diff options
Diffstat (limited to 'docs/manpages')
90 files changed, 2247 insertions, 2206 deletions
diff --git a/docs/manpages/cifs.upcall.8 b/docs/manpages/cifs.upcall.8 deleted file mode 100644 index caa8b3eb6c..0000000000 --- a/docs/manpages/cifs.upcall.8 +++ /dev/null @@ -1,101 +0,0 @@ -'\" t -.\" Title: cifs.upcall -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: System Administration tools -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "CIFS\&.UPCALL" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -cifs.upcall \- Userspace upcall helper for Common Internet File System (CIFS) -.SH "SYNOPSIS" -.HP \w'\ 'u -cifs\&.upcall [\-\-trust\-dns|\-t] [\-\-version|\-v] {keyid} -.SH "DESCRIPTION" -.PP -This tool is part of the -\fBsamba\fR(7) -suite\&. -.PP -cifs\&.upcall is a userspace helper program for the linux CIFS client filesystem\&. There are a number of activities that the kernel cannot easily do itself\&. This program is a callout program that does these things for the kernel and then returns the result\&. -.PP -cifs\&.upcall is generally intended to be run when the kernel calls request\-key(8) -for a particular key type\&. While it can be run directly from the command\-line, it\'s not generally intended to be run that way\&. -.SH "OPTIONS" -.PP -\-c -.RS 4 -This option is deprecated and is currently ignored\&. -.RE -.PP -\-\-trust\-dns|\-t -.RS 4 -With krb5 upcalls, the name used as the host portion of the service principal defaults to the hostname portion of the UNC\&. This option allows the upcall program to reverse resolve the network address of the server in order to get the hostname\&. -.sp -This is less secure than not trusting DNS\&. When using this option, it\'s possible that an attacker could get control of DNS and trick the client into mounting a different server altogether\&. It\'s preferable to instead add server principals to the KDC for every possible hostname, but this option exists for cases where that isn\'t possible\&. The default is to not trust reverse hostname lookups in this fashion\&. -.RE -.PP -\-\-version|\-v -.RS 4 -Print version number and exit\&. -.RE -.SH "CONFIGURATION FOR KEYCTL" -.PP -cifs\&.upcall is designed to be called from the kernel via the request\-key callout program\&. This requires that request\-key be told where and how to call this program\&. The current cifs\&.upcall program handles two different key types: -.PP -cifs\&.spnego -.RS 4 -This keytype is for retrieving kerberos session keys -.RE -.PP -dns_resolver -.RS 4 -This key type is for resolving hostnames into IP addresses -.RE -.PP -To make this program useful for CIFS, you\'ll need to set up entries for them in request\-key\&.conf(5)\&. Here\'s an example of an entry for each key type: -.sp -.if n \{\ -.RS 4 -.\} -.nf -#OPERATION TYPE D C PROGRAM ARG1 ARG2\&.\&.\&. -#========= ============= = = ================================ -create cifs\&.spnego * * /usr/local/sbin/cifs\&.upcall %k -create dns_resolver * * /usr/local/sbin/cifs\&.upcall %k -.fi -.if n \{\ -.RE -.\} -.PP -See -\fBrequest-key.conf5\fR() -for more info on each field\&. -.SH "SEE ALSO" -.PP - -\fBrequest-key.conf\fR(5), -\fBmount.cifs\fR(8) -.SH "AUTHOR" -.PP -Igor Mammedov wrote the cifs\&.upcall program\&. -.PP -Jeff Layton authored this manpage\&. -.PP -The maintainer of the Linux CIFS VFS is Steve French\&. -.PP -The -Linux CIFS Mailing list -is the preferred place to ask questions regarding these programs\&. diff --git a/docs/manpages/eventlogadm.8 b/docs/manpages/eventlogadm.8 index 19e4b514d4..52ca040dff 100644 --- a/docs/manpages/eventlogadm.8 +++ b/docs/manpages/eventlogadm.8 @@ -2,12 +2,12 @@ .\" Title: eventlogadm .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "EVENTLOGADM" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "EVENTLOGADM" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -22,11 +22,11 @@ eventlogadm \- push records into the Samba event log store .SH "SYNOPSIS" .HP \w'\ 'u -eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR +eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ addsource\ \fIEVENTLOG\fR\ \fISOURCENAME\fR\ \fIMSGFILE\fR .HP \w'\ 'u -eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR +eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ write\ \fIEVENTLOG\fR .HP \w'\ 'u -eventlogadm [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR +eventlogadm [\fB\-s\fR] [\fB\-d\fR] [\fB\-h\fR] \fB\-o\fR\ dump\ \fIEVENTLOG\fR\ \fIRECORD_NUMBER\fR .SH "DESCRIPTION" .PP This tool is part of the @@ -37,6 +37,15 @@ eventlogadm is a filter that accepts formatted event log records on standard input and writes them to the Samba event log store\&. Windows client can then manipulate these record using the usual administration tools\&. .SH "OPTIONS" .PP +\fB\-s\fR \fIFILENAME\fR +.RS 4 +The +\-s +option causes +eventlogadm +to load the configuration file given as FILENAME instead of the default one used by Samba\&. +.RE +.PP \fB\-d\fR .RS 4 The @@ -274,6 +283,7 @@ STR DAT \- This field should be left unset\&. +.RE .SH "EXAMPLES" .PP An example of the record format accepted by diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1 index a265746790..c0663952b5 100644 --- a/docs/manpages/findsmb.1 +++ b/docs/manpages/findsmb.1 @@ -2,12 +2,12 @@ .\" Title: findsmb .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "FINDSMB" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "FINDSMB" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/idmap_ad.8 b/docs/manpages/idmap_ad.8 index 7a67bad04e..ee7b8d4ee0 100644 --- a/docs/manpages/idmap_ad.8 +++ b/docs/manpages/idmap_ad.8 @@ -2,12 +2,12 @@ .\" Title: idmap_ad .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_AD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_AD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -23,6 +23,15 @@ idmap_ad \- Samba\'s idmap_ad Backend for Winbind .SH "DESCRIPTION" .PP The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions\&. This module implements only the "idmap" API, and is READONLY\&. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup classes and relative attribute/value pairs to the user and group objects in the AD\&. +.PP +Note that the idmap_ad module has changed considerably since Samba versions 3\&.0 and 3\&.2\&. Currently, the +\fIad\fR +backend does not work as the the default idmap backend, but one has to configure it separately for each domain for which one wants to use it, using disjoint ranges\&. One usually needs to configure a writeable default idmap range, using for example the +\fItdb\fR +or +\fIldap\fR +backend, in order to be able to map the BUILTIN sids and possibly other trusted domains\&. The writeable default config is also needed in order to be able to create group mappings\&. This catch\-all default idmap configuration should have a range that is disjoint from any explicitly configured domain with idmap backend +\fIad\fR\&. See the example below\&. .SH "IDMAP OPTIONS" .PP range = low \- high @@ -43,9 +52,8 @@ The following example shows how to retrieve idmappings from our principal and tr .\} .nf [global] - idmap backend = tdb - idmap uid = 1000000\-1999999 - idmap gid = 1000000\-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 idmap config CORP : backend = ad idmap config CORP : range = 1000\-999999 diff --git a/docs/manpages/idmap_adex.8 b/docs/manpages/idmap_adex.8 index f94183469e..32e333e143 100644 --- a/docs/manpages/idmap_adex.8 +++ b/docs/manpages/idmap_adex.8 @@ -2,12 +2,12 @@ .\" Title: idmap_adex .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_ADEX" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_ADEX" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -39,9 +39,8 @@ The following example shows how to retrieve idmappings and NSS data from our pri .\} .nf [global] - idmap backend = adex - idmap uid = 1000\-4000000000 - idmap gid = 1000\-4000000000 + idmap config * : backend = adex + idmap config * : range = 1000\-4000000000 winbind nss info = adex winbind normalize names = yes diff --git a/docs/manpages/idmap_autorid.8 b/docs/manpages/idmap_autorid.8 new file mode 100644 index 0000000000..e4fb853c85 --- /dev/null +++ b/docs/manpages/idmap_autorid.8 @@ -0,0 +1,117 @@ +'\" t +.\" Title: idmap_autorid +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> +.\" Date: 01/22/2012 +.\" Manual: System Administration tools +.\" Source: Samba 3.6 +.\" Language: English +.\" +.TH "IDMAP_AUTORID" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +idmap_autorid \- Samba\'s idmap_autorid Backend for Winbind +.SH "DESCRIPTION" +.PP +The idmap_autorid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs that is more deterministic than idmap_tdb and easier to configure than idmap_rid\&. +.PP +The module works similar to idmap_rid, but it automatically configures the range to be used for each domain, so there is no need to specify a specific range for each domain in the forest, the only configuration that is needed is the range of uid/gids that shall be used for user/group mappings and an optional size of the ranges to be used\&. +.PP +The mappings of which domain is mapped to which range is stored in autorid\&.tdb, thus you should backup this database regularly\&. +.PP +Due to the algorithm being used, it is the module that is most easy to use as it only requires a minimal configuration\&. +.SH "IDMAP OPTIONS" +.PP +rangesize = numberofidsperdomain +.RS 4 +Defines the available number of uids/gids per domain\&. The minimum needed value is 2000\&. SIDs with RIDs larger than this value cannot be mapped, are ignored and the corresponding map is discarded\&. Choose this value carefully, as this should not be changed after the first ranges for domains have been defined, otherwise mappings between domains will get intermixed leading to unpredictable results\&. Please note that RIDs in Windows Domains usually start with 500 for builtin users and 1000 for regular users\&. As the parameter cannot be changed later, please plan accordingly for your expected number of users in a domain with safety margins\&. +.sp +One range will be used for local users and groups\&. Thus the number of local users and groups that can be created is limited by this option as well\&. If you plan to create a large amount of local users or groups, you will need set this parameter accordingly\&. +.sp +The default value is 100000\&. +.RE +.SH "THE MAPPING FORMULAS" +.PP +The Unix ID for a RID is calculated this way: +.sp +.if n \{\ +.RS 4 +.\} +.nf + ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID + +.fi +.if n \{\ +.RE +.\} +.PP +Correspondingly, the formula for calculating the RID for a given Unix ID is this: +.sp +.if n \{\ +.RS 4 +.\} +.nf + RID = ID \- IDMAP UID LOW VALUE \- DOMAINRANGENUMBER * RANGESIZE + +.fi +.if n \{\ +.RE +.\} +.sp +.SH "EXAMPLES" +.PP +This example shows you the minimal configuration that will work for the principial domain and 19 trusted domains\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + [global] + security = ads + workgroup = CUSTOMER + realm = CUSTOMER\&.COM + + idmap config * : backend = autorid + idmap config * : range = 1000000\-1999999 + + +.fi +.if n \{\ +.RE +.\} +.PP +This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain that uses the SFU mapping scheme\&. Please note that idmap ranges and sfu ranges are not allowed to overlap\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + [global] + security = ads + workgroup = CUSTOMER + realm = CUSTOMER\&.COM + + idmap config * : backend = autorid + idmap config * : range = 1000000\-19999999 + idmap config * : rangesize = 1000000 + + idmap config TRUSTED : backend = ad + idmap config TRUSTED : range = 50000 \- 99999 + idmap config TRUSTED : schema_mode = sfu + +.fi +.if n \{\ +.RE +.\} +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/idmap_hash.8 b/docs/manpages/idmap_hash.8 index 2e36895c6e..afe47c3654 100644 --- a/docs/manpages/idmap_hash.8 +++ b/docs/manpages/idmap_hash.8 @@ -2,12 +2,12 @@ .\" Title: idmap_hash .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_HASH" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_HASH" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -40,9 +40,8 @@ The following example utilizes the idmap_hash plugin for the idmap and nss_info .\} .nf [global] - idmap backend = hash - idmap uid = 1000\-4000000000 - idmap gid = 1000\-4000000000 + idmap config * : backend = hash + idmap config * : range = 1000\-4000000000 winbind nss info = hash winbind normalize names = yes diff --git a/docs/manpages/idmap_ldap.8 b/docs/manpages/idmap_ldap.8 index 2591f02ace..fd393269a6 100644 --- a/docs/manpages/idmap_ldap.8 +++ b/docs/manpages/idmap_ldap.8 @@ -2,12 +2,12 @@ .\" Title: idmap_ldap .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_LDAP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_LDAP" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -24,65 +24,66 @@ idmap_ldap \- Samba\'s idmap_ldap Backend for Winbind .PP The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service\&. .PP -In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_ldap backend itself or by any other allocating backend like idmap_tdb or idmap_tdb2\&. This is configured with the parameter -\fIidmap alloc backend\fR\&. -.PP -Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&. -.PP -Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend ldap should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&. +In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. .SH "IDMAP OPTIONS" .PP ldap_base_dn = DN .RS 4 -Defines the directory base suffix to use when searching for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&. +Defines the directory base suffix to use for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&. .RE .PP ldap_user_dn = DN .RS 4 -Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&. +Defines the user DN to be used for authentication\&. The secret for authenticating this user should be stored with net idmap secret (see +\fBnet\fR(8))\&. If absent, the ldap credentials from the ldap passdb configuration are used, and if these are also absent, an anonymous bind will be performed as last fallback\&. .RE .PP ldap_url = ldap://server/ .RS 4 -Specifies the LDAP server to use when searching for existing SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&. +Specifies the LDAP server to use for SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&. .RE .PP range = low \- high .RS 4 -Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&. -.RE -.SH "IDMAP ALLOC OPTIONS" -.PP -ldap_base_dn = DN -.RS 4 -Defines the directory base suffix under which new SID/uid/gid mapping entries should be stored\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&. -.RE -.PP -ldap_user_dn = DN -.RS 4 -Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&. +Defines the available matching uid and gid range for which the backend is authoritative\&. .RE +.SH "EXAMPLES" .PP -ldap_url = ldap://server/ +The following example shows how an ldap directory is used as the default idmap backend\&. It also configures the idmap range and base directory suffix\&. The secret for the ldap_user_dn has to be set with "net idmap secret \'*\' password"\&. +.sp +.if n \{\ .RS 4 -Specifies the LDAP server to which modify/add/delete requests should be sent\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&. +.\} +.nf + [global] + idmap config * : backend = ldap + idmap config * : range = 1000000\-1999999 + idmap config * : ldap_url = ldap://localhost/ + idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com + +.fi +.if n \{\ .RE -.SH "EXAMPLES" +.\} .PP -The follow sets of a LDAP configuration which uses two LDAP directories, one for storing the ID mappings and one for retrieving new IDs\&. +This example shows how ldap can be used as a readonly backend while tdb is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the ldap idmap backend\&. Note that a range disjoint from the default range is used\&. .sp .if n \{\ .RS 4 .\} .nf [global] - idmap backend = ldap:ldap://localhost/ - idmap uid = 1000000\-1999999 - idmap gid = 1000000\-1999999 + # "backend = tdb" is redundant here since it is the default + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 - idmap alloc backend = ldap - idmap alloc config : ldap_url = ldap://id\-master/ - idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config DOM1 : backend = ldap + idmap config DOM1 : range = 2000000\-2999999 + idmap config DOM1 : read only = yes + idmap config DOM1 : ldap_url = ldap://server/ + idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com + idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com .fi .if n \{\ diff --git a/docs/manpages/idmap_nss.8 b/docs/manpages/idmap_nss.8 index 41edda29ca..e3cc646fe9 100644 --- a/docs/manpages/idmap_nss.8 +++ b/docs/manpages/idmap_nss.8 @@ -2,12 +2,12 @@ .\" Title: idmap_nss .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_NSS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_NSS" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -32,9 +32,8 @@ This example shows how to use idmap_nss to check the local accounts for its own .\} .nf [global] - idmap backend = tdb - idmap uid = 1000000\-1999999 - idmap gid = 1000000\-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 idmap config SAMBA : backend = nss idmap config SAMBA : range = 1000\-999999 diff --git a/docs/manpages/idmap_rid.8 b/docs/manpages/idmap_rid.8 index e4de6bfeed..98368a5291 100644 --- a/docs/manpages/idmap_rid.8 +++ b/docs/manpages/idmap_rid.8 @@ -2,12 +2,12 @@ .