From 065cf3eac53da6908f3e5a84b2765e75cd52c516 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@samba.org>
Date: Thu, 17 Apr 2003 19:23:06 +0000
Subject: Regenerate docs (This used to be commit
 381f75134a8d7dd2c3983f64b6598944a63a07b2)

---
 docs/htmldocs/servertype.html | 368 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 368 insertions(+)
 create mode 100644 docs/htmldocs/servertype.html

(limited to 'docs/htmldocs/servertype.html')

diff --git a/docs/htmldocs/servertype.html b/docs/htmldocs/servertype.html
new file mode 100644
index 0000000000..c52ed3208b
--- /dev/null
+++ b/docs/htmldocs/servertype.html
@@ -0,0 +1,368 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML
+><HEAD
+><TITLE
+>Nomenclature of Server Types</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
+REL="HOME"
+TITLE="SAMBA Project Documentation"
+HREF="samba-howto-collection.html"><LINK
+REL="UP"
+TITLE="Type of installation"
+HREF="type.html"><LINK
+REL="PREVIOUS"
+TITLE="Type of installation"
+HREF="type.html"><LINK
+REL="NEXT"
+TITLE="Samba as Stand-Alone Server"
+HREF="securitylevels.html"></HEAD
+><BODY
+CLASS="CHAPTER"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="NAVHEADER"
+><TABLE
+SUMMARY="Header navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TH
+COLSPAN="3"
+ALIGN="center"
+>SAMBA Project Documentation</TH
+></TR
+><TR
+><TD
+WIDTH="10%"
+ALIGN="left"
+VALIGN="bottom"
+><A
+HREF="type.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="80%"
+ALIGN="center"
+VALIGN="bottom"
+></TD
+><TD
+WIDTH="10%"
+ALIGN="right"
+VALIGN="bottom"
+><A
+HREF="securitylevels.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+></TABLE
+><HR
+ALIGN="LEFT"
+WIDTH="100%"></DIV
+><DIV
+CLASS="CHAPTER"
+><H1
+><A
+NAME="SERVERTYPE"
+></A
+>Chapter 5. Nomenclature of Server Types</H1
+><DIV
+CLASS="TOC"
+><DL
+><DT
+><B
+>Table of Contents</B
+></DT
+><DT
+>5.1. <A
+HREF="servertype.html#AEN847"
+>Stand Alone Server</A
+></DT
+><DT
+>5.2. <A
+HREF="servertype.html#AEN854"
+>Domain Member Server</A
+></DT
+><DT
+>5.3. <A
+HREF="servertype.html#AEN860"
+>Domain Controller</A
+></DT
+></DL
+></DIV
+><P
+>Adminstrators of Microsoft networks often refer to there being three
+different type of servers:</P
+><P
+></P
+><UL
+><LI
+><P
+>Stand Alone Server</P
+></LI
+><LI
+><P
+>Domain Member Server</P
+></LI
+><LI
+><P
+>Domain Controller</P
+><P
+></P
+><UL
+><LI
+><P
+>Primary Domain Controller</P
+></LI
+><LI
+><P
+>Backup Domain Controller</P
+></LI
+><LI
+><P
+>ADS Domain Controller</P
+></LI
+></UL
+></LI
+></UL
+><P
+>A network administrator who is familiar with these terms and who
+wishes to migrate to or use Samba will want to know what these terms mean
+within a Samba context.</P
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN847"
+>5.1. Stand Alone Server</A
+></H1
+><P
+>The term <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>stand alone server</I
+></SPAN
+> means that the server
+will provide local authentication and access control for all resources
+that are available from it. In general this means that there will be a
+local user database. In more technical terms, it means that resources
+on the machine will either be made available in either SHARE mode or in
+USER mode. SHARE mode and USER mode security are documented under
+discussions regarding "security mode". The smb.conf configuration parameters
+that control security mode are: "security = user" and "security = share".</P
+><P
+>No special action is needed other than to create user accounts. Stand-alone
+servers do NOT provide network logon services, meaning that machines that
+use this server do NOT perform a domain logon but instead make use only of
+the MS Windows logon which is local to the MS Windows workstation/server.</P
+><P
+>Samba tends to blur the distinction a little in respect of what is
+a stand alone server. This is because the authentication database may be
+local or on a remote server, even if from the samba protocol perspective
+the samba server is NOT a member of a domain security context.</P
+><P
+>Through the use of PAM (Pluggable Authentication Modules) and nsswitch
+(the name service switcher) the source of authentication may reside on 
+another server. We would be inclined to call this the authentication server.
+This means that the samba server may use the local Unix/Linux system
+password database (/etc/passwd or /etc/shadow), may use a local smbpasswd
+file (/etc/samba/smbpasswd or /usr/local/samba/lib/private/smbpasswd), or
+may use an LDAP back end, or even via PAM and Winbind another CIFS/SMB
