Fix some language issues in AD section

SUSE · Oct 24, 2016 · 6d66397 · 6d66397
1 parent d58dacf
commit 6d66397
Showing 1 changed file with 102 additions and 74 deletions.
diff --git a/xml/security_ad_support.xml b/xml/security_ad_support.xml
@@ -135,10 +135,10 @@
   </variablelist>
 
   <para>
-   A brief technical background for most of these features is given in the
-   following section. <phrase os="sled;osuse">For directions for file and
-   printer sharing, refer to the <xref linkend="book.gnomeuser"/>, where you
-   can learn more about &ad; enablement.</phrase>
+   The following section contains technical background for most of the
+   previously named features.
+   <phrase os="sled;osuse">For more information about file and
+   printer sharing using &ad;, see <xref linkend="book.gnomeuser"/>.</phrase>
   </para>
  </sect1>
  <sect1 xml:id="sec.security.ad.background">
@@ -147,16 +147,17 @@
   <para>
    Many system components need to interact flawlessly to integrate
    a Linux client into an existing Windows &ad; domain.
-   <xref linkend="fig.ad.schema"/> highlights the most prominent ones. The
-   following sections focus on the underlying processes of the key events in
-   &ad; server and client interaction.
+   <xref linkend="fig.ad.schema"/> highlights the most prominent components
+   in the case of Winbind-based &ad; authentication. The following sections
+   focus on the underlying processes of the key events in &ad; server and
+   client interaction.
   </para>
 
   <figure xml:id="fig.ad.schema">
-   <title>&ad; Authentication Schema</title>
+   <title>Schema of Winbind-based &ad; Authentication</title>
    <mediaobject>
     <imageobject role="fo">
-     <imagedata fileref="sled10_ad_schema.svg" width="75%" format="SVG"/>
+     <imagedata fileref="sled10_ad_schema.svg" width="60%" format="SVG"/>
     </imageobject>
     <imageobject role="html">
      <imagedata fileref="sled10_ad_schema.png" width="75%" format="PNG"/>
@@ -197,42 +198,71 @@
   </variablelist>
 
   <para>
-   The following client components process account and authentication data:
+   Depending on which &yast; module you use to set up Kerberos authentication,
+   different client components process account and authentication data:
   </para>
 