\" Title: idmap_rid .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_RID" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_RID" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -23,6 +23,16 @@ idmap_rid \- Samba\'s idmap_rid Backend for Winbind .SH "DESCRIPTION" .PP The idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs\&. No database is required in this case as the mapping is deterministic\&. +.PP +Note that the idmap_rid module has changed considerably since Samba versions 3\&.0\&. and 3\&.2\&. Currently, there should to be an explicit idmap configuration for each domain that should use the idmap_rid backend, using disjoint ranges\&. One usually needs to define a writeable default idmap range, using a backent like +\fItdb\fR +or +\fIldap\fR +that can create unix ids, in order to be able to map the BUILTIN sids and other domains, and also in order to be able to create group mappings\&. See the example below\&. +.PP +Note that the old syntax +\fIidmap backend = rid:"DOM1=range DOM2=range2 \&.\&.\&."\fR +is not supported any more since Samba version 3\&.0\&.25\&. .SH "IDMAP OPTIONS" .PP range = low \- high @@ -76,9 +86,8 @@ This example shows how to configure two domains with idmap_rid, the principal do security = domain workgroup = MAIN - idmap backend = tdb - idmap uid = 1000000\-1999999 - idmap gid = 1000000\-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 idmap config MAIN : backend = rid idmap config MAIN : range = 10000 \- 49999 diff --git a/docs/manpages/idmap_tdb.8 b/docs/manpages/idmap_tdb.8 index e3a5a96f0b..586499180f 100644 --- a/docs/manpages/idmap_tdb.8 +++ b/docs/manpages/idmap_tdb.8 @@ -2,12 +2,12 @@ .\" Title: idmap_tdb .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_TDB" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_TDB" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -24,52 +24,25 @@ idmap_tdb \- Samba\'s idmap_tdb Backend for Winbind .PP The idmap_tdb plugin is the default backend used by winbindd for storing SID/uid/gid mapping tables\&. .PP -In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_tdb backend itself or by any other allocating backend like idmap_ldap or idmap_tdb2\&. This is configured with the parameter -\fIidmap alloc backend\fR\&. -.PP -Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&. -.PP -Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend tdb should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&. +In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. .SH "IDMAP OPTIONS" .PP range = low \- high .RS 4 -Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&. +Defines the available matching uid and gid range for which the backend is authoritative\&. .RE .SH "EXAMPLES" .PP -This example shows how tdb is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&. This same range is used for uid/gid allocation\&. -.sp -.if n \{\ -.RS 4 -.\} -.nf - [global] - # "idmap backend = tdb" is redundant here since it is the default - idmap backend = tdb - idmap uid = 1000000\-2000000 - idmap gid = 1000000\-2000000 - -.fi -.if n \{\ -.RE -.\} -.PP -This (rather theoretical) example shows how tdb can be used as the allocating backend while ldap is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the tdb idmap backend\&. Note that the same range as the default uid/gid range is used, since the allocator has to serve both the default backend and the explicitly configured domain DOM1\&. +This example shows how tdb is used as a the default idmap backend\&. This configured range is used for uid and gid allocation\&. .sp .if n \{\ .RS 4 .\} .nf [global] - idmap backend = ldap - idmap uid = 1000000\-2000000 - idmap gid = 1000000\-2000000 - # use a different uid/gid allocator: - idmap alloc backend = tdb - - idmap config DOM1 : backend = tdb - idmap config DOM1 : range = 1000000\-2000000 + # "backend = tdb" is redundant here since it is the default + idmap config * : backend = tdb + idmap config * : range = 1000000\-2000000 .fi .if n \{\ diff --git a/docs/manpages/idmap_tdb2.8 b/docs/manpages/idmap_tdb2.8 index 77655bd8a2..a690285544 100644 --- a/docs/manpages/idmap_tdb2.8 +++ b/docs/manpages/idmap_tdb2.8 @@ -2,12 +2,12 @@ .\" Title: idmap_tdb2 .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_TDB2" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_TDB2" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -24,22 +24,28 @@ idmap_tdb2 \- Samba\'s idmap_tdb2 Backend for Winbind .PP The idmap_tdb2 plugin is a substitute for the default idmap_tdb backend used by winbindd for storing SID/uid/gid mapping tables in clustered environments with Samba and CTDB\&. .PP -In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_tdb2 backend itself or by any other allocating backend like idmap_tdb or idmap_ldap\&. This is configured with the parameter -\fIidmap alloc backend\fR\&. -.PP -Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&. -.PP -Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend tdb2 should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&. +In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. .SH "IDMAP OPTIONS" .PP range = low \- high .RS 4 -Defines the available matching uid and gid range for which the backend is authoritative\&. If the parameter is absent, Winbind fails over to use the "idmap uid" and "idmap gid" options from smb\&.conf\&. +Defines the available matching uid and gid range for which the backend is authoritative\&. +.RE +.PP +script +.RS 4 +This option can be used to configure an external program for performing id mappings instead of using the tdb counter\&. The mappings are then stored int tdb2 idmap database\&. For details see the section on IDMAP SCRIPT below\&. .RE .SH "IDMAP SCRIPT" .PP -The tdb2 idmap backend supports a script for performing id mappings through the smb\&.conf option -\fIidmap : script\fR\&. The script should accept the following command line options\&. +The tdb2 idmap backend supports an external program for performing id mappings through the smb\&.conf option +\fIidmap config * : script\fR +or its deprecated legacy form +\fIidmap : script\fR\&. +.PP +The mappings obtained by the script are then stored in the idmap tdb2 database instead of mappings created by the incrementing id counters\&. It is therefore important that the script covers the complete range of SIDs that can be passed in for SID to Unix ID mapping, since otherwise SIDs unmapped by the script might get mapped to IDs that had previously been mapped by the script\&. +.PP +The script should accept the following command line options\&. .sp .if n \{\ .RS 4 @@ -69,20 +75,33 @@ And it should return one of the following responses as a single line of text\&. .if n \{\ .RE .\} -.PP -Note that the script should cover the complete range of SIDs that can be passed in for SID to Unix ID mapping, since otherwise SIDs unmapped by the script might get mapped to IDs that had previously been mapped by the script\&. .SH "EXAMPLES" .PP -This example shows how tdb2 is used as a the default idmap backend\&. It configures the idmap range through the global options for all domains encountered\&. This same range is used for uid/gid allocation\&. +This example shows how tdb2 is used as a the default idmap backend\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + [global] + idmap config * : backend = tdb2 + idmap config * : range = 1000000\-2000000 + +.fi +.if n \{\ +.RE +.\} +.PP +This example shows how tdb2 is used as a the default idmap backend using an external program via the script parameter: .sp .if n \{\ .RS 4 .\} .nf [global] - idmap backend = tdb2 - idmap uid = 1000000\-2000000 - idmap gid = 1000000\-2000000 + idmap config * : backend = tdb2 + idmap config * : range = 1000000\-2000000 + idmap config * : script = /usr/local/samba/bin/idmap_script\&.sh .fi .if n \{\ diff --git a/docs/manpages/ldb.3 b/docs/manpages/ldb.3 deleted file mode 100644 index 321bb24fcc..0000000000 --- a/docs/manpages/ldb.3 +++ /dev/null @@ -1,440 +0,0 @@ -'\" t -.\" Title: ldb -.\" Author: [see the "Author" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: C Library Functions -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDB" "3" "08/02/2011" "Samba 3\&.5" "C Library Functions" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldb \- A light\-weight database library -.SH "SYNOPSIS" -.sp -.nf -#include <ldb\&.h> -.fi -.SH "DESCRIPTION" -.PP -ldb is a light weight embedded database library and API\&. With a programming interface that is very similar to LDAP, ldb can store its data either in a tdb(3) database or in a real LDAP database\&. -.PP -When used with the tdb backend ldb does not require any database daemon\&. Instead, ldb function calls are processed immediately by the ldb library, which does IO directly on the database, while allowing multiple readers/writers using operating system byte range locks\&. This leads to an API with very low overheads, often resulting in speeds of more than 10x what can be achieved with a more traditional LDAP architecture\&. -.PP -In a taxonomy of databases ldb would sit half way between key/value pair databases (such as berkley db or tdb) and a full LDAP database\&. With a structured attribute oriented API like LDAP and good indexing capabilities, ldb can be used for quite sophisticated applications that need a light weight database, without the administrative overhead of a full LDAP installation\&. -.PP -Included with ldb are a number of useful command line tools for manipulating a ldb database\&. These tools are similar in style to the equivalent ldap command line tools\&. -.PP -In its default mode of operation with a tdb backend, ldb can also be seen as a "schema\-less LDAP"\&. By default ldb does not require a schema, which greatly reduces the complexity of getting started with ldb databases\&. As the complexity of you application grows you can take advantage of some of the optional schema\-like attributes that ldb offers, or you can migrate to using the full LDAP api while keeping your exiting ldb code\&. -.PP -If you are new to ldb, then I suggest starting with the manual pages for ldbsearch(1) and ldbedit(1), and experimenting with a local database\&. Then I suggest you look at the ldb_connect(3) and ldb_search(3) manual pages\&. -.SH "TOOLS" -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -ldbsearch(1) -\- command line ldb search utility -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -ldbedit(1) -\- edit all or part of a ldb database using your favourite editor -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -ldbadd(1) -\- add records to a ldb database using LDIF formatted input -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -ldbdel(1) -\- delete records from a ldb database -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -ldbmodify(1) -\- modify records in a ldb database using LDIF formatted input -.SH "FUNCTIONS" -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_connect(3)\fR -\- connect to a ldb backend -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_search(3)\fR -\- perform a database search -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_add(3)\fR -\- add a record to the database -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_delete(3)\fR -\- delete a record from the database -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_modify(3)\fR -\- modify a record in the database -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_errstring(3)\fR -\- retrieve extended error information from the last operation -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_ldif_write(3)\fR -\- write a LDIF formatted message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_ldif_write_file(3)\fR -\- write a LDIF formatted message to a file -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_ldif_read(3)\fR -\- read a LDIF formatted message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_ldif_read_free(3)\fR -\- free the result of a ldb_ldif_read() -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_ldif_read_file(3)\fR -\- read a LDIF message from a file -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_ldif_read_string(3)\fR -\- read a LDIF message from a string -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_find_element(3)\fR -\- find an element in a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_val_equal_exact(3)\fR -\- compare two ldb_val structures -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_find_val(3)\fR -\- find an element by value -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_add_empty(3)\fR -\- add an empty message element to a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_add(3)\fR -\- add a non\-empty message element to a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_element_compare(3)\fR -\- compare two ldb_message_element structures -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_find_int(3)\fR -\- return an integer value from a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_find_uint(3)\fR -\- return an unsigned integer value from a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_find_double(3)\fR -\- return a double value from a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_msg_find_string(3)\fR -\- return a string value from a ldb_message -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_set_alloc(3)\fR -\- set the memory allocation function to be used by ldb -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_set_debug(3)\fR -\- set a debug handler to be used by ldb -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\fBldb_set_debug_stderr(3)\fR -\- set a debug handler for stderr output -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -ldb is released under the GNU Lesser General Public License version 2 or later\&. Please see the file COPYING for license details\&. diff --git a/docs/manpages/ldbadd.1 b/docs/manpages/ldbadd.1 deleted file mode 100644 index a9cc5b7c7a..0000000000 --- a/docs/manpages/ldbadd.1 +++ /dev/null @@ -1,63 +0,0 @@ -'\" t -.\" Title: ldbadd -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: User Commands -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDBADD" "1" "08/02/2011" "Samba 3\&.5" "User Commands" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldbadd \- Command\-line utility for adding records to an LDB -.SH "SYNOPSIS" -.HP \w'\ 'u -ldbadd [\-h] [\-H\ LDB\-URL] [ldif\-file1] [ldif\-file2] [\&.\&.\&.] -.SH "DESCRIPTION" -.PP -ldbadd adds records to an ldb(7) database\&. It reads the ldif(5) files specified on the command line and adds the records from these files to the LDB database, which is specified by the \-H option or the LDB_URL environment variable\&. -.PP -If \- is specified as a ldb file, the ldif input is read from standard input\&. -.SH "OPTIONS" -.PP -\-h -.RS 4 -Show list of available options\&. -.RE -.PP -\-H <ldb\-url> -.RS 4 -LDB URL to connect to\&. See ldb(7) for details\&. -.RE -.SH "ENVIRONMENT" -.PP -LDB_URL -.RS 4 -LDB URL to connect to (can be overrided by using the \-H command\-line option\&.) -.RE -.SH "VERSION" -.PP -This man page is correct for version 4\&.0 of the Samba suite\&. -.SH "SEE ALSO" -.PP -ldb(7), ldbmodify, ldbdel, ldif(5) -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -This manpage was written by Jelmer Vernooij\&. diff --git a/docs/manpages/ldbdel.1 b/docs/manpages/ldbdel.1 deleted file mode 100644 index 82bb03539b..0000000000 --- a/docs/manpages/ldbdel.1 +++ /dev/null @@ -1,65 +0,0 @@ -'\" t -.\" Title: ldbdel -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: User Commands -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDBDEL" "1" "08/02/2011" "Samba 3\&.5" "User Commands" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldbdel \- Command\-line program for deleting LDB records -.SH "SYNOPSIS" -.HP \w'\ 'u -ldbdel [\-h] [\-H\ LDB\-URL] [dn] [\&.\&.\&.] -.SH "DESCRIPTION" -.PP -ldbdel deletes records from an ldb(7) database\&. It deletes the records identified by the dn\'s specified on the command\-line\&. -.PP -ldbdel uses either the database that is specified with the \-H option or the database specified by the LDB_URL environment variable\&. -.SH "OPTIONS" -.PP -\-h -.RS 4 -Show list of available options\&. -.RE -.PP -\-H <ldb\-url> -.RS 4 -LDB URL to connect to\&. See ldb(7) for details\&. -.RE -.SH "ENVIRONMENT" -.PP -LDB_URL -.RS 4 -LDB URL to connect to (can be overrided by using the \-H command\-line option\&.) -.RE -.SH "VERSION" -.PP -This man page is correct for version 4\&.0 of the Samba suite\&. -.SH "SEE ALSO" -.PP -ldb(7), ldbmodify, ldbadd, ldif(5) -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -ldbdel was written by Andrew Tridgell\&. -.PP -This manpage was written by Jelmer Vernooij\&. diff --git a/docs/manpages/ldbedit.1 b/docs/manpages/ldbedit.1 deleted file mode 100644 index 6bde727a36..0000000000 --- a/docs/manpages/ldbedit.1 +++ /dev/null @@ -1,96 +0,0 @@ -'\" t -.