diff options
| author | Ivo De Decker <ivo.dedecker@ugent.be> | 2013-05-10 13:33:02 +0200 |
|---|---|---|
| committer | Ivo De Decker <ivo.dedecker@ugent.be> | 2013-05-10 13:33:02 +0200 |
| commit | 31202ad025bcdeb2585d18dc3f4641b5cf9c0ec4 (patch) | |
| tree | 32c20d66684ac97b86e55495146e9a676bfae85a /docs-xml | |
| parent | 2865eba17fddda6c49f1209ca92d539111e7ff93 (diff) | |
| download | samba-31202ad025bcdeb2585d18dc3f4641b5cf9c0ec4.tar.gz | |
Imported Upstream version 4.0.0+dfsg1upstream/4.0.0+dfsg1
Diffstat (limited to 'docs-xml')
259 files changed, 3764 insertions, 6081 deletions
diff --git a/docs-xml/Makefile b/docs-xml/Makefile index 40aa16108b..f9c60d0fab 100644 --- a/docs-xml/Makefile +++ b/docs-xml/Makefile @@ -8,10 +8,10 @@ include Makefile.settings # Docs to build MAIN_DOCS = $(patsubst %/index.xml,%,$(wildcard */index.xml)) -MANPAGES3 = $(wildcard $(MANPAGEDIR3)/*.?.xml) +MANPAGES = $(wildcard $(MANPAGEDIR)/*.?.xml) # Lists of files to process -MANPAGES_PLUCKER = $(patsubst $(MANPAGEDIR3)/%.xml,$(PLUCKERDIR)/%.pdb,$(MANPAGES3)) +MANPAGES_PLUCKER = $(patsubst $(MANPAGEDIR)/%.xml,$(PLUCKERDIR)/%.pdb,$(MANPAGES)) DBLATEX_OPTIONS = -p xslt/latex.xsl -i xslt/latex DATETIME := $(shell date +%Y%m%d%H%M%S) @@ -33,30 +33,34 @@ help: @echo " release - Build the docs needed for a Samba release" @echo " all - Build all docs that can be build using the utilities found by configure" @echo " everything - Build all of the above" - @echo " pdf,tex,ps,manpages3,txt,pearson,htmlhelp - Build specific output format" + @echo " pdf,tex,ps,manpages,txt,pearson,htmlhelp - Build specific output format" @echo " html - Build multi-file HTML versions" @echo " html-single - Build single-file HTML versions" - @echo " htmlman3 - Build HTML version of manpages" + @echo " htmlman - Build HTML version of manpages" @echo " undocumented - Output list of undocumented smb.conf options" @echo " samples - Extract examples" $(PDFDIR)/Samba3-ByExample.pdf $(PSDIR)/Samba3-ByExample.ps $(DOCBOOKDIR)/Samba3-ByExample.xml Samba3-ByExample.tex: $(wildcard Samba3-ByExample/*.xml) $(PDFDIR)/Samba3-HOWTO.pdf $(PSDIR)/Samba3-HOWTO.ps Samba3-HOWTO.tex $(DOCBOOKDIR)/Samba3-HOWTO.xml: $(wildcard Samba3-HOWTO/*.xml) Samba3-HOWTO-attributions.xml -Samba3-HOWTO/manpages.xml: $(MANPAGEDIR3)/smb.conf.5.xml +Samba3-HOWTO/manpages.xml: $(MANPAGEDIR)/smb.conf.5.xml $(PDFDIR)/Samba3-Developers-Guide.pdf $(PSDIR)/Samba3-Developers-Guide.ps $(DOCBOOKDIR)/Samba3-Developers-Guide.xml Samba3-Developers-Guide.tex: $(wildcard Samba3-Developers-Guide/*.xml) Samba3-Developers-Guide-attributions.xml -$(PDFDIR)/Samba4-HOWTO.pdf $(PSDIR)/Samba4-HOWTO.ps Samba4-HOWTO.tex $(DOCBOOKDIR)/Samba4-HOWTO.xml: $(filter-out Samba4-HOWTO/index.xml,$(wildcard Samba4-HOWTO/*.xml)) Samba4-HOWTO-attributions.xml # Pseudo targets all:: $(TARGETS) -everything:: manpages3 pdf html-single html htmlman3 txt ps fo htmlhelp pearson -release:: manpages3 htmlman3 html pdf +everything:: manpages pdf html-single html htmlman txt ps fo htmlhelp pearson +release:: manpages htmlman html pdf clean:: @echo "Cleaning up..." rm -rf $(OUTPUTDIR)/* $(DOCBOOKDIR) - rm -f $(patsubst %.svg,%.png,$(wildcard */images/*.svg)) \ - $(patsubst %.svg,%.eps,$(wildcard */images/*.svg)) \ - $(patsubst %.png,%.eps,$(wildcard */images/*.png)) rm -f *-attributions.xml + rm -f $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-dia))) \ + $(patsubst %.svg,%.pdf,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \ + $(patsubst %.svg,%.eps,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \ + $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) + rm -f *-attributions.xml *.d *.tpt *.tex *.loc *.toc *.lof *.glo *.idx *.aux + rm -f *-images-html* + rm -f *-images-latex-* $(LATEX_FIGURES) + rm -f xslt/figures/*pdf rm -f $(SMBDOTCONFDOC)/parameters.*.xml rm -f build/catalog.xml @@ -67,11 +71,11 @@ txt:: $(patsubst %,$(TXTDIR)/%.txt,$(MAIN_DOCS)) tex:: $(addsuffix .tex,$(MAIN_DOCS)) texi:: $(patsubst %,$(TEXINFODIR)/%.texi,$(MAIN_DOCS)) texiinfo:: $(patsubst %,$(TEXINFODIR)/%.info,$(MAIN_DOCS)) -manpages3:: $(patsubst $(MANPAGEDIR3)/%.xml,$(OUTPUTDIR)/manpages-3/%,$(MANPAGES3)) +manpages:: $(patsubst $(MANPAGEDIR)/%.xml,$(OUTPUTDIR)/manpages/%,$(MANPAGES)) pearson:: $(PEARSONDIR)/Samba3-HOWTO.xml pearson-verify:: $(PEARSONDIR)/Samba3-HOWTO.report.html plucker:: $(patsubst %,$(PLUCKERDIR)/%.pdb,$(MAIN_DOCS)) -htmlman3:: $(patsubst $(MANPAGEDIR3)/%.xml,$(HTMLDIR)/manpages-3/%.html,$(MANPAGES3)) $(HTMLDIR)/manpages-3/index.html +htmlman:: $(patsubst $(MANPAGEDIR)/%.xml,$(HTMLDIR)/manpages/%.html,$(MANPAGES)) $(HTMLDIR)/manpages/index.html html-single:: $(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)) html:: $(patsubst %,$(HTMLDIR)/%/index.html,$(MAIN_DOCS)) $(HTMLDIR)/index.html htmlhelp:: $(addprefix $(HTMLHELPDIR)/,$(MAIN_DOCS)) @@ -80,7 +84,7 @@ validate:: $(addsuffix -validate,$(MAIN_DOCS)) test:: validate check:: validate -.PHONY: test check validate +.PHONY: test check validate manpages # Intermediate docbook docs # @@ -89,22 +93,22 @@ $(DOCBOOKDIR)/%.xml: %/index.xml xslt/expand-sambadoc.xsl @mkdir -p $(@D) @$(XSLTPROC) --stringparam latex.imagebasedir "$*/" --stringparam noreference 0 --xinclude --output $@ xslt/expand-sambadoc.xsl $< -$(DOCBOOKDIR)/manpages-3/%.xml: $(MANPAGEDIR3)/%.xml xslt/expand-sambadoc.xsl +$(DOCBOOKDIR)/manpages/%.xml: $(MANPAGEDIR)/%.xml xslt/expand-sambadoc.xsl @mkdir -p $(@D) $(XSLTPROC) --xinclude --stringparam noreference 0 --output $@ xslt/expand-sambadoc.xsl $< -$(DOCBOOKDIR)/manpages-3/index.xml: $(MANPAGES3) xslt/manpage-summary.xsl +$(DOCBOOKDIR)/manpages/index.xml: $(MANPAGES) xslt/manpage-summary.xsl @mkdir -p $(@D) echo "<article><variablelist>" > $@ - $(XSLTPROC) xslt/manpage-summary.xsl $(MANPAGES3) >> $@ + $(XSLTPROC) xslt/manpage-summary.xsl $(MANPAGES) >> $@ @echo "</variablelist></article>" >> $@ # HTML docs $(HTMLDIR)/index.html: htmldocs.html @mkdir -p $(@D) cp $< $@ - -$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl + +$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl %-images-html-chunks @mkdir -p $(@D) $(XSLTPROC) --stringparam base.dir "$(HTMLDIR)/$*/" xslt/html-chunk.xsl $< @@ -113,16 +117,7 @@ $(OUTPUTDIR)/%/samba.css: xslt/html/samba.css @mkdir -p $(@D) cp $< $@ -$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-png - -define IMAGES_TEMPLATE -$(1)-images-png:: $$(patsubst %.svg,%.png,$$(wildcard $(1)/images/*.svg)) ; -$(1)-images-eps:: $$(patsubst %.svg,%.eps,$$(wildcard $(1)/images/*.svg)) ; -$(1)-images-eps:: $$(patsubst %.png,%.eps,$$(wildcard $(1)/images/*.png)) ; - -endef - -$(eval $(foreach DOC, $(MAIN_DOCS),$(call IMAGES_TEMPLATE,$(DOC)))) +$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-html-single $(HTMLDIR)/%.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/samba.css xslt/html.xsl $(XSLTPROC) --output $@ xslt/html.xsl $< @@ -144,12 +139,47 @@ $(TXTDIR)/%.txt: $(HTMLDIR)/%.html @mkdir -p $(@D) @$(DBLATEX) $(DBLATEX_OPTIONS) -t tex -o $@ $< +# Dependency files +%.d: $(DOCBOOKDIR)/%.xml xslt/generate-dependencies.xsl + @echo "Generating dependency file for $*" + @$(XSLTPROC) --novalid \ + --stringparam txtbasedir "$(TXTDIR)/$*/" \ + --stringparam target "$*" \ + -o $@ xslt/generate-dependencies.xsl $< + @echo "$*-images-latex-svg = \$$(wildcard \$$(addsuffix .svg, \$$($*-images-latex)))" >> $@ + @echo "$*-images-latex-eps: \$$(addsuffix .eps, \$$($*-images-latex))" >> $@ + @echo "$*-images-latex-pdf: \$$(patsubst %.svg, %.pdf, \$$($*-images-latex-svg))" >> $@ + @echo "$*-images-latex-png: \$$(filter-out \$$(patsubst %.svg,%.png,\$$($*-images-latex-svg)), \$$(addsuffix .png, \$$($*-images-latex)))" >> $@ + + @echo >> $@ + @echo "\$$(HTMLDIR)/%: $*/%" >> $@ + @echo " @mkdir -p \$$(@D)" >> $@ + @echo " @cp \$$< \$$@" >> $@ + @echo >> $@ + @echo "\$$(HTMLDIR)/$*/%: $*/%" >> $@ + @echo " @mkdir -p \$$(@D)" >> $@ + @echo " @cp \$$< \$$@" >> $@ + @echo >> $@ + @echo "\$$(HTMLHELPDIR)/$*/%: $*/%" >> $@ + @echo " @mkdir -p \$$(@D)" >> $@ + @echo " @cp \$$< \$$@" >> $@ + @echo >> $@ + @echo "$*-images-html-single: \$$(addprefix \$$(HTMLDIR)/, \$$($*-images-html))" >> $@ + @echo "$*-images-html-chunks: \$$(addprefix \$$(HTMLDIR)/$*/, \$$($*-images-html))" >> $@ + @echo "$*-images-htmlhelp: \$$(addprefix \$$(HTMLHELPDIR)/$*/, \$$($*-images-html))" >> $@ + +ifdef OUTPUTDIR +ifneq ($(MAKECMDGOALS),clobber) +-include $(addsuffix .d,$(MAIN_DOCS)) +endif +endif + # Adobe PDF files -$(PDFDIR)/%.pdf: %/index.xml $(PDFDIR) xslt/latex.xsl %-images-png +$(PDFDIR)/%.pdf: %/index.xml $(PDFDIR) xslt/latex.xsl %-images-latex-png %-images-latex-pdf $(DBLATEX) $(DBLATEX_OPTIONS) -I $*/images -t pdf -o $@ $< # PostScript files -$(PSDIR)/%.ps: %/index.xml $(PSDIR) xslt/latex.xsl %-images-eps +$(PSDIR)/%.ps: %/index.xml $(PSDIR) xslt/latex.xsl %-images-latex-eps $(DBLATEX) $(DBLATEX_OPTIONS) -I $*/images -t ps -o $@ $< %.eps: %.svg @@ -161,7 +191,10 @@ $(PSDIR)/%.ps: %/index.xml $(PSDIR) xslt/latex.xsl %-images-eps %.eps: %.png $(PNGTOPNM) $< | $(PNMTOPS) > $@ -$(HTMLHELPDIR)/%: $(DOCBOOKDIR)/%.xml %-images-png +%.pdf: %.svg + $(INKSCAPE) -z -f $(abspath $<) --export-pdf=$(abspath $@) + +$(HTMLHELPDIR)/%: $(DOCBOOKDIR)/%.xml %-images-htmlhelp $(XSLTPROC) --stringparam htmlhelp.chm $*.chm \ --stringparam manifest.in.base.dir "$@/" \ --stringparam base.dir "$@/" \ @@ -181,7 +214,7 @@ $(TEXINFODIR)/%.info: $(TEXINFODIR)/%.texi $(MAKEINFO) --no-validate --force -o $@ "$<" # Manpages -$(MANPAGEDIR3)/smb.conf.5.xml: parameters +$(MANPAGEDIR)/smb.conf.5.xml: parameters # The phony parameters target exists in order to always create the # the parameters xml files. Otherwise, when parameters.*.xml does not exist @@ -211,7 +244,7 @@ $(OUTPUTDIR)/%: $(DOCBOOKDIR)/%.xml xslt/man.xsl # Individual smb.conf parameters smb.conf-chunks: $(patsubst $(SMBDOTCONFDOC)/%.xml,$(HTMLDIR)/smb.conf/%.html,$(wildcard $(SMBDOTCONFDOC)/*/*.xml)) - + $(HTMLDIR)/smb.conf/%.html: $(SMBDOTCONFDOC)/%.xml @mkdir -p $(@D) $(XSLTPROC) --output $@ xslt/smb.conf-html.xsl $< @@ -230,9 +263,8 @@ $(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml cd $(<D) && $(XMLLINT) --xinclude --noent --postvalid --noout $(<F) # Find undocumented parameters -undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl - $(PERL) scripts/find_missing_doc.pl $(SRCDIR) - $(PERL) scripts/find_missing_manpages.pl $(SRCDIR) +undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_manpages + $(PERL) scripts/find_missing_manpages $(SRCDIR)/source3 samples: $(DOCBOOKDIR)/Samba3-HOWTO.xml xslt/extract-examples.xsl scripts/indent-smb.conf.pl @mkdir -p examples @@ -248,6 +280,11 @@ archive: pdf # XSL scripts xslt/html.xsl: xslt/html-common.xsl xslt/html-chunk.xsl: xslt/html-common.xsl +xslt/latex.xsl: +xslt/expand-sambadoc.xsl: +xslt/generate-attributions.xsl: +xslt/man.xsl: +xslt/pearson.xsl: distclean clobber:: clean rm -f Makefile.settings config.status config.log diff --git a/docs-xml/Makefile.settings.in b/docs-xml/Makefile.settings.in index 86c7373739..2bf96d746b 100644 --- a/docs-xml/Makefile.settings.in +++ b/docs-xml/Makefile.settings.in @@ -16,8 +16,8 @@ PERL = @PERL@ OUTPUTDIR = output ARCHIVEDIR = archive TEXINFODIR = $(OUTPUTDIR)/texi -SRCDIR = ../source3 -MANPAGEDIR3 = manpages-3 +SRCDIR = ../ +MANPAGEDIR = manpages SMBDOTCONFDOC = smbdotconf DOCBOOKDIR = tmp PSDIR = $(OUTPUTDIR) diff --git a/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml b/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml index 3b9976e3f4..e0c3c7cd4d 100644 --- a/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml +++ b/docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml @@ -1093,7 +1093,6 @@ index default sub <smbconfoption name="idmap backend">ldap://massive.abmas.biz</smbconfoption> <smbconfoption name="idmap uid">10000-20000</smbconfoption> <smbconfoption name="idmap gid">10000-20000</smbconfoption> -<smbconfoption name="printer admin">root</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> </smbconfblock> </example> diff --git a/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml b/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml index 23704fe716..45a09a8fb1 100644 --- a/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml +++ b/docs-xml/Samba3-ByExample/SBE-AddingUNIXClients.xml @@ -674,7 +674,6 @@ Join to 'MEGANET2' failed. <smbconfoption name="idmap uid">10000-20000</smbconfoption> <smbconfoption name="idmap gid">10000-20000</smbconfoption> <smbconfoption name="winbind trusted domains only">Yes</smbconfoption> -<smbconfoption name="printer admin">root</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> <smbconfsection name="[homes]"/> @@ -948,7 +947,6 @@ MEGANET2+PIOps:x:10005: <smbconfoption name="template primary group">"Domain Users"</smbconfoption> <smbconfoption name="template shell">/bin/bash</smbconfoption> <smbconfoption name="winbind separator">+</smbconfoption> -<smbconfoption name="printer admin">root</smbconfoption> <smbconfoption name="hosts allow">192.168.2., 192.168.3., 127.</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> @@ -1041,7 +1039,6 @@ Joined domain MEGANET2. <smbconfoption name="name resolve order">wins bcast hosts</smbconfoption> <smbconfoption name="printcap name">CUPS</smbconfoption> <smbconfoption name="wins server">192.168.2.1</smbconfoption> -<smbconfoption name="printer admin">root</smbconfoption> <smbconfoption name="hosts allow">192.168.2., 192.168.3., 127.</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> @@ -1723,7 +1720,6 @@ data = "\00\00\00\00bp\00\00\06krbtgt\06krbtgt- <smbconfoption name="winbind enum users">No</smbconfoption> <smbconfoption name="winbind enum groups">No</smbconfoption> <smbconfoption name="winbind nested groups">Yes</smbconfoption> -<smbconfoption name="printer admin">"KPAK\Domain Admins"</smbconfoption> </smbconfblock> </example> diff --git a/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml b/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml index b41cea9cc1..239ad3e7c3 100644 --- a/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml +++ b/docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml @@ -827,73 +827,11 @@ The recommended passdb backends at this time are replacement for stand alone servers * ldapsam - attribute rich account storage and retrieval backend utilizing an LDAP directory. - * ldapsam_compat - a 2.2 backward compatible LDAP account - backend Certain functions of the smbpasswd(8) tool have been split between the new smbpasswd(8) utility, the net(8) tool, and the new pdbedit(8) utility. See the respective man pages for details. -###################################################################### -LDAP -#### - -This section outlines the new features affecting Samba / LDAP -integration. - -New Schema ----------- - -A new object class (sambaSamAccount) has been introduced to replace -the old sambaAccount. This change aids us in the renaming of -attributes to prevent clashes with attributes from other vendors. -There is a conversion script (examples/LDAP/convertSambaAccount) to -modify and LDIF file to the new schema. - -Example: - - $ ldapsearch .... -b "ou=people,dc=..." > sambaAcct.ldif - $ convertSambaAccount --sid=<Domain SID> \ - --input=sambaAcct.ldif --output=sambaSamAcct.ldif \ - --changetype=[modify|add] - -The <DOM SID> can be obtained by running 'net getlocalsid -<DOMAINNAME>' on the Samba PDC as root. The changetype determines -the format of the generated LDIF output--either create new entries -or modify existing entries. - -The old sambaAccount schema may still be used by specifying the -"ldapsam_compat" passdb backend. However, the sambaAccount and -associated attributes have been moved to the historical section of -the schema file and must be uncommented before use if needed. -The 2.2 object class declaration for a sambaAccount has not changed -in the 3.0 samba.schema file. - -Other new object classes and their uses include: - - * sambaDomain - domain information used to allocate rids - for users and groups as necessary. The attributes are added - in 'ldap suffix' directory entry automatically if - an idmap uid/gid range has been set and the 'ldapsam' - passdb backend has been selected. - - * sambaGroupMapping - an object representing the - relationship between a posixGroup and a Windows - group/SID. These entries are stored in the 'ldap - group suffix' and managed by the 'net groupmap' command. - - * sambaUnixIdPool - created in the 'ldap idmap suffix' entry - automatically and contains the next available 'idmap uid' and - 'idmap gid' - - * sambaIdmapEntry - object storing a mapping between a - SID and a UNIX uid/gid. These objects are created by the - idmap_ldap module as needed. - - * sambaSidEntry - object representing a SID alone, as a Structural - class on which to build the sambaIdmapEntry. - - New Suffix for Searching ------------------------ diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml index 5aabb8b524..9b69368614 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml @@ -47,96 +47,12 @@ you will have stability and operational problems. <indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm> <indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm> <indexterm><primary>propagate</primary></indexterm> -While it is possible to run a Samba-3 BDC with a non-LDAP backend, that backend must allow some form of +It is not possible to run a Samba-3 BDC with a non-LDAP backend, as that backend must allow some form of "two-way" propagation of changes from the BDC to the master. At this time only LDAP delivers the capability to propagate identity database changes from the BDC to the PDC. The BDC can use a slave LDAP server, while it is preferable for the PDC to use as its primary an LDAP master server. </para> -<para> -<indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm> -<indexterm><primary>SAM backend</primary><secondary>non-LDAP</secondary></indexterm> -<indexterm><primary>domain</primary><secondary>member</secondary><tertiary>server</tertiary></indexterm> -<indexterm><primary>BDC</primary></indexterm> -<indexterm><primary>PDC</primary></indexterm> -<indexterm><primary>trust account password</primary></indexterm> -<indexterm><primary>domain trust</primary></indexterm> -The use of a non-LDAP backend SAM database is particularly problematic because domain member -servers and workstations periodically change the Machine Trust Account password. The new -password is then stored only locally. This means that in the absence of a centrally stored -accounts database (such as that provided with an LDAP-based solution) if Samba-3 is running -as a BDC, the BDC instance of the domain member trust account password will not reach the -PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs, this results in -overwriting the SAM that contains the updated (changed) trust account password with resulting -breakage of the domain trust. -</para> - -<para> -<indexterm><primary>net</primary><secondary>rpc</secondary></indexterm> -<indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm> -<indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm> -<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm> -Considering the number of comments and questions raised concerning how to configure a BDC, -let's consider each possible option and look at the pros and cons for each possible solution. -<link linkend="pdc-bdc-table">The Domain Backend Account Distribution Options table below</link> lists -possible design configurations for a PDC/BDC infrastructure. -</para> - -<table frame="all" id="pdc-bdc-table"><title>Domain Backend Account Distribution Options</title> -<tgroup cols="3"> - <colspec align="center" colwidth="1*"/> - <colspec align="center" colwidth="1*"/> - <colspec align="left" colwidth="3*"/> - - <thead> - <row><entry>PDC Backend</entry><entry>BDC Backend</entry><entry>Notes/Discussion</entry></row> - </thead> - <tbody> - <row> - <entry><para>Master LDAP Server</para></entry> - <entry><para>Slave LDAP Server</para></entry> - <entry><para>The optimal solution that provides high integrity. The SAM will be - replicated to a common master LDAP server.</para></entry> - </row> - <row> - <entry><para>Single Central LDAP Server</para></entry> - <entry><para>Single Central LDAP Server</para></entry> - <entry><para> - A workable solution without failover ability. This is a usable solution, but not optimal. - </para></entry> - </row> - <row> - <entry><para>tdbsam</para></entry> - <entry><para>tdbsam + <command>net rpc vampire</command></para></entry> - <entry><para> - Does not work with Samba-3.0; Samba does not implement the - server-side protocols required. - </para></entry> - </row> - <row> - <entry><para>tdbsam</para></entry> - <entry><para>tdbsam + <command>rsync</command></para></entry> - <entry><para> - Do not use this configuration. - Does not work because the TDB files are live and data may not - have been flushed to disk. Furthermore, this will cause - domain trust breakdown. - </para></entry> - </row> - <row> - <entry><para>smbpasswd file</para></entry> - <entry><para>smbpasswd file</para></entry> - <entry><para> - Do not use this configuration. - Not an elegant solution due to the delays in synchronization - and also suffers - from the issue of domain trust breakdown. - </para></entry> - </row> - </tbody> -</tgroup> -</table> - </sect1> <sect1> @@ -453,9 +369,12 @@ Servers in &smb.conf; example</link>. <indexterm><primary>domain controller</primary></indexterm> As of the release of MS Windows 2000 and Active Directory, this information is now stored in a directory that can be replicated and for which partial or full administrative control -can be delegated. Samba-3 is not able to be a domain controller within an Active Directory -tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot -act as a BDC to an Active Directory domain controller. +can be delegated. Samba-4.0 is able to be a domain controller within an Active Directory +tree, and it can be an Active Directory server. The details for how +this can be done are documented in the <ulink +url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 as an +AD DC HOWTO</ulink> + </para> </sect2> @@ -554,35 +473,6 @@ The creation of a BDC requires some steps to prepare the Samba server before <itemizedlist> <listitem><para> - <indexterm><primary>SID</primary></indexterm> - <indexterm><primary>PDC</primary></indexterm> - <indexterm><primary>BDC</primary></indexterm> - <indexterm><primary>private/secrets.tdb</primary></indexterm> - <indexterm><primary>private/MACHINE.SID</primary></indexterm> - <indexterm><primary>domain SID</primary></indexterm> - The domain SID has to be the same on the PDC and the BDC. In Samba versions pre-2.2.5, the domain SID was - stored in the file <filename>private/MACHINE.SID</filename>. For all versions of Samba released since 2.2.5 - the domain SID is stored in the file <filename>private/secrets.tdb</filename>. This file is unique to each - server and cannot be copied from a PDC to a BDC; the BDC will generate a new SID at startup. It will overwrite - the PDC domain SID with the newly created BDC SID. There is a procedure that will allow the BDC to acquire the - domain SID. This is described here. - </para> - - <para> - <indexterm><primary>domain SID</primary></indexterm> - <indexterm><primary>PDC</primary></indexterm> - <indexterm><primary>BDC</primary></indexterm> - <indexterm><primary>secrets.tdb</primary></indexterm> - <indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>getsid</tertiary></indexterm> - To retrieve the domain SID from the PDC or an existing BDC and store it in the - <filename>secrets.tdb</filename>, execute: - </para> -<screen> -&rootprompt;<userinput>net rpc getsid</userinput> -</screen> - </listitem> - - <listitem><para> <indexterm><primary>secrets.tdb</primary></indexterm> <indexterm><primary>smbpasswd</primary></indexterm> <indexterm><primary>LDAP administration password</primary></indexterm> @@ -623,9 +513,7 @@ The creation of a BDC requires some steps to prepare the Samba server before <indexterm><primary>ssh</primary></indexterm> <indexterm><primary>LDAP</primary></indexterm> The Samba password database must be replicated from the PDC to the BDC. - Although it is possible to synchronize the <filename>smbpasswd</filename> - file with <command>rsync</command> and <command>ssh</command>, this method - is broken and flawed, and is therefore not recommended. A better solution + The solution is to set up slave LDAP servers for each BDC and a master LDAP server for the PDC. The use of rsync is inherently flawed by the fact that the data will be replicated at timed intervals. There is no guarantee that the BDC will be operating at all @@ -804,7 +692,10 @@ No. The native NT4 SAM replication protocols have not yet been fully implemented <indexterm><primary>BDC</primary></indexterm> <indexterm><primary>PDC</primary></indexterm> <indexterm><primary>logon requests</primary></indexterm> -Can I get the benefits of a BDC with Samba? Yes, but only to a Samba PDC.The +Can I get the benefits of a BDC with Samba? Yes, but only to a Samba +PDC or as a <ulink +url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 Active +Directory domain controller.</ulink> The main reason for implementing a BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to service logon requests whenever the PDC is down. @@ -812,51 +703,5 @@ the PDC is down. </sect2> -<sect2> -<title>How Do I Replicate the smbpasswd File?</title> - -<para> -<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm> -<indexterm><primary>smbpasswd</primary></indexterm> -<indexterm><primary>SAM</primary></indexterm> -Replication of the smbpasswd file is sensitive. It has to be done whenever changes -to the SAM are made. Every user's password change is done in the smbpasswd file and -has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary. -</para> - -<para> -<indexterm><primary>plaintext password</primary></indexterm> -<indexterm><primary>ssh</primary></indexterm> -<indexterm><primary>rsync</primary></indexterm> -As the smbpasswd file contains plaintext password equivalents, it must not be -sent unencrypted over the wire. The best way to set up smbpasswd replication from -the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport. -<command>ssh</command> itself can be set up to accept <emphasis>only</emphasis> -<command>rsync</command> transfer without requiring the user to type a password. -</para> - -<para> -<indexterm><primary>machine trust accounts</primary></indexterm> -<indexterm><primary>LDAP</primary></indexterm> -As said a few times before, use of this method is broken and flawed. Machine trust -accounts will go out of sync, resulting in a broken domain. This method is -<emphasis>not</emphasis> recommended. Try using LDAP instead. -</para> - -</sect2> - -<sect2> -<title>Can I Do This All with LDAP?</title> - -<para> -<indexterm><primary>pdb_ldap</primary></indexterm> -<indexterm><primary>LDAP</primary></indexterm> -The simple answer is yes. Samba's pdb_ldap code supports binding to a replica -LDAP server and will also follow referrals and rebind to the master if it ever -needs to make a modification to the database. (Normally BDCs are read-only, so -this will not occur often). -</para> - -</sect2> </sect1> </chapter> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml index 0ef2c5cc76..f6d7ba4d79 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml @@ -32,12 +32,9 @@ us fix it fast. </para> <para> -<indexterm><primary>comp.protocols.smb</primary></indexterm> -<indexterm><primary>newsgroup</primary></indexterm> <indexterm><primary>configuration problem</primary></indexterm> -If you post the bug to the comp.protocols.smb -newsgroup or the mailing list, do not assume that we will read it. If you suspect that your -problem is not a bug but a configuration problem, it is better to send +If you suspect that your +problem is not a bug but a configuration problem, it is best to send it to the Samba mailing list, as there are thousands of other users on that list who may be able to help you. </para> @@ -260,10 +257,10 @@ to catch any panics. If <command>smbd</command> seems to be frozen, look for any processes. If it is not, and appears to be spinning, find the PID of the spinning process and type: <screen> -&rootprompt; gdb /usr/local/samba/sbin/smbd +&rootprompt; gdb -p PID </screen> <indexterm><primary>spinning process</primary></indexterm> -then <quote>attach `pid'</quote> (of the spinning process), then type <quote>bt</quote> to +then type <quote>bt full</quote> to get a backtrace to see where the smbd is in the call path. </para> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml b/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml index bb05de4d11..807334eb32 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml @@ -98,9 +98,7 @@ <indexterm><primary>/etc/printcap</primary></indexterm> <indexterm><primary>Printcap</primary></indexterm> <indexterm><primary>PrintcapFormat</primary></indexterm> -Printing with CUPS in the most basic &smb.conf; setup in Samba-3.0 (as was true for 2.2.x) requires just two -parameters: <smbconfoption name="printing">cups</smbconfoption> and <smbconfoption -name="printcap">cups</smbconfoption>. CUPS does not need a printcap file. However, the +Printing with CUPS in the most basic &smb.conf; setup in Samba requires just this parameter: <smbconfoption name="printing">cups</smbconfoption>. CUPS does not need a printcap file. However, the <filename>cupsd.conf</filename> configuration file knows of two related directives that control how such a file will be automatically created and maintained by CUPS for the convenience of third-party applications (example: <parameter>Printcap /etc/printcap</parameter> and <parameter>PrintcapFormat BSD</parameter>). @@ -116,52 +114,13 @@ url="http://localhost:631/documentation.html">CUPS</ulink> web site. <para> <indexterm><primary>libcups.so</primary></indexterm> - Samba has a special relationship to CUPS. Samba can be compiled with CUPS library support. + Samba has a special relationship to CUPS, and to use CUPS Samba must be compiled with CUPS library support. Most recent installations have this support enabled. By default, CUPS linking is compiled - into smbd and other Samba binaries. Of course, you can use CUPS even - if Samba is not linked against <filename>libcups.so</filename> &smbmdash; but - there are some differences in required or supported configuration. + into smbd and other Samba binaries. The parameter + <smbconfoption name="printing">cups</smbconfoption> will only + be accepted if this is the case. </para> - <para> -<indexterm><primary>libcups</primary></indexterm> -<indexterm><primary>ldd</primary></indexterm> - When Samba is compiled and linked with <filename>libcups</filename>, <smbconfoption name="printcap">cups</smbconfoption> - uses the CUPS API to list printers, submit jobs, query queues, and so on. Otherwise it maps to the System V - commands with an additional <command>-oraw</command> option for printing. On a Linux - system, you can use the <command>ldd</command> utility to find out if smbd has been linked with the - libcups library (<command>ldd</command> may not be present on other OS platforms, or its function may be embodied - by a different command): -<screen> -&rootprompt;<userinput>ldd `which smbd`</userinput> -libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x4002d000) -libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x4005a000) -libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) -[....] -</screen> - </para> - - <para> -<indexterm><primary>libcups.so.2</primary></indexterm> - The line <computeroutput>libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000)</computeroutput> shows - there is CUPS support compiled into this version of Samba. If this is the case, and printing = cups - is set, then <emphasis>any otherwise manually set print command in &smb.conf; is ignored</emphasis>. - This is an important point to remember! - </para> - - <tip><para> Should it be necessary, for any reason, to set your own print commands, you can do this by setting - <smbconfoption name="printing">sysv</smbconfoption>. However, you will lose all the benefits - of tight CUPS-Samba integration. When you do this, you must manually configure the printing system commands - (most important: - <smbconfoption name="print command"/>; other commands are - <smbconfoption name="lppause command"/>, - <smbconfoption name="lpresume command"/>, - <smbconfoption name="lpq command"/>, - <smbconfoption name="lprm command"/>, - <smbconfoption name="queuepause command"/> and - <smbconfoption name="queue resume command"/>). - </para></tip> - </sect2> <sect2> @@ -179,7 +138,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <smbconfsection name="[global]"/> <smbconfoption name="load printers">yes</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> - <smbconfoption name="printcap name">cups</smbconfoption> <smbconfsection name="[printers]"/> <smbconfoption name="comment">All Printers</smbconfoption> @@ -188,7 +146,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <smbconfoption name="guest ok">yes</smbconfoption> <smbconfoption name="writable">no</smbconfoption> <smbconfoption name="printable">yes</smbconfoption> - <smbconfoption name="printer admin">root, @ntadmins, @smbprintadm</smbconfoption> </smbconfblock> </example> @@ -223,7 +180,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <smbconfblock> <smbconfsection name="[global]"/> <smbconfoption name="printing">cups</smbconfoption> - <smbconfoption name="printcap name">cups</smbconfoption> <smbconfoption name="load printers">yes</smbconfoption> <smbconfsection name="[printers]"/> @@ -232,7 +188,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <smbconfoption name="guest ok">yes</smbconfoption> <smbconfoption name="writable">no</smbconfoption> <smbconfoption name="printable">yes</smbconfoption> - <smbconfoption name="printer admin">root, @ntadmins, @smbprintadm</smbconfoption> <smbconfsection name="[special_printer]"/> <smbconfoption name="comment">A special printer with his own settings</smbconfoption> @@ -243,7 +198,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <smbconfoption name="guest ok">no</smbconfoption> <smbconfoption name="writable">no</smbconfoption> <smbconfoption name="printable">yes</smbconfoption> - <smbconfoption name="printer admin">kurt</smbconfoption> <smbconfoption name="hosts deny">0.0.0.0</smbconfoption> <smbconfoption name="hosts allow">turbo_xp, 10.160.50.23, 10.160.51.60</smbconfoption> </smbconfblock> @@ -251,9 +205,8 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) <para> This special share is only for testing purposes. It does not write the print job to a file. It just logs the job parameters - known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, the - <smbconfoption name="printer admin"/> of this share is <quote>kurt</quote> (not the <quote>@ntadmins</quote> group), - guest access is not allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it + known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, guest access is not + allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it allows access from only three hosts. To prevent CUPS from kicking in and taking over the print jobs for that share, we need to set <smbconfoption name="printing">sysv</smbconfoption> and <smbconfoption name="printcap">lpstat</smbconfoption>. </para> @@ -2202,18 +2155,14 @@ file <parameter>[global]</parameter> section: <smbconfblock> <smbconfoption name="printing">cups</smbconfoption> -<smbconfoption name="printcap">cups</smbconfoption> </smbconfblock> <para> When these parameters are specified, all manually set print directives (like <smbconfoption name="print command"/> or <smbconfoption name="lppause command"/>) in &smb.conf; (as well as in Samba itself) will be -ignored. Instead, Samba will directly interface with CUPS through its application program interface (API), as -long as Samba has been compiled with CUPS library (libcups) support. If Samba has not been compiled with CUPS -support, and if no other print commands are set up, then printing will use the <emphasis>System V</emphasis> -AT&T command set, with the -oraw option automatically passing through (if you want your own defined print -commands to work with a Samba server that has CUPS support compiled in, simply use <smbconfoption -name="classicalprinting">sysv</smbconfoption>). This is illustrated in <link linkend="f13small">the Printing via +ignored. Instead, Samba will directly interface with CUPS through its +application program interface (API). +This is illustrated in <link linkend="f13small">the Printing via CUPS/Samba Server diagram</link>. </para> @@ -4736,8 +4685,6 @@ For everything to work as it should, you need to have three things: <listitem><para>A Samba-&smb.conf; setting of <smbconfoption name="printing">cups</smbconfoption>.</para></listitem> - <listitem><para>Another Samba &smb.conf; setting of - <smbconfoption name="printcap">cups</smbconfoption>.</para></listitem> </itemizedlist> <note><para> @@ -4751,16 +4698,6 @@ influence whatsoever on your printing. </para></note> </sect2> -<sect2> -<title>Manual Configuration</title> - -<para> -If you want to do things manually, replace the <smbconfoption name="printing">cups</smbconfoption> -by <smbconfoption name="printing">bsd</smbconfoption>. Then your manually set commands may work -(I haven't tested this), and a <smbconfoption name="print command">lp -d %P %s; rm %s</smbconfoption> -may do what you need. -</para> -</sect2> </sect1> <sect1> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml index e4baca4033..ac866a8745 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml @@ -20,7 +20,7 @@ you can download Samba from Subversion or using <command>rsync</command>. </para> <sect1> -<title>Access Samba Source Code via Subversion</title> +<title>Access Samba Source Code via GIT</title> <sect2> @@ -28,115 +28,16 @@ you can download Samba from Subversion or using <command>rsync</command>. <para> <indexterm><primary>Subversion</primary></indexterm> -Samba is developed in an open environment. Developers use a -Subversion to <quote>checkin</quote> (also known as -<quote>commit</quote>) new source code. Samba's various Subversion branches can -be accessed via anonymous Subversion using the instructions -detailed in this chapter. -</para> - -<para> -This chapter is a modified version of the instructions found at the -<ulink noescape="1" url="http://samba.org/samba/subversion.html">Samba</ulink> Web site. +Samba is developed in an open environment. Developers use +GIT to <quote>checkin</quote> (also known as +<quote>commit</quote>) new source code. See the +<ulink noescape="1" + url="https://wiki.samba.org/index.php/Using_Git_for_Samba_Development">Using +Git for Samba Development page</ulink> in the Samba wiki. </para> </sect2> -<sect2> -<title>Subversion Access to samba.org</title> - -<para> -The machine samba.org runs a publicly accessible Subversion -repository for access to the source code of several packages, -including Samba, rsync, distcc, ccache, and jitterbug. There are two main ways -of accessing the Subversion server on this host. -</para> - -<sect3> -<title>Access via ViewCVS</title> - - -<para> -<indexterm><primary>SVN</primary><secondary>web</secondary></indexterm> -You can access the source code via your favorite WWW browser. This allows you to access -the contents of individual files in the repository and also to look at the revision -history and commit logs of individual files. You can also ask for a diff -listing between any two versions on the repository. -</para> - -<para> -Use the URL -<ulink noescape="1" url="http://viewcvs.samba.org/">http://viewcvs.samba.org/</ulink>. -</para> -</sect3> - -<sect3> -<title>Access via Subversion</title> - -<para> -<indexterm><primary>Subversion</primary></indexterm> -You can also access the source code via a normal Subversion client. This gives you much more control over what -you can do with the repository and allows you to check out whole source trees and keep them up to date via -normal Subversion commands. This is the preferred method of access if you are a developer and not just a -casual browser. -</para> - -<para>In order to be able to download the Samba sources off Subversion, you need -a Subversion client. Your distribution might include one, or you can download the -sources from <ulink noescape="1" url="http://subversion.tigris.org/">http://subversion.tigris.org/</ulink>. -</para> - -<para> -To gain access via anonymous Subversion, use the following steps. -</para> - -<procedure> - <title>Retrieving Samba using Subversion</title> - - <step> - <para> - Install a recent copy of Subversion. All you really need is a - copy of the Subversion client binary. - </para> - </step> - - <step> - <para> - Run the command - <screen> - <userinput>svn co svn://svnanon.samba.org/samba/trunk samba</userinput>. - </screen> - </para> - - <para> - This will create a directory called <filename>samba</filename> containing the - latest Samba source code (usually the branch that is going to be the next major release). This - currently corresponds to the 3.1 development tree. - </para> - - <para> - Subversion branches other then trunk can be obtained by adding branches/BRANCH_NAME to the URL you check - out. A list of branch names can be found on the <quote>Development</quote> page of the Samba Web site. A - common request is to obtain the latest 3.0 release code. This could be done by using the following command: - <screen> - <userinput>svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba_3</userinput>. - </screen> - </para> - </step> - - <step> - <para> - Whenever you want to merge in the latest code changes, use the following command from within the Samba - directory: - <screen> - <userinput>svn update</userinput> - </screen> - </para> - </step> -</procedure> - -</sect3> -</sect2> </sect1> @@ -148,9 +49,9 @@ To gain access via anonymous Subversion, use the following steps. <indexterm><primary>rsync</primary></indexterm> <indexterm><primary>ftp</primary></indexterm> <parameter>pserver.samba.org</parameter> also exports unpacked copies of most parts of the Subversion tree - at the Samba <ulink noescape="1" url="ftp://pserver.samba.org/pub/unpacked">pserver</ulink> location and also + at the Samba <ulink noescape="1" url="ftp://samba.org/pub/unpacked">unpacked</ulink> location and also via anonymous rsync at the Samba <ulink noescape="1" - url="rsync://pserver.samba.org/ftp/unpacked/">rsync</ulink> server location. I recommend using rsync rather + url="rsync://samba.org/ftp/unpacked/">rsync</ulink> server location. I recommend using rsync rather than ftp, because rsync is capable of compressing data streams, but it is also more useful than FTP because during a partial update it will transfer only the data that is missing plus a small overhead. See <ulink noescape="1" url="http://rsync.samba.org/">the rsync home page</ulink> for more info on rsync. @@ -158,7 +59,7 @@ To gain access via anonymous Subversion, use the following steps. <para> The disadvantage of the unpacked trees is that they do not support automatic - merging of local changes as Subversion does. <command>rsync</command> access is most convenient + merging of local changes as GIT does. <command>rsync</command> access is most convenient for an initial install. </para> </sect1> @@ -181,8 +82,9 @@ With that said, go ahead and download the following files: </para> <para><screen> -&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-3.0.20.tar.asc</userinput> -&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-pubkey.asc</userinput> +&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.asc</userinput> +&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.gz</userinput> +&prompt;<userinput>wget http://samba.org/samba/ftp/samba-pubkey.asc</userinput> </screen></para> @@ -195,8 +97,8 @@ PGP key itself. Import the public PGP key with: </screen> and verify the Samba source code integrity with: <screen> -&prompt;<userinput>gzip -d samba-3.0.20.tar.gz</userinput> -&prompt;<userinput>gpg --verify samba-3.0.20.tar.asc</userinput> +&prompt;<userinput>gzip -d samba-latest.tar.gz</userinput> +&prompt;<userinput>gpg --verify samba-latest.tar.asc</userinput> </screen> </para> @@ -215,28 +117,9 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> <title>Building the Binaries</title> <para> - <indexterm><primary>autogen.sh</primary></indexterm> -<indexterm><primary>configure</primary></indexterm> - After the source tarball has been unpacked, the next step involves - configuration to match Samba to your operating system platform. - If your source directory does not contain the <command>configure</command> script, - it is necessary to build it before you can continue. Building of - the configure script requires the correct version of the autoconf - tool kit. Where the necessary version of autoconf is present, - the configure script can be generated by executing the following - (please note that in Samba 3.4.x, the directory is called source3 instead - of source): -<screen> -&rootprompt; cd samba-3.0.20/source -&rootprompt; ./autogen.sh -</screen> - </para> - - - <para> <indexterm><primary>configure</primary></indexterm> To build the binaries, run the program <userinput>./configure - </userinput> in the source directory. This should automatically + </userinput> in the top level director of the source tree. This should automatically configure Samba for your operating system. If you have unusual needs, then you may wish to first run: <screen> @@ -265,30 +148,6 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> </screen> </para> - <para> - Some people prefer to install binary files and man pages separately. If this is - your wish, the binary files can be installed by executing: -<screen> -&rootprompt; <userinput>make installbin</userinput> -</screen> - The man pages can be installed using this command: -<screen> -&rootprompt; <userinput>make installman</userinput> -</screen> - </para> - - <para> - Note that if you are upgrading from a previous version of Samba the old - versions of the binaries will be renamed with an <quote>.old</quote> extension. - You can go back to the previous version by executing: -<screen> -&rootprompt; <userinput>make revert</userinput> -</screen> - As you can see from this, building and installing Samba does not need to - result in disaster! - </para> - - <sect2> <title>Compiling Samba with Active Directory Support</title> @@ -318,7 +177,7 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> <para> After you run configure, make sure that the - <filename>include/config.h</filename> it generates contain lines like this: + <filename>bin/include/config.h</filename> it generates contain lines like this: <programlisting> #define HAVE_KRB5 1 #define HAVE_LDAP 1 @@ -408,82 +267,7 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> </para> <sect2> - <title>Starting from inetd.conf</title> - - <indexterm><primary>inetd</primary></indexterm> - - <note> - <para>The following will be different if - you use NIS, NIS+, or LDAP to distribute services maps.</para> - </note> - - <para>Look at your <filename>/etc/services</filename>. - What is defined at port 139/tcp? If nothing is defined, - then add a line like this:</para> - - <para><programlisting>netbios-ssn 139/tcp</programlisting></para> - - <para>Similarly for 137/udp, you should have an entry like:</para> - - <para><programlisting>netbios-ns 137/udp</programlisting></para> - - <para> - Next, edit your <filename>/etc/inetd.conf</filename> and add two lines like this: -<programlisting> -netbios-ssn stream tcp nowait root /usr/local/samba/sbin/smbd smbd -netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd -</programlisting> - </para> - -<indexterm><primary>/etc/inetd.conf</primary></indexterm> - <para> - The exact syntax of <filename>/etc/inetd.conf</filename> - varies between UNIXes. Look at the other entries in inetd.conf - for a guide. - </para> - - <para> - <indexterm><primary>xinetd</primary></indexterm> - Some distributions use xinetd instead of inetd. Consult the - xinetd manual for configuration information. - </para> - - <note><para>Some UNIXes already have entries like netbios_ns - (note the underscore) in <filename>/etc/services</filename>. - You must edit <filename>/etc/services</filename> or - <filename>/etc/inetd.conf</filename> to make them consistent. - </para></note> - - <note><para> - <indexterm><primary>ifconfig</primary></indexterm> - On many systems you may need to use the - <smbconfoption name="interfaces"/> option in &smb.conf; to specify - the IP address and netmask of your interfaces. Run - <application>ifconfig</application> as root if you do - not know what the broadcast is for your net. &nmbd; tries - to determine it at runtime, but fails on some UNIXes. - </para></note> - - <warning><para> - Many UNIXes only accept around five parameters on the command - line in <filename>inetd.conf</filename>. This means you shouldn't - use spaces between the options and arguments, or you should use - a script and start the script from <command>inetd</command>. - </para></warning> - - <para> - Restart <application>inetd</application>, perhaps just send it a HUP, - like this: -<indexterm><primary>killall</primary></indexterm> -<screen> -&rootprompt;<userinput>killall -HUP inetd</userinput> -</screen> - </para> - - </sect2> - - <sect2> - <title>Alternative: Starting &smbd; as a Daemon</title> + <title>Starting &smbd; as a Daemon</title> <para> <indexterm><primary>daemon</primary></indexterm> @@ -520,26 +304,6 @@ netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd <sect3> <title>Starting Samba for Red Hat Linux</title> - - <para> - Red Hat Linux has not always included all Samba components in the standard installation. - So versions of Red Hat Linux do not install the winbind utility, even though it is present - on the installation CDROM media. Check to see if the <command>winbindd</command> is present - on the system: -<screen> -&rootprompt; ls /usr/sbin/winbindd -/usr/sbin/winbindd -</screen> - This means that the appropriate RPM package was installed. The following response means - that it is not installed: -<screen> -/bin/ls: /usr/sbin/winbind: No such file or directory -</screen> - In this case, it should be installed if you intend to use <command>winbindd</command>. Search - the CDROM installation media for the samba-winbind RPM and install it following Red Hat - guidelines. - </para> - <para> The process for starting Samba will now be outlined. Be sure to configure Samba's &smb.conf; file before starting Samba. When configured, start Samba by executing: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml index 951c879b49..5ea2db2641 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml @@ -130,9 +130,9 @@ configuration file is faulty. <note><para> <indexterm><primary>/etc/samba</primary></indexterm> -<indexterm><primary>/usr/local/samba/lib</primary></indexterm> +<indexterm><primary>/usr/local/samba/etc</primary></indexterm> Your &smb.conf; file may be located in <filename>/etc/samba</filename> -or in <filename>/usr/local/samba/lib</filename>. +or in <filename>/usr/local/samba/etc</filename>. </para></note> </step> @@ -431,8 +431,9 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c <orderedlist> <listitem> <para> - You have shadow passwords (or some other password system) but didn't - compile in support for them in &smbd;. + Password encryption is enabled by default, but you have not + yet set a password for your samba user. Run + <command>smbpasswd -a username</command> </para> </listitem> @@ -444,7 +445,8 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c <listitem> <para> - You have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level. + You have explicitly disabled encrypted passwords with + <smbconfoption name="encrypt passwords">no</smbconfoption> have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level. </para> </listitem> @@ -454,12 +456,6 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c </para> </listitem> -<listitem> - <para> - You enabled password encryption but didn't map UNIX to Samba users. Run - <command>smbpasswd -a username</command> - </para> -</listitem> </orderedlist> <para> @@ -544,17 +540,7 @@ and other config lines in &smb.conf; are correct. </para> <para> -It's also possible that the server can't work out what username to connect you as. -To see if this is the problem, add the line -<smbconfoption name="user">username</smbconfoption> to the -<smbconfsection name="[tmp]"/> section of -&smb.conf; where <parameter>username</parameter> is the -username corresponding to the password you typed. If you find this -fixes things, you may need the username mapping option. -</para> - -<para> -It might also be the case that your client only sends encrypted passwords +By default, most clients only sends encrypted passwords and you have <smbconfoption name="encrypt passwords">no</smbconfoption> in &smb.conf;. Change this setting to `yes' to fix this. </para> @@ -587,13 +573,9 @@ From file manager, try to browse the server. Your Samba server should appear in the browse list of your local workgroup (or the one you specified in &smb.conf;). You should be able to double-click on the name of the server and get a list of shares. If you get the error message <quote>invalid password,</quote> - you are probably running Windows NT and it -is refusing to browse a server that has no encrypted password -capability and is in user-level security mode. In this case, either set -<smbconfoption name="security">server</smbconfoption> and -<smbconfoption name="password server">Windows_NT_Machine</smbconfoption> in your -&smb.conf; file or make sure <smbconfoption name="encrypt passwords"/> is -set to <quote>yes</quote>. +your client may be refusing to browse a server that has no encrypted password +capability. In this case make sure <smbconfoption name="encrypt passwords"/> is +set to <quote>yes</quote> and repeat the steps in this gude. </para> </step> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml index d0178632ee..11f79f7e4d 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml @@ -797,72 +797,6 @@ but in most cases the following will suffice: </sect2> -<sect2> -<title>Why Is This Better Than <parameter>security = server</parameter>?