Changeset 988 for vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml

Timestamp:

Nov 24, 2016, 1:14:11 PM (9 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to version 4.4.3

File:

• vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml (modified) (19 diffs)

vendor/current/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml

@@ -21 +21 @@
 
 <para>
-<indexterm><primary>account backends</primary></indexterm>
-<indexterm><primary>password backends</primary></indexterm>
-<indexterm><primary>scalability</primary></indexterm>
-<indexterm><primary>ADS</primary></indexterm>
-Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This
-capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to
-work with only one specified passwd backend.
-</para>
-
-<para>
 <indexterm><primary>passdb backend</primary></indexterm>
 <indexterm><primary>smbpasswd</primary></indexterm>
@@ -68 +58 @@
 <title>Features and Benefits</title>
 
-<para>
-Samba-3 provides for complete backward compatibility with Samba-2.2.x functionality
-as follows:
-<indexterm><primary>SAM backend</primary><secondary>smbpasswd</secondary></indexterm>
-<indexterm><primary>SAM backend</primary><secondary>ldapsam_compat</secondary></indexterm>
-<indexterm><primary>encrypted passwords</primary></indexterm>
-</para>
-
 <sect2>
         <title>Backward Compatibility Account Storage Systems</title>
@@ -121 +103 @@
                 </listitem>
         </varlistentry>
-
-        <varlistentry><term>ldapsam_compat (Samba-2.2 LDAP Compatibility)</term>
-                <listitem>
-                        <para>
-<indexterm><primary>ldapsam_compat</primary></indexterm>
-<indexterm><primary>Samba-2.2.x LDAP schema</primary></indexterm>
-<indexterm><primary>OpenLDAP backend</primary></indexterm>
-                        There is a password backend option that allows continued operation with
-                        an existing OpenLDAP backend that uses the Samba-2.2.x LDAP schema extension.
-                        This option is provided primarily as a migration tool, although there is
-                        no reason to force migration at this time. This tool will eventually
-                        be deprecated.
-                        </para>
-                </listitem>
-        </varlistentry>
 </variablelist>
 
@@ -144 +111 @@
 
 <para>
-Samba-3 introduces a number of new password backend capabilities.
+Samba introduces a number of new password backend capabilities.
 <indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm>
 <indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm>
@@ -171 +138 @@
                         smbpasswd</emphasis> information plus the extended MS Windows NT/200x
                         SAM information into a binary format TDB (trivial database) file.
-                        The inclusion of the extended information makes it possible for Samba-3
+                        The inclusion of the extended information makes it possible for Samba
                         to implement the same account and system access controls that are possible
                         with MS Windows NT4/200x-based systems.
@@ -203 +170 @@
 <indexterm><primary>schema file</primary></indexterm>
 <indexterm><primary>examples/LDAP</primary></indexterm>
-                        Samba-3 has a new and extended LDAP implementation that requires configuration
+                        Samba has a new and extended LDAP implementation that requires configuration
                         of OpenLDAP with a new format Samba schema. The new format schema file is
                         included in the <filename class="directory">examples/LDAP</filename> directory of the Samba distribution.
@@ -348 +315 @@
                 <note>
                 <para>
-<indexterm><primary>Windows XP Home</primary></indexterm>
+<indexterm><primary>Windows Home edition</primary></indexterm>
 <indexterm><primary>domain member</primary></indexterm>
 <indexterm><primary>domain logons</primary></indexterm>
-                MS Windows XP Home does not have facilities to become a domain member, and it cannot participate in domain logons.
+                MS Windows Home editions do not have facilities to become a domain member, and cannot participate in domain logons.
                 </para>
                 </note>
@@ -362 +329 @@
                         <listitem><para>Windows NT 3.5x.</para></listitem>
                         <listitem><para>Windows NT 4.0.</para></listitem>
-                        <listitem><para>Windows 2000 Professional.</para></listitem>
-                        <listitem><para>Windows 200x Server/Advanced Server.</para></listitem>
-                        <listitem><para>Windows XP Professional.</para></listitem>
+                        <listitem><para>Windows editions labeled Professional.</para></listitem>
+                        <listitem><para>Windows editions labeled Server/Advanced Server.</para></listitem>
                 </itemizedlist>
 
