diff options
author | Stefan Metzmacher <metze@samba.org> | 2017-06-10 13:30:44 +0200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2017-06-16 03:21:29 +0200 |
commit | ab36c1d152e231be644dc7413ad5b6816f45e24f (patch) | |
tree | 5960cfa4c808aabb92eb6e225f265321e995247b /docs-xml | |
parent | bd69a3e2e9a57713c6641de4f92e7e23488e457b (diff) | |
download | samba-ab36c1d152e231be644dc7413ad5b6816f45e24f.tar.gz |
docs-xml: improve documentation of "map untrusted to domain"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8630
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/smbdotconf/security/mapuntrustedtodomain.xml | 25 |
1 files changed, 10 insertions, 15 deletions
diff --git a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml index 496e7c24c07..a02948ace4b 100644 --- a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml +++ b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml @@ -5,27 +5,22 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - If a client connects to smbd using an untrusted domain name, such as - BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before + By default, and with <smbconfoption name="map untrusted to domain">no</smbconfoption>, + if a client connects to smbd using an untrusted domain name, such as + BOGUS\user, smbd replaces the BOGUS domain with it's SAM name + (forcing local authentication) before attempting to authenticate that user. In the case where smbd is acting as - a PDC this will be DOMAIN\user. In the case where smbd is acting as a + a NT4 PDC/BDC this will be DOMAIN\user. In the case where smbd is acting as a domain member server or a standalone server this will be WORKSTATION\user. </para> <para> - In previous versions of Samba (pre 3.4), if smbd was acting as a domain - member server, the BOGUS domain name would instead be replaced by the - primary domain which smbd was a member of. In this case authentication - would be deferred off to a DC using the credentials DOMAIN\user. + With <smbconfoption name="map untrusted to domain">yes</smbconfoption>, + smbd provides the legacy behavior matching that of versions of Samba pre 3.4: + the BOGUS domain name would always be replaced by the + primary domain before attempting to authenticate that user. + This will be DOMAIN\user in all server roles except active directory domain controller. </para> - - <para> - When this parameter is set to <constant>yes</constant> smbd provides the - legacy behavior of mapping untrusted domain names to the primary domain. - When smbd is not acting as a domain member server, this parameter has no - effect. - </para> - </description> <value type="default">no</value> |