</title> - -<para> -<indexterm><primary>domain security</primary></indexterm> -<indexterm><primary>UNIX users</primary></indexterm> -<indexterm><primary>authentication</primary></indexterm> -Currently, domain security in Samba does not free you from having to create local UNIX users to represent the -users attaching to your server. This means that if domain user <constant>DOM\fred</constant> attaches to your -domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file -system. This is similar to the older Samba security mode <smbconfoption -name="security">server</smbconfoption>, where Samba would pass through the authentication request to a Windows -NT server in the same way as a Windows 95 or Windows 98 server would. -</para> - -<para> -<indexterm><primary>winbind</primary></indexterm> -<indexterm><primary>UID</primary></indexterm> -<indexterm><primary>GID</primary></indexterm> -Please refer to <link linkend="winbind">Winbind: Use of Domain Accounts</link>, for information on a system -to automatically assign UNIX UIDs and GIDs to Windows NT domain users and groups. -</para> - -<para> -<indexterm><primary>domain-level</primary></indexterm> -<indexterm><primary>authentication</primary></indexterm> -<indexterm><primary>RPC</primary></indexterm> -The advantage of domain-level security is that the authentication in domain-level security is passed down the -authenticated RPC channel in exactly the same way that an NT server would do it. This means Samba servers now -participate in domain trust relationships in exactly the same way NT servers do (i.e., you can add Samba -servers into a resource domain and have the authentication passed on from a resource domain PDC to an account -domain PDC). -</para> - -<para> -<indexterm><primary>PDC</primary></indexterm> -<indexterm><primary>BDC</primary></indexterm> -<indexterm><primary>connection resources</primary></indexterm> -In addition, with <smbconfoption name="security">server</smbconfoption>, every Samba daemon on a server has to -keep a connection open to the authenticating server for as long as that daemon lasts. This can drain the -connection resources on a Microsoft NT server and cause it to run out of available connections. With -<smbconfoption name="security">domain</smbconfoption>, however, the Samba daemons connect to the PDC or BDC -only for as long as is necessary to authenticate the user and then drop the connection, thus conserving PDC -connection resources. -</para> - -<para> -<indexterm><primary>PDC</primary></indexterm> -<indexterm><primary>authentication reply</primary></indexterm> -<indexterm><primary>SID</primary></indexterm> -<indexterm><primary>NT groups</primary></indexterm> -Finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the -authentication reply, the Samba server gets the user identification information such as the user SID, the list -of NT groups the user belongs to, and so on. -</para> - -<note> -<para> -Much of the text of this document was first published in the Web magazine -<ulink url="http://www.linuxworld.com"><emphasis>LinuxWorld</emphasis></ulink> as the article <ulink -url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"/> -<emphasis>Doing the NIS/NT Samba</emphasis>. -</para> -</note> - -</sect2> </sect1> <sect1 id="ads-member"> @@ -979,11 +913,7 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat <screen> [libdefaults] default_realm = YOUR.KERBEROS.REALM - -[realms] - YOUR.KERBEROS.REALM = { - kdc = your.kerberos.server - } + dns_lookup_kdc = true [domain_realms] .kerberos.server = YOUR.KERBEROS.REALM @@ -991,13 +921,10 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat </para> <para> -<indexterm><primary>Heimdal</primary></indexterm> -When using Heimdal versions before 0.6, use the following configuration settings: +If you must specify the KDC directly, the minimal configuration is: <screen> [libdefaults] default_realm = YOUR.KERBEROS.REALM - default_etypes = des-cbc-crc des-cbc-md5 - default_etypes_des = des-cbc-crc des-cbc-md5 [realms] YOUR.KERBEROS.REALM = { @@ -1017,19 +944,6 @@ Test your config by doing a <userinput>kinit making sure that your password is accepted by the Win2000 KDC. </para> -<para> -<indexterm><primary>Heimdal</primary></indexterm> -<indexterm><primary>ADS</primary></indexterm> -<indexterm><primary>KDC</primary></indexterm> -<indexterm><primary>Windows 2003</primary></indexterm> -With Heimdal versions earlier than 0.6.x you can use only newly created accounts -in ADS or accounts that have had the password changed once after migration, or -in case of <constant>Administrator</constant> after installation. At the -moment, a Windows 2003 KDC can only be used with Heimdal releases later than 0.6 -(and no default etypes in krb5.conf). Unfortunately, this whole area is still -in a state of flux. -</para> - <note><para> <indexterm><primary>realm</primary></indexterm> <indexterm><primary>uppercase</primary></indexterm> @@ -1055,25 +969,6 @@ Clock skew limits are configurable in the Kerberos protocols. The default settin </para> <para> -<indexterm><primary>DNS</primary></indexterm> -<indexterm><primary>KDC</primary></indexterm> -<indexterm><primary>hostname</primary></indexterm> -<indexterm><primary>realm</primary></indexterm> -You also must ensure that you can do a reverse DNS lookup on the IP address of your KDC. Also, the name that -this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain -attached) or it can be the NetBIOS name followed by the realm. -</para> - -<para> -<indexterm><primary>/etc/hosts</primary></indexterm> -<indexterm><primary>KDC</primary></indexterm> -<indexterm><primary>realm</primary></indexterm> -The easiest way to ensure you get this right is to add a <filename>/etc/hosts</filename> entry mapping the IP -address of your KDC to its NetBIOS name. If you do not get this correct, then you will get a <errorname>local -error</errorname> when you try to join the realm. -</para> - -<para> <indexterm><primary>Kerberos</primary></indexterm> <indexterm><primary>Create the Computer Account</primary></indexterm> <indexterm><primary>Testing Server Setup</primary></indexterm> @@ -1160,15 +1055,6 @@ name, it may need to be quadrupled to pass through the shell escape and ldap esc <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>. <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain. </para></listitem></varlistentry> - - <varlistentry><term>Unsupported encryption/or checksum types</term> - <listitem><para> - <indexterm><primary>/etc/krb5.conf</primary></indexterm> - <indexterm><primary>unsupported encryption</primary></indexterm> - <indexterm><primary>Kerberos</primary></indexterm> - Make sure that the <filename>/etc/krb5.conf</filename> is correctly configured - for the type and version of Kerberos installed on the system. - </para></listitem></varlistentry> </variablelist> </para> @@ -1220,27 +1106,6 @@ specify the <option>-k</option> option to choose Kerberos authentication. </para> </sect2> - -<sect2> -<title>Notes</title> - -<para> -<indexterm><primary>administrator password</primary></indexterm> -<indexterm><primary>change password</primary></indexterm> -<indexterm><primary>encryption types</primary></indexterm> -You must change the administrator password at least once after installing a domain controller, -to create the right encryption types. -</para> - -<para> -<indexterm><primary>_kerberos._udp</primary></indexterm> -<indexterm><primary>_ldap._tcp</primary></indexterm> -<indexterm><primary>default DNS setup</primary></indexterm> -Windows 200x does not seem to create the <parameter>_kerberos._udp</parameter> and -<parameter>_ldap._tcp</parameter> in the default DNS setup. Perhaps this will be fixed later in service packs. -</para> - -</sect2> </sect1> <sect1> @@ -1400,24 +1265,5 @@ account to which the Samba backend database account can be mapped. </para> </sect2> - -<sect2> - <title>I Can't Join a Windows 2003 PDC</title> - - <para> -<indexterm><primary>SMB signing</primary></indexterm> -<indexterm><primary>SMB</primary></indexterm> -<indexterm><primary>Windows 2003</primary></indexterm> -<indexterm><primary>SMB/CIFS</primary></indexterm> - Windows 2003 requires SMB signing. Client-side SMB signing has been implemented in Samba-3.0. - Set <smbconfoption name="client use spnego">yes</smbconfoption> when communicating - with a Windows 2003 server. This will not interfere with other Windows clients that do not - support the more advanced security features of Windows 2003 because the client will simply - negotiate a protocol that both it and the server suppport. This is a well-known fall-back facility - that is built into the SMB/CIFS protocols. - </para> - -</sect2> - </sect1> </chapter> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml index 517bb0f7c3..13a212b385 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml @@ -182,7 +182,8 @@ of the packages that are provided by the operating system vendor or through othe <smbconfsection name="[global]"/> <smbconfoption name="workgroup">MIDEARTH</smbconfoption> <smbconfoption name="netbios name">HOBBIT</smbconfoption> -<smbconfoption name="security">share</smbconfoption> +<smbconfoption name="security">user</smbconfoption> +<smbconfoption name="map to guest">bad user</smbconfoption> <smbconfsection name="[data]"/> <smbconfoption name="comment">Data</smbconfoption> @@ -220,7 +221,8 @@ Press enter to see a dump of your service definitions [global] workgroup = MIDEARTH netbios name = HOBBIT - security = share + security = user + map to guest = bad user [data] comment = Data @@ -286,7 +288,8 @@ Added user jackb. <smbconfsection name="[global]"/> <smbconfoption name="workgroup">MIDEARTH</smbconfoption> <smbconfoption name="netbios name">HOBBIT</smbconfoption> -<smbconfoption name="security">SHARE</smbconfoption> +<smbconfoption name="security">USER</smbconfoption> +<smbconfoption name="map to guest">bad user</smbconfoption> <smbconfsection name="[data]"/> <smbconfoption name="comment">Data</smbconfoption> @@ -340,10 +343,7 @@ Added user jackb. <smbconfsection name="[global]"/> <smbconfoption name="workgroup">MIDEARTH</smbconfoption> <smbconfoption name="netbios name">LUTHIEN</smbconfoption> -<smbconfoption name="security">share</smbconfoption> -<smbconfoption name="printcap name">cups</smbconfoption> -<smbconfoption name="disable spoolss">Yes</smbconfoption> -<smbconfoption name="show add printer wizard">No</smbconfoption> +<smbconfoption name="security">user</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> <smbconfsection name="[printers]"/> @@ -444,10 +444,8 @@ Added user jackb. is the default, and for which the default is to store Microsoft Windows-compatible encrypted passwords in a file called <filename>/etc/samba/smbpasswd</filename>. The default &smb.conf; entry that makes this happen is - <smbconfoption name="passdb backend">smbpasswd, guest</smbconfoption>. Since this is the default, - it is not necessary to enter it into the configuration file. Note that the guest backend is - added to the list of active passdb backends no matter whether it specified directly in Samba configuration - file or not. + <smbconfoption name="passdb backend">smbpasswd</smbconfoption>. Since this is the default, + it is not necessary to enter it into the configuration file. </para> @@ -474,8 +472,6 @@ Added user jackb. <smbconfsection name="[global]"/> <smbconfoption name="workgroup">MIDEARTH</smbconfoption> <smbconfoption name="netbios name">OLORIN</smbconfoption> -<smbconfoption name="printcap name">cups</smbconfoption> -<smbconfoption name="disable spoolss">Yes</smbconfoption> <smbconfoption name="show add printer wizard">No</smbconfoption> <smbconfoption name="printing">cups</smbconfoption> @@ -495,7 +491,6 @@ Added user jackb. <smbconfsection name="[printers]"/> <smbconfoption name="comment">All Printers</smbconfoption> <smbconfoption name="path">/var/spool/samba</smbconfoption> -<smbconfoption name="printer admin">root, maryo</smbconfoption> <smbconfoption name="create mask">0600</smbconfoption> <smbconfoption name="guest ok">Yes</smbconfoption> <smbconfoption name="printable">Yes</smbconfoption> @@ -729,7 +724,6 @@ smb: \> <userinput>q</userinput> <smbconfsection name="[printers]"/> <smbconfoption name="comment">All Printers</smbconfoption> <smbconfoption name="path">/var/spool/samba</smbconfoption> -<smbconfoption name="printer admin">root, maryo</smbconfoption> <smbconfoption name="create mask">0600</smbconfoption> <smbconfoption name="guest ok">Yes</smbconfoption> <smbconfoption name="printable">Yes</smbconfoption> @@ -961,7 +955,6 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false <smbconfsection name="[printers]"/> <smbconfoption name="comment">All Printers</smbconfoption> <smbconfoption name="path">/var/spool/samba</smbconfoption> -<smbconfoption name="printer admin">root, maryo</smbconfoption> <smbconfoption name="create mask">0600</smbconfoption> <smbconfoption name="guest ok">Yes</smbconfoption> <smbconfoption name="printable">Yes</smbconfoption> @@ -971,7 +964,6 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false <smbconfoption name="comment">Printer Drivers Share</smbconfoption> <smbconfoption name="path">/var/lib/samba/drivers</smbconfoption> <smbconfoption name="write list">maryo, root</smbconfoption> -<smbconfoption name="printer admin">maryo, root</smbconfoption> <smbconfcomment>Needed to support domain logons</smbconfcomment> <smbconfsection name="[netlogon]"/> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml b/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml index f590334ebe..89bdec7f6d 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml @@ -595,7 +595,6 @@ Join to domain 'MEGANET2' is not valid <smbconfoption name="idmap gid">500-10000000</smbconfoption> <smbconfoption name="winbind use default domain">Yes</smbconfoption> <smbconfoption name="winbind nested groups">Yes</smbconfoption> -<smbconfoption name="printer admin">"BUTTERNET\Domain Admins"</smbconfoption> </smbconfblock> </example> @@ -728,7 +727,6 @@ Join to domain is not valid <smbconfoption name="winbind enum users">No</smbconfoption> <smbconfoption name="winbind enum groups">No</smbconfoption> <smbconfoption name="winbind nested groups">Yes</smbconfoption> -<smbconfoption name="printer admin">"Domain Admins"</smbconfoption> </smbconfblock> </example> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml index 673ba93deb..88e0ed8e13 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml @@ -657,24 +657,8 @@ The following questions and issues are raised repeatedly on the Samba mailing li </para> <para> - &winbindd; will run as one or two daemons, depending on whether or not it is being - run in <emphasis>split mode</emphasis> (in which case there will be two instances). - </para> - - </sect2> - - <sect2> - <title>Error Message: open_oplock_ipc</title> - - <para> - An error message is observed in the log files when &smbd; is started: <quote>open_oplock_ipc: Failed to - get local UDP socket for address 100007f. Error was Cannot assign requested.</quote> - </para> - - <para> - Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback - device is an internal (virtual) network device with the IP address <emphasis>127.0.0.1</emphasis>. - Read your OS documentation for details on how to configure the loopback on your system. + &winbindd; will run as many processes depending in part on how many + domains it needs to contact. </para> </sect2> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml deleted file mode 100644 index 94c3fcc81a..0000000000 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml +++ /dev/null @@ -1,351 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<chapter id="Other-Clients"> -<chapterinfo> - &author.jelmer; - &author.jht; - &author.danshearer; - <author>&person.jmcd;<contrib>OS/2</contrib></author> - <pubdate>5 Mar 2001</pubdate> -</chapterinfo> - -<title>Samba and Other CIFS Clients</title> - -<para>This chapter contains client-specific information.</para> - -<sect1> -<title>Macintosh Clients</title> - -<para> -<indexterm><primary>DAVE</primary></indexterm> -Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS client/server called <ulink -url="http://www.thursby.com/products/dave.html">DAVE</ulink>. They test it against Windows 95, Windows -NT/200x/XP, and Samba for compatibility issues. At the time of this writing, DAVE was at version 5.1. Please -refer to Thursby's Web site for more information regarding this product. -</para> - -<para> -<indexterm><primary>Netatalk</primary></indexterm> -<indexterm><primary>CAP</primary></indexterm> -Alternatives include two free implementations of AppleTalk for several kinds of UNIX machines and several more -commercial ones. These products allow you to run file services and print services natively to Macintosh -users, with no additional support required on the Macintosh. The two free implementations are <ulink -url="http://www.umich.edu/~rsug/netatalk/">Netatalk</ulink> and <ulink -url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP</ulink>. What Samba offers MS Windows users, these -packages offer to Macs. For more info on these packages, Samba, and Linux (and other UNIX-based systems), see -<ulink noescape="1" url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html.</ulink> -</para> - -<para>Newer versions of the Macintosh (Mac OS X) include Samba.</para> - -</sect1> - -<sect1> -<title>OS2 Client</title> - - <sect2> - <title>Configuring OS/2 Warp Connect or OS/2 Warp 4</title> - - <para>Basically, you need three components:</para> - - <itemizedlist> - <listitem><para>The File and Print Client (IBM peer)</para></listitem> - <listitem><para>TCP/IP (Internet support) </para></listitem> - <listitem><para>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</para></listitem> - </itemizedlist> - - <para>Installing the first two together with the base operating - system on a blank system is explained in the Warp manual. If Warp - has already been installed, but you now want to install the - networking support, use the <quote>Selective Install for Networking</quote> - object in the <quote>System Setup</quote> folder.</para> - - <para>Adding the <quote>NetBIOS over TCP/IP</quote> driver is not described - in the manual and just barely in the online documentation. Start - <command>MPTS.EXE</command>, click on <guiicon>OK</guiicon>, click on <guimenu>Configure LAPS</guimenu>, and click - on <guimenu>IBM OS/2 NETBIOS OVER TCP/IP</guimenu> in <guilabel>Protocols</guilabel>. This line - is then moved to <guilabel>Current Configuration</guilabel>. Select that line, - click on <guimenuitem>Change number</guimenuitem>, and increase it from 0 to 1. Save this - configuration.</para> - - <para>If the Samba server is not on your local subnet, you - can optionally add IP names and addresses of these servers - to the <guimenu>Names List</guimenu> or specify a WINS server (NetBIOS - Nameserver in IBM and RFC terminology). For Warp Connect, you - may need to download an update for <constant>IBM Peer</constant> to bring it on - the same level as Warp 4. See the IBM OS/2 Warp Web page</para> - </sect2> - - <sect2> - <title>Configuring Other Versions of OS/2</title> - - <para>This sections deals with configuring OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x.</para> - - <para>You can use the free Microsoft LAN Manager 2.2c Client for OS/2 that is - available from - <ulink noescape="1" url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"> - ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>. In a nutshell, edit - the file <filename>\OS2VER</filename> in the root directory of the OS/2 boot partition and add the lines:</para> - - <para><programlisting> - 20=setup.exe - 20=netwksta.sys - 20=netvdd.sys - </programlisting></para> - - <para>before you install the client. Also, do not use the included NE2000 driver because it is buggy. - Try the NE2000 or NS2000 driver from <ulink noescape="1" url="ftp://ftp.cdrom.com/pub/os2/network/ndis/"> - ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead. - </para> - </sect2> - - <sect2> - <title>Printer Driver Download for OS/2 Clients</title> - - <para>Create a share called <smbconfsection name="[PRINTDRV]"/> that is - world-readable. Copy your OS/2 driver files there. The <filename>.EA_</filename> - files must still be separate, so you will need to use the original install files - and not copy an installed driver from an OS/2 system.</para> - - <para>Install the NT driver first for that printer. Then, add to your &smb.conf; a parameter, - <smbconfoption name="os2 driver map"><replaceable>filename</replaceable></smbconfoption>. - Next, in the file specified by <replaceable>filename</replaceable>, map the - name of the NT driver name to the OS/2 driver name as follows:</para> - - <para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.,</para> - - <para><parameter> - HP LaserJet 5L = LASERJET.HP LaserJet 5L</parameter></para> - - <para>You can have multiple drivers mapped in this file.</para> - - <para>If you only specify the OS/2 driver name, and not the - device name, the first attempt to download the driver will - actually download the files, but the OS/2 client will tell - you the driver is not available. On the second attempt, it - will work. This is fixed simply by adding the device name - to the mapping, after which it will work on the first attempt. - </para> - </sect2> -</sect1> - -<sect1> -<title>Windows for Workgroups</title> - -<sect2> -<title>Latest TCP/IP Stack from Microsoft</title> - -<para>Use the latest TCP/IP stack from Microsoft if you use Windows -for Workgroups. The early TCP/IP stacks had lots of bugs.</para> - -<para> -Microsoft has released an incremental upgrade to its TCP/IP 32-bit VxD drivers. The latest release can be -found at ftp.microsoft.com, located in <filename>/Softlib/MSLFILES/TCP32B.EXE</filename>. There is an -update.txt file there that describes the problems that were fixed. New files include -<filename>WINSOCK.DLL</filename>, <filename>TELNET.EXE</filename>, <filename>WSOCK.386</filename>, -<filename>VNBT.386</filename>, <filename>WSTCP.386</filename>, <filename>TRACERT.EXE</filename>, -<filename>NETSTAT.EXE</filename>, and <filename>NBTSTAT.EXE</filename>. -</para> - -<para> -More information about this patch is available in <ulink -url="http://support.microsoft.com/kb/q99891/">Knowledge Base article 99891</ulink>. -</para> - -</sect2> - -<sect2> -<title>Delete .pwl Files After Password Change</title> - -<para> -Windows for Workgroups does a lousy job with passwords. When you change passwords on either -the UNIX box or the PC, the safest thing to do is delete the .pwl files in the Windows -directory. The PC will complain about not finding the files, but will soon get over it, -allowing you to enter the new password. -</para> - -<para> -If you do not do this, you may find that Windows for Workgroups remembers and uses the old -password, even if you told it a new one. -</para> - -<para> -Often Windows for Workgroups will totally ignore a password you give it in a dialog box. -</para> - -</sect2> - -<sect2> -<title>Configuring Windows for Workgroups Password Handling</title> - -<para> -<indexterm><primary>admincfg.exe</primary></indexterm> -There is a program call <filename>admincfg.exe</filename> on the last disk (disk 8) of the WFW 3.11 disk set. -To install it, type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>. Then add an icon -for it via the <application>Program Manager</application> <guimenu>New</guimenu> menu. This program allows -you to control how WFW handles passwords, Disable Password Caching and so on, for use with <smbconfoption -name="security">user</smbconfoption>. -</para> - -</sect2> - -<sect2> -<title>Password Case Sensitivity</title> - -<para>Windows for Workgroups uppercases the password before sending it to the server. -UNIX passwords can be case-sensitive though. Check the &smb.conf; information on -<smbconfoption name="password level"/> to specify what characters -Samba should try to uppercase when checking.</para> - -</sect2> - -<sect2> -<title>Use TCP/IP as Default Protocol</title> - -<para>To support print queue reporting, you may find -that you have to use TCP/IP as the default protocol under -Windows for Workgroups. For some reason, if you leave NetBEUI as the default, -it may break the print queue reporting on some systems. -It is presumably a Windows for Workgroups bug.</para> - -</sect2> - -<sect2 id="speedimpr"> -<title>Speed Improvement</title> - -<para> -Note that some people have found that setting <parameter>DefaultRcvWindow</parameter> in -the <smbconfsection name="[MSTCP]"/> section of the -<filename>SYSTEM.INI</filename> file under Windows for Workgroups to 3072 gives a -big improvement. -</para> - -<para> -My own experience with DefaultRcvWindow is that I get a much better -performance with a large value (16384 or larger). Other people have -reported that anything over 3072 slows things down enormously. One -person even reported a speed drop of a factor of 30 when he went from -3072 to 8192. -</para> -</sect2> -</sect1> - -<sect1> -<title>Windows 95/98</title> - -<para> -When using Windows 95 OEM SR2, the following updates are recommended where Samba -is being used. Please note that the changes documented in -<link linkend="speedimpr">Speed Improvement</link> will affect you once these -updates have been installed. -</para> - -<para> -There are more updates than the ones mentioned here. Refer to the -Microsoft Web site for all currently available updates to your specific version -of Windows 95. -</para> - -<simplelist> -<member>Kernel Update: KRNLUPD.EXE</member> -<member>Ping Fix: PINGUPD.EXE</member> -<member>RPC Update: RPCRTUPD.EXE</member> -<member>TCP/IP Update: VIPUPD.EXE</member> -<member>Redirector Update: VRDRUPD.EXE</member> -</simplelist> - -<para> -Also, if using <application>MS Outlook,</application> it is desirable to -install the <command>OLEUPD.EXE</command> fix. This -fix may stop your machine from hanging for an extended period when exiting -Outlook, and you may notice a significant speedup when accessing network -neighborhood services. -</para> - -<sect2> -<title>Speed Improvement</title> - -<para> -Configure the Windows 95 TCP/IP registry settings to give better -performance. I use a program called <command>MTUSPEED.exe</command> that I got off the -Internet. There are various other utilities of this type freely available. -</para> - -</sect2> - -</sect1> - -<sect1> -<title>Windows 2000 Service Pack 2</title> - -<para> -There are several annoyances with Windows 2000 SP2, one of which -only appears when using a Samba server to host user profiles -to Windows 2000 SP2 clients in a Windows domain. This assumes -that Samba is a member of the domain, but the problem will -most likely occur if it is not. -</para> - -<para> -In order to serve profiles successfully to Windows 2000 SP2 -clients (when not operating as a PDC), Samba must have -<smbconfoption name="nt acl support">no</smbconfoption> -added to the file share that houses the roaming profiles. -If this is not done, then the Windows 2000 SP2 client will -complain about not being able to access the profile (Access -Denied) and create multiple copies of it on disk (DOMAIN.user.001, -DOMAIN.user.002, and so on). See the &smb.conf; man page -for more details on this option. Also note that the -<smbconfoption name="nt acl support"/> parameter was formally a global parameter in -releases prior to Samba 2.2.2. -</para> - -<para> -<link linkend="minimalprofile">Following example</link> provides a minimal profile share. -</para> - -<example id="minimalprofile"> -<title>Minimal Profile Share</title> -<smbconfblock> -<smbconfsection name="[profile]"/> -<smbconfoption name="path">/export/profile</smbconfoption> -<smbconfoption name="create mask">0600</smbconfoption> -<smbconfoption name="directory mask">0700</smbconfoption> -<smbconfoption name="nt acl support">no</smbconfoption> -<smbconfoption name="read only">no</smbconfoption> -</smbconfblock> -</example> - -<para> -The reason for this bug is that the Windows 200x SP2 client copies -the security descriptor for the profile that contains -the Samba server's SID, and not the domain SID. The client -compares the SID for SAMBA\user and realizes it is -different from the one assigned to DOMAIN\user; hence, -<errorname>access denied</errorname> message. -</para> - -<para> -When the <smbconfoption name="nt acl support"/> parameter is disabled, Samba will send -the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client -to set a default ACL for the profile. This default ACL includes: -</para> - -<para><emphasis>DOMAIN\user <quote>Full Control</quote></emphasis>></para> - -<note><para>This bug does not occur when using Winbind to -create accounts on the Samba host for Domain users.</para></note> - -</sect1> - -<sect1> -<title>Windows NT 3.1</title> - -<para>If you have problems communicating across routers with Windows -NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article:</ulink>. - -</para> - -</sect1> - -</chapter> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml index a2461b72e9..2b12e11f19 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml @@ -144,15 +144,17 @@ account). Refer to <link linkend="domain-member">Domain Membership</link> for mo </para></note> <para> -The following functionalities are new to the Samba-3 release: +The following functionalities are an overview of some of the features +in the Samba-4 release: </para> <itemizedlist> <listitem><para> <indexterm><primary>account</primary><secondary>backend</secondary></indexterm> - Samba-3 supports the use of a choice of backends that may be used in which user, group and machine - accounts may be stored. Multiple passwd backends can be used in combination, either as additive backend - data sets, or as fail-over data sets. + Samba-4 supports the use of a choice of backends that may be used in which user, group and machine + accounts may be stored, but only when acting as a classic + (NT4) domain controller, + but not when it is acting as an Active Directory Domain Controller. </para> <para> @@ -162,16 +164,20 @@ The following functionalities are new to the Samba-3 release: <indexterm><primary>scalability</primary></indexterm> <indexterm><primary>reliability</primary></indexterm> An LDAP passdb backend confers the benefit that the account backend can be distributed and replicated, - which is of great value because it confers scalability and provides a high degree of reliability. + which is of great value because it confers scalability and + provides a high degree of reliability. This may be used when + Samba-4 is acting as an classic (NT4-like) domain controller, + but not when it is acting as an Active Directory Domain Controller. </para></listitem> <listitem><para> <indexterm><primary>interdomain</primary><secondary>trust</secondary><tertiary>account</tertiary></indexterm> <indexterm><primary>trust account</primary><secondary>interdomain</secondary></indexterm> <indexterm><primary>interoperability</primary></indexterm> - Windows NT4 domain trusts. Samba-3 supports workstation and server (machine) trust accounts. It also + Windows NT4 domain trusts. Samba-4 supports workstation and server (machine) trust accounts. It also supports Windows NT4 style interdomain trust accounts, which further assists in network scalability - and interoperability. + and interoperability, but only when itself is an classic + (NT4-like) domain controller. </para></listitem> <listitem><para> @@ -182,7 +188,8 @@ The following functionalities are new to the Samba-3 release: <indexterm><primary>domain</primary><secondary>controller</secondary></indexterm> <indexterm><primary>network</primary><secondary>browsing</secondary></indexterm> Operation without NetBIOS over TCP/IP, rather using the raw SMB over TCP/IP. Note, this is feasible - only when operating as a Microsoft active directory domain member server. When acting as a Samba domain + only when operating as a Microsoft active directory domain + member server. When acting as a Samba classic (NT4-like) domain controller the use of NetBIOS is necessary to provide network browsing support. </para></listitem> @@ -190,26 +197,34 @@ The following functionalities are new to the Samba-3 release: <indexterm><primary>WINS</primary></indexterm> <indexterm><primary>TCP port</primary></indexterm> <indexterm><primary>session services</primary></indexterm> - Samba-3 provides NetBIOS name services (WINS), NetBIOS over TCP/IP (TCP port 139) session services, SMB over + Samba-4 provides NetBIOS name services (WINS), NetBIOS over TCP/IP (TCP port 139) session services, SMB over TCP/IP (TCP port 445) session services, and Microsoft compatible ONC DCE RPC services (TCP port 135) services. </para></listitem> + <listitem><para> - <indexterm><primary>Nexus.exe</primary></indexterm> - Management of users and groups via the User Manager for Domains. This can be done on any MS Windows client - using the <filename>Nexus.exe</filename> toolkit for Windows 9x/Me, or using the SRVTOOLS.EXE package for MS - Windows NT4/200x/XP platforms. These packages are available from Microsoft's Web site. + <indexterm><primary>kerberos</primary></indexterm> + <indexterm><primary>active directory</primary></indexterm> + Acting as a Windows 2000 active directory domain controller + (i.e., Kerberos and Active Directory). </para></listitem> <listitem><para> - Implements full Unicode support. This simplifies cross-locale internationalization support. It also opens up - the use of protocols that Samba-2.2.x had but could not use due to the need to fully support Unicode. + <indexterm><primary>MMC</primary></indexterm> + <indexterm><primary>SVRTOOLS.EXE</primary></indexterm> + <indexterm><primary>Microsoft management console</primary><see>MMC</see></indexterm> + The Windows 200x/XP Microsoft Management Console (MMC) can be + used to manage a Samba-4 server, when it is an Active + Directory Domain Controller. When acting as a classic (NT4) + domain controller, you + can use only the MS Windows NT4 Domain Server Manager and the MS Windows NT4 Domain User Manager. Both are + part of the SVRTOOLS.EXE package mentioned later. </para></listitem> </itemizedlist> <para> -The following functionalities are not provided by Samba-3: +The following functionalities are not provided by Samba-4: </para> <itemizedlist> @@ -217,40 +232,13 @@ The following functionalities are not provided by Samba-3: <indexterm><primary>SAM</primary></indexterm> <indexterm><primary>replication</primary></indexterm> SAM replication with Windows NT4 domain controllers (i.e., a Samba PDC and a Windows NT BDC, or vice versa). - This means Samba cannot operate as a BDC when the PDC is Microsoft-based Windows NT PDC. Samba-3 can not + This means Samba cannot operate as a BDC when the PDC is Microsoft-based Windows NT PDC. Samba-4 can not participate in replication of account data to Windows PDCs and BDCs. </para></listitem> - <listitem><para> - <indexterm><primary>kerberos</primary></indexterm> - <indexterm><primary>active directory</primary></indexterm> - Acting as a Windows 2000 active directory domain controller (i.e., Kerberos and Active Directory). In point of - fact, Samba-3 does have some Active Directory domain control ability that is at this time purely experimental. - Active directory domain control is one of the features that is being developed in Samba-4, the next - generation Samba release. At this time there are no plans to enable active directory domain control - support during the Samba-3 series life-cycle. - </para></listitem> - - <listitem><para> - <indexterm><primary>MMC</primary></indexterm> - <indexterm><primary>SVRTOOLS.EXE</primary></indexterm> - <indexterm><primary>Microsoft management console</primary><see>MMC</see></indexterm> - The Windows 200x/XP Microsoft Management Console (MMC) cannot be used to manage a Samba-3 server. For this you - can use only the MS Windows NT4 Domain Server Manager and the MS Windows NT4 Domain User Manager. Both are - part of the SVRTOOLS.EXE package mentioned later. - </para></listitem> </itemizedlist> <para> -<indexterm><primary>Windows XP Home edition</primary></indexterm> -<indexterm><primary>LanMan</primary></indexterm> -Windows 9x/Me/XP Home clients are not true members of a domain for reasons outlined in this chapter. The -protocol for support of Windows 9x/Me-style network (domain) logons is completely different from NT4/Windows -200x-type domain logons and has been officially supported for some time. These clients use the old LanMan -network logon facilities that are supported in Samba since approximately the Samba-1.9.15 series. -</para> - -<para> <indexterm><primary>group</primary><secondary>mapping</secondary></indexterm> Samba-3 implements group mapping between Windows NT groups and UNIX groups (this is really quite complicated to explain in a short space). This is discussed more fully in <link linkend="groupmapping">Group Mapping: MS @@ -261,10 +249,9 @@ Windows and UNIX</link>. <indexterm><primary>machine trust account</primary></indexterm> <indexterm><primary>trust account</primary><secondary>machine</secondary></indexterm> <indexterm><primary>machine account</primary></indexterm> -Samba-3, like an MS Windows NT4 PDC or a Windows 200x Active Directory, needs to store user and Machine Trust +Samba-4, like an MS Windows NT4 PDC or a Windows 200x Active Directory, needs to store user and Machine Trust Account information in a suitable backend data-store. Refer to <link linkend="machine-trust-accounts">MS -Windows Workstation/Server Machine Trust Accounts</link>. With Samba-3 there can be multiple backends for -this. A complete discussion of account database backends can be found in <link linkend="passdb">Account +Windows Workstation/Server Machine Trust Accounts</link>. A complete discussion of account database backends can be found in <link linkend="passdb">Account Information Databases</link>. </para> @@ -322,7 +309,7 @@ Ideally, the implementation of SSO should reduce complexity and reduce administa The initial goal of many network administrators is often to create and use a centralized identity management system. It is often assumed that such a centralized system will use a single authentication infrastructure that can be used by all information systems. The Microsoft Windows NT4 security domain architecture and the -Micrsoft active directory service are often put forward as the ideal foundation for such a system. It is +Microsoft active directory service are often put forward as the ideal foundation for such a system. It is conceptually simple to install an external authentication agent on each of the disparate infromation systems that can then use the Microsoft (NT4 domain or ads service) for user authentication and access control. The wonderful dream of a single centralized authentication service is commonly broken when realities are realized. @@ -433,7 +420,9 @@ user and group identity information can be distributed makes it an an unavoidabl <indexterm><primary>BDC</primary></indexterm> <indexterm><primary>LDAP</primary></indexterm> <indexterm><primary>e-Directory</primary></indexterm> -At this time, the use of Samba based BDCs, necessitates the use of LDAP. The most commonly used LDAP +At this time, the use of Samba based BDCs, necessitates the use of +either the Samba-4 Active Directory Domain controller or, for classic +(NT4-like)domains an LDAP backend. The most commonly used LDAP implementation used by Samba sites is OpenLDAP. It is possible to use any standards compliant LDAP server. Those known to work includes those manufactured by: IBM, CA, Novell (e-Directory), and others. </para> @@ -476,30 +465,26 @@ dictates that the entire infrastructure needs to be balanced. It is advisable to <indexterm><primary>BDC</primary></indexterm> <indexterm><primary>authenticatior</primary></indexterm> <indexterm><primary>synchronization</primary></indexterm> +<indexterm><primary>FSMO</primary></indexterm> +<indexterm><primary>Flexible Single Master Operator</primary><see>FSMO</see></indexterm> <indexterm><primary>Security Account Manager</primary><see>SAM</see></indexterm> In the case of MS Windows NT4-style domains, it is the PDC that initiates a new domain control database. This forms a part of the Windows registry called the Security Account Manager (SAM). It plays a key part in NT4-type domain user authentication and in synchronization of the domain authentication -database with BDCs. -</para> - -<para> -<indexterm><primary>domain</primary><secondary>controller</secondary><tertiary>hierarchy</tertiary></indexterm> -<indexterm><primary>LDAP</primary></indexterm> -<indexterm><primary>account</primary><secondary>backend</secondary></indexterm> -<indexterm><primary>machine account</primary></indexterm> -With MS Windows 200x Server-based Active Directory domains, one domain controller initiates a potential -hierarchy of domain controllers, each with its own area of delegated control. The master domain -controller has the ability to override any downstream controller, but a downline controller has -control only over its downline. With Samba-3, this functionality can be implemented using an -LDAP-based user and machine account backend. +database with BDCs. With Active Directory domains, while some servers +may be a Flexible Single Master Operator (FSMO) role owner (and +therefore hold the monopoly for certain operations), it is in general +a distributed, multi-master replicated directory. </para> <para> <indexterm><primary>backend database</primary></indexterm> <indexterm><primary>registry</primary></indexterm> -New to Samba-3 is the ability to use a backend database that holds the same type of data as the NT4-style SAM -database (one of the registry files)<footnote><para>See also <link linkend="passdb">Account Information +Samba-4 can use a backend database that holds the same type of data as the NT4-style SAM +database (one of the registry files). For BDC/BDC operations in a +classic domain, this functionality can be implemented using an +LDAP-based user and machine account backend. The Samba-4 Active +Directory Domain controller implements the required storage internally.<footnote><para>See also <link linkend="passdb">Account Information Databases</link>.</para></footnote> </para> @@ -547,13 +532,6 @@ time choices offered are: has its own authentication database, and plays no role in domain security.</para></listitem> </itemizedlist> -<note><para> -<indexterm><primary>promote</primary></indexterm> -Algin Technology LLC provide a commercial tool that makes it possible to promote a Windows NT4 standalone -server to a PDC or a BDC, and also permits this process to be reversed. Refer to the <ulink -url="http://utools.com/UPromote.asp">Algin</ulink> web site for further information. -</para></note> - <para> <indexterm><primary>domain</primary><secondary>control</secondary><tertiary>role</tertiary></indexterm> <indexterm><primary>native member</primary></indexterm> @@ -577,26 +555,6 @@ excluding the SAM replication components. However, please be aware that Samba-3 MS Windows 200x domain control protocols. </para> -<para> -<indexterm><primary>ADS</primary></indexterm> -At this time any appearance that Samba-3 is capable of acting as a <emphasis>domain controller</emphasis> in -native ADS mode is limited and experimental in nature. This functionality should not be used until the Samba -Team offers formal support for it. At such a time, the documentation will be revised to duly reflect all -configuration and management requirements. Samba can act as a NT4-style domain controller in a Windows 2000/XP -environment. However, there are certain compromises: -</para> - -<itemizedlist> - <listitem><para>No machine policy files.</para></listitem> - <listitem><para>No Group Policy Objects.</para></listitem> - <listitem><para>No synchronously executed Active Directory logon scripts.</para></listitem> - <listitem><para>Can't use Active Directory management tools to manage users and machines.</para></listitem> - <listitem><para>Registry changes tattoo the main registry, while with Active Directory they do not leave - permanent changes in effect.</para></listitem> - <listitem><para>Without Active Directory you cannot perform the function of exporting specific - applications to specific users or groups.</para></listitem> -</itemizedlist> - </sect2> <sect2> @@ -662,24 +620,6 @@ NT4/200x/XP clients: <listitem><para>Configuring MS Windows NT4/2000 Professional and Windows XP Professional client machines to become domain members.</para></listitem> </itemizedlist> -<para> -The following provisions are required to serve MS Windows 9x/Me clients: -</para> - -<itemizedlist> - <listitem><para>Configuration of basic TCP/IP and MS Windows networking.</para></listitem> - <listitem><para>Correct designation of the server role (<smbconfoption name="security">user</smbconfoption>).</para></listitem> - <listitem><para>Network logon configuration (since Windows 9x/Me/XP Home are not technically domain - members, they do not really participate in the security aspects of Domain logons as such).</para></listitem> - <listitem><para>Roaming profile configuration.</para></listitem> - <listitem><para>Configuration of system policy handling.</para></listitem> - <listitem><para>Installation of the network driver <quote>Client for MS Windows Networks</quote> and configuration - to log onto the domain.</para></listitem> - <listitem><para>Placing Windows 9x/Me clients in user-level security &smbmdash; if it is desired to allow - all client-share access to be controlled according to domain user/group identities.</para></listitem> - <listitem><para>Adding and managing domain user accounts.</para></listitem> -</itemizedlist> - <note><para> <indexterm><primary>roaming profiles</primary></indexterm> <indexterm><primary>account policies</primary></indexterm> @@ -754,10 +694,6 @@ smb.conf file for an example PDC</link>. <smbconfoption name="netbios name"><replaceable>BELERIAND</replaceable></smbconfoption> <smbconfoption name="workgroup"><replaceable>&example.workgroup;</replaceable></smbconfoption> <smbconfoption name="passdb backend">tdbsam</smbconfoption> -<smbconfoption name="os level">33</smbconfoption> -<smbconfoption name="preferred master">auto</smbconfoption> -<smbconfoption name="domain master">yes</smbconfoption> -<smbconfoption name="local master">yes</smbconfoption> <smbconfoption name="security">user</smbconfoption> <smbconfoption name="domain logons">yes</smbconfoption> <smbconfoption name="logon path">\\%N\profiles\%U</smbconfoption> @@ -809,23 +745,10 @@ The basic options shown in <link linkend="pdc-example">this example</link> are e <varlistentry><term>Domain Control Parameters </term> <listitem><para> - <indexterm><primary>os level</primary></indexterm> - <indexterm><primary>preferred master</primary></indexterm> - <indexterm><primary>domain master</primary></indexterm> <indexterm><primary>network</primary><secondary>logon</secondary></indexterm> - The parameters <emphasis>os level, preferred master, domain master, security, - encrypt passwords</emphasis>, and <emphasis>domain logons</emphasis> play a central role in assuring domain + The parameters <emphasis>domain logons</emphasis> + parameter is the key parameter indicating domain control and network logon support. - </para> - - <para> - <indexterm><primary>DMB</primary></indexterm> - <indexterm><primary>encryped password</primary></indexterm> - The <emphasis>os level</emphasis> must be set at or above a value of 32. A domain controller - must be the DMB, must be set in <emphasis>user</emphasis> mode security, - must support Microsoft-compatible encrypted passwords, and must provide the network logon - service (domain logons). Encrypted passwords must be enabled. For more details on how - to do this, refer to <link linkend="passdb">Account Information Databases</link>. </para></listitem> </varlistentry> @@ -883,7 +806,6 @@ of operation. The following &smb.conf; parameters are the essentials alone: <smbconfoption name="netbios name">BELERIAND</smbconfoption> <smbconfoption name="workgroup">&example.workgroup;</smbconfoption> <smbconfoption name="domain logons">Yes</smbconfoption> -<smbconfoption name="domain master">Yes</smbconfoption> <smbconfoption name="security">User</smbconfoption> </smbconfblock> </para> @@ -900,23 +822,21 @@ a more complete explanation. <para> <indexterm><primary>active directory</primary></indexterm> -Samba-3 is not, and cannot act as, an Active Directory server. It cannot truly function as an Active Directory -PDC. The protocols for some of the functionality of Active Directory domain controllers has been partially -implemented on an experimental only basis. Please do not expect Samba-3 to support these protocols. Do not -depend on any such functionality either now or in the future. The Samba Team may remove these experimental -features or may change their behavior. This is mentioned for the benefit of those who have discovered secret -capabilities in Samba-3 and who have asked when this functionality will be completed. The answer is maybe -someday or maybe never! +Samba-4 is also available as an Active Directory server. It can truly function as an Active Directory +PDC. The protocols for some of the functionality of Active Directory +domain controllers has been implemented. </para> <para> <indexterm><primary>domain controllers</primary></indexterm> <indexterm><primary>active directory</primary></indexterm> -To be sure, Samba-3 is designed to provide most of the functionality that Microsoft Windows NT4-style -domain controllers have. Samba-3 does not have all the capabilities of Windows NT4, but it does have -a number of features that Windows NT4 domain controllers do not have. In short, Samba-3 is not NT4 and it -is not Windows Server 200x: it is not an Active Directory server. We hope this is plain and simple -enough for all to understand. +<indexterm><primary>classic domain support</primary></indexterm> +To be sure, Samba-4 is also designed to provide most of the functionality that Microsoft Windows NT4-style +domain controllers have. Samba-4 does not have all the capabilities of Windows NT4, but it does have +a number of features that Windows NT4 domain controllers do not +have. We call it a <emphasis>classic domain</emphasis> controller for +this reason, as in short, Samba-4 when acting in this mode is not NT4, +and the Active Directory Domain Control aspect is a distinct capability. </para> </sect1> @@ -936,7 +856,8 @@ an integral part of the essential functionality that is provided by a domain con <para> <indexterm><primary>domain logon</primary></indexterm> All domain controllers must run the netlogon service (<emphasis>domain logons</emphasis> -in Samba). One domain controller must be configured with <smbconfoption name="domain master">Yes</smbconfoption> +in Samba). One domain controller must be configured without the +<smbconfoption name="domain master"></smbconfoption> parameter (the PDC); on all BDCs set the parameter <smbconfoption name="domain master">No</smbconfoption>. </para> @@ -948,7 +869,7 @@ in Samba). One domain controller must be configured with <smbconfoption name="do <smbconfblock> <smbconfsection name="[global]"/> <smbconfoption name="domain logons">Yes</smbconfoption> -<smbconfoption name="domain master">(Yes on PDC, No on BDCs)</smbconfoption> +<smbconfoption name="domain master">(omit on PDC, No on BDCs)</smbconfoption> <smbconfsection name="[netlogon]"/> <smbconfoption name="comment">Network Logon Service</smbconfoption> @@ -960,20 +881,20 @@ in Samba). One domain controller must be configured with <smbconfoption name="do </sect3> <sect3> -<title>The Special Case of MS Windows XP Home Edition</title> +<title>The Special Case of MS Windows Home Editions</title> <para> -<indexterm><primary>Windows XP Home edition</primary></indexterm> -To be completely clear: If you want MS Windows XP Home Edition to integrate with your +<indexterm><primary>Windows Home editions</primary></indexterm> +To be completely clear: If you want MS Windows Home Editions to integrate with your MS Windows NT4 or Active Directory domain security, understand it cannot be done. -The only option is to purchase the upgrade from MS Windows XP Home Edition to -MS Windows XP Professional. +The only option is to purchase the upgrade from MS Windows Home Edition to +a MS Windows Professional edition. </para> <note><para> -MS Windows XP Home Edition does not have the ability to join any type of domain -security facility. Unlike MS Windows 9x/Me, MS Windows XP Home Edition also completely -lacks the ability to log onto a network. +MS Windows Home Editions do not have the ability to join any type of domain +security facility. Unlike MS Windows 9x/Me, MS Windows Home Edition +deliberatly lacks the ability to log onto a network. </para></note> <para> @@ -985,172 +906,6 @@ Microsoft, and we recommend that you do not do that. </sect3> -<sect3> -<title>The Special Case of Windows 9x/Me</title> - -<para> -<indexterm><primary>domain</primary></indexterm> -<indexterm><primary>workgroup</primary></indexterm> -<indexterm><primary>authentication</primary></indexterm> -<indexterm><primary>browsing</primary></indexterm> -<indexterm><primary>rights</primary></indexterm> -A domain and a workgroup are exactly the same in terms of network -browsing. The difference is that a distributable authentication -database is associated with a domain, for secure login access to a -network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server. Samba-3 does this -now in the same way as MS Windows NT/200x. -</para> - -<para> -<indexterm><primary>browsing</primary></indexterm> -The SMB client logging on to a domain has an expectation that every other -server in the domain should accept the same authentication information. -Network browsing functionality of domains and workgroups is identical and -is explained in this documentation under the browsing discussions. -It should be noted that browsing is totally orthogonal to logon support. -</para> - -<para> -<indexterm><primary>single-logon</primary></indexterm> -<indexterm><primary>domain logons</primary></indexterm> -<indexterm><primary>network logon</primary></indexterm> -Issues related to the single-logon network model are discussed in this -section. Samba supports domain logons, network logon scripts, and user -profiles for MS Windows for Workgroups and MS Windows 9x/Me clients, -which are the focus of this section. -</para> - -<para> -<indexterm><primary>broadcast request</primary></indexterm> -When an SMB client in a domain wishes to log on, it broadcasts requests for a logon server. The first one to -reply gets the job and validates its password using whatever mechanism the Samba administrator has installed. -It is possible (but ill advised) to create a domain where the user database is not shared between servers; -that is, they are effectively workgroup servers advertising themselves as participating in a domain. This -demonstrates how authentication is quite different from but closely involved with domains. -</para> - -<para> -Using these features, you can make your clients verify their logon via -the Samba server, make clients run a batch file when they log on to -the network and download their preferences, desktop, and start menu. -</para> - -<para><emphasis> -MS Windows XP Home edition is not able to join a domain and does not permit the use of domain logons. -</emphasis></para> - -<para> -Before launching into the configuration instructions, it is worthwhile to look at how a Windows 9x/Me client -performs a logon: -</para> - -<orderedlist> -<listitem> - <para> - <indexterm><primary>DOMAIN<1C></primary></indexterm> - <indexterm><primary>logon server</primary></indexterm> - The client broadcasts (to the IP broadcast address of the subnet it is in) - a NetLogon request. This is sent to the NetBIOS name DOMAIN<1C> at the - NetBIOS layer. The client chooses the first response it receives, which - contains the NetBIOS name of the logon server to use in the format of - <filename>\\SERVER</filename>. The <literal>1C</literal> name is the name - type that is registered by domain controllers (SMB/CIFS servers that provide - the netlogon service). - </para> -</listitem> - -<listitem> - <para> - <indexterm><primary>IPC$</primary></indexterm> - <indexterm><primary>SMBsessetupX</primary></indexterm> - <indexterm><primary>SMBtconX</primary></indexterm> - The client connects to that server, logs on (does an SMBsessetupX) and - then connects to the IPC$ share (using an SMBtconX). - </para> -</listitem> - -<listitem> - <para> - <indexterm><primary>NetWkstaUserLogon</primary></indexterm> - The client does a NetWkstaUserLogon request, which retrieves the name - of the user's logon script. - </para> -</listitem> - -<listitem> - <para> - The client then connects to the NetLogon share and searches for said script. - If it is found and can be read, it is retrieved and executed by the client. - After this, the client disconnects from the NetLogon share. - </para> -</listitem> - -<listitem> - <para> - <indexterm><primary>NetUserGetInfo</primary></indexterm> - <indexterm><primary>profile</primary></indexterm> - The client sends a NetUserGetInfo request to the server to retrieve - the user's home share, which is used to search for profiles. Since the - response to the NetUserGetInfo request does not contain much more than - the user's home share, profiles for Windows 9x clients must reside in the user - home directory. - </para> -</listitem> - -<listitem> - <para> - <indexterm><primary>profiles</primary></indexterm> - The client connects to the user's home share and searches for the - user's profile. As it turns out, you can specify the user's home share as - a share name and path. For example, <filename>\\server\fred\.winprofile</filename>. - If the profiles are found, they are implemented. - </para> -</listitem> - -<listitem> - <para> - <indexterm><primary>CONFIG.POL</primary></indexterm> - The client then disconnects from the user's home share and reconnects to - the NetLogon share and looks for <filename>CONFIG.POL</filename>, the policies file. If this is - found, it is read and implemented. - </para> -</listitem> -</orderedlist> - -<para> -The main difference between a PDC and a Windows 9x/Me logon server configuration is: -</para> - -<itemizedlist> -<listitem><para> - <indexterm><primary>password</primary><secondary>plaintext</secondary></indexterm> - <indexterm><primary>plaintext password</primary></indexterm> - Password encryption is not required for a Windows 9x/Me logon server. But note - that beginning with MS Windows 98 the default setting is that plaintext - password support is disabled. It can be re-enabled with the registry - changes that are documented in <link linkend="PolicyMgmt">System and Account Policies</link>. - </para></listitem> - - <listitem><para> - <indexterm><primary>machine trust account</primary></indexterm> - Windows 9x/Me clients do not require and do not use Machine Trust Accounts. - </para></listitem> -</itemizedlist> - -<para> -<indexterm><primary>network logon services</primary></indexterm> -A Samba PDC will act as a Windows 9x/Me logon server; after all, it does provide the -network logon services that MS Windows 9x/Me expect to find. -</para> - -<note><para> -<indexterm><primary>sniffer</primary></indexterm> -Use of plaintext passwords is strongly discouraged. Where used they are easily detected -using a sniffer tool to examine network traffic. -</para></note> - -</sect3> </sect2> <sect2> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml index b3879c4282..456c7ceab4 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml @@ -20,16 +20,6 @@ <title>Account Information Databases</title> <para> -<indexterm><primary>account backends</primary></indexterm> -<indexterm><primary>password backends</primary></indexterm> -<indexterm><primary>scalability</primary></indexterm> -<indexterm><primary>ADS</primary></indexterm> -Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This -capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to -work with only one specified passwd backend. -</para> - -<para> <indexterm><primary>passdb backend</primary></indexterm> <indexterm><primary>smbpasswd</primary></indexterm> <indexterm><primary>tdbsam</primary></indexterm> @@ -67,14 +57,6 @@ entities. <sect1> <title>Features and Benefits</title> -<para> -Samba-3 provides for complete backward compatibility with Samba-2.2.x functionality -as follows: -<indexterm><primary>SAM backend</primary><secondary>smbpasswd</secondary></indexterm> -<indexterm><primary>SAM backend</primary><secondary>ldapsam_compat</secondary></indexterm> -<indexterm><primary>encrypted passwords</primary></indexterm> -</para> - <sect2> <title>Backward Compatibility Account Storage Systems</title> @@ -120,21 +102,6 @@ as follows: </para> </listitem> </varlistentry> - - <varlistentry><term>ldapsam_compat (Samba-2.2 LDAP Compatibility)</term> - <listitem> - <para> -<indexterm><primary>ldapsam_compat</primary></indexterm> -<indexterm><primary>Samba-2.2.x LDAP schema</primary></indexterm> -<indexterm><primary>OpenLDAP backend</primary></indexterm> - There is a password backend option that allows continued operation with - an existing OpenLDAP backend that uses the Samba-2.2.x LDAP schema extension. - This option is provided primarily as a migration tool, although there is - no reason to force migration at this time. This tool will eventually - be deprecated. - </para> - </listitem> - </varlistentry> </variablelist> </sect2> @@ -347,10 +314,10 @@ Samba-3 introduces a number of new password backend capabilities. <note> <para> -<indexterm><primary>Windows XP Home</primary></indexterm> +<indexterm><primary>Windows Home edition</primary></indexterm> <indexterm><primary>domain member</primary></indexterm> <indexterm><primary>domain logons</primary></indexterm> - MS Windows XP Home does not have facilities to become a domain member, and it cannot participate in domain logons. + MS Windows Home editions do not have facilities to become a domain member, and cannot participate in domain logons. </para> </note> @@ -361,9 +328,8 @@ Samba-3 introduces a number of new password backend capabilities. <itemizedlist> <listitem><para>Windows NT 3.5x.</para></listitem> <listitem><para>Windows NT 4.0.</para></listitem> - <listitem><para>Windows 2000 Professional.</para></listitem> - <listitem><para>Windows 200x Server/Advanced Server.</para></listitem> - <listitem><para>Windows XP Professional.</para></listitem> + <listitem><para>Windows editions labeled Professional.</para></listitem> + <listitem><para>Windows editions labeled Server/Advanced Server.</para></listitem> </itemizedlist> <para> @@ -419,7 +385,7 @@ Samba-3 introduces a number of new password backend capabilities. <indexterm><primary>password prompt</primary></indexterm> <indexterm><primary>SMB encryption</primary></indexterm> Windows NT does not like talking to a server that does not support encrypted passwords. It will refuse to - browse the server if the server is also in user-level security mode. It will insist on prompting the user for + browse the server. It will insist on prompting the user for the password on each connection, which is very annoying. The only thing you can do to stop this is to use SMB encryption. </para></listitem> @@ -1677,25 +1643,6 @@ regarding this facility. <sect1> <title>Password Backends</title> -<para> -<indexterm><primary>account database</primary></indexterm> -<indexterm><primary>SMB/CIFS server</primary></indexterm> -Samba offers flexibility in backend account database design. The flexibility is immediately obvious as one -begins to explore this capability. Recent changes to Samba (since 3.0.23) have removed the mulitple backend -feature in order to simplify problems that broke some installations. This removal has made the internal -operation of Samba-3 more consistent and predictable. -</para> - -<para> -<indexterm><primary>multiple backends</primary></indexterm> -<indexterm><primary>tdbsam databases</primary></indexterm> -Beginning with Samba 3.0.23 it is no longer possible to specify use of mulitple passdb backends. Earlier -versions of Samba-3 made it possible to specify multiple password backends, and even multiple -backends of the same type. The multiple passdb backend capability caused many problems with name to SID and -SID to name ID resolution. The Samba team wrestled with the challenges and decided that this feature needed -to be removed. -</para> - <sect2> <title>Plaintext</title> @@ -2658,18 +2605,6 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7 Read the <link linkend="acctmgmttools">Account Management Tools</link> for details.</para> </sect2> - - <sect2> - <title>Configuration of <parameter>auth methods</parameter></title> - - <para> - When explicitly setting an <smbconfoption name="auth methods"/> parameter, - <parameter>guest</parameter> must be specified as the first entry on the line &smbmdash; - for example, <smbconfoption name="auth methods">guest sam</smbconfoption>. - </para> - - </sect2> - </sect1> </chapter> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml deleted file mode 100644 index 533ad5c9bb..0000000000 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml +++ /dev/null @@ -1,270 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<chapter id="Portability"> -<chapterinfo> - &author.jelmer; - &author.jht; - <!-- Some other people as well, but there were no author names in the text files this file is based on--> -</chapterinfo> - -<title>Portability</title> - -<para> -<indexterm><primary>platforms</primary></indexterm> -<indexterm><primary>compatible</primary></indexterm> -Samba works on a wide range of platforms, but the interface all the -platforms provide is not always compatible. This chapter contains -platform-specific information about compiling and using Samba.