\" Title: ldbedit -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: User Commands -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDBEDIT" "1" "08/02/2011" "Samba 3\&.5" "User Commands" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldbedit \- Edit LDB databases using your preferred editor -.SH "SYNOPSIS" -.HP \w'\ 'u -ldbedit [\-?] [\-\-usage] [\-s\ base|one|sub] [\-b\ basedn] [\-a] [\-e\ editor] [\-H\ LDB\-URL] [expression] [attributes...] -.SH "DESCRIPTION" -.PP -ldbedit is a utility that allows you to edit LDB entries (in tdb files, sqlite files or LDAP servers) using your preferred editor\&. ldbedit generates an LDIF file based on your query, allows you to edit the LDIF, and then merges that LDIF back into the LDB backend\&. -.SH "OPTIONS" -.PP -\-?, \-\-help -.RS 4 -Show list of available options, and a phrase describing what that option does\&. -.RE -.PP -\-\-usage -.RS 4 -Show list of available options\&. This is similar to the help option, however it does not provide any description, and is hence shorter\&. -.RE -.PP -\-H <ldb\-url> -.RS 4 -LDB URL to connect to\&. For a tdb database, this will be of the form tdb://\fIfilename\fR\&. For a LDAP connection over unix domain sockets, this will be of the form ldapi://\fIsocket\fR\&. For a (potentially remote) LDAP connection over TCP, this will be of the form ldap://\fIhostname\fR\&. For an SQLite database, this will be of the form sqlite://\fIfilename\fR\&. -.RE -.PP -\-s one|sub|base -.RS 4 -Search scope to use\&. One\-level, subtree or base\&. -.RE -.PP -\-a, \-all -.RS 4 -Edit all records\&. This allows you to apply the same change to a number of records at once\&. You probably want to combine this with an expression of the form "objectclass=*"\&. -.RE -.PP -\-e editor, \-\-editor editor -.RS 4 -Specify the editor that should be used (overrides the VISUAL and EDITOR environment variables)\&. If this option is not used, and neither VISUAL nor EDITOR environment variables are set, then the vi editor will be used\&. -.RE -.PP -\-b basedn -.RS 4 -Specify Base Distinguished Name to use\&. -.RE -.PP -\-v, \-\-verbose -.RS 4 -Make ldbedit more verbose about the operations that are being performed\&. Without this option, ldbedit will only provide a summary change line\&. -.RE -.SH "ENVIRONMENT" -.PP -LDB_URL -.RS 4 -LDB URL to connect to\&. This can be overridden by using the \-H command\-line option\&.) -.RE -.PP -VISUAL and EDITOR -.RS 4 -Environment variables used to determine what editor to use\&. VISUAL takes precedence over EDITOR, and both are overridden by the \-e command\-line option\&. -.RE -.SH "VERSION" -.PP -This man page is correct for version 4\&.0 of the Samba suite\&. -.SH "SEE ALSO" -.PP -ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1) -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -This manpage was written by Jelmer Vernooij and updated by Brad Hards\&. diff --git a/docs/manpages/ldbmodify.1 b/docs/manpages/ldbmodify.1 deleted file mode 100644 index fbd36b0052..0000000000 --- a/docs/manpages/ldbmodify.1 +++ /dev/null @@ -1,58 +0,0 @@ -'\" t -.\" Title: ldbmodify -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: User Commands -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDBMODIFY" "1" "08/02/2011" "Samba 3\&.5" "User Commands" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldbmodify \- Modify records in a LDB database -.SH "SYNOPSIS" -.HP \w'\ 'u -ldbmodify [\-H\ LDB\-URL] [ldif\-file] -.SH "DESCRIPTION" -.PP -ldbmodify changes, adds and deletes records in a LDB database\&. The changes that should be made to the LDB database are read from the specified LDIF\-file\&. If \- is specified as the filename, input is read from stdin\&. -.PP -For now, see ldapmodify(1) for details on the LDIF file format\&. -.SH "OPTIONS" -.PP -\-H <ldb\-url> -.RS 4 -LDB URL to connect to\&. See ldb(7) for details\&. -.RE -.SH "ENVIRONMENT" -.PP -LDB_URL -.RS 4 -LDB URL to connect to (can be overrided by using the \-H command\-line option\&.) -.RE -.SH "VERSION" -.PP -This man page is correct for version 4\&.0 of the Samba suite\&. -.SH "SEE ALSO" -.PP -ldb(7), ldbedit -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -This manpage was written by Jelmer Vernooij\&. diff --git a/docs/manpages/ldbrename.1 b/docs/manpages/ldbrename.1 deleted file mode 100644 index 38b7794ce5..0000000000 --- a/docs/manpages/ldbrename.1 +++ /dev/null @@ -1,66 +0,0 @@ -'\" t -.\" Title: ldbrename -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: User Commands -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDBRENAME" "1" "08/02/2011" "Samba 3\&.5" "User Commands" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldbrename \- Edit LDB databases using your favorite editor -.SH "SYNOPSIS" -.HP \w'\ 'u -ldbrename [\-h] [\-o\ options] {olddn} {newdb} -.SH "DESCRIPTION" -.PP -ldbrename is a utility that allows you to rename trees in an LDB database based by DN\&. This utility takes two arguments: the original DN name of the top element and the DN to change it to\&. -.SH "OPTIONS" -.PP -\-h -.RS 4 -Show list of available options\&. -.RE -.PP -\-H <ldb\-url> -.RS 4 -LDB URL to connect to\&. See ldb(7) for details\&. -.RE -.PP -\-o options -.RS 4 -Extra ldb options, such as modules\&. -.RE -.SH "ENVIRONMENT" -.PP -LDB_URL -.RS 4 -LDB URL to connect to (can be overrided by using the \-H command\-line option\&.) -.RE -.SH "VERSION" -.PP -This man page is correct for version 4\&.0 of the Samba suite\&. -.SH "SEE ALSO" -.PP -ldb(7), ldbmodify, ldbdel, ldif(5) -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -This manpage was written by Jelmer Vernooij\&. diff --git a/docs/manpages/ldbsearch.1 b/docs/manpages/ldbsearch.1 deleted file mode 100644 index de375bfdc7..0000000000 --- a/docs/manpages/ldbsearch.1 +++ /dev/null @@ -1,76 +0,0 @@ -'\" t -.\" Title: ldbsearch -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: User Commands -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "LDBSEARCH" "1" "08/02/2011" "Samba 3\&.5" "User Commands" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -ldbsearch \- Search for records in a LDB database -.SH "SYNOPSIS" -.HP \w'\ 'u -ldbsearch [\-h] [\-s\ base|one|sub] [\-b\ basedn] [\-i] [\-H\ LDB\-URL] [expression] [attributes] -.SH "DESCRIPTION" -.PP -ldbsearch searches a LDB database for records matching the specified expression (see the ldapsearch(1) manpage for a description of the expression format)\&. For each record, the specified attributes are printed\&. -.SH "OPTIONS" -.PP -\-h -.RS 4 -Show list of available options\&. -.RE -.PP -\-H <ldb\-url> -.RS 4 -LDB URL to connect to\&. See ldb(7) for details\&. -.RE -.PP -\-s one|sub|base -.RS 4 -Search scope to use\&. One\-level, subtree or base\&. -.RE -.PP -\-i -.RS 4 -Read search expressions from stdin\&. -.RE -.PP -\-b basedn -.RS 4 -Specify Base DN to use\&. -.RE -.SH "ENVIRONMENT" -.PP -LDB_URL -.RS 4 -LDB URL to connect to (can be overrided by using the \-H command\-line option\&.) -.RE -.SH "VERSION" -.PP -This man page is correct for version 4\&.0 of the Samba suite\&. -.SH "SEE ALSO" -.PP -ldb(7), ldbedit(1) -.SH "AUTHOR" -.PP -ldb was written by -Andrew Tridgell\&. -.PP -If you wish to report a problem or make a suggestion then please see the -: http://ldb.samba.org/ -web site for current contact and maintainer information\&. -.PP -This manpage was written by Jelmer Vernooij\&. diff --git a/docs/manpages/libsmbclient.7 b/docs/manpages/libsmbclient.7 index c0eb5735b2..29bdc8bf06 100644 --- a/docs/manpages/libsmbclient.7 +++ b/docs/manpages/libsmbclient.7 @@ -2,12 +2,12 @@ .\" Title: libsmbclient .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: 7 -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "LIBSMBCLIENT" "7" "08/02/2011" "Samba 3\&.5" "7" +.TH "LIBSMBCLIENT" "7" "01/22/2012" "Samba 3\&.6" "7" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 index 8308610a40..3bbcd77f94 100644 --- a/docs/manpages/lmhosts.5 +++ b/docs/manpages/lmhosts.5 @@ -2,12 +2,12 @@ .\" Title: lmhosts .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: File Formats and Conventions -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "LMHOSTS" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions" +.TH "LMHOSTS" "5" "01/22/2012" "Samba 3\&.6" "File Formats and Conventions" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -64,6 +64,7 @@ IP Address \- in dotted decimal format\&. NetBIOS Name \- This name format is a maximum fifteen character host name, with an optional trailing \'#\' character followed by the NetBIOS name type as two hexadecimal digits\&. .sp If the trailing \'#\' is omitted then the given IP address will be returned for all names that match the given name, whatever the NetBIOS name type in the lookup\&. +.RE .sp .RE .PP diff --git a/docs/manpages/log2pcap.1 b/docs/manpages/log2pcap.1 index b2f4ac114c..747e7304d9 100644 --- a/docs/manpages/log2pcap.1 +++ b/docs/manpages/log2pcap.1 @@ -2,12 +2,12 @@ .\" Title: log2pcap .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "LOG2PCAP" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "LOG2PCAP" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/mount.cifs.8 b/docs/manpages/mount.cifs.8 deleted file mode 100644 index 81cf3fae00..0000000000 --- a/docs/manpages/mount.cifs.8 +++ /dev/null @@ -1,475 +0,0 @@ -'\" t -.\" Title: mount.cifs -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: System Administration tools -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "MOUNT\&.CIFS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -mount.cifs \- mount using the Common Internet File System (CIFS) -.SH "SYNOPSIS" -.HP \w'\ 'u -mount\&.cifs {service} {mount\-point} [\-o\ options] -.SH "DESCRIPTION" -.PP -This tool is part of the -\fBsamba\fR(7) -suite\&. -.PP -mount\&.cifs mounts a Linux CIFS filesystem\&. It is usually invoked indirectly by the -\fBmount\fR(8) -command when using the "\-t cifs" option\&. This command only works in Linux, and the kernel must support the cifs filesystem\&. The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other commercial servers and Network Attached Storage appliances as well as by the popular Open Source server Samba\&. -.PP -The mount\&.cifs utility attaches the UNC name (exported network resource) specified as -\fIservice\fR -(using //server/share syntax, where "server" is the server name or IP address and "share" is the name of the share) to the local directory -\fImount\-point\fR\&. -.PP -Options to -\fImount\&.cifs\fR -are specified as a comma\-separated list of key=value pairs\&. It is possible to send options other than those listed here, assuming that the cifs filesystem kernel module (cifs\&.ko) supports them\&. Unrecognized cifs mount options passed to the cifs vfs kernel code will be logged to the kernel log\&. -.PP -\fImount\&.cifs\fR -causes the cifs vfs to launch a thread named cifsd\&. After mounting it keeps running until the mounted resource is unmounted (usually via the umount utility)\&. -.PP - -\fImount\&.cifs \-V\fR -command displays the version of cifs mount helper\&. -.PP - -\fImodinfo cifs\fR -command displays the version of cifs module\&. -.SH "OPTIONS" -.PP -user=\fIarg\fR -.RS 4 -specifies the username to connect as\&. If this is not given, then the environment variable -\fIUSER\fR -is used\&. This option can also take the form "user%password" or "workgroup/user" or "workgroup/user%password" to allow the password and workgroup to be specified as part of the username\&. -.if n \{\ -.sp -.\} -.RS 4 -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.br -.ps +1 -\fBNote\fR -.ps -1 -.br -The cifs vfs accepts the parameter -\fIuser=\fR, or for users familiar with smbfs it accepts the longer form of the parameter -\fIusername=\fR\&. Similarly the longer smbfs style parameter names may be accepted as synonyms for the shorter cifs parameters -\fIpass=\fR,\fIdom=\fR -and -\fIcred=\fR\&. -.sp .5v -.RE -.RE -.PP -password=\fIarg\fR -.RS 4 -specifies the CIFS password\&. If this option is not given then the environment variable -\fIPASSWD\fR -is used\&. If the password is not specified directly or indirectly via an argument to mount, -\fImount\&.cifs\fR -will prompt for a password, unless the guest option is specified\&. -.sp -Note that a password which contains the delimiter character (i\&.e\&. a comma \',\') will fail to be parsed correctly on the command line\&. However, the same password defined in the PASSWD environment variable or via a credentials file (see below) or entered at the password prompt will be read correctly\&. -.RE -.PP -credentials=\fIfilename\fR -.RS 4 -specifies a file that contains a username and/or password and optionally the name of the workgroup\&. The format of the file is: -.sp -.if n \{\ -.RS 4 -.\} -.nf - username=\fIvalue\fR - password=\fIvalue\fR - domain=\fIvalue\fR -.fi -.if n \{\ -.RE -.\} -.sp -This is preferred over having passwords in plaintext in a shared file, such as -/etc/fstab\&. Be sure to protect any credentials file properly\&. -.RE -.PP -uid=\fIarg\fR -.RS 4 -sets the uid that will own all files or directories on the mounted filesystem when the server does not provide ownership information\&. It may be specified as either a username or a numeric uid\&. When not specified, the default is uid 0\&. The mount\&.cifs helper must be at version 1\&.10 or higher to support specifying the uid in non\-numeric form\&. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information\&. -.RE -.PP -forceuid -.RS 4 -instructs the client to ignore any uid provided by the server for files and directories and to always assign the owner to be the value of the uid= option\&. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information\&. -.RE -.PP -gid=\fIarg\fR -.RS 4 -sets the gid that will own all files or directories on the mounted filesystem when the server does not provide ownership information\&. It may be specified as either a groupname or a numeric gid\&. When not specified, the default is gid 0\&. The mount\&.cifs helper must be at version 1\&.10 or higher to support specifying the gid in non\-numeric form\&. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information\&. -.RE -.PP -forcegid -.RS 4 -instructs the client to ignore any gid provided by the server for files and directories and to always assign the owner to be the value of the gid= option\&. See the section on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS below for more information\&. -.RE -.PP -port=\fIarg\fR -.RS 4 -sets the port number on the server to attempt to contact to negotiate CIFS support\&. If the CIFS server is not listening on this port or if it is not specified, the default ports will be tried i\&.e\&. port 445 is tried and if no response then port 139 is tried\&. -.RE -.PP -servern=\fIarg\fR -.RS 4 -Specify the server netbios name (RFC1001 name) to use when attempting to setup a session to the server\&. Although rarely needed for mounting to newer servers, this option is needed for mounting to some older servers (such as OS/2 or Windows 98 and Windows ME) since when connecting over port 139 they, unlike most newer servers, do not support a default server name\&. A server name can be up to 15 characters long and is usually uppercased\&. -.RE -.PP -netbiosname=\fIarg\fR -.RS 4 -When mounting to servers via port 139, specifies the RFC1001 source name to use to represent the client netbios machine name when doing the RFC1001 netbios session initialize\&. -.RE -.PP -file_mode=\fIarg\fR -.RS 4 -If the server does not support the CIFS Unix extensions this overrides the default file mode\&. -.RE -.PP -dir_mode=\fIarg\fR -.RS 4 -If the server does not support the CIFS Unix extensions this overrides the default mode for directories\&. -.RE -.PP -ip=\fIarg\fR -.RS 4 -sets the destination IP address\&. This option is set automatically if the server name portion of the requested UNC name can be resolved so rarely needs to be specified by the user\&. -.RE -.PP -domain=\fIarg\fR -.RS 4 -sets the domain (workgroup) of the user -.RE -.PP -guest -.RS 4 -don\'t prompt for a password -.RE -.PP -iocharset -.RS 4 -Charset used to convert local path names to and from Unicode\&. Unicode is used by default for network path names if the server supports it\&. If iocharset is not specified then the nls_default specified during the local client kernel build will be used\&. If server does not support Unicode, this parameter is unused\&. -.RE -.PP -ro -.RS 4 -mount read\-only -.RE -.PP -rw -.RS 4 -mount read\-write -.RE -.PP -setuids -.RS 4 -If the CIFS Unix extensions are negotiated with the server the client will attempt to set the effective uid and gid of the local process on newly created files, directories, and devices (create, mkdir, mknod)\&. If the CIFS Unix Extensions are not negotiated, for newly created files and directories instead of using the default uid and gid specified on the the mount, cache the new file\'s uid and gid locally which means that the uid for the file can change when the inode is reloaded (or the user remounts the share)\&. -.RE -.PP -nosetuids -.RS 4 -The client will not attempt to set the uid and gid on on newly created files, directories, and devices (create, mkdir, mknod) which will result in the server setting the uid and gid to the default (usually the server uid of the user who mounted the share)\&. Letting the server (rather than the client) set the uid and gid is the default\&.If the CIFS Unix Extensions are not negotiated then the uid and gid for new files will appear to be the uid (gid) of the mounter or the uid (gid) parameter specified on the mount\&. -.RE -.PP -perm -.RS 4 -Client does permission checks (vfs_permission check of uid and gid of the file against the mode and desired operation), Note that this is in addition to the normal ACL check on the target machine done by the server software\&. Client permission checking is enabled by default\&. -.RE -.PP -noperm -.RS 4 -Client does not do permission checks\&. This