From ff78c3bf5c3a73cf90f6517d9b2d6b8c12d22d68 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Tue, 18 Feb 2003 22:14:04 +0000
Subject: Regenerate (This used to be commit
 1ab5a3b17feb677425bb1071357c3dbabcc46c7e)

---
 docs/htmldocs/ads.html | 86 ++++++++++++++++++++++++++++++--------------------
 1 file changed, 51 insertions(+), 35 deletions(-)

(limited to 'docs/htmldocs/ads.html')

diff --git a/docs/htmldocs/ads.html b/docs/htmldocs/ads.html
index 26ec1d04a7..2c556b61f3 100644
--- a/docs/htmldocs/ads.html
+++ b/docs/htmldocs/ads.html
@@ -5,8 +5,7 @@
 >Samba as a ADS domain member</TITLE
 ><META
 NAME="GENERATOR"
-CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
-"><LINK
+CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"><LINK
 REL="HOME"
 TITLE="SAMBA Project Documentation"
 HREF="samba-howto-collection.html"><LINK
@@ -17,7 +16,7 @@ REL="PREVIOUS"
 TITLE="How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain"
 HREF="samba-bdc.html"><LINK
 REL="NEXT"
-TITLE="Samba as a NT4 domain member"
+TITLE="Samba as a NT4 or Win2k domain member"
 HREF="domain-security.html"></HEAD
 ><BODY
 CLASS="CHAPTER"
@@ -73,13 +72,16 @@ WIDTH="100%"></DIV
 CLASS="CHAPTER"
 ><H1
 ><A
-NAME="ADS">Chapter 8. Samba as a ADS domain member</H1
+NAME="ADS"
+></A
+>Chapter 7. Samba as a ADS domain member</H1
 ><P
 >This is a rough guide to setting up Samba 3.0 with kerberos authentication against a
 Windows2000 KDC. </P
 ><P
->Pieces you need before you begin:
-<P
+>Pieces you need before you begin:</P
+><P
+><P
 ></P
 ><TABLE
 BORDER="0"
@@ -110,10 +112,13 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1187">8.1. Installing the required packages for Debian</H1
+NAME="AEN1339"
+></A
+>7.1. Installing the required packages for Debian</H1
+><P
+>On Debian you need to install the following packages:</P
+><P
 ><P
->On Debian you need to install the following packages:
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -137,10 +142,13 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1193">8.2. Installing the required packages for RedHat</H1
+NAME="AEN1346"
+></A
+>7.2. Installing the required packages for RedHat</H1
+><P
+>On RedHat this means you should have at least: </P
+><P
 ><P
->On RedHat this means you should have at least: 
-<P
 ></P
 ><TABLE
 BORDER="0"
@@ -173,12 +181,15 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1202">8.3. Compile Samba</H1
+NAME="AEN1356"
+></A
+>7.3. Compile Samba</H1
 ><P
 >If your kerberos libraries are in a non-standard location then
   remember to add the configure option --with-krb5=DIR.</P
 ><P
->After you run configure make sure that include/config.h contains 
+>After you run configure make sure that include/config.h it
+  generates contains 
   lines like this:</P
 ><P
 ><PRE
@@ -214,9 +225,10 @@ CLASS="PROGRAMLISTING"
 >  ads server = your.kerberos.server</PRE
 ></P
 ><P
->You do *not* need a smbpasswd file, although it won't do any harm
-  and if you have one then Samba will be able to fall back to normal
-  password security for older clients. I expect that the above
+>You do *not* need a smbpasswd file, and older clients will
+  be authenticated as if "security = domain", although it won't do any harm
+  and allows you to have local users not in the domain.
+  I expect that the above
   required options will change soon when we get better active
   directory integration.</P
 ></DIV
@@ -225,13 +237,15 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1217">8.4. Setup your /etc/krb5.conf</H1
+NAME="AEN1371"
+></A
+>7.4. Setup your /etc/krb5.conf</H1
 ><P
 >The minimal configuration for krb5.conf is:</P
 ><P
 ><PRE
 CLASS="PROGRAMLISTING"
->	[realms]
+>[realms]
     YOUR.KERBEROS.REALM = {
 	kdc = your.kerberos.server
     }</PRE
@@ -255,18 +269,18 @@ to join the realm.</P
 ><P
 >If all you want is kerberos support in smbclient then you can skip
 straight to step 5 now. Step 3 is only needed if you want kerberos
-support in smbd.</P
+support for smbd and winbindd.</P
 ></DIV
 ><DIV
 CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1227">8.5. Create the computer account</H1
+NAME="AEN1381"
+></A
+>7.5. Create the computer account</H1
 ><P
->Do a "kinit" as a user that has authority to change arbitrary
-passwords on the KDC ("Administrator" is a good choice). Then as a
-user that has write permission on the Samba private directory
+>As a user that has write permission on the Samba private directory
 (usually root) run:
 <B
 CLASS="COMMAND"
@@ -277,7 +291,9 @@ CLASS="SECT2"
 ><H2
 CLASS="SECT2"
 ><A
-NAME="AEN1231">8.5.1. Possible errors</H2
+NAME="AEN1385"
+></A
+>7.5.1. Possible errors</H2
 ><P
 ><P
 ></P
@@ -285,12 +301,6 @@ NAME="AEN1231">8.5.1. Possible errors</H2
 CLASS="VARIABLELIST"
 ><DL
 ><DT
->"bash: kinit: command not found"</DT
-><DD
-><P
->kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</P
-></DD
-><DT
 >"ADS support not compiled in"</DT
 ><DD
 ><P
@@ -306,7 +316,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1243">8.6. Test your server setup</H1
+NAME="AEN1393"
+></A
+>7.6. Test your server setup</H1
 ><P
 >On a Windows 2000 client try <B
 CLASS="COMMAND"
@@ -324,7 +336,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1248">8.7. Testing with smbclient</H1
+NAME="AEN1398"
+></A
+>7.7. Testing with smbclient</H1
 ><P
 >On your Samba server try to login to a Win2000 server or your Samba
 server using smbclient and kerberos. Use smbclient as usual, but
@@ -335,7 +349,9 @@ CLASS="SECT1"
 ><H1
 CLASS="SECT1"
 ><A
-NAME="AEN1251">8.8. Notes</H1
+NAME="AEN1401"
+></A
+>7.8. Notes</H1
 ><P
 >You must change administrator password at least once after DC install,
  to create the right encoding types</P
@@ -402,7 +418,7 @@ ACCESSKEY="U"
 WIDTH="33%"
 ALIGN="right"
 VALIGN="top"
->Samba as a NT4 domain member</TD
+>Samba as a NT4 or Win2k domain member</TD
 ></TR
 ></TABLE
 ></DIV
-- 
cgit