</para> - -<sect1> -<title>HPUX</title> - -<para> -<indexterm><primary>/etc/logingroup</primary></indexterm> -<indexterm><primary>/etc/group</primary></indexterm> -Hewlett-Packard's implementation of supplementary groups is nonstandard (for -historical reasons). There are two group files, <filename>/etc/group</filename> and -<filename>/etc/logingroup</filename>; the system maps UIDs to numbers using the former, but -initgroups() reads the latter. Most system admins who know the ropes -symlink <filename>/etc/group</filename> to <filename>/etc/logingroup</filename> -(hard-link does not work for reasons too obtuse to go into here). initgroups() will complain if one of the -groups you're in, in <filename>/etc/logingroup</filename>, has what it considers to be an invalid -ID, which means outside the range <constant>[0..UID_MAX]</constant>, where <constant>UID_MAX</constant> is -60000 currently on HP-UX. This precludes -2 and 65534, the usual <constant>nobody</constant> -GIDs. -</para> - -<para> -If you encounter this problem, make sure the programs that are failing -to initgroups() are run as users, not in any groups with GIDs outside the -allowed range. -</para> - -<para> -This is documented in the HP manual pages under setgroups(2) and passwd(4). -</para> - -<para> -<indexterm><primary>gcc</primary></indexterm> -<indexterm><primary>ANSI compiler</primary></indexterm> -On HP-UX you must use gcc or the HP ANSI compiler. The free compiler -that comes with HP-UX is not ANSI compliant and cannot compile Samba. -</para> - -</sect1> - -<sect1> -<title>SCO UNIX</title> - -<para> -If you run an old version of SCO UNIX, you may need to get important -TCP/IP patches for Samba to work correctly. Without the patch, you may -encounter corrupt data transfers using Samba. -</para> - -<para> -The patch you need is UOD385 Connection Drivers SLS. It is available from -SCO <ulink noescape="1" url="ftp://ftp.sco.com/">ftp.sco.com</ulink>, directory SLS, -files uod385a.Z and uod385a.ltr.Z). -</para> - -<para> -The information provided here refers to an old version of SCO UNIX. If you require -binaries for more recent SCO UNIX products, please contact SCO to obtain packages that are -ready to install. You should also verify with SCO that your platform is up to date for the -binary packages you will install. This is important if you wish to avoid data corruption -problems with your installation. To build Samba for SCO UNIX products may -require significant patching of Samba source code. It is much easier to obtain binary -packages directly from SCO. -</para> - -</sect1> - -<sect1> -<title>DNIX</title> - -<para> -DNIX has a problem with seteuid() and setegid(). These routines are -needed for Samba to work correctly, but they were left out of the DNIX -C library for some reason. -</para> - -<para> -For this reason Samba by default defines the macro NO_EID in the DNIX -section of includes.h. This works around the problem in a limited way, -but it is far from ideal, and some things still will not work right. -</para> - -<para> -To fix the problem properly, you need to assemble the following two -functions and then either add them to your C library or link them into -Samba. Put the following in the file <filename>setegid.s</filename>: -</para> - -<para><programlisting> - .globl _setegid -_setegid: - moveq #47,d0 - movl #100,a0 - moveq #1,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts -</programlisting></para> - -<para> -Put this in the file <filename>seteuid.s</filename>: -</para> - -<para><programlisting> - .globl _seteuid -_seteuid: - moveq #47,d0 - movl #100,a0 - moveq #0,d1 - movl 4(sp),a1 - trap #9 - bccs 1$ - jmp cerror -1$: - clrl d0 - rts -</programlisting></para> - -<para> -After creating the files, you then assemble them using -</para> - -<screen> -&prompt;<userinput>as seteuid.s</userinput> -&prompt;<userinput>as setegid.s</userinput> -</screen> - -<para> -which should produce the files <filename>seteuid.o</filename> and -<filename>setegid.o</filename>. -</para> - -<para> -Next you need to add these to the LIBSM line in the DNIX section of -the Samba Makefile. Your LIBSM line will look something like this: -</para> - -<para><programlisting> -LIBSM = setegid.o seteuid.o -ln -</programlisting></para> - -<para> -You should then remove the line: -</para> - -<para><programlisting> -#define NO_EID -</programlisting></para> - -<para>from the DNIX section of <filename>includes.h</filename>.</para> - -</sect1> - -<sect1> -<title>Red Hat Linux</title> - -<para> -By default during installation, some versions of Red Hat Linux add an -entry to <filename>/etc/hosts</filename> as follows: -<programlisting> -127.0.0.1 loopback "hostname"."domainname" -</programlisting> -</para> - -<para> -<indexterm><primary>loopback interface</primary></indexterm> -This causes Samba to loop back onto the loopback interface. -The result is that Samba fails to communicate correctly with -the world and therefore may fail to correctly negotiate who -is the master browse list holder and who is the master browser. -</para> - -<para> -Corrective action: Delete the entry after the word "loopback" -in the line starting 127.0.0.1. -</para> -</sect1> - -<sect1> -<title>AIX: Sequential Read Ahead</title> -<!-- From an email by William Jojo <jojowil@hvcc.edu> --> -<para> -Disabling sequential read ahead can improve Samba performance significantly -when there is a relatively high level of multiprogramming (many smbd processes -or mixed with another workload), not an abundance of physical memory or slower -disk technology. These can cause AIX to have a higher WAIT values. Disabling -sequential read-ahead can also have an adverse affect on other workloads in the -system so you will need to evaluate other applications for impact. -</para> - -<para> -It is recommended to use the defaults provided by IBM, but if you experience a -high amount of wait time, try disabling read-ahead with the following commands: -</para> - -<para> -For AIX 5.1 and earlier: <userinput>vmtune -r 0</userinput> -</para> - -<para> -For AIX 5.2 and later jfs filesystems: <userinput>ioo -o minpgahead=0</userinput> -</para> - -<para> -For AIX 5.2 and later jfs2 filesystems: <userinput>ioo -o j2_minPageReadAhead=0</userinput> -</para> - -<para> -If you have a mix of jfs and jfs2 filesystems on the same host, simply use both -ioo commands. -</para> -</sect1> - -<sect1> -<title>Solaris</title> - -<sect2> -<title>Locking Improvements</title> - -<para>Some people have been experiencing problems with F_SETLKW64/fcntl -when running Samba on Solaris. The built-in file-locking mechanism was -not scalable. Performance would degrade to the point where processes would -get into loops of trying to lock a file. It would try a lock, then fail, -then try again. The lock attempt was failing before the grant was -occurring. The visible manifestation of this was a handful of -processes stealing all of the CPU, and when they were trussed, they would -be stuck in F_SETLKW64 loops. -</para> - -<para> -Please check with Sun support for current patches needed to fix this bug. -The patch revision for 2.6 is 105181-34, for 8 is 108528-19, and for 9 is 112233-04. -After the installation of these patches, it is recommended to reconfigure -and rebuild Samba. -</para> - -<para>Thanks to Joe Meslovich for reporting this.</para> - -</sect2> - -<sect2 id="winbind-solaris9"> -<title>Winbind on Solaris 9</title> -<para> -Nsswitch on Solaris 9 refuses to use the Winbind NSS module. This behavior -is fixed by Sun in patch <ulink -url="http://sunsolve.sun.com/search/advsearch.do?collection=PATCH&type=collections&max=50&language=en&queryKey5=112960;rev=14&toDocument=yes">112960-14</ulink>. -</para> -</sect2> -</sect1> - -</chapter> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml index fff317bed0..6d4624c86d 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml @@ -282,7 +282,6 @@ with settings shown in <link linkend="simpleprc">the example above</link>: deleteprinter command = show add printer wizard = Yes os2 driver map = - printer admin = min print space = 0 max print jobs = 1000 printable = No @@ -404,7 +403,6 @@ be if you used this minimalistic configuration. Here is what you can expect to f deleteprinter command = show add printer wizard = Yes os2 driver map = - printer admin = min print space = 0 max print jobs = 1000 printable = No @@ -480,7 +478,6 @@ are set by default. You could use a much leaner &smb.conf; file, or you can use <smbconfoption name="load printers">yes</smbconfoption> <smbconfoption name="show add printer wizard">yes</smbconfoption> <smbconfoption name="printcap name">/etc/printcap</smbconfoption> -<smbconfoption name="printer admin">@ntadmin, root</smbconfoption> <smbconfoption name="max print jobs">100</smbconfoption> <smbconfoption name="lpq cache time">20</smbconfoption> <smbconfoption name="use client driver">no</smbconfoption> @@ -498,7 +495,6 @@ are set by default. You could use a much leaner &smb.conf; file, or you can use <smbconfsection name="[my_printer_name]"/> <smbconfoption name="comment">Printer with Restricted Access</smbconfoption> <smbconfoption name="path">/var/spool/samba_my_printer</smbconfoption> -<smbconfoption name="printer admin">kurt</smbconfoption> <smbconfoption name="browseable">yes</smbconfoption> <smbconfoption name="printable">yes</smbconfoption> <smbconfoption name="writable">no</smbconfoption> @@ -624,21 +620,6 @@ globally set share settings and specify other values). <filename>cupsd.conf</filename> file. </para></listitem></varlistentry> - <varlistentry><term><smbconfoption name="printer admin">@ntadmin </smbconfoption></term> - <listitem><para> -<indexterm><primary>add drivers</primary></indexterm> -<indexterm><primary>/etc/group</primary></indexterm> -<indexterm><primary>printer share</primary></indexterm> -<indexterm><primary>set printer properties</primary></indexterm> - Members of the ntadmin group should be able to add drivers and set printer properties - (<constant>ntadmin</constant> is only an example name; it needs to be a valid UNIX group name); root is - implicitly always a <smbconfoption name="printer admin"/>. The <literal>@</literal> sign precedes group names - in the <filename>/etc/group</filename>. A printer admin can do anything to printers via the remote - administration interfaces offered by MS-RPC (see <link linkend="cups-msrpc">Printing Developments Since - Samba-2.2</link>). In larger installations, the <smbconfoption name="printer admin"/> parameter is normally a - per-share parameter. This permits different groups to administer each printer share. - </para></listitem></varlistentry> - <varlistentry><term><smbconfoption name="lpq cache time">20 </smbconfoption></term> <listitem><para> <indexterm><primary>lpq command</primary></indexterm> @@ -789,13 +770,6 @@ finds one, it will connect to this and will not connect to a printer with the sa </para></listitem> </varlistentry> - <varlistentry><term><smbconfoption name="printer admin">kurt </smbconfoption></term> - <listitem><para> - The printer admin definition is different for this explicitly defined printer share from the general - <smbconfsection name="[printers]"/> share. It is not a requirement; we did it to show that it is possible. - </para></listitem> - </varlistentry> - <varlistentry><term><smbconfoption name="browseable">yes </smbconfoption></term> <listitem><para> This makes the printer browseable so the clients may conveniently find it when browsing the @@ -1256,9 +1230,6 @@ site). See <link linkend="prtdollar">[print\$] Example</link>. <title>[print$] Example</title> <smbconfblock> <smbconfsection name="[global]"/> -<smbconfcomment>members of the ntadmin group should be able to add drivers and set</smbconfcomment> -<smbconfcomment>printer properties. root is implicitly always a 'printer admin'.</smbconfcomment> -<smbconfoption name="printer admin">@ntadmin</smbconfoption> <smbconfcomment>...</smbconfcomment> <smbconfsection name="[printers]"/> @@ -1358,9 +1329,7 @@ The following parameters are frequently needed in this share section: write-access (as an exception to the general public's read-only access), which they need to update files on the share. Normally, you will want to name only administrative-level user account in this setting. Check the file system permissions to make sure these accounts - can copy files to the share. If this is a non-root account, then the account should also - be mentioned in the global <smbconfoption name="printer admin"/> - parameter. See the &smb.conf; man page for more information on configuring file shares. + can copy files to the share. </para></listitem> </varlistentry> </variablelist> @@ -1403,10 +1372,6 @@ to support like this: <listitem><para> The account used to connect to the Samba host must have a UID of 0 (i.e., a root account). </para></listitem> - - <listitem><para> - The account used to connect to the Samba host must be named in the <emphasis>printer admin</emphasis> list. - </para></listitem> </itemizedlist> <para> @@ -1495,15 +1460,14 @@ assign a driver to a printer is open. You now have the choice of: <para> Once the APW is started, the procedure is exactly the same as the one you are familiar with in Windows (we assume here that you are familiar with the printer driver installations procedure on Windows NT). Make sure -your connection is, in fact, set up as a user with <smbconfoption name="printer admin"/> -privileges (if in doubt, use <command>smbstatus</command> to check for this). If you wish to install +your connection is, in fact, set up as a user with printer administrator privileges +(if in doubt, use <command>smbstatus</command> to check for this). If you wish to install printer drivers for client operating systems other than <application>Windows NT x86</application>, you will need to use the <guilabel>Sharing</guilabel> tab of the printer properties dialog. </para> <para> -Assuming you have connected with an administrative (or root) account (as named by the -<smbconfoption name="printer admin"/> parameter), you will also be able to modify +Assuming you have connected with an administrative (or root) account, you will also be able to modify other printer properties such as ACLs and default device settings using this dialog. For the default device settings, please consider the advice given further in <link linkend="inst-rpc">Installing Print Drivers Using <command>rpcclient</command></link>. @@ -2104,7 +2068,7 @@ user</emphasis> nobody. In a DOS box type: <para><userinput>net use \\<replaceable>SAMBA-SERVER</replaceable>\print$ /user:root</userinput></para> <para> -Replace root, if needed, by another valid <smbconfoption name="printer admin"/> user as given in +Replace root, if needed, by another valid printer administrator user as given in the definition. Should you already be connected as a different user, you will get an error message. There is no easy way to get rid of that connection, because Windows does not seem to know a concept of logging off from a share connection (do not confuse this with logging off from the local workstation; that is @@ -2204,7 +2168,7 @@ in the following paragraphs. </para> <para> -Be aware that a valid device mode can only be initiated by a <smbconfoption name="printer admin"/> or root +Be aware that a valid device mode can only be initiated by a printer administrator or root (the reason should be obvious). Device modes can be correctly set only by executing the printer driver program itself. Since Samba cannot execute this Win32 platform driver code, it sets this field initially to NULL (which is not a valid setting for clients to use). Fortunately, most drivers automatically generate the @@ -2315,12 +2279,12 @@ command...</guimenuitem> field from the <guimenu>Start</guimenu> menu. </sect2> <sect2> -<title>Always Make First Client Connection as root or <quote>printer admin</quote></title> +<title>Always Make First Client Connection as root or printer administrator</title> <para> After you installed the driver on the Samba server (in its <smbconfsection name="[print$]"/> share), you should always make sure that your first client installation completes correctly. Make it a habit for yourself -to build the very first connection from a client as <smbconfoption name="printer admin"/>. This is to make +to build the very first connection from a client as a printer administrator"/>. This is to make sure that: </para> @@ -2354,8 +2318,8 @@ To connect as root to a Samba printer, try this command from a Windows 200x/XP D <para> You will be prompted for <constant>root</constant>'s Samba password; type it, wait a few seconds, click on <guibutton>Printing Defaults</guibutton>, and proceed to set the job options that should be used as defaults -by all clients. Alternatively, instead of root you can name one other member of the <smbconfoption -name="printer admin"/> from the setting. +by all clients. Alternatively, instead of root you can give one other member printer adminadministrator +privileges. </para> <para> @@ -2458,7 +2422,7 @@ is how I reproduce it in an XP Professional: Do you see any difference in the two settings dialogs? I do not either. However, only the last one, which you arrived at with steps C.1 through C.6 will permanently save any settings which will then become the defaults for new users. If you want all clients to have the same defaults, you need to conduct these steps as -administrator (<smbconfoption name="printer admin"/>) before a client downloads the driver (the clients can +administrator before a client downloads the driver (the clients can later set their own per-user defaults by following procedures A or B above). Windows 200x/XP allow per-user default settings and the ones the administrator gives them before they set up their own. The parents of the identical-looking dialogs have a slight difference in their window names; one is called @@ -2602,7 +2566,7 @@ folder. Also located in this folder is the Windows NT Add Printer Wizard icon. T <itemizedlist> <listitem><para> The connected user is able to successfully execute an <command>OpenPrinterEx(\\server)</command> with - administrative privileges (i.e., root or <smbconfoption name="printer admin"/>). + administrative privileges (i.e., root or a printer administrator). </para> <tip><para> Try this from a Windows 200x/XP DOS box command prompt: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Problems.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Problems.xml index 8f1d3c1849..9620e6cc53 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Problems.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Problems.xml @@ -219,10 +219,6 @@ information on how to do this. Copy the files from a working Netmon installation <title>Useful URLs</title> <itemizedlist> -<listitem><para>See how Scott Merrill simulates a BDC behavior at - <ulink noescape="1" url="http://www.skippy.net/linux/smb-howto.html"> - http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem> - <listitem><para>FTP site for older SMB specs, <ulink noescape="1" url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem>. diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml b/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml index 07efc463ab..dc6125e1d6 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml @@ -333,13 +333,9 @@ mailing lists. <indexterm><primary>global right</primary></indexterm> <indexterm><primary>administrative rights</primary></indexterm> <indexterm><primary>printers admin</primary></indexterm> - This privilege operates identically to the <smbconfoption name="printer admin"/> - option in the &smb.conf; file (see section 5 man page for &smb.conf;) - except that it is a global right (not on a per-printer basis). - Eventually the smb.conf option will be deprecated and administrative - rights to printers will be controlled exclusively by this right and - the security descriptor associated with the printer object in the - <filename>ntprinters.tdb</filename> file. + Administrative rights to printers are only controlled exclusively + by this right and the security descriptor associated with the + printer object in the registry. </para></listitem> </varlistentry> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml index 0b90c925b8..f0c07d2081 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml @@ -177,24 +177,10 @@ protocol. Since some time around 1996 the protocol has been better known as the <indexterm><primary>security levels</primary></indexterm> <indexterm><primary>security modes</primary></indexterm> <indexterm><primary>user-level</primary></indexterm> -<indexterm><primary>share-level</primary></indexterm> -In the SMB/CIFS networking world, there are only two types of security: <emphasis>user-level</emphasis> and -<emphasis>share level</emphasis>. We refer to these collectively as <emphasis>security levels</emphasis>. In -implementing these two security levels, Samba provides flexibilities that are not available with MS Windows -NT4/200x servers. In fact, Samba implements <emphasis>share-level</emphasis> security only one way, but has -four ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba +Samba has three ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba implementations of the security levels <emphasis>security modes</emphasis>. They are known as -<emphasis>share</emphasis>, <emphasis>user</emphasis>, <emphasis>domain</emphasis>, <emphasis>ADS</emphasis>, -and <emphasis>server</emphasis> modes. They are documented in this chapter. -</para> - -<para> -An SMB server informs the client, at the time of a session setup, the security level the server is running. -There are two options: share-level and user-level. Which of these two the client receives affects the way the -client then tries to authenticate itself. It does not directly affect (to any great extent) the way the Samba -server does security. This may sound strange, but it fits in with the client/server approach of SMB. In SMB -everything is initiated and controlled by the client, and the server can only tell the client what is -available and whether an action is allowed. +<emphasis>user</emphasis>, <emphasis>domain</emphasis> and +<emphasis>ADS</emphasis> modes. They are documented in this chapter. </para> <para> @@ -268,71 +254,6 @@ This is the default setting since Samba-2.2.x. </sect2> <sect2> -<title>Share-Level Security</title> - -<para> -<indexterm><primary>share-level</primary></indexterm> -<indexterm><primary>mount</primary></indexterm> -In share-level security, the client authenticates itself separately for each share. It sends a password along -with each tree connection request (share mount), but it does not explicitly send a username with this -operation. The client expects a password to be associated with each share, independent of the user. This means -that Samba has to work out what username the client probably wants to use, -because the username is not explicitly sent to the SMB server. Some commercial SMB servers such as NT actually associate passwords directly with shares -in share-level security, but Samba always uses the UNIX authentication scheme where it is a username/password -pair that is authenticated, not a share/password pair. -</para> - -<para> -To understand the MS Windows networking parallels, think in terms of MS Windows 9x/Me where you can create a -shared folder that provides read-only or full access, with or without a password. -</para> - -<para> -Many clients send a session setup request even if the server is in share-level security. They normally send a valid -username but no password. Samba records this username in a list of possible usernames. When the client then -issues a tree connection request, it also adds to this list the name of the share they try to connect to (useful for -home directories) and any users listed in the <smbconfoption name="user"/> parameter in the &smb.conf; file. -The password is then checked in turn against these possible usernames. If a match is found, then the client is -authenticated as that user. -</para> - -<para> -<indexterm><primary>name service switch</primary><see>NSS</see></indexterm> -<indexterm><primary>/etc/passwd</primary></indexterm> -<indexterm><primary>nsswitch.conf</primary></indexterm> -Where the list of possible user names is not provided, Samba makes a UNIX system call to find the user -account that has a password that matches the one provided from the standard account database. On a system that -has no name service switch (NSS) facility, such lookups will be from the <filename>/etc/passwd</filename> -database. On NSS enabled systems, the lookup will go to the libraries that have been specified in the -<filename>nsswitch.conf</filename> file. The entries in that file in which the libraries are specified are: -<screen> -passwd: files nis ldap -shadow: files nis ldap -group: files nis ldap -</screen> -<indexterm><primary>/etc/passwd</primary></indexterm> -<indexterm><primary>/etc/group</primary></indexterm> -<indexterm><primary>NIS</primary></indexterm> -In the example shown here (not likely to be used in practice) the lookup will check -<filename>/etc/passwd</filename> and <filename>/etc/group</filename>, if not found it will check NIS, then -LDAP. -</para> - -<sect3> -<title>Example Configuration</title> - -<para> -The &smb.conf; parameter that sets share-level security is: -</para> - -<para><smbconfblock> -<smbconfoption name="security">share</smbconfoption> -</smbconfblock></para> - -</sect3> -</sect2> - -<sect2> <title>Domain Security Mode (User-Level Security)</title> <para> @@ -418,32 +339,12 @@ security domain. This is done as follows: <procedure> - <step><para>On the MS Windows NT domain controller, using - the Server Manager, add a machine account for the Samba server. - </para></step> - <step><para>On the UNIX/Linux system execute:</para> <para><screen>&rootprompt;<userinput>net rpc join -U administrator%password</userinput></screen></para> </step> </procedure> -<note><para> -<indexterm><primary>smbpasswd</primary></indexterm> -Samba-2.2.4 and later Samba 2.2.x series releases can autojoin a Windows NT4-style domain just by executing: -<screen> -&rootprompt;<userinput>smbpasswd -j <replaceable>DOMAIN_NAME</replaceable> -r <replaceable>PDC_NAME</replaceable> \ - -U Administrator%<replaceable>password</replaceable></userinput> -</screen> -<indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>join</tertiary></indexterm> -Samba-3 can do the same by executing: -<screen> -&rootprompt;<userinput>net rpc join -U Administrator%<replaceable>password</replaceable></userinput> -</screen> -It is not necessary with Samba-3 to specify the <replaceable>DOMAIN_NAME</replaceable> or the -<replaceable>PDC_NAME</replaceable>, as it figures this out from the &smb.conf; file settings. -</para></note> - <para> <indexterm><primary>invalid shell</primary></indexterm> <indexterm><primary>/etc/passwd</primary></indexterm> @@ -481,7 +382,7 @@ For more information regarding domain membership, <link linkend="domain-member"> <para> <indexterm><primary>ADS</primary></indexterm> <indexterm><primary>native mode</primary></indexterm> -Both Samba-2.2, and Samba-3 can join an Active Directory domain using NT4 style RPC based security. This is +Samba can join an Active Directory domain using NT4 style RPC based security. This is possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style domain members. This is contrary to popular belief. </para> @@ -527,103 +428,6 @@ ADS Domain Membership</link> for more information regarding this configuration o </sect3> </sect2> -<sect2> -<title>Server Security (User Level Security)</title> - -<para> -Server security mode is left over from the time when Samba was not capable of acting -as a domain member server. It is highly recommended not to use this feature. Server -security mode has many drawbacks that include: -</para> - -<itemizedlist> - <listitem><para>Potential account lockout on MS Windows NT4/200x password servers.</para></listitem> - <listitem><para>Lack of assurance that the password server is the one specified.</para></listitem> - <listitem><para>Does not work with Winbind, which is particularly needed when storing profiles remotely.</para></listitem> - <listitem><para>This mode may open connections to the password server and keep them open for extended periods.</para></listitem> - <listitem><para>Security on the Samba server breaks badly when the remote password server suddenly shuts down.</para></listitem> - <listitem><para>With this mode there is NO security account in the domain that the password server belongs to for the Samba server.</para></listitem> -</itemizedlist> - -<para> -<indexterm><primary>session setup</primary></indexterm> -<indexterm><primary>SMB</primary></indexterm> -In server security mode the Samba server reports to the client that it is in user-level security. The client -then does a session setup as described earlier. The Samba server takes the username/password that the client -sends and attempts to log into the <smbconfoption name="password server"/> by sending exactly the same -username/password that it got from the client. If that server is in user-level security and accepts the -password, then Samba accepts the client's connection. This parameter allows the Samba server to use another -SMB server as the <smbconfoption name="password server"/>. -</para> - -<para> -<indexterm><primary>security level</primary></indexterm> -<indexterm><primary>encryption</primary></indexterm> -You should also note that at the start of all this, when the server tells the client -what security level it is in, it also tells the client if it supports encryption. If it -does, it supplies the client with a random cryptkey. The client will then send all -passwords in encrypted form. Samba supports this type of encryption by default. -</para> - -<para> -The parameter <smbconfoption name="security">server</smbconfoption> means that Samba reports to clients that -it is running in <emphasis>user mode</emphasis> but actually passes off all authentication requests to another -user mode server. This requires an additional parameter <smbconfoption name="password server"/> that points to -the real authentication server. The real authentication server can be another Samba server, or it can be a -Windows NT server, the latter being natively capable of encrypted password support. -</para> - -<note><para> -<indexterm><primary>password server</primary></indexterm> -<indexterm><primary>workgroup</primary></indexterm> -When Samba is running in <emphasis>server security mode</emphasis>, it is essential that the parameter -<emphasis>password server</emphasis> is set to the precise NetBIOS machine name of the target authentication -server. Samba cannot determine this from NetBIOS name lookups because the choice of the target authentication -server is arbitrary and cannot be determined from a domain name. In essence, a Samba server that is in -<emphasis>server security mode</emphasis> is operating in what used to be known as workgroup mode. -</para></note> - -<sect3> -<title>Example Configuration</title> -<para><emphasis> -Using MS Windows NT as an Authentication Server -</emphasis></para> - -<para> -This method involves the additions of the following parameters in the &smb.conf; file: -</para> - -<para><smbconfblock> -<smbconfoption name="encrypt passwords">Yes</smbconfoption> -<smbconfoption name="security">server</smbconfoption> -<smbconfoption name="password server">"NetBIOS_name_of_a_DC"</smbconfoption> -</smbconfblock></para> - - -<para> -There are two ways of identifying whether or not a username and password pair is valid. -One uses the reply information provided as part of the authentication messaging -process, the other uses just an error code. -</para> - -<para> -<indexterm><primary>bogus</primary></indexterm> -<indexterm><primary>lockout</primary></indexterm> -The downside of this mode of configuration is that for security reasons Samba -will send the password server a bogus username and a bogus password, and if the remote -server fails to reject the bogus username and password pair, then an alternative mode of -identification or validation is used. Where a site uses password lockout, after a -certain number of failed authentication attempts, this will result in user lockouts. -</para> - -<para> -Use of this mode of authentication requires a standard UNIX account for the user. -This account can be blocked to prevent logons by non-SMB/CIFS clients. -</para> - -</sect3> -</sect2> - </sect1> <sect1> @@ -738,24 +542,6 @@ to those for whom English is not their native tongue. </para> <sect2> -<title>What Makes Samba a Server?</title> - -<para> -To some, the nature of the Samba security mode is obvious, but entirely -wrong all the same. It is assumed that <smbconfoption name="security">server</smbconfoption> means that Samba -will act as a server. Not so! This setting means that Samba will <emphasis>try</emphasis> -to use another SMB server as its source for user authentication alone. -</para> - -<para> -Samba is a server regardless of which security mode is chosen. When Samba is used outside of a domain security -context, it is best to leave the security mode at the default setting. By default Samba-3 uses user-mode -security. -</para> - -</sect2> - -<sect2> <title>What Makes Samba a Domain Controller?</title> <para> @@ -778,56 +564,6 @@ makes Samba act as a domain member. Read the manufacturer's manual before the wa </sect2> - -<sect2> -<title>Constantly Losing Connections to Password Server</title> - -<para><quote> -Why does server_validate() simply give up rather than re-establish its connection to the -password server? Though I am not fluent in the SMB protocol, perhaps the cluster server -process passes along to its client workstation the session key it receives from the password -server, which means the password hashes submitted by the client would not work on a subsequent -connection whose session key would be different. So server_validate() must give up. -</quote></para> - -<para> -Indeed. That's why <smbconfoption name="security">server</smbconfoption> -is at best a nasty hack. Please use <smbconfoption name="security">domain</smbconfoption>; -<smbconfoption name="security">server</smbconfoption> mode is also known as pass-through authentication. -</para> - -</sect2> - -<sect2> -<title>Stand-alone Server is converted to Domain Controller &smbmdash; Now User accounts don't work</title> - -<para><quote> -When I try to log in to the DOMAIN, the eventlog shows <emphasis>tried credentials DOMAIN/username; effective -credentials SERVER/username</emphasis> -</quote></para> - -<para> -Usually this is due to a user or machine account being created before the Samba server is configured to be a -domain controller. Accounts created before the server becomes a domain controller will be -<emphasis>local</emphasis> accounts and authenticated as what looks like a member in the SERVER domain, much -like local user accounts in Windows 2000 and later. Accounts created after the Samba server becomes a domain -controller will be <emphasis>domain</emphasis> accounts and will be authenticated as a member of the DOMAIN -domain. -</para> - -<para> -This can be verified by issuing the command <command>pdbedit -L -v username</command>. If this reports DOMAIN -then the account is a domain account, if it reports SERVER then the account is a local account. -</para> - -<para> -The easiest way to resolve this is to remove and recreate the account; however this may cause problems with -established user profiles. You can also use <command>pdbedit -u username -I DOMAIN</command>. You may also -need to change the User SID and Primary Group SID to match the domain. -</para> - -</sect2> - </sect1> </chapter> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-StandAloneServer.xml b/docs-xml/Samba3-HOWTO/TOSHARG-StandAloneServer.xml index 4c9a1f0850..dfd4e7b529 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-StandAloneServer.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-StandAloneServer.xml @@ -287,7 +287,6 @@ The contents of the &smb.conf; file is shown in <link linkend="AnonPtrSvr">the A <smbconfsection name="[printers]"/> <smbconfoption name="comment">All Printers</smbconfoption> <smbconfoption name="path">/var/spool/samba</smbconfoption> -<smbconfoption name="printer admin">root</smbconfoption> <smbconfoption name="guest ok">Yes</smbconfoption> <smbconfoption name="printable">Yes</smbconfoption> <smbconfoption name="use client driver">Yes</smbconfoption> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml index 933efb512e..84ee82db57 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml @@ -34,8 +34,7 @@ modules that come with the Samba source and provides references to some external <indexterm><primary>IRIX</primary></indexterm> <indexterm><primary>GNU/Linux</primary></indexterm> If not supplied with your platform distribution binary Samba package, you may have problems compiling these -modules, as shared libraries are compiled and linked in different ways on different systems. They currently -have been tested against GNU/Linux and IRIX. +modules, as shared libraries are compiled and linked in different ways on different systems. </para> <para> diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml b/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml deleted file mode 100644 index 7ae6fd5bc2..0000000000 --- a/docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml +++ /dev/null @@ -1,967 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<chapter id="upgrading-to-3.0"> -<chapterinfo> - &author.jelmer; - &author.jht; - &author.jerry; - <pubdate>August 16, 2007</pubdate> -</chapterinfo> - -<title>Updating and Upgrading Samba</title> -<para> -This chapter provides a detailed record of changes made during the 3.x series releases. At this time this -series consists of the 3.0.x series that is under the GNU GPL version 2 license, and the Samba 3.2.x series -that is being released under the terms of the GNU GPL version 3 license. -</para> - -<sect1> -<title>Key Update Requirements</title> -<para> -Samba is a fluid product in which there may be significant changes between releases. Some of these changes are -brought about as a result of changes in the protocols that are used by Microsoft Windows network clients as a -result of security or functionality updates through official Microsoft patches and updates. Samba must track -such changes, particularly where they affect the internal operation of Samba itself. -</para> - -<para> -Please refer to any notes below that make explicit mention of the version of Samba you are using. In general, -all changes that apply to a new release will apply to follow-on releases also. For example, changes to Samba -3.0.23 affect all releases up to an including 3.0.25 and later. Samba 3.2.x was originaly cut from Samba -3.0.25 before 3.2.0-specific changes were applied. Unless a 3.0.x series feature is specifically revoked, the -behavior of the 3.2.x series can be expected to follow the earlier pattern. -</para> - -<sect2> -<title>Upgrading from Samba-3.0.x to Samba-3.2.0</title> -<para> -</para> -</sect2> - -<sect2 id="oldupdatenotes"> -<title>Upgrading from Samba-2.x to Samba-3.0.25</title> -<para> -<indexterm><primary>Samba differences</primary></indexterm> -<indexterm><primary>changed parameters</primary></indexterm> -<indexterm><primary>simple guide</primary></indexterm> -This chapter deals exclusively with the differences between Samba-3.0.25 and Samba-2.2.8a. -It points out where configuration parameters have changed, and provides a simple guide for -the move from 2.2.x to 3.0.25. -</para> -</sect2> - -<sect2> -<title>Quick Migration Guide</title> - -<para> -Samba-3.0.25 default behavior should be approximately the same as Samba-2.2.x. -The default behavior when the new parameter <smbconfoption name="passdb backend"/> -is not defined in the &smb.conf; file provides the same default behavior as Samba-2.2.x -with <smbconfoption name="encrypt passwords">Yes</smbconfoption> and -will use the <filename>smbpasswd</filename> database. -</para> - -<para> -<indexterm><primary>behavior approximately same</primary></indexterm> -<indexterm><primary>differing protocol</primary></indexterm> -So why say that <emphasis>behavior should be approximately the same as Samba-2.2.x</emphasis>? Because -Samba-3.0.25 can negotiate new protocols, such as support for native Unicode, that may result in -differing protocol code paths being taken. The new behavior under such circumstances is not -exactly the same as the old one. The good news is that the domain and machine SIDs will be -preserved across the upgrade. -</para> - -<para> -<indexterm><primary>LDAP backend</primary></indexterm> -<indexterm><primary>database</primary></indexterm> -<indexterm><primary>pdbedit</primary></indexterm> -<indexterm><primary>Samba-3-compatible LDAP backend</primary></indexterm> -If the Samba-2.2.x system is using an LDAP backend, and there is no time to update the LDAP -database, then make sure that <smbconfoption name="passdb backend">ldapsam_compat</smbconfoption> -is specified in the &smb.conf; file. For the rest, behavior should remain more or less the same. -At a later date, when there is time to implement a new Samba-3-compatible LDAP backend, it is possible -to migrate the old LDAP database to the new one through use of the <command>pdbedit</command>. -See <link linkend="pdbeditthing">The <emphasis>pdbedit</emphasis> Command</link>. -</para> - -</sect2> -</sect1> - -<sect1> -<title>New Features in Samba-3.x Series</title> -<para> -</para> - -<sect2> -<title>New Features in Samba-3.2.x Series</title> - -<para>Samba is now distributed under the version 3 -of the new GNU General Public License. -</para> - -<para> -The major new features are: -</para> - - -<orderedlist numeration="arabic"> - <listitem><para> -<indexterm><primary>File Service</primary></indexterm> -<indexterm><primary>limit</primary></indexterm> - Removal of the 1024 byte limit on pathnames and 256 byte limit on - filename components to honor the MAX_PATH setting from the host OS. - </para></listitem> - - <listitem><para> -<indexterm><primary>Registory</primary></indexterm> -<indexterm><primary>Configuration</primary></indexterm> - Introduction of a registry based configuration system. - </para></listitem> - - <listitem><para> -<indexterm><primary>cluster</primary></indexterm> - Experimental support for file serving clusters. - </para></listitem> - - <listitem><para> -<indexterm><primary>IPv6</primary></indexterm> - Support for IPv6 in the server, and client tools and libraries. - </para></listitem> - - <listitem><para> -<indexterm><primary>alternate data streams</primary></indexterm> - Support for storing alternate data streams in xattrs. - </para></listitem> - - <listitem><para> -<indexterm><primary>Encrypted SMB transport</primary></indexterm> - Encrypted SMB transport in client tools and libraries, and server. - </para></listitem> - - <listitem><para> -<indexterm><primary>Windows Vista</primary></indexterm> - Support for Vista clients authenticating via Kerberos. - </para></listitem> - - <listitem><para> -<indexterm><primary>Winbind</primary></indexterm> -<indexterm><primary>forest</primary></indexterm> - Full support for Windows 2003 cross-forest, transitive trusts - and one-way domain trusts. - </para></listitem> - - <listitem><para> -<indexterm><primary>pam_winbind</primary></indexterm> - Support for userPrincipalName logons via pam_winbind and NSS lookups. - </para></listitem> - - <listitem><para> -<indexterm><primary>LDAP</primary></indexterm> -<indexterm><primary>Active Directory</primary></indexterm> -<indexterm><primary>Signing</primary></indexterm> - Support for Active Directory LDAP Signing policy. - </para></listitem> - - <listitem><para> -<indexterm><primary>Licence</primary></indexterm> -<indexterm><primary>GPL</primary></indexterm> - New LGPL Winbind client library (libwbclient.so). - </para></listitem> - - <listitem><para> -<indexterm><primary>domain</primary></indexterm> -<indexterm><primary>domain trust</primary></indexterm> - Support for establishing interdomain trust relationships with Windows 2008. - </para></listitem> - - <listitem><para> -<indexterm><primary>joining</primary></indexterm> - New client and server support for remotely joining and unjoining Domains. - </para></listitem> - - - <listitem><para> -<indexterm><primary>joining</primary></indexterm> - Support for joining into Windows 2008 domains. - </para></listitem> - -</orderedlist> - -<para> -Plus lots of other improvements! -</para> - - -</sect2> - -<sect2> -<title>New Features in Samba-3.0.x</title> - -<para> -The major new features are: -</para> - -<orderedlist numeration="arabic"> - <listitem><para> -<indexterm><primary>ADS</primary></indexterm> -<indexterm><primary>LDAP/Kerberos</primary></indexterm> - Active Directory support. This release is able to join an ADS realm - as a member server and authenticate users using LDAP/Kerberos. - </para></listitem> - - <listitem><para> -<indexterm><primary>Unicode</primary></indexterm> -<indexterm><primary>multibyte character sets</primary></indexterm> - Unicode support. Samba will now negotiate Unicode on the wire, and - internally there is a much better infrastructure for multibyte - and Unicode character sets. - </para></listitem> - - <listitem><para> -<indexterm><primary>authentication system</primary></indexterm> - New authentication system. The internal authentication system has - been almost completely rewritten. Most of the changes are internal, - but the new authoring system is also very configurable. - </para></listitem> - - <listitem><para> -<indexterm><primary>filename mangling</primary></indexterm> - New filename mangling system. The filename mangling system has been - completely rewritten. An internal database now stores mangling maps - persistently. - </para></listitem> - - <listitem><para> -<indexterm><primary>net command</primary></indexterm> - New <quote>net</quote> command. A new <quote>net</quote> command has been added. It is - somewhat similar to the <quote>net</quote> command in Windows. Eventually, we - plan to replace a bunch of other utilities (such as smbpasswd) - with subcommands in <quote>net</quote>. - </para></listitem> - - <listitem><para> -<indexterm><primary>status32 codes</primary></indexterm> - Samba now negotiates NT-style status32 codes on the wire. This - considerably improves error handling. - </para></listitem> - - <listitem><para> -<indexterm><primary>printer attributes publishing</primary></indexterm> - Better Windows 200x/XP printing support, including publishing - printer attributes in Active Directory. - </para></listitem> - - <listitem><para> -<indexterm><primary>RPC modules</primary></indexterm> -<indexterm><primary>passdb backends</primary></indexterm> -<indexterm><primary>character sets</primary></indexterm> - New loadable RPC modules for passdb backends and character sets. - </para></listitem> - - <listitem><para> -<indexterm><primary>dual-daemon winbindd</primary></indexterm> - New default dual-daemon winbindd support for better performance. - </para></listitem> - - <listitem><para> -<indexterm><primary>migrating</primary></indexterm> -<indexterm><primary>maintaining ids</primary></indexterm> -<indexterm><primary>SID</primary></indexterm> - Support for migrating from a Windows NT 4.0 domain to a Samba - domain and maintaining user, group, and domain SIDs. - </para></listitem> - - <listitem><para> -<indexterm><primary>trust relationships</primary></indexterm> -<indexterm><primary>domain controllers</primary></indexterm> - Support for establishing trust relationships with Windows NT 4.0 - domain controllers. - </para></listitem> - - <listitem><para> -<indexterm><primary>Winbind architecture</primary></indexterm> -<indexterm><primary>LDAP directory</primary></indexterm> -<indexterm><primary>ID mapping</primary></indexterm> - Initial support for a distributed Winbind architecture using - an LDAP directory for storing SID to UID/GID mappings. - </para></listitem> - - <listitem><para> - Major updates to the Samba documentation tree. - </para></listitem> - - <listitem><para> -<indexterm><primary>SMB signing</primary></indexterm> -<indexterm><primary>security settings</primary></indexterm> - Full support for client and server SMB signing to ensure - compatibility with default Windows 2003 security settings. - </para></listitem> -</orderedlist> - -<para> -Plus lots of other improvements! -</para> - - -<sect3> -<title>Configuration Parameter Changes</title> - -<para> -This section contains a brief listing of changes to &smb.conf; options since the Samba-2.2.x series up to and -including Samba-3.0.25. -</para> - -<para> -Please refer to the smb.conf(5) man page for complete descriptions of new or modified -parameters. -</para> - -<para> -Whenever a Samba update or upgrade is performed it is highly recommended to read the file called -<emphasis>WHATSNEW.txt</emphasis> that is part of the Samba distribution tarball. This file may also -be obtain on-line from the Samba <ulink url="http://www.samba.org/samba/">web site</ulink>, in -the right column, under Current Stable Release, by clicking on <emphasis>Release Notes</emphasis>. -</para> - -</sect3> - -<sect3> -<title>Removed Parameters</title> - -<indexterm><primary>deleted parameters</primary></indexterm> -<para> -In alphabetical order, these are the parameters eliminated from Samba-2.2.x through 3.0.25. -</para> - -<itemizedlist> - <listitem><para>admin log</para></listitem> - <listitem><para>alternate permissions</para></listitem> - <listitem><para>character set</para></listitem> - <listitem><para>client codepage</para></listitem> - <listitem><para>code page directory</para></listitem> - <listitem><para>coding system</para></listitem> - <listitem><para>domain admin group</para></listitem> - <listitem><para>domain guest group</para></listitem> - <listitem><para>enable rid algorithm</para></listitem> - <listitem><para>enable svcctl</para></listitem> - <listitem><para>force unknown acl user</para></listitem> - <listitem><para>hosts equiv</para></listitem> - <listitem><para>ldap filter</para></listitem> - <listitem><para>min password length</para></listitem> - <listitem><para>nt smb support</para></listitem> - <listitem><para>post script</para></listitem> - <listitem><para>printer admin</para></listitem> - <listitem><para>printer driver</para></listitem> - <listitem><para>printer driver file</para></listitem> - <listitem><para>printer driver location</para></listitem> - <listitem><para>read size</para></listitem> - <listitem><para>source environment</para></listitem> - <listitem><para>status </para></listitem> - <listitem><para>strip dot </para></listitem> - <listitem><para>total print jobs</para></listitem> - <listitem><para>unicode</para></listitem> - <listitem><para>use rhosts</para></listitem> - <listitem><para>valid chars</para></listitem> - <listitem><para>vfs options</para></listitem> - <listitem><para>winbind enable local accounts</para></listitem> - <listitem><para>winbind max idle children</para></listitem> - <listitem><para>wins partners</para></listitem> -</itemizedlist> - -</sect3> - -<sect3> -<title>New Parameters</title> - -<para>The following new parameters have been released up to and including Samba 3.0.25 (grouped by function:)</para> - -<para>Remote Management</para> - -<indexterm><primary>new parameters</primary></indexterm> - -<itemizedlist> - <listitem><para>abort shutdown script</para></listitem> - <listitem><para>shutdown script</para></listitem> -</itemizedlist> - -<para>User and Group Account Management</para> - -<itemizedlist> - <listitem><para>add group script</para></listitem> - <listitem><para>add machine script</para></listitem> - <listitem><para>add user to group script</para></listitem> - <listitem><para>algorithmic rid base</para></listitem> - <listitem><para>delete group script</para></listitem> - <listitem><para>delete user from group script</para></listitem> - <listitem><para>passdb backend</para></listitem> - <listitem><para>rename user script</para></listitem> - <listitem><para>set primary group script</para></listitem> - <listitem><para>username map script</para></listitem> -</itemizedlist> - -<para>Authentication</para> - -<itemizedlist> - <listitem><para>auth methods</para></listitem> - <listitem><para>ldap password sync</para></listitem> - <listitem><para>passdb expand explicit</para></listitem> - <listitem><para>realm</para></listitem> -</itemizedlist> - -<para>Protocol Options</para> - -<itemizedlist> - <listitem><para>add port command</para></listitem> - <listitem><para>afs token lifetime</para></listitem> - <listitem><para>client lanman auth</para></listitem> - <listitem><para>client NTLMv2 auth</para></listitem> - <listitem><para>client schannel</para></listitem> - <listitem><para>client signing</para></listitem> - <listitem><para>client use spnego</para></listitem> - <listitem><para>defer sharing violations</para></listitem> - <listitem><para>disable netbios</para></listitem> - <listitem><para>dmapi support</para></listitem> - <listitem><para>enable privileges</para></listitem> - <listitem><para>use kerberos keytab</para></listitem> - <listitem><para>log nt token command</para></listitem> - <listitem><para>ntlm auth</para></listitem> - <listitem><para>paranoid server security </para></listitem> - <listitem><para>sendfile</para></listitem> - <listitem><para>server schannel</para></listitem> - <listitem><para>server signing</para></listitem> - <listitem><para>smb ports</para></listitem> - <listitem><para>svcctl list</para></listitem> - <listitem><para>use spnego</para></listitem> -</itemizedlist> - -<para>File Service</para> - -<itemizedlist> - <listitem><para>allocation roundup size</para></listitem> - <listitem><para>acl check permissions</para></listitem> - <listitem><para>acl group control</para></listitem> - <listitem><para>acl map full control</para></listitem> - <listitem><para>aio read size</para></listitem> - <listitem><para>aio write size</para></listitem> - <listitem><para>dfree cache time</para></listitem> - <listitem><para>dfree command</para></listitem> - <listitem><para>ea support</para></listitem> - <listitem><para>enable asu support</para></listitem> - <listitem><para>fam change notify</para></listitem> - <listitem><para>force unknown acl user</para></listitem> - <listitem><para>get quota command</para></listitem> - <listitem><para>hide special files</para></listitem> - <listitem><para>hide unwriteable files</para></listitem> - <listitem><para>inherit owner</para></listitem> - <listitem><para>hostname lookups</para></listitem> - <listitem><para>kernel change notify</para></listitem> - <listitem><para>mangle prefix</para></listitem> - <listitem><para>map acl inherit</para></listitem> - <listitem><para>map read only</para></listitem> - <listitem><para>max stat cache size</para></listitem> - <listitem><para>msdfs proxy</para></listitem> - <listitem><para>open files database hash size</para></listitem> - <listitem><para>set quota command</para></listitem> - <listitem><para>store dos attributes</para></listitem> - <listitem><para>use sendfile</para></listitem> - <listitem><para>usershare allow guests</para></listitem> - <listitem><para>usershare max shares</para></listitem> - <listitem><para>usershare owner only</para></listitem> - <listitem><para>usershare path</para></listitem> - <listitem><para>usershare prefix allow list</para></listitem> - <listitem><para>usershare prefix deny list</para></listitem> - <listitem><para>usershare template share</para></listitem> - <listitem><para>vfs objects</para></listitem> -</itemizedlist> - -<para>Printing</para> - -<itemizedlist> - <listitem><para>cups options</para></listitem> - <listitem><para>cups server</para></listitem> - <listitem><para>force printername</para></listitem> - <listitem><para>iprint server</para></listitem> - <listitem><para>max reported print jobs</para></listitem> - <listitem><para>printcap cache time</para></listitem> -</itemizedlist> - - -<para>Unicode and Character Sets</para> - -<itemizedlist> - <listitem><para>display charset</para></listitem> - <listitem><para>dos charset</para></listitem> - <listitem><para>UNIX charset</para></listitem> -</itemizedlist> - -<para>SID to UID/GID Mappings</para> - -<itemizedlist> - <listitem><para>idmap backend</para></listitem> - <listitem><para>idmap gid</para></listitem> - <listitem><para>idmap uid</para></listitem> - <listitem><para>username map script</para></listitem> - <listitem><para>winbind nss info</para></listitem> - <listitem><para>winbind offline logon</para></listitem> - <listitem><para>winbind refresh tickets</para></listitem> - <listitem><para>winbind trusted domains only</para></listitem> - <listitem><para>template primary group</para></listitem> -</itemizedlist> - -<para>LDAP</para> - -<itemizedlist> - <listitem><para>ldap delete dn</para></listitem> - <listitem><para>ldap group suffix</para></listitem> - <listitem><para>ldap idmap suffix</para></listitem> - <listitem><para>ldap machine suffix</para></listitem> - <listitem><para>ldap passwd sync</para></listitem> - <listitem><para>ldap replication sleep</para></listitem> - <listitem><para>ldap timeout</para></listitem> - <listitem><para>ldap user suffix</para></listitem> -</itemizedlist> - -<para>General Configuration</para> - -<itemizedlist> - <listitem><para>eventlog list</para></listitem> - <listitem><para>preload modules</para></listitem> - <listitem><para>reset on zero vc</para></listitem> - <listitem><para>privatedir</para></listitem> -</itemizedlist> - -</sect3> - -<sect3> -<title>Modified Parameters (Changes in Behavior)</title> - -<itemizedlist> - <listitem><para>acl group control (new default is No, deprecated parameter)</para></listitem> - <listitem><para>change notify timeout (scope changed)</para></listitem> - <listitem><para>dos filemode (disabled by default)</para></listitem> - <listitem><para>dos filetimes (enabled by default)</para></listitem> - <listitem><para>enable asu support (disabled by default)</para></listitem> - <listitem><para>enable privileges (enabled by default)</para></listitem> - <listitem><para>encrypt passwords (enabled by default) </para></listitem> - <listitem><para>host msdfs (enabled by default)</para></listitem> - <listitem><para>mangling method (set to hash2 by default) </para></listitem> - <listitem><para>map to guest</para></listitem> - <listitem><para>only user (deprecated)</para></listitem> - <listitem><para>passwd chat</para></listitem> - <listitem><para>passwd program</para></listitem> - <listitem><para>password server</para></listitem> - <listitem><para>restrict anonymous (integer value)</para></listitem> - <listitem><para>security (new ads value)</para></listitem> - <listitem><para>strict locking (auto by default)</para></listitem> - <listitem><para>winbind cache time (increased to 5 minutes)</para></listitem> - <listitem><para>winbind enum groups (disabled by default)</para></listitem> - <listitem><para>winbind enum users (disabled by default)</para></listitem> - <listitem><para>winbind nested groups (enabled by default)</para></listitem> - <listitem><para>winbind uid (deprecated in favor of idmap uid)</para></listitem> - <listitem><para>winbind gid (deprecated in favor of idmap gid)</para></listitem> - <listitem><para>winbindd nss info</para></listitem> - <listitem><para>write cache (deprecated)</para></listitem> -</itemizedlist> - -</sect3> - -</sect2> - -<sect2> -<title>New Functionality</title> - - <para> -<indexterm><primary>major changes</primary></indexterm> - The major changes in behavior since that Samba-2.2.x series are documented in this section. - Please refer to the <filename>WHATSNEW.txt</filename> file that ships with every release of - Samba to obtain detailed information regarding the changes that have been made during the - life of the current Samba release. - </para> - - <sect3> - <title>TDB Data Files</title> - -<indexterm><primary>tdb data files</primary></indexterm> - <para> - Refer to <link linkend="install">Installation, Chapter 1</link>, <link linkend="tdbdocs">Chapter 1</link> - for information pertaining to the Samba-3 data files, their location and the information that must be - preserved across server migrations, updates and upgrades. - </para> - - <para> -<indexterm><primary>tdb file backup</primary></indexterm> - Please remember to back up your existing ${lock directory}/*tdb before upgrading to Samba-3. If necessary, - Samba will upgrade databases as they are opened. Downgrading from Samba-3 to 2.2, or reversion to an earlier - version of Samba-3 from a later release, is an unsupported path. - </para> - - <para> -<indexterm><primary>tdb file descriptions</primary></indexterm> - The old Samba-2.2.x tdb files are described in <link linkend="oldtdbfiledesc">the next table</link>. - </para> - - - <table frame='all' id="oldtdbfiledesc"><title>Samba-2.2.x TDB File Descriptions</title> - <tgroup cols='3'> - <colspec align="left"/> - <colspec align="justify" colwidth="1*"/> - <colspec align="left"/> - <thead> - <row> - <entry align="left">Name</entry> - <entry align="justify">Description</entry> - <entry align="center">Backup?</entry> - </row> - </thead> - <tbody> - <row> - <entry>account_policy</entry> - <entry>User policy settings</entry> - <entry>yes</entry> - </row> - <row> - <entry>brlock</entry> - <entry>Byte-range file locking information.</entry> - <entry>no</entry> - </row> - <row> - <entry>connections</entry> - <entry><para>Client connection information</para></entry> - <entry>no</entry> - </row> - <row> - <entry>locking</entry> - <entry>Temporary file locking data.</entry> - <entry>no</entry> - </row> - <row> - <entry>messages</entry> - <entry><para>Temporary storage of messages being processed by smbd.</para></entry> - <entry>no</entry> - </row> - <row> - <entry>ntdrivers</entry> - <entry><para>Stores per-printer driver information.</para></entry> - <entry>yes</entry> - </row> - <row> - <entry>ntforms</entry> - <entry><para>Stores per-printer forms information.</para></entry> - <entry>yes</entry> - </row> - <row> - <entry>ntprinters</entry> - <entry><para>Stores the per-printer devmode configuration settings.</para></entry> - <entry>yes</entry> - </row> - <row> - <entry>printing/*.tdb</entry> - <entry><para>Cached output from lpq command created on a per-print-service basis.</para></entry> - <entry>no</entry> - </row> - <row> - - <entry>registry</entry> - <entry><para>Read-only Samba registry skeleton that provides support for - exporting various database tables via the winreg RPCs.</para></entry> - <entry>no</entry> - </row> - <row> - <entry>sessionid</entry> - <entry><para>Temporary cache for miscellaneous session information.</para></entry> - <entry>no</entry> - </row> - <row> - <entry>share_info</entry> - <entry>Share ACL settings.</entry> - <entry>yes</entry> - </row> - <row> - - <entry>unexpected</entry> - <entry><para>Packets received for which no process was listening.