+server for authentication.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN854"
+>5.2. Domain Member Server</A
+></H1
+><P
+>This mode of server operation involves the samba machine being made a member
+of a domain security context. This means by definition that all user authentication
+will be done from a centrally defined authentication regime. The authentication
+regime may come from an NT3/4 style (old domain technology) server, or it may be
+provided from an Active Directory server (ADS) running on MS Windows 2000 or later.</P
+><P
+><SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Of course it should be clear that the authentication back end itself could be from any
+distributed directory architecture server that is supported by Samba. This can be
+LDAP (from OpenLDAP), or Sun's iPlanet, of NetWare Directory Server, etc.</I
+></SPAN
+></P
+><P
+>Please refer to the section on Howto configure Samba as a Primary Domain Controller
+and for more information regarding how to create a domain machine account for a
+domain member server as well as for information regading how to enable the samba
+domain member machine to join the domain and to be fully trusted by it.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN860"
+>5.3. Domain Controller</A
+></H1
+><P
+>Over the years public perceptions of what Domain Control really is has taken on an
+almost mystical nature. Before we branch into a brief overview of what Domain Control
+is the following types of controller are known:</P
+><DIV
+CLASS="SECT2"
+><H2
+CLASS="SECT2"
+><A
+NAME="AEN863"
+>5.3.1. Domain Controller Types</A
+></H2
+><P
+></P
+><TABLE
+BORDER="0"
+><TBODY
+><TR
+><TD
+>Primary Domain Controller</TD
+></TR
+><TR
+><TD
+>Backup Domain Controller</TD
+></TR
+><TR
+><TD
+>ADS Domain Controller</TD
+></TR
+></TBODY
+></TABLE
+><P
+></P
+><P
+>The <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Primary Domain Controller</I
+></SPAN
+> or PDC plays an important role in the MS 
+Windows NT3 and NT4 Domain Control architecture, but not in the manner that so many
+expect. The PDC seeds the Domain Control database (a part of the Windows registry) and
+it plays a key part in synchronisation of the domain authentication database. </P
+><P
+>New to Samba-3.0.0 is the ability to use a back-end file that holds the same type of data as
+the NT4 style SAM (Security Account Manager) database (one of the registry files).
+The samba-3.0.0 SAM can be specified via the smb.conf file parameter "passwd backend" and
+valid options include <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+> smbpasswd tdbsam ldapsam nisplussam plugin unixsam</I
+></SPAN
+>.
+The smbpasswd, tdbsam and ldapsam options can have a "_nua" suffix to indicate that No Unix
+Accounts need to be created. In other words, the Samba SAM will be independant of Unix/Linux
+system accounts, provided a uid range is defined from which SAM accounts can be created.</P
+><P
+>The <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>Backup Domain Controller</I
+></SPAN
+> or BDC plays a key role in servicing network
+authentication requests. The BDC is biased to answer logon requests so that on a network segment
+that has a BDC and a PDC the BDC will be most likely to service network logon requests. The PDC will
+answer network logon requests when the BDC is too busy (high load). A BDC can be promoted to
+a PDC. If the PDC is on line at the time that the BDC is promoted to PDC the previous PDC is
+automatically demoted to a BDC.</P
+><P
+>At this time Samba is NOT capable of acting as an <SPAN
+CLASS="emphasis"
+><I
+CLASS="EMPHASIS"
+>ADS Domain Controller</I
+></SPAN
+>.</P
+></DIV
+></DIV
+></DIV
+><DIV
+CLASS="NAVFOOTER"
+><HR
+ALIGN="LEFT"
+WIDTH="100%"><TABLE
+SUMMARY="Footer navigation table"
+WIDTH="100%"
+BORDER="0"
+CELLPADDING="0"
+CELLSPACING="0"
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+><A
+HREF="type.html"
+ACCESSKEY="P"
+>Prev</A
+></TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="samba-howto-collection.html"
+ACCESSKEY="H"
+>Home</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+><A
+HREF="securitylevels.html"
+ACCESSKEY="N"
+>Next</A
+></TD
+></TR
+><TR
+><TD
+WIDTH="33%"
+ALIGN="left"
+VALIGN="top"
+>Type of installation</TD
+><TD
+WIDTH="34%"
+ALIGN="center"
+VALIGN="top"
+><A
+HREF="type.html"
+ACCESSKEY="U"
+>Up</A
+></TD
+><TD
+WIDTH="33%"
+ALIGN="right"
+VALIGN="top"
+>Samba as Stand-Alone Server</TD
+></TR
+></TABLE
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file
-- 
cgit