summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/security/authmethods.xml
blob: 7c0f5a71e1193ddc11184be1ef10d3403a7adea9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
<samba:parameter name="auth methods"
                 context="G"
                 basic="1" advanced="1" wizard="1" developer="1"
		 xmlns:samba="http://samba.org/common">
<listitem>
    <para>This option allows the administrator to chose what
    authentication methods <command moreinfo="none">smbd</command> will use when authenticating
    a user.  This option defaults to sensible values based on <link linkend="SECURITY">
    <parameter moreinfo="none">security</parameter></link>.  This should be considered
    a developer option and used only in rare circumstances.  In the majority (if not all)
    of production servers, the default setting should be adequate.</para>

    <para>Each entry in the list attempts to authenticate the user in turn, until
    the user authenticates.  In practice only one method will ever actually 
    be able to complete the authentication.
    </para>

    <para>Possible options include <constant>guest</constant> (anonymous access), 
    <constant>sam</constant> (lookups in local list of accounts based on netbios 
    name or domain name), <constant>winbind</constant> (relay authentication requests
    for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd 
    method of authentication for remote domain users; deprecated in favour of winbind method), 
    <constant>trustdomain</constant> (authenticate trusted users by contacting the 
    remote DC directly from smbd; deprecated in favour of winbind method).</para>

    <para>Default: <command moreinfo="none">auth methods = &lt;empty string&gt;</command></para>
    <para>Example: <command moreinfo="none">auth methods = guest sam winbind</command></para>
</listitem>
</samba:parameter>