</para></entry> - <entry>no</entry> - </row> - <row> - <entry>winbindd_cache</entry> - <entry><para>Cache of identity information received from an NT4 or an ADS domain.</para></entry> - <entry>yes</entry> - </row> - <row> - <entry>winbindd_idmap</entry> - <entry><para>New ID map table from SIDS to UNIX UIDs/GIDs.</para></entry> - <entry>yes</entry> - </row> - </tbody> - </tgroup> - </table> - - </sect3> - - <sect3> - <title>Changes in Behavior</title> - - <para> - The following issues are known changes in behavior between Samba-2.2 and - Samba-3 that may affect certain installations of Samba. - </para> - - <orderedlist> - <listitem><para> -<indexterm><primary>Windows domain</primary></indexterm> -<indexterm><primary>getpwnam() call</primary></indexterm> -<indexterm><primary>NT_STATUS_LOGON_FAILURE</primary></indexterm> - When operating as a member of a Windows domain, Samba-2.2 would map any users authenticated by the remote DC - to the <quote>guest account</quote> if a UID could not be obtained via the getpwnam() call. Samba-3 rejects - the connection with the error message <quote>NT_STATUS_LOGON_FAILURE.</quote> There is no current workaround - to re-establish the Samba-2.2 behavior. - </para></listitem> - - <listitem><para> -<indexterm><primary>add user script</primary></indexterm> -<indexterm><primary>add machine script</primary></indexterm> - When adding machines to a Samba-2.2 controlled domain, the - <quote>add user script</quote> was used to create the UNIX identity of the - machine trust account. Samba-3 introduces a new <quote>add machine - script</quote> that must be specified for this purpose. Samba-3 will - not fall back to using the <quote>add user script</quote> in the absence of - an <quote>add machine script</quote>. - </para></listitem> - </orderedlist> - - </sect3> - - <sect3> - <title>Passdb Backends and Authentication</title> - - <para> - There have been a few new changes that Samba administrators should be - aware of when moving to Samba-3. - </para> - - <orderedlist> - <listitem><para> -<indexterm><primary>encrypted passwords</primary></indexterm> - Encrypted passwords have been enabled by default in order to - interoperate better with out-of-the-box Windows client - installations. This does mean that either (a) a Samba account - must be created for each user, or (b) <quote>encrypt passwords = no</quote> - must be explicitly defined in &smb.conf;. - </para></listitem> - - <listitem><para> -<indexterm><primary>ADS</primary></indexterm> -<indexterm><primary>Kerberos</primary></indexterm> -<indexterm><primary>LDAP</primary></indexterm> - Inclusion of new <smbconfoption name="security">ads</smbconfoption> option for integration - with an Active Directory domain using the native Windows Kerberos 5 and LDAP protocols. - </para></listitem> - </orderedlist> - - <para> -<indexterm><primary>account storage backends</primary></indexterm> - Samba-3 also includes the possibility of setting up chains of authentication methods (<smbconfoption - name="auth methods"/>) and account storage backends (<smbconfoption name="passdb backend"/>). Please refer to - the &smb.conf; man page and <link linkend="passdb">Account Information Databases</link>, for - details. While both parameters assume sane default values, it is likely that you will need to understand what - the values actually mean in order to ensure Samba operates correctly. - </para> - - <para> -<indexterm><primary>pdbedit</primary></indexterm> -<indexterm><primary>smbpasswd</primary></indexterm> -<indexterm><primary>net tool</primary></indexterm> - Certain functions of the <command>smbpasswd</command> tool have been split between the - new <command>smbpasswd</command> utility, the <command>net</command> tool, and the new <command>pdbedit</command> - utility. See the respective man pages for details. - </para> - - </sect3> - - <sect3> - <title>LDAP</title> - - <para> - This section outlines the new features effecting Samba/LDAP integration. - </para> - - <sect4> - <title>New Schema</title> - - <para> -<indexterm><primary>object class</primary></indexterm> -<indexterm><primary>sambaSamAccount</primary></indexterm> -<indexterm><primary>LDIF</primary></indexterm> -<indexterm><primary>attributes</primary></indexterm> - A new object class (sambaSamAccount) has been introduced to replace - the old sambaAccount. This change aids in the renaming of attributes - to prevent clashes with attributes from other vendors. There is a - conversion script (examples/LDAP/convertSambaAccount) to modify an LDIF - file to the new schema. - </para> - - <para> - Example: -<indexterm><primary>ldapsearch</primary></indexterm> - </para> - <para><screen> - &prompt;ldapsearch .... -LLL -b "ou=people,dc=..." > old.ldif - &prompt;convertSambaAccount --sid <DOM SID> --input old.ldif --output new.ldif - </screen></para> - - <para> -<indexterm><primary>net</primary><secondary>getlocalsid</secondary></indexterm> - The <DOM SID> can be obtained by running -<screen> -&prompt;<userinput>net getlocalsid <DOMAINNAME></userinput> -</screen> -<indexterm><primary>PDC</primary></indexterm> - on the Samba PDC as root. - </para> - - <para> - Under Samba-2.x the domain SID can be obtained by executing: -<indexterm><primary>smbpasswd</primary></indexterm> -<screen> -&prompt;<userinput>smbpasswd -S <DOMAINNAME></userinput> -</screen> - </para> - - <para> -<indexterm><primary>old sambaAccount</primary></indexterm> -<indexterm><primary>ldapsam_compat</primary></indexterm> -<indexterm><primary>object class declaration</primary></indexterm> -<indexterm><primary>samba.schema</primary></indexterm> - The old <literal>sambaAccount</literal> schema may still be used by specifying the - <parameter>ldapsam_compat</parameter> passdb backend. However, the sambaAccount and - associated attributes have been moved to the historical section of - the schema file and must be uncommented before use if needed. - The Samba-2.2 object class declaration for a <literal>sambaAccount</literal> has not changed - in the Samba-3 <filename>samba.schema</filename> file. - </para> - - <para> - Other new object classes and their uses include: - </para> - - <itemizedlist> - <listitem><para> -<indexterm><primary>sambaDomain</primary></indexterm> -<indexterm><primary>domain information</primary></indexterm> -<indexterm><primary>RID</primary></indexterm> -<indexterm><primary>ldap suffix</primary></indexterm> -<indexterm><primary>ldapsam</primary></indexterm> -<indexterm><primary>idmap</primary></indexterm> - <literal>sambaDomain</literal> &smbmdash; domain information used to allocate RIDs - for users and groups as necessary. The attributes are added - in <quote>ldap suffix</quote> directory entry automatically if - an idmap UID/GID range has been set and the <quote>ldapsam</quote> - passdb backend has been selected. - </para></listitem> - - <listitem><para> -<indexterm><primary>sambaGroupMapping</primary></indexterm> -<indexterm><primary>ldap group suffix</primary></indexterm> -<indexterm><primary>net groupmap</primary></indexterm> - sambaGroupMapping &smbmdash; an object representing the - relationship between a posixGroup and a Windows - group/SID. These entries are stored in the <quote>ldap - group suffix</quote> and managed by the <quote>net groupmap</quote> command. - </para></listitem> - - <listitem><para> -<indexterm><primary>sambaUNIXIdPool</primary></indexterm> -<indexterm><primary>ldap idmap suffix</primary></indexterm> -<indexterm><primary>idmap UID</primary></indexterm> -<indexterm><primary>idmap GID</primary></indexterm> - <literal>sambaUNIXIdPool</literal> &smbmdash; created in the <quote>ldap idmap suffix</quote> entry - automatically and contains the next available <quote>idmap UID</quote> and - <quote>idmap GID</quote>. - </para></listitem> - - <listitem><para> -<indexterm><primary>sambaIdmapEntry</primary></indexterm> -<indexterm><primary>idmap_ldap module</primary></indexterm> - <literal>sambaIdmapEntry</literal> &smbmdash; object storing a mapping between a - SID and a UNIX UID/GID. These objects are created by the - idmap_ldap module as needed. - </para></listitem> - </itemizedlist> - - </sect4> - - <sect4> - <title>New Suffix for Searching</title> - - <para> -<indexterm><primary>LDAP queries</primary></indexterm> -<indexterm><primary>passdb backend</primary></indexterm> -<indexterm><primary>ldap suffix</primary></indexterm> -<indexterm><primary>ldap user suffix</primary></indexterm> -<indexterm><primary>ldap machine suffix</primary></indexterm> -<indexterm><primary>ldap group suffix</primary></indexterm> -<indexterm><primary>ldap idmap suffix</primary></indexterm> - The following new &smb.conf; parameters have been added to aid in directing - certain LDAP queries when <parameter>passdb backend = ldapsam://...</parameter> has been - specified. - </para> - - <itemizedlist> - <listitem><para>ldap suffix &smbmdash; used to search for user and computer accounts.</para></listitem> - <listitem><para>ldap user suffix &smbmdash; used to store user accounts.</para></listitem> - <listitem><para>ldap machine suffix &smbmdash; used to store machine trust accounts.</para></listitem> - <listitem><para>ldap group suffix &smbmdash; location of posixGroup/sambaGroupMapping entries.</para></listitem> - <listitem><para>ldap idmap suffix &smbmdash; location of sambaIdmapEntry objects.</para></listitem> - </itemizedlist> - - <para> -<indexterm><primary>ldap suffix</primary></indexterm> -<indexterm><primary>subsuffix parameters</primary></indexterm> - If an <parameter>ldap suffix</parameter> is defined, it will be appended to all of the - remaining subsuffix parameters. In this case, the order of the suffix - listings in &smb.conf; is important. Always place the <parameter>ldap suffix</parameter> first - in the list. - </para> - - <para> - Due to a limitation in Samba's &smb.conf; parsing, you should not surround - the domain names with quotation marks. - </para> - - </sect4> - - <sect4> - <title>IdMap LDAP Support</title> - - <para> -<indexterm><primary>idmap backend</primary></indexterm> - Samba-3 supports an LDAP backend for the idmap subsystem. The - following options inform Samba that the idmap table should be - stored on the directory server <emphasis>onterose</emphasis> in the ou=Idmap,dc=quenya,dc=org partition. - </para> - - <smbconfblock> - <smbconfsection name="[global]"/> - <member>...</member> - <smbconfoption name="idmap backend">ldap:ldap://onterose/</smbconfoption> - <smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption> - <smbconfoption name="idmap uid">40000-50000</smbconfoption> - <smbconfoption name="idmap gid">40000-50000</smbconfoption> - </smbconfblock> - - <para> -<indexterm><primary>NFS</primary></indexterm> - This configuration allows Winbind installations on multiple servers to - share a UID/GID number space, thus avoiding the interoperability problems - with NFS that were present in Samba-2.2. - </para> - - </sect4> - - </sect3> - - </sect2> - -</sect1> - -</chapter> diff --git a/docs-xml/Samba3-HOWTO/index.xml b/docs-xml/Samba3-HOWTO/index.xml index 8321714867..b2af47af6e 100644 --- a/docs-xml/Samba3-HOWTO/index.xml +++ b/docs-xml/Samba3-HOWTO/index.xml @@ -174,8 +174,6 @@ The chapters in this part each cover specific Samba features. <title>Migration and Updating</title> <?latex \cleardoublepage ?> - <xi:include href="TOSHARG-upgrading-to-3.0.xml"/> - <?latex \cleardoublepage ?> <xi:include href="TOSHARG-NT4Migration.xml"/> <?latex \cleardoublepage ?> <xi:include href="TOSHARG-SWAT.xml"/> @@ -204,10 +202,6 @@ The chapters in this part each cover specific Samba features. <?latex \cleardoublepage ?> <xi:include href="TOSHARG-Compiling.xml"/> <?latex \cleardoublepage ?> - <xi:include href="TOSHARG-Portability.xml"/> - <?latex \cleardoublepage ?> - <xi:include href="TOSHARG-Other-Clients.xml"/> - <?latex \cleardoublepage ?> <xi:include href="TOSHARG-Speed.xml"/> <?latex \cleardoublepage ?> <xi:include href="TOSHARG-SecureLDAP.xml"/> diff --git a/docs-xml/Samba3-HOWTO/manpages.xml b/docs-xml/Samba3-HOWTO/manpages.xml index 944f842a49..577ac8bab9 100644 --- a/docs-xml/Samba3-HOWTO/manpages.xml +++ b/docs-xml/Samba3-HOWTO/manpages.xml @@ -7,65 +7,65 @@ All manual pages have been written by members of <ulink url="http://www.samba.org/samba/team.html">the Samba Team</ulink>.</para> - <xi:include href="../manpages-3/eventlogadm.8.xml"/> - <xi:include href="../manpages-3/findsmb.1.xml"/> - <xi:include href="../manpages-3/idmap_ad.8.xml"/> - <xi:include href="../manpages-3/idmap_ldap.8.xml"/> - <xi:include href="../manpages-3/idmap_nss.8.xml"/> - <xi:include href="../manpages-3/idmap_rid.8.xml"/> - <xi:include href="../manpages-3/idmap_tdb.8.xml"/> - <xi:include href="../manpages-3/libsmbclient.7.xml"/> - <xi:include href="../manpages-3/lmhosts.5.xml"/> - <xi:include href="../manpages-3/log2pcap.1.xml"/> - <xi:include href="../manpages-3/net.8.xml"/> - <xi:include href="../manpages-3/nmbd.8.xml"/> - <xi:include href="../manpages-3/nmblookup.1.xml"/> - <xi:include href="../manpages-3/ntlm_auth.1.xml"/> - <xi:include href="../manpages-3/pam_winbind.8.xml"/> - <xi:include href="../manpages-3/pdbedit.8.xml"/> - <xi:include href="../manpages-3/profiles.1.xml"/> - <xi:include href="../manpages-3/rpcclient.1.xml"/> - <xi:include href="../manpages-3/smbcacls.1.xml"/> - <xi:include href="../manpages-3/smbclient.1.xml"/> - <xi:include href="../manpages-3/smb.conf.5.xml"/> - <xi:include href="../manpages-3/smbcontrol.1.xml"/> - <xi:include href="../manpages-3/smbcquotas.1.xml"/> - <xi:include href="../manpages-3/smbd.8.xml"/> - <xi:include href="../manpages-3/smbget.1.xml"/> - <xi:include href="../manpages-3/smbgetrc.5.xml"/> - <xi:include href="../manpages-3/smbpasswd.5.xml"/> - <xi:include href="../manpages-3/smbpasswd.8.xml"/> - <xi:include href="../manpages-3/smbsh.1.xml"/> - <xi:include href="../manpages-3/smbstatus.1.xml"/> - <xi:include href="../manpages-3/smbtar.1.xml"/> - <xi:include href="../manpages-3/smbtree.1.xml"/> - <xi:include href="../manpages-3/smbumount.8.xml"/> - <xi:include href="../manpages-3/swat.8.xml"/> - <xi:include href="../manpages-3/tdbbackup.8.xml"/> - <xi:include href="../manpages-3/tdbdump.8.xml"/> - <xi:include href="../manpages-3/tdbtool.8.xml"/> - <xi:include href="../manpages-3/testparm.1.xml"/> - <xi:include href="../manpages-3/wbinfo.1.xml"/> - <xi:include href="../manpages-3/winbindd.8.xml"/> - <xi:include href="../manpages-3/vfs_audit.8.xml"/> - <xi:include href="../manpages-3/vfs_cacheprime.8.xml"/> - <xi:include href="../manpages-3/vfs_cap.8.xml"/> - <xi:include href="../manpages-3/vfs_catia.8.xml"/> - <xi:include href="../manpages-3/vfs_commit.8.xml"/> - <xi:include href="../manpages-3/vfs_default_quota.8.xml"/> - <xi:include href="../manpages-3/vfs_extd_audit.8.xml"/> - <xi:include href="../manpages-3/vfs_fake_perms.8.xml"/> - <xi:include href="../manpages-3/vfs_full_audit.8.xml"/> - <xi:include href="../manpages-3/vfs_gpfs.8.xml"/> - <xi:include href="../manpages-3/vfs_netatalk.8.xml"/> - <xi:include href="../manpages-3/vfs_notify_fam.8.xml"/> - <xi:include href="../manpages-3/vfs_prealloc.8.xml"/> - <xi:include href="../manpages-3/vfs_readahead.8.xml"/> - <xi:include href="../manpages-3/vfs_readonly.8.xml"/> - <xi:include href="../manpages-3/vfs_recycle.8.xml"/> - <xi:include href="../manpages-3/vfs_shadow_copy.8.xml"/> - <xi:include href="../manpages-3/vfstest.1.xml"/> - <xi:include href="../manpages-3/wbinfo.1.xml"/> - <xi:include href="../manpages-3/winbindd.8.xml"/> + <xi:include href="../manpages/eventlogadm.8.xml"/> + <xi:include href="../manpages/findsmb.1.xml"/> + <xi:include href="../manpages/idmap_ad.8.xml"/> + <xi:include href="../manpages/idmap_ldap.8.xml"/> + <xi:include href="../manpages/idmap_nss.8.xml"/> + <xi:include href="../manpages/idmap_rid.8.xml"/> + <xi:include href="../manpages/idmap_tdb.8.xml"/> + <xi:include href="../manpages/libsmbclient.7.xml"/> + <xi:include href="../manpages/lmhosts.5.xml"/> + <xi:include href="../manpages/log2pcap.1.xml"/> + <xi:include href="../manpages/net.8.xml"/> + <xi:include href="../manpages/nmbd.8.xml"/> + <xi:include href="../manpages/nmblookup.1.xml"/> + <xi:include href="../manpages/ntlm_auth.1.xml"/> + <xi:include href="../manpages/pam_winbind.8.xml"/> + <xi:include href="../manpages/pdbedit.8.xml"/> + <xi:include href="../manpages/profiles.1.xml"/> + <xi:include href="../manpages/rpcclient.1.xml"/> + <xi:include href="../manpages/smbcacls.1.xml"/> + <xi:include href="../manpages/smbclient.1.xml"/> + <xi:include href="../manpages/smb.conf.5.xml"/> + <xi:include href="../manpages/smbcontrol.1.xml"/> + <xi:include href="../manpages/smbcquotas.1.xml"/> + <xi:include href="../manpages/smbd.8.xml"/> + <xi:include href="../manpages/smbget.1.xml"/> + <xi:include href="../manpages/smbgetrc.5.xml"/> + <xi:include href="../manpages/smbpasswd.5.xml"/> + <xi:include href="../manpages/smbpasswd.8.xml"/> + <xi:include href="../manpages/smbsh.1.xml"/> + <xi:include href="../manpages/smbstatus.1.xml"/> + <xi:include href="../manpages/smbtar.1.xml"/> + <xi:include href="../manpages/smbtree.1.xml"/> + <xi:include href="../manpages/smbumount.8.xml"/> + <xi:include href="../manpages/swat.8.xml"/> + <xi:include href="../manpages/tdbbackup.8.xml"/> + <xi:include href="../manpages/tdbdump.8.xml"/> + <xi:include href="../manpages/tdbtool.8.xml"/> + <xi:include href="../manpages/testparm.1.xml"/> + <xi:include href="../manpages/wbinfo.1.xml"/> + <xi:include href="../manpages/winbindd.8.xml"/> + <xi:include href="../manpages/vfs_audit.8.xml"/> + <xi:include href="../manpages/vfs_cacheprime.8.xml"/> + <xi:include href="../manpages/vfs_cap.8.xml"/> + <xi:include href="../manpages/vfs_catia.8.xml"/> + <xi:include href="../manpages/vfs_commit.8.xml"/> + <xi:include href="../manpages/vfs_default_quota.8.xml"/> + <xi:include href="../manpages/vfs_extd_audit.8.xml"/> + <xi:include href="../manpages/vfs_fake_perms.8.xml"/> + <xi:include href="../manpages/vfs_full_audit.8.xml"/> + <xi:include href="../manpages/vfs_gpfs.8.xml"/> + <xi:include href="../manpages/vfs_netatalk.8.xml"/> + <xi:include href="../manpages/vfs_notify_fam.8.xml"/> + <xi:include href="../manpages/vfs_prealloc.8.xml"/> + <xi:include href="../manpages/vfs_readahead.8.xml"/> + <xi:include href="../manpages/vfs_readonly.8.xml"/> + <xi:include href="../manpages/vfs_recycle.8.xml"/> + <xi:include href="../manpages/vfs_shadow_copy.8.xml"/> + <xi:include href="../manpages/vfstest.1.xml"/> + <xi:include href="../manpages/wbinfo.1.xml"/> + <xi:include href="../manpages/winbindd.8.xml"/> </reference> diff --git a/docs-xml/Samba4-HOWTO/ad-dc.xml b/docs-xml/Samba4-HOWTO/ad-dc.xml deleted file mode 100644 index cdfc358edc..0000000000 --- a/docs-xml/Samba4-HOWTO/ad-dc.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="ad-dc"> - <title>Active Directory - Domain Controller</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/ad-member.xml b/docs-xml/Samba4-HOWTO/ad-member.xml deleted file mode 100644 index b46d99be74..0000000000 --- a/docs-xml/Samba4-HOWTO/ad-member.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="ad-member"> - <title>Active Directory - Member</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/auth.xml b/docs-xml/Samba4-HOWTO/auth.xml deleted file mode 100644 index 58b25f4035..0000000000 --- a/docs-xml/Samba4-HOWTO/auth.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="authentication"> - <title>Authentication</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/cifsfs.xml b/docs-xml/Samba4-HOWTO/cifsfs.xml deleted file mode 100644 index 190c3840d6..0000000000 --- a/docs-xml/Samba4-HOWTO/cifsfs.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="cifsfs"> - <title>CIFSFS</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/compiling.xml b/docs-xml/Samba4-HOWTO/compiling.xml deleted file mode 100644 index 048a0f4b8e..0000000000 --- a/docs-xml/Samba4-HOWTO/compiling.xml +++ /dev/null @@ -1,24 +0,0 @@ -<chapter id="compiling"> - <title>Compiling</title> - - <sect1> - <title>Downloading the source - Tar Ball</title> - - </sect1> - - <sect1> - <title>Downloading the source - Subversion</title> - - </sect1> - - <sect1> - <title>Compiling the source</title> - - </sect1> - - <sect1> - <title>Installing</title> - - </sect1> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/config.xml b/docs-xml/Samba4-HOWTO/config.xml deleted file mode 100644 index e251c698ab..0000000000 --- a/docs-xml/Samba4-HOWTO/config.xml +++ /dev/null @@ -1,5 +0,0 @@ -<chapter id="config"> - <title>Configuration</title> - - <para>Chapter describing Samba's configuration in detail.</para> -</chapter> diff --git a/docs-xml/Samba4-HOWTO/domain-bdc.xml b/docs-xml/Samba4-HOWTO/domain-bdc.xml deleted file mode 100644 index 61c420fe7b..0000000000 --- a/docs-xml/Samba4-HOWTO/domain-bdc.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="bdc"> - <title>Backup Domain Controller</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/domain-member.xml b/docs-xml/Samba4-HOWTO/domain-member.xml deleted file mode 100644 index 864e000f3a..0000000000 --- a/docs-xml/Samba4-HOWTO/domain-member.xml +++ /dev/null @@ -1,3 +0,0 @@ -<chapter id="domain-member"> - <title>Domain Member</title> -</chapter> diff --git a/docs-xml/Samba4-HOWTO/domain-pdc.xml b/docs-xml/Samba4-HOWTO/domain-pdc.xml deleted file mode 100644 index 7ad5637911..0000000000 --- a/docs-xml/Samba4-HOWTO/domain-pdc.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="domain-pdc"> - <title>Domain DC</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/gui-clients.xml b/docs-xml/Samba4-HOWTO/gui-clients.xml deleted file mode 100644 index 8c158d9cbd..0000000000 --- a/docs-xml/Samba4-HOWTO/gui-clients.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="gui-clients"> - <title>GUI Clients</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/history.xml b/docs-xml/Samba4-HOWTO/history.xml deleted file mode 100644 index e69de29bb2..0000000000 --- a/docs-xml/Samba4-HOWTO/history.xml +++ /dev/null diff --git a/docs-xml/Samba4-HOWTO/index.xml b/docs-xml/Samba4-HOWTO/index.xml deleted file mode 100644 index 6562a7ed34..0000000000 --- a/docs-xml/Samba4-HOWTO/index.xml +++ /dev/null @@ -1,137 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> - -<book id="Samba-HOWTO" - xmlns:xi="http://www.w3.org/2003/XInclude"> -<title>The Official Samba-4 HOWTO</title> - -<bookinfo> - <authorgroup> - <editor>&person.jelmer;</editor> - </authorgroup> - <pubdate><?latex \today ?></pubdate> - -</bookinfo> - -<?latex \setcounter{page}{5} ?> - -<preface> - <title>Attribution</title> - <para> - <xi:include href="../Samba4-HOWTO-attributions.xml"/> - </para> -</preface> - -<?latex \cleardoublepage ?> - -<!-- Contents --> -<toc/> -<?latex \cleardoublepage ?> - -<part> - <title>Introduction to SMB networks</title> - - <para>Not everybody is already familiar with SMB networks and the jargon - used in such networks. This part describes the evolution of SMB, - how the protocol is structured and what Samba can be used for. </para> - - <para>NT admins, already familiar with SMB networks, are probably only - interested in the chapter about Samba itself.</para> - - <xi:include href="protocol.xml"/> - <xi:include href="samba.xml"/> - -</part> - -<part> - <title>Samba 4 Basics</title> - - <para>FIXME</para> - - <xi:include href="config.xml"/> - <xi:include href="ldb.xml"/> -</part> - -<part> - <title>Network model</title> - - <para> - A SMB server is used in a certain network type - (workgroup, domain, active directory) with a specific - role (stand-alone, primary domain controller, backup domain controller, etc) in that network. Samba has to be configured according to that role. - Each of the chapters in this part describes how to configure Samba - for a specific role. - </para> - -</part> - -<part> - <title>Network Model: Share-based security</title> - - <xi:include href="security=share.xml"/> -</part> - -<part> - <title>Network Model: User-based security</title> - <xi:include href="security=user.xml"/> -</part> - -<part id="domain"> - <title>Network Model: NT4-style domains</title> - - <xi:include href="domain-pdc.xml"/> - <xi:include href="domain-bdc.xml"/> - <xi:include href="domain-member.xml"/> -</part> - -<part id="ad"> - <title>Network Model - Active Directory</title> - - <xi:include href="ad-dc.xml"/> - <xi:include href="ad-member.xml"/> -</part> - -<part> - <title>Common services</title> - - <para> - Independent of the role the server has, it can provide services. - Examples of services are printing, user management, authentication, etc. - </para> - - <xi:include href="shares.xml"/> - <xi:include href="printing.xml"/> - <xi:include href="auth.xml"/> - <xi:include href="registry.xml"/> -</part> - -<part> - <title>Clients</title> - - <para>Samba includes a number of different clients for accessing - SMB file, print and other services. Pretty much every service can - be access using a command-line utility, though there are several - GUI clients available as well.</para> - - <xi:include href="smbclient.xml"/> - <xi:include href="cifsfs.xml"/> - <xi:include href="gui-clients.xml"/> -</part> - -<part> - <title>Appendices</title> - - <xi:include href="compiling.xml"/> - -</part> - -<lot/> - -<?latex \include{gpl}?> - -<!--<xi:include href="../Samba-HOWTO-Collection/glossary.xml"/>--> - -<?latex \chaptermark{Subject index} ?> -<index/> - -</book> diff --git a/docs-xml/Samba4-HOWTO/ldb.xml b/docs-xml/Samba4-HOWTO/ldb.xml deleted file mode 100644 index 340cc7148a..0000000000 --- a/docs-xml/Samba4-HOWTO/ldb.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="ldb"> - <title>LDB</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/printing.xml b/docs-xml/Samba4-HOWTO/printing.xml deleted file mode 100644 index 5ffb2b7680..0000000000 --- a/docs-xml/Samba4-HOWTO/printing.xml +++ /dev/null @@ -1,11 +0,0 @@ -<chapter id="printing"> - <title>Printing</title> - - <!--FIXME: Some Windows printing background information --> - - <sect1 id="unix"> - <title>Unix printing types</title> - - </sect1> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/protocol.xml b/docs-xml/Samba4-HOWTO/protocol.xml deleted file mode 100644 index f2961116e0..0000000000 --- a/docs-xml/Samba4-HOWTO/protocol.xml +++ /dev/null @@ -1,204 +0,0 @@ -<chapter id="protocol"> - <title>The SMB/CIFS protocol</title> - - <!-- - Some parts shamelessly borrowed from myself. - Original on http://jelmer.vernstok.nl/publications/cifs-developments.pdf - --> - - <para> - "SMB" (also known as "CIFS") is a - file-sharing protocol that has been used since the mid-eighties. - Most people know SMB as the protocol behind the "Network Neighbourhood" - and remote printing in Windows. - </para> - - <para> - Several parts of the protocol are not discussed in this chapter, such - as mailslots, browsing and dfs, to prevent it from getting too complex. - CIFS internals are documented in detail in <citation>Hertel, 2003</citation>. - </para> - - - <sect1> - <title>History</title> - - <sect2> - <title>Invention by IBM</title> - - <para> - SMB is not very old, but it has a long history of modifications and extensions. - The original protocol was meant to run over ``NetBIOS'', which was the - name of the DOS interface to a very simple LAN system developed by IBM. - NetBIOS was developed because SNA, IBM's other main - protocol at the time, was much too advanced for use in DOS. - </para> - - <para> - The NetBIOS API in these days (early eighties) was nothing more then the - interface to a very simple link-layer protocol - over which several protocols, including SMB, were used. It could do reads and - writes to services on remote hosts, which were identified by case-insensitive - names, and discover all available hosts and services. - </para> - - <para> - Dr. Barry Feigenbau, an IBM employee, invented the core of the original SMB protocol, - which he initially named after himself: ``BAF''. He later changed the name to - be ``SMB'' (for ``Server Message Block''). Every packet in the protocol - starts with a byte $0xFF$ and these three letters. - </para> - - <para> - IBM, Microsoft, 3Com and Intel made up the rest of the initial protocol - together. The commands the protocol supported at this stage were basically - a mirror of the DOS File IO API calls, which meant the protocol wasn't very - efficient. The protocol also lacked authentication support. Everybody on the - network could do reads and writes, which meant this protocol - wasn't very suitable for large enterprises. - </para> - - <para> - NetBIOS is an API that has had various implementations; there is - NetBIOS over TCP/IP (NBT), NetBIOS over IPX, NetBIOS over SNA and - even NetBIOS over DECNEt. Mostly used these days is - NetBIOS over TCP (NBT). - </para> - - <para> - This is also were things are starting to get hairy. Since NetBIOS identifies - hosts by their name, NetBIOS clients had to start doing IP broadcasts to - figure out the IP of the host they had to connect to. Several schemes were - introduced to do name lookups crossing subnet boundaries, using name servers, - etc. We're basically emulating a NetBIOS LAN in order to be able to run SMB. - </para> - - <para> - Doing NetBIOS over IP is not very sane, however, the NBT implementation itself - in Windows isn't very nice either. It has horrible - limits, special exceptions, several broken schemes for looking up - names (including two kinds of name servers). NetBIOS and NetBIOS over TCP/IP - are described in RFC1001 and RFC1002. - </para> - </sect2> - - <sect2> - <title>The various incarnations of SMB</title> - - <para>Over the years, several usage models for SMB have been developed. While SMB originally started out as a file sharing protocol, it was later extended to include support for network management and other network services - as well.</para> - - <para> - One of the reasons for the various "upgrades" of the SMB - protocol is the fact that networks have become larger - and larger and with them the need for privilege separation - and scalability has increased. - </para> - - <sect3> - <title>DOS</title> - - <para> - The original model in which SMB was used was as a - simple file-sharing service in a NetBIOS-environment. - </para> - - <para> - File sharing worked basically by specifying a list of directories that had - to be shared and what name they had to be shared under ("shares"). Eventually, - one could password-protect a share. At most one password per share could be set. - </para> - </sect3> - - <sect3> - <title>Windows For Workgroups</title> - - <para> - After the ``CORE'' dialect, - IBM and Microsoft implemented a new dialect known as ``LANMAN''. - This dialect was used by Windows for - Workgroups, OS/2 and Windows 9x which all know it under a different name. A - 'virtual' file system was also added, which was used for doing remote function - calls (RAP, for ``Remote Administration Protocol''). - </para> - - <para> - Computers are grouped into "Workgroups" in this model. Everybody is equal to - the others and there is no central point of control. - </para> - </sect3> - - <sect3> - <title>Windows NT</title> - <para> - For Windows NT, yet another dialect was added, named 'NT'. The NT dialect - had it's own set of file I/O functions (similar to the NT File I/O API) - and it had support for yet another way of doing remote function calls: - DCE/RPC. RPC's are used for DCOM and several of the subsystems in NT - that can be accessed remotely (registry, printing, user management, logging - on, etc). - </para> - - <para> - Windows NT works with a new concept for grouping computers called ``domains''<footnote>In the protocol, domains are actually an upgraded version of a workgroup</footnote>. Each computer is member of exactly one domain. There are several roles a computer can have in the domain: PDC (primary domain controller, the "manager" of the domain, that coordinates all authentication and authorization), BDC (Backup domain controller, in case the PDC goes down) or just a regular domain member. The PDC decides who is to be a member of the domain. - </para> - </sect3> - - <sect3> - <title>Windows 2000</title> - <para> - In Windows NT 5 (marketing name: Windows 2000), NetBIOS-less SMB was - introduced. This means SMB is used directly over TCP port 445 instead of - via NetBIOS over TCP/IP. DNS - is used for looking up machine names. - </para> - - <para>Windows 2000 was also the first operating system from Microsoft - that had support for Active Directory. Active Directory is very - similar to the "domain" concept used by NT4, though it - is implemented differently (using modified open protocols), - and has some additional features (one of the most important ones being decentralized). - </para> - - <para> - Active directory no longer uses a central point of authority - and there are fewer limits to the size of a domain. Several - DC's can exist, so there is no longer a single point of - failure as well as better scalability. - </para> - </sect3> - </sect2> - - <sect2> - <title>Samba versions and their support for the SMB models</title> - - <sect3> - <title>Samba 2.2</title> - - <para>Full CORE and Workgroup support. Somewhat basic - NT4-style support.</para> - </sect3> - - <sect3> - <title>Samba 3.0</title> - - <para>Full CORE and Workgroup support. Almost complete - NT4-style support. - </para> - </sect3> - - <sect3> - <title>Samba 3.2</title> - - <para>FIXME</para> - </sect3> - - <sect3> - <title>Samba 4.0</title> - - <para>Full CORE, Workgroup, NT4 and ADS support.</para> - - </sect3> - </sect2> - </sect1> -</chapter> diff --git a/docs-xml/Samba4-HOWTO/registry.xml b/docs-xml/Samba4-HOWTO/registry.xml deleted file mode 100644 index 2ef11d3457..0000000000 --- a/docs-xml/Samba4-HOWTO/registry.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="registry"> - <title>Registry</title> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/samba.xml b/docs-xml/Samba4-HOWTO/samba.xml deleted file mode 100644 index 8fed58559a..0000000000 --- a/docs-xml/Samba4-HOWTO/samba.xml +++ /dev/null @@ -1,48 +0,0 @@ -<chapter id="samba"> - <title>Samba</title> - - <para> - Samba is an Open Source application that provides - an SMB implementation for POSIX-compatible - operating systems. - </para> - - <para> - Providing support for a Windows-based file-sharing protocol - on POSIX servers sometimes requires mapping Windows semantics to - POSIX semantics. - </para> - - <para> - Samba has always been catching up with Microsoft. Here is a list - of Samba releases and what they support (or will support). - </para> - - <sect1> - <title>Samba 2.2</title> - - <para>Full CORE and Workgroup support. Somewhat basic - NT4-style support.</para> - </sect1> - - <sect1> - <title>Samba 3.0</title> - - <para>Full CORE and Workgroup support. Almost complete - NT4-style support. - </para> - </sect1> - - <sect1> - <title>Samba 3.2</title> - - <para>FIXME</para> - </sect1> - - <sect1> - <title>Samba 4.0</title> - - <para>Full CORE, Workgroup, NT4 and ADS support.</para> - - </sect1> -</chapter> diff --git a/docs-xml/Samba4-HOWTO/security=share.xml b/docs-xml/Samba4-HOWTO/security=share.xml deleted file mode 100644 index 1731bc0862..0000000000 --- a/docs-xml/Samba4-HOWTO/security=share.xml +++ /dev/null @@ -1,8 +0,0 @@ -<chapter id="security=share"> - <title>Share-based stand-alone server</title> - -<para> - One of the simplest -</para> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/security=user.xml b/docs-xml/Samba4-HOWTO/security=user.xml deleted file mode 100644 index 1713c99c7c..0000000000 --- a/docs-xml/Samba4-HOWTO/security=user.xml +++ /dev/null @@ -1,6 +0,0 @@ -<chapter id="security=user"> - <title>User-based Stand-alone server</title> - - <para></para> - -</chapter> diff --git a/docs-xml/Samba4-HOWTO/shares.xml b/docs-xml/Samba4-HOWTO/shares.xml deleted file mode 100644 index 2fd278fe50..0000000000 --- a/docs-xml/Samba4-HOWTO/shares.xml +++ /dev/null @@ -1,3 +0,0 @@ -<chapter id="shares"> - <title>Shares</title> -</chapter> diff --git a/docs-xml/Samba4-HOWTO/smbclient.xml b/docs-xml/Samba4-HOWTO/smbclient.xml deleted file mode 100644 index 1f97ce6265..0000000000 --- a/docs-xml/Samba4-HOWTO/smbclient.xml +++ /dev/null @@ -1,4 +0,0 @@ -<chapter id="smbclient"> - <title>smbclient</title> - -</chapter> diff --git a/docs-xml/build/catalog.xml.in b/docs-xml/build/catalog.xml.in index 4b99cf50d4..56d13a6cd3 100644 --- a/docs-xml/build/catalog.xml.in +++ b/docs-xml/build/catalog.xml.in @@ -6,9 +6,12 @@ <rewriteURI uriStartString="http://www.samba.org/samba/DTD/" - rewritePrefix="file://@abs_top_builddir@/build/DTD/"/> + rewritePrefix="file://@abs_top_srcdir@/build/DTD/"/> <rewriteURI uriStartString="http://www.gnu.org/licenses/" - rewritePrefix="file://@abs_top_builddir@/Samba3-ByExample/"/> + rewritePrefix="file://@abs_top_srcdir@/Samba3-ByExample/"/> + <rewriteURI + uriStartString="http://www.samba.org/samba/smbdotconf/" + rewritePrefix="file://@abs_top_builddir@/smbdotconf/"/> </catalog> diff --git a/docs-xml/configure.ac b/docs-xml/configure.ac index 16a9aaad2a..fe889a2f33 100644 --- a/docs-xml/configure.ac +++ b/docs-xml/configure.ac @@ -37,8 +37,8 @@ DOCS_DEFINE_TARGET(ALL, [], [base requirements], []) DOCS_DEFINE_TARGET(LATEX, ALL, [LaTeX versions], [tex ps pdf]) DOCS_DEFINE_TARGET(HTML, ALL, [HTML versions], [html]) DOCS_DEFINE_TARGET(HTMLHELP, ALL, [HTML Help versions], [htmlhelp]) -DOCS_DEFINE_TARGET(HTMLMAN, ALL, [HTML versions of the manpages], [htmlman3]) -DOCS_DEFINE_TARGET(MANPAGES, ALL, [manpages], [manpages3]) +DOCS_DEFINE_TARGET(HTMLMAN, ALL, [HTML versions of the manpages], [htmlman]) +DOCS_DEFINE_TARGET(MANPAGES, ALL, [manpages], [manpages]) DOCS_DEFINE_TARGET(PEARSON, ALL, [pearson-compatible XML], [pearson]) DOCS_DEFINE_TARGET(PLUCKER, HTML, [plucker versions], [plucker]) DOCS_DEFINE_TARGET(VALIDATE, ALL, [validating docbook output], []) diff --git a/docs-xml/manpages-3/dbwrap_tool.1.xml b/docs-xml/manpages-3/dbwrap_tool.1.xml deleted file mode 100644 index 2a2070148a..0000000000 --- a/docs-xml/manpages-3/dbwrap_tool.1.xml +++ /dev/null @@ -1,148 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="dbwrap_tool.1"> - -<refmeta> - <refentrytitle>dbwrap_tool</refentrytitle> - <manvolnum>1</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>dbwrap_tool</refname> - <refpurpose>low level TDB/CTDB manipulation tool using the dbwrap interface</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>dbwrap_tool</command> - <arg choice="req"><database></arg> - <arg choice="req"><operation></arg> - <arg choice="opt"><key> - <arg choice="opt"><type> - <arg choice="opt"><value></arg> - </arg> - </arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para>The dbwrap_tool program is used to read and manipulate - TDB/CTDB databases using the dbwrap interface.</para> - - <para>The following database operations are available: - <itemizedlist> - <listitem><para>fetch: fetch a record</para></listitem> - <listitem><para>store: create or modify a record</para></listitem> - <listitem><para>delete: remove a record</para></listitem> - <listitem><para>erase: remove all records</para></listitem> - <listitem><para>listkeys: list all available records</para></listitem> - </itemizedlist> - </para> - <para>The following types are available: - <itemizedlist> - <listitem><para>int32: signed 32bit integer</para></listitem> - <listitem><para>uint32: unsigned 32bit integer</para></listitem> - <listitem><para>string: "hello world"</para></listitem> - </itemizedlist> - </para> -</refsect1> - -<refsect1> - <title>OPTIONS</title> - - <para>None.</para> -</refsect1> - -<refsect1> - <title>COMMANDS</title> - <refsect2> - <title>fetch</title> - <cmdsynopsis> - <command>dbwrap_tool</command> <database> fetch <key> <type> - </cmdsynopsis> - </refsect2> - <refsect2> - <title>store</title> - <cmdsynopsis> - <command>dbwrap_tool</command> <database> store <key> <type> <value> - </cmdsynopsis> - </refsect2> - <refsect2> - <title>delete</title> - <cmdsynopsis> - <command>dbwrap_tool</command> <database> delete <key> - </cmdsynopsis> - </refsect2> - <refsect2> - <title>erase</title> - <cmdsynopsis> - <command>dbwrap_tool</command> <database> erase - </cmdsynopsis> - </refsect2> - <refsect2> - <title>listkeys</title> - <cmdsynopsis> - <command>dbwrap_tool</command> <database> listkeys - </cmdsynopsis> - </refsect2> -</refsect1> - -<refsect1> - <title>EXAMPLES</title> - <variablelist> - <varlistentry><term>List all keys from winbindd_idmap.tdb</term> - <listitem><para><command>dbwrap_tool</command> winbindd_idmap.tdb listkeys</para></listitem> - </varlistentry> - <varlistentry><term>Fetch record with key "USER HWM" as uint32</term> - <listitem><para><command>dbwrap_tool</command> winbindd_idmap.tdb fetch "USER HWM" uint32</para></listitem> - </varlistentry> - <varlistentry><term>Remove record with key "USER HWM"</term> - <listitem><para><command>dbwrap_tool</command> winbindd_idmap.tdb remove "USER HWM"</para></listitem> - </varlistentry> - <varlistentry><term>Store and overwrite record "USER HWM" with value 214</term> - <listitem><para><command>dbwrap_tool</command> winbindd_idmap.tdb store "USER HWM" uint32 214</para></listitem> - </varlistentry> - </variablelist> -</refsect1> - -<refsect1> - <title>NOTES</title> - - <para>Use with caution!</para> -</refsect1> - - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry></para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The dbwrap_tool manpage was written by Bjoern Baumbach.</para> -</refsect1> - -</refentry> diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml deleted file mode 100644 index 16d12cdbbc..0000000000 --- a/docs-xml/manpages-3/idmap_adex.8.xml +++ /dev/null @@ -1,88 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="idmap_adex.8"> - -<refmeta> - <refentrytitle>idmap_adex</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>idmap_adex</refname> - <refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <title>DESCRIPTION</title> - <para> - The idmap_adex plugin provides a way for Winbind to read - id mappings from an AD server that uses RFC2307 schema - extensions. This module implements both the idmap and nss_info - APIs and supports domain trustes as well as two-way cross - forest trusts. It is a read-only plugin requiring that the - administrator provide mappings in advance by adding the - POSIX attribute information to the users and groups objects - in AD. The most common means of doing this is using "Identity - Services for Unix" support on Windows 2003 R2 and later. - </para> - - <para> - Note that you must add the uidNumber, gidNumber, and uid - attributes to the partial attribute set of the forest global - catalog servers. This can be done using the Active Directory Schema - Management MMC plugin (schmmgmt.dll). - </para> -</refsynopsisdiv> - -<refsynopsisdiv> - <title>NSS_INFO</title> - <para> - The nss_info plugin supports reading the unixHomeDirectory, - gidNumber, loginShell, and uidNumber attributes from the user - object and the gidNumber attribute from the group object to - fill in information required by the libc getpwnam() and - getgrnam() family of functions. Group membership is filled in - according to the Windows group membership and not the - msSFU30PosixMember attribute. - </para> - - <para> - Username aliases are implement by setting the uid attribute - on the user object. While group name aliases are implemented - by reading the displayname attribute from the group object. - </para> -</refsynopsisdiv> - -<refsect1> - <title>EXAMPLES</title> - <para> - The following example shows how to retrieve idmappings and NSS data - from our principal and trusted AD domains. - </para> - - <programlisting> - [global] - idmap config * : backend = adex - idmap config * : range = 1000-4000000000 - - winbind nss info = adex - winbind normalize names = yes - </programlisting> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para> - The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. - </para> -</refsect1> - -</refentry> diff --git a/docs-xml/manpages-3/tdbbackup.8.xml b/docs-xml/manpages-3/tdbbackup.8.xml deleted file mode 100644 index 93f773feb8..0000000000 --- a/docs-xml/manpages-3/tdbbackup.8.xml +++ /dev/null @@ -1,136 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> -<refentry id="tdbbackup.8"> - -<refmeta> - <refentrytitle>tdbbackup</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>tdbbackup</refname> - <refpurpose>tool for backing up and for validating the integrity of samba .tdb files</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>tdbbackup</command> - <arg choice="opt">-s suffix</arg> - <arg choice="opt">-v</arg> - <arg choice="opt">-h</arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> suite.</para> - - <para><command>tdbbackup</command> is a tool that may be used to backup samba .tdb - files. This tool may also be used to verify the integrity of the .tdb files prior - to samba startup or during normal operation. If it finds file damage and it finds - a prior backup the backup file will be restored. - </para> -</refsect1> - - -<refsect1> - <title>OPTIONS</title> - - <variablelist> - - <varlistentry> - <term>-h</term> - <listitem><para> - Get help information. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-s suffix</term> - <listitem><para> - The <command>-s</command> option allows the administrator to specify a file - backup extension. This way it is possible to keep a history of tdb backup - files by using a new suffix for each backup. - </para> </listitem> - </varlistentry> - - <varlistentry> - <term>-v</term> - <listitem><para> - The <command>-v</command> will check the database for damages (corrupt data) - which if detected causes the backup to be restored. - </para></listitem> - </varlistentry> - - </variablelist> -</refsect1> - - -<refsect1> - <title>COMMANDS</title> - - <para><emphasis>GENERAL INFORMATION</emphasis></para> - - <para> - The <command>tdbbackup</command> utility can safely be run at any time. It was designed so - that it can be used at any time to validate the integrity of tdb files, even during Samba - operation. Typical usage for the command will be: - </para> - - <para>tdbbackup [-s suffix] *.tdb</para> - - <para> - Before restarting samba the following command may be run to validate .tdb files: - </para> - - <para>tdbbackup -v [-s suffix] *.tdb</para> - - <para> - Samba .tdb files are stored in various locations, be sure to run backup all - .tdb file on the system. Important files includes: - </para> - - <itemizedlist> - <listitem><para> - <command>secrets.tdb</command> - usual location is in the /usr/local/samba/private - directory, or on some systems in /etc/samba. - </para></listitem> - - <listitem><para> - <command>passdb.tdb</command> - usual location is in the /usr/local/samba/private - directory, or on some systems in /etc/samba. - </para></listitem> - - <listitem><para> - <command>*.tdb</command> located in the /usr/local/samba/var directory or on some - systems in the /var/cache or /var/lib/samba directories. - </para></listitem> - </itemizedlist> - -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para> - The original Samba software and related utilities were created by Andrew Tridgell. - Samba is now developed by the Samba Team as an Open Source project similar to the way - the Linux kernel is developed. - </para> - - <para>The tdbbackup man page was written by John H Terpstra.</para> -</refsect1> - -</refentry> diff --git a/docs-xml/manpages-3/tdbdump.8.xml b/docs-xml/manpages-3/tdbdump.8.xml deleted file mode 100644 index 90465e53e8..0000000000 --- a/docs-xml/manpages-3/tdbdump.8.xml +++ /dev/null @@ -1,61 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> -<refentry id="tdbdump.8"> - -<refmeta> - <refentrytitle>tdbdump</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>tdbdump</refname> - <refpurpose>tool for printing the contents of a TDB file</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>tdbdump</command> - <arg choice="req">filename</arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> suite.</para> - - <para><command>tdbdump</command> is a very simple utility that 'dumps' the - contents of a TDB (Trivial DataBase) file to standard output in a - human-readable format. - </para> - - <para>This tool can be used when debugging problems with TDB files. It is - intended for those who are somewhat familiar with Samba internals. - </para> -</refsect1> - - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para> - The original Samba software and related utilities were created by Andrew Tridgell. - Samba is now developed by the Samba Team as an Open Source project similar to the way - the Linux kernel is developed. - </para> - - <para>The tdbdump man page was written by Jelmer Vernooij.</para> -</refsect1> - -</refentry> diff --git a/docs-xml/manpages-3/tdbtool.8.xml b/docs-xml/manpages-3/tdbtool.8.xml deleted file mode 100644 index 9f96db277d..0000000000 --- a/docs-xml/manpages-3/tdbtool.8.xml +++ /dev/null @@ -1,235 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> -<refentry id="tdbtool.8"> - -<refmeta> - <refentrytitle>tdbtool</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>tdbtool</refname> - <refpurpose>manipulate the contents TDB files</refpurpose> -</refnamediv> - -<refsynopsisdiv> - - <cmdsynopsis> - <command>tdbtool</command> - </cmdsynopsis> - - <cmdsynopsis> - <command>tdbtool</command> - <arg choice="plain"> - <replaceable>TDBFILE</replaceable> - </arg> - <arg rep="repeat" choice="opt"> - <replaceable>COMMANDS</replaceable> - </arg> - </cmdsynopsis> - -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> suite.</para> - - <para><command>tdbtool</command> a tool for displaying and - altering the contents of Samba TDB (Trivial DataBase) files. Each - of the commands listed below can be entered interactively or - provided on the command line.</para> - -</refsect1> - - -<refsect1> - <title>COMMANDS</title> - - <variablelist> - - <varlistentry> - <term><option>create</option> - <replaceable>TDBFILE</replaceable></term> - <listitem><para>Create a new database named - <replaceable>TDBFILE</replaceable>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>open</option> - <replaceable>TDBFILE</replaceable></term> - <listitem><para>Open an existing database named - <replaceable>TDBFILE</replaceable>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>erase</option></term> - <listitem><para>Erase the current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>dump</option></term> - <listitem><para>Dump the current database as strings. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>cdump</option></term> - <listitem><para>Dump the current database as connection records. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>keys</option></term> - <listitem><para>Dump the current database keys as strings. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>hexkeys</option></term> - <listitem><para>Dump the current database keys as hex values. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>info</option></term> - <listitem><para>Print summary information about the - current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>insert</option> - <replaceable>KEY</replaceable> - <replaceable>DATA</replaceable> - </term> - <listitem><para>Insert a record into the - current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>move</option> - <replaceable>KEY</replaceable> - <replaceable>TDBFILE</replaceable> - </term> - <listitem><para>Move a record from the - current database into <replaceable>TDBFILE</replaceable>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>store</option> - <replaceable>KEY</replaceable> - <replaceable>DATA</replaceable> - </term> - <listitem><para>Store (replace) a record in the - current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>show</option> - <replaceable>KEY</replaceable> - </term> - <listitem><para>Show a record by key. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>delete</option> - <replaceable>KEY</replaceable> - </term> - <listitem><para>Delete a record by key. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>list</option> - </term> - <listitem><para>Print the current database hash table and free list. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>free</option> - </term> - <listitem><para>Print the current database and free list. - </para></listitem> - </varlistentry> - - <varlistentry> - <term><option>!</option> - <replaceable>COMMAND</replaceable> - </term> - <listitem><para>Execute the given system command. - </para></listitem> - </varlistentry> - - <varlistentry> - <term> - <option>first</option> - </term> - <listitem><para>Print the first record in the current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term> - <option>next</option> - </term> - <listitem><para>Print the next record in the current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term> - <option>check</option> - </term> - <listitem><para>Check the integrity of the current database. - </para></listitem> - </varlistentry> - - <varlistentry> - <term> - <option>quit</option> - </term> - <listitem><para>Exit <command>tdbtool</command>. - </para></listitem> - </varlistentry> - - </variablelist> -</refsect1> - -<refsect1> - <title>CAVEATS</title> - <para>The contents of the Samba TDB files are private - to the implementation and should not be altered with - <command>tdbtool</command>. - </para> -</refsect1> - -<refsect1> - <title>VERSION</title> - <para>This man page is correct for version 3.0.25 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para> The original Samba software and related utilities were - created by Andrew Tridgell. Samba is now developed by the - Samba Team as an Open Source project similar to the way the - Linux kernel is developed.</para> -</refsect1> - -</refentry> diff --git a/docs-xml/manpages-3/vfs_catia.8.xml b/docs-xml/manpages-3/vfs_catia.8.xml deleted file mode 100644 index a786ecd6eb..0000000000 --- a/docs-xml/manpages-3/vfs_catia.8.xml +++ /dev/null @@ -1,135 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="vfs_catia.8"> - -<refmeta> - <refentrytitle>vfs_catia</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>vfs_catia</refname> - <refpurpose>translate illegal characters in Catia filenames</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>vfs objects = catia</command> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This VFS module is part of the - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para>The Catia CAD package commonly creates filenames that - use characters that are illegal in CIFS filenames. The - <command>vfs_catia</command> VFS module implements a character - mapping so that these files can be shared with CIFS clients. - </para> - - <para>This module is stackable.</para> - - <para>Up to samba version 3.4.x a fixed character mapping was used. - The invalid windows characters \ / : * ? " < > | and the blank - character were mapped in a hardcoded way. - </para> - - <para>Starting with samba-3.5.0 a more flexible mapping was introduced. - The new parameter "catia:mappings" now specifies the mapping on a char by char - basis using the notation: unix hex char 0x.. : windows hex char 0x.. - Multiple character mappings are separated by a comma. - </para> - - -</refsect1> - - -<refsect1> - <title>EXAMPLES</title> - - <para>Samba versions up to 3.4.x:</para> - <para>Map Catia filenames on the [CAD] share:</para> - -<programlisting> - <smbconfsection name="[CAD]"/> - <smbconfoption name="path">/data/cad</smbconfoption> - <smbconfoption name="vfs objects">catia</smbconfoption> -</programlisting> - - <para>Samba versions 3.5.0 and later:</para> - <para>Map Catia filenames on the [CAD] share:</para> - -<programlisting> - <smbconfsection name="[CAD]"/> - <smbconfoption name="path">/data/cad</smbconfoption> - <smbconfoption name="vfs objects">catia</smbconfoption> - <smbconfoption name="catia:mappings">0x22:0xa8</smbconfoption> -</programlisting> - - <para>To get the full formerly fixed mappings:</para> -<programlisting> - <smbconfsection name="[CAD]"/> - <smbconfoption name="path">/data/cad</smbconfoption> - <smbconfoption name="vfs objects">catia</smbconfoption> - <smbconfoption name="catia:mappings">0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6,0x20:0xb1</smbconfoption> -</programlisting> - - <para>Unix filename to be translated (Note that the path delimiter "/" is not used here): - </para> - <para>a\a:a*a?a"a<a>a|a a</para> - - <para>Resulting windows filename:</para> - - <para>aÿa÷a¤a¿a¨a«a»a¦a±a - </para> - - <para>Note that the character mapping must work in BOTH directions - (unix -> windows and windows -> unix) to get unique and existing file names! - </para> - - <para>A NOT working example:</para> - -<programlisting> - <smbconfsection name="[CAD]"/> - <smbconfoption name="path">/data/cad</smbconfoption> - <smbconfoption name="vfs objects">catia</smbconfoption> - <smbconfoption name="catia:mappings">0x3a:0x5f</smbconfoption> -</programlisting> - - <para>Here the colon ":" is mapped to the underscore "_".</para> - <para>Assuming a unix filename "a:should_work", which is well translated - to windows as "a_should_work".</para> - <para>BUT the reverse mapping from windows "a_should_work" to unix - will result in "a:should:work" - something like "file not found" - will be returned. - </para> - -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for all versions up to 4.0.3 of the Samba suite. - </para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - <para>New version written by Guenter Kukkukk kukks@samba.org</para> - -</refsect1> - -</refentry> diff --git a/docs-xml/manpages-3/eventlogadm.8.xml b/docs-xml/manpages/eventlogadm.8.xml index 4a6a68e185..8094e09f4f 100644 --- a/docs-xml/manpages-3/eventlogadm.8.xml +++ b/docs-xml/manpages/eventlogadm.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/findsmb.1.xml b/docs-xml/manpages/findsmb.1.xml index 92bcbbefb6..8cbd6f782e 100644 --- a/docs-xml/manpages-3/findsmb.1.xml +++ b/docs-xml/manpages/findsmb.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index fbadaf2d55..2ae7fc8c51 100644 --- a/docs-xml/manpages-3/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -27,8 +27,6 @@ group objects in the AD.</para> <para> - Note that the idmap_ad module has changed considerably since - Samba versions 3.0 and 3.2. Currently, the <parameter>ad</parameter> backend does not work as the the default idmap backend, but one has to configure it separately for each domain for which one wants @@ -60,12 +58,17 @@ </para></listitem> </varlistentry> <varlistentry> - <term>schema_mode = <rfc2307 | sfu ></term> + <term>schema_mode = <rfc2307 | sfu | sfu20></term> <listitem><para> Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. + For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 + please choose "sfu20". + + Please note that primary group membership is currently always calculated + via the "primaryGroupID" LDAP attribute. </para></listitem> </varlistentry> </variablelist> @@ -85,6 +88,8 @@ <programlisting> [global] + workgroup = CORP + idmap config * : backend = tdb idmap config * : range = 1000000-1999999 diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages/idmap_autorid.8.xml index c437d0ead3..ed698e91db 100644 --- a/docs-xml/manpages-3/idmap_autorid.8.xml +++ b/docs-xml/manpages/idmap_autorid.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -52,7 +52,11 @@ plan accordingly for your expected number of users in a domain with safety margins. </para> - <para>One range will be used for local users and groups. + <para>One range will be used for local users and groups and for + non-domain well-known SIDs like Everyone (S-1-1-0) or Creator Owner (S-1-3-0). + A chosen list of well-known SIDs will be preallocated on first start + to create deterministic mappings for those.</para> + <para> Thus the number of local users and groups that can be created is limited by this option as well. If you plan to create a large amount of local users or groups, you will need set this parameter accordingly. @@ -60,6 +64,18 @@ <para>The default value is 100000.</para> </listitem> </varlistentry> + <varlistentry> + <term>read only = [ yes | no ]</term> + <listitem><para>Turn the module into read-only mode. No new ranges will be allocated + nor will new mappings be created in the idmap pool. Defaults to no.</para> + </listitem> + </varlistentry> + <varlistentry> + <term>ignore builtin = [ yes | no ]</term> + <listitem><para>Ignore any mapping requests for the BUILTIN domain. + Defaults to no.</para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages/idmap_hash.8.xml index f3ec6a7bc2..9dc6147a30 100644 --- a/docs-xml/manpages-3/idmap_hash.8.xml +++ b/docs-xml/manpages/idmap_hash.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages/idmap_ldap.8.xml index e68f2782bf..10bc6be7dc 100644 --- a/docs-xml/manpages-3/idmap_ldap.8.xml +++ b/docs-xml/manpages/idmap_ldap.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages/idmap_nss.8.xml index 565019cd3d..a2b7dc36f7 100644 --- a/docs-xml/manpages-3/idmap_nss.8.xml +++ b/docs-xml/manpages/idmap_nss.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages/idmap_rid.8.xml index a29e978c6e..9b96b8ee4d 100644 --- a/docs-xml/manpages-3/idmap_rid.8.xml +++ b/docs-xml/manpages/idmap_rid.