etc/group/. You do not need to use the 'adm' group, choose any one you like. Further, and this is very new, they will be allowed to create a new machine account when first connecting a new NT or W2K machine to - the domain. At present, ie pre-release, only a Domain Admin who + the domain. However, at present, ie pre-release, only a Domain Admin who also happens to be root can do so. -- cgit