working on some more documentation prior to the 2.2 release.

1 files changed, 239 insertions, 0 deletions

diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html
new file mode 100644
index 00000000000..6476cafce4e
--- /dev/null
+++ b/docs/htmldocs/Samba-PDC-HOWTO.html
@@ -0,0 +1,239 @@
+<HTML
+><HEAD
+><TITLE
+>How to Configure Samba 2.2.x as a Primary Domain Controller</TITLE
+><META
+NAME="GENERATOR"
+CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD
+><BODY
+CLASS="ARTICLE"
+BGCOLOR="#FFFFFF"
+TEXT="#000000"
+LINK="#0000FF"
+VLINK="#840084"
+ALINK="#0000FF"
+><DIV
+CLASS="ARTICLE"
+><DIV
+CLASS="TITLEPAGE"
+><H1
+CLASS="TITLE"
+><A
+NAME="AEN1"
+>How to Configure Samba 2.2.x as a Primary Domain Controller</A
+></H1
+><HR></DIV
+><DIV
+CLASS="SECT1"
+><H1
+CLASS="SECT1"
+><A
+NAME="AEN3"
+>Background</A
+></H1
+><P
+>Version of Samba prior to release 2.2 had marginal capabilities to
+act as a Windows NT 4.0 Primary Domain Controller (PDC).  Please
+note that Windows 9x clients are not true members of a domain
+for reasons outlined in this article.  Therefore the protocol for
+support Windows 9x style domain logons is completely different
+from NT4 domain logons and has been officially supported for some 
+time.</P
+><P
+>Beginning with Samba 2.2.0, we are proud to announce official 
+support for Windows NT 4.0 style domain logons from Windows NT
+4.0 and Windows 2000 (including SP1) clients.  This article 
+outlines the steps necessary for configuring Samba as a PDC.
+Note that it is necessary to have a working Samba server
+prior to implementing the PDC functionality.  If you have not 
+followed the steps outlined in <A
+HREF="UNIX_INSTALL.html"
+TARGET="_top"
+>UNIX_INSTALL.html</A
+>, please make sure that your server 
+is configured correctly before proceeding.  Another good 
+resource in the <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+>smb.conf(5) man 
+page</A
+>.</P
+><P
+>Implementing a Samba PDC can basically be divided into 2 broad
+steps.</P
+><P
+></P
+><OL
+TYPE="1"
+><LI
+><P
+>Configuring the Samba Domain Controller
+	</P
+></LI
+><LI
+><P
+>Creating machine trust accounts
+	and joining clients to the domain</P
+></LI
+></OL
+><P
+>There are other minor details such as user profiles, system
+policies, etc...  However, these are not necessarily specific
+to a Samba PDC as much as they are related to Windows NT networking
+concepts.  They will be mentioned only briefly here.</P
+><P
+>On a closing note, many people have asked regarding the status
+of Samba, Kerberos, and Active Directory.  Samba <I
+CLASS="EMPHASIS"
+>does 
+not</I
+> implement a true Windows 2000 domain controller.  
+There are actually three pieces to this puzzle.</P
+><P
+></P
+><UL
+><LI
+><P
+>Kerberos</P
+></LI
+><LI
+><P
+>Samba</P
+></LI
+><LI
+><P
+>LDAP</P
+></LI
+></UL
+><P
+>We are working on exploring possibilities related to this, but
+much work needs to be done.</P
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN26"
+>Configuring the Samba Domain Controller</A
+></H1
+><P
+>The first step in creating a working Samba PDC is to 
+understand the parameters necesary in smb.conf.  I will not
+attempt to re-explain the parameters here as they are more that
+adequately covered in <A
+HREF="smb.conf.5.html"
+TARGET="_top"
+> the smb.conf
+man page</A
+>.  For convienience, the parameters have been
+linked with the actual smb.conf description.</P
+><P
+>Here is an example smb.conf for acting as a PDC:</P
+><P
+><PRE
+CLASS="PROGRAMLISTING"
+>[global]
+    ; Basic server settings
+    <A
+HREF="smb.conf.5.html#NETBIOSNAME"
+TARGET="_top"
+>netbios name</A
+> = <TT
+CLASS="REPLACEABLE"
+><I
+>POGO</I
+></TT
+>
+    workgroup = <TT
+CLASS="REPLACEABLE"
+><I
+>NARNIA</I
+></TT
+>
+
+    ; we should act as the domain and local master browser
+    os level = 64
+    preferred master = yes
+    domain master = yes
+    local master = yes
+    
+    ; security settings (must user security = user)
+    security = user
+    
+    ; encrypted passwords are a requirement for a PDC
+    encrypt passwords = yes
+    
+    ; support domain logons
+    domain logons = yes
+    
+    ; where to store user profiles?
+    logon path = \\%N\profiles\%u
+    
+    ; where is a user's home directory and where should it
+    ; be mounted at?
+    logon drive = H:
+    logon home = \\homeserver\%u
+    
+    ; specify a generic logon script for all users
+    ; this is a relative path to the [netlogon] share
+    logon script = logon.cmd
+
+; necessary share for domain controller
+[netlogon]
+    path = /usr/local/samba/lib/netlogon
+    writeable = no
+    write list = ntadmin
+    
+; share for storing user profiles
+[profiles]
+    path = /export/smb/ntprofile
+    writeable = yes
+    create mask = 0600
+    directory mask = 0700</PRE
+></P
+><P
+>There are a couple of points to emphasize in the above
+configuration.</P
+><P
+></P
+><UL
+><LI
+><P
+>encrypted passwords must be enabled.
+	For more details on how to do this, refer to 
+	<A
+HREF="ENCRYPTION.html"
+TARGET="_top"
+>ENCRYPTION.html</A
+>.
+	</P
+></LI
+><LI
+><P
+>The server must support domain logons
+	and a [netlogon] share</P
+></LI
+><LI
+><P
+>The server must be the domain master browser
+	in order for Windows client to locate the server as a DC.</P
+></LI
+></UL
+></DIV
+><DIV
+CLASS="SECT1"
+><HR><H1
+CLASS="SECT1"
+><A
+NAME="AEN45"
+>Creating Machine Trust Accounts and Joining Clients 
+to the Domain</A
+></H1
+><P
+></P
+></DIV
+></DIV
+></BODY
+></HTML
+>
\ No newline at end of file