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -28,7 +28,7 @@ Currently, there should to be an explicit idmap configuration for each domain that should use the idmap_rid backend, using disjoint ranges. One usually needs to define a writeable default idmap range, using - a backent like <parameter>tdb</parameter> or <parameter>ldap</parameter> + a backend like <parameter>tdb</parameter> or <parameter>ldap</parameter> that can create unix ids, in order to be able to map the BUILTIN sids and other domains, and also in order to be able to create group mappings. See the example below. diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages/idmap_tdb.8.xml index c67d6cb9bc..5c3a6ed409 100644 --- a/docs-xml/manpages-3/idmap_tdb.8.xml +++ b/docs-xml/manpages/idmap_tdb.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages/idmap_tdb2.8.xml index 1faf59085f..a1989c0507 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages/idmap_tdb2.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/libsmbclient.7.xml b/docs-xml/manpages/libsmbclient.7.xml index 277caf3618..a19e5abecd 100644 --- a/docs-xml/manpages-3/libsmbclient.7.xml +++ b/docs-xml/manpages/libsmbclient.7.xml @@ -7,7 +7,7 @@ <manvolnum>7</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">7</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/lmhosts.5.xml b/docs-xml/manpages/lmhosts.5.xml index de6bc4d1a9..d2144acc1e 100644 --- a/docs-xml/manpages-3/lmhosts.5.xml +++ b/docs-xml/manpages/lmhosts.5.xml @@ -7,7 +7,7 @@ <manvolnum>5</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/log2pcap.1.xml b/docs-xml/manpages/log2pcap.1.xml index 5e449b8252..9f58e43485 100644 --- a/docs-xml/manpages-3/log2pcap.1.xml +++ b/docs-xml/manpages/log2pcap.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages/net.8.xml index 65f127290a..3765af9be9 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages/net.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -686,7 +686,7 @@ net groupmap add {rid=int|sid=string} unixgroup=string \ <refsect3> <title>GROUPMAP MODIFY</title> -<para>Update en existing group entry.</para> +<para>Update an existing group entry.</para> <para> <programlisting> @@ -796,12 +796,6 @@ appear in your system. <para>List all interdomain trust relationships.</para> </refsect3> -<refsect3> -<title>RPC TRUSTDOM LIST</title> - -<para>List all interdomain trust relationships.</para> - -</refsect3> </refsect2> <refsect2> @@ -810,7 +804,7 @@ appear in your system. <refsect3> <title>RPC TRUST CREATE</title> -<para>Create a trust trust object by calling lsaCreateTrustedDomainEx2. +<para>Create a trust object by calling lsaCreateTrustedDomainEx2. The can be done on a single server or on two servers at once with the possibility to use a random trust password.</para> @@ -1663,11 +1657,12 @@ shares created by other users. </refsect2> <refsect2> -<title>CONF</title> +<title>[RPC] CONF</title> <para>Starting with version 3.2.0, a Samba server can be configured by data stored in registry. This configuration data can be edited with the new "net -conf" commands. +conf" commands. There is also the possiblity to configure a remote Samba server +by enabling the RPC conf mode and specifying the the address of the remote server. </para> <para> @@ -1685,27 +1680,27 @@ See the <citerefentry><refentrytitle>smb.conf</refentrytitle> <para>The conf commands are: <simplelist> -<member>net conf list - Dump the complete configuration in smb.conf like +<member>net [rpc] conf list - Dump the complete configuration in smb.conf like format.</member> -<member>net conf import - Import configuration from file in smb.conf +<member>net [rpc] conf import - Import configuration from file in smb.conf format.</member> -<member>net conf listshares - List the registry shares.</member> -<member>net conf drop - Delete the complete configuration from +<member>net [rpc] conf listshares - List the registry shares.</member> +<member>net [rpc] conf drop - Delete the complete configuration from registry.</member> -<member>net conf showshare - Show the definition of a registry share.</member> -<member>net conf addshare - Create a new registry share.</member> -<member>net conf delshare - Delete a registry share.</member> -<member>net conf setparm - Store a parameter.</member> -<member>net conf getparm - Retrieve the value of a parameter.</member> -<member>net conf delparm - Delete a parameter.</member> -<member>net conf getincludes - Show the includes of a share definition.</member> -<member>net conf setincludes - Set includes for a share.</member> -<member>net conf delincludes - Delete includes from a share definition.</member> +<member>net [rpc] conf showshare - Show the definition of a registry share.</member> +<member>net [rpc] conf addshare - Create a new registry share.</member> +<member>net [rpc] conf delshare - Delete a registry share.</member> +<member>net [rpc] conf setparm - Store a parameter.</member> +<member>net [rpc] conf getparm - Retrieve the value of a parameter.</member> +<member>net [rpc] conf delparm - Delete a parameter.</member> +<member>net [rpc] conf getincludes - Show the includes of a share definition.</member> +<member>net [rpc] conf setincludes - Set includes for a share.</member> +<member>net [rpc] conf delincludes - Delete includes from a share definition.</member> </simplelist> </para> <refsect3> -<title>CONF LIST</title> +<title>[RPC] CONF LIST</title> <para> Print the configuration data stored in the registry in a smb.conf-like format to @@ -1714,7 +1709,7 @@ standard output. </refsect3> <refsect3> -<title>CONF IMPORT <replaceable>[--test|-T]</replaceable> <replaceable>filename</replaceable> <replaceable>[section]</replaceable></title> +<title>[RPC] CONF IMPORT <replaceable>[--test|-T]</replaceable> <replaceable>filename</replaceable> <replaceable>[section]</replaceable></title> <para> This command imports configuration from a file in smb.conf format. @@ -1730,7 +1725,7 @@ registry, and the resulting configuration is printed to standard output instead. </refsect3> <refsect3> -<title>CONF LISTSHARES</title> +<title>[RPC] CONF LISTSHARES</title> <para> List the names of the shares defined in registry. @@ -1738,7 +1733,7 @@ List the names of the shares defined in registry. </refsect3> <refsect3> -<title>CONF DROP</title> +<title>[RPC] CONF DROP</title> <para> Delete the complete configuration data from registry. @@ -1746,7 +1741,7 @@ Delete the complete configuration data from registry. </refsect3> <refsect3> -<title>CONF SHOWSHARE <replaceable>sharename</replaceable></title> +<title>[RPC] CONF SHOWSHARE <replaceable>sharename</replaceable></title> <para> Show the definition of the share or section specified. It is valid to specify @@ -1756,7 +1751,7 @@ registry. </refsect3> <refsect3> -<title>CONF ADDSHARE <replaceable>sharename</replaceable> <replaceable>path</replaceable> [<replaceable>writeable={y|N}</replaceable> [<replaceable>guest_ok={y|N}</replaceable> [<replaceable>comment</replaceable>]]] </title> +<title>[RPC] CONF ADDSHARE <replaceable>sharename</replaceable> <replaceable>path</replaceable> [<replaceable>writeable={y|N}</replaceable> [<replaceable>guest_ok={y|N}</replaceable> [<replaceable>comment</replaceable>]]] </title> <para>Create a new share definition in registry. The sharename and path have to be given. The share name may @@ -1768,7 +1763,7 @@ commands. </refsect3> <refsect3> -<title>CONF DELSHARE <replaceable>sharename</replaceable></title> +<title>[RPC] CONF DELSHARE <replaceable>sharename</replaceable></title> <para> Delete a share definition from registry. @@ -1776,7 +1771,7 @@ Delete a share definition from registry. </refsect3> <refsect3> -<title>CONF SETPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable> <replaceable>value</replaceable></title> +<title>[RPC] CONF SETPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable> <replaceable>value</replaceable></title> <para> Store a parameter in registry. The section may be global or a sharename. @@ -1785,7 +1780,7 @@ The section is created if it does not exist yet. </refsect3> <refsect3> -<title>CONF GETPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable></title> +<title>[RPC] CONF GETPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable></title> <para> Show a parameter stored in registry. @@ -1793,7 +1788,7 @@ Show a parameter stored in registry. </refsect3> <refsect3> -<title>CONF DELPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable></title> +<title>[RPC] CONF DELPARM <replaceable>section</replaceable> <replaceable>parameter</replaceable></title> <para> Delete a parameter stored in registry. @@ -1801,7 +1796,7 @@ Delete a parameter stored in registry. </refsect3> <refsect3> -<title>CONF GETINCLUDES <replaceable>section</replaceable></title> +<title>[RPC] CONF GETINCLUDES <replaceable>section</replaceable></title> <para> Get the list of includes for the provided section (global or share). @@ -1827,7 +1822,7 @@ data from other registry keys. </refsect3> <refsect3> -<title>CONF SETINCLUDES <replaceable>section</replaceable> [<replaceable>filename</replaceable>]+</title> +<title>[RPC] CONF SETINCLUDES <replaceable>section</replaceable> [<replaceable>filename</replaceable>]+</title> <para> Set the list of includes for the provided section (global or share) to the given @@ -1837,7 +1832,7 @@ macros like %I. </refsect3> <refsect3> -<title>CONF DELINCLUDES <replaceable>section</replaceable></title> +<title>[RPC] CONF DELINCLUDES <replaceable>section</replaceable></title> <para> Delete the list of includes from the provided section (global or share). @@ -1876,6 +1871,8 @@ string.</member> </member> <member>net registry convert - Convert a registration entries (.reg) file. </member> +<member>net registry check - Check and reapair a registry database. +</member> </simplelist> </para> @@ -1991,10 +1988,34 @@ string.</member> <refsect3> <title>REGISTRY IMPORT <replaceable>file</replaceable><!-- - --><replaceable>[opt]</replaceable></title> - - <para>Import a registration entries (.reg) <emphasis>file</emphasis>. - </para> + --><replaceable> [--precheck <check-file>] [opt]</replaceable></title> + <para>Import a registration entries (.reg) <emphasis>file</emphasis>.</para> + <para>The following options are available:</para> + <variablelist> + <varlistentry><term>--precheck <replaceable>check-file</replaceable></term> + <listitem><para> + This is a mechanism to check the existence or non-existence of + certain keys or values specified in a precheck file before applying + the import file. + The import file will only be applied if the precheck succeeds. + </para> + <para> + The check-file follows the normal registry file syntax with the + following semantics: + </para> + <itemizedlist> + <listitem><para><value name>=<value> checks whether the + value exists and has the given value.</para></listitem> + <listitem><para><value name>=- checks whether the value does + not exist.</para></listitem> + <listitem><para>[key] checks whether the key exists.</para> + </listitem> + <listitem><para>[-key] checks whether the key does not exist.</para> + </listitem> + </itemizedlist> + </listitem> + </varlistentry> + </variablelist> </refsect3> <refsect3> @@ -2016,6 +2037,77 @@ string.</member> </para> </refsect3> +<refsect3> + <title>REGISTRY CHECK [-ravTl] [-o <ODB>] [--wipe] [<DB>]</title> + <para>Check and repair the registry database. If no option is given a read only check of the database is done. Among others an interactive or automatic repair mode may be chosen with one of the following options + + <variablelist> + <varlistentry><term>-r|--repair</term> + <listitem><para> + Interactive repair mode, ask a lot of questions. + </para></listitem> + </varlistentry> + + <varlistentry><term>-a|--auto</term> + <listitem><para> + Noninteractive repair mode, use default answers. + </para></listitem> + </varlistentry> + + <varlistentry><term>-v|--verbose</term> + <listitem><para> + Produce more output. + </para></listitem> + </varlistentry> + + <varlistentry><term>-T|--test</term> + <listitem><para> + Dry run, show what changes would be made but don't touch anything. + </para></listitem> + </varlistentry> + + <varlistentry><term>-l|--lock</term> + <listitem><para> + Lock the database while doing the check. + </para></listitem> + </varlistentry> + + <varlistentry><term>--reg-version={1,2,3}</term> + <listitem><para> + Specify the format of the registry database. If not given it defaults to + the value of the binary or, if an registry.tdb is explizitly stated at + the commandline, to the value found in the INFO/version record. + </para></listitem> + </varlistentry> + + <varlistentry><term>[--db] <DB></term> + <listitem><para> + Check the specified database. + </para></listitem> + </varlistentry> + + <varlistentry><term>-o|--output <ODB></term> + <listitem><para> + Create a new registry database <ODB> instead of modifying the + input. If <ODB> is already existing --wipe may be used to + overwrite it. + </para></listitem> + </varlistentry> + + <varlistentry><term>--wipe</term> + <listitem><para> + Replace the registry database instead of modifying the input or + overwrite an existing output database. + </para></listitem> + </varlistentry> + + <varlistentry><term></term> + <listitem><para> + </para></listitem> + </varlistentry> + </variablelist> + </para> +</refsect3> </refsect2> diff --git a/docs-xml/manpages-3/nmbd.8.xml b/docs-xml/manpages/nmbd.8.xml index 43a367fe6f..f666f58dee 100644 --- a/docs-xml/manpages-3/nmbd.8.xml +++ b/docs-xml/manpages/nmbd.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/nmblookup.1.xml b/docs-xml/manpages/nmblookup.1.xml index 465bba04db..6a8792bca7 100644 --- a/docs-xml/manpages-3/nmblookup.1.xml +++ b/docs-xml/manpages/nmblookup.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml index ffbbf05160..8bd77bd866 100644 --- a/docs-xml/manpages-3/ntlm_auth.1.xml +++ b/docs-xml/manpages/ntlm_auth.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -160,132 +160,111 @@ external program to the helper are:</para> <variablelist> <varlistentry> - <term>Username</term> - <listitem><para>The username, expected to be in - Samba's <smbconfoption name="unix charset"/>. - </para> - <varlistentry> - <term>Examples:</term> - <para>Username: bob</para> - <para>Username:: Ym9i</para> - </varlistentry> - </listitem> - </varlistentry> + <term>Username</term> + + <listitem><para>The username, expected to be in + Samba's <smbconfoption name="unix charset"/>. + </para> + + <para><example>Username: bob</example></para> + <para><example>Username:: Ym9i</example></para> + </listitem></varlistentry> <varlistentry> - <term>NT-Domain</term> - <listitem><para>The user's domain, expected to be in - Samba's <smbconfoption name="unix charset"/>. - </para> - - <varlistentry> - <term>Examples:</term> - <para>NT-Domain: WORKGROUP</para> - <para>NT-Domain:: V09SS0dST1VQ</para> - </varlistentry> - </listitem> - </varlistentry> + <term>NT-Domain</term> + <listitem><para>The user's domain, expected to be in + Samba's <smbconfoption name="unix charset"/>. + </para> + + <para><example>NT-Domain: WORKGROUP</example></para> + <para><example>NT-Domain:: V09SS0dST1VQ</example></para> + </listitem></varlistentry> <varlistentry> - <term>Full-Username</term> - <listitem><para>The fully qualified username, expected to be - in Samba's <smbconfoption name="unix charset"/> and qualified - with the <smbconfoption name="winbind separator"/>.</para> - <varlistentry> - <term>Examples:</term> - <para>Full-Username: WORKGROUP\bob</para> - <para>Full-Username:: V09SS0dST1VQYm9i</para> - </varlistentry> - </listitem> - </varlistentry> + <term>Full-Username</term> + <listitem><para>The fully qualified username, expected to be in + Samba's <smbconfoption name="unix charset"/> and qualified with the + <smbconfoption name="winbind separator"/>. + </para> + + <para><example>Full-Username: WORKGROUP\bob</example></para> + <para><example>Full-Username:: V09SS0dST1VQYm9i</example></para> + </listitem></varlistentry> <varlistentry> - <term>LANMAN-Challenge</term> - <listitem><para>The 8 byte <command>LANMAN Challenge</command> - value, generated randomly by the server, or (in cases such - as MSCHAPv2) generated in some way by both the server and - the client.</para> - <varlistentry> - <term>Examples:</term> - <para>LANMAN-Challenge: 0102030405060708</para> - </varlistentry> - </listitem> - </varlistentry> + <term>LANMAN-Challenge</term> + + <listitem><para>The 8 byte <command>LANMAN Challenge</command> value, + generated randomly by the server, or (in cases such as + MSCHAPv2) generated in some way by both the server and + the client. + </para> + <para><example>LANMAN-Challenge: 0102030405060708</example></para> + </listitem></varlistentry> <varlistentry> - <term>LANMAN-Response</term> - <listitem><para>The 24 byte <command>LANMAN Response</command> value, - calculated from the user's password and the supplied - <command>LANMAN Challenge</command>. Typically, this - is provided over the network by a client wishing to authenticate. - </para> - <varlistentry> - <term>Examples:</term> - <para>LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</para> - </varlistentry> - </listitem> - </varlistentry> + <term>LANMAN-Response</term> + + <listitem><para>The 24 byte <command>LANMAN Response</command> value, + calculated from the user's password and the supplied + <command>LANMAN Challenge</command>. Typically, this + is provided over the network by a client wishing to authenticate. + </para> + <para><example>LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</example></para> + + </listitem></varlistentry> <varlistentry> - <term>NT-Response</term> - <listitem><para>The >= 24 byte <command>NT Response</command> - calculated from the user's password and the supplied - <command>LANMAN Challenge</command>. Typically, this is - provided over the network by a client wishing to authenticate. - </para> - <varlistentry> - <term>Examples:</term> - <para>NT-Response: 0102030405060708090A0B0C0D0E0F10111213141516171</para> - </varlistentry> - </listitem> - </varlistentry> + <term>NT-Response</term> + <listitem><para>The >= 24 byte <command>NT Response</command> + calculated from the user's password and the supplied + <command>LANMAN Challenge</command>. Typically, this is + provided over the network by a client wishing to authenticate. + </para> + <para><example>NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</example></para> + + </listitem></varlistentry> <varlistentry> - <term>Password</term> - <listitem><para>The user's password. This would be - provided by a network client, if the helper is being - used in a legacy situation that exposes plaintext - passwords in this way.</para> - <varlistentry> - <term>Examples:</term> - <para>Password: samba2</para> - <para>Password:: c2FtYmEy</para> - </varlistentry> - </listitem> - </varlistentry> + <term>Password</term> + <listitem><para>The user's password. This would be + provided by a network client, if the helper is being + used in a legacy situation that exposes plaintext + passwords in this way. + </para> + <para><example>Password: samba2</example></para> + <para><example>Password:: c2FtYmEy</example></para> + + </listitem></varlistentry> <varlistentry> - <term>Request-User-Session-Key</term> - <listitem><para>Upon successful authenticaiton, return - the user session key associated with the login.</para> - <varlistentry> - <term>Examples:</term> - <para>Request-User-Session-Key: Yes</para> - </varlistentry> - </listitem> - </varlistentry> + <term>Request-User-Session-Key</term> + <listitem><para>Upon successful authenticaiton, return + the user session key associated with the login. + </para> + <para><example>Request-User-Session-Key: Yes</example></para> + + </listitem></varlistentry> <varlistentry> - <term>Request-LanMan-Session-Key</term> - <listitem><para>Upon successful authenticaiton, return - the LANMAN session key associated with the login. - </para> - <varlistentry> - <term>Examples:</term> - <para>Request-LanMan-Session-Key: Yes</para> - </varlistentry> - </listitem> - </varlistentry> - - </variablelist> + <term>Request-LanMan-Session-Key</term> + <listitem><para>Upon successful authenticaiton, return + the LANMAN session key associated with the login. + </para> + <para><example>Request-LanMan-Session-Key: Yes</example></para> + + </listitem></varlistentry> + + <para><warning>Implementers should take care to base64 encode + any data (such as usernames/passwords) that may contain malicous user data, such as + a newline. They may also need to decode strings from + the helper, which likewise may have been base64 encoded.</warning></para> + </variablelist> + </listitem> </varlistentry> - </variablelist> - <warning><para>Implementers should take care to base64 encode - any data (such as usernames/passwords) that may contain malicous user data, such as - a newline. They may also need to decode strings from - the helper, which likewise may have been base64 encoded.</para></warning> - </listitem> + </variablelist> + </listitem> </varlistentry> <varlistentry> diff --git a/docs-xml/manpages-3/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml index 14f4e70648..39b75fb951 100644 --- a/docs-xml/manpages-3/pam_winbind.8.xml +++ b/docs-xml/manpages/pam_winbind.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">8</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml index 113515ce84..7098ff4f50 100644 --- a/docs-xml/manpages-3/pam_winbind.conf.5.xml +++ b/docs-xml/manpages/pam_winbind.conf.5.xml @@ -7,7 +7,7 @@ <manvolnum>5</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">5</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/pdbedit.8.xml b/docs-xml/manpages/pdbedit.8.xml index 1d0752e234..4bb3751701 100644 --- a/docs-xml/manpages-3/pdbedit.8.xml +++ b/docs-xml/manpages/pdbedit.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/profiles.1.xml b/docs-xml/manpages/profiles.1.xml index fb33217148..d791fcfdcc 100644 --- a/docs-xml/manpages-3/profiles.1.xml +++ b/docs-xml/manpages/profiles.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/rpcclient.1.xml b/docs-xml/manpages/rpcclient.1.xml index f660b89a26..f50e4fadb9 100644 --- a/docs-xml/manpages-3/rpcclient.1.xml +++ b/docs-xml/manpages/rpcclient.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -120,7 +120,7 @@ of usernames to SIDs. </para></listitem></varlistentry> - <varlistentry><term>enumtrusts</term><listitem><para>Enumerate trusted domains</para></listitem></varlistentry> + <varlistentry><term>enumtrust</term><listitem><para>Enumerate trusted domains</para></listitem></varlistentry> <varlistentry><term>enumprivs</term><listitem><para>Enumerate privileges</para></listitem></varlistentry> @@ -273,10 +273,13 @@ Comma Separated list of Files only the entry from the server's list of drivers. </para></listitem></varlistentry> - <varlistentry><term>deldriverex <driver> [architecture] [version] - </term><listitem><para>Delete the specified printer driver including driver files. - You can limit this action to a specific architecture and a specific version. - If no architecure is given, all driver files of that driver will be deleted. + <varlistentry><term>deldriverex <driver> [architecture] [version] [flags] + </term><listitem><para>Delete the specified printer driver and optionally files + associated with the driver. + You can limit this action to a specific architecture and a specific version. + If no architecture is given, all driver files of that driver will be deleted. + <parameter>flags</parameter> correspond to numeric DPD_* values, i.e. a value + of 3 requests (DPD_DELETE_UNUSED_FILES | DPD_DELETE_SPECIFIC_VERSION). </para></listitem></varlistentry> <varlistentry><term>enumdata</term><listitem><para>Enumerate all @@ -424,6 +427,51 @@ Comma Separated list of Files </refsect2> <refsect2> + <title>FSRVP</title> + <variablelist> + + <varlistentry><term>fss_is_path_sup</term> + <listitem> + <para>Check whether a share supports shadow-copy + requests</para> + </listitem> + </varlistentry> + <varlistentry><term>fss_get_sup_version</term> + <listitem> + <para>Get supported FSRVP version from server</para> + </listitem> + </varlistentry> + <varlistentry><term>fss_create_expose</term> + <listitem> + <para>Request shadow-copy creation and exposure</para> + </listitem> + </varlistentry> + <varlistentry><term>fss_delete</term> + <listitem> + <para>Request shadow-copy share deletion</para> + </listitem> + </varlistentry> + <varlistentry><term>fss_has_shadow_copy</term> + <listitem> + <para>Check for an associated share shadow-copy</para> + </listitem> + </varlistentry> + <varlistentry><term>fss_get_mapping</term> + <listitem> + <para>Get shadow-copy share mapping information</para> + </listitem> + </varlistentry> + <varlistentry><term>fss_recovery_complete</term> + <listitem> + <para>Flag read-write snapshot as recovery complete, + allowing further shadow-copy requests</para> + </listitem> + </varlistentry> + + </variablelist> + </refsect2> + + <refsect2> <title>GENERAL COMMANDS</title> <variablelist> diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml new file mode 100644 index 0000000000..a8f2afea6b --- /dev/null +++ b/docs-xml/manpages/samba-tool.8.xml @@ -0,0 +1,613 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="samba-tool.8"> + +<refmeta> + <refentrytitle>samba-tool</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>samba-tool</refname> + <refpurpose>Main Samba administration tool. + </refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>samba-tool</command> + <arg choice="opt">-h</arg> + <arg choice="opt">-W myworkgroup</arg> + <arg choice="opt">-U user</arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">--v</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + <term>-h|--help</term> + <listitem><para> + Show this help message and exit + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-s FILE|--configfile=FILE</term> + <listitem><para> + Configuration file + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-d DEBUGLEVEL|--debuglevel=DEBUGLEVEL</term> + <listitem><para> + Debug Level + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--option=OPTION</term> + <listitem><para> + Set smb.conf option from command line + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--realm=REALM</term> + <listitem><para> + Set the realm name + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--simple-bind-dn=DN</term> + <listitem><para> + DN to use for a simple bind + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--password=PASSWORD</term> + <listitem><para> + Password + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-U USERNAME|--username=USERNAME</term> + <listitem><para> + Username + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-W WORKGROUP|--workgroup=WORKGROUP</term> + <listitem><para> + Workgroup + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-N|--no-pass</term> + <listitem><para> + Don't ask for a password + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-k KERBEROS|--kerberos=KERBEROS</term> + <listitem><para> + Use Kerberos + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--ipaddress=IPADDRESS</term> + <listitem><para> + IP address of the server + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-V|--version</term> + <listitem><para> + Display version number + </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> +<title>COMMANDS</title> + +<refsect2> + <title>dbcheck</title> + <para>Check the local AD database for errors.</para> +</refsect2> + +<refsect2> + <title>delegation</title> + <para>Manage Delegations.</para> +</refsect2> + +<refsect3> + <title>delegation add-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title> + <para>Add a service principal as msDS-AllowedToDelegateTo.</para> +</refsect3> + +<refsect3> + <title>delegation del-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title> + <para>Delete a service principal as msDS-AllowedToDelegateTo.</para> +</refsect3> + +<refsect3> + <title>delegation for-any-protocol <replaceable>accountname</replaceable> [(on|off)] [options]</title> + <para>Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) + for an account.</para> +</refsect3> + +<refsect3> + <title>delegation for-any-service <replaceable>accountname</replaceable> [(on|off)] [options]</title> + <para>Set/unset UF_TRUSTED_FOR_DELEGATION for an account.</para> +</refsect3> + +<refsect3> + <title>delegation show <replaceable>accountname</replaceable> [options] </title> + <para>Show the delegation setting of an account.</para> +</refsect3> + +<refsect2> + <title>dns</title> + <para>Manage Domain Name Service (DNS).</para> +</refsect2> + +<refsect3> + <title>dns add <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title> + <para>Add a DNS record.</para> +</refsect3> + +<refsect3> + <title>dns delete <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title> + <para>Delete a DNS record.</para> +</refsect3> + +<refsect3> + <title>dns query <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL</replaceable> [options] <replaceable>data</replaceable></title> + <para>Query a name.</para> +</refsect3> + +<refsect3> + <title>dns roothints <replaceable>server</replaceable> [<replaceable>name</replaceable>] [options]</title> + <para>Query root hints.</para> +</refsect3> + +<refsect3> + <title>dns serverinfo <replaceable>server</replaceable> [options]</title> + <para>Query server information.</para> +</refsect3> + +<refsect3> + <title>dns update <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>olddata</replaceable> <replaceable>newdata</replaceable></title> + <para>Update a DNS record.</para> +</refsect3> + +<refsect3> + <title>dns zonecreate <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title> + <para>Create a zone.</para> +</refsect3> + +<refsect3> + <title>dns zonedelete <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title> + <para>Delete a zone.</para> +</refsect3> + +<refsect3> + <title>dns zoneinfo <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title> + <para>Query zone information.</para> +</refsect3> + +<refsect3> + <title>dns zonelist <replaceable>server</replaceable> [options]</title> + <para>List zones.</para> +</refsect3> + +<refsect2> + <title>domain</title> + <para>Manage Domain.</para> +</refsect2> + +<refsect3> + <title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title> + <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC + database.</para> +</refsect3> + +<refsect3> + <title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC] [options]</title> + <para>Promote an existing domain member or NT4 PDC to an AD DC.</para> +</refsect3> + +<refsect3> + <title>domain demote</title> + <para>Demote ourselves from the role of domain controller.</para> +</refsect3> + +<refsect3> + <title>domain exportkeytab <replaceable>keytab</replaceable> [options]</title> + <para>Dumps Kerberos keys of the domain into a keytab.</para> +</refsect3> + +<refsect3> + <title>domain info <replaceable>ip_address</replaceable> [options]</title> + <para>Print basic info about a domain and the specified DC. +</para> +</refsect3> + +<refsect3> + <title>domain join <replaceable>dnsdomain</replaceable> [DC|RODC|MEMBER|SUBDOMAIN] [options]</title> + <para>Join a domain as either member or backup domain controller.</para> +</refsect3> + +<refsect3> + <title>domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options]</title> + <para>Show/raise domain and forest function levels.</para> +</refsect3> + +<refsect3> + <title>domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options]</title> + <para>Show/set password settings.</para> +</refsect3> + +<refsect3> + <title>domain provision</title> + <para>Promote an existing domain member or NT4 PDC to an AD DC.</para> +</refsect3> + +<refsect2> + <title>drs</title> + <para>Manage Directory Replication Services (DRS).</para> +</refsect2> + +<refsect3> + <title>drs bind</title> + <para>Show DRS capabilities of a server.</para> +</refsect3> + +<refsect3> + <title>drs kcc</title> + <para>Trigger knowledge consistency center run.</para> +</refsect3> + +<refsect3> + <title>drs options</title> + <para>Query or change <replaceable>options</replaceable> for NTDS Settings + object of a domain controller.</para> +</refsect3> + +<refsect3> + <title>drs replicate <replaceable>destination_DC</replaceable> <replaceable>source_DC</replaceable> <replaceable>NC</replaceable> [options]</title> + <para>Replicate a naming context between two DCs.</para> +</refsect3> + +<refsect3> + <title>drs showrepl</title> + <para>Show replication status.</para> +</refsect3> + +<refsect2> + <title>dsacl</title> + <para>Administer DS ACLs</para> +</refsect2> + +<refsect3> + <title>dsacl set</title> + <para>Modify access list on a directory object.</para> +</refsect3> + +<refsect2> + <title>fsmo</title> + <para>Manage Flexible Single Master Operations (FSMO).</para> +</refsect2> + +<refsect3> + <title>fsmo seize [options]</title> + <para>Seize the role.</para> +</refsect3> + +<refsect3> + <title>fsmo show</title> + <para>Show the roles.</para> +</refsect3> + +<refsect3> + <title>fsmo transfer [options]</title> + <para>Transfer the role.</para> +</refsect3> + +<refsect2> + <title>gpo</title> + <para>Manage Group Policy Objects (GPO).</para> +</refsect2> + +<refsect3> + <title>gpo create <replaceable>displayname</replaceable> [options]</title> + <para>Create an empty GPO.</para> +</refsect3> + +<refsect3> + <title>gpo del <replaceable>gpo</replaceable> [options]</title> + <para>Delete GPO.</para> +</refsect3> + +<refsect3> + <title>gpo dellink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title> + <para>Delete GPO link from a container.</para> +</refsect3> + +<refsect3> + <title>gpo fetch <replaceable>gpo</replaceable> [options]</title> + <para>Download a GPO.</para> +</refsect3> + +<refsect3> + <title>gpo getinheritance <replaceable>container_dn</replaceable> [options]</title> + <para>Get inheritance flag for a container.</para> +</refsect3> + +<refsect3> + <title>gpo getlink <replaceable>container_dn</replaceable> [options]</title> + <para>List GPO Links for a container.</para> +</refsect3> + +<refsect3> + <title>gpo list <replaceable>username</replaceable> [options]</title> + <para>List GPOs for an account.</para> +</refsect3> + +<refsect3> + <title>gpo listall</title> + <para>List all GPOs.</para> +</refsect3> + +<refsect3> + <title>gpo listcontainers <replaceable>gpo</replaceable> [options]</title> + <para>List all linked containers for a GPO.</para> +</refsect3> + +<refsect3> + <title>gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options]</title> + <para>Set inheritance flag on a container.</para> +</refsect3> + +<refsect3> + <title>gpo setlink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title> + <para>Add or Update a GPO link to a container.</para> +</refsect3> + +<refsect3> + <title>gpo show <replaceable>gpo</replaceable> [options]</title> + <para>Show information for a GPO.</para> +</refsect3> + +<refsect2> + <title>group</title> + <para>Manage groups.</para> +</refsect2> + +<refsect3> + <title>group add <replaceable>groupname</replaceable> [options]</title> + <para>Create a new AD group.</para> +</refsect3> + +<refsect3> + <title>group addmembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title> + <para>Add members to an AD group.</para> +</refsect3> + +<refsect3> + <title>group delete <replaceable>groupname</replaceable> [options]</title> + <para>Delete an AD group.</para> +</refsect3> + +<refsect3> + <title>group list</title> + <para>List all groups.</para> +</refsect3> + +<refsect3> + <title>group listmembers <replaceable>groupname</replaceable> [options]</title> + <para>List all members of the specified AD group.</para> +</refsect3> + +<refsect3> + <title>group removemembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title> + <para>Remove members from the specified AD group.</para> +</refsect3> + +<refsect2> + <title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title> + <para>Compare two LDAP databases.</para> +</refsect2> + +<refsect2> + <title>ntacl</title> + <para>Manage NT ACLs.</para> +</refsect2> + +<refsect3> + <title>ntacl get <replaceable>file</replaceable> [options]</title> + <para>Get ACLs on a file.</para> +</refsect3> + +<refsect3> + <title>ntacl set <replaceable>acl</replaceable> <replaceable>file</replaceable> [options]</title> + <para>Set ACLs on a file.</para> +</refsect3> + +<refsect3> + <title>ntacl sysvolcheck</title> + <para>Check sysvol ACLs match defaults (including correct ACLs on GPOs).</para> +</refsect3> + +<refsect3> + <title>ntacl sysvolreset</title> + <para>Reset sysvol ACLs to defaults (including correct ACLs on GPOs).</para> +</refsect3> + +<refsect2> + <title>rodc</title> + <para>Manage Read-Only Domain Controller (RODC).</para> +</refsect2> + +<refsect3> + <title>rodc preload <replaceable>SID</replaceable>|<replaceable>DN</replaceable>|<replaceable>accountname</replaceable> [options]</title> + <para>Preload one account for an RODC.</para> +</refsect3> + +<refsect2> + <title>sites</title> + <para>Manage sites.</para> +</refsect2> + +<refsect3> + <title>sites create <replaceable>site</replaceable> [options]</title> + <para>Create a new site.</para> +</refsect3> + +<refsect3> + <title>sites remove <replaceable>site</replaceable> [options]</title> + <para>Delete an esxisting site.</para> +</refsect3> + +<refsect2> + <title>spn</title> + <para>Manage Service Principal Names (SPN).</para> +</refsect2> + +<refsect3> + <title>spn add <replaceable>name</replaceable> <replaceable>user</replaceable> [options]</title> + <para>Create a new SPN.</para> +</refsect3> + +<refsect3> + <title>spn delete <replaceable>name</replaceable> [<replaceable>user</replaceable>] [options]</title> + <para>Delete an existing SPN.</para> +</refsect3> + +<refsect3> + <title>spn list <replaceable>user</replaceable> [options]</title> + <para>List SPNs of a given user.</para> +</refsect3> + +<refsect2> + <title>testparm</title> + <para>Check the syntax of the configuration file.</para> +</refsect2> + +<refsect2> + <title>time</title> + <para>Retrieve the time on a server.</para> +</refsect2> + +<refsect2> + <title>user</title> + <para>Manage users.</para> +</refsect2> + +<refsect3> + <title>user add <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title> + <para>Create a new user. Please note that this subcommand is deprecated + and available for compatibility reasons only. Please use + <command>samba-tool user create</command> instead.</para> +</refsect3> + +<refsect3> + <title>user create <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title> + <para>Create a new user in the Active Directory Domain.</para> +</refsect3> + +<refsect3> + <title>user delete <replaceable>username</replaceable> [options]</title> + <para>Delete an existing user account.</para> +</refsect3> + +<refsect3> + <title>user disable <replaceable>username</replaceable></title> + <para>Disable an user account.</para> +</refsect3> + +<refsect3> + <title>user enable <replaceable>username</replaceable></title> + <para>Enable an user account.</para> +</refsect3> + +<refsect3> + <title>user list</title> + <para>List all users.</para> +</refsect3> + +<refsect3> + <title>user password [options]</title> + <para>Change password for an user account (the one provided in + authentication).</para> +</refsect3> + +<refsect3> + <title>user setexpiry <replaceable>username</replaceable> [options]</title> + <para>Set the expiration of an user account.</para> +</refsect3> + +<refsect3> + <title>user setpassword <replaceable>username</replaceable> [options]</title> + <para>Sets or resets the password of an user account.</para> +</refsect3> + +<refsect2> + <title>vampire [options] <replaceable>domain</replaceable></title> + <para>Join and synchronise a remote AD domain to the local server. + Please note that <command>samba-tool vampire</command> is deprecated, + please use <command>samba-tool domain join</command> instead.</para> +</refsect2> + +<refsect2> +<title>help</title> +<para>Gives usage information.</para> +</refsect2> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is complete for version 4 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The samba-tool manpage was written by Karolin Seeger.</para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/samba.7.xml b/docs-xml/manpages/samba.7.xml index 2a76dff5ab..9299660d2e 100644 --- a/docs-xml/manpages-3/samba.7.xml +++ b/docs-xml/manpages/samba.7.xml @@ -7,13 +7,13 @@ <manvolnum>7</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">Miscellanea</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> <refnamediv> <refname>samba</refname> - <refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose> + <refpurpose>A Windows AD and SMB/CIFS fileserver for UNIX</refpurpose> </refnamediv> <refsynopsisdiv> @@ -22,66 +22,85 @@ <refsect1> <title>DESCRIPTION</title> - - <para>The Samba software suite is a collection of programs - that implements the Server Message Block (commonly abbreviated - as SMB) protocol for UNIX systems. This protocol is sometimes - also referred to as the Common Internet File System (CIFS). For a - more thorough description, see <ulink url="http://www.ubiqx.org/cifs/"> + + <para>The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems and provides Active Directory + services. This protocol is sometimes also referred to as the + Common Internet File System (CIFS). For a more thorough description, + see <ulink url="http://www.ubiqx.org/cifs/"> http://www.ubiqx.org/cifs/</ulink>. Samba also implements the NetBIOS protocol in nmbd.</para> - + <variablelist> <varlistentry> + <term><citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>samba</command> daemon provides the + Active Directory services and file and print services to + SMB clients. The configuration file + for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. + </para></listitem> + </varlistentry> + + <varlistentry> <term><citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>smbd</command> daemon provides the file and print services to - SMB clients, such as Windows 95/98, Windows NT, Windows - for Workgroups or LanManager. The configuration file + <listitem><para>The <command>smbd</command> daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> + <manvolnum>5</manvolnum></citerefentry>. </para></listitem> </varlistentry> - + <varlistentry> <term><citerefentry><refentrytitle>nmbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry></term> <listitem><para>The <command>nmbd</command> daemon provides NetBIOS nameservice and browsing - support. The configuration file for this daemon + support. The configuration file for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <manvolnum>5</manvolnum></citerefentry>.</para> </listitem> </varlistentry> <varlistentry> + <term><citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para><command>winbindd</command> is a daemon + that is used for integrating authentication and + the user database into unix.</para></listitem> + </varlistentry> + + <varlistentry> <term><citerefentry><refentrytitle>smbclient</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> <listitem><para>The <command>smbclient</command> - program implements a simple ftp-like client. This + program implements a simple ftp-like client. This is useful for accessing SMB shares on other compatible - servers (such as Windows NT), and can also be used - to allow a UNIX box to print to a printer attached to + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to any SMB server (such as a PC running Windows NT).</para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>testparm</command> - utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + <term><citerefentry><refentrytitle>samba-tool</refentrytitle> + <manvolnum>8</manvolnum></citerefentry></term> + <listitem><para>The <command>samba-tool</command> + is the main Samba Administration tool regarding + Acitive Directory services.</para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>testprns</refentrytitle> + <term><citerefentry><refentrytitle>testparm</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>testprns</command> - utility supports testing printer names defined - in your <filename>printcap</filename> file used - by Samba.</para> + <listitem><para>The <command>testparm</command> + utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> configuration file.</para> </listitem> </varlistentry> @@ -89,7 +108,7 @@ <term><citerefentry><refentrytitle>smbstatus</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> <listitem><para>The <command>smbstatus</command> - tool provides access to information about the + tool provides access to information about the current connections to <command>smbd</command>.</para> </listitem> </varlistentry> @@ -98,7 +117,7 @@ <term><citerefentry><refentrytitle>nmblookup</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> <listitem><para>The <command>nmblookup</command> - tools allows NetBIOS name queries to be made + tools allows NetBIOS name queries to be made from a UNIX host.</para> </listitem> </varlistentry> @@ -107,7 +126,7 @@ <term><citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry></term> <listitem><para>The <command>smbpasswd</command> - command is a tool for changing LanMan and Windows NT + command is a tool for changing LanMan and Windows NT password hashes on Samba and Windows NT servers.</para> </listitem> </varlistentry> @@ -115,38 +134,30 @@ <varlistentry> <term><citerefentry><refentrytitle>smbcacls</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>smbcacls</command> command is + <listitem><para>The <command>smbcacls</command> command is a tool to set ACL's on remote CIFS servers. </para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbsh</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>smbsh</command> command is - a program that allows you to run a unix shell with - with an overloaded VFS.</para></listitem> - </varlistentry> - - <varlistentry> <term><citerefentry><refentrytitle>smbtree</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>smbtree</command> command + <listitem><para>The <command>smbtree</command> command is a text-based network neighborhood tool.</para></listitem> </varlistentry> <varlistentry> <term><citerefentry><refentrytitle>smbtar</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>smbtar</command> can make + <listitem><para>The <command>smbtar</command> can make backups of data on CIFS/SMB servers.</para></listitem> </varlistentry> <varlistentry> <term><citerefentry><refentrytitle>smbspool</refentrytitle> <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para><command>smbspool</command> is a - helper utility for printing on printers connected + <listitem><para><command>smbspool</command> is a + helper utility for printing on printers connected to CIFS servers. </para></listitem> </varlistentry> @@ -154,7 +165,9 @@ <term><citerefentry><refentrytitle>smbcontrol</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> <listitem><para><command>smbcontrol</command> is a utility - that can change the behaviour of running samba daemons. + that can change the behaviour of running + <command>smbd</command>, <command>nmbd</command> and + <command>winbindd</command> daemons. </para></listitem> </varlistentry> @@ -162,28 +175,28 @@ <term><citerefentry><refentrytitle>rpcclient</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> <listitem><para><command>rpcclient</command> is a utility - that can be used to execute RPC commands on remote + that can be used to execute RPC commands on remote CIFS servers.</para></listitem> </varlistentry> <varlistentry> <term><citerefentry><refentrytitle>pdbedit</refentrytitle> <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>pdbedit</command> command - can be used to maintain the local user database on + <listitem><para>The <command>pdbedit</command> command + can be used to maintain the local user database on a samba server.</para></listitem></varlistentry> <varlistentry> <term><citerefentry><refentrytitle>findsmb</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para>The <command>findsmb</command> command + <listitem><para>The <command>findsmb</command> command can be used to find SMB servers on the local network. </para></listitem></varlistentry> <varlistentry> <term><citerefentry><refentrytitle>net</refentrytitle> <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>net</command> command + <listitem><para>The <command>net</command> command is supposed to work similar to the DOS/Windows NET.EXE command.</para></listitem> </varlistentry> @@ -197,17 +210,9 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para><command>winbindd</command> is a daemon - that is used for integrating authentication and - the user database into unix.</para></listitem> - </varlistentry> - - <varlistentry> <term><citerefentry><refentrytitle>wbinfo</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para><command>wbinfo</command> is a utility + <listitem><para><command>wbinfo</command> is a utility that retrieves and stores information related to winbind. </para></listitem> </varlistentry> @@ -224,8 +229,8 @@ <varlistentry> <term><citerefentry><refentrytitle>log2pcap</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para><command>log2pcap</command> is a utility - for generating pcap trace files from Samba log + <listitem><para><command>log2pcap</command> is a utility + for generating pcap trace files from Samba log files.</para></listitem> </varlistentry> @@ -244,19 +249,9 @@ </para></listitem></varlistentry> <varlistentry> - <term> -<citerefentry><refentrytitle>smbmount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -<citerefentry><refentrytitle>smbumount</refentrytitle><manvolnum>8</manvolnum></citerefentry>, -<citerefentry><refentrytitle>smbmnt</refentrytitle><manvolnum>8</manvolnum></citerefentry></term> - <listitem><para><command>smbmount</command>,<command>smbumount</command> and <command>smbmnt</command> are commands that can be used to - mount CIFS/SMB shares on Linux. - </para></listitem> - </varlistentry> - - <varlistentry> <term><citerefentry><refentrytitle>smbcquotas</refentrytitle> <manvolnum>1</manvolnum></citerefentry></term> - <listitem><para><command>smbcquotas</command> is a tool that + <listitem><para><command>smbcquotas</command> is a tool that can set remote QUOTA's on server with NTFS 5. </para> </listitem> </varlistentry> @@ -265,11 +260,11 @@ <refsect1> <title>COMPONENTS</title> - - <para>The Samba suite is made up of several components. Each - component is described in a separate manual page. It is strongly - recommended that you read the documentation that comes with Samba - and the manual pages of those components that you use. If the + + <para>The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the manual pages and documents aren't clear enough then please visit <ulink url="http://devel.samba.org/">http://devel.samba.org</ulink> for information on how to file a bug report or submit a patch.</para> @@ -282,79 +277,79 @@ <refsect1> <title>AVAILABILITY</title> - - <para>The Samba software suite is licensed under the - GNU Public License(GPL). A copy of that license should - have come with the package in the file COPYING. You are - encouraged to distribute copies of the Samba suite, but + + <para>The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but please obey the terms of this license.</para> - <para>The latest version of the Samba suite can be + <para>The latest version of the Samba suite can be obtained via anonymous ftp from samba.org in the - directory pub/samba/. It is also available on several + directory pub/samba/. It is also available on several mirror sites worldwide.</para> - - <para>You may also find useful information about Samba + + <para>You may also find useful information about Samba on the newsgroup <ulink url="news:comp.protocols.smb"> - comp.protocol.smb</ulink> and the Samba mailing - list. Details on how to join the mailing list are given in + comp.protocol.smb</ulink> and the Samba mailing + list. Details on how to join the mailing list are given in the README file that comes with Samba.</para> - + <para>If you have access to a WWW viewer (such as Mozilla - or Konqueror) then you will also find lots of useful information, + or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, at <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para> </refsect1> <refsect1> <title>VERSION</title> - - <para>This man page is correct for version 3 of the + + <para>This man page is correct for version 4 of the Samba suite. </para> </refsect1> <refsect1> <title>CONTRIBUTIONS</title> - - <para>If you wish to contribute to the Samba project, - then I suggest you join the Samba mailing list at + + <para>If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>. </para> <para>If you have patches to submit, visit <ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink> - for information on how to do it properly. We prefer patches - in <command>diff -u</command> format.</para> + for information on how to do it properly. We prefer patches + in <command>git format-patch</command> format.</para> </refsect1> <refsect1> <title>CONTRIBUTORS</title> - - <para>Contributors to the project are now too numerous - to mention here but all deserve the thanks of all Samba + + <para>Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba users. To see a full list, look at the - <filename>change-log</filename> in the source package - for the pre-CVS changes and at <ulink - url="http://cvs.samba.org/"> - http://cvs.samba.org/</ulink> - for the contributors to Samba post-CVS. CVS is the Open Source - source code control system used by the Samba Team to develop + <filename>change-log</filename> in the source package + for the pre-CVS changes and at <ulink + url="http://git.samba.org/"> + http://git.samba.org/</ulink> + for the contributors to Samba post-GIT. GIT is the Open Source + source code control system used by the Samba Team to develop Samba. The project would have been unmanageable without it.</para> </refsect1> <refsect1> <title>AUTHOR</title> - - <para>The original Samba software and related utilities + + <para>The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> </refsect1> diff --git a/docs-xml/manpages/samba.8.xml b/docs-xml/manpages/samba.8.xml new file mode 100644 index 0000000000..9ce65c850b --- /dev/null +++ b/docs-xml/manpages/samba.8.xml @@ -0,0 +1,273 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="samba.8"> + +<refmeta> + <refentrytitle>samba</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>samba</refname> + <refpurpose>Server to provide AD and SMB/CIFS services to clients</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>samba</command> + <arg choice="opt">-D</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-M <model></arg> + <arg choice="opt">--maximum-runtime=<seconds></arg> + <arg choice="opt">-b</arg> + <arg choice="opt">--help</arg> + <arg choice="opt">--usage</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">--debug-stderr</arg> + <arg choice="opt">-s <configuration file></arg> + <arg choice="opt">--option=<smb_conf_param>=<value></arg> + <arg choice="opt">-l <log directory></arg> + <arg choice="opt">--leak-report</arg> + <arg choice="opt">--leak-report-full</arg> + <arg choice="opt">-V</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para><command>samba</command> is the server daemon that + provides Active Directory, filesharing and printing services to clients. + The server provides filespace and directory services to + clients using the SMB (or CIFS) protocol and other + related protocols such as DCE/RPC, LDAP and Kerberos. + </para> + + <para> + Clients supported include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000/XP/2003, + OS/2, DAVE for Macintosh, and cifsfs for Linux.</para> + + <para>An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server. + </para> + + <para>Please note that there are significant security + implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before + proceeding with installation. + </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-D|--daemon</term> + <listitem><para>If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate ports. Operating the server as a + daemon is the recommended way of running + <command>samba</command> for servers that provide more + than casual use file and print services. This switch is + assumed if <command>samba</command> is executed on the + command line of a shell. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-i|--interactive</term> + <listitem><para>If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit daemon mode when run from the + command line. <command>samba</command> also logs to standard + output, as if the <command>-S</command> parameter had been + given. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-M model</term> + <listitem><para>This parameter can be used to specify the + "process model" samba should use. This determines + how concurrent clients are handled. Available process + models include <emphasis>single</emphasis> (everything in + a single process), <emphasis>standard</emphasis> (similar + behaviour to that of Samba 3), <emphasis>thread</emphasis> + (single process, different threads. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--maximum-runtime=seconds</term> + <listitem><para>Set maximum runtime of the server process till + autotermination in seconds. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-b|--show-build</term> + <listitem><para>Print information about how Samba was built. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-?|--help</term> + <listitem><para>Show help message.</para></listitem> + </varlistentry> + + <varlistentry> + <term>--usage</term> + <listitem><para>Display brief usage message.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-d|--debuglevel=DEBUGLEVEL</term> + <listitem><para>Set debug level.</para></listitem> + </varlistentry> + + <varlistentry> + <term>--debug-stderr</term> + <listitem><para>Send debug output to STDERR.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-s|--configfile=CONFIGFILE</term> + <listitem><para>Use alternative configuration file. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--option=SMB_CONF_PARAM=VALUE</term> + <listitem><para>Set smb.conf option from command line. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-l|--log-basename=LOGFILEBASE</term> + <listitem><para>Basename for log/debug files.</para></listitem> + </varlistentry> + + <varlistentry> + <term>--leak-report</term> + <listitem><para>Enable talloc leak reporting on exit. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>--leak-report-full</term> + <listitem><para>Enable full talloc leak reporting on exit. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-V|--version</term> + <listitem><para>Print version.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/rc</filename></term> + <listitem><para>or whatever initialization script your + system uses).</para> + + <para>If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>If running the server via the + meta-daemon <command>inetd</command>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems + install this file are <filename>/usr/samba/lib/smb.conf</filename> + and <filename>/etc/samba/smb.conf</filename>.</para> + + <para>This file describes all the services the server + is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for more information.</para> + </listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line.</para> + + <para>The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files.</para> + + <para>Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 4 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><citerefentry><refentrytitle>hosts_access</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> + <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba-tool</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>1</manvolnum></citerefentry>, and the + Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/"> + http://samba.org/cifs/</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/sharesec.1.xml b/docs-xml/manpages/sharesec.1.xml index 6618c027e5..5cd4a48728 100644 --- a/docs-xml/manpages-3/sharesec.1.xml +++ b/docs-xml/manpages/sharesec.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smb.conf.5.xml b/docs-xml/manpages/smb.conf.5.xml index f5f252ba46..71b097b263 100644 --- a/docs-xml/manpages-3/smb.conf.5.xml +++ b/docs-xml/manpages/smb.conf.5.xml @@ -6,7 +6,7 @@ <manvolnum>5</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -503,7 +503,7 @@ chmod 1770 /usr/local/samba/lib/usershares <varlistentry> <term>%I</term> <listitem><para>the IP address of the client machine.</para> - <para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses, + <para>Before 4.0.0 it could contain IPv4 mapped IPv6 addresses, now it only contains IPv4 or IPv6 addresses.