can expose files on this mount to access by other users on the local client system\&. It is typically only needed when the server supports the CIFS Unix Extensions but the UIDs/GIDs on the client and server system do not match closely enough to allow access by the user doing the mount\&. Note that this does not affect the normal ACL check on the target machine done by the server software (of the server ACL against the user name provided at mount time)\&. -.RE -.PP -dynperm -.RS 4 -Instructs the server to maintain ownership and permissions in memory that can\'t be stored on the server\&. This information can disappear at any time (whenever the inode is flushed from the cache), so while this may help make some applications work, it\'s behavior is somewhat unreliable\&. See the section below on FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS for more information\&. -.RE -.PP -directio -.RS 4 -Do not do inode data caching on files opened on this mount\&. This precludes mmaping files on this mount\&. In some cases with fast networks and little or no caching benefits on the client (e\&.g\&. when the application is doing large sequential reads bigger than page size without rereading the same data) this can provide better performance than the default behavior which caches reads (readahead) and writes (writebehind) through the local Linux client pagecache if oplock (caching token) is granted and held\&. Note that direct allows write operations larger than page size to be sent to the server\&. On some kernels this requires the cifs\&.ko module to be built with the CIFS_EXPERIMENTAL configure option\&. -.RE -.PP -mapchars -.RS 4 -Translate six of the seven reserved characters (not backslash, but including the colon, question mark, pipe, asterik, greater than and less than characters) to the remap range (above 0xF000), which also allows the CIFS client to recognize files created with such characters by Windows\'s POSIX emulation\&. This can also be useful when mounting to most versions of Samba (which also forbids creating and opening files whose names contain any of these seven characters)\&. This has no effect if the server does not support Unicode on the wire\&. Please note that the files created with mapchars mount option may not be accessible if the share is mounted without that option\&. -.RE -.PP -nomapchars -.RS 4 -Do not translate any of these seven characters (default) -.RE -.PP -intr -.RS 4 -currently unimplemented -.RE -.PP -nointr -.RS 4 -(default) currently unimplemented -.RE -.PP -hard -.RS 4 -The program accessing a file on the cifs mounted file system will hang when the server crashes\&. -.RE -.PP -soft -.RS 4 -(default) The program accessing a file on the cifs mounted file system will not hang when the server crashes and will return errors to the user application\&. -.RE -.PP -noacl -.RS 4 -Do not allow POSIX ACL operations even if server would support them\&. -.sp -The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers version 3\&.0\&.10 and later\&. Setting POSIX ACLs requires enabling both XATTR and then POSIX support in the CIFS configuration options when building the cifs module\&. POSIX ACL support can be disabled on a per mount basis by specifying "noacl" on mount\&. -.RE -.PP -nocase -.RS 4 -Request case insensitive path name matching (case sensitive is the default if the server suports it)\&. -.RE -.PP -sec= -.RS 4 -Security mode\&. Allowed values are: -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -none attempt to connection as a null user (no name) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -krb5 Use Kerberos version 5 authentication -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -krb5i Use Kerberos authentication and packet signing -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -ntlm Use NTLM password hashing (default) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -ntlmi Use NTLM password hashing with signing (if /proc/fs/cifs/PacketSigningEnabled on or if server requires signing also can be the default) -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -ntlmv2 Use NTLMv2 password hashing -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} -ntlmv2i Use NTLMv2 password hashing with packet signing -.sp -.RE -[NB This [sec parameter] is under development and expected to be available in cifs kernel module 1\&.40 and later] -.RE -.PP -nobrl -.RS 4 -Do not send byte range lock requests to the server\&. This is necessary for certain applications that break with cifs style mandatory byte range locks (and most cifs servers do not yet support requesting advisory byte range locks)\&. -.RE -.PP -sfu -.RS 4 -When the CIFS Unix Extensions are not negotiated, attempt to create device files and fifos in a format compatible with Services for Unix (SFU)\&. In addition retrieve bits 10\-12 of the mode via the SETFILEBITS extended attribute (as SFU does)\&. In the future the bottom 9 bits of the mode mode also will be emulated using queries of the security descriptor (ACL)\&. [NB: requires version 1\&.39 or later of the CIFS VFS\&. To recognize symlinks and be able to create symlinks in an SFU interoperable form requires version 1\&.40 or later of the CIFS VFS kernel module\&. -.RE -.PP -serverino -.RS 4 -Use inode numbers (unique persistent file identifiers) returned by the server instead of automatically generating temporary inode numbers on the client\&. Although server inode numbers make it easier to spot hardlinked files (as they will have the same inode numbers) and inode numbers may be persistent (which is userful for some sofware), the server does not guarantee that the inode numbers are unique if multiple server side mounts are exported under a single share (since inode numbers on the servers might not be unique if multiple filesystems are mounted under the same shared higher level directory)\&. Note that not all servers support returning server inode numbers, although those that support the CIFS Unix Extensions, and Windows 2000 and later servers typically do support this (although not necessarily on every local server filesystem)\&. Parameter has no effect if the server lacks support for returning inode numbers or equivalent\&. -.RE -.PP -noserverino -.RS 4 -Client generates inode numbers (rather than using the actual one from the server) by default\&. -.sp -See section -\fIINODE NUMBERS\fR -for more information\&. -.RE -.PP -nounix -.RS 4 -Disable the CIFS Unix Extensions for this mount\&. This can be useful in order to turn off multiple settings at once\&. This includes POSIX acls, POSIX locks, POSIX paths, symlink support and retrieving uids/gids/mode from the server\&. This can also be useful to work around a bug in a server that supports Unix Extensions\&. -.sp -See section -\fIINODE NUMBERS\fR -for more information\&. -.RE -.PP -nouser_xattr -.RS 4 -(default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise\&. -.RE -.PP -rsize=\fIarg\fR -.RS 4 -default network read size (usually 16K)\&. The client currently can not use rsize larger than CIFSMaxBufSize\&. CIFSMaxBufSize defaults to 16K and may be changed (from 8K to the maximum kmalloc size allowed by your kernel) at module install time for cifs\&.ko\&. Setting CIFSMaxBufSize to a very large value will cause cifs to use more memory and may reduce performance in some cases\&. To use rsize greater than 127K (the original cifs protocol maximum) also requires that the server support a new Unix Capability flag (for very large read) which some newer servers (e\&.g\&. Samba 3\&.0\&.26 or later) do\&. rsize can be set from a minimum of 2048 to a maximum of 130048 (127K or CIFSMaxBufSize, whichever is smaller) -.RE -.PP -wsize=\fIarg\fR -.RS 4 -default network write size (default 57344) maximum wsize currently allowed by CIFS is 57344 (fourteen 4096 byte pages) -.RE -.PP -\-\-verbose -.RS 4 -Print additional debugging information for the mount\&. Note that this parameter must be specified before the \-o\&. For example: -.sp -mount \-t cifs //server/share /mnt \-\-verbose \-o user=username -.RE -.SH "SERVICE FORMATTING AND DELIMITERS" -.PP -It\'s generally preferred to use forward slashes (/) as a delimiter in service names\&. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\e) unconditionally\&. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can\'t be automatically converted in the same way\&. -.PP -mount\&.cifs will attempt to convert backslashes to forward slashes where it\'s able to do so, but it cannot do so in any path component following the sharename\&. -.SH "INODE NUMBERS" -.PP -When Unix Extensions are enabled, we use the actual inode number provided by the server in response to the POSIX calls as an inode number\&. -.PP -When Unix Extensions are disabled and "serverino" mount option is enabled there is no way to get the server inode number\&. The client typically maps the server\-assigned "UniqueID" onto an inode number\&. -.PP -Note that the UniqueID is a different value from the server inode number\&. The UniqueID value is unique over the scope of the entire server and is often greater than 2 power 32\&. This value often makes programs that are not compiled with LFS (Large File Support), to trigger a glibc EOVERFLOW error as this won\'t fit in the target structure field\&. It is strongly recommended to compile your programs with LFS support (i\&.e\&. with \-D_FILE_OFFSET_BITS=64) to prevent this problem\&. You can also use "noserverino" mount option to generate inode numbers smaller than 2 power 32 on the client\&. But you may not be able to detect hardlinks properly\&. -.SH "FILE AND DIRECTORY OWNERSHIP AND PERMISSIONS" -.PP -The core CIFS protocol does not provide unix ownership information or mode for files and directories\&. Because of this, files and directories will generally appear to be owned by whatever values the uid= or gid= options are set, and will have permissions set to the default file_mode and dir_mode for the mount\&. Attempting to change these values via chmod/chown will return success but have no effect\&. -.PP -When the client and server negotiate unix extensions, files and directories will be assigned the uid, gid, and mode provided by the server\&. Because CIFS mounts are generally single\-user, and the same credentials are used no matter what user accesses the mount, newly created files and directories will generally be given ownership corresponding to whatever credentials were used to mount the share\&. -.PP -If the uid\'s and gid\'s being used do not match on the client and server, the forceuid and forcegid options may be helpful\&. Note however, that there is no corresponding option to override the mode\&. Permissions assigned to a file when forceuid or forcegid are in effect may not reflect the the real permissions\&. -.PP -When unix extensions are not negotiated, it\'s also possible to emulate them locally on the server using the "dynperm" mount option\&. When this mount option is in effect, newly created files and directories will receive what appear to be proper permissions\&. These permissions are not stored on the server however and can disappear at any time in the future (subject to the whims of the kernel flushing out the inode cache)\&. In general, this mount option is discouraged\&. -.PP -It\'s also possible to override permission checking on the client altogether via the noperm option\&. Server\-side permission checks cannot be overriden\&. The permission checks done by the server will always correspond to the credentials used to mount the share, and not necessarily to the user who is accessing the share\&. -.SH "ENVIRONMENT VARIABLES" -.PP -The variable -\fIUSER\fR -may contain the username of the person to be used to authenticate to the server\&. The variable can be used to set both username and password by using the format username%password\&. -.PP -The variable -\fIPASSWD\fR -may contain the password of the person using the client\&. -.PP -The variable -\fIPASSWD_FILE\fR -may contain the pathname of a file to read the password from\&. A single line of input is read and used as the password\&. -.SH "NOTES" -.PP -This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled\&. When installed as a setuid program, the program follows the conventions set forth by the mount program for user mounts\&. -.PP -Some samba client tools like smbclient(8) honour client\-side configuration parameters present in smb\&.conf\&. Unlike those client tools, -\fImount\&.cifs\fR -ignores smb\&.conf completely\&. -.SH "CONFIGURATION" -.PP -The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem\&. In the directory -/proc/fs/cifs -are various configuration files and pseudo files which can display debug information\&. There are additional startup options such as maximum buffer size and number of buffers which only may be set when the kernel cifs vfs (cifs\&.ko module) is loaded\&. These can be seen by running the modinfo utility against the file cifs\&.ko which will list the options that may be passed to cifs during module installation (device driver load)\&. For more information see the kernel file -fs/cifs/README\&. -.SH "BUGS" -.PP -Mounting using the CIFS URL specification is currently not supported\&. -.PP -The credentials file does not handle usernames or passwords with leading space\&. -.PP -Note that the typical response to a bug report is a suggestion to try the latest version first\&. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: mount\&.cifs (try mount\&.cifs \-V), kernel (see /proc/version) and server type you are trying to contact\&. -.SH "VERSION" -.PP -This man page is correct for version 1\&.52 of the cifs vfs filesystem (roughly Linux kernel 2\&.6\&.24)\&. -.SH "SEE ALSO" -.PP -Documentation/filesystems/cifs\&.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information\&. -.PP -\fBumount.cifs\fR(8) -.SH "AUTHOR" -.PP -Steve French -.PP -The syntax and manpage were loosely based on that of smbmount\&. It was converted to Docbook/XML by Jelmer Vernooij\&. -.PP -The maintainer of the Linux cifs vfs and the userspace tool -\fImount\&.cifs\fR -is -Steve French\&. The -Linux CIFS Mailing list -is the preferred place to ask questions regarding these programs\&. diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index 49bdc19008..8f2bc3ac1f 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -2,12 +2,12 @@ .\" Title: net .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "NET" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "NET" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -37,6 +37,11 @@ The Samba net utility is meant to work just like the net utility available for w Print a summary of command line options\&. .RE .PP +\-k|\-\-kerberos +.RS 4 +Try to authenticate with kerberos\&. Only useful in an Active Directory environment\&. +.RE +.PP \-w target\-workgroup .RS 4 Sets target workgroup or domain\&. You have to specify either this option or the IP address or the name of a server\&. @@ -467,6 +472,7 @@ type \- Type of the group; either \'domain\', \'local\', or \'builtin\' .IP \(bu 2.3 .\} comment \- Freeform text description of the group +.RE .sp .RE .SS "GROUPMAP ADD" @@ -549,6 +555,139 @@ Abandon relationship to trusted domain .SS "RPC TRUSTDOM LIST" .PP List all interdomain trust relationships\&. +.SS "RPC TRUSTDOM LIST" +.PP +List all interdomain trust relationships\&. +.SS "RPC TRUST" +.SS "RPC TRUST CREATE" +.PP +Create a trust trust object by calling lsaCreateTrustedDomainEx2\&. The can be done on a single server or on two servers at once with the possibility to use a random trust password\&. +.PP +\fBOptions:\fR +.PP +otherserver +.RS 4 +Domain controller of the second domain +.RE +.PP +otheruser +.RS 4 +Admin user in the second domain +.RE +.PP +otherdomainsid +.RS 4 +SID of the second domain +.RE +.PP +other_netbios_domain +.RS 4 +NetBIOS (short) name of the second domain +.RE +.PP +otherdomain +.RS 4 +DNS (full) name of the second domain +.RE +.PP +trustpw +.RS 4 +Trust password +.RE +.PP +\fBExamples:\fR +.PP +Create a trust object on srv1\&.dom1\&.dom for the domain dom2 +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +net rpc trust create \e + otherdomainsid=S\-x\-x\-xx\-xxxxxxxxxx\-xxxxxxxxxx\-xxxxxxxxx \e + other_netbios_domain=dom2 \e + otherdomain=dom2\&.dom \e + trustpw=12345678 \e + \-S srv1\&.dom1\&.dom +.fi +.if n \{\ +.RE +.\} +.RE +.PP +Create a trust relationship between dom1 and dom2 +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +net rpc trust create \e + otherserver=srv2\&.dom2\&.test \e + otheruser=dom2adm \e + \-S srv1\&.dom1\&.dom +.fi +.if n \{\ +.RE +.\} +.RE +.SS "RPC TRUST DELETE" +.PP +Delete a trust trust object by calling lsaDeleteTrustedDomain\&. The can be done on a single server or on two servers at once\&. +.PP +\fBOptions:\fR +.PP +otherserver +.RS 4 +Domain controller of the second domain +.RE +.PP +otheruser +.RS 4 +Admin user in the second domain +.RE +.PP +otherdomainsid +.RS 4 +SID of the second domain +.RE +.PP +\fBExamples:\fR +.PP +Delete a trust object on srv1\&.dom1\&.dom for the domain dom2 +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +net rpc trust delete \e + otherdomainsid=S\-x\-x\-xx\-xxxxxxxxxx\-xxxxxxxxxx\-xxxxxxxxx \e + \-S srv1\&.dom1\&.dom +.fi +.if n \{\ +.RE +.\} +.RE +.PP +Delete a trust relationship between dom1 and dom2 +.RS 4 +.sp +.if n \{\ +.RS 4 +.\} +.nf +net rpc trust delete \e + otherserver=srv2\&.dom2\&.test \e + otheruser=dom2adm \e + \-S srv1\&.dom1\&.dom +.fi +.if n \{\ +.RE +.