From fbe0299e54df9173859182fad0071c7a3217b403 Mon Sep 17 00:00:00 2001 From: David O'Neill Date: Fri, 5 Jan 2001 17:50:50 +0000 Subject: Merge of documentation updates to HEAD. These got missed somewhere along the way. (This used to be commit afad150bacfd02ec83c57ea9ba9152ff59fb7eee) --- docs/textdocs/samba-pdc-faq.txt | 18 +++++++++++++++++- docs/textdocs/samba-pdc-howto.txt | 33 +++++++++++++++++++++------------ 2 files changed, 38 insertions(+), 13 deletions(-) (limited to 'docs/textdocs') diff --git a/docs/textdocs/samba-pdc-faq.txt b/docs/textdocs/samba-pdc-faq.txt index 4b54c4d3ef..e6222ad422 100644 --- a/docs/textdocs/samba-pdc-faq.txt +++ b/docs/textdocs/samba-pdc-faq.txt @@ -133,13 +133,27 @@ State of Play It should be noted that 2.2.0 in its pre-release form still has a few problems, I'll try and keep this section current while things are - still dynamic. At the time of this update (November 13, 2000) the + still dynamic. At the time of this update (December 15, 2000) the current state of play is : Comments here about W2K joining the domain apply only to Samba 2.2 from the CVS after November 27th. The 'snapshot' release Samba2.2alpha1 does not work !!! See below on how to get a CVS tree. + Known Bug !W2K machines will not successfully join a domain with a + name that is made up from an even number of characters. Yep, thats + right ! BIOTEST is OK as is MYDOMAI but MYDOMAIN will not work until + this bug is fixed. Hmm.., we believe that this bug is fixed, but see + below. + + Known Bug !After some bugs were fixed just before Christmas, W2K SP1 + machines cannot join the domain. Expected to be fixed early in the new + year. Whats that ? yeah, samba developers have a Christmas break too ! + + Know Bug !NTs (and possibly W2K ?) are not told the logged on user is + a domain admin if the parameter "domain admin users = user" is used. + The alternative, "domain admin group" does work. See the HowTo. + Client Side creation of Machine accounts does work but is not complete. Firstly, the add user script runs as the user who's name was entered, not as root. Secondly, the machine name passed to the script @@ -839,6 +853,8 @@ URLs and similar * Lars Kneschke's site covers Samba-TNG at http://www.kneschke.de/projekte/samba_tng, but again, a lot of it does not apply to the main stream Samba. + * See how Scott Merrill simulates a BDC behaviour at + http://www.skippy.net/linux/smb-howto.html. * Although 2.0.7 has almost had its day as a PDC, I (drb) will keep the 2.0.7 PDC pages at http://bioserve.latrobe.edu.au/samba going for a while yet. diff --git a/docs/textdocs/samba-pdc-howto.txt b/docs/textdocs/samba-pdc-howto.txt index 0073d2947b..5ed15cdf4a 100644 --- a/docs/textdocs/samba-pdc-howto.txt +++ b/docs/textdocs/samba-pdc-howto.txt @@ -7,7 +7,7 @@ David Bannon _________________________________________________________________ _________________________________________________________________ - Comments, corrections and additions to + Comments, corrections and additions to This document explains how to setup Samba as a Primary Domain Controller and applies to version 2.2.0. Before using these functions @@ -251,7 +251,7 @@ A sample conf file encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat - domain admin users = root dbannon andrew + domain admin group = @adm add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/n ull -s /bin/false %m$ guest account = ftp @@ -287,10 +287,17 @@ PDC Config Parameters and the other parameters are chosen as suitable for a machine account. Works for RH Linux, your system may require changes. + domain admin group = @adm + This parameter specifies a unix group whose members will be + granted admin privileges on a NT workstation when logged onto + that workstation. See the section called Domain Admin Accounts. + domain admin users = user1 users2 - This parameter specifies a unix user who will be granted admin - privileges on a NT workstation when logged onto that - workstation. See the section called Domain Admin Accounts. + It appears that this parameter does not funtion correctly at + present. Use the 'domain admin group' instread. This parameter + specifies a unix user who will be granted admin privileges on a + NT workstation when logged onto that workstation. See the + section called Domain Admin Accounts. encrypt passwords = yes This parameter must be 'yes' to allow any of the recent service @@ -462,16 +469,18 @@ Domain Admin Accounts Samba 2.2 recognizes particular users as being domain admins and tells the NTws when it thinks that it has got one logged on. In the smb.conf - file we declare that the Domain Admin users = user1 user2. Any user - mentioned here will be treated as a Domain Admin by a NTws when logged - onto the Domain. They will have full Administrator rights including - the rights to change permissions on files and run the system utilities - such as Disk Administrator. + file we declare that the Domain Admin group = @adm. Any user who is a + menber of the unix group 'adm' is treated as a Domain Admin by a NTws + when logged onto the Domain. They will have full Administrator rights + including the rights to change permissions on files and run the system + utilities such as Disk Administrator. Add users to the group by + editing /etc/group/. You do not need to use the 'adm' group, choose + any one you like. Further, and this is very new, they will be allowed to create a new machine account when first connecting a new NT or W2K machine to the - domain. At present, ie pre-release, only a Domain Admin who also - happens to be root can do so. + domain. However, at present, ie pre-release, only a Domain Admin who + also happens to be root can do so. _________________________________________________________________ Chapter 4. Profiles, Policies and Logon Scripts -- cgit