From 02bb4e1b8ae931d9eefa2fbd4a6f5456aca99b2b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 4 Apr 2003 15:21:04 +0000 Subject: This is a merge of the NETLOGON schannel server code from Samba TNG. Actually, it exists in the main Samba cvs tree in APPLIANCE_TNG as I found out later :-) It adds a new parameter: server schannel = yes/auto/no defaulting to auto. What does this mean to the user: No requireSignOrSeal registry patch for XP anymore. Many thanks for this code to Luke Leighton, Elrond and anybody else I forgot to mention. My next thing will be to see if this applies cleanly to 3_0. Please test and comment! Volker (This used to be commit e1f953241eb020f19fe657f29afdae28dcf5a03b) --- docs/docbook/manpages/smb.conf.5.sgml | 26 ++++++++++++++++++++++ .../docbook/smbdotconf/security/serverschannel.xml | 24 ++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 docs/docbook/smbdotconf/security/serverschannel.xml (limited to 'docs') diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 2fbd27b934..40c4963c8d 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -744,6 +744,7 @@ alias|alias|alias|alias... root dir root directory security + server schannel server string set primary group script show add printer wizard @@ -6922,6 +6923,31 @@ print5|My Printer 5 + + server schannel (G) + + + This controls whether the server offers or even + demands the use of the netlogon schannel. + server schannel = no does not + offer the schannel, server schannel = + auto offers the schannel but does not + enforce it, and server schannel = + yes denies access if the client is not + able to speak netlogon schannel. This is only the case + for Windows NT4 before SP4. + + Please note that with this set to + no you will have to apply the + WindowsXP requireSignOrSeal-Registry patch found in + the docs/Registry subdirectory.Default: server schannel = auto + + Example: server schannel = yes/para> + + + server string (G) This controls what string will show up in the diff --git a/docs/docbook/smbdotconf/security/serverschannel.xml b/docs/docbook/smbdotconf/security/serverschannel.xml new file mode 100644 index 0000000000..05261fa417 --- /dev/null +++ b/docs/docbook/smbdotconf/security/serverschannel.xml @@ -0,0 +1,24 @@ + + server schannel (G) + + + This controls whether the server offers or even + demands the use of the netlogon schannel. + server schannel = no does not + offer the schannel, server schannel = + auto offers the schannel but does not + enforce it, and server schannel = + yes denies access if the client is not + able to speak netlogon schannel. This is only the case + for Windows NT4 before SP4. + + Please note that with this set to + no you will have to apply the + WindowsXP requireSignOrSeal-Registry patch found in + the docs/Registry subdirectory.Default: server schannel = auto + + Example: server schannel = yes/para> + + \ No newline at end of file -- cgit