summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/passwordserver.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/security/passwordserver.xml')
-rw-r--r--docs-xml/smbdotconf/security/passwordserver.xml46
1 files changed, 46 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml
new file mode 100644
index 0000000..8bc2ecb
--- /dev/null
+++ b/docs-xml/smbdotconf/security/passwordserver.xml
@@ -0,0 +1,46 @@
+<samba:parameter name="password server"
+ context="G"
+ type="string"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>By specifying the name of a domain controller with this option,
+ and using <command moreinfo="none">security = [ads|domain]</command>
+ it is possible to get Samba
+ to do all its username/password validation using a specific remote server.</para>
+
+ <para>Ideally, this option
+ <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
+ to determine the best DC to contact dynamically, just as all other hosts in an
+ AD domain do. This allows the domain to be maintained (addition
+ and removal of domain controllers) without modification to
+ the smb.conf file. The cryptographic protection on the authenticated RPC calls
+ used to verify passwords ensures that this default is safe.</para>
+
+ <para><emphasis>It is strongly recommended that you use the
+ default of '*'</emphasis>, however if in your particular
+ environment you have reason to specify a particular DC list, then
+ the list of machines in this option must be a list of names or IP
+ addresses of Domain controllers for the Domain. If you use the
+ default of '*', or list several hosts in the <parameter
+ moreinfo="none">password server</parameter> option then <command
+ moreinfo="none">smbd </command> will try each in turn till it
+ finds one that responds. This is useful in case your primary
+ server goes down.</para>
+
+ <para>If the list of servers contains both names/IP's and the '*'
+ character, the list is treated as a list of preferred
+ domain controllers, but an auto lookup of all remaining DC's
+ will be added to the list as well. Samba will not attempt to optimize
+ this list by locating the closest DC.</para>
+
+ <para>If parameter is a name, it is looked up using the
+ parameter <smbconfoption name="name resolve order"/> and so may resolved
+ by any method and order described in that parameter.</para>
+
+</description>
+
+<related>security</related>
+<value type="default">*</value>
+<value type="example">NT-PDC, NT-BDC1, NT-BDC2, *</value>
+<value type="example">windc.mydomain.com:389 192.168.1.101 *</value>
+</samba:parameter>
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 09:37:47 +0000