</para> </listitem> </varlistentry> @@ -511,7 +511,7 @@ chmod 1770 /usr/local/samba/lib/usershares <varlistentry> <term>%i</term> <listitem><para>the local IP address to which a client connected.</para> - <para>Before 3.6.0 it could contain IPv4 mapped IPv6 addresses, + <para>Before 4.0.0 it could contain IPv4 mapped IPv6 addresses, now it only contains IPv4 or IPv6 addresses.</para> </listitem> </varlistentry> @@ -670,59 +670,6 @@ chmod 1770 /usr/local/samba/lib/usershares </refsect1> -<refsect1 id="VALIDATIONSECT"> - <title>NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> - - <para> - There are a number of ways in which a user can connect to a service. The server uses the following steps - in determining if it will allow a connection to a specified service. If all the steps fail, the connection - request is rejected. However, if one of the steps succeeds, the following steps are not checked. - </para> - - <para> - If the service is marked <quote>guest only = yes</quote> and the server is running with share-level - security (<quote>security = share</quote>, steps 1 to 5 are skipped. - </para> - - - <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> - <listitem><para> - If the client has passed a username/password pair and that username/password pair is validated by the UNIX - system's password programs, the connection is made as that username. This includes the - <literal>\\server\service</literal>%<replaceable>username</replaceable> method of passing a username. - </para></listitem> - - <listitem><para> - If the client has previously registered a username with the system and now supplies a correct password for that - username, the connection is allowed. - </para></listitem> - - <listitem><para> - The client's NetBIOS name and any previously used usernames are checked against the supplied password. If - they match, the connection is allowed as the corresponding user. - </para></listitem> - - <listitem><para> - If the client has previously validated a username/password pair with the server and the client has passed - the validation token, that username is used. - </para></listitem> - - <listitem><para> - If a <literal>user = </literal> field is given in the <filename moreinfo="none">smb.conf</filename> file for the - service and the client has supplied a password, and that password matches (according to the UNIX system's - password checking) with one of the usernames from the <literal>user =</literal> field, the connection is made as - the username in the <literal>user =</literal> line. If one of the usernames in the <literal>user =</literal> list - begins with a <literal>@</literal>, that name expands to a list of names in the group of the same name. - </para></listitem> - - <listitem><para> - If the service is a guest service, a connection is made as the username given in the <literal>guest account - =</literal> for the service, irrespective of the supplied password. - </para></listitem> - </orderedlist> - -</refsect1> - <refsect1> <title>REGISTRY-BASED CONFIGURATION</title> @@ -810,7 +757,10 @@ chmod 1770 /usr/local/samba/lib/usershares <title>EXPLANATION OF EACH PARAMETER</title> <samba:parameterlist> - <xi:include href="../smbdotconf/parameters.all.xml" parse="xml"/> + <!-- The URI below is resolved to local generated version of parameters.all.xml //--> + <!-- WAF build places it in bin/default/docs-xml/smbdotconf/parameters.all.xml //--> + <!-- and we redirect there via use of XML_CATALOG_FILES, see docs-xml/build/catalog.xml.in //--> + <xi:include href="http://www.samba.org/samba/smbdotconf/parameters.all.xml" parse="xml"/> </samba:parameterlist> </refsect1> @@ -842,7 +792,7 @@ chmod 1770 /usr/local/samba/lib/usershares <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3 of the Samba suite.</para> + <para>This man page is correct for version 4 of the Samba suite.</para> </refsect1> <refsect1> @@ -853,6 +803,9 @@ chmod 1770 /usr/local/samba/lib/usershares <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba-tool</refentrytitle> <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> diff --git a/docs-xml/manpages-3/smbcacls.1.xml b/docs-xml/manpages/smbcacls.1.xml index 8674ecf1f4..91a1806fe0 100644 --- a/docs-xml/manpages-3/smbcacls.1.xml +++ b/docs-xml/manpages/smbcacls.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml index dfeb6c5ed1..d7a017ca60 100644 --- a/docs-xml/manpages-3/smbclient.1.xml +++ b/docs-xml/manpages/smbclient.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -559,6 +559,17 @@ </varlistentry> <varlistentry> + <term>backup</term> + <listitem><para>Toggle the state of the "backup intent" flag + sent to the server on directory listings and file opens. If + the "backup intent" flag is true, the server will try and + bypass some file system checks if the user has been granted + SE_BACKUP or SE_RESTORE privilages. This state is useful when + performing a backup or restore operation. + </para></listitem> + </varlistentry> + + <varlistentry> <term>blocksize <number></term> <listitem><para>Sets the blocksize parameter for a tar operation. The default is 20. Causes tar file to be written out in blocksize*TBLOCK (normally 512 byte) units. @@ -735,6 +746,13 @@ </varlistentry> <varlistentry> + <term>logoff</term> + <listitem><para>Logs the user off the server, closing the session. + Used for internal Samba testing purposes. + </para></listitem> + </varlistentry> + + <varlistentry> <term>lowercase</term> <listitem><para>Toggle lowercasing of filenames for the get and mget commands. @@ -1044,6 +1062,30 @@ </para></listitem> </varlistentry> + <varlistentry> + <term>tcon <sharename></term> + <listitem><para>Establishes a new tree connect (connection to a share). + Replaces the current tree connect. Prints the new tid (tree id). + Used for internal Samba testing purposes. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>tdis</term> + <listitem><para>Close the current share connection (tree disconnect). + Used for internal Samba testing purposes. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>tid <number></term> + <listitem><para>Changes the current tree id (tid) in the + protocol to a new arbitrary number. Without an argument, it + prints out the tid currently used. + Used for internal Samba testing purposes. + </para></listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/docs-xml/manpages-3/smbcontrol.1.xml b/docs-xml/manpages/smbcontrol.1.xml index 6ffec13714..e9dc55c5b5 100644 --- a/docs-xml/manpages-3/smbcontrol.1.xml +++ b/docs-xml/manpages/smbcontrol.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -223,18 +223,6 @@ </varlistentry> <varlistentry> - <term>samsync</term> - <listitem><para>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <constant>smbd</constant>. </para> - <note><para>Not working at the moment</para></note> - </listitem> - </varlistentry> - - <varlistentry> - <term>samrepl</term> - <listitem><para>Send sam replication message, with specified serial. Can only be sent to <constant>smbd</constant>. Should not be used manually.</para></listitem> - </varlistentry> - - <varlistentry> <term>dmalloc-mark</term> <listitem><para>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem> </varlistentry> @@ -273,6 +261,13 @@ </varlistentry> <varlistentry> + <term>reload-printers</term> + <listitem><para>Force smbd to reload printers. Can only be sent to + <constant>smbd</constant>. + </para></listitem> + </varlistentry> + + <varlistentry> <term>idmap</term> <listitem><para>Notify about changes of id mapping. Can be sent to <constant>smbd</constant> or (not implemented yet) <constant>winbindd</constant>. diff --git a/docs-xml/manpages-3/smbcquotas.1.xml b/docs-xml/manpages/smbcquotas.1.xml index de43878ca7..69185eb637 100644 --- a/docs-xml/manpages-3/smbcquotas.1.xml +++ b/docs-xml/manpages/smbcquotas.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbd.8.xml b/docs-xml/manpages/smbd.8.xml index 618ff821f4..98e76fb001 100644 --- a/docs-xml/manpages-3/smbd.8.xml +++ b/docs-xml/manpages/smbd.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -309,10 +309,6 @@ <listitem><para>browse lists</para></listitem> </varlistentry> -<varlistentry><term>connections.tdb</term> -<listitem><para>share connections (used to enforce max connections, etc...)</para></listitem> -</varlistentry> - <varlistentry><term>gencache.tdb</term> <listitem><para>generic caching db</para></listitem> </varlistentry> @@ -357,10 +353,18 @@ <listitem><para>Windows registry skeleton (connect via regedit.exe)</para></listitem> </varlistentry> -<varlistentry><term>sessionid.tdb</term> +<varlistentry><term>smbXsrv_session_global.tdb</term> <listitem><para>session information (e.g. support for 'utmp = yes')</para></listitem> </varlistentry> +<varlistentry><term>smbXsrv_tcon_global.tdb</term> +<listitem><para>share connections (used to enforce max connections, etc...)</para></listitem> +</varlistentry> + +<varlistentry><term>smbXsrv_open_global.tdb</term> +<listitem><para>open file handles (used durable handles, etc...)</para></listitem> +</varlistentry> + <varlistentry><term>share_info.tdb*</term> <listitem><para>share acls</para></listitem> </varlistentry> diff --git a/docs-xml/manpages-3/smbget.1.xml b/docs-xml/manpages/smbget.1.xml index 99ff5c69c0..c151db5eef 100644 --- a/docs-xml/manpages-3/smbget.1.xml +++ b/docs-xml/manpages/smbget.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbgetrc.5.xml b/docs-xml/manpages/smbgetrc.5.xml index d4749f2bac..2fe5018637 100644 --- a/docs-xml/manpages-3/smbgetrc.5.xml +++ b/docs-xml/manpages/smbgetrc.5.xml @@ -7,7 +7,7 @@ <manvolnum>5</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbpasswd.5.xml b/docs-xml/manpages/smbpasswd.5.xml index 34676f64ee..fc512b8109 100644 --- a/docs-xml/manpages-3/smbpasswd.5.xml +++ b/docs-xml/manpages/smbpasswd.5.xml @@ -7,7 +7,7 @@ <manvolnum>5</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbpasswd.8.xml b/docs-xml/manpages/smbpasswd.8.xml index 7477f07f71..376044ccaf 100644 --- a/docs-xml/manpages-3/smbpasswd.8.xml +++ b/docs-xml/manpages/smbpasswd.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbspool.8.xml b/docs-xml/manpages/smbspool.8.xml index ee5cc0d173..a258f3f3aa 100644 --- a/docs-xml/manpages-3/smbspool.8.xml +++ b/docs-xml/manpages/smbspool.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbstatus.1.xml b/docs-xml/manpages/smbstatus.1.xml index 150e3d0b7e..6afa69321a 100644 --- a/docs-xml/manpages-3/smbstatus.1.xml +++ b/docs-xml/manpages/smbstatus.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -27,6 +27,8 @@ <arg choice="opt">-B</arg> <arg choice="opt">-p</arg> <arg choice="opt">-S</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-f</arg> <arg choice="opt">-s <configuration file></arg> <arg choice="opt">-u <username></arg> </cmdsynopsis> @@ -95,6 +97,22 @@ </listitem> </varlistentry> + <varlistentry> + <term>-N|--notify</term> + <listitem><para>causes smbstatus to display registered file + notifications</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-f|--fast</term> + <listitem><para>causes smbstatus to not check if the status data + is valid by checking if the processes that the status data refer to all still + exist. This speeds up execution on busy systems and clusters but + might display stale data of processes that died without cleaning up properly.</para> + </listitem> + </varlistentry> + &stdarg.help; <varlistentry> diff --git a/docs-xml/manpages-3/smbta-util.8.xml b/docs-xml/manpages/smbta-util.8.xml index 3a88f7b213..fef45943f5 100644 --- a/docs-xml/manpages-3/smbta-util.8.xml +++ b/docs-xml/manpages/smbta-util.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -25,7 +25,7 @@ <cmdsynopsis> <command>smbta-util</command> <arg rep="repeat" choice="opt"> - <replaceable>OPTIONS</replaceable> + <replaceable>COMMANDS</replaceable> </arg> </cmdsynopsis> @@ -36,7 +36,7 @@ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <manvolnum>1</manvolnum></citerefentry> suite.</para> <para><command>smbta-util</command> is a tool to ease the configuration of the vfs_smb_traffic_analyzer module regarding @@ -52,7 +52,7 @@ <refsect1> - <title>OPTIONS</title> + <title>COMMANDS</title> <variablelist> @@ -103,7 +103,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.6 of the Samba suite.</para> + <para>This man page is correct for version 3.4 of the Samba suite.</para> </refsect1> <refsect1> diff --git a/docs-xml/manpages-3/smbtar.1.xml b/docs-xml/manpages/smbtar.1.xml index 7ce564c8dc..287a5aaf84 100644 --- a/docs-xml/manpages-3/smbtar.1.xml +++ b/docs-xml/manpages/smbtar.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/smbtree.1.xml b/docs-xml/manpages/smbtree.1.xml index d69aef13ba..7d557bfd67 100644 --- a/docs-xml/manpages-3/smbtree.1.xml +++ b/docs-xml/manpages/smbtree.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/swat.8.xml b/docs-xml/manpages/swat.8.xml index ec102130b4..7438938bd8 100644 --- a/docs-xml/manpages-3/swat.8.xml +++ b/docs-xml/manpages/swat.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/testparm.1.xml b/docs-xml/manpages/testparm.1.xml index 8d7cc22204..5d4a6b96f2 100644 --- a/docs-xml/manpages-3/testparm.1.xml +++ b/docs-xml/manpages/testparm.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_acl_tdb.8.xml b/docs-xml/manpages/vfs_acl_tdb.8.xml index 7c22dec5de..2375116aee 100644 --- a/docs-xml/manpages-3/vfs_acl_tdb.8.xml +++ b/docs-xml/manpages/vfs_acl_tdb.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_acl_xattr.8.xml b/docs-xml/manpages/vfs_acl_xattr.8.xml index 41a8a9750a..2fac8195a0 100644 --- a/docs-xml/manpages-3/vfs_acl_xattr.8.xml +++ b/docs-xml/manpages/vfs_acl_xattr.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_aio_fork.8.xml b/docs-xml/manpages/vfs_aio_fork.8.xml index af69d9ab0d..615f7f9eb5 100644 --- a/docs-xml/manpages-3/vfs_aio_fork.8.xml +++ b/docs-xml/manpages/vfs_aio_fork.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -69,7 +69,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.6.0 of the Samba suite. + <para>This man page is correct for version 4.0.0 of the Samba suite. </para> </refsect1> diff --git a/docs-xml/manpages/vfs_aio_linux.8.xml b/docs-xml/manpages/vfs_aio_linux.8.xml new file mode 100644 index 0000000000..e26fbe6783 --- /dev/null +++ b/docs-xml/manpages/vfs_aio_linux.8.xml @@ -0,0 +1,115 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_aio_linux.8"> + +<refmeta> + <refentrytitle>vfs_aio_linux</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_aio_linux</refname> + <refpurpose>implement async I/O in Samba vfs using Linux kernel aio calls</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = aio_linux</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>aio_linux</command> VFS module enables asynchronous + I/O for Samba on Linux kernels that have the kernel AIO calls available + without using the Posix AIO interface. Posix AIO can suffer from severe + limitations. For example, on some Linux versions the + real-time signals that it uses are broken under heavy load. + Other systems only allow AIO when special kernel modules are + loaded or only allow a certain system-wide amount of async + requests being scheduled. Systems based on glibc (most Linux + systems) only allow a single outstanding request per file + descriptor which essentially makes Posix AIO useless on systems + using the glibc implementation.</para> + + <para>To work around all these limitations, the aio_linux module + was written. It uses the Linux kernel AIO interface instead of the + internal Posix AIO interface to allow read and write calls + to be processed asynchronously. A queue size of 128 events + is used by default. To change this limit set the "aio num events" + parameter below. + </para> + + <para> + Note that the smb.conf parameters <command>aio read size</command> + and <command>aio write size</command> must also be set appropriately + for this module to be active. + </para> + + <para>This module MUST be listed last in any module stack as + the Samba VFS pread/pwrite interface is not thread-safe. This + module makes direct pread and pwrite system calls and does + NOT call the Samba VFS pread and pwrite interfaces.</para> + +</refsect1> + + +<refsect1> + <title>EXAMPLES</title> + + <para>Straight forward use:</para> + +<programlisting> + <smbconfsection name="[cooldata]"/> + <smbconfoption name="path">/data/ice</smbconfoption> + <smbconfoption name="aio read size">1024</smbconfoption> + <smbconfoption name="aio write size">1024</smbconfoption> + <smbconfoption name="vfs objects">aio_linux</smbconfoption> +</programlisting> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + <term>aio_linux:aio num events = INTEGER</term> + <listitem> + <para>Set the maximum size of the event queue + that is used to limit outstanding IO requests. + </para> + <para>By default this is set to 128.</para> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 4.0 of the Samba suite. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_aio_pthread.8.xml b/docs-xml/manpages/vfs_aio_pthread.8.xml index 3e41ee9e18..2ffbcf297e 100644 --- a/docs-xml/manpages-3/vfs_aio_pthread.8.xml +++ b/docs-xml/manpages/vfs_aio_pthread.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -103,7 +103,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.6.3 of the Samba suite. + <para>This man page is correct for version 4.0 of the Samba suite. </para> </refsect1> diff --git a/docs-xml/manpages-3/vfs_audit.8.xml b/docs-xml/manpages/vfs_audit.8.xml index 48936fcc08..564c7b81ff 100644 --- a/docs-xml/manpages-3/vfs_audit.8.xml +++ b/docs-xml/manpages/vfs_audit.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_cacheprime.8.xml b/docs-xml/manpages/vfs_cacheprime.8.xml index 533919a59f..bf8e9b1954 100644 --- a/docs-xml/manpages-3/vfs_cacheprime.8.xml +++ b/docs-xml/manpages/vfs_cacheprime.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_cap.8.xml b/docs-xml/manpages/vfs_cap.8.xml index 6b625e0f03..9295868989 100644 --- a/docs-xml/manpages-3/vfs_cap.8.xml +++ b/docs-xml/manpages/vfs_cap.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages/vfs_catia.8.xml b/docs-xml/manpages/vfs_catia.8.xml new file mode 100644 index 0000000000..a5f62333dc --- /dev/null +++ b/docs-xml/manpages/vfs_catia.8.xml @@ -0,0 +1,73 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_catia.8"> + +<refmeta> + <refentrytitle>vfs_catia</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_catia</refname> + <refpurpose>translate illegal characters in Catia filenames</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = catia</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The Catia CAD package commonly creates filenames that + use characters that are illegal in CIFS filenames. The + <command>vfs_catia</command> VFS module implements a fixed character + mapping so that these files can be shared with CIFS clients. + </para> + + <para>This module is stackable.</para> + +</refsect1> + + +<refsect1> + <title>EXAMPLES</title> + + <para>Map Catia filenames on the [CAD] share:</para> + +<programlisting> + <smbconfsection name="[CAD]"/> + <smbconfoption name="path">/data/cad</smbconfoption> + <smbconfoption name="vfs objects">catia</smbconfoption> +</programlisting> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0.25 of the Samba suite. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_commit.8.xml b/docs-xml/manpages/vfs_commit.8.xml index 395c3de09b..dfb3418c94 100644 --- a/docs-xml/manpages-3/vfs_commit.8.xml +++ b/docs-xml/manpages/vfs_commit.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_crossrename.8.xml b/docs-xml/manpages/vfs_crossrename.8.xml index ba7c7c8419..898c2b3ebd 100644 --- a/docs-xml/manpages-3/vfs_crossrename.8.xml +++ b/docs-xml/manpages/vfs_crossrename.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -99,7 +99,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.6.0 of the Samba suite. + <para>This man page is correct for version 4.0.0 of the Samba suite. </para> </refsect1> diff --git a/docs-xml/manpages-3/vfs_default_quota.8.xml b/docs-xml/manpages/vfs_default_quota.8.xml index c173c36320..a1e3a1d3c6 100644 --- a/docs-xml/manpages-3/vfs_default_quota.8.xml +++ b/docs-xml/manpages/vfs_default_quota.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_dirsort.8.xml b/docs-xml/manpages/vfs_dirsort.8.xml index d833c4aafe..ef7d66ef05 100644 --- a/docs-xml/manpages-3/vfs_dirsort.8.xml +++ b/docs-xml/manpages/vfs_dirsort.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_extd_audit.8.xml b/docs-xml/manpages/vfs_extd_audit.8.xml index bb1ad95c3f..2c170c1412 100644 --- a/docs-xml/manpages-3/vfs_extd_audit.8.xml +++ b/docs-xml/manpages/vfs_extd_audit.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_fake_perms.8.xml b/docs-xml/manpages/vfs_fake_perms.8.xml index 8b58f8dea2..6916ced2e2 100644 --- a/docs-xml/manpages-3/vfs_fake_perms.8.xml +++ b/docs-xml/manpages/vfs_fake_perms.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_fileid.8.xml b/docs-xml/manpages/vfs_fileid.8.xml index e4f40ee917..275a344b09 100644 --- a/docs-xml/manpages-3/vfs_fileid.8.xml +++ b/docs-xml/manpages/vfs_fileid.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages/vfs_full_audit.8.xml index 9c9dc843f8..a44924a8f6 100644 --- a/docs-xml/manpages-3/vfs_full_audit.8.xml +++ b/docs-xml/manpages/vfs_full_audit.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -38,13 +38,6 @@ complete set of Samba VFS operations:</para> <simplelist> - <member>aio_cancel</member> - <member>aio_error</member> - <member>aio_fsync</member> - <member>aio_read</member> - <member>aio_return</member> - <member>aio_suspend</member> - <member>aio_write</member> <member>chdir</member> <member>chflags</member> <member>chmod</member> @@ -74,15 +67,11 @@ <member>getwd</member> <member>getxattr</member> <member>kernel_flock</member> - <member>lgetxattr</member> <member>link</member> <member>linux_setlease</member> <member>listxattr</member> - <member>llistxattr</member> <member>lock</member> - <member>lremovexattr</member> <member>lseek</member> - <member>lsetxattr</member> <member>lstat</member> <member>mkdir</member> <member>mknod</member> @@ -106,28 +95,11 @@ <member>stat</member> <member>statvfs</member> <member>symlink</member> - <member>sys_acl_add_perm</member> - <member>sys_acl_clear_perms</member> - <member>sys_acl_create_entry</member> <member>sys_acl_delete_def_file</member> - <member>sys_acl_free_acl</member> - <member>sys_acl_free_qualifier</member> - <member>sys_acl_free_text</member> - <member>sys_acl_get_entry</member> <member>sys_acl_get_fd</member> <member>sys_acl_get_file</member> - <member>sys_acl_get_perm</member> - <member>sys_acl_get_permset</member> - <member>sys_acl_get_qualifier</member> - <member>sys_acl_get_tag_type</member> - <member>sys_acl_init</member> <member>sys_acl_set_fd</member> <member>sys_acl_set_file</member> - <member>sys_acl_set_permset</member> - <member>sys_acl_set_qualifier</member> - <member>sys_acl_set_tag_type</member> - <member>sys_acl_to_text</member> - <member>sys_acl_valid</member> <member>telldir</member> <member>unlink</member> <member>utime</member> diff --git a/docs-xml/manpages-3/vfs_gpfs.8.xml b/docs-xml/manpages/vfs_gpfs.8.xml index a6b31240ee..3ddf946a83 100644 --- a/docs-xml/manpages-3/vfs_gpfs.8.xml +++ b/docs-xml/manpages/vfs_gpfs.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -50,6 +50,8 @@ <para>This module is stackable.</para> + <para>Since Samba 4.0 all options are per share options.</para> + </refsect1> @@ -118,7 +120,7 @@ <command>no(default)</command> - Do not announce HSM. </para></listitem> <listitem><para> - <command>no</command> - Announce HSM. + <command>yes</command> - Announce HSM. </para></listitem> </itemizedlist> </listitem> @@ -174,7 +176,7 @@ <listitem> <para> GPFS ACLs doesn't know about the 'APPEND' right. - This optionen lets Samba map the 'APPEND' right to 'WRITE'. + This option lets Samba map the 'APPEND' right to 'WRITE'. </para> <itemizedlist> @@ -190,6 +192,26 @@ </varlistentry> <varlistentry> + <term>gpfs:acl = [ yes | no ]</term> + <listitem> + <para> + This option lets Samba use or ignore GPFS ACLs. + </para> + + <itemizedlist> + <listitem><para> + <command>yes(default)</command> - use GPFS ACLs. + </para></listitem> + <listitem><para> + <command>no</command> - do not use GPFS ACLs and pass everything + to the next SMB_VFS module. + </para></listitem> + </itemizedlist> + </listitem> + + </varlistentry> + <varlistentry> + <term>gpfs:refuse_dacl_protected = [ yes | no ]</term> <listitem> <para> @@ -221,6 +243,71 @@ </varlistentry> <varlistentry> + <term>gpfs:dfreequota = [ yes | no ]</term> + <listitem> + <para> + Adjust reporting of the size and free space of a share + according to quotas. If this setting is "yes", a + request for size and free space will also evaluate the + user quota of the user requesting the data, the group + quota of the primary group of the user and the fileset + quota for the fileset containing the top level + directory of the share. + </para> + + <para> + If any of the soft or hard quota limits has been + reached, the free space will be reported as 0. If a + quota is in place, but the limits have not been + reached, the free space will be reported according to + the space left in the quota. If more than one quota + applies the free space will be reported as the smallest + space left in those quotas. The size of the share + will be reported according to the quota usage. If more + than one quota applies, the smallest size will be + reported for the share size according to these quotas. + </para> + + <itemizedlist> + <listitem><para> + <command>yes</command> - include the quotas + when reporting the share size and free space + </para></listitem> + <listitem><para> + <command>no(default)</command> - do not include quotas, + simply report the size and free space of the file system + </para></listitem> + </itemizedlist> + </listitem> + + </varlistentry> + <varlistentry> + + <term>gpfs:prealloc = [ yes | no ]</term> + <listitem> + <para> + If set to yes the gpfs_prealloc function will be used in the + fallocate callback when appropriate. If set to no gpfs_prealloc + will not be used. In both cases the system and libc calls are + avoided. + </para> + + <itemizedlist> + <listitem><para> + <command>yes (default)</command> - Use gpfs_prealloc for the + fallocate callback. + </para></listitem> + <listitem><para> + <command>no</command> - Do not use gpfs_prealloc for the + fallocate callback. + </para></listitem> + </itemizedlist> + </listitem> + + </varlistentry> + + <varlistentry> + <term>nfs4:mode = [ simple | special ]</term> <listitem> <para> @@ -287,9 +374,9 @@ values: </para> <itemizedlist> - <listitem><para><command>yes</command>Open files with O_SYNC + <listitem><para><command>yes</command> - Open files with O_SYNC </para></listitem> - <listitem><para><command>no (default)</command>Open files as + <listitem><para><command>no (default)</command> - Open files as normal Samba would do </para></listitem> </itemizedlist> diff --git a/docs-xml/manpages/vfs_media_harmony.8.xml b/docs-xml/manpages/vfs_media_harmony.8.xml new file mode 100644 index 0000000000..c771fbae72 --- /dev/null +++ b/docs-xml/manpages/vfs_media_harmony.8.xml @@ -0,0 +1,142 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_media_harmony.8"> + +<refmeta> + <refentrytitle>vfs_media_harmony</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_media_harmony</refname> + <refpurpose>Allow multiple Avid clients to share a network drive.</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = media_harmony</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>vfs_media_harmony</command> VFS module allows + Avid editorial workstations to share a network drive. It does + this by:</para> + <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> + <listitem><para>Giving each client their own copy of the Avid + msmMMOB.mdb and msmFMID.pmr files and Creating directories.</para></listitem> + <listitem><para>Allowing each client to explicitly control the + write time the Avid application sees on Avid media directories.</para></listitem> + </orderedlist> + + <para>This module is stackable.</para> + +</refsect1> + +<refsect1> + <title>CONFIGURATION</title> + + <para><command>vfs_media_harmony</command> automatically redirects + requests from clients for Avid database files or an Avid Creating + directory to a client-specific version of the file. No + configuration beyond enabling the module is needed to get this + portion of its functionality working.</para> + + <para>If Mac and Windows Avid clients will be accessing the same + folder, they should be given separate share definitions, with + hidden Mac files vetoed on the Windows share. See EXAMPLES.</para> + + <para>To allow each client to control when the Avid application + refreshes their Avid databases, create files for each client + and each Avid media directory with the name + [avid_dir_name]_[client_ip_address]_[client_username]. + To trigger Avid database refreshes, update the write time on + those files. See EXAMPLES.</para> + + <para>It is also necessary for the <command>cache locked write times = no</command> + option to be set for clients to be able to control their Avid + media folder write times.</para> + +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>Enable media_harmony for Mac and Windows clients:</para> +<programlisting> + <smbconfsection name="[avid_mac]"/> + <smbconfoption name="path">/avid</smbconfoption> + <smbconfoption name="vfs objects">media_harmony</smbconfoption> + <smbconfoption name="cache locked write times">no</smbconfoption> + <smbconfsection name="[avid_win]"/> + <smbconfoption name="path">/avid</smbconfoption> + <smbconfoption name="vfs objects">media_harmony</smbconfoption> + <smbconfoption name="cache locked write times">no</smbconfoption> + <smbconfoption name="veto files">/.DS_Store/._@/.Trash@/.Spotlight@/.hidden/.hotfiles@/.vol/</smbconfoption> + <smbconfoption name="delete veto files">yes</smbconfoption> +</programlisting> + + <para>Create the files that will allow users david and susan + to control their own Avid database refreshes:</para> +<programlisting> + touch '/avid/OMFI MediaFiles_192.168.1.10_david' \ + '/avid/OMFI MediaFiles_192.168.1.11_susan' \ + '/avid/Avid MediaFiles/MXF/1_192.168.1.10_david' \ + '/avid/Avid MediaFiles/MXF/1_192.168.1.11_susan' +</programlisting> + <para>Trigger an Avid database refresh for user david:</para> +<programlisting> + touch '/avid/OMFI MediaFiles_192.168.1.10_david' \ + '/avid/Avid MediaFiles/MXF/1_192.168.1.10_david' +</programlisting> + + <para>If you have a large number of Avid media folders to manage, + you can give each editor a suitably modified version of + examples/scripts/vfs/media_harmony/trigger_avid_update.py to + create and update these files.</para> + +</refsect1> + +<refsect1> + <title>CAVEATS</title> + + <para><command>vfs_media_harmony</command> is designed to work with + Avid editing applications that look in the Avid MediaFiles or + OMFI MediaFiles directories for media. It is not designed to work + as expected in all circumstances for general use. For example: It + is possible to open a client-specific file such as + msmMMOB.mdb_192.168.1.10_userx even though it doesn't show up + in a directory listing.</para> + +</refsect1> + + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.2.7 of the Samba suite. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_netatalk.8.xml b/docs-xml/manpages/vfs_netatalk.8.xml index c543edadba..c6650dc8cd 100644 --- a/docs-xml/manpages-3/vfs_netatalk.8.xml +++ b/docs-xml/manpages/vfs_netatalk.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_notify_fam.8.xml b/docs-xml/manpages/vfs_notify_fam.8.xml index 76e7654ee6..1fbbb9a5b8 100644 --- a/docs-xml/manpages-3/vfs_notify_fam.8.xml +++ b/docs-xml/manpages/vfs_notify_fam.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_prealloc.8.xml b/docs-xml/manpages/vfs_prealloc.8.xml index 5aa25b688d..5a792d6f09 100644 --- a/docs-xml/manpages-3/vfs_prealloc.8.xml +++ b/docs-xml/manpages/vfs_prealloc.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_preopen.8.xml b/docs-xml/manpages/vfs_preopen.8.xml index 27b9567d61..2802e18c4b 100644 --- a/docs-xml/manpages-3/vfs_preopen.8.xml +++ b/docs-xml/manpages/vfs_preopen.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> <refnamediv> diff --git a/docs-xml/manpages-3/vfs_readahead.8.xml b/docs-xml/manpages/vfs_readahead.8.xml index 8857cf8557..ec92bb1c7a 100644 --- a/docs-xml/manpages-3/vfs_readahead.8.xml +++ b/docs-xml/manpages/vfs_readahead.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_readonly.8.xml b/docs-xml/manpages/vfs_readonly.8.xml index fee947b53e..88a62ae67e 100644 --- a/docs-xml/manpages-3/vfs_readonly.8.xml +++ b/docs-xml/manpages/vfs_readonly.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_recycle.8.xml b/docs-xml/manpages/vfs_recycle.8.xml index f0fb80042b..8523b29791 100644 --- a/docs-xml/manpages-3/vfs_recycle.8.xml +++ b/docs-xml/manpages/vfs_recycle.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_scannedonly.8.xml b/docs-xml/manpages/vfs_scannedonly.8.xml index 1f72e93ba4..5766e32b6f 100644 --- a/docs-xml/manpages-3/vfs_scannedonly.8.xml +++ b/docs-xml/manpages/vfs_scannedonly.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -225,7 +225,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.6.0 of the Samba suite. + <para>This man page is correct for version 4.0.0 of the Samba suite. </para> </refsect1> diff --git a/docs-xml/manpages-3/vfs_shadow_copy.8.xml b/docs-xml/manpages/vfs_shadow_copy.8.xml index 4152b6199e..b08ef2e41d 100644 --- a/docs-xml/manpages-3/vfs_shadow_copy.8.xml +++ b/docs-xml/manpages/vfs_shadow_copy.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_shadow_copy2.8.xml b/docs-xml/manpages/vfs_shadow_copy2.8.xml index e5171bbaa4..b313416c6b 100644 --- a/docs-xml/manpages-3/vfs_shadow_copy2.8.xml +++ b/docs-xml/manpages/vfs_shadow_copy2.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -157,6 +157,21 @@ </para> </listitem> </varlistentry> + <varlistentry> + <term>shadow:snapdirseverywhere = yes/no + </term> + <listitem> + <para>If you enable <command moreinfo="none"> + shadow:snapdirseverywhere </command> then this module will look + out for snapshot directories in the current and all parent + directories of the current working directory. + An example where this is needed are independent filesets in + IBM's GPFS, but other filesystems might support snapshotting + only particular subtrees of the filesystem as well. + </para> + </listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml index 861f7a8d48..0d682c2b5b 100644 --- a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml +++ b/docs-xml/manpages/vfs_smb_traffic_analyzer.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -45,7 +45,7 @@ protocol, supporting only a small list of VFS operations, and had several drawbacks. The protocol version 2 is a try to solve the problems version 1 had while at the same time adding new features. - With the release of Samba 3.6.0, the module will run protocol version 2 + With the release of Samba 4.0.0, the module will run protocol version 2 by default. </para> </refsect1> @@ -139,7 +139,7 @@ The module now can identify itself against the receiver with a sub-release number, where the receiver may run with a different sub-release number than the module. However, as long as both run on the V2.x protocol, the receiver will not crash, even if the module - uses features only implemented in the newer subrelease. If the module uses + uses features only implemented in the newer subrelease. Ultimatively, if the module uses a new feature from a newer subrelease, and the receiver runs an older protocol, it is just ignoring the functionality. Of course it is best to have both the receiver and the module running the same subrelease of the protocol. @@ -153,7 +153,7 @@ </listitem> <listitem> <para> - The module now potientially has the ability to create data on every VFS function. As of + The module now potentially has the ability to create data on every VFS function. As of protocol V2.0, there is support for 8 VFS functions, namely write,read,pread,pwrite, rename,chdir,mkdir and rmdir. Supporting more VFS functions is one of the targets for the upcoming sub-releases. diff --git a/docs-xml/manpages-3/vfs_streams_depot.8.xml b/docs-xml/manpages/vfs_streams_depot.8.xml index 3a6f99490f..639428bb96 100644 --- a/docs-xml/manpages-3/vfs_streams_depot.8.xml +++ b/docs-xml/manpages/vfs_streams_depot.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -52,6 +52,25 @@ </listitem> </varlistentry> + <varlistentry> + <term>streams_depot:delete_lost = [ yes | no ]</term> + <listitem> + <para>In the case of an already existing data streams directory + for a newly created file the streams directory will be renamed + to "lost-%lu", random(). With this option lost stream directories + will be removed instead of renamed.</para> + <itemizedlist> + <listitem><para> + <command>no(default)</command> - rename lost streams to + "lost-%lu", random(). + </para></listitem> + <listitem><para> + <command>yes</command> - remove lost streams. + </para></listitem> + </itemizedlist> + </listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/docs-xml/manpages-3/vfs_streams_xattr.8.xml b/docs-xml/manpages/vfs_streams_xattr.8.xml index 0d67273c3c..215fead5fc 100644 --- a/docs-xml/manpages-3/vfs_streams_xattr.8.xml +++ b/docs-xml/manpages/vfs_streams_xattr.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfs_time_audit.8.xml b/docs-xml/manpages/vfs_time_audit.8.xml index fc71e283ad..5403822046 100644 --- a/docs-xml/manpages-3/vfs_time_audit.8.xml +++ b/docs-xml/manpages/vfs_time_audit.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -31,7 +31,7 @@ <para>The <command>time_audit</command> VFS module logs system calls that take longer than the number of milliseconds defined by the variable - <command>time_audit:audit_timeout</command>. It will log the calls and + <command>time_audit:timeout</command>. It will log the calls and the time spent in it. </para> @@ -51,7 +51,7 @@ <varlistentry> - <term>time_audit:audit_timeout = number of milliseconds</term> + <term>time_audit:timeout = number of milliseconds</term> <listitem> <para>VFS calls that take longer than the defined number of milliseconds that should be logged. The default is 10000 (10s). @@ -74,14 +74,14 @@ <smbconfsection name="[sample_share]"/> <smbconfoption name="path">/test/sample_share</smbconfoption> <smbconfoption name="vfs objects">time_audit</smbconfoption> - <smbconfoption name="time_audit: audit_timeout">3000</smbconfoption> + <smbconfoption name="time_audit:timeout">3000</smbconfoption> </programlisting> </refsect1> <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.6.0 of the Samba suite. + <para>This man page is correct for version 4.0.0 of the Samba suite. </para> </refsect1> diff --git a/docs-xml/manpages/vfs_tsmsm.8.xml b/docs-xml/manpages/vfs_tsmsm.8.xml new file mode 100644 index 0000000000..63a5f601e3 --- /dev/null +++ b/docs-xml/manpages/vfs_tsmsm.8.xml @@ -0,0 +1,135 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_tsmsm.8"> + +<refmeta> + <refentrytitle>vfs_tsmsm</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_tsmsm</refname> + <refpurpose>VFS module for handling offline files with Tivoli Storage Manager Space Management</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = tsmsm</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>tsmsm</command> VFS module is an + extension for handling offline files with Tivoli + Storage Manager Space Management. + </para> + + <para> + It tries to avoid calling expensive DMAPI calls with some + heuristics based on the fact that number of blocks reported of a + file multiplied by 512 will be bigger than 'online ratio' of + actual size for online (non-migrated) files. + If heuristic check fails, the module calls DMAPI and asks for + a specific attribute which is present for offline (migrated) files. + If this attribute presents, the file is considered offline. + </para> + + <para>This module is not stackable.</para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + + <varlistentry> + + <term>tsmsm:hsm script = [ path to hsm script ]</term> + <listitem> + <para> + hsm script should point to a shell script which + accepts two arguments: operation and filepath. + the tsmsm module only uses "offline" for operation + to set set the file under filepath offline. + </para> + </listitem> + + </varlistentry> + <varlistentry> + + <term>tsmsm:online ratio = [ number ]</term> + <listitem> + <para> + Ratio to check reported size against actual file size. + The default value is 0.5. + </para> + </listitem> + + </varlistentry> + + <varlistentry> + + <term>tsmsm:dmapi attribute = [ attribute-name ]</term> + <listitem> + <para> + Name of a DMAPI attribute that is present when a file is offline. + The default is "IBMobj" (which is what GPFS uses). + </para> + </listitem> + + </varlistentry> + <varlistentry> + + <term>tsmsm:dmapi value = [ value for the DMAPI attribute ]</term> + <listitem> + <para> + Value that the DMAPI attribute should have for the file to + be considered offline. The default is empty (no value required). + </para> + </listitem> + + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>A GPFS mount with TSM support can be exported via Samba as follows:</para> + +<programlisting> + <smbconfsection name="[gpfs_tsm_share]"/> + <smbconfoption name="vfs objects">tsmsm gpfs</smbconfoption> + <smbconfoption name="path">/test/gpfs_mount</smbconfoption> +</programlisting> +</refsect1> + +<refsect1> + <title>VERSION</title> + <para>This man page is correct for version 4.0 of the Samba suite. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_xattr_tdb.8.xml b/docs-xml/manpages/vfs_xattr_tdb.8.xml index 47c75038a8..cfd688a6ff 100644 --- a/docs-xml/manpages-3/vfs_xattr_tdb.8.xml +++ b/docs-xml/manpages/vfs_xattr_tdb.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/vfstest.1.xml b/docs-xml/manpages/vfstest.1.xml index 675d766550..0245b9c333 100644 --- a/docs-xml/manpages-3/vfstest.1.xml +++ b/docs-xml/manpages/vfstest.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages/wbinfo.1.xml index 0701d08a56..d8860826ee 100644 --- a/docs-xml/manpages-3/wbinfo.1.xml +++ b/docs-xml/manpages/wbinfo.1.xml @@ -7,7 +7,7 @@ <manvolnum>1</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">User Commands</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -24,43 +24,44 @@ <arg choice="opt">--allocate-gid</arg> <arg choice="opt">--allocate-uid</arg> <arg choice="opt">-c</arg> - <arg choide="opt">--ccache-save</arg> - <arg choide="opt">--change-user-password</arg> + <arg choice="opt">--ccache-save</arg> + <arg choice="opt">--change-user-password</arg> <arg choice="opt">-D domain</arg> <arg choice="opt">--domain domain</arg> - <arg choide="opt">--dsgetdcname domain</arg> + <arg choice="opt">--dsgetdcname domain</arg> <arg choice="opt">-g</arg> <arg choice="opt">--getdcname domain</arg> <arg choice="opt">--get-auth-user</arg> <arg choice="opt">-G gid</arg> - <arg choide="opt">--gid-info</arg> - <arg choide="opt">--group-info</arg> + <arg choice="opt">--gid-info gid</arg> + <arg choice="opt">--group-info group</arg> <arg choice="opt">--help|-?</arg> <arg choice="opt">-i user</arg> <arg choice="opt">-I ip</arg> <arg choice="opt">-K user%password</arg> - <arg choide="opt">--lanman</arg> + <arg choice="opt">--lanman</arg> <arg choice="opt">-m</arg> <arg choice="opt">-n name</arg> <arg choice="opt">-N netbios-name</arg> - <arg choide="opt">--ntlmv2</arg> - <arg choide="opt">--online-status</arg> + <arg choice="opt">--ntlmv2</arg> + <arg choice="opt">--online-status</arg> <arg choice="opt">--own-domain</arg> <arg choice="opt">-p</arg> <arg choice="opt">-P|--ping-dc</arg> <arg choice="opt">-r user</arg> - <arg choide="opt">-R|--lookup-rids</arg> + <arg choice="opt">-R|--lookup-rids</arg> <arg choice="opt">-s sid</arg> <arg choice="opt">--separator</arg> <arg choice="opt">--set-auth-user user%password</arg> <arg choice="opt">-S sid</arg> - <arg choide="opt">--sid-aliases</arg> - <arg choide="opt">--sid-to-fullname</arg> + <arg choice="opt">--sid-aliases sid</arg> + <arg choice="opt">--sid-to-fullname sid</arg> <arg choice="opt">-t</arg> <arg choice="opt">-u</arg> <arg choice="opt">--uid-info uid</arg> - <arg choide="opt">--usage</arg> + <arg choice="opt">--usage</arg> <arg choice="opt">--user-domgroups sid</arg> + <arg choice="opt">--user-sidinfo sid</arg> <arg choice="opt">--user-sids sid</arg> <arg choice="opt">-U uid</arg> <arg choice="opt">-V</arg> @@ -170,8 +171,8 @@ </varlistentry> <varlistentry> - <term>--group-info <replaceable>user</replaceable></term> - <listitem><para>Get group info for user. + <term>--group-info <replaceable>group</replaceable></term> + <listitem><para>Get group info from group name. </para></listitem> </varlistentry> @@ -414,6 +415,13 @@ </varlistentry> <varlistentry> + <term>--user-sidinfo <replaceable>sid</replaceable></term> + <listitem><para>Get user info by sid. + </para></listitem> + </varlistentry> + + + <varlistentry> <term>--user-sids <replaceable>sid</replaceable></term> <listitem><para>Get user group SIDs for user. </para></listitem> diff --git a/docs-xml/manpages-3/winbind_krb5_locator.7.xml b/docs-xml/manpages/winbind_krb5_locator.7.xml index 4f63e15aa4..350fc19b47 100644 --- a/docs-xml/manpages-3/winbind_krb5_locator.7.xml +++ b/docs-xml/manpages/winbind_krb5_locator.7.xml @@ -7,7 +7,7 @@ <manvolnum>7</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">7</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages/winbindd.8.xml index 71829fb124..e224620473 100644 --- a/docs-xml/manpages-3/winbindd.8.xml +++ b/docs-xml/manpages/winbindd.8.xml @@ -7,7 +7,7 @@ <manvolnum>8</manvolnum> <refmiscinfo class="source">Samba</refmiscinfo> <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> + <refmiscinfo class="version">4.0</refmiscinfo> </refmeta> @@ -183,12 +183,14 @@ hosts: files wins <varlistentry> <term>-n</term> - <listitem><para>Disable caching. This means winbindd will - always have to wait for a response from the domain controller + <listitem><para>Disable some caching. This means winbindd will + often have to wait for a response from the domain controller before it can respond to a client and this thus makes things slower. The results will however be more accurate, since results from the cache might not be up-to-date. This might also temporarily hang winbindd if the DC doesn't respond. + This does not disable the samlogon cache, which is required for + group membership tracking in trusted environments. </para></listitem> </varlistentry> diff --git a/docs-xml/scripts/find_missing_doc.pl b/docs-xml/scripts/find_missing_doc.pl deleted file mode 100755 index 3d0c345a5d..0000000000 --- a/docs-xml/scripts/find_missing_doc.pl +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/bin/perl - -my %doc; - -$topdir = (shift @ARGV) or $topdir = "."; - -################################################## -# Reading links from manpage - -$curdir = $ENV{PWD}; - -chdir("smbdotconf"); - -open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|"); - -while(<IN>) { - if( /<samba:parameter .*?name="([^"]*?)"/g ){ - my $name = $1; - $name =~ s/ //g; - $doc{$name} = "NOTFOUND"; - } -} - -close(IN); - -chdir($curdir); - -################################################# -# Reading entries from source code - - -open(SOURCE,"$topdir/param/loadparm.c") or die("Can't open $topdir/param/loadparm.c: $!"); - -while ($ln = <SOURCE>) { - last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/; -} #burn through the preceding lines - -while ($ln = <SOURCE>) { - last if $ln =~ m/^\s*\}\;\s*$/; - #pull in the param names only - next if $ln =~ m/.*P_SEPARATOR.*/; - next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/; - - my $name = $1; - $name =~ s/ //g; - - if($doc{lc($name)}) { - $doc{lc($name)} = "FOUND"; - } else { - print "'$name' is not documented\n"; - } -} -close SOURCE; - -################################################## -# Trying to find missing references - -foreach (keys %doc) { - if($doc{$_} cmp "FOUND") { - print "'$_' is documented but is not a configuration option\n"; - } -} diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages new file mode 100755 index 0000000000..baa580990f --- /dev/null +++ b/docs-xml/scripts/find_missing_manpages @@ -0,0 +1,71 @@ +#!/usr/bin/python +# Copyright (C) 2007,2012 Jelmer Vernooij <jelmer@samba.org> + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +# + +import optparse +import os +import re + +parser = optparse.OptionParser("source_dir") + +(opts, args) = parser.parse_args() + +invar = False + +if len(args) == 1: + topdir = args[0] +else: + topdir = "." + +progs = [] + +f = open(os.path.join(topdir, "Makefile.in"), "r") +try: + for l in f.readlines(): + l = l.strip() + if invar: + invar = (l[-1] == "\\") + progs.extend(l.rstrip("\\").split(" ")) + else: + m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l) + if m: + progs.extend(m.group(3).split(" ")) + invar = (m.group(4) == "\\") + else: + invar = False +finally: + f.close() + +#$progs =~ s/@([^@]+)@//g; +#$progs =~ s/\$\(.*?\)//g; + +for prog in progs: + prog = prog.strip() + if prog == "": + continue + if prog[0] in ("@", "$"): + continue + prog = prog[len("bin/"):] + + found = False + + for i in range(9): + p = "manpages/%s.%d.xml" % (prog, i) + if os.path.exists(p): + found = True + + if not found: + print "'%s' does not have a manpage" % prog diff --git a/docs-xml/scripts/find_missing_manpages.pl b/docs-xml/scripts/find_missing_manpages.pl deleted file mode 100755 index 612930e42d..0000000000 --- a/docs-xml/scripts/find_missing_manpages.pl +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/perl - -my %doc; - -$invar = 0; - -$topdir = (shift @ARGV) or $topdir = "."; - -$progs = ""; - -open(IN, "$topdir/Makefile.in"); -while(<IN>) { - if($invar && /^([ \t]*)(.*?)([\\])$/) { - $progs.=" " . $2; - if($4) { $invar = 1; } else { $invar = 0; } - } elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) { - $progs.=" " . $3; - if($4) { $invar = 1; } - } else { $invar = 0; } -} - -$progs =~ s/@([^@]+)@//g; - -foreach(split(/bin\//, $progs)) { - next if($_ eq " "); - s/\@EXEEXT\@//g; - s/ //g; - - $f = $_; - - $found = 0; - - for($i = 0; $i < 9; $i++) { - if(-e "manpages-3/$f.$i.xml") { $found = 1; } - } - - if(!$found) { - print "'$f' does not have a manpage\n"; - } -} diff --git a/docs-xml/scripts/neatquotes.pl b/docs-xml/scripts/neatquotes.pl deleted file mode 100755 index 9d5aa6e9e3..0000000000 --- a/docs-xml/scripts/neatquotes.pl +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/perl - -my $inprog = 0; - -while(<STDIN>) { - if(/<(programlisting|screen)>/) { $inprog = 1; } - if(/<\/(programlisting|screen)>/) { $inprog = 0; } - if(not /="(.*)"/ and not $inprog) { - s/"(.*?)"/<quote>\1<\/quote>/g; - } - print $_; -} diff --git a/docs-xml/smbdotconf/base/displaycharset.xml b/docs-xml/smbdotconf/base/displaycharset.xml deleted file mode 100644 index 5bace5b6b0..0000000000 --- a/docs-xml/smbdotconf/base/displaycharset.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter name="display charset" - type="string" - context="G" - advanced="1" developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para> - Specifies the charset that samba will use to print messages to stdout and stderr. - The default value is "LOCALE", which means automatically set, depending on the - current locale. The value should generally be the same as the value of the parameter - <smbconfoption name="unix charset"/>. - </para> -</description> - -<value type="default">"LOCALE" or "ASCII" (depending on the system)</value> -<value type="example">UTF8</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/base/serverservices.xml b/docs-xml/smbdotconf/base/serverservices.xml new file mode 100644 index 0000000000..503938af6f --- /dev/null +++ b/docs-xml/smbdotconf/base/serverservices.xml @@ -0,0 +1,18 @@ +<samba:parameter name="server services" + context="G" + type="list" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option contains the services that the Samba daemon will + run.</para> + + <para>An entry in the <filename>smb.conf</filename> file can either + override the previous value completely or entries can be removed from + or added to it by prefixing them with <constant>+</constant> or + <constant>-</constant>. </para> +</description> + +<value type="default">s3fs rpc nbt wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns</value> +<value type="example">-s3fs +smb</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/base/sharebackend.xml b/docs-xml/smbdotconf/base/sharebackend.xml new file mode 100644 index 0000000000..10958fa244 --- /dev/null +++ b/docs-xml/smbdotconf/base/sharebackend.xml @@ -0,0 +1,18 @@ +<samba:parameter name="share backend" + context="G" + type="choice" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This option specifies the backend that will be used to access the configuration of + file shares. + </para> + + <para>Traditionally, Samba file shares have been configured in the + <option>smb.conf</option> file and this is still the default. + </para> + + <para>At the moment there are no other supported backends.</para> +</description> +<value type="default">classic</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/allowdnsupdates.xml b/docs-xml/smbdotconf/domain/allowdnsupdates.xml new file mode 100644 index 0000000000..fc7d3e898c --- /dev/null +++ b/docs-xml/smbdotconf/domain/allowdnsupdates.xml @@ -0,0 +1,18 @@ +<samba:parameter name="allow dns updates" + context="G" + type="enum" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option determines what kind of updates to the DNS are allowed. + </para> + + <para>DNS updates can either be disallowed completely by setting it to + <constant>disabled</constant>, enabled over secure connections only by + setting it to <constant>secure</constant> or allowed in all cases + by setting it to <constant>enabled</constant> or <constant>nonsecure</constant>. + </para> +</description> + +<value type="default">secure only</value> +<value type="example">disabled</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnsforwarder.xml b/docs-xml/smbdotconf/domain/dnsforwarder.xml new file mode 100644 index 0000000000..23a38862cb --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnsforwarder.xml @@ -0,0 +1,17 @@ +<samba:parameter name="dns forwarder" + context="G" + type="string" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option specifies the DNS server that DNS requests will be + forwarded to if they can not be handled by Samba itself. + </para> + + <para>The DNS forwarder is only used if the internal DNS server + in Samba is used. + </para> +</description> + +<value type="default"></value> +<value type="example">192.168.0.1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/dnsupdatecommand.xml b/docs-xml/smbdotconf/domain/dnsupdatecommand.xml new file mode 100644 index 0000000000..08ff90acdf --- /dev/null +++ b/docs-xml/smbdotconf/domain/dnsupdatecommand.xml @@ -0,0 +1,15 @@ +<samba:parameter name="dns update command" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the command that is called when there are + DNS updates. It should update the local machines DNS names using + TSIG-GSS. + </para> +</description> + +<value type="default">$prefix/sbin/samba_dnsupdate</value> +<value type="example">/usr/local/sbin/dnsupdate</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/nsupdatecommand.xml b/docs-xml/smbdotconf/domain/nsupdatecommand.xml new file mode 100644 index 0000000000..3cf02f1235 --- /dev/null +++ b/docs-xml/smbdotconf/domain/nsupdatecommand.xml @@ -0,0 +1,13 @@ +<samba:parameter name="nsupdate command" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the path to the <filename>nsupdate</filename> + command which is used for GSS-TSIG dynamic DNS updates. + </para> +</description> + +<value type="default">$prefix/sbin/nsupdate -g</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/rndccommand.xml b/docs-xml/smbdotconf/domain/rndccommand.xml new file mode 100644 index 0000000000..b407ff29cb --- /dev/null +++ b/docs-xml/smbdotconf/domain/rndccommand.xml @@ -0,0 +1,17 @@ +<samba:parameter name="rndc command" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option specifies the path to the name server control utility. + </para> + + <para>The <filename>rndc</filename> utility should be a part of the + bind installation. + </para> +</description> + +<value type="default">/usr/sbin/rndc</value> +<value type="example">/usr/local/bind9/sbin/rndc</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/domain/spnupdatecommand.xml b/docs-xml/smbdotconf/domain/spnupdatecommand.xml new file mode 100644 index 0000000000..f63be84b9e --- /dev/null +++ b/docs-xml/smbdotconf/domain/spnupdatecommand.xml @@ -0,0 +1,14 @@ +<samba:parameter name="spn update command" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option sets the command that for updating + servicePrincipalName names from <filename>spn_update_list</filename>. + </para> +</description> + +<value type="default">$prefix/sbin/samba_spnupdate</value> +<value type="example">/usr/local/sbin/spnupdate</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/ldap/ldappasswdsync.xml b/docs-xml/smbdotconf/ldap/ldappasswdsync.xml index 864bfc45a0..8c7dea666c 100644 --- a/docs-xml/smbdotconf/ldap/ldappasswdsync.xml +++ b/docs-xml/smbdotconf/ldap/ldappasswdsync.xml @@ -5,6 +5,7 @@ type="enum" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>ldap password sync</synonym> <description> <para> This option is used to define whether or not Samba should sync the LDAP password with the NT diff --git a/docs-xml/smbdotconf/ldap/ldapsameditposix.xml b/docs-xml/smbdotconf/ldap/ldapsameditposix.xml index c04ecc9cdd..bf6111945b 100644 --- a/docs-xml/smbdotconf/ldap/ldapsameditposix.xml +++ b/docs-xml/smbdotconf/ldap/ldapsameditposix.xml @@ -17,7 +17,7 @@ To use this option, a basic ldap tree must be provided and the ldap suffix parameters must be properly configured. On virgin servers the default users and groups (Administrator, Guest, Domain Users, Domain Admins, Domain Guests) can be precreated with the command <command moreinfo="none">net sam - provision</command>. To run this command the ldap server must be running, Winindd must be running and + provision</command>. To run this command the ldap server must be running, Winbindd must be running and the smb.conf ldap options must be properly configured. The typical ldap setup used with the <smbconfoption name="ldapsam:trusted">yes</smbconfoption> option diff --git a/docs-xml/smbdotconf/locking/kerneloplocks.xml b/docs-xml/smbdotconf/locking/kerneloplocks.xml index c4f12b9bd4..8e3bba5122 100644 --- a/docs-xml/smbdotconf/locking/kerneloplocks.xml +++ b/docs-xml/smbdotconf/locking/kerneloplocks.xml @@ -1,11 +1,13 @@ <samba:parameter name="kernel oplocks" type="boolean" - context="G" + context="S" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>For UNIXes that support kernel based <smbconfoption name="oplocks"/> (currently only IRIX and the Linux 2.4 kernel), this parameter - allows the use of them to be turned on or off.</para> + allows the use of them to be turned on or off. However, this disables + Level II oplocks for clients as the Linux and IRIX kernels do not + support them properly.</para> <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks </parameter> to be broken whenever a local UNIX process or NFS operation @@ -13,13 +15,15 @@ <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete data consistency between SMB/CIFS, NFS and local file access (and is a <emphasis>very</emphasis> cool feature :-).</para> + <para>If you do not need this interaction, you should disable the + parameter on Linux and IRIX to get Level II oplocks and the associated + performance benefit.</para> - <para>This parameter defaults to <constant>on</constant>, but is translated - to a no-op on systems that no not have the necessary kernel support. - You should never need to touch this parameter.</para> + <para>This parameter defaults to <constant>no</constant> and is translated + to a no-op on systems that do not have the necessary kernel support.</para> </description> <related>oplocks</related> <related>level2 oplocks</related> -<value type="default">yes</value> +<value type="default">no</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/locking/kernelsharemodes.xml b/docs-xml/smbdotconf/locking/kernelsharemodes.xml new file mode 100644 index 0000000000..5b64b775b1 --- /dev/null +++ b/docs-xml/smbdotconf/locking/kernelsharemodes.xml @@ -0,0 +1,31 @@ +<samba:parameter name="kernel share modes" + type="boolean" + context="S" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter controls whether SMB share modes are + translated into UNIX flocks. + </para> + + <para> + Kernel share modes provide a minimal level of interoperability + with local UNIX processes and NFS operations by preventing + access with flocks corresponding to the SMB share modes. + Generally, it is very desirable to leave this enabled. + </para> + + <para> + Note that in order to use SMB2 durable file handles on a share, + you have to turn kernel share modes off. + </para> + + <para> + This parameter defaults to <constant>yes</constant> and + is translated to a no-op on systems that do not have the + necessary kernel flock support. + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/locking/lockspincount.xml b/docs-xml/smbdotconf/locking/lockspincount.xml deleted file mode 100644 index 9d74bd7530..0000000000 --- a/docs-xml/smbdotconf/locking/lockspincount.