   <variablelist>
    <varlistentry>
-    <term>Winbind</term>
+    <term>Solutions Based on SSSD</term>
     <listitem>
-     <para>
-      The most central part of this solution is the winbind daemon that is a
-      part of the Samba project and handles all communication with the &ad;
-      server.
-     </para>
-    </listitem>
-   </varlistentry>
-   <varlistentry>
-    <term>NSS (<emphasis>Name Service Switch</emphasis>)</term>
-    <listitem>
-     <para>
-      NSS routines provide name service information. Naming service for both
-      users and groups is provided by <filename>nss_winbind</filename>. This
-      module directly interacts with the winbind daemon.
-     </para>
+     <itemizedlist>
+      <listitem>
+       <para>
+        The <systemitem class="daemon">sssd</systemitem> daemon is the
+        central part of this solution. It handles all communication with the
+        &ad; server.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        To gather name service information,
+        <systemitem class="daemon">sssd_nss</systemitem> is used.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        To authenticate users, the
+        <systemitem class="resource">pam_sss</systemitem> module for PAM
+        is used. The creation of user homes for the &ad; users on the Linux
+        client is handled by <filename>pam_mkhomedir</filename>.
+       </para>
+       <para>
+        For more information about PAM, see <xref linkend="cha.pam"/>.
+       </para>
+      </listitem>
+     </itemizedlist>
     </listitem>
    </varlistentry>
    <varlistentry>
-    <term>PAM (<emphasis>Pluggable Authentication Modules</emphasis>)</term>
+    <term>Solution Based On Winbind (Samba)</term>
     <listitem>
-     <para>
-      User authentication for &ad; users is done by the
-      <filename>pam_winbind</filename> module. The creation of user homes
-      for the &ad; users on the Linux client is handled by
-      <filename>pam_mkhomedir</filename>. The
-      <filename>pam_winbind</filename> module directly interacts with
-      winbindd. To learn more about PAM in general, refer to
-      <xref linkend="cha.pam"/>.
-     </para>
+     <itemizedlist>
+      <listitem>
+       <para>
+        The <systemitem class="daemon">winbindd</systemitem> daemon is the
+        central part of this solution. It handles all communication with the
+        &ad; server.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        To gather name service information,
+        <systemitem class="daemon">nss_winbind</systemitem> is used.
+       </para>
+      </listitem>
+      <listitem>
+       <para>
+        To authenticate users, the
+        <systemitem class="resource">pam_winbind</systemitem> module for PAM
+        is used. The creation of user homes for the &ad; users on the Linux
+        client is handled by <filename>pam_mkhomedir</filename>.
+       </para>
+       <para>
+        For more information about PAM, see <xref linkend="cha.pam"/>.
+       </para>
+      </listitem>
+     </itemizedlist>
     </listitem>
    </varlistentry>
   </variablelist>
@@ -304,11 +334,8 @@
    </para>
    <para>
     User authentication is mediated by several PAM modules as described
-    in <xref linkend="sec.security.ad.background"/>. The
-    <filename>pam_winbind</filename> module used to authenticate clients
-    against &ad; or NT 4 domains is fully aware of Windows error
-    conditions that might prohibit a user's login. The Windows error codes
-    are translated into appropriate user-readable error messages that PAM
+    in <xref linkend="sec.security.ad.background"/>. If there are errors, the
+    error codes are translated into user-readable error messages that PAM
     gives at login through any of the supported methods (GDM, console, and
     SSH):
    </para>
@@ -393,18 +420,21 @@
     </varlistentry>
    </variablelist>
    <para>
-    During a successful authentication, <filename>pam_winbind</filename>
+    During a successful authentication, the client
     acquires a ticket granting ticket (TGT) from the Kerberos server of
     &ad; and stores it in the user's credential cache. It also
     renews the TGT in the background, requiring no user interaction.
    </para>
    <para>
     &productname; supports local home directories for &ad; users. If
     configured through &yast; as described in
-    <xref linkend="sec.security.ad.config"/>, user homes are created at the
-    first login of a Windows (&ada;) user into the Linux client. These home
-    directories look and feel entirely the same as standard Linux user home
-    directories and work independently of the &ad; domain controller. Using a
+    <xref linkend="sec.security.ad.config"/>, user home directories are
+    created when a Windows/&ad; user first logs in to the Linux client. These
+    home directories look and feel identical to standard Linux user home
+    directories and work independently of the &ad; Domain Controller.
+   </para>
+   <para>
+    Using a
     local user home, it is possible to access a user's data on this machine
     (even when the &ad; server is disconnected) as long as the Linux client
     has been configured to perform offline authentication.
@@ -524,8 +554,8 @@
       <title><guimenu>User Logon Management</guimenu></title>
       <para>
        Use both an identity service (usually LDAP) and a user authentication
-       service (usually Kerberos). This option is based on SSSD and is best
-       suited for joining most &ad; domains.
+       service (usually Kerberos). This option is based on SSSD and in the
+       majority of cases is best suited for joining &ad; domains.
       </para>
      </formalpara>
      <para>
@@ -566,8 +596,8 @@
   </sect2>
   <sect2 xml:id="sec.security.ad.sssd">
    <title>
-    Joining an &ad; Domain Using the
-    <guimenu>User Logon Management</guimenu> Module
+    Joining &ad; Using
+    <guimenu>User Logon Management</guimenu>
    </title>
    <para>
     To join an &ad; domain using SSSD and the
@@ -598,7 +628,7 @@
       <step>
        <para>
         Select <guimenu>Hostname/DNS</guimenu>, then enter the IP address of
-        the &ad; Domain Controller into text box <guimenu>Name Server
+        the &ad; Domain Controller into the text box <guimenu>Name Server
         1</guimenu>.
        </para>
        <para>
@@ -665,7 +695,7 @@
       </step>
       <step performance="optional">
        <para>
-        Usually, you should be able to keep the default settings in the
+        Usually, you can keep the default settings in the
         following dialog. However, there are reasons to make changes:
        </para>
        <itemizedlist>
@@ -688,7 +718,7 @@
           </para>
          </formalpara>
          <para>
-          If the values differ, specify a the host name from the &ad;
+          If the values differ, specify the host name from the &ad;
           configuration under <guimenu>AD hostname</guimenu>. Otherwise, leave
           the appropriate text box empty.
          </para>
@@ -714,13 +744,12 @@
       </step>
       <step>
        <para>
-        To continue by checking the network for the appropriate &ad; Domain
-        Controller, click <guimenu>OK</guimenu>.
+        To continue, click <guimenu>OK</guimenu>.
        </para>
        <para>
         If not all software is installed already, the computer will now
-        install missing software. It will then try to see whether the
-        &ad; domain is available.
+        install missing software. It will then check whether the configured
+        &ad; Domain Controller is available.
        </para>
       </step>
       <step>
@@ -791,7 +820,7 @@
         activate <guimenu>Allow Domain User Logon</guimenu>.
        </para>
       </step>
-      <step>
+      <step performance="optional">
        <para>
         Optionally, under <guimenu>Enable domain data source</guimenu>,
         activate additional data sources such as information on which users are
@@ -803,7 +832,7 @@
        <para>
         To allow &ad; users to have home directories, activate
         <guimenu>Create Home Directories</guimenu>. The path for home
-        directories can be set in multiple ways: on the client, on
+        directories can be set in multiple ways&mdash;on the client, on
         the server, or both ways:
        </para>
        <itemizedlist>
@@ -834,7 +863,7 @@
        </itemizedlist>
        <para>
         As settings on the Domain Controller are outside of the scope of this
-        documentation, only configuring the client-side options will be
+        documentation, only the configuration of the client-side options will be
         described in the following.
        </para>
        <para>
@@ -846,7 +875,7 @@
         <literal>override_homedir</literal>, then click <guimenu>Add</guimenu>.
        </para>
        <para>
-        Specify a value. To have for home directories follow the format
+        Specify a value. To have home directories follow the format
         <filename>/home/<replaceable>USER_NAME</replaceable></filename>, use
         <literal>/home/%u</literal>.
         For more information about possible variables, see the man page
@@ -862,8 +891,8 @@
     </step>
     <step>
      <para>
-      Save the changes by clicking <guimenu>OK</guimenu>, make sure that the
-      values displayed now are correct. To leave the dialog, click
+      Save the changes by clicking <guimenu>OK</guimenu>. Then make sure that
+      the values displayed now are correct. To leave the dialog, click
       <guimenu>Cancel</guimenu>.
      </para>
     </step>
@@ -872,8 +901,8 @@
 