\} +.RE +.SS "" .SS "RPC RIGHTS" .PP This subcommand is used to view and manage Samba\'s rights assignments (also referred to as privileges)\&. There are three options currently available: @@ -725,9 +864,78 @@ Dumps the mappings contained in the local tdb file specified\&. This command is .SS "IDMAP RESTORE [input file]" .PP Restore the mappings from the specified file or stdin\&. -.SS "IDMAP SECRET <DOMAIN>|ALLOC <secret>" +.SS "IDMAP SECRET <DOMAIN> <secret>" .PP Store a secret for the specified domain, used primarily for domains that use idmap_ldap as a backend\&. In this case the secret is used as the password for the user DN used to bind to the ldap server\&. +.SS "IDMAP DELETE [\-f] [\-\-db=<DB>] <ID>" +.PP +Delete a mapping sid <\-> gid or sid <\-> uid from the IDMAP database\&. The mapping is given by <ID> which may either be a sid: S\-x\-\&.\&.\&., a gid: "GID number" or a uid: "UID number"\&. Use \-f to delete an invalid partial mapping <ID> \-> xx +.PP +Use "smbcontrol all idmap \&.\&.\&." to notify running smbd instances\&. See the +\fBsmbcontrol\fR(1) +manpage for details\&. +.SS "IDMAP CHECK [\-v] [\-r] [\-a] [\-T] [\-f] [\-l] [\-\-db=<DB>]" +.PP +Check and repair the IDMAP database\&. If no option is given a read only check of the database is done\&. Among others an interactive or automatic repair mode may be chosen with one of the following options: +.PP +\-r|\-\-repair +.RS 4 +Interactive repair mode, ask a lot of questions\&. +.RE +.PP +\-a|\-\-auto +.RS 4 +Noninteractive repair mode, use default answers\&. +.RE +.PP +\-v|\-\-verbose +.RS 4 +Produce more output\&. +.RE +.PP +\-f|\-\-force +.RS 4 +Try to apply changes, even if they do not apply cleanly\&. +.RE +.PP +\-T|\-\-test +.RS 4 +Dry run, show what changes would be made but don\'t touch anything\&. +.RE +.PP +\-l|\-\-lock +.RS 4 +Lock the database while doing the check\&. +.RE +.PP +\-\-db <DB> +.RS 4 +Check the specified database\&. +.RE +.PP +.RS 4 +.RE +It reports about the finding of the following errors: +.PP +Missing reverse mapping: +.RS 4 +A record with mapping A\->B where there is no B\->A\&. Default action in repair mode is to "fix" this by adding the reverse mapping\&. +.RE +.PP +Invalid mapping: +.RS 4 +A record with mapping A\->B where B\->C\&. Default action is to "delete" this record\&. +.RE +.PP +Missing or invalid HWM: +.RS 4 +A high water mark is not at least equal to the largest ID in the database\&. Default action is to "fix" this by setting it to the largest ID found +1\&. +.RE +.PP +Invalid record: +.RS 4 +Something we failed to parse\&. Default action is to "edit" it in interactive and "delete" it in automatic mode\&. +.RE .SS "USERSHARE" .PP Starting with version 3\&.0\&.23, a Samba server now supports the ability for non\-root users to add user defined shares to be exported using the "net usershare" commands\&. @@ -889,6 +1097,157 @@ Set the list of includes for the provided section (global or share) to the given .SS "CONF DELINCLUDES section" .PP Delete the list of includes from the provided section (global or share)\&. +.SS "REGISTRY" +.PP +Manipulate Samba\'s registry\&. +.PP +The registry commands are: +.RS 4 +net registry enumerate \- Enumerate registry keys and values\&. +.RE +.RS 4 +net registry enumerate_recursive \- Enumerate registry key and its subkeys\&. +.RE +.RS 4 +net registry createkey \- Create a new registry key\&. +.RE +.RS 4 +net registry deletekey \- Delete a registry key\&. +.RE +.RS 4 +net registry deletekey_recursive \- Delete a registry key with subkeys\&. +.RE +.RS 4 +net registry getvalue \- Print a registry value\&. +.RE +.RS 4 +net registry getvalueraw \- Print a registry value (raw format)\&. +.RE +.RS 4 +net registry setvalue \- Set a new registry value\&. +.RE +.RS 4 +net registry increment \- Increment a DWORD registry value under a lock\&. +.RE +.RS 4 +net registry deletevalue \- Delete a registry value\&. +.RE +.RS 4 +net registry getsd \- Get security descriptor\&. +.RE +.RS 4 +net registry getsd_sdd1 \- Get security descriptor in sddl format\&. +.RE +.RS 4 +net registry setsd_sdd1 \- Set security descriptor from sddl format +string\&. +.RE +.RS 4 +net registry import \- Import a registration entries (\&.reg) file\&. +.RE +.RS 4 +net registry export \- Export a registration entries (\&.reg) file\&. +.RE +.RS 4 +net registry convert \- Convert a registration entries (\&.reg) file\&. +.RE +.SS "REGISTRY ENUMERATE key " +.PP +Enumerate subkeys and values of +\fIkey\fR\&. +.SS "REGISTRY ENUMERATE_RECURSIVE key " +.PP +Enumerate values of +\fIkey\fR +and its subkeys\&. +.SS "REGISTRY CREATEKEY key " +.PP +Create a new +\fIkey\fR +if not yet existing\&. +.SS "REGISTRY DELETEKEY key " +.PP +Delete the given +\fIkey\fR +and its values from the registry, if it has no subkeys\&. +.SS "REGISTRY DELETEKEY_RECURSIVE key " +.PP +Delete the given +\fIkey\fR +and all of its subkeys and values from the registry\&. +.SS "REGISTRY GETVALUE key name" +.PP +Output type and actual value of the value +\fIname\fR +of the given +\fIkey\fR\&. +.SS "REGISTRY GETVALUERAW key name" +.PP +Output the actual value of the value +\fIname\fR +of the given +\fIkey\fR\&. +.SS "REGISTRY SETVALUE key name type value ..." +.PP +Set the value +\fIname\fR +of an existing +\fIkey\fR\&. +\fItype\fR +may be one of +\fIsz\fR, +\fImulti_sz\fR +or +\fIdword\fR\&. In case of +\fImulti_sz\fR +\fIvalue\fR +may be given multiple times\&. +.SS "REGISTRY INCREMENT key name [inc]" +.PP +Increment the DWORD value +\fIname\fR +of +\fIkey\fR +by +\fIinc\fR +while holding a g_lock\&. +\fIinc\fR +defaults to 1\&. +.SS "REGISTRY DELETEVALUE key name" +.PP +Delete the value +\fIname\fR +of the given +\fIkey\fR\&. +.SS "REGISTRY GETSD key" +.PP +Get the security descriptor of the given +\fIkey\fR\&. +.SS "REGISTRY GETSD_SDDL key" +.PP +Get the security descriptor of the given +\fIkey\fR +as a Security Descriptor Definition Language (SDDL) string\&. +.SS "REGISTRY SETSD_SDDL keysd" +.PP +Set the security descriptor of the given +\fIkey\fR +from a Security Descriptor Definition Language (SDDL) string +\fIsd\fR\&. +.SS "REGISTRY IMPORT file[opt]" +.PP +Import a registration entries (\&.reg) +\fIfile\fR\&. +.SS "REGISTRY EXPORT keyfile[opt]" +.PP +Export a +\fIkey\fR +to a registration entries (\&.reg) +\fIfile\fR\&. +.SS "REGISTRY CONVERT in out [[inopt] outopt]" +.PP +Convert a registration entries (\&.reg) file +\fIin\fR\&. .SS "EVENTLOG" .PP Starting with version 3\&.4\&.0 net can read, dump, import and export native win32 eventlog files (usually *\&.evt)\&. evt files are used by the native Windows eventviewer tools\&. @@ -1023,6 +1382,7 @@ defines the password for the domain account defined with .\} \fIREBOOT\fR is an optional parameter that can be set to reboot the remote machine after successful join to the domain\&. +.RE .sp .RE .PP @@ -1070,6 +1430,7 @@ defines the password for the domain account defined with .\} \fIREBOOT\fR is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain\&. +.RE .sp .RE .PP @@ -1129,6 +1490,7 @@ defines the password for the domain account defined with .\} \fIREBOOT\fR is an optional parameter that can be set to reboot the remote machine after successful rename in the domain\&. +.RE .sp .RE .PP @@ -1179,6 +1541,7 @@ defines the timeout\&. .\} \fICOMMAND\fR defines the shell command to execute\&. +.RE .SS "G_LOCK LOCKS" .PP Print a list of all currently existing locknames\&. diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 21e823d4f6..c3be237e2e 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -2,12 +2,12 @@ .\" Title: nmbd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "NMBD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "NMBD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index b2b4382880..fbe96dfbf8 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -2,12 +2,12 @@ .\" Title: nmblookup .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "NMBLOOKUP" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "NMBLOOKUP" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/ntlm_auth.1 b/docs/manpages/ntlm_auth.1 index b4eb1f290d..092bdd524d 100644 --- a/docs/manpages/ntlm_auth.1 +++ b/docs/manpages/ntlm_auth.1 @@ -2,12 +2,12 @@ .\" Title: ntlm_auth .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "NTLM_AUTH" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "NTLM_AUTH" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -111,7 +111,7 @@ Parameter:: Base64\-encode value\&. The presence of a single period \&. indicates that one side has finished supplying data to the other\&. (Which in turn could cause the helper to authenticate the user)\&. .sp -Curently implemented parameters from the external program to the helper are: +Currently implemented parameters from the external program to the helper are: .PP Username .RS 4 diff --git a/docs/manpages/pam_winbind.8 b/docs/manpages/pam_winbind.8 index 4ccb16ddee..d52842cf26 100644 --- a/docs/manpages/pam_winbind.8 +++ b/docs/manpages/pam_winbind.8 @@ -2,12 +2,12 @@ .\" Title: pam_winbind .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: 8 -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "PAM_WINBIND" "8" "08/02/2011" "Samba 3\&.5" "8" +.TH "PAM_WINBIND" "8" "01/22/2012" "Samba 3\&.6" "8" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/pam_winbind.conf.5 b/docs/manpages/pam_winbind.conf.5 index 7dc8a73aba..913891cda8 100644 --- a/docs/manpages/pam_winbind.conf.5 +++ b/docs/manpages/pam_winbind.conf.5 @@ -2,12 +2,12 @@ .\" Title: pam_winbind.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: 5 .\" Source: Samba 3.6 .\" Language: English .\" -.TH "PAM_WINBIND\&.CONF" "5" "08/02/2011" "Samba 3\&.6" "5" +.TH "PAM_WINBIND\&.CONF" "5" "01/22/2012" "Samba 3\&.6" "5" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index ae4333cebf..4119b840c4 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -2,12 +2,12 @@ .\" Title: pdbedit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "PDBEDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "PDBEDIT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -316,6 +316,7 @@ X: Password does not expire .IP \(bu 2.3 .\} I: Domain Trust Account +.RE .sp .RE .sp diff --git a/docs/manpages/profiles.1 b/docs/manpages/profiles.1 index abc46a7945..7d7c5f139c 100644 --- a/docs/manpages/profiles.1 +++ b/docs/manpages/profiles.1 @@ -2,12 +2,12 @@ .\" Title: profiles .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "PROFILES" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "PROFILES" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -45,7 +45,7 @@ Increases verbosity of messages\&. .PP \-c SID1 \-n SID2 .RS 4 -Change all occurences of SID1 in +Change all occurrences of SID1 in file by SID2\&. .RE diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 54b3b6241b..f7cec70804 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -2,12 +2,12 @@ .\" Title: rpcclient .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "RPCCLIENT" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "RPCCLIENT" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -41,9 +41,9 @@ line from \fBsmb.conf\fR(5)\&. .RE .PP -\-c|\-\-command=\'command string\' +\-c|\-\-command=<command string> .RS 4 -execute semicolon separated commands (listed below)) +Execute semicolon separated commands (listed below) .RE .PP \-I|\-\-dest\-ip IP\-address @@ -465,7 +465,7 @@ adddriver) and the enumports\&. .RE .PP -deldriver +deldriver <driver> .RS 4 Delete the specified printer driver for all architectures\&. This does not delete the actual driver files from the server, only the entry from the server\'s list of drivers\&. .RE diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index 96a52295df..5bd2ce920c 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -2,12 +2,12 @@ .\" Title: samba .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: Miscellanea -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SAMBA" "7" "08/02/2011" "Samba 3\&.5" "Miscellanea" +.TH "SAMBA" "7" "01/22/2012" "Samba 3\&.6" "Miscellanea" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -180,7 +180,7 @@ is a utility that retrieves and stores information related to winbind\&. \fBprofiles\fR(1) .RS 4 profiles -is a command\-line utility that can be used to replace all occurences of a certain SID with another SID\&. +is a command\-line utility that can be used to replace all occurrences of a certain SID with another SID\&. .RE .PP \fBlog2pcap\fR(1) diff --git a/docs/manpages/sharesec.1 b/docs/manpages/sharesec.1 index f376bc2402..56ef796042 100644 --- a/docs/manpages/sharesec.1 +++ b/docs/manpages/sharesec.1 @@ -2,12 +2,12 @@ .\" Title: sharesec .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SHARESEC" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SHARESEC" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -210,6 +210,7 @@ The mask is a value which expresses the access right granted to the SID\&. It ca .\} \fIO\fR \- Take ownership +.RE .sp .RE .PP @@ -249,6 +250,7 @@ The following combined permissions can be specified: .\} \fIFULL\fR \- Equivalent to \'RWXDPO\' permissions +.RE .SH "EXIT STATUS" .PP The diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index a43ac4cecb..14f3da182a 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -2,12 +2,12 @@ .\" Title: smb.conf .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: File Formats and Conventions -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMB\&.CONF" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions" +.TH "SMB\&.CONF" "5" "01/22/2012" "Samba 3\&.6" "File Formats and Conventions" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -148,6 +148,7 @@ The share name is changed from homes to the located username\&. .IP \(bu 2.3 .\} If no path was given, the path is set to the user\'s home directory\&. +.RE .sp .RE .PP @@ -235,6 +236,7 @@ If no printer name was given, the printer name is set to the located printer nam .IP \(bu 2.3 .\} If the share does not permit guest access and no username was given, the username is set to the located printer name\&. +.RE .sp .RE .PP @@ -455,18 +457,22 @@ the process id of the current server process\&. .PP %a .RS 4 -The architecture of the remote machine\&. It currently recognizes Samba (\fBSamba\fR), the Linux CIFS file system (\fBCIFSFS\fR), OS/2, (\fBOS2\fR), Windows for Workgroups (\fBWfWg\fR), Windows 9x/ME (\fBWin95\fR), Windows NT (\fBWinNT\fR), Windows 2000 (\fBWin2K\fR), Windows XP (\fBWinXP\fR), Windows XP 64\-bit(\fBWinXP64\fR), Windows 2003 including 2003R2 (\fBWin2K3\fR), and Windows Vista (\fBVista\fR)\&. Anything else will be known as +The architecture of the remote machine\&. It currently recognizes Samba (\fBSamba\fR), the Linux CIFS file system (\fBCIFSFS\fR), OS/2, (\fBOS2\fR), Mac OS X (\fBOSX\fR), Windows for Workgroups (\fBWfWg\fR), Windows 9x/ME (\fBWin95\fR), Windows NT (\fBWinNT\fR), Windows 2000 (\fBWin2K\fR), Windows XP (\fBWinXP\fR), Windows XP 64\-bit(\fBWinXP64\fR), Windows 2003 including 2003R2 (\fBWin2K3\fR), and Windows Vista (\fBVista\fR)\&. Anything else will be known as \fBUNKNOWN\fR\&. .RE .PP %I .RS 4 the IP address of the client machine\&. +.sp +Before 3\&.6\&.0 it could contain IPv4 mapped IPv6 addresses, now it only contains IPv4 or IPv6 addresses\&. .RE .PP %i .RS 4 the local IP address to which a client connected\&. +.sp +Before 3\&.6\&.0 it could contain IPv4 mapped IPv6 addresses, now it only contains IPv4 or IPv6 addresses\&. .RE .PP %T @@ -554,13 +560,13 @@ controls whether filenames are case sensitive\&. If they aren\'t, Samba must do default case = upper/lower .RS 4 controls what the default case is for new filenames (ie\&. files that don\'t currently exist in the filesystem)\&. Default -\fIlower\fR\&. IMPORTANT NOTE: This option will be used to modify the case of -\fIall\fR -incoming client filenames, not just new filenames if the options +\fIlower\fR\&. IMPORTANT NOTE: As part of the optimizations for directories containing large numbers of files, the following special case applies\&. If the options \m[blue]\fBcase sensitive = yes\fR\m[], -\m[blue]\fBpreserve case = No\fR\m[], +\m[blue]\fBpreserve case = No\fR\m[], and \m[blue]\fBshort preserve case = No\fR\m[] -are set\&. This change is needed as part of the optimisations for directories containing large numbers of files\&. +are set, then the case of +\fIall\fR +incoming client filenames, not just new filenames, will be modified\&. See additional notes below\&. .RE .PP preserve case = yes/no @@ -908,9 +914,10 @@ Samba 3\&.0\&.23 introduced support for adding printer ports remotely using the .IP \(bu 2.3 .\} \fIdevice URI\fR +.RE .sp .RE -The deviceURI is in the for of socket://<hostname>[:<portnumber>] or lpd://<hostname>/<queuename>\&. +The deviceURI is in the format of socket://<hostname>[:<portnumber>] or lpd://<hostname>/<queuename>\&. .sp Default: \fI\fIadd port command\fR\fR\fI = \fR\fI\fR\fI \fR @@ -1000,6 +1007,7 @@ is automatically invoked with the following parameter (in order): .IP \(bu 2.3 .\} \fIWindows 9x driver location\fR +.RE .sp .RE All parameters are filled in from the PRINTER_INFO_2 structure sent by the Windows NT/2000 client with one exception\&. The "Windows 9x driver location" parameter is included for backwards compatibility only\&. The remaining fields in the structure are generated from answers to the APW questions\&. @@ -1108,6 +1116,7 @@ file\&. .