@@ -420 +386 @@
 <indexterm><primary>SMB encryption</primary></indexterm>
                                 Windows NT does not like talking to a server that does not support encrypted passwords. It will refuse to
-                                browse the server if the server is also in user-level security mode. It will insist on prompting the user for
+                                browse the server. It will insist on prompting the user for
                                 the password on each connection, which is very annoying. The only thing you can do to stop this is to use SMB
                                 encryption.
@@ -515 +481 @@
 <indexterm><primary>NFS</primary></indexterm>
 <indexterm><primary>rsync</primary></indexterm>
-        Samba-3 has a special facility that makes it possible to maintain identical UIDs and GIDs
+        Samba has a special facility that makes it possible to maintain identical UIDs and GIDs
         on all servers in a distributed network. A distributed network is one where there exists
         a PDC, one or more BDCs, and/or one or more domain member servers. Why is this important?
@@ -1009 +975 @@
                 in compliance with government laws and regulations is clear to all. The <command>pdbedit</command> is
                 currently the only Samba tool that provides the capacity to manage account and systems access controls
-                and policies. During the remaining life-cycle of the Samba-3 series it is possible the new tools may
+                and policies. During the remaining life-cycle of the Samba series it is possible the new tools may
                 be implemented to aid in this important area.
                 </para>
@@ -1601 +1567 @@
                         <listitem><para>minimum password age = 7 days.</para></listitem>
                         <listitem><para>bad lockout attempt = 8 bad logon attempts.</para></listitem>
-                        <listitem><para>lockout duration = forever, account must be manually reenabled.</para></listitem>
+                        <listitem><para>lockout duration = forever, account must be manually re-enabled.</para></listitem>
                 </orderedlist>
 
@@ -1635 +1601 @@
 Account policies must be set individually on each PDC and BDC. At this time (Samba 3.0.11 to Samba 3.0.14a)
 account policies are not replicated automatically. This may be fixed before Samba 3.0.20 ships or some
-time there after. Please check the WHATSNEW.txt file in the Samba-3 tarball for specific update notiations
+time there after. Please check the WHATSNEW.txt file in the Samba tarball for specific update notiations
 regarding this facility.
 </para></warning>
@@ -1677 +1643 @@
 <sect1>
 <title>Password Backends</title>
-
-<para>
-<indexterm><primary>account database</primary></indexterm>
-<indexterm><primary>SMB/CIFS server</primary></indexterm>
-Samba offers flexibility in backend account database design. The flexibility is immediately obvious as one
-begins to explore this capability. Recent changes to Samba (since 3.0.23) have removed the mulitple backend
-feature in order to simplify problems that broke some installations. This removal has made the internal
-operation of Samba-3 more consistent and predictable.
-</para>
-
-<para>
-<indexterm><primary>multiple backends</primary></indexterm>
-<indexterm><primary>tdbsam databases</primary></indexterm>
-Beginning with Samba 3.0.23 it is no longer possible to specify use of mulitple passdb backends. Earlier
-versions of Samba-3 made it possible to specify multiple password backends, and even multiple
-backends of the same type. The multiple passdb backend capability caused many problems with name to SID and
-SID to name ID resolution.  The Samba team wrestled with the challenges and decided that this feature needed
-to be removed.
-</para>
 
         <sect2>
@@ -2117 +2064 @@
 dc: quenya
 o: Quenya Org Network
-description: The Samba-3 Network LDAP Example
+description: The Samba Network LDAP Example
 
 # Organizational Role for Directory Management
@@ -2194 +2141 @@
 <indexterm><primary>secrets.tdb</primary></indexterm>
                 Before Samba can access the LDAP server, you need to store the LDAP admin password
-                in the Samba-3 <filename>secrets.tdb</filename> database by:
+                in the Samba <filename>secrets.tdb</filename> database by:
 <indexterm><primary>smbpasswd</primary></indexterm>
 <screen>
@@ -2324 +2271 @@
 <indexterm><primary>Domain Groups</primary></indexterm>
 <indexterm><primary>ADS</primary></indexterm>
-                        In Samba-3, the group management system is based on POSIX
+                        In Samba, the group management system is based on POSIX
                         groups. This means that Samba makes use of the posixGroup ObjectClass.
                         For now, there is no NT-like group system management (global and local
-                        groups). Samba-3 knows only about <constant>Domain Groups</constant>
-                        and, unlike MS Windows 2000 and Active Directory, Samba-3 does not
+                        groups). Samba knows only about <constant>Domain Groups</constant>
+                        and, unlike MS Windows 2000 and Active Directory, Samba does not
                         support nested groups.
                         </para>
@@ -2591 +2538 @@
 
                 <para>
-                Samba-3 and later can update the non-Samba (LDAP) password stored with an account. When
+                Samba and later can update the non-Samba (LDAP) password stored with an account. When
                 using pam_ldap, this allows changing both UNIX and Windows passwords at once.
                 </para>
@@ -2659 +2606 @@
 
         </sect2>
-
-        <sect2>
-        <title>Configuration of <parameter>auth methods</parameter></title>
-
-        <para>
-        When explicitly setting an <smbconfoption name="auth methods"/> parameter,
-        <parameter>guest</parameter> must be specified as the first entry on the line &smbmdash;
-        for example, <smbconfoption name="auth methods">guest sam</smbconfoption>.
-        </para>
-
-        </sect2>
-
 </sect1>