   <sect2 xml:id="sec.security.ad.winbind">
    <title>
-    Joining an &ad; Domain Using the
-    <guimenu>Windows Domain Membership</guimenu> Module
+    Joining &ad; Using
+    <guimenu>Windows Domain Membership</guimenu>
    </title>
    <para>
     To join an &ad; domain using <command>winbind</command> and the
@@ -930,16 +959,15 @@
    </step>
    <step>
     <para>
-     Check <guimenu>Also Use SMB Information for Linux
-     Authentication</guimenu> to use the SMB source for Linux
-     authentication.
+     To use the SMB source for Linux authentication, activate
+     <guimenu>Also Use SMB Information for Linux Authentication</guimenu>.
     </para>
    </step>
    <step>
     <para>
-     Check <guimenu>Create Home Directory on Login</guimenu> to
-     automatically create a local home directory for your &ad; user on the
-     Linux machine.
+     To automatically create a local home directory for &ad; users on the
+     Linux machine, activate <guimenu>Create Home Directory on
+     Login</guimenu>.
     </para>
    </step>
    <step>
@@ -951,8 +979,8 @@
    </step>
    <step>
     <para>
-     Select <guimenu>Expert Settings</guimenu>, if you want to change the
-     UID and GID ranges for the Samba users and groups. Let DHCP retrieve
+     To change the UID and GID ranges for the Samba users and groups, select
+     <guimenu>Expert Settings</guimenu>. Let DHCP retrieve
      the WINS server only if you need it. This is the case when some
      machines are resolved only by the WINS system.
     </para>
@@ -1018,7 +1046,7 @@
   <sect2 xml:id="sec.security.ad.connection">
    <title>Checking &ad; Connection Status</title>
    <para>
-    To check whether you are indeed successfully enrolled in an &ad; domain,
+    To check whether you are successfully enrolled in an &ad; domain,
     use the following commands:
    </para>
    <itemizedlist>