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter name="lock spin count" - context="G" - type="integer" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This parameter has been made inoperative in Samba 3.0.24. - The functionality it contolled is now controlled by the parameter - <smbconfoption name="lock spin time"/>. - </para> -</description> -<value type="default">0</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/locking/sharemodes.xml b/docs-xml/smbdotconf/locking/sharemodes.xml deleted file mode 100644 index c529886d33..0000000000 --- a/docs-xml/smbdotconf/locking/sharemodes.xml +++ /dev/null @@ -1,29 +0,0 @@ -<samba:parameter name="share modes" - type="boolean" - context="S" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This enables or disables the honoring of - the <parameter moreinfo="none">share modes</parameter> during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.</para> - - <para>This is a deprecated option from old versions of - Samba, and will be removed in the next major release. - </para> - - <para>These open modes are not directly supported by UNIX, so - they are simulated using shared memory.</para> - - <para>The share modes that are enabled by this option are - the standard Windows share modes. - </para> - - <para>This option gives full share compatibility and is enabled - by default.</para> - - <para>You should <emphasis>NEVER</emphasis> turn this parameter - off as many Windows applications will break if you do so.</para> -</description> -<value type="default">yes</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/logging/ldapdebuglevel.xml b/docs-xml/smbdotconf/logging/ldapdebuglevel.xml index fdb6d40f25..a8c47e4725 100644 --- a/docs-xml/smbdotconf/logging/ldapdebuglevel.xml +++ b/docs-xml/smbdotconf/logging/ldapdebuglevel.xml @@ -17,7 +17,7 @@ <emphasis>1</emphasis> for tracing function calls. </para> <para> - The debug ouput from the LDAP libraries appears with the + The debug output from the LDAP libraries appears with the prefix [LDAP] in Samba's logging output. The level at which LDAP logging is printed is controlled by the parameter <parameter>ldap debug threshold</parameter>. diff --git a/docs-xml/smbdotconf/logon/abortshutdownscript.xml b/docs-xml/smbdotconf/logon/abortshutdownscript.xml index a8228cb9a7..56bd35f291 100644 --- a/docs-xml/smbdotconf/logon/abortshutdownscript.xml +++ b/docs-xml/smbdotconf/logon/abortshutdownscript.xml @@ -8,7 +8,7 @@ <manvolnum>8</manvolnum></citerefentry> that should stop a shutdown procedure issued by the <smbconfoption name="shutdown script"/>.</para> - <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>, + <para>If the connected user possesses the <constant>SeRemoteShutdownPrivilege</constant>, right, this command will be run as root.</para> </description> <value type="default">""</value> diff --git a/docs-xml/smbdotconf/logon/adduserscript.xml b/docs-xml/smbdotconf/logon/adduserscript.xml index 7128cb73c7..d8abcdada5 100644 --- a/docs-xml/smbdotconf/logon/adduserscript.xml +++ b/docs-xml/smbdotconf/logon/adduserscript.xml @@ -19,14 +19,6 @@ </para> <para> - In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to - <smbconfoption name="security">share</smbconfoption> and <smbconfoption name="add user script"/> - must be set to a full pathname for a script that will create a UNIX user given one argument of - <parameter moreinfo="none">%u</parameter>, which expands into the UNIX user name to create. - </para> - - <para> When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> contacts the <smbconfoption name="password server"/> diff --git a/docs-xml/smbdotconf/logon/setprimarygroupscript.xml b/docs-xml/smbdotconf/logon/setprimarygroupscript.xml index b348501e8b..3108ac6622 100644 --- a/docs-xml/smbdotconf/logon/setprimarygroupscript.xml +++ b/docs-xml/smbdotconf/logon/setprimarygroupscript.xml @@ -7,7 +7,7 @@ <para>Thanks to the Posix subsystem in NT a Windows User has a primary group in addition to the auxiliary groups. This script - sets the primary group in the unix userdatase when an + sets the primary group in the unix user database when an administrator sets the primary group from the windows user manager or when fetching a SAM with <command>net rpc vampire</command>. <parameter>%u</parameter> will be replaced diff --git a/docs-xml/smbdotconf/logon/shutdownscript.xml b/docs-xml/smbdotconf/logon/shutdownscript.xml index 2936a14c56..e1cc72494e 100644 --- a/docs-xml/smbdotconf/logon/shutdownscript.xml +++ b/docs-xml/smbdotconf/logon/shutdownscript.xml @@ -9,7 +9,7 @@ <manvolnum>8</manvolnum></citerefentry> that should start a shutdown procedure.</para> - <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>, + <para>If the connected user possesses the <constant>SeRemoteShutdownPrivilege</constant>, right, this command will be run as root.</para> <para>The %z %t %r %f variables are expanded as follows:</para> diff --git a/docs-xml/smbdotconf/misc/afstokenlifetime.xml b/docs-xml/smbdotconf/misc/afstokenlifetime.xml new file mode 100644 index 0000000000..cbf9574223 --- /dev/null +++ b/docs-xml/smbdotconf/misc/afstokenlifetime.xml @@ -0,0 +1,15 @@ +<samba:parameter name="afs token lifetime" + context="G" + type="integer" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This parameter controls the lifetime of tokens that the AFS + fake-kaserver claims. In reality these never expire but this lifetime + controls when the afs client will forget the token. </para> + + <para>Set this parameter to 0 to get <constant>NEVERDATE</constant>.</para> +</description> + +<value type="default">604800</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/ctdbtimeout.xml b/docs-xml/smbdotconf/misc/ctdbtimeout.xml index 97d5039000..1cc6262b37 100644 --- a/docs-xml/smbdotconf/misc/ctdbtimeout.xml +++ b/docs-xml/smbdotconf/misc/ctdbtimeout.xml @@ -25,7 +25,7 @@ Be aware that if you set this parameter, this needs to be in the file smb.conf, it is not really helpful to put this into a registry configuration (typical on a cluster), because to - access the registry contact to ctdb is requred. + access the registry contact to ctdb is required. </para> <para>Setting <parameter>ctdb timeout</parameter> to n makes any process waiting longer than n seconds for a reply by the diff --git a/docs-xml/smbdotconf/misc/dfreecachetime.xml b/docs-xml/smbdotconf/misc/dfreecachetime.xml index 2a8805e948..62d35574cb 100644 --- a/docs-xml/smbdotconf/misc/dfreecachetime.xml +++ b/docs-xml/smbdotconf/misc/dfreecachetime.xml @@ -23,5 +23,5 @@ </para> </description> -<value type="example">dfree cache time = 60</value> +<value type="example">60</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/misc/nbtclientsocketaddress.xml b/docs-xml/smbdotconf/misc/nbtclientsocketaddress.xml new file mode 100644 index 0000000000..7ef05a2c99 --- /dev/null +++ b/docs-xml/smbdotconf/misc/nbtclientsocketaddress.xml @@ -0,0 +1,20 @@ +<samba:parameter name="nbt client socket address" + context="G" + type="string" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>socket address</synonym> +<description> + <para>This option allows you to control what address Samba + will send NBT client packets from, and process replies using, + including in nmbd. </para> + <para>Setting this option should never be necessary on usual Samba + servers running only one nmbd.</para> + + <para>By default Samba will send UDP packets from the OS default address for the destination, and accept replies on 0.0.0.0.</para> + <para>This parameter is deprecated. See <smbconfoption name="bind interfaces only">Yes</smbconfoption> and <smbconfoption name="interfaces"></smbconfoption> for the previous behaviour of controlling the normal listening sockets.</para> +</description> + +<value type="default">0.0.0.0</value> +<value type="example">192.168.2.20</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/ncalrpcdir.xml b/docs-xml/smbdotconf/misc/ncalrpcdir.xml index 6ef3957db1..01b5b5cc5c 100644 --- a/docs-xml/smbdotconf/misc/ncalrpcdir.xml +++ b/docs-xml/smbdotconf/misc/ncalrpcdir.xml @@ -1,11 +1,11 @@ <samba:parameter name="ncalrpc dir" - context="G" - advanced="1" developer="1" + context="G" + advanced="1" developer="1" type="string" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This directory will hold a series of named pipes to allow RPC over inter-process communication. </para>. - <para>This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP. Additionally a sub-directory 'np' has restricted permissions, and allows a trusted communication channel between Samba processes</para> + <para>This directory will hold a series of named pipes to allow RPC over inter-process communication.</para> + <para>This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP. Additionally a sub-directory 'np' has restricted permissions, and allows a trusted communication channel between Samba processes</para> </description> <value type="default">${prefix}/var/ncalrpc</value> diff --git a/docs-xml/smbdotconf/misc/nishomedir.xml b/docs-xml/smbdotconf/misc/nishomedir.xml index 45c451197e..c61756394c 100644 --- a/docs-xml/smbdotconf/misc/nishomedir.xml +++ b/docs-xml/smbdotconf/misc/nishomedir.xml @@ -1,4 +1,4 @@ -<samba:parameter name="nis homedir" +<samba:parameter name="NIS homedir" context="G" type="boolean" advanced="1" developer="1" diff --git a/docs-xml/smbdotconf/misc/piddirectory.xml b/docs-xml/smbdotconf/misc/piddirectory.xml index c9f05338ac..35e0223fa7 100644 --- a/docs-xml/smbdotconf/misc/piddirectory.xml +++ b/docs-xml/smbdotconf/misc/piddirectory.xml @@ -10,5 +10,5 @@ </description> <value type="default">${prefix}/var/locks</value> -<value type="example">pid directory = /var/run/</value> +<value type="example">/var/run/</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/misc/rpcdaemon.xml b/docs-xml/smbdotconf/misc/rpcdaemon.xml new file mode 100644 index 0000000000..8db9267e67 --- /dev/null +++ b/docs-xml/smbdotconf/misc/rpcdaemon.xml @@ -0,0 +1,69 @@ +<samba:parameter name="rpc_daemon:DAEMON" + context="G" + type="string" + advanced="1" print="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + Defines whether to use the embedded code or start a separate daemon + for the defined rpc services. + The rpc_daemon prefix must be followed by the server name, and a value. + </para> + + <para> + Two possible values are currently supported: + <command moreinfo="none">disabled</command> + <command moreinfo="none">fork</command> + </para> + + <para> + The classic method is to run rpc services as internal daemons + embedded in smbd, therefore the external daemons are + <emphasis>disabled</emphasis> by default. + </para> + + <para> + Choosing the <emphasis>fork</emphasis> option will cause samba to fork + a separate proces for each daemon configured this way. Each daemon may + in turn fork a number of children used to handle requests from multiple + smbds and direct tcp/ip connections (if the Endpoint Mapper is + enabled). Communication with smbd happens over named pipes and require + that said pipes are forward to the external daemon (see <smbconfoption + name="rpc_server"/>). + </para> + + <para> + Forked RPC Daemons support dynamically forking children to handle + connections. The heuristics about how many children to keep around and + how fast to allow them to fork and also how many clients each child is + allowed to handle concurrently is defined by parametrical options named + after the daemon. + Five options are currently supported: + <command moreinfo="none">prefork_min_children</command> + <command moreinfo="none">prefork_max_children</command> + <command moreinfo="none">prefork_spawn_rate</command> + <command moreinfo="none">prefork_max_allowed_clients</command> + <command moreinfo="none">prefork_child_min_life</command> + + To set one of these options use the follwing syntax: + <programlisting> + damonname:prefork_min_children = 5 + </programlisting> + </para> + + <para> + Samba includes separate daemons for spoolss and the lsarpc/lsass, + netlogon and samr pipes. Currently three daemons are available and they + are called: + <command moreinfo="none">epmd</command> + <command moreinfo="none">lsasd</command> + <command moreinfo="none">spoolssd</command> + Example: + <programlisting> + rpc_daemon:spoolssd = fork + </programlisting> + </para> +</description> + +<value type="default">disabled</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/rpcserver.xml b/docs-xml/smbdotconf/misc/rpcserver.xml index d92d203d07..4372eea653 100644 --- a/docs-xml/smbdotconf/misc/rpcserver.xml +++ b/docs-xml/smbdotconf/misc/rpcserver.xml @@ -1,46 +1,91 @@ -<samba:parameter name="rpc_server" +<samba:parameter name="rpc_server:SERVER" context="G" type="string" advanced="1" print="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - Defines what kind of rpc server to use for a named pipe. - The rpc_server prefix must be followed by the pipe name, and a value. + With this option you can define if a rpc service should be + running internal/embedded in smbd or should be redirected to an + external daemon like Samba4, the endpoint mapper daemon, the + spoolss daemon or the new LSA service daemon. The rpc_server + prefix must be followed by the pipe name, and a value. </para> <para> - Three possible values are currently supported: + This option can be set for each available rpc service in Samba. + The following list shows all available pipe names services you + can modify with this option. + </para> + + <itemizedlist> + <listitem><para>epmapper - Endpoint Mapper</para></listitem> + <listitem><para>winreg - Remote Registry Service</para></listitem> + <listitem><para>srvsvc - Remote Server Services</para></listitem> + <listitem><para>lsarpc - Local Security Authority</para></listitem> + <listitem><para>samr - Security Account Management</para></listitem> + <listitem><para>netlogon - Netlogon Remote Protocol</para></listitem> + <listitem><para>netdfs - Settings for Distributed File System</para></listitem> + <listitem><para>dssetup - Active Directory Setup</para></listitem> + <listitem><para>wkssvc - Workstation Services</para></listitem> + <listitem><para>spoolss - Network Printing Spooler</para></listitem> + <listitem><para>svcctl - Service Control</para></listitem> + <listitem><para>ntsvcs - Plug and Play Services</para></listitem> + <listitem><para>eventlog - Event Logger</para></listitem> + <listitem><para>initshutdown - Init Shutdown Service</para></listitem> + </itemizedlist> + + <para> + Three possible values currently supported are: <command moreinfo="none">embedded</command> - <command moreinfo="none">daemon</command> <command moreinfo="none">external</command> + <command moreinfo="none">disabled</command> + </para> + + <para> + The classic method is to run every pipe as an internal function + <emphasis>embedded</emphasis> in smbd. The defaults may vary + depending on the service. </para> <para> - The classic method is to run every pipe as an internal function - <emphasis>embedded</emphasis> in smbd. + Choosing the <emphasis>external</emphasis> option allows to run + a separate daemon or even a completely independent (3rd party) + server capable of interfacing with samba via the MS-RPC + interface over named pipes. </para> <para> - An alternative method is to fork a <emphasis>daemon</emphasis> - early on at smbd startup time. This is supported only for selected - pipes. + Currently in Samba3 we support three daemons, spoolssd, epmd and + lsasd. These daemons can be enabled using the + <emphasis>rpc_daemon</emphasis> option. For spoolssd you have + to to enable the daemon and proxy the named pipe with: </para> <para> - Choosing the <emphasis>external</emphasis> option allows to run a - completely independent (3rd party) server capable of interfacing - with samba via the MS-RPC interface over named pipes. + Examples: + <programlisting> + rpc_daemon:lsasd = fork + rpc_server:lsarpc = external + rpc_server:samr = external + rpc_server:netlogon = external + + rpc_server:spoolss = external + rpc_server:epmapper = disabled + </programlisting> </para> <para> - Currently only the spoolss pipe can be configured in - <emphasis>daemon</emphasis> mode like this: - <programlisting> - rpc_server:spoolss = daemon - </programlisting> + There is one special option which allows you to enable rpc + services to listen for ncacn_ip_tcp connections too. Currently + this is only used for testing and doesn't scale! + + <programlisting> + rpc_server:tcpip = yes + </programlisting> </para> + </description> -<value type="default">none</value> +<value type="default">embedded</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/misc/socketaddress.xml b/docs-xml/smbdotconf/misc/socketaddress.xml deleted file mode 100644 index 17018efd40..0000000000 --- a/docs-xml/smbdotconf/misc/socketaddress.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter name="socket address" - context="G" - type="string" - developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This option allows you to control what - address Samba will listen for connections on. This is used to - support multiple virtual interfaces on the one server, each - with a different configuration.</para> - <para>Setting this option should never be necessary on usual Samba - servers running only one nmbd.</para> - - <para>By default Samba will accept connections on any - address.</para> -</description> - -<value type="default"></value> -<value type="example">192.168.2.20</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/timeoffset.xml b/docs-xml/smbdotconf/misc/timeoffset.xml deleted file mode 100644 index e466267b11..0000000000 --- a/docs-xml/smbdotconf/misc/timeoffset.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter name="time offset" - context="G" - type="integer" - advanced="1" developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This deprecated parameter is a setting in minutes to add - to the normal GMT to local time conversion. This is useful if - you are serving a lot of PCs that have incorrect daylight - saving time handling.</para> - - <note><para>This option is deprecated, and will be removed in the next major release</para></note> -</description> - -<value type="default">0</value> -<value type="example">60</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/misc/usersharepath.xml b/docs-xml/smbdotconf/misc/usersharepath.xml index 9e0bfe57d5..cad64be751 100644 --- a/docs-xml/smbdotconf/misc/usersharepath.xml +++ b/docs-xml/smbdotconf/misc/usersharepath.xml @@ -11,8 +11,7 @@ "sticky" bit must also be set, restricting rename and delete to owners of a file (in the same way the /tmp directory is usually configured). Members of the group owner of this directory are the users allowed to create - usershares. If this parameter is undefined then no user defined - shares are allowed. + usershares. </para> <para> For example, a valid usershare directory might be /usr/local/samba/lib/usershares, @@ -29,5 +28,5 @@ </para> </description> -<value type="default">NULL</value> +<value type="default">STATEDIR/usershare</value> with the compile time value of STATEDIR. </samba:parameter> diff --git a/docs-xml/smbdotconf/printing/addportcommand.xml b/docs-xml/smbdotconf/printing/addportcommand.xml index 17c899efdc..80e56c97ef 100644 --- a/docs-xml/smbdotconf/printing/addportcommand.xml +++ b/docs-xml/smbdotconf/printing/addportcommand.xml @@ -1,4 +1,4 @@ -<samba:parameter name="add port command" +<samba:parameter name="addport command" context="G" type="string" advanced="1" developer="1" diff --git a/docs-xml/smbdotconf/printing/printcapname.xml b/docs-xml/smbdotconf/printing/printcapname.xml index f581e95693..7945ef4e3c 100644 --- a/docs-xml/smbdotconf/printing/printcapname.xml +++ b/docs-xml/smbdotconf/printing/printcapname.xml @@ -13,7 +13,7 @@ <para> To use the CUPS printing interface set <command moreinfo="none">printcap name = cups </command>. This should - be supplemented by an addtional setting <smbconfoption name="printing">cups</smbconfoption> in the [global] + be supplemented by an additional setting <smbconfoption name="printing">cups</smbconfoption> in the [global] section. <command moreinfo="none">printcap name = cups</command> will use the "dummy" printcap created by CUPS, as specified in your CUPS configuration file. </para> diff --git a/docs-xml/smbdotconf/printing/printing.xml b/docs-xml/smbdotconf/printing/printing.xml index c365594e1f..eb5925f740 100644 --- a/docs-xml/smbdotconf/printing/printing.xml +++ b/docs-xml/smbdotconf/printing/printing.xml @@ -18,7 +18,11 @@ <constant>LPRNG</constant>, <constant>PLP</constant>, <constant>SYSV</constant>, <constant>HPUX</constant>, <constant>QNX</constant>, <constant>SOFTQ</constant>, - and <constant>CUPS</constant>.</para> + <constant>CUPS</constant> and <constant>IPRINT</constant>.</para> + + <para>Be aware that CUPS and IPRINT are only available if the CUPS + development library was available at the time Samba was compiled + or packaged.</para> <para>To see what the defaults are for the other print commands when using the various options use the <citerefentry><refentrytitle>testparm</refentrytitle> diff --git a/docs-xml/smbdotconf/printing/showaddprinterwizard.xml b/docs-xml/smbdotconf/printing/showaddprinterwizard.xml index 293cf9d1aa..c912554fbf 100644 --- a/docs-xml/smbdotconf/printing/showaddprinterwizard.xml +++ b/docs-xml/smbdotconf/printing/showaddprinterwizard.xml @@ -14,8 +14,8 @@ <para>Under normal circumstances, the Windows NT/2000 client will open a handle on the printer server with OpenPrinterEx() asking for Administrator privileges. If the user does not have administrative - access on the print server (i.e is not root or a member of the - <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx() + access on the print server (i.e is not root or the priviledge + SePrintOperatorPrivilege, the OpenPrinterEx() call fails and the client makes another open call with a request for a lower privilege level. This should succeed, however the APW icon will not be displayed.</para> @@ -30,7 +30,6 @@ <related>addprinter command</related> <related>deleteprinter command</related> -<related>printer admin</related> <value type="default">yes</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/printing/useclientdriver.xml b/docs-xml/smbdotconf/printing/useclientdriver.xml index 4d9b7abfcc..ecb9c3cdcf 100644 --- a/docs-xml/smbdotconf/printing/useclientdriver.xml +++ b/docs-xml/smbdotconf/printing/useclientdriver.xml @@ -19,7 +19,7 @@ printer using MS-RPC. The problem is that because the client considers the printer to be local, it will attempt to issue the OpenPrinterEx() call requesting access rights associated with the - logged on user. If the user possesses local administator rights but + logged on user. If the user possesses local administrator rights but not root privilege on the Samba host (often the case), the OpenPrinterEx() call will fail. The result is that the client will now display an "Access Denied; Unable to connect" message diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml index 79b6da7afa..27ed6c5295 100644 --- a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml +++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml @@ -4,6 +4,9 @@ advanced="1" wizard="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> + <para>Please note this parameter is now deprecated in Samba 3.6.2 and will be removed + in a future version of Samba. + </para> <para>This boolean parameter controls what <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>does on receiving a protocol request of "open for delete" from a Windows client. If a Windows client doesn't have permissions to delete a file then they diff --git a/docs-xml/smbdotconf/protocol/announceas.xml b/docs-xml/smbdotconf/protocol/announceas.xml deleted file mode 100644 index 8891496194..0000000000 --- a/docs-xml/smbdotconf/protocol/announceas.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter name="announce as" - context="G" - type="string" - developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse - list. By default this is set to Windows NT. The valid options - are : "NT Server" (which can also be written as "NT"), - "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, - Windows NT Workstation, Windows 95 and Windows for Workgroups - respectively. Do not change this parameter unless you have a - specific need to stop Samba appearing as an NT server as this - may prevent Samba servers from participating as browser servers - correctly.</para> -</description> - -<value type="default">NT Server</value> -<value type="example">Win95</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/announceversion.xml b/docs-xml/smbdotconf/protocol/announceversion.xml deleted file mode 100644 index ecdcd4c734..0000000000 --- a/docs-xml/smbdotconf/protocol/announceversion.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter name="announce version" - context="G" - developer="1" - type="string" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This specifies the major and minor version numbers - that nmbd will use when announcing itself as a server. The default - is 4.9. Do not change this parameter unless you have a specific - need to set a Samba server to be a downlevel server.</para> -</description> -<value type="default">4.9</value> -<value type="example">2.0</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/cldapport.xml b/docs-xml/smbdotconf/protocol/cldapport.xml new file mode 100644 index 0000000000..c5f76065af --- /dev/null +++ b/docs-xml/smbdotconf/protocol/cldapport.xml @@ -0,0 +1,13 @@ +<samba:parameter name="cldap port" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls the port used by the CLDAP protocol. +</para> +</description> + +<value type="default">389</value> +<value type="example">3389</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml new file mode 100644 index 0000000000..06fda5aeb0 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml @@ -0,0 +1,78 @@ +<samba:parameter name="client max protocol" + context="G" + type="enum" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the highest + protocol level that will be supported by the client.</para> + + <para>Possible values are :</para> + <itemizedlist> + <listitem> + <para><constant>CORE</constant>: Earliest version. No + concept of user names.</para> + </listitem> + + <listitem> + <para><constant>COREPLUS</constant>: Slight improvements on + CORE for efficiency.</para> + </listitem> + + <listitem> + <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis> + version of the protocol. Long filename support.</para> + </listitem> + + <listitem> + <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> + </listitem> + + <listitem> + <para><constant>NT1</constant>: Current up to date version of the protocol. + Used by Windows NT. Known as CIFS.</para> + </listitem> + + <listitem> + <para><constant>SMB2</constant>: Re-implementation of the SMB protocol. + Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_22</constant>: Early Windows 8 SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_24</constant>: Windows 8 beta SMB2 version.</para> + </listitem> + </itemizedlist> + <para>By default SMB2 selects the SMB2_10 variant.</para> + </listitem> + + <listitem> + <para><constant>SMB3</constant>: The same as SMB2. + Used by Windows 8. SMB3 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB3_00</constant>: Windows 8 SMB3 version. (mostly the same as SMB2_24)</para> + </listitem> + </itemizedlist> + <para>By default SMB3 selects the SMB3_00 variant.</para> + </listitem> + </itemizedlist> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> +</description> + +<related>server max protocol</related> +<related>client mn protocol</related> + +<value type="default">SMB3</value> +<value type="example">LANMAN1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/clientminprotocol.xml b/docs-xml/smbdotconf/protocol/clientminprotocol.xml new file mode 100644 index 0000000000..3bcccec82b --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientminprotocol.xml @@ -0,0 +1,19 @@ +<samba:parameter name="client min protocol" + context="G" + type="enum" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This setting controls the minimum protocol version that the client + will attempt to use.</para> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> +</description> + +<related>client max protocol</related> +<related>server min protocol</related> +<value type="default">CORE</value> +<value type="example">NT1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml new file mode 100644 index 0000000000..b6d5ddc13b --- /dev/null +++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml @@ -0,0 +1,12 @@ +<samba:parameter name="dcerpc endpoint servers" + context="G" + type="list" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which DCE/RPC endpoint servers should be run.</para> +</description> + +<value type="example">epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey</value> +<value type="default">rpcecho</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/dgramport.xml b/docs-xml/smbdotconf/protocol/dgramport.xml new file mode 100644 index 0000000000..ee10e9c2d3 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/dgramport.xml @@ -0,0 +1,11 @@ +<samba:parameter name="dgram port" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which ports the server should listen on for NetBIOS datagram traffic.</para> +</description> + +<value type="default">138</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/durablehandles.xml b/docs-xml/smbdotconf/protocol/durablehandles.xml new file mode 100644 index 0000000000..011fabd8ab --- /dev/null +++ b/docs-xml/smbdotconf/protocol/durablehandles.xml @@ -0,0 +1,27 @@ +<samba:parameter name="durable handles" + context="S" + advanced="1" + type="boolean" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This boolean parameter controls + whether Samba can grant SMB2 durable file handles on a share. + </para> + <para> + Note that durable handles are only enabled if + <smbconfoption name="kernel oplocks">no</smbconfoption>, + <smbconfoption name="kernel share modes">no</smbconfoption>, and + <smbconfoption name="posix locking">no</smbconfoption>, + i.e. if the share is configured for CIFS/SMB2 only access, + not supporting interoperability features with local UNIX processes + or NFS operations. + </para> + <para> + Also note that, for the time being, durability is not granted + for a handle that has the delete on close flag set. + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml index bb56b5ad0b..8f25103a8d 100644 --- a/docs-xml/smbdotconf/protocol/enableasusupport.xml +++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml @@ -1,15 +1,15 @@ <samba:parameter name="enable asu support" - context="G" - advanced="1" developer="1" + context="G" + advanced="1" developer="1" type="boolean" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>Hosts running the "Advanced Server for Unix (ASU)" product - require some special accomodations such as creating a builtin [ADMIN$] + <para>Hosts running the "Advanced Server for Unix (ASU)" product + require some special accomodations such as creating a builtin [ADMIN$] share that only supports IPC connections. The has been the default behavior in smbd for many years. However, certain Microsoft applications such as the Print Migrator tool require that the remote server support - an [ADMIN$} file share. Disabling this parameter allows for creating + an [ADMIN$] file share. Disabling this parameter allows for creating an [ADMIN$] file share in smb.conf.</para> </description> diff --git a/docs-xml/smbdotconf/protocol/eventloglist.xml b/docs-xml/smbdotconf/protocol/eventloglist.xml index e98559bc17..101821ad12 100644 --- a/docs-xml/smbdotconf/protocol/eventloglist.xml +++ b/docs-xml/smbdotconf/protocol/eventloglist.xml @@ -6,7 +6,7 @@ <para>This option defines a list of log names that Samba will report to the Microsoft EventViewer utility. The listed eventlogs will be associated with tdb file on disk in the - <filename>$(lockdir)/eventlog</filename>. + <filename>$(statedir)/eventlog</filename>. </para> <para> diff --git a/docs-xml/smbdotconf/protocol/maxprotocol.xml b/docs-xml/smbdotconf/protocol/maxprotocol.xml deleted file mode 100644 index 3648a5ecb0..0000000000 --- a/docs-xml/smbdotconf/protocol/maxprotocol.xml +++ /dev/null @@ -1,53 +0,0 @@ -<samba:parameter name="max protocol" - context="G" - type="enum" - developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>The value of the parameter (a string) is the highest - protocol level that will be supported by the server.</para> - - <para>Possible values are :</para> - <itemizedlist> - <listitem> - <para><constant>CORE</constant>: Earliest version. No - concept of user names.</para> - </listitem> - - <listitem> - <para><constant>COREPLUS</constant>: Slight improvements on - CORE for efficiency.</para> - </listitem> - - <listitem> - <para><constant>LANMAN1</constant>: First <emphasis> - modern</emphasis> version of the protocol. Long filename - support.</para> - </listitem> - - <listitem> - <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> - </listitem> - - <listitem> - <para><constant>NT1</constant>: Current up to date version of the protocol. - Used by Windows NT. Known as CIFS.</para> - </listitem> - <listitem> - <para><constant>SMB2</constant>: Re-implementation of the SMB protocol. - Used by Windows Vista and newer. The Samba implementation of SMB2 is - currently marked experimental!</para> - </listitem> - </itemizedlist> - - <para>Normally this option should not be set as the automatic - negotiation phase in the SMB protocol takes care of choosing - the appropriate protocol.</para> -</description> - -<related>min protocol</related> -<synonym>protocol</synonym> - -<value type="default">NT1</value> -<value type="example">LANMAN1</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/minprotocol.xml b/docs-xml/smbdotconf/protocol/minprotocol.xml deleted file mode 100644 index 0bec282467..0000000000 --- a/docs-xml/smbdotconf/protocol/minprotocol.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter name="min protocol" - context="G" - type="string" - developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>The value of the parameter (a string) is the - lowest SMB protocol dialect than Samba will support. Please refer - to the <smbconfoption name="max protocol"/> - parameter for a list of valid protocol names and a brief description - of each. You may also wish to refer to the C source code in - <filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol - dialects supported by clients.</para> - - <para>If you are viewing this parameter as a security measure, you should - also refer to the <smbconfoption name="lanman auth"/> parameter. Otherwise, you should never need - to change this parameter.</para> -</description> - -<value type="default">CORE</value> -<value type="example">NT1</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml index 2df6c178db..55085a3b2a 100644 --- a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml +++ b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml @@ -14,7 +14,7 @@ but user testing is recommended. If set to zero Samba processes SMBwriteX calls normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</para> <para>Note this option will have NO EFFECT if set on a SMB signed connection.</para> -<para>The default is zero, which diables this option.</para> +<para>The default is zero, which disables this option.</para> </description> <related>min receivefile size</related> diff --git a/docs-xml/smbdotconf/protocol/nbtport.xml b/docs-xml/smbdotconf/protocol/nbtport.xml new file mode 100644 index 0000000000..d269189224 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/nbtport.xml @@ -0,0 +1,12 @@ +<samba:parameter name="nbt port" + context="G" + type="list" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which port the server should use for NetBIOS over IP name + services traffic.</para> +</description> + +<value type="default">137</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml new file mode 100644 index 0000000000..7d1d86475f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml @@ -0,0 +1,16 @@ +<samba:parameter name="rpc big endian" + context="G" + type="bool" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Setting this option will force the RPC client and server to + transfer data in big endian.</para> + + <para>If it is disabled, data will be transferred in little endian.</para> + + <para>The behaviour is independent of the endianness of the host machine.</para> +</description> + +<value type="default">False</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml new file mode 100644 index 0000000000..94184c8a50 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml @@ -0,0 +1,79 @@ +<samba:parameter name="server max protocol" + context="G" + type="enum" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>The value of the parameter (a string) is the highest + protocol level that will be supported by the server.</para> + + <para>Possible values are :</para> + <itemizedlist> + <listitem> + <para><constant>CORE</constant>: Earliest version. No + concept of user names.</para> + </listitem> + + <listitem> + <para><constant>COREPLUS</constant>: Slight improvements on + CORE for efficiency.</para> + </listitem> + + <listitem> + <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis> + version of the protocol. Long filename support.</para> + </listitem> + + <listitem> + <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> + </listitem> + + <listitem> + <para><constant>NT1</constant>: Current up to date version of the protocol. + Used by Windows NT. Known as CIFS.</para> + </listitem> + + <listitem> + <para><constant>SMB2</constant>: Re-implementation of the SMB protocol. + Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_22</constant>: Early Windows 8 SMB2 version.</para> + </listitem> + <listitem> + <para><constant>SMB2_24</constant>: Windows 8 beta SMB2 version.</para> + </listitem> + </itemizedlist> + <para>By default SMB2 selects the SMB2_10 variant.</para> + </listitem> + + <listitem> + <para><constant>SMB3</constant>: The same as SMB2. + Used by Windows 8. SMB3 has sub protocols available.</para> + <itemizedlist> + <listitem> + <para><constant>SMB3_00</constant>: Windows 8 SMB3 version. (mostly the same as SMB2_24)</para> + </listitem> + </itemizedlist> + <para>By default SMB3 selects the SMB3_00 variant.</para> + </listitem> + </itemizedlist> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> +</description> + +<related>server min protocol</related> +<synonym>max protocol</synonym> +<synonym>protocol</synonym> + +<value type="default">SMB3</value> +<value type="example">LANMAN1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml new file mode 100644 index 0000000000..4edecc45c4 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml @@ -0,0 +1,20 @@ +<samba:parameter name="server min protocol" + context="G" + type="enum" + developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>min protocol</synonym> +<description> + <para>This setting controls the minimum protocol version that the server + will allow the client to use.</para> + + <para>Normally this option should not be set as the automatic negotiation + phase in the SMB protocol takes care of choosing the appropriate + protocol.</para> +</description> + +<related>server max protocol</related> + +<value type="default">CORE</value> +<value type="example">NT1</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/unicode.xml b/docs-xml/smbdotconf/protocol/unicode.xml new file mode 100644 index 0000000000..22ffc4b070 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/unicode.xml @@ -0,0 +1,13 @@ +<samba:parameter name="unicode" + context="G" + type="bool" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies whether the server and client should support unicode.</para> + + <para>If this option is set to false, the use of ASCII will be forced.</para> +</description> + +<value type="default">True</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml index c975c9b685..5c2abccffb 100644 --- a/docs-xml/smbdotconf/protocol/usespnego.xml +++ b/docs-xml/smbdotconf/protocol/usespnego.xml @@ -4,7 +4,7 @@ developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This deprecated variable controls controls whether samba will try + <para>This deprecated variable controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism. </para> diff --git a/docs-xml/smbdotconf/protocol/webport.xml b/docs-xml/smbdotconf/protocol/webport.xml new file mode 100644 index 0000000000..1b1073c60d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/webport.xml @@ -0,0 +1,12 @@ +<samba:parameter name="web port" + context="G" + type="list" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which port the Samba web server should listen on.</para> +</description> + +<value type="default">901</value> +<value type="example">80</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/aclgroupcontrol.xml b/docs-xml/smbdotconf/security/aclgroupcontrol.xml index 6efd46dd8d..e62216a8ef 100644 --- a/docs-xml/smbdotconf/security/aclgroupcontrol.xml +++ b/docs-xml/smbdotconf/security/aclgroupcontrol.xml @@ -14,7 +14,7 @@ that group to modify the permissions on it. This allows the delegation of security controls on a point in the filesystem to the group owner of a directory and anything below it also owned by that group. This means there are multiple people with permissions to modify ACLs on a file - or directory, easing managability. + or directory, easing manageability. </para> <para> This parameter allows Samba to also permit delegation of the control over a point in the exported diff --git a/docs-xml/smbdotconf/security/adminusers.xml b/docs-xml/smbdotconf/security/adminusers.xml index d8f14b6d74..30adea9d97 100644 --- a/docs-xml/smbdotconf/security/adminusers.xml +++ b/docs-xml/smbdotconf/security/adminusers.xml @@ -11,9 +11,6 @@ this list will be able to do anything they like on the share, irrespective of file permissions.</para> - <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in - Samba 3.0. This is by design.</para> - </description> <value type="default"/> diff --git a/docs-xml/smbdotconf/security/algorithmicridbase.xml b/docs-xml/smbdotconf/security/algorithmicridbase.xml index 24a3150024..bcf3ef673c 100644 --- a/docs-xml/smbdotconf/security/algorithmicridbase.xml +++ b/docs-xml/smbdotconf/security/algorithmicridbase.xml @@ -11,7 +11,7 @@ <para>Setting this option to a larger value could be useful to sites transitioning from WinNT and Win2k, as existing user and - group rids would otherwise clash with sytem users etc. + group rids would otherwise clash with system users etc. </para> <para>All UIDs and GIDs must be able to be resolved into SIDs for diff --git a/docs-xml/smbdotconf/security/clientntlmv2auth.xml b/docs-xml/smbdotconf/security/clientntlmv2auth.xml index b151df2447..7f303565ba 100644 --- a/docs-xml/smbdotconf/security/clientntlmv2auth.xml +++ b/docs-xml/smbdotconf/security/clientntlmv2auth.xml @@ -1,4 +1,4 @@ -<samba:parameter name="client ntlmv2 auth" +<samba:parameter name="client NTLMv2 auth" context="G" type="boolean" advanced="1" developer="1" diff --git a/docs-xml/smbdotconf/security/createmask.xml b/docs-xml/smbdotconf/security/createmask.xml index cf6864c78e..5df07188d6 100644 --- a/docs-xml/smbdotconf/security/createmask.xml +++ b/docs-xml/smbdotconf/security/createmask.xml @@ -26,12 +26,6 @@ This parameter does not affect directory masks. See the parameter <smbconfoption name="directory mask"/> for details. </para> - - <para> - Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the - administrator wishes to enforce a mask on access control lists also, they need to set the <smbconfoption - name="security mask"/>. - </para> </description> <related>force create mode</related> diff --git a/docs-xml/smbdotconf/security/directorymask.xml b/docs-xml/smbdotconf/security/directorymask.xml index 7b67f79214..b17625c95b 100644 --- a/docs-xml/smbdotconf/security/directorymask.xml +++ b/docs-xml/smbdotconf/security/directorymask.xml @@ -23,15 +23,10 @@ <para>Following this Samba will bit-wise 'OR' the UNIX mode created from this parameter with the value of the <smbconfoption name="force directory mode"/> parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <smbconfoption name="directory security mask"/>.</para> </description> <related>force directory mode</related> <related>create mask</related> -<related>directory security mask</related> <related>inherit permissions</related> <value type="default">0755</value> <value type="example">0775</value> diff --git a/docs-xml/smbdotconf/security/directorysecuritymask.xml b/docs-xml/smbdotconf/security/directorysecuritymask.xml index 5ed85ae3f8..ad208f4e2a 100644 --- a/docs-xml/smbdotconf/security/directorysecuritymask.xml +++ b/docs-xml/smbdotconf/security/directorysecuritymask.xml @@ -1,39 +1,12 @@ <samba:parameter name="directory security mask" - context="S" - type="string" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + context="S" + removed="1" + type="string" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter controls what UNIX permission bits - will be set when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog - box.</para> - - <para> - This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting - any bits not in this mask. Make sure not to mix up this parameter with <smbconfoption name="force - directory security mode"/>, which works similar like this one but uses logical OR instead of AND. - Essentially, zero bits in this mask are a set of bits that will always be set to zero. - </para> - <para> - Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the - file permissions regardless of the previous status of this bits on the file. + This parameter has been removed for Samba 4.0.0. </para> - - <para>If not set explicitly this parameter is set to 0777 - meaning a user is allowed to set all the user/group/world - permissions on a directory.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it as the default of <constant>0777</constant>.</para> </description> -<related>force directory security mode</related> -<related>security mask</related> -<related>force security mode</related> -<value type="default">0777</value> -<value type="example">0700</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/security/encryptpasswords.xml b/docs-xml/smbdotconf/security/encryptpasswords.xml index 1a631fd098..fdf0cfd43e 100644 --- a/docs-xml/smbdotconf/security/encryptpasswords.xml +++ b/docs-xml/smbdotconf/security/encryptpasswords.xml @@ -32,7 +32,7 @@ have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> program for information on how to set up - and maintain this file), or set the <smbconfoption name="security">[server|domain|ads]</smbconfoption> parameter which + and maintain this file), or set the <smbconfoption name="security">[domain|ads]</smbconfoption> parameter which causes <command moreinfo="none">smbd</command> to authenticate against another server.</para> </description> diff --git a/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml b/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml index 2c15ec2753..a45395d106 100644 --- a/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml +++ b/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml @@ -1,43 +1,11 @@ <samba:parameter name="force directory security mode" - context="S" - type="string" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + context="S" + type="string" + removed="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating - the UNIX permission on a directory using the native NT security dialog box. - </para> - - <para> - This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this - mask that the user may have modified to be on. Make sure not to mix up this parameter with <smbconfoption - name="directory security mask"/>, which works in a similar manner to this one, but uses a logical AND instead - of an OR. - </para> - - <para> - Essentially, this mask may be treated as a set of bits that, when modifying security on a directory, - to will enable (1) any flags that are off (0) but which the mask has set to on (1). - </para> - - <para> - If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world - permissions on a directory without restrictions. - </para> - - <note><para> - Users who can access the Samba server through other means can easily bypass this restriction, so it is - primarily useful for standalone "appliance" systems. Administrators of most normal systems will - probably want to leave it set as 0000. - </para></note> - + This parameter has been removed for Samba 4.0.0. + </para> </description> - -<value type="default">0</value> -<value type="example">700</value> - -<related>directory security mask</related> -<related>security mask</related> -<related>force security mode</related> - </samba:parameter> diff --git a/docs-xml/smbdotconf/security/forcesecuritymode.xml b/docs-xml/smbdotconf/security/forcesecuritymode.xml index 7451ef91ae..5a9479e899 100644 --- a/docs-xml/smbdotconf/security/forcesecuritymode.xml +++ b/docs-xml/smbdotconf/security/forcesecuritymode.xml @@ -1,41 +1,11 @@ <samba:parameter name="force security mode" context="S" - type="string" + type="string" + removed="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security dialog box. - </para> - - <para> - This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this - mask that the user may have modified to be on. Make sure not to mix up this parameter with <smbconfoption - name="security mask"/>, which works similar like this one but uses logical AND instead of OR. - </para> - - <para> - Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file, - the user has always set to be on. - </para> - - <para> - If not set explicitly this parameter is set to 0, and allows a user to modify all the user/group/world - permissions on a file, with no restrictions. - </para> - - <para><emphasis> - Note</emphasis> that users who can access the Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most - normal systems will probably want to leave this set to 0000. - </para> - + This parameter has been removed for Samba 4.0.0. + </para> </description> - -<value type="default">0</value> -<value type="example">700</value> - -<related>force directory security mode</related> -<related>directory security mask</related> -<related>security mask</related> </samba:parameter> diff --git a/docs-xml/smbdotconf/security/kpasswdport.xml b/docs-xml/smbdotconf/security/kpasswdport.xml new file mode 100644 index 0000000000..419e86696e --- /dev/null +++ b/docs-xml/smbdotconf/security/kpasswdport.xml @@ -0,0 +1,12 @@ +<samba:parameter name="kpasswd port" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which ports the Kerberos server should listen on for + password changes.</para> +</description> + +<value type="default">464</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/krb5port.xml b/docs-xml/smbdotconf/security/krb5port.xml new file mode 100644 index 0000000000..e4887fc664 --- /dev/null +++ b/docs-xml/smbdotconf/security/krb5port.xml @@ -0,0 +1,11 @@ +<samba:parameter name="krb5 port" + context="G" + type="list" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>Specifies which port the KDC should listen on for Kerberos traffic.</para> +</description> + +<value type="default">88</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/lognttokencommand.xml b/docs-xml/smbdotconf/security/lognttokencommand.xml new file mode 100644 index 0000000000..33ec23b810 --- /dev/null +++ b/docs-xml/smbdotconf/security/lognttokencommand.xml @@ -0,0 +1,14 @@ +<samba:parameter name="log nt token command" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option can be set to a command that will be called when new nt + tokens are created.</para> + + <para>This is only useful for development purposes.</para> +</description> + +<value type="default"></value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/maptoguest.xml b/docs-xml/smbdotconf/security/maptoguest.xml index 0f680ae71c..09017bcb10 100644 --- a/docs-xml/smbdotconf/security/maptoguest.xml +++ b/docs-xml/smbdotconf/security/maptoguest.xml @@ -4,11 +4,6 @@ advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter is only useful in <smbconfoption name="SECURITY"> - security</smbconfoption> modes other than <parameter moreinfo="none">security = share</parameter> - and <parameter moreinfo="none">security = server</parameter> - - i.e. <constant>user</constant>, and <constant>domain</constant>.</para> - <para>This parameter can take four different values, which tell <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> what to do with user @@ -55,20 +50,11 @@ </itemizedlist> <para>Note that this parameter is needed to set up "Guest" - share services when using <parameter moreinfo="none">security</parameter> modes other than - share and server. This is because in these modes the name of the resource being + share services. This is because in these modes the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after the server has successfully authenticated the client so the server cannot make authentication decisions at the correct time (connection - to the share) for "Guest" shares. This parameter is not useful with - <parameter moreinfo="none">security = server</parameter> as in this security mode - no information is returned about whether a user logon failed due to - a bad username or bad password, the same error is returned from a modern server - in both cases.</para> - - <para>For people familiar with the older Samba releases, this - parameter maps to the old compile-time setting of the <constant> - GUEST_SESSSETUP</constant> value in local.h.</para> + to the share) for "Guest" shares. </para> </description> <value type="default">Never</value> diff --git a/docs-xml/smbdotconf/security/ntpsigndsocketdirectory.xml b/docs-xml/smbdotconf/security/ntpsigndsocketdirectory.xml new file mode 100644 index 0000000000..718626d242 --- /dev/null +++ b/docs-xml/smbdotconf/security/ntpsigndsocketdirectory.xml @@ -0,0 +1,17 @@ +<samba:parameter name="ntp signd socket directory" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This setting controls the location of the socket that + the NTP daemon uses to communicate with Samba for + signing packets.</para> + + <para>If a non-default path is specified here, then it is also necessary + to make NTP aware of the new path using the <constant>ntpsigndsocket</constant> + directive in <filename>ntp.conf</filename>.</para> +</description> + +<value type="default">$prefix/run/samba/ntp_signd</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/onlyuser.xml b/docs-xml/smbdotconf/security/onlyuser.xml index b1ef1b7606..ed1bbd53e3 100644 --- a/docs-xml/smbdotconf/security/onlyuser.xml +++ b/docs-xml/smbdotconf/security/onlyuser.xml @@ -3,20 +3,16 @@ context="S" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This is a boolean option that controls whether - connections with usernames not in the <parameter moreinfo="none">user</parameter> - list will be allowed. By default this option is disabled so that a - client can supply a username to be used by the server. Enabling - this parameter will force the server to only use the login - names from the <parameter moreinfo="none">user</parameter> list and is only really - useful in <smbconfoption name="security">share</smbconfoption> level security.</para> + <para>To restrict a service to a particular set of users you + can use the <smbconfoption name="valid users"/> parameter.</para> + + <para>This parameter is deprecated</para> + + <para>However, it currently operates only in conjunction with + <smbconfoption name="username"/>. The supported way to restrict + a service to a particular set of users is the + <smbconfoption name="valid users"/> parameter.</para> - <para>Note that this also means Samba won't try to deduce - usernames from the service name. This can be annoying for - the [homes] section. To get around this you could use <command moreinfo="none">user = - %S</command> which means your <parameter moreinfo="none">user</parameter> list - will be just the service name, which for home directories is the - name of the user.</para> </description> <related>user</related> diff --git a/docs-xml/smbdotconf/security/passwordlevel.xml b/docs-xml/smbdotconf/security/passwordlevel.xml index 754bbdfa76..eee838f65c 100644 --- a/docs-xml/smbdotconf/security/passwordlevel.xml +++ b/docs-xml/smbdotconf/security/passwordlevel.xml @@ -13,7 +13,7 @@ text passwords even when NT LM 0.12 selected by the protocol negotiation request/response.</para> - <para>This deprecated parameter defines the maximum number of characters + <para>This deprecated parameter defines the maximum number of characters that may be upper case in passwords.</para> <para>For example, say the password given was "FRED". If <parameter moreinfo="none"> diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml index 0aa3b511b8..18baa9bdbc 100644 --- a/docs-xml/smbdotconf/security/passwordserver.xml +++ b/docs-xml/smbdotconf/security/passwordserver.xml @@ -4,18 +4,17 @@ advanced="1" wizard="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>By specifying the name of another SMB server - or Active Directory domain controller with this option, - and using <command moreinfo="none">security = [ads|domain|server]</command> + <para>By specifying the name of a domain controller with this option, + and using <command moreinfo="none">security = [ads|domain]</command> it is possible to get Samba to do all its username/password validation using a specific remote server.</para> - <para>If the <parameter moreinfo="none">security</parameter> parameter is set to - <constant>domain</constant> or <constant>ads</constant>, then this option - <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba - to determine the best DC to contact dynamically, just as all other hosts in an - AD domain do. This allows the domain to be maintained without modification to - the smb.conf file. The cryptograpic protection on the authenticated RPC calls + <para>Ideally, this option + <emphasis>should not</emphasis> be used, as the default '*' indicates to Samba + to determine the best DC to contact dynamically, just as all other hosts in an + AD domain do. This allows the domain to be maintained (addition + and removal of domain controllers) without modification to + the smb.conf file. The cryptographic protection on the authenticated RPC calls used to verify passwords ensures that this default is safe.</para> <para><emphasis>It is strongly recommended that you use the @@ -35,62 +34,10 @@ will be added to the list as well. Samba will not attempt to optimize this list by locating the closest DC.</para> - <para>If parameter is a name, it is looked up using the + <para>If parameter is a name, it is looked up using the parameter <smbconfoption name="name resolve order"/> and so may resolved by any method and order described in that parameter.</para> - <para>If the <parameter moreinfo="none">security</parameter> parameter is - set to <constant>server</constant>, these additional restrictions apply:</para> - - <itemizedlist> - <listitem> - <para>You may list several password servers in - the <parameter moreinfo="none">password server</parameter> parameter, however if an - <command moreinfo="none">smbd</command> makes a connection to a password server, - and then the password server fails, no more users will be able - to be authenticated from this <command moreinfo="none">smbd</command>. This is a - restriction of the SMB/CIFS protocol when in <command moreinfo="none">security = server - </command> mode and cannot be fixed in Samba.</para> - </listitem> - - <listitem> - <para>You will have to ensure that your users - are able to login from the Samba server, as when in <command moreinfo="none"> - security = server</command> mode the network logon will appear to - come from the Samba server rather than from the users workstation.</para> - </listitem> - - <listitem> - <para>The client must not select NTLMv2 authentication.</para> - </listitem> - - <listitem> - <para>The password server must be a machine capable of using - the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in - user level security mode.</para> - </listitem> - - <listitem> - <para>Using a password server means your UNIX box (running - Samba) is only as secure as (a host masqurading as) your password server. <emphasis>DO NOT - CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>. - </para> - </listitem> - - <listitem> - <para>Never point a Samba server at itself for password serving. - This will cause a loop and could lock up your Samba server!</para> - </listitem> - - <listitem> - <para>The name of the password server takes the standard - substitutions, but probably the only useful one is <parameter moreinfo="none">%m - </parameter>, which means the Samba server will use the incoming - client as the password server. If you use this then you better - trust your clients, and you had better restrict them with hosts allow!</para> - </listitem> - - </itemizedlist> </description> <related>security</related> diff --git a/docs-xml/smbdotconf/security/printeradmin.xml b/docs-xml/smbdotconf/security/printeradmin.xml deleted file mode 100644 index a0dd9929c0..0000000000 --- a/docs-xml/smbdotconf/security/printeradmin.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter name="printer admin" - context="S" - type="list" - print="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para> - This lists users who can do anything to printers - via the remote administration interfaces offered - by MS-RPC (usually using a NT workstation). - This parameter can be set per-share or globally. - Note: The root user always has admin rights. Use - caution with use in the global stanza as this can - cause side effects. - </para> - - <para> - This parameter has been marked deprecated in favor - of using the SePrintOperatorPrivilege and individual - print security descriptors. It will be removed in a future release. - </para> - -</description> - -<value type="default"></value> -<value type="example">admin, @staff</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/security/privatedir.xml b/docs-xml/smbdotconf/security/privatedir.xml index d0cbcfad59..46d4a8297c 100644 --- a/docs-xml/smbdotconf/security/privatedir.xml +++ b/docs-xml/smbdotconf/security/privatedir.xml @@ -3,6 +3,7 @@ type="string" advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>private directory</synonym> <description> <para>This parameters defines the directory smbd will use for storing such files as <filename moreinfo="none">smbpasswd</filename> diff --git a/docs-xml/smbdotconf/security/readlist.xml b/docs-xml/smbdotconf/security/readlist.xml index df6b4f129b..c874fef456 100644 --- a/docs-xml/smbdotconf/security/readlist.xml +++ b/docs-xml/smbdotconf/security/readlist.xml @@ -9,11 +9,7 @@ to. The list can include group names using the syntax described in the <smbconfoption name="invalid users"/> parameter. </para> - - <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in - Samba 3.0. This is by design.</para> </description> - <related>write list</related> <related>invalid users</related> diff --git a/docs-xml/smbdotconf/security/readonly.xml b/docs-xml/smbdotconf/security/readonly.xml index 6e1f6dd2b8..612bf0d87d 100644 --- a/docs-xml/smbdotconf/security/readonly.xml +++ b/docs-xml/smbdotconf/security/readonly.xml @@ -3,6 +3,7 @@ type="boolean" basic="1" advanced="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<synonym>write ok</synonym> <description> <para>An inverted synonym is <smbconfoption name="writeable"/>.</para> diff --git a/docs-xml/smbdotconf/security/restrictanonymous.xml b/docs-xml/smbdotconf/security/restrictanonymous.xml index 1fbf983d54..8e2ef081d1 100644 --- a/docs-xml/smbdotconf/security/restrictanonymous.xml +++ b/docs-xml/smbdotconf/security/restrictanonymous.xml @@ -13,7 +13,7 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ </programlisting> registry key in Windows 2000 and Windows NT. When set to 0, user and group list information is returned to anyone who asks. When set - to 1, only an authenticated user can retrive user and + to 1, only an authenticated user can retrieve user and group list information. For the value 2, supported by Windows 2000/XP and Samba, no anonymous connections are allowed at all. This can break third party and Microsoft diff --git a/docs-xml/smbdotconf/security/sambakcccommand.xml b/docs-xml/smbdotconf/security/sambakcccommand.xml new file mode 100644 index 0000000000..9621792c9f --- /dev/null +++ b/docs-xml/smbdotconf/security/sambakcccommand.xml @@ -0,0 +1,19 @@ +<samba:parameter name="samba kcc command" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option specifies the path to the Samba KCC command. + This script is used for replication topology replication. + </para> + + <para>It should not be necessary to modify this option except + for testing purposes or if the <filename>samba_kcc</filename> + was installed in a non-default location. + </para> +</description> + +<value type="default">$prefix/sbin/samba_kcc</value> +<value type="example">/usr/local/bin/kcc</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml index ed71f95c6d..406089f2da 100644 --- a/docs-xml/smbdotconf/security/security.xml +++ b/docs-xml/smbdotconf/security/security.xml @@ -11,203 +11,74 @@ Samba and is one of the most important settings in the <filename moreinfo="none"> smb.conf</filename> file.</para> - <para>The option sets the "security mode bit" in replies to - protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide - based on this bit whether (and how) to transfer user and password - information to the server.</para> - - <para>The default is <command moreinfo="none">security = user</command>, as this is - the most common setting needed when talking to Windows 98 and - Windows NT.</para> + the most common setting, used for a standalone file server or a DC.</para> <para>The alternatives are <command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain - </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">security = share</command> and <command moreinfo="none">security = server</command>, both of which are deprecated.</para> - - <para>In versions of Samba prior to 2.0.0, the default was - <command moreinfo="none">security = share</command> mainly because that was - the only option at one stage.</para> + </command>, which support joining Samba to a Windows domain</para> - <para>You should use <command moreinfo="none">security = user</command> and - <smbconfoption name="map to guest"/> if you + <para>You should use <command moreinfo="none">security = user</command> and + <smbconfoption name="map to guest"/> if you want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. </para> - <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis> - hybrid mode</emphasis> where it is offers both user and share - level security under different <smbconfoption name="NetBIOS aliases"/>. </para> - <para>The different settings will now be explained.</para> + <para><anchor id="SECURITYEQUALSAUTO"/><emphasis>SECURITY = AUTO</emphasis></para> + + <para>This is the default security setting in Samba, and causes Samba to consult + the <smbconfoption name="server role"/> parameter (if set) to determine the security mode.</para> + <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER</emphasis></para> - <para>This is the default security setting in Samba. - With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the <smbconfoption name="username map"/> + <para>If <smbconfoption name="server role"/> is not specified, this is the default security setting in Samba. + With user-level security a client must first "log-on" with a + valid username and password (which can be mapped using the <smbconfoption name="username map"/> parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption - name="guest only"/> if set are then applied and - may change the UNIX user to use on this connection, but only after + name="guest only"/> if set are then applied and + may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.</para> - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <smbconfoption name="guest account"/>. + <para><emphasis>Note</emphasis> that the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the <smbconfoption name="guest account"/>. See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> - <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para> <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> <manvolnum>8</manvolnum></citerefentry> has been used to add this machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/> - parameter to be set to <constant>yes</constant>. In this + parameter to be set to <constant>yes</constant>. In this mode Samba will try to validate the username/password by passing - it to a Windows NT Primary or Backup Domain Controller, in exactly + it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do.</para> - <para><emphasis>Note</emphasis> that a valid UNIX user must still - exist as well as the account on the Domain Controller to allow + <para><emphasis>Note</emphasis> that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to.</para> - <para><emphasis>Note</emphasis> that from the client's point - of view <command moreinfo="none">security = domain</command> is the same - as <command moreinfo="none">security = user</command>. It only - affects how the server deals with the authentication, + <para><emphasis>Note</emphasis> that from the client's point + of view <command moreinfo="none">security = domain</command> is the same + as <command moreinfo="none">security = user</command>. It only + affects how the server deals with the authentication, it does not in any way affect what the client sees.</para> - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <smbconfoption name="guest account"/>. + <para><emphasis>Note</emphasis> that the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the <smbconfoption name="guest account"/>. See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para>See also the <smbconfoption name="password server"/> parameter and the <smbconfoption name="encrypted passwords"/> parameter.</para> - <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para> - - <note><para>This option is deprecated as it is incompatible with SMB2</para></note> - - <para>When clients connect to a share level security server, they - need not log onto the server with a valid username and password before - attempting to connect to a shared resource (although modern clients - such as Windows 95/98 and Windows NT will send a logon request with - a username but no password when talking to a <command moreinfo="none">security = share - </command> server). Instead, the clients send authentication information - (passwords) on a per-share basis, at the time they attempt to connect - to that share.</para> - - <para>Note that <command moreinfo="none">smbd</command> <emphasis>ALWAYS</emphasis> - uses a valid UNIX user to act on behalf of the client, even in - <command moreinfo="none">security = share</command> level security.</para> - - <para>As clients are not required to send a username to the server - in share level security, <command moreinfo="none">smbd</command> uses several - techniques to determine the correct UNIX user to use on behalf - of the client.</para> - - <para>A list of possible UNIX usernames to match with the given - client password is constructed using the following methods :</para> - - <itemizedlist> - <listitem> - <para>If the <smbconfoption name="guest only"/> parameter is set, then all the other - stages are missed and only the <smbconfoption name="guest account"/> username is checked. - </para> - </listitem> - - <listitem> - <para>Is a username is sent with the share connection - request, then this username (after mapping - see <smbconfoption name="username map"/>), - is added as a potential username. - </para> - </listitem> - - <listitem> - <para>If the client did a previous <emphasis>logon - </emphasis> request (the SessionSetup SMB call) then the - username sent in this SMB will be added as a potential username. - </para> - </listitem> - - <listitem> - <para>The name of the service the client requested is - added as a potential username. - </para> - </listitem> - - <listitem> - <para>The NetBIOS name of the client is added to - the list as a potential username. - </para> - </listitem> - - <listitem> - <para>Any users on the <smbconfoption name="user"/> list are added as potential usernames. - </para> - </listitem> - </itemizedlist> - - <para>If the <parameter moreinfo="none">guest only</parameter> parameter is - not set, then this list is then tried with the supplied password. - The first user for whom the password matches will be used as the - UNIX user.</para> - - <para>If the <parameter moreinfo="none">guest only</parameter> parameter is - set, or no username can be determined then if the share is marked - as available to the <parameter moreinfo="none">guest account</parameter>, then this - guest user will be used, otherwise access is denied.</para> - - <para>Note that it can be <emphasis>very</emphasis> confusing - in share-level security as to which UNIX username will eventually - be used in granting access.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para> - - <para> - In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an - NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the - <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote - server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid <filename - moreinfo="none">smbpasswd</filename> file to check users against. See the chapter about the User Database in - the Samba HOWTO Collection for details on how to set this up. -</para> - - <note><para>This mode of operation has - significant pitfalls since it is more vulnerable to - man-in-the-middle attacks and server impersonation. In particular, - this mode of operation can cause significant resource consumption on - the PDC, as it must maintain an active connection for the duration - of the user's session. Furthermore, if this connection is lost, - there is no way to reestablish it, and further authentications to the - Samba server may fail (from a single client, till it disconnects). - </para></note> - - <note><para>If the client selects NTLMv2 authentication, then this mode of operation <emphasis>will fail</emphasis> - </para></note> - - <note><para>From the client's point of - view, <command moreinfo="none">security = server</command> is the - same as <command moreinfo="none">security = user</command>. It - only affects how the server deals with the authentication, it does - not in any way affect what the client sees.</para></note> - - <note><para>This option is deprecated, and may be removed in future</para></note> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -216,9 +87,6 @@ the server to automatically map unknown users into the <smbconfoption name="guest account"/>. See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para>See also the <smbconfoption name="password server"/> parameter and the <smbconfoption name="encrypted passwords"/> parameter.</para> diff --git a/docs-xml/smbdotconf/security/securitymask.xml b/docs-xml/smbdotconf/security/securitymask.xml index 23bc2808db..e535d32982 100644 --- a/docs-xml/smbdotconf/security/securitymask.xml +++ b/docs-xml/smbdotconf/security/securitymask.xml @@ -1,39 +1,11 @@ <samba:parameter name="security mask" context="S" - type="string" + type="string" + removed="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the - UNIX permission on a file using the native NT security dialog box. - </para> - - <para> - This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting - any bits not in this mask. Make sure not to mix up this parameter with <smbconfoption name="force - security mode"/>, which works in a manner similar to this one but uses a logical OR instead of an AND. - </para> - - <para> - Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the - file permissions regardless of the previous status of this bits on the file. - </para> - - <para> - If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file. + This parameter has been removed for Samba 4.0.0. </para> - - <para><emphasis> - Note</emphasis> that users who can access the Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone "appliance" systems. Administrators of - most normal systems will probably want to leave it set to <constant>0777</constant>. - </para> </description> - -<related>force directory security mode</related> -<related>directory security mask</related> -<related>force security mode</related> - -<value type="default">0777</value> -<value type="example">0770</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/security/sendspengoprincipal.xml b/docs-xml/smbdotconf/security/sendspengoprincipal.xml deleted file mode 100644 index 03794debc2..0000000000 --- a/docs-xml/smbdotconf/security/sendspengoprincipal.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter name="send spnego principal" - context="G" - type="boolean" - advanced="1" developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This parameter determines whether or not - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will send the - server-supplied principal sometimes given in the SPNEGO - exchange.</para> - - <para>If enabled, Samba can attempt to help clients to use - Kerberos to contact it, even when known only by IP address or a - name not registered with our KDC as a service principal name. - Kerberos relies on names, so ordinarily cannot function in this - situation. </para> - - <para>If disabled, Samba will send the string - not_defined_in_RFC4178@please_ignore as the 'rfc4178 hint', - following the updated RFC and Windows 2008 behaviour in this area. - </para> - - <para>Note that Windows XP SP2 and later versions already ignored - this value in all circumstances. </para> -</description> -<value type="default">no</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/security/serverrole.xml b/docs-xml/smbdotconf/security/serverrole.xml new file mode 100644 index 0000000000..005b6e90a8 --- /dev/null +++ b/docs-xml/smbdotconf/security/serverrole.xml @@ -0,0 +1,88 @@ +<samba:parameter name="server role" + context="G" + type="enum" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option determines the basic operating mode of a Samba + server and is one of the most important settings in the <filename + moreinfo="none"> smb.conf</filename> file.</para> + + <para>The default is <command moreinfo="none">server role = auto</command>, as causes + Samba to operate according to the <smbconfoption name="security"/> setting, or if not + specified as a simple file server that is not connected to any domain.</para> + + <para>The alternatives are + <command moreinfo="none">server role = standalone</command> or <command moreinfo="none">server role = member server + </command>, which support joining Samba to a Windows domain, along with <command moreinfo="none">server role = domain controller</command>, which run Samba as a Windows domain controller.</para> + + <para>You should use <command moreinfo="none">server role = standalone</command> and + <smbconfoption name="map to guest"/> if you + want to mainly setup shares without a password (guest shares). This + is commonly used for a shared printer server. </para> + + <para><anchor id="AUTO"/><emphasis>SERVER ROLE = AUTO</emphasis></para> + + <para>This is the default server role in Samba, and causes Samba to consult + the <smbconfoption name="security"/> parameter (if set) to determine the server role, giving compatable behaviours to previous Samba versions.</para> + + <para><anchor id="STANDALONE"/><emphasis>SERVER ROLE = STANDALONE</emphasis></para> + + <para>If <smbconfoption name="security"/> is also not specified, this is the default security setting in Samba. + In standalone operation, a client must first "log-on" with a + valid username and password (which can be mapped using the <smbconfoption name="username map"/> + parameter) stored on this machine. Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) are by default + used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption + name="guest only"/> if set are then applied and + may change the UNIX user to use on this connection, but only after + the user has been successfully authenticated.</para> + + <para><anchor id="MEMBER SERVER"/><emphasis>SERVER ROLE = MEMBER SERVER</emphasis></para> + + <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> has been used to add this + machine into a Windows Domain. It expects the <smbconfoption name="encrypted passwords"/> + parameter to be set to <constant>yes</constant>. In this + mode Samba will try to validate the username/password by passing + it to a Windows or Samba Domain Controller, in exactly + the same way that a Windows Server would do.</para> + + <para><emphasis>Note</emphasis> that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to. Winbind can provide this.</para> + + <para><anchor id="PDC"/><emphasis>SERVER ROLE = CLASSIC PRIMARY DOMAIN CONTROLLER</emphasis></para> + + <para>This mode of operation runs a classic Samba primary domain + controller, providing domain logon services to Windows and Samba + clients of an NT4-like domain. Clients must be joined to the domain to + create a secure, trusted path across the network. There must be + only one PDC per NetBIOS scope (typcially a broadcast network or + clients served by a single WINS server).</para> + + <para><anchor id="BDC"/><emphasis>SERVER ROLE = NETBIOS BACKUP DOMAIN CONTROLLER</emphasis></para> + + <para>This mode of operation runs a classic Samba backup domain + controller, providing domain logon services to Windows and Samba + clients of an NT4-like domain. As a BDC, this allows + multiple Samba servers to provide rudundent logon services to a + single NetBIOS scope.</para> + + <para><anchor id="AD-DC"/><emphasis>SERVER ROLE = ACTIVE DIRECTORY DOMAIN CONTROLLER</emphasis></para> + + <para>This mode of operation runs Samba as an active directory + domain controller, providing domain logon services to Windows and + Samba clients of the domain. This role requires special + configuration, see the <ulink + url="http://wiki.samba.org/index.php/Samba4/HOWTO">Samba4 + HOWTO</ulink></para> + +</description> + +<related>security</related> +<related>realm</related> +<related>encrypt passwords</related> + +<value type="default">AUTO</value> +<value type="example">DOMAIN CONTROLLER</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/tlscafile.xml b/docs-xml/smbdotconf/security/tlscafile.xml new file mode 100644 index 0000000000..ea2a595514 --- /dev/null +++ b/docs-xml/smbdotconf/security/tlscafile.xml @@ -0,0 +1,18 @@ +<samba:parameter name="tls cafile" + type="string" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>This option can be set to a file (PEM format) + containing CA certificates of root CAs to trust to sign + certificates or intermediate CA certificates.</para> + </description> + + <related>tls certfile</related> + <related>tls crlfile</related> + <related>tls dh params file</related> + <related>tls enabled</related> + <related>tls keyfile</related> + <value type="default"></value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/tlscertfile.xml b/docs-xml/smbdotconf/security/tlscertfile.xml new file mode 100644 index 0000000000..317cb37c31 --- /dev/null +++ b/docs-xml/smbdotconf/security/tlscertfile.xml @@ -0,0 +1,17 @@ +<samba:parameter name="tls certfile" + type="string" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>This option can be set to a file (PEM format) + containing the RSA certificate. </para> + </description> + + <related>tls keyfile</related> + <related>tls crlfile</related> + <related>tls dh params file</related> + <related>tls enabled</related> + <related>tls cafile</related> + <value type="default"></value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/tlscrlfile.xml b/docs-xml/smbdotconf/security/tlscrlfile.xml new file mode 100644 index 0000000000..442ff84166 --- /dev/null +++ b/docs-xml/smbdotconf/security/tlscrlfile.xml @@ -0,0 +1,17 @@ +<samba:parameter name="tls crlfile" + type="string" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>This option can be set to a file containing a certificate + revocation list (CRL).</para> + </description> + + <related>tls certfile</related> + <related>tls crlfile</related> + <related>tls dh params file</related> + <related>tls enabled</related> + <related>tls cafile</related> + <value type="default"></value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/tlsdhparamsfile.xml b/docs-xml/smbdotconf/security/tlsdhparamsfile.xml new file mode 100644 index 0000000000..ba809c72f8 --- /dev/null +++ b/docs-xml/smbdotconf/security/tlsdhparamsfile.xml @@ -0,0 +1,18 @@ +<samba:parameter name="tls dh params file" + type="string" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>This option can be set to a file with Diffie-Hellman parameters + which will be used with EDH ciphers. + </para> + </description> + + <related>tls certfile</related> + <related>tls crlfile</related> + <related>tls cafile</related> + <related>tls enabled</related> + <related>tls keyfile</related> + <value type="default"></value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/tlsenabled.xml b/docs-xml/smbdotconf/security/tlsenabled.xml new file mode 100644 index 0000000000..106dddade6 --- /dev/null +++ b/docs-xml/smbdotconf/security/tlsenabled.xml @@ -0,0 +1,11 @@ +<samba:parameter name="tls enabled" + type="boolean" + context="G" + basic="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>If this option is set to <constant>yes</constant>, then Samba + will use TLS when possible in communication.</para> + </description> + <value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/tlskeyfile.xml b/docs-xml/smbdotconf/security/tlskeyfile.xml new file mode 100644 index 0000000000..a37a9381ee --- /dev/null +++ b/docs-xml/smbdotconf/security/tlskeyfile.xml @@ -0,0 +1,18 @@ +<samba:parameter name="tls keyfile" + type="string" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + <description> + <para>This option can be set to a file (PEM format) + containing the RSA private key. This file must be accessible without + a pass-phrase, i.e. it must not be encrypted.</para> + </description> + + <related>tls certfile</related> + <related>tls crlfile</related> + <related>tls dh params file</related> + <related>tls enabled</related> + <related>tls cafile</related> + <value type="default"></value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/username.xml b/docs-xml/smbdotconf/security/username.xml index 788f6178d0..a85076c737 100644 --- a/docs-xml/smbdotconf/security/username.xml +++ b/docs-xml/smbdotconf/security/username.xml @@ -5,57 +5,16 @@ <synonym>user</synonym> <synonym>users</synonym> <description> - <para>Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).</para> - - <para>The deprecated <parameter moreinfo="none">username</parameter> line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.</para> - - <para>The <parameter moreinfo="none">username</parameter> line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - <parameter moreinfo="none">username</parameter> line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.</para> - - <para>Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.</para> - <para>To restrict a service to a particular set of users you can use the <smbconfoption name="valid users"/> parameter.</para> - <para>If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.</para> - - <para>If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.</para> - - <para>If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.</para> + <para>This parameter is deprecated</para> - <para>Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.</para> + <para>However, it currently operates only in conjunction with + <smbconfoption name="only user"/>. The supported way to restrict + a service to a particular set of users is the + <smbconfoption name="valid users"/> parameter.</para> - <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</link> for more information on how - this parameter determines access to the services.</para> </description> <value type="default"><comment>The guest account if a guest service, diff --git a/docs-xml/smbdotconf/security/usernamemap.xml b/docs-xml/smbdotconf/security/usernamemap.xml index 54179690be..21098fa463 100644 --- a/docs-xml/smbdotconf/security/usernamemap.xml +++ b/docs-xml/smbdotconf/security/usernamemap.xml @@ -12,9 +12,9 @@ </para> <para> - Please note that for user or share mode security, the username map is applied prior to validating the user + Please note that for user mode security, the username map is applied prior to validating the user credentials. Domain member servers (domain or ads) apply the username map after the user has been - successfully authenticated by the domain controller and require fully qualified enties in the map table (e.g. + successfully authenticated by the domain controller and require fully qualified entries in the map table (e.g. biddle = <literal>DOMAIN\foo</literal>). </para> @@ -84,8 +84,8 @@ guest = * Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and <constant>fred</constant> is remapped to <constant>mary</constant> then you will actually be connecting to \\server\mary and will need to supply a password suitable for <constant>mary</constant> not - <constant>fred</constant>. The only exception to this is the username passed to the <smbconfoption - name="password server"/> (if you have one). The password server will receive whatever username the client + <constant>fred</constant>. The only exception to this is the + username passed to a Domain Controller (if you have one). The DC will receive whatever username the client supplies without modification. </para> diff --git a/docs-xml/smbdotconf/security/writelist.xml b/docs-xml/smbdotconf/security/writelist.xml index 60db3f19f0..c17db81743 100644 --- a/docs-xml/smbdotconf/security/writelist.xml +++ b/docs-xml/smbdotconf/security/writelist.xml @@ -15,11 +15,6 @@ given write access. </para> - <para> - By design, this parameter will not work with the - <smbconfoption name="security">share</smbconfoption> in Samba 3.0. - </para> - </description> <related>read list</related> diff --git a/docs-xml/smbdotconf/tuning/keepalive.xml b/docs-xml/smbdotconf/tuning/keepalive.xml index 0586365512..5dba4f6a28 100644 --- a/docs-xml/smbdotconf/tuning/keepalive.xml +++ b/docs-xml/smbdotconf/tuning/keepalive.xml @@ -13,6 +13,9 @@ <para>Keepalives should, in general, not be needed if the socket has the SO_KEEPALIVE attribute set on it by default. (see <smbconfoption name="socket options"/>). Basically you should only use this option if you strike difficulties.</para> + + <para>Please note this option only applies to SMB1 client connections, and + has no effect on SMB2 clients.</para> </description> <value type="default">300</value> diff --git a/docs-xml/smbdotconf/tuning/paranoidserversecurity.xml b/docs-xml/smbdotconf/tuning/paranoidserversecurity.xml deleted file mode 100644 index e5c2fe0ad1..0000000000 --- a/docs-xml/smbdotconf/tuning/paranoidserversecurity.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter name="paranoid server security" - context="G" - type="boolean" - developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>Some version of NT 4.x allow non-guest - users with a bad passowrd. When this option is enabled, samba will not - use a broken NT 4.x server as password server, but instead complain - to the logs and exit. - </para> - - <para>Disabling this option prevents Samba from making - this check, which involves deliberatly attempting a - bad logon to the remote server.</para> -</description> - -<value type="default">yes</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/tuning/strictallocate.xml b/docs-xml/smbdotconf/tuning/strictallocate.xml index 900c90f215..bd867da7b1 100644 --- a/docs-xml/smbdotconf/tuning/strictallocate.xml +++ b/docs-xml/smbdotconf/tuning/strictallocate.xml @@ -11,7 +11,7 @@ when a file is created or extended to be a given size. In UNIX terminology this means that Samba will stop creating sparse files.</para> - <para>This option is really desgined for file systems that support + <para>This option is really designed for file systems that support fast allocation of large numbers of blocks such as extent-based file systems. On file systems that don't support extents (most notably ext3) this can make Samba slower. When you work with large files over >100MB on file diff --git a/docs-xml/smbdotconf/vfs/aclcompatibility.xml b/docs-xml/smbdotconf/vfs/aclcompatibility.xml deleted file mode 100644 index 95f42cfe2a..0000000000 --- a/docs-xml/smbdotconf/vfs/aclcompatibility.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter name="acl compatibility" - context="G" - type="enum" - advanced="1" developer="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para>This parameter specifies what OS ACL semantics should - be compatible with. Possible values are <emphasis>winnt</emphasis> for Windows NT 4, - <emphasis>win2k</emphasis> for Windows 2000 and above and <emphasis>auto</emphasis>. - If you specify <emphasis>auto</emphasis>, the value for this parameter - will be based upon the version of the client. There should - be no reason to change this parameter from the default.</para> -</description> - -<value type="default">Auto</value> -<value type="example">win2k</value> -</samba:parameter> diff --git a/docs-xml/smbdotconf/vfs/getquotacommand.xml b/docs-xml/smbdotconf/vfs/getquotacommand.xml index 92016ef46c..eacd19cf79 100644 --- a/docs-xml/smbdotconf/vfs/getquotacommand.xml +++ b/docs-xml/smbdotconf/vfs/getquotacommand.xml @@ -8,17 +8,15 @@ whenever there is no operating system API available from the OS that samba can use.</para> - <para>This option is only available you have compiled Samba with the - <command moreinfo="none">--with-sys-quotas</command> option or on Linux with - <command moreinfo="none">--with-quotas</command> and a working quota api - was found in the system.</para> + <para>This option is only available Samba was compiled with + quotas support.</para> <para>This parameter should specify the path to a script that queries the quota information for the specified user/group for the partition that the specified directory is on.</para> - <para>Such a script should take 3 arguments:</para> + <para>Such a script is being given 3 arguments:</para> <itemizedlist> <listitem><para>directory</para></listitem> @@ -26,7 +24,11 @@ <listitem><para>uid of user or gid of group</para></listitem> </itemizedlist> - <para>The type of query can be one of :</para> + <para>The directory is actually mostly just "." - It needs to be + treated relatively to the current working directory that the script can + also query.</para> + + <para>The type of query can be one of:</para> <itemizedlist> <listitem><para>1 - user quotas</para></listitem> @@ -35,18 +37,18 @@ <listitem><para>4 - group default quotas (gid = -1)</para></listitem> </itemizedlist> - <para>This script should print one line as output with spaces between the arguments. The arguments are: + <para>This script should print one line as output with spaces between the columns. The printed columns should be: </para> <itemizedlist> - <listitem><para>Arg 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</para></listitem> - <listitem><para>Arg 2 - number of currently used blocks</para></listitem> - <listitem><para>Arg 3 - the softlimit number of blocks</para></listitem> - <listitem><para>Arg 4 - the hardlimit number of blocks</para></listitem> - <listitem><para>Arg 5 - currently used number of inodes</para></listitem> - <listitem><para>Arg 6 - the softlimit number of inodes</para></listitem> - <listitem><para>Arg 7 - the hardlimit number of inodes</para></listitem> - <listitem><para>Arg 8(optional) - the number of bytes in a block(default is 1024)</para></listitem> + <listitem><para>1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced)</para></listitem> + <listitem><para>2 - number of currently used blocks</para></listitem> + <listitem><para>3 - the softlimit number of blocks</para></listitem> + <listitem><para>4 - the hardlimit number of blocks</para></listitem> + <listitem><para>5 - currently used number of inodes</para></listitem> + <listitem><para>6 - the softlimit number of inodes</para></listitem> + <listitem><para>7 - the hardlimit number of inodes</para></listitem> + <listitem><para>8 (optional) - the number of bytes in a block(default is 1024)</para></listitem> </itemizedlist> </description> diff --git a/docs-xml/smbdotconf/vfs/ntvfshandler.xml b/docs-xml/smbdotconf/vfs/ntvfshandler.xml new file mode 100644 index 0000000000..aa3bce5c0c --- /dev/null +++ b/docs-xml/smbdotconf/vfs/ntvfshandler.xml @@ -0,0 +1,16 @@ +<samba:parameter name="ntvfs handler" + context="S" + type="list" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This specifies the NTVFS handlers for this share.</para> + + <para>Note that this option is only used when the NTVFS file server + is in use. It is not used with the (default) + s3fs file server. + </para> +</description> + +<value type="default">unixuid default</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/vfs/setquotacommand.xml b/docs-xml/smbdotconf/vfs/setquotacommand.xml index b00a620628..cf62715ca5 100644 --- a/docs-xml/smbdotconf/vfs/setquotacommand.xml +++ b/docs-xml/smbdotconf/vfs/setquotacommand.xml @@ -8,9 +8,8 @@ whenever there is no operating system API available from the OS that samba can use.</para> - <para>This option is only available if Samba was configured with the argument <command>--with-sys-quotas</command> or - on linux when <command>./configure --with-quotas</command> was used and a working quota api - was found in the system. Most packages are configured with these options already.</para> + <para>This option is only available if Samba was compiled with + quota support.</para> <para>This parameter should specify the path to a script that can set quota for the specified arguments.</para> @@ -18,20 +17,23 @@ <para>The specified script should take the following arguments:</para> <itemizedlist> - <listitem><para>1 - quota type + <listitem><para>1 - path to where the quota needs to be set. + This needs to be interpreted relative to the current working + directory that the script may also check for.</para></listitem> + <listitem><para>2 - quota type <itemizedlist> <listitem><para>1 - user quotas</para></listitem> <listitem><para>2 - user default quotas (uid = -1)</para></listitem> <listitem><para>3 - group quotas</para></listitem> <listitem><para>4 - group default quotas (gid = -1)</para></listitem> </itemizedlist></para></listitem> - <listitem><para>2 - id (uid for user, gid for group, -1 if N/A)</para></listitem> - <listitem><para>3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</para></listitem> - <listitem><para>4 - block softlimit</para></listitem> - <listitem><para>5 - block hardlimit</para></listitem> - <listitem><para>6 - inode softlimit</para></listitem> - <listitem><para>7 - inode hardlimit</para></listitem> - <listitem><para>8(optional) - block size, defaults to 1024</para></listitem> + <listitem><para>3 - id (uid for user, gid for group, -1 if N/A)</para></listitem> + <listitem><para>4 - quota state (0 = disable, 1 = enable, 2 = enable and enforce)</para></listitem> + <listitem><para>5 - block softlimit</para></listitem> + <listitem><para>6 - block hardlimit</para></listitem> + <listitem><para>7 - inode softlimit</para></listitem> + <listitem><para>8 - inode hardlimit</para></listitem> + <listitem><para>9(optional) - block size, defaults to 1024</para></listitem> </itemizedlist> <para>The script should output at least one line of data on success. And nothing on failure.</para> diff --git a/docs-xml/smbdotconf/winbind/createkrb5conf.xml b/docs-xml/smbdotconf/winbind/createkrb5conf.xml index 38818240c3..2ebcc81132 100644 --- a/docs-xml/smbdotconf/winbind/createkrb5conf.xml +++ b/docs-xml/smbdotconf/winbind/createkrb5conf.xml @@ -6,7 +6,7 @@ <description> <para> - Setting this paramter to <value type="example">no</value> prevents + Setting this parameter to <value type="example">no</value> prevents winbind from creating custom krb5.conf files. Winbind normally does this because the krb5 libraries are not AD-site-aware and thus would pick any domain controller out of potentially very many. Winbind diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml b/docs-xml/smbdotconf/winbind/idmapconfig.xml index 69bddf0ebf..5d3605ab9e 100644 --- a/docs-xml/smbdotconf/winbind/idmapconfig.xml +++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml @@ -1,6 +1,6 @@ -<samba:parameter name="idmap config" +<samba:parameter name="idmap config:OPTION" context="G" - type="string" + type="string" advanced="1" developer="1" hide="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> @@ -18,7 +18,7 @@ <para> The idmap configuration is hence divided into groups, one group for each domain to be configured, and one group with the the - asterisk instead of a proper domain name, which speifies the + asterisk instead of a proper domain name, which specifies the default configuration that is used to catch all domains that do not have an explicit idmap configuration of their own. </para> @@ -52,9 +52,6 @@ ad (<citerefentry><refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), , - adex - (<citerefentry><refentrytitle>idmap_adex</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), - , and nss. (<citerefentry><refentrytitle>idmap_nss</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), The corresponding manual pages contain the details, but @@ -69,8 +66,7 @@ mixture of the tdb and rid backend. It creates ranges for each domain encountered and then uses the rid algorithm for each of these automatically configured domains individually. - The ad and adex - backends both use unix IDs stored in Active Directory via + The ad backend usees unix IDs stored in Active Directory via the standard schema extensions. The nss backend reverses the standard winbindd setup and gets the unixids via names from nsswitch which can be useful in an ldap setup. @@ -83,7 +79,7 @@ Defines the available matching uid and gid range for which the backend is authoritative. For allocating backends, this also defines the start and the end of the range for allocating - new unid IDs. + new unique IDs. </para> <para> winbind uses this parameter to find the backend that is diff --git a/docs-xml/smbdotconf/winbind/winbinddprivilegedsocketdirectory.xml b/docs-xml/smbdotconf/winbind/winbinddprivilegedsocketdirectory.xml new file mode 100644 index 0000000000..94769a147f --- /dev/null +++ b/docs-xml/smbdotconf/winbind/winbinddprivilegedsocketdirectory.xml @@ -0,0 +1,14 @@ +<samba:parameter name="winbindd privileged socket directory" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This setting controls the location of the winbind daemon's privileged + socket.</para> +</description> + +<related>winbindd socket directory</related> + +<value type="default">$prefix/lib/winbindd_privileged</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml b/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml new file mode 100644 index 0000000000..1f8c5797bd --- /dev/null +++ b/docs-xml/smbdotconf/winbind/winbinddsocketdirectory.xml @@ -0,0 +1,13 @@ +<samba:parameter name="winbindd socket directory" + context="G" + type="string" + advanced="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This setting controls the location of the winbind daemon's socket.</para> +</description> + +<related>winbindd privileged socket directory</related> + +<value type="default">$prefix/run/samba/winbindd</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml index 3bcdeca131..28bd34cfbf 100644 --- a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml +++ b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml @@ -21,7 +21,7 @@ idmap and nss_info plugin for the specifics on how to configure name aliasing for a specific configuration. Name aliasing takes precedence (and is mutually exclusive) over the whitespace - replacement mechanism discussed previsouly. + replacement mechanism discussed previously. </para> </description> diff --git a/docs-xml/smbdotconf/winbind/winbindnssinfo.xml b/docs-xml/smbdotconf/winbind/winbindnssinfo.xml index 318727c37b..ceff0f669a 100644 --- a/docs-xml/smbdotconf/winbind/winbindnssinfo.xml +++ b/docs-xml/smbdotconf/winbind/winbindnssinfo.xml @@ -18,14 +18,16 @@ </listitem> <listitem> - <para><parameter moreinfo="none"><sfu | rfc2307 ></parameter> + <para><parameter moreinfo="none"><sfu | sfu20 | rfc2307 ></parameter> - When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home - directory attributes directly from your Directory Server. Note that + directory attributes directly from your Directory Server. For SFU 3.0 or 3.5 simply choose + "sfu", if you use SFU 2.0 please choose "sfu20". Note that retrieving UID and GID from your ADS-Server requires to use <parameter moreinfo="none">idmap config DOMAIN:backend</parameter> = ad - as well. + as well. The primary group membership is currently + always calculated via the "primaryGroupID" LDAP attribute. </para> </listitem> </itemizedlist> diff --git a/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml new file mode 100644 index 0000000000..26f446e5bc --- /dev/null +++ b/docs-xml/smbdotconf/winbind/winbindsealedpipes.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind sealed pipes" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option controls whether any requests made over the Samba 4 winbind + pipe will be sealed. Disabling sealing can be useful for debugging + purposes.</para> + + <para>Note that this option only applies to the Samba 4 winbind and not + to the standard winbind.</para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs-xml/using_samba/appc.xml b/docs-xml/using_samba/appc.xml index f4b4666bca..69330ffd3b 100644 --- a/docs-xml/using_samba/appc.xml +++ b/docs-xml/using_samba/appc.xml @@ -66,34 +66,6 @@ options.</para> </refsynopsisdiv> </refentry> -<refentry id="appc-refentry-4"> -<refmeta> -<refmiscinfo class="allowable values">NT, Win95, WfW</refmiscinfo> -<refmiscinfo class="default">NT</refmiscinfo> -</refmeta> -<refnamediv> -<refname>[global] announce as = system type</refname> -</refnamediv> -<refsynopsisdiv> -<para>Have Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.</para> - -</refsynopsisdiv> -</refentry> - -<refentry id="appc-refentry-5"> -<refmeta> -<refmiscinfo class="allowable values">any</refmiscinfo> -<refmiscinfo class="default">4.2</refmiscinfo> -</refmeta> -<refnamediv> -<refname>[global] announce version = number.number</refname> -</refnamediv> -<refsynopsisdiv> -<para>Instructs Samba to announce itself as an older version SMB server. Discouraged.</para> - -</refsynopsisdiv> -</refentry> - <refentry id="appc-refentry-6"> <refmeta> <refmiscinfo class="allowable values">any shares</refmiscinfo> @@ -2518,20 +2490,6 @@ compatibility with older-client bugs.</para> </refsynopsisdiv> </refentry> -<refentry id="appc-refentry-179"> -<refmeta> -<refmiscinfo class="allowable values">YES, NO</refmiscinfo> -<refmiscinfo class="default">YES</refmiscinfo> -</refmeta> -<refnamediv> -<refname>share modes = boolean</refname> -</refnamediv> -<refsynopsisdiv> -<para>If set to YES, this option supports Windows-style whole-file (deny mode) locks.</para> - -</refsynopsisdiv> -</refentry> - <refentry id="appc-refentry-180"> <refmeta> <refmiscinfo class="allowable values">YES, NO</refmiscinfo> diff --git a/docs-xml/using_samba/appd.xml b/docs-xml/using_samba/appd.xml index 05a7dfae22..a3a23f850c 100644 --- a/docs-xml/using_samba/appd.xml +++ b/docs-xml/using_samba/appd.xml @@ -291,14 +291,6 @@ exit</programlisting> -<sect2 role="" label="D.1.4" id="appd-SECT-1.4"> -<title>smbsh</title> - - -<para>The <emphasis>smbsh</emphasis> -<indexterm id="appd-idx-993744-0"><primary>smbsh program</primary></indexterm> program lets you use a remote Windows share on your Samba server as if the share was a regular Unix directory. When it's run, it provides an extra directory tree under <filename>/smb</filename>. Subdirectories of <filename>/smb</filename> are servers, and subdirectories of the servers are their individual disk and printer shares. Commands run by <emphasis>smbsh</emphasis> treat the <filename>/smb</filename> filesystem as if it were local to Unix. This means that you don't need <emphasis>smbmount</emphasis> in your kernel to mount Windows filesystems the way you mount with NFS filesystems. However, you do need to configure Samba with the <literal>--with-smbwrappers</literal> option to enable <filename>smbsh</filename>.</para> - - <sect3 role="" label="D.1.4.1" id="appd-SECT-1.4.1"> <title>Options</title> diff --git a/docs-xml/using_samba/appf.xml b/docs-xml/using_samba/appf.xml index 031484f98d..81ea0a968c 100644 --- a/docs-xml/using_samba/appf.xml +++ b/docs-xml/using_samba/appf.xml @@ -89,7 +89,6 @@ dead time = 30 read prediction = yes - share modes = yes max xmit = 17384 read size = 512</programlisting> diff --git a/docs-xml/using_samba/ch01.xml b/docs-xml/using_samba/ch01.xml index d44e41bbb2..ca8bc131ad 100644 --- a/docs-xml/using_samba/ch01.xml +++ b/docs-xml/using_samba/ch01.xml @@ -1516,17 +1516,6 @@ SIMPLE <1E> GROUP Registered -<sect2 role="" label="1.7.6" id="ch01-SECT-7.6"> -<title>Smbwrapper</title> - - -<para>Finally, there is an entirely new version of the Unix client called <firstterm>smbwrapper</firstterm> -<indexterm id="ch01-idx-951955-0"><primary>smbwrapper client</primary></indexterm>. Instead of a kernel module that allows Linux to act as a Samba client, there is now a command-line entry to load the library that provides a complete SMB filesystem on some brands of Unix. Once loaded, the command <literal>ls</literal> <literal>/smb</literal> will list all the machines in your workgroup, and <literal>cd</literal> <literal>/smb/</literal><replaceable>server_name</replaceable><literal>/</literal><replaceable>share_name</replaceable> will take you to a particular <indexterm id="ch01-idx-951956-0"><primary>shares</primary></indexterm> -<indexterm id="ch01-idx-951956-1"><primary>shared directory/resources</primary><see>shares</see></indexterm>share (shared directory), similar to the <indexterm id="ch01-idx-951957-0"><primary>Network File System (NFS)</primary></indexterm> -<indexterm id="ch01-idx-951957-1"><primary>NFS (Network File System)</primary></indexterm>Network File System (NFS). As of this writing, <emphasis>smbwrapper</emphasis> currently runs on Linux, Solaris, SunOS 4, IRIX, and OSF/1, and is expected to run on several more operating systems in the near future.</para> -</sect2> -</sect1> - diff --git a/docs-xml/using_samba/ch02.xml b/docs-xml/using_samba/ch02.xml index 307f5f336b..e632a42d23 100644 --- a/docs-xml/using_samba/ch02.xml +++ b/docs-xml/using_samba/ch02.xml @@ -235,14 +235,6 @@ docs/textdocs/UNIX_INSTALL.txt</programlisting> <indexterm id="ch02-idx-947349-1"><primary>disabling/enabling features</primary></indexterm>Each of these options enable or disable various features. You typically enable a feature by specifying the <literal>--with-</literal><replaceable>feature</replaceable> option, which will cause the feature to be compiled and installed. Likewise, if you specify a <literal>--without-</literal><replaceable>feature</replaceable> option, the feature will be disabled. As of Samba 2.0.5, each of the following features is disabled by default:</para> -<variablelist> -<varlistentry><term><literal>--with-smbwrapper</literal></term> -<listitem><para>Include SMB <indexterm id="ch02-idx-947350-0"><primary>SMB (Server Message Block)</primary><secondary>wrapper support</secondary></indexterm> -<indexterm id="ch02-idx-947350-1"><primary>wrapper support for SMB (Server Message Block)</primary></indexterm>wrapper support, which allows executables on the Unix side to access <indexterm id="ch02-idx-947351-0"><primary>SMB/CIFS protocol</primary><secondary>filesystems</secondary></indexterm>SMB/CIFS filesystems as if they were regular Unix filesystems. We recommend using this option. However, at this time this book went to press, there were several incompatibilities between the <filename>smbwrapper</filename> -<indexterm id="ch02-idx-947352-0"><primary>smbwrapper package</primary></indexterm> package and the GNU <filename>libc</filename> version 2.1, and it would not compile on Red Hat 6.0. Look for more information on these incompatibilities on the Samba home page.</para></listitem> -</varlistentry> - - <varlistentry><term><literal>--with-afs</literal></term> <listitem><para>Include support of the <indexterm id="ch02-idx-947353-0"><primary>Andrew Filesystem</primary><see>AFS files</see></indexterm>Andrew Filesystem from <indexterm id="ch02-idx-947354-0"><primary>Carnegie Mellon University</primary></indexterm>Carnegie Mellon University. If you're going to serve <indexterm id="ch02-idx-947355-0"><primary>AFS files, support for</primary></indexterm>AFS files via Samba, we recommend compiling Samba once first without enabling this feature to ensure that everything runs smoothly. Once that version is working smoothly, recompile Samba with this feature enabled and compare any errors you might receive against the previous setup.</para></listitem> </varlistentry> @@ -269,12 +261,6 @@ docs/textdocs/UNIX_INSTALL.txt</programlisting> </varlistentry> -<varlistentry><term><literal>--with-smbmount</literal></term> -<listitem><para>Include <emphasis>smbmount</emphasis> -<indexterm id="ch02-idx-947366-0"><primary>smbmount, support for</primary></indexterm> support, which is for <indexterm id="ch02-idx-947367-0"><primary>Linux</primary><secondary>submount and</secondary></indexterm>Linux only. This feature wasn't being maintained at the time the book was written, so the Samba team made it an optional feature and provided <emphasis>smbwrapper</emphasis> instead. The <emphasis>smbwrapper</emphasis> feature works on more Unix platforms than <emphasis>smbmount</emphasis>, so you'll usually want to use <literal>--with-smbwrapper</literal> instead of this option.</para></listitem> -</varlistentry> - - <varlistentry><term><literal>--with-pam</literal></term> <listitem><para>Include support for <indexterm id="ch02-idx-947368-0"><primary>pluggable authentication modules (PAM)</primary><secondary>support for</secondary></indexterm> <indexterm id="ch02-idx-947368-1"><primary>PAM (pluggable authentication modules)</primary><secondary>support for</secondary></indexterm>pluggable authentication modules (PAM), an authentication feature common in the Linux operating system.</para></listitem> diff --git a/docs-xml/using_samba/ch05.xml b/docs-xml/using_samba/ch05.xml index 8bf541cd2f..0fbc4c744b 100644 --- a/docs-xml/using_samba/ch05.xml +++ b/docs-xml/using_samba/ch05.xml @@ -523,35 +523,6 @@ remote browse sync = 192.168.221.130 192.168.222.120</programlisting> <tbody> <row> -<entry colname="col1"><para><literal>announce as</literal></para></entry> - -<entry colname="col2"><para><literal>NT</literal> -<indexterm id="ch05-idx-969670-0"><primary>browsing</primary><secondary>options for, list of</secondary></indexterm> or <literal>Win95</literal> or <literal>Wf W</literal></para></entry> - -<entry colname="col3"><para>Sets the operating system that Samba will announce itself as.</para></entry> - -<entry colname="col4"><para><literal>N T</literal></para></entry> - -<entry colname="col5"><para>Global</para></entry> - -</row> - -<row> - -<entry colname="col1"><para><literal>announce version</literal></para></entry> - -<entry colname="col2"><para>numerical</para></entry> - -<entry colname="col3"><para>Sets the version of the operating system that Samba will announce itself as.</para></entry> - -<entry colname="col4"><para><literal>4.2</literal></para></entry> - -<entry colname="col5"><para>Global</para></entry> - -</row> - -<row> - <entry colname="col1"><para><literal>browseable (browsable)</literal></para></entry> <entry colname="col2"><para>boolean</para></entry> @@ -2721,15 +2692,6 @@ mangled map</title> </tgroup> </table> - -<para>The <literal>share</literal> <literal>modes</literal> parameter, which enforces the use of these locks, is enabled by default. To disable it, use the following command:</para> - - -<programlisting>[accounting] - share modes = no</programlisting> - - -<para>We highly recommend against disabling the default locking mechanism unless you have a justifiable reason for doing so. Most Windows and DOS applications rely on these locking mechanisms in order to work correctly, and will complain bitterly if this functionality is taken away.</para> </sect3> diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build new file mode 100644 index 0000000000..8a5f3a4352 --- /dev/null +++ b/docs-xml/wscript_build @@ -0,0 +1,121 @@ +#!/usr/bin/env python +from samba_utils import save_file +manpages=''' + manpages/eventlogadm.8 + manpages/findsmb.1 + manpages/libsmbclient.7 + manpages/lmhosts.5 + manpages/log2pcap.1 + manpages/idmap_ad.8 + manpages/idmap_autorid.8 + manpages/idmap_hash.8 + manpages/idmap_ldap.8 + manpages/idmap_nss.8 + manpages/idmap_rid.8 + manpages/idmap_tdb.8 + manpages/idmap_tdb2.8 + manpages/net.8 + manpages/nmbd.8 + manpages/nmblookup.1 + manpages/ntlm_auth.1 + manpages/pdbedit.8 + manpages/profiles.1 + manpages/rpcclient.1 + manpages/samba.7 + manpages/samba.8 + manpages/samba-tool.8 + manpages/sharesec.1 + manpages/smbcacls.1 + manpages/smbclient.1 + manpages/smbcontrol.1 + manpages/smbcquotas.1 + manpages/smbd.8 + manpages/smbget.1 + manpages/smbgetrc.5 + manpages/smbpasswd.5 + manpages/smbpasswd.8 + manpages/smbspool.8 + manpages/smbstatus.1 + manpages/smbta-util.8 + manpages/smbtar.1 + manpages/smbtree.1 + manpages/swat.8 + manpages/testparm.1 + manpages/vfs_acl_tdb.8 + manpages/vfs_acl_xattr.8 + manpages/vfs_aio_fork.8 + manpages/vfs_aio_linux.8 + manpages/vfs_aio_pthread.8 + manpages/vfs_audit.8 + manpages/vfs_cacheprime.8 + manpages/vfs_cap.8 + manpages/vfs_catia.8 + manpages/vfs_commit.8 + manpages/vfs_crossrename.8 + manpages/vfs_default_quota.8 + manpages/vfs_dirsort.8 + manpages/vfs_extd_audit.8 + manpages/vfs_fake_perms.8 + manpages/vfs_fileid.8 + manpages/vfs_full_audit.8 + manpages/vfs_gpfs.8 + manpages/vfs_media_harmony.8 + manpages/vfs_netatalk.8 + manpages/vfs_notify_fam.8 + manpages/vfs_prealloc.8 + manpages/vfs_preopen.8 + manpages/vfs_readahead.8 + manpages/vfs_readonly.8 + manpages/vfs_recycle.8 + manpages/vfs_scannedonly.8 + manpages/vfs_shadow_copy.8 + manpages/vfs_shadow_copy2.8 + manpages/vfs_smb_traffic_analyzer.8 + manpages/vfs_streams_depot.8 + manpages/vfs_streams_xattr.8 + manpages/vfs_time_audit.8 + manpages/vfs_tsmsm.8 + manpages/vfs_xattr_tdb.8 + manpages/vfstest.1 + manpages/wbinfo.1 + manpages/winbindd.8 + ''' + +pam_winbind_manpages = ''' + manpages/pam_winbind.8 + manpages/pam_winbind.conf.5 + ''' + +krb5_locator_manpages = 'manpages/winbind_krb5_locator.7' + +def smbdotconf_generate_parameter_list(task): + parameter_all = task.outputs[0].bldpath(task.env) + articles = task.inputs + + t = '<section xmlns:xi="http://www.w3.org/2003/XInclude">\n' + for article in articles: + t += "<xi:include href='file://" + article.abspath(task.env) + "' parse='xml'/>\n" + t += "</section>\n" + save_file(parameter_all, t , create_dir=True) + return 0 + +def SMBDOTCONF_MANPAGE(bld, target): + ''' assemble and build smb.conf.5 manual page''' + articles = bld.path.ant_glob("smbdotconf/**/*.xml") + parameter_all = 'smbdotconf/parameters.all.xml' + bld.SAMBA_GENERATOR(parameter_all, + source=articles, + target=parameter_all, + rule=smbdotconf_generate_parameter_list) + bld.SAMBAMANPAGES(target) + +if ('XSLTPROC_MANPAGES' in bld.env and bld.env['XSLTPROC_MANPAGES']): + + SMBDOTCONF_MANPAGE(bld, 'manpages/smb.conf.5') + bld.SAMBAMANPAGES(manpages) + + if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'): + bld.SAMBAMANPAGES(pam_winbind_manpages) + + if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): + bld.SAMBAMANPAGES(krb5_locator_manpages) diff --git a/docs-xml/xslt/generate-dependencies.xsl b/docs-xml/xslt/generate-dependencies.xsl new file mode 100644 index 0000000000..2fe3dd0dc9 --- /dev/null +++ b/docs-xml/xslt/generate-dependencies.xsl @@ -0,0 +1,36 @@ +<?xml version='1.0'?> +<!-- + Find the image dependencies of a certain XML file + Generates (part of) a Makefile + + - $(FNAME)-images-latex-{png,eps,pdf} for role=latex + - $(FNAME)-images-role for all other roles + + (C) Jelmer Vernooij 2004-2005 + + Published under the GNU GPLv3 or later +--> +<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.1"> + <xsl:output method="text"/> + + <xsl:template match="/"> + <xsl:for-each select="//mediaobject/imageobject[@role and not(@role=following::imageobject/@role)]"> + <xsl:call-template name="generate-images"> + <xsl:with-param name="role"><xsl:value-of select="@role"/></xsl:with-param> + </xsl:call-template> + </xsl:for-each> + <xsl:call-template name="generate-images"> + <xsl:with-param name="role"/> + </xsl:call-template> + </xsl:template> + + <xsl:template name="generate-images"> + <xsl:param name="role"/> + <xsl:value-of select="$target"/><xsl:text>-images-</xsl:text><xsl:value-of select="$role"/><xsl:text> = </xsl:text> + <xsl:for-each select="//mediaobject/imageobject[@role=$role]"> + <xsl:value-of select="imagedata/@fileref"/> + <xsl:text> </xsl:text> + </xsl:for-each> + <xsl:text> </xsl:text> + </xsl:template> +</xsl:stylesheet> |