\} \fImax connections\fR Number of maximum simultaneous connections to this share\&. +.RE .sp .RE This parameter is only used to add file shares\&. To add printer shares, see the @@ -1352,6 +1361,32 @@ Example: \fI\fIallocation roundup size\fR\fR\fI = \fR\fI0 # (to disable roundups)\fR\fI \fR .RE +allow insecure wide links (G) +.\" allow insecure wide links +.PP +.RS 4 +In normal operation the option +\m[blue]\fBwide links\fR\m[] +which allows the server to follow symlinks outside of a share path is automatically disabled when +\m[blue]\fBunix extensions\fR\m[] +are enabled on a Samba server\&. This is done for security purposes to prevent UNIX clients creating symlinks to areas of the server file system that the administrator does not wish to export\&. +.sp +Setting +\m[blue]\fBallow insecure wide links\fR\m[] +to true disables the link between these two parameters, removing this protection and allowing a site to configure the server to follow symlinks (by setting +\m[blue]\fBwide links\fR\m[] +to "true") even when +\m[blue]\fBunix extensions\fR\m[] +is turned on\&. +.sp +If is not recommended to enable this option unless you fully understand the implications of allowing the server to follow symbolic links created by UNIX clients\&. For most normal Samba configurations this would be considered a security hole and setting this parameter is not recommended\&. +.sp +This option was added at the request of sites who had deliberately set Samba up in this way and needed to continue supporting this functionality without having to patch the Samba code\&. +.sp +Default: +\fI\fIallow insecure wide links\fR\fR\fI = \fR\fIno\fR\fI \fR +.RE + allow trusted domains (G) .\" allow trusted domains .PP @@ -1398,6 +1433,16 @@ Example: \fI\fIannounce version\fR\fR\fI = \fR\fI2\&.0\fR\fI \fR .RE +async smb echo handler (G) +.\" async smb echo handler +.PP +.RS 4 +This parameter specifies whether Samba should fork the async smb echo handler\&. It can be beneficial if your file system can block syscalls for a very long time\&. In some circumstances, it prolongs the timeout that Windows uses to determine whether a connection is dead\&. +.sp +Default: +\fI\fIasync smb echo handler\fR\fR\fI = \fR\fIno\fR\fI \fR +.RE + auth methods (G) .\" auth methods .PP @@ -1741,6 +1786,7 @@ file\&. .\} \fImax connections\fR Number of maximum simultaneous connections to this share\&. +.RE .sp .RE This parameter is only used to modify existing file share definitions\&. To modify printer shares, use the "Printers\&.\&.\&." folder as seen when browsing the Samba host\&. @@ -1838,7 +1884,7 @@ This parameter determines whether or not \fBsmbclient\fR(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response\&. .sp -If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent\&. Many servers (including NT4 < SP4, Win9x and Samba 2\&.2) are not compatible with NTLMv2\&. +If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent\&. Older servers (including NT4 < SP4, Win9x and Samba 2\&.2) are not compatible with NTLMv2 when not in an NTLMv2 supporting domain .sp Similarly, if enabled, NTLMv1, client lanman auth @@ -1849,10 +1895,10 @@ authentication will be disabled\&. This also disables share\-level authenticatio If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth\&. .sp -Note that some sites (particularly those following \'best practice\' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&. +Note that Windows Vista and later versions already use NTLMv2 by default, and some sites (particularly those following \'best practice\' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&. .sp Default: -\fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIno\fR\fI \fR +\fI\fIclient ntlmv2 auth\fR\fR\fI = \fR\fIyes\fR\fI \fR .RE client plaintext auth (G) @@ -2119,6 +2165,20 @@ Example: \fI\fIctdbd socket\fR\fR\fI = \fR\fI/tmp/ctdb\&.socket\fR\fI \fR .RE +ctdb locktime warn threshold (G) +.\" ctdb locktime warn threshold +.PP +.RS 4 +In a cluster environment using Samba and ctdb it is critical that locks on central ctdb\-hosted databases like locking\&.tdb are not held for long\&. With the current Samba architecture it happens that Samba takes a lock and while holding that lock makes file system calls into the shared cluster file system\&. This option makes Samba warn if it detects that it has held locks for the specified number of milliseconds\&. If this happens, +\fIsmbd\fR +will emit a debug level 0 message into its logs and potentially into syslog\&. The most likely reason for such a log message is that an operation of the cluster file system Samba exports is taking longer than expected\&. The messages are meant as a debugging aid for potential cluster problems\&. +.sp +The default value of 0 disables this logging\&. +.sp +Default: +\fI\fIctdb locktime warn threshold\fR\fR\fI = \fR\fI0\fR\fI \fR +.RE + ctdb timeout (G) .\" ctdb timeout .PP @@ -2544,6 +2604,7 @@ file\&. .\} \fIshareName\fR \- the name of the existing service\&. +.RE .sp .RE This parameter is only used to remove file shares\&. To delete printer shares, see the @@ -3010,7 +3071,7 @@ enable privileges (G) .\" enable privileges .PP .RS 4 -This parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either +This deprecated parameter controls whether or not smbd will honor privileges assigned to specific SIDs via either net rpc rights or one of the Windows user and group manager tools\&. This parameter is enabled by default\&. It can be disabled to prevent members of the Domain Admins group from being able to assign privileges to users or groups which can then result in certain smbd operations running as root that would normally run under the context of the connected user\&. .sp @@ -3414,6 +3475,7 @@ type of query .IP \(bu 2.3 .\} uid of user or gid of group +.RE .sp .RE The type of query can be one of : @@ -3460,6 +3522,7 @@ The type of query can be one of : .IP \(bu 2.3 .\} 4 \- group default quotas (gid = \-1) +.RE .sp .RE This script should print one line as output with spaces between the arguments\&. The arguments are: @@ -3550,6 +3613,7 @@ Arg 7 \- the hardlimit number of inodes .IP \(bu 2.3 .\} Arg 8(optional) \- the number of bytes in a block(default is 1024) +.RE .sp .RE Default: @@ -3613,7 +3677,7 @@ If this parameter is for a service, then no password is required to connect to the service\&. Privileges will be those of the \m[blue]\fBguest account\fR\m[]\&. .sp -This paramater nullifies the benifits of setting +This parameter nullifies the benefits of setting \m[blue]\fBrestrict anonymous = 2\fR\m[] .sp See the section below on @@ -3907,63 +3971,14 @@ Example: \fI\fIhosts deny\fR\fR\fI = \fR\fI150\&.203\&.4\&. badhost\&.mynet\&.edu\&.au\fR\fI \fR .RE -idmap alloc backend (G) -.\" idmap alloc backend -.PP -.RS 4 -The idmap alloc backend provides a plugin interface for Winbind to use when allocating Unix uids/gids for Windows SIDs\&. This option refers to the name of the idmap module which will provide the id allocation functionality\&. Please refer to the man page for each idmap plugin to determine whether or not the module implements the allocation feature\&. The most common plugins are the tdb (\fBidmap_tdb\fR(8)) and ldap (\fBidmap_ldap\fR(8)) libraries\&. -.sp -This parameter defaults to the value -\m[blue]\fBidmap backend\fR\m[] -was set to, so by default winbind will allocate Unix IDs from the default backend\&. You will only need to set this parameter explicitly if you have an external source for Unix IDs, like a central database service somewhere in your company\&. -.sp -Also refer to the -\m[blue]\fBidmap alloc config\fR\m[] -option\&. -.sp -\fINo default\fR -.sp -Example: -\fI\fIidmap alloc backend\fR\fR\fI = \fR\fItdb\fR\fI \fR -.RE - -idmap alloc config (G) -.\" idmap alloc config -.PP -.RS 4 -The idmap alloc config prefix provides a means of managing settings for the backend defined by the -\m[blue]\fBidmap alloc backend\fR\m[] -parameter\&. Refer to the man page for each idmap plugin regarding specific configuration details\&. -.sp -\fINo default\fR -.RE - idmap backend (G) .\" idmap backend .PP .RS 4 The idmap backend provides a plugin interface for Winbind to use varying backends to store SID/uid/gid mapping tables\&. .sp -This option specifies the default backend that is used when no special configuration set by -\m[blue]\fBidmap config\fR\m[] -matches the specific request\&. -.sp -This default backend also specifies the place where winbind\-generated idmap entries will be stored\&. So it is highly recommended that you specify a writable backend like -\fBidmap_tdb\fR(8) -or -\fBidmap_ldap\fR(8) -as the idmap backend\&. The -\fBidmap_rid\fR(8) -and -\fBidmap_ad\fR(8) -backends are not writable and thus will generate unexpected results if set as idmap backend\&. -.sp -To use the rid and ad backends, please specify them via the -\m[blue]\fBidmap config\fR\m[] -parameter, possibly also for the domain your machine is member of, specified by -\m[blue]\fBworkgroup\fR\m[]\&. -.sp -Examples of SID/uid/gid backends include tdb (\fBidmap_tdb\fR(8)), ldap (\fBidmap_ldap\fR(8)), rid (\fBidmap_rid\fR(8)), and ad (\fBidmap_ad\fR(8))\&. +This option specifies the default backend that is used when no special configuration set, but it is now deprecated in favour of the new spelling +\m[blue]\fBidmap config * : backend\fR\m[]\&. .sp Default: \fI\fIidmap backend\fR\fR\fI = \fR\fItdb\fR\fI \fR @@ -3983,26 +3998,38 @@ idmap config (G) .\" idmap config .PP .RS 4 -The idmap config prefix provides a means of managing each trusted domain separately\&. The idmap config prefix should be followed by the name of the domain, a colon, and a setting specific to the chosen backend\&. There are three options available for all domains: +ID mapping in Samba is the mapping between Windows SIDs and Unix user and group IDs\&. This is performed by Winbindd with a configurable plugin interface\&. Samba\'s ID mapping is configured by options starting with the +\m[blue]\fBidmap config\fR\m[] +prefix\&. An idmap option consists of the +\m[blue]\fBidmap config\fR\m[] +prefix, followed by a domain name or the asterisk character (*), a colon, and the name of an idmap setting for the chosen domain\&. +.sp +The idmap configuration is hence divided into groups, one group for each domain to be configured, and one group with the the asterisk instead of a proper domain name, which speifies the default configuration that is used to catch all domains that do not have an explicit idmap configuration of their own\&. +.sp +There are three general options available: .PP backend = backend_name .RS 4 -Specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain\&. +This specifies the name of the idmap plugin to use as the SID/uid/gid backend for this domain\&. The standard backends are tdb (\fBidmap_tdb\fR(8)), tdb2 (\fBidmap_tdb2\fR(8)), ldap (\fBidmap_ldap\fR(8)), , rid (\fBidmap_rid\fR(8)), , hash (\fBidmap_hash\fR(8)), , autorid (\fBidmap_autorid\fR(8)), , ad (\fBidmap_ad\fR(8)), , adex (\fBidmap_adex\fR(8)), , and nss\&. (\fBidmap_nss\fR(8)), The corresponding manual pages contain the details, but here is a summary\&. +.sp +The first three of these create mappings of their own using internal unixid counters and store the mappings in a database\&. These are suitable for use in the default idmap configuration\&. The rid and hash backends use a pure algorithmic calculation to determine the unixid for a SID\&. The autorid module is a mixture of the tdb and rid backend\&. It creates ranges for each domain encountered and then uses the rid algorithm for each of these automatically configured domains individually\&. The ad and adex backends both use unix IDs stored in Active Directory via the standard schema extensions\&. The nss backend reverses the standard winbindd setup and gets the unixids via names from nsswitch which can be useful in an ldap setup\&. .RE .PP range = low \- high .RS 4 -Defines the available matching uid and gid range for which the backend is authoritative\&. Note that the range commonly matches the allocation range due to the fact that the same backend will store and retrieve SID/uid/gid mapping entries\&. +Defines the available matching uid and gid range for which the backend is authoritative\&. For allocating backends, this also defines the start and the end of the range for allocating new unid IDs\&. .sp -winbind uses this parameter to find the backend that is authoritative for a unix ID to SID mapping, so it must be set for each individually configured domain, and it must be disjoint from the ranges set via -\m[blue]\fBidmap uid\fR\m[] -and -\m[blue]\fBidmap gid\fR\m[]\&. +winbind uses this parameter to find the backend that is authoritative for a unix ID to SID mapping, so it must be set for each individually configured domain and for the default configuration\&. The configured ranges must be mutually disjoint\&. +.RE +.PP +read only = yes|no +.RS 4 +This option can be used to turn the writing backends tdb, tdb2, and ldap into read only mode\&. This can be useful e\&.g\&. in cases where a pre\-filled database exists that should not be extended automatically\&. .RE .sp The following example illustrates how to configure the \fBidmap_ad\fR(8) -for the CORP domain and the +backend for the CORP domain and the \fBidmap_tdb\fR(8) backend for all other domains\&. This configuration assumes that the admin of CORP assigns unix ids below 1000000 via the SFU extensions, and winbind is supposed to use the next million entries for its own mappings from trusted domains and for local groups for example\&. .sp @@ -4010,9 +4037,8 @@ backend for all other domains\&. This configuration assumes that the admin of CO .RS 4 .\} .nf - idmap backend = tdb - idmap uid = 1000000\-1999999 - idmap gid = 1000000\-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 idmap config CORP : backend = ad idmap config CORP : range = 1000\-999999 @@ -4037,12 +4063,12 @@ idmap gid (G) .\" idmap gid .PP .RS 4 -The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&. +The idmap gid parameter specifies the range of group ids for the default idmap configuration\&. It is now deprecated in favour of +\m[blue]\fBidmap config * : range\fR\m[]\&. .sp -See also the -\m[blue]\fBidmap backend\fR\m[], and +See the \m[blue]\fBidmap config\fR\m[] -options\&. +option\&. .sp Default: \fI\fIidmap gid\fR\fR\fI = \fR\fI\fR\fI \fR @@ -4073,13 +4099,12 @@ idmap uid (G) .\" idmap uid .PP .RS 4 -The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&. +The idmap uid parameter specifies the range of user ids for the default idmap configuration\&. It is now deprecated in favour of +\m[blue]\fBidmap config * : range\fR\m[]\&. .sp -See also the -\m[blue]\fBidmap backend\fR\m[] -and +See the \m[blue]\fBidmap config\fR\m[] -options\&. +option\&. .sp Default: \fI\fIidmap uid\fR\fR\fI = \fR\fI\fR\fI \fR @@ -4246,6 +4271,7 @@ an IP/mask pair\&. .IP \(bu 2.3 .\} a broadcast/mask pair\&. +.RE .sp .RE The "mask" parameters can either be a bit length (such as 24 for a C class network) or a full netmask in dotted decimal form\&. @@ -4376,6 +4402,7 @@ dedicated keytab \- use a dedicated keytab for ticket verification .IP \(bu 2.3 .\} secrets and keytab \- use the secrets\&.tdb first, then the system keytab +.RE .sp .RE The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals\&. @@ -4693,6 +4720,7 @@ can be set to one of three values: .\} \fIOnly\fR = Only update the LDAP password and let the LDAP server do the rest\&. +.RE .sp .RE Default: @@ -4889,6 +4917,7 @@ can be set to one of two values: .\} \fIstart tls\fR = Use the LDAPv3 StartTLS extended operation (RFC2830) for communicating with the directory server\&. +.RE .sp .RE Please note that this parameter does only affect @@ -5391,6 +5420,7 @@ This parameter has been extended since the 2\&.2\&.x series, now it allows to sp .IP \(bu 2.3 .\} \fIregistry\fR +.RE .sp .RE Default: @@ -5571,6 +5601,16 @@ Example: \fI\fIlogon script\fR\fR\fI = \fR\fIscripts\e%U\&.bat\fR\fI \fR .RE +log writeable files on exit (G) +.\" log writeable files on exit +.PP +.RS 4 +When the network connection between a CIFS client and Samba dies, Samba has no option but to simply shut down the server side of the network connection\&. If this happens, there is a risk of data corruption because the Windows client did not complete all write operations that the Windows application requested\&. Setting this option to "yes" makes smbd log with a level 0 message a list of all files that have been opened for writing when the network connection died\&. Those are the files that are potentially corrupted\&. It is meant as an aid for the administrator to give him a list of files to do consistency checks on\&. +.sp +Default: +\fI\fIlog writeable files on exit\fR\fR\fI = \fR\fIno\fR\fI \fR +.RE + lppause command (S) .\" lppause command .PP @@ -5871,6 +5911,7 @@ option, if you don\'t like \'~\'\&. .IP \(bu 2.3 .\} Files whose UNIX name begins with a dot will be presented as DOS hidden files\&. The mangled name will be created as for other filenames, but with the leading dot removed and "___" as its extension regardless of actual original extension (that\'s three underscores)\&. +.RE .sp .RE The two\-digit hash value consists of upper case alphanumeric characters\&. @@ -6031,6 +6072,7 @@ by reading the unix permissions and POSIX ACL (if present)\&. If the connecting \- The read only DOS attribute is unaffected by permissions, and can only be set by the \m[blue]\fBstore dos attributes\fR\m[] method\&. This may be useful for exporting mounted CDs\&. +.RE .sp .RE Default: @@ -6125,6 +6167,7 @@ parameter this way :\-)\&. .\} \fBBad Uid\fR \- Is only applicable when Samba is configured in some type of domain mode security (security = {domain|ads}) and means that user logins which are successfully authenticated but which have no valid Unix user account (and smbd is unable to create one) should be mapped to the defined guest account\&. This was the default behavior of Samba 2\&.x releases\&. Note that if a member server is running winbindd, this option should never be required because the nss_winbind library will export the Windows domain users and groups to the underlying OS via the Name Service Switch interface\&. +.RE .sp .RE Note that this parameter is needed to set up "Guest" share services when using @@ -6341,6 +6384,7 @@ version of the protocol\&. Long filename support\&. .IP \(bu 2.3 .\} \fBSMB2\fR: Re\-implementation of the SMB protocol\&. Used by Windows Vista and newer\&. The Samba implementation of SMB2 is currently marked experimental! +.RE .sp .RE Normally this option should not be set as the automatic negotiation phase in the SMB protocol takes care of choosing the appropriate protocol\&. @@ -6503,6 +6547,7 @@ Apart from the standard substitutions, some additional ones apply\&. In particul .\} \fI%f\fR = who the message is from\&. +.RE .sp .RE You could make this command send mail, or whatever else takes your fancy\&. Please let us know of any really interesting ideas you have\&. @@ -6635,6 +6680,18 @@ Default: \fI\fImsdfs root\fR\fR\fI = \fR\fIno\fR\fI \fR .RE +multicast dns register (G) +.\" multicast dns register +.PP +.RS 4 +If compiled with proper support for it, Samba will announce itself with multicast DNS services like for example provided by the Avahi daemon\&. +.sp +This parameter allows disabling Samba to register itself\&. +.sp +Default: +\fI\fImulticast dns register\fR\fR\fI = \fR\fIyes\fR\fI \fR +.RE + name cache timeout (G) .\" name cache timeout .PP @@ -6711,6 +6768,7 @@ parameter\&. If no WINS server has been specified this method will be ignored\&. : Do a broadcast on each of the known local interfaces listed in the \m[blue]\fBinterfaces\fR\m[] parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. +.RE .sp .RE The example below will cause the local lmhosts file to be examined first, followed by a broadcast attempt, followed by a normal system hostname lookup\&. @@ -6729,6 +6787,22 @@ Example: \fI\fIname resolve order\fR\fR\fI = \fR\fIlmhosts bcast host\fR\fI \fR .RE +ncalrpc dir (G) +.\" ncalrpc dir +.PP +.RS 4 +This directory will hold a series of named pipes to allow RPC over inter\-process communication\&. +.sp +\&. + This will allow Samba and other unix processes to interact over DCE/RPC without using TCP/IP\&. Additionally a sub\-directory \'np\' has restricted permissions, and allows a trusted communication channel between Samba processes +.sp +Default: +\fI\fIncalrpc dir\fR\fR\fI = \fR\fI${prefix}/var/ncalrpc\fR\fI \fR +.sp +Example: +\fI\fIncalrpc dir\fR\fR\fI = \fR\fI/var/run/samba/ncalrpc\fR\fI \fR +.RE + netbios aliases (G) .\" netbios aliases .PP @@ -7115,6 +7189,7 @@ LDAP connections should be secured where possible\&. This may be done using eith in the URL argument\&. .sp Multiple servers may also be specified in double\-quotes\&. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use\&. +.RE .sp .RE @@ -7278,7 +7353,7 @@ password level (G) .RS 4 Some client/server combinations have difficulty with mixed\-case passwords\&. One offending client is Windows for Workgroups, which for some reason forces passwords to upper case when using the LANMAN1 protocol, but leaves them alone when using COREPLUS! Another problem child is the Windows 95/98 family of operating systems\&. These clients upper case clear text passwords even when NT LM 0\&.12 selected by the protocol negotiation request/response\&. .sp -This parameter defines the maximum number of characters that may be upper case in passwords\&. +This deprecated parameter defines the maximum number of characters that may be upper case in passwords\&. .sp For example, say the password given was "FRED"\&. If \fI password level\fR @@ -7316,61 +7391,31 @@ By specifying the name of another SMB server or Active Directory domain controll security = [ads|domain|server] it is possible to get Samba to do all its username/password validation using a specific remote server\&. .sp -This option sets the name or IP address of the password server to use\&. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm\&. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e\&.g\&. 192\&.168\&.1\&.100:389)\&. If you do not specify a port, Samba will use the standard LDAP port of tcp/389\&. Note that port numbers have no effect on password servers for Windows NT 4\&.0 domains or netbios connections\&. -.sp -If parameter is a name, it is looked up using the parameter -\m[blue]\fBname resolve order\fR\m[] -and so may resolved by any method and order described in that parameter\&. -.sp -The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&. -.if n \{\ -.sp -.\} -.RS 4 -.it 1 an-trap -.nr an-no-space-flag 1 -.nr an-break-flag 1 -.br -.ps +1 -\fBNote\fR -.ps -1 -.br -Using a password server means your UNIX box (running Samba) is only as secure as your password server\&. -\fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&. -.sp .5v -.RE -Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server! -.sp -The name of the password server takes the standard substitutions, but probably the only useful one is -\fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow! -.sp If the \fIsecurity\fR parameter is set to \fBdomain\fR or -\fBads\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character \'*\', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using -security = domain -is that if you list several hosts in the +\fBads\fR, then this option +\fIshould not\fR +be used, as the default \'*\' indicates to Samba to determine the best DC to contact dynamically, just as all other hosts in an AD domain do\&. This allows the domain to be maintained without modification to the smb\&.conf file\&. The cryptograpic protection on the authenticated RPC calls used to verify passwords ensures that this default is safe\&. +.sp +\fIIt is strongly recommended that you use the default of \'*\'\fR, however if in your particular environment you have reason to specify a particular DC list, then the list of machines in this option must be a list of names or IP addresses of Domain controllers for the Domain\&. If you use the default of \'*\', or list several hosts in the \fIpassword server\fR option then smbd will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&. .sp -If the -\fIpassword server\fR -option is set to the character \'*\', then Samba will attempt to auto\-locate the Primary or Backup Domain controllers to authenticate against by doing a query for the name -\fBWORKGROUP<1C>\fR -and then contacting each server returned in the list of IP addresses from the name resolution source\&. -.sp If the list of servers contains both names/IP\'s and the \'*\' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC\'s will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&. .sp +If parameter is a name, it is looked up using the parameter +\m[blue]\fBname resolve order\fR\m[] +and so may resolved by any method and order described in that parameter\&. +.sp If the \fIsecurity\fR parameter is set to -\fBserver\fR, then there are different restrictions that -security = domain -doesn\'t suffer from: +\fBserver\fR, these additional restrictions apply: .sp .RS 4 .ie n \{\ @@ -7398,9 +7443,67 @@ mode and cannot be fixed in Samba\&. .sp -1 .IP \(bu 2.3 .\} -If you are using a Windows NT server as your password server then you will have to ensure that your users are able to login from the Samba server, as when in +You will have to ensure that your users are able to login from the Samba server, as when in security = server -mode the network logon will appear to come from there rather than from the users workstation\&. +mode the network logon will appear to come from the Samba server rather than from the users workstation\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The client must not select NTLMv2 authentication\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Using a password server means your UNIX box (running Samba) is only as secure as (a host masqurading as) your password server\&. +\fIDO NOT CHOOSE A PASSWORD SERVER THAT YOU DON\'T COMPLETELY TRUST\fR\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +Never point a Samba server at itself for password serving\&. This will cause a loop and could lock up your Samba server! +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The name of the password server takes the standard substitutions, but probably the only useful one is +\fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow! +.RE .sp .RE Default: @@ -7474,7 +7577,7 @@ posix locking (S) .RS 4 The \fBsmbd\fR(8) -daemon maintains an database of file locks obtained by SMB clients\&. The default behavior is to map this internal database to POSIX locks\&. This means that file locks obtained by SMB clients are consistent with those seen by POSIX compliant applications accessing the files via a non\-SMB method (e\&.g\&. NFS or local file access)\&. You should never need to disable this parameter\&. +daemon maintains an database of file locks obtained by SMB clients\&. The default behavior is to map this internal database to POSIX locks\&. This means that file locks obtained by SMB clients are consistent with those seen by POSIX compliant applications accessing the files via a non\-SMB method (e\&.g\&. NFS or local file access)\&. It is very unlikely that you need to set this parameter to "no", unless you are sharing from an NFS mount, which is not a good idea in the first place\&. .sp Default: \fI\fIposix locking\fR\fR\fI = \fR\fIyes\fR\fI \fR @@ -7652,7 +7755,7 @@ printcap cache time (G) .\" printcap cache time .PP .RS 4 -This option specifies the number of seconds before the printing subsystem is again asked for the known printers\&. If the value is greater than 60 the initial waiting time is set to 60 seconds to allow an earlier first rescan of the printing subsystem\&. +This option specifies the number of seconds before the printing subsystem is again asked for the known printers\&. .sp Setting this parameter to 0 disables any rescanning for new or removed printers after the initial startup\&. .sp @@ -7916,6 +8019,20 @@ Example: \fI\fIprintjob username\fR\fR\fI = \fR\fI%D\e%U\fR\fI \fR .RE +print notify backchannel (S) +.\" print notify backchannel +.PP +.RS 4 +Windows print clients can update print queue status by expecting the server to open a backchannel SMB connection to them\&. Due to client firewall settings this can cause considerable timeouts and will often fail, as there is no guarantee the client is even running an SMB server\&. By setting this parameter to +\fBno\fR +the Samba print server will not try to connect back to clients and treat corresponding requests as if the connection back to the client failed\&. The default setting of +\fByes\fR +causes smbd to attempt this connection\&. +.sp +Default: +\fI\fIprint notify backchannel\fR\fR\fI = \fR\fIyes\fR\fI \fR +.RE + private dir (G) .\" private dir .PP @@ -8315,6 +8432,48 @@ Default: \fI\fIroot preexec\fR\fR\fI = \fR\fI\fR\fI \fR .RE +rpc_server (G) +.\" rpc_server +.PP +.RS 4 +Defines what kind of rpc server to use for a named pipe\&. The rpc_server prefix must be followed by the pipe name, and a value\&. +.sp +Three possible values are currently supported: +embedded +daemon +external +.sp +The classic method is to run every pipe as an internal function +\fIembedded\fR +in smbd\&. +.sp +An alternative method is to fork a +\fIdaemon\fR +early on at smbd startup time\&. This is supported only for selected pipes\&. +.sp +Choosing the +\fIexternal\fR +option allows to run a completely independent (3rd party) server capable of interfacing with samba via the MS\-RPC interface over named pipes\&. +.sp +Currently only the spoolss pipe can be configured in +\fIdaemon\fR +mode like this: +.sp +.if n \{\ +.RS 4 +.\} +.nf + rpc_server:spoolss = daemon + +.fi +.if n \{\ +.RE +.\} +.sp +Default: +\fI\fIrpc_server\fR\fR\fI = \fR\fInone\fR\fI \fR +.RE + security mask (S) .\" security mask .PP @@ -8355,27 +8514,22 @@ The default is security = user, as this is the most common setting needed when talking to Windows 98 and Windows NT\&. .sp The alternatives are -security = share, -security = server +security = ads or -security = domain\&. +security = domain, which support joining Samba to a Windows domain, along with +security = share +and +security = server, both of which are deprecated\&. .sp In versions of Samba prior to 2\&.0\&.0, the default was security = share mainly because that was the only option at one stage\&. .sp -There is a bug in WfWg that has relevance to this setting\&. When in user or server level security a WfWg client will totally ignore the username and password you type in the "connect drive" dialog box\&. This makes it very difficult (if not impossible) to connect to a Samba service as anyone except the user that you are logged into WfWg as\&. -.sp -If your PCs use usernames that are the same as their usernames on the UNIX machine then you will want to use -security = user\&. If you mostly use usernames that don\'t exist on the UNIX box then use -security = share\&. -.sp -You should also use -security = share -if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&. It is more difficult to setup guest shares with -security = user, see the +You should use +security = user +and \m[blue]\fBmap to guest\fR\m[] -parameter for details\&. +if you want to mainly setup shares without a password (guest shares)\&. This is commonly used for a shared printer server\&. .sp It is possible to use smbd @@ -8386,8 +8540,80 @@ where it is offers both user and share level security under different .sp The different settings will now be explained\&. .sp +\fISECURITY = USER\fR +.sp +This is the default security setting in Samba\&. With user\-level security a client must first "log\-on" with a valid username and password (which can be mapped using the +\m[blue]\fBusername map\fR\m[] +parameter)\&. Encrypted passwords (see the +\m[blue]\fBencrypted passwords\fR\m[] +parameter) can also be used in this security mode\&. Parameters such as +\m[blue]\fBuser\fR\m[] +and +\m[blue]\fBguest only\fR\m[] +if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated\&. +.sp +\fINote\fR +that the name of the resource being requested is +\fInot\fR +sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the +\m[blue]\fBguest account\fR\m[]\&. See the +\m[blue]\fBmap to guest\fR\m[] +parameter for details on doing this\&. +.sp +See also the section +NOTE ABOUT USERNAME/PASSWORD VALIDATION\&. +.sp +\fISECURITY = DOMAIN\fR +.sp +This mode will only work correctly if +\fBnet\fR(8) +has been used to add this machine into a Windows NT Domain\&. It expects the +\m[blue]\fBencrypted passwords\fR\m[] +parameter to be set to +\fByes\fR\&. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do\&. +.sp +\fINote\fR +that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to\&. +.sp +\fINote\fR +that from the client\'s point of view +security = domain +is the same as +security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&. +.sp +\fINote\fR +that the name of the resource being requested is +\fInot\fR +sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the +\m[blue]\fBguest account\fR\m[]\&. See the +\m[blue]\fBmap to guest\fR\m[] +parameter for details on doing this\&. +.sp +See also the section +NOTE ABOUT USERNAME/PASSWORD VALIDATION\&. +.sp +See also the +\m[blue]\fBpassword server\fR\m[] +parameter and the +\m[blue]\fBencrypted passwords\fR\m[] +parameter\&. +.sp \fISECURITY = SHARE\fR +.if n \{\ .sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +This option is deprecated as it is incompatible with SMB2 +.sp .5v +.RE When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no password when talking to a security = share server)\&. Instead, the clients send authentication information (passwords) on a per\-share basis, at the time they attempt to connect to that share\&. @@ -8478,6 +8704,7 @@ The NetBIOS name of the client is added to the list as a potential username\&. Any users on the \m[blue]\fBuser\fR\m[] list are added as potential usernames\&. +.RE .sp .RE If the @@ -8496,67 +8723,9 @@ confusing in share\-level security as to which UNIX username will eventually be See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION\&. .sp -\fISECURITY = USER\fR -.sp -This is the default security setting in Samba 3\&.0\&. With user\-level security a client must first "log\-on" with a valid username and password (which can be mapped using the -\m[blue]\fBusername map\fR\m[] -parameter)\&. Encrypted passwords (see the -\m[blue]\fBencrypted passwords\fR\m[] -parameter) can also be used in this security mode\&. Parameters such as -\m[blue]\fBuser\fR\m[] -and -\m[blue]\fBguest only\fR\m[] -if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated\&. -.sp -\fINote\fR -that the name of the resource being requested is -\fInot\fR -sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the -\m[blue]\fBguest account\fR\m[]\&. See the -\m[blue]\fBmap to guest\fR\m[] -parameter for details on doing this\&. -.sp -See also the section -NOTE ABOUT USERNAME/PASSWORD VALIDATION\&. -.sp -\fISECURITY = DOMAIN\fR -.sp -This mode will only work correctly if -\fBnet\fR(8) -has been used to add this machine into a Windows NT Domain\&. It expects the -\m[blue]\fBencrypted passwords\fR\m[] -parameter to be set to -\fByes\fR\&. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do\&. -.sp -\fINote\fR -that a valid UNIX user must still exist as well as the account on the Domain Controller to allow Samba to have a valid UNIX account to map file access to\&. -.sp -\fINote\fR -that from the client\'s point of view -security = domain -is the same as -security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&. -.sp -\fINote\fR -that the name of the resource being requested is -\fInot\fR -sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don\'t work in user level security without allowing the server to automatically map unknown users into the -\m[blue]\fBguest account\fR\m[]\&. See the -\m[blue]\fBmap to guest\fR\m[] -parameter for details on doing this\&. -.sp -See also the section -NOTE ABOUT USERNAME/PASSWORD VALIDATION\&. -.sp -See also the -\m[blue]\fBpassword server\fR\m[] -parameter and the -\m[blue]\fBencrypted passwords\fR\m[] -parameter\&. -.sp \fISECURITY = SERVER\fR .sp -In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to +In this depicted mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to security = user\&. It expects the \m[blue]\fBencrypted passwords\fR\m[] parameter to be set to @@ -8575,7 +8744,23 @@ file to check users against\&. See the chapter about the User Database in the Sa \fBNote\fR .ps -1 .br -This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authentications to the Samba server may fail (from a single client, till it disconnects)\&. +This mode of operation has significant pitfalls since it is more vulnerable to man\-in\-the\-middle attacks and server impersonation\&. In particular, this mode of operation can cause significant resource consumption on the PDC, as it must maintain an active connection for the duration of the user\'s session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and further authentications to the Samba server may fail (from a single client, till it disconnects)\&. +.sp .5v +.RE +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +If the client selects NTLMv2 authentication, then this mode of operation +\fIwill fail\fR .sp .5v .RE .if n \{\ @@ -8596,6 +8781,21 @@ is the same as security = user\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&. .sp .5v .RE +.if n \{\ +.sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +This option is deprecated, and may be removed in future +.sp .5v +.RE \fINote\fR that the name of the resource being requested is \fInot\fR @@ -8628,6 +8828,24 @@ Example: \fI\fIsecurity\fR\fR\fI = \fR\fIDOMAIN\fR\fI \fR .RE +send spnego principal (G) +.\" send spnego principal +.PP +.RS 4 +This parameter determines whether or not +\fBsmbd\fR(8) +will send the server\-supplied principal sometimes given in the SPNEGO exchange\&. +.sp +If enabled, Samba can attempt to help clients to use Kerberos to contact it, even when known only by IP address or a name not registered with our KDC as a service principal name\&. Kerberos relies on names, so ordinarily cannot function in this situation\&. +.sp +If disabled, Samba will send the string not_defined_in_RFC4178@please_ignore as the \'rfc4178 hint\', following the updated RFC and Windows 2008 behaviour in this area\&. +.sp +Note that Windows XP SP2 and later versions already ignored this value in all circumstances\&. +.sp +Default: +\fI\fIsend spnego principal\fR\fR\fI = \fR\fIno\fR\fI \fR +.RE + server schannel (G) .\" server schannel .PP @@ -8795,6 +9013,7 @@ The specified script should take the following arguments: .IP \(bu 2.3 .\} 4 \- group default quotas (gid = \-1) +.RE .sp .RE .RE @@ -8874,6 +9093,7 @@ The specified script should take the following arguments: .IP \(bu 2.3 .\} 8(optional) \- block size, defaults to 1024 +.RE .sp .RE The script should output at least one line of data on success\&. And nothing on failure\&. @@ -9030,6 +9250,7 @@ will be substituted with the switch \fI%f\fR will be substituted with the switch \fI\-f\fR\&. It means force the shutdown even if applications do not respond for NT\&. +.RE .sp .RE Shutdown script example: @@ -9060,6 +9281,62 @@ Example: \fI\fIshutdown script\fR\fR\fI = \fR\fI/usr/local/samba/sbin/shutdown %m %t %r %f\fR\fI \fR .RE +smb2 max credits (G) +.\" smb2 max credits +.PP +.RS 4 +This option controls the maximum number of outstanding simultaneous SMB2 operations that Samba tells the client it will allow\&. This is similar to the +\m[blue]\fBmax mux\fR\m[] +parameter for SMB1\&. You should never need to set this parameter\&. +.sp +The default is 8192 credits, which is the same as a Windows 2008R2 SMB2 server\&. +.sp +Default: +\fI\fIsmb2 max credits\fR\fR\fI = \fR\fI8192\fR\fI \fR +.RE + +smb2 max read (G) +.\" smb2 max read +.PP +.RS 4 +This option specifies the protocol value that +\fBsmbd\fR(8) +will return to a client, informing the client of the largest size that may be returned by a single SMB2 read call\&. +.sp +The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server\&. +.sp +Default: +\fI\fIsmb2 max read\fR\fR\fI = \fR\fI65536\fR\fI \fR +.RE + +smb2 max trans (G) +.\" smb2 max trans +.PP +.RS 4 +This option specifies the protocol value that +\fBsmbd\fR(8) +will return to a client, informing the client of the largest size of buffer that may be used in querying file meta\-data via QUERY_INFO and related SMB2 calls\&. +.sp +The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server\&. +.sp +Default: +\fI\fIsmb2 max trans\fR\fR\fI = \fR\fI65536\fR\fI \fR +.RE + +smb2 max write (G) +.\" smb2 max write +.PP +.RS 4 +This option specifies the protocol value that +\fBsmbd\fR(8) +will return to a client, informing the client of the largest size that may be sent to the server by a single SMB2 write call\&. +.sp +The maximum is 65536 bytes (64KB), which is the same as a Windows Vista SMB2 server\&. +.sp +Default: +\fI\fIsmb2 max write\fR\fR\fI = \fR\fI65536\fR\fI \fR +.RE + smb encrypt (S) .\" smb encrypt .PP @@ -9260,6 +9537,7 @@ SO_SNDLOWAT * .IP \(bu 2.3 .\} SO_RCVLOWAT * +.RE .sp .RE Those marked with a @@ -9345,7 +9623,9 @@ strict allocate (S) .RS 4 This is a boolean that controls the handling of disk space allocation in the server\&. When this is set to \fByes\fR -the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour of actually forcing the disk system to allocate real storage blocks when a file is created or extended to be a given size\&. In UNIX terminology this means that Samba will stop creating sparse files\&. This can be slow on some systems\&. When you work with large files like >100MB or so you may even run into problems with clients running into timeouts\&. +the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour of actually forcing the disk system to allocate real storage blocks when a file is created or extended to be a given size\&. In UNIX terminology this means that Samba will stop creating sparse files\&. +.sp +This option is really desgined for file systems that support fast allocation of large numbers of blocks such as extent\-based file systems\&. On file systems that don\'t support extents (most notably ext3) this can make Samba slower\&. When you work with large files over >100MB on file systems without extents you may even run into problems with clients running into timeouts\&. .sp When you have an extent based filesystem it\'s likely that we can make use of unwritten extents which allows Samba to allocate even large amounts of space very fast and you will not see any timeout problems caused by strict allocate\&. With strict allocate in use you will also get much better out of quota messages in case you use quotas\&. Another advantage of activating this setting is that it will help to reduce file fragmentation\&. .sp @@ -9490,8 +9770,22 @@ time offset (G) .\" time offset .PP .RS 4 -This parameter is a setting in minutes to add to the normal GMT to local time conversion\&. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling\&. +This deprecated parameter is a setting in minutes to add to the normal GMT to local time conversion\&. This is useful if you are serving a lot of PCs that have incorrect daylight saving time handling\&. +.if n \{\ .sp +.\} +.RS 4 +.it 1 an-trap +.nr an-no-space-flag 1 +.nr an-break-flag 1 +.br +.ps +1 +\fBNote\fR +.ps -1 +.br +This option is deprecated, and will be removed in the next major release +.sp .5v +.RE Default: \fI\fItime offset\fR\fR\fI = \fR\fI0\fR\fI \fR .sp @@ -9536,6 +9830,10 @@ Note if this parameter is turned on, the \m[blue]\fBwide links\fR\m[] parameter will automatically be disabled\&. .sp +See the parameter +\m[blue]\fBallow insecure wide links\fR\m[] +if you wish to change this coupling between the two parameters\&. +.sp Default: \fI\fIunix extensions\fR\fR\fI = \fR\fIyes\fR\fI \fR .RE @@ -9556,31 +9854,6 @@ Default: \fI\fIunix password sync\fR\fR\fI = \fR\fIno\fR\fI \fR .RE -update encrypted (G) -.\" update encrypted -.PP -.RS 4 -This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on\&. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing all users to re\-enter their passwords via smbpasswd at the time the change is made\&. This is a convenience option to allow the change over to encrypted passwords to be made over a longer period\&. Once all users have encrypted representations of their passwords in the smbpasswd file this parameter should be set to -\fBno\fR\&. -.sp -In order for this parameter to be operative the -\m[blue]\fBencrypt passwords\fR\m[] -parameter must be set to -\fBno\fR\&. The default value of -\m[blue]\fBencrypt passwords = Yes\fR\m[]\&. Note: This must be set to -\fBno\fR -for this -\m[blue]\fBupdate encrypted\fR\m[] -to work\&. -.sp -Note that even when this parameter is set, a user authenticating to -smbd -must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords\&. -.sp -Default: -\fI\fIupdate encrypted\fR\fR\fI = \fR\fIno\fR\fI \fR -.RE - use client driver (S) .\" use client driver .PP @@ -9627,6 +9900,29 @@ Example: \fI\fIusername level\fR\fR\fI = \fR\fI5\fR\fI \fR .RE +username map cache time (G) +.\" username map cache time +.PP +.RS 4 +Mapping usernames with the +\m[blue]\fBusername map\fR\m[] +or +\m[blue]\fBusername map script\fR\m[] +features of Samba can be relatively expensive\&. During login of a user, the mapping is done several times\&. In particular, calling the +\m[blue]\fBusername map script\fR\m[] +can slow down logins if external databases have to be queried from the script being called\&. +.sp +The parameter +\m[blue]\fBusername map cache time\fR\m[] +controls a mapping cache\&. It specifies the number of seconds a mapping from the username map file or script is to be efficiently cached\&. The default of 0 means no caching is done\&. +.sp +Default: +\fI\fIusername map cache time\fR\fR\fI = \fR\fI0\fR\fI \fR +.sp +Example: +\fI\fIusername map cache time\fR\fR\fI = \fR\fI60\fR\fI \fR +.RE + username map script (G) .\" username map script .PP @@ -9787,7 +10083,7 @@ username (S) .RS 4 Multiple users may be specified in a comma\-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&. .sp -The +The deprecated \fIusername\fR line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \e\eserver\eshare%user syntax instead\&. .sp @@ -9944,7 +10240,7 @@ use spnego (G) .\" use spnego .PP .RS 4 -This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&. +This deprecated variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&. .sp Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&. .sp @@ -10133,6 +10429,10 @@ Note: Turning this parameter on when UNIX extensions are enabled will allow UNIX \m[blue]\fBunix extensions\fR\m[] option is on\&. .sp +See the parameter +\m[blue]\fBallow insecure wide links\fR\m[] +if you wish to change this coupling between the two parameters\&. +.sp Default: \fI\fIwide links\fR\fR\fI = \fR\fIno\fR\fI \fR .RE @@ -10239,6 +10539,38 @@ Default: \fI\fIwinbind expand groups\fR\fR\fI = \fR\fI1\fR\fI \fR .RE +winbind max clients (G) +.\" winbind max clients +.PP +.RS 4 +This parameter specifies the maximum number of clients the +\fBwinbindd\fR(8) +daemon can connect with\&. +.sp +Default: +\fI\fIwinbind max clients\fR\fR\fI = \fR\fI200\fR\fI \fR +.RE + +winbind max domain connections (G) +.\" winbind max domain connections +.PP +.RS 4 +This parameter specifies the maximum number of simultaneous connections that the +\fBwinbindd\fR(8) +daemon should open to the domain controller of one domain\&. Setting this parameter to a value greater than 1 can improve scalability with many simultaneous winbind requests, some of which might be slow\&. +.sp +Note that if +\m[blue]\fBwinbind offline logon\fR\m[] +is set to +\fBYes\fR, then only one DC connection is allowed per domain, regardless of this setting\&. +.sp +Default: +\fI\fIwinbind max domain connections\fR\fR\fI = \fR\fI1\fR\fI \fR +.sp +Example: +\fI\fIwinbind max domain connections\fR\fR\fI = \fR\fI10\fR\fI \fR +.RE + winbind nested groups (G) .\" winbind nested groups .PP @@ -10297,6 +10629,7 @@ and \- When Samba is running in security = ads and your Active Directory Domain Controller does support the Microsoft "Services for Unix" (SFU) LDAP schema, winbind can retrieve the login shell and the home directory attributes directly from your Directory Server\&. Note that retrieving UID and GID from your ADS\-Server requires to use \fIidmap config DOMAIN:backend\fR = ad as well\&. +.RE .sp .RE .sp @@ -10403,7 +10736,9 @@ winbind use default domain (G) .RS 4 This parameter specifies whether the \fBwinbindd\fR(8) -daemon should operate on users without domain component in their username\&. Users without a domain component are treated as is part of the winbindd server\'s own domain\&. While this does not benifit Windows users, it makes SSH, FTP and e\-mail function in a way much closer to the way they would in a native unix system\&. +daemon should operate on users without domain component in their username\&. Users without a domain component are treated as is part of the winbindd server\'s own domain\&. While this does not benefit Windows users, it makes SSH, FTP and e\-mail function in a way much closer to the way they would in a native unix system\&. +.sp +This option should be avoided if possible\&. It can cause confusion about responsibilities for a user or group\&. In many situations it is not clear whether winbind or /etc/passwd should be seen as authoritative for a user, likewise for groups\&. .sp Default: \fI\fIwinbind use default domain\fR\fR\fI = \fR\fIno\fR\fI \fR @@ -10475,6 +10810,7 @@ The fourth argument is the TTL (time to live) for the name in seconds\&. .IP \(bu 2.3 .\} The fifth and subsequent arguments are the IP addresses currently registered for that name\&. If this list is empty then the name should be deleted\&. +.RE .sp .RE An example script that calls the BIND dynamic DNS update program diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index b4cab791c8..1c105d8084 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -2,12 +2,12 @@ .\" Title: smbcacls .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBCACLS" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBCACLS" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -22,7 +22,7 @@ smbcacls \- Set or get ACLs on an NT file or directory names .SH "SYNOPSIS" .HP \w'\ 'u -smbcacls {//server/share} {filename} [\-D\ acls] [\-M\ acls] [\-a\ acls] [\-S\ acls] [\-C\ name] [\-G\ name] [\-\-numeric] [\-t] [\-U\ username] [\-h] [\-d] +smbcacls {//server/share} {filename} [\-D|\-\-delete\ acls] [\-M|\-\-modify\ acls] [\-a|\-\-add\ acls] [\-S|\-\-set\ acls] [\-C|\-\-chown\ name] [\-G|\-\-chgrp\ name] [\-I\ allow|romove|copy] [\-\-numeric] [\-t] [\-U\ username] [\-h] [\-d] .SH "DESCRIPTION" .PP This tool is part of the @@ -76,6 +76,13 @@ option\&. The name can be a sid in the form S\-1\-x\-y\-z or a name resolved aga This command is a shortcut for \-M GROUP:name\&. .RE .PP +\-I|\-\-inherit allow|remove|copy +.RS 4 +Set or unset the windows "Allow inheritable permissions" check box using the +\fI\-I\fR +option\&. To set the check box pass allow\&. To unset the check box pass either remove or copy\&. Remove will remove all inherited acls\&. Copy will copy all the inherited acls\&. +.RE +.PP \-\-numeric .RS 4 This option displays all ACL information in numeric format\&. The default is to convert SIDs to names and ACE types and masks to a readable string format\&. @@ -254,6 +261,7 @@ The type can be either ALLOWED or DENIED to allow/deny access to the SID\&. The .IP \(bu 2.3 .\} \fB#define SEC_ACE_FLAG_INHERIT_ONLY 0x8\fR +.RE .sp .RE .PP @@ -331,6 +339,7 @@ The mask is a value which expresses the access right granted to the SID\&. It ca .\} \fIO\fR \- Take ownership +.RE .sp .RE .PP @@ -370,6 +379,7 @@ The following combined permissions can be specified: .\} \fIFULL\fR \- Equivalent to \'RWXDPO\' permissions +.RE .SH "EXIT STATUS" .PP The diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index bd8ac13175..d76187cb94 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -2,12 +2,12 @@ .\" Title: smbclient .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBCLIENT" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBCLIENT" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -132,6 +132,7 @@ parameter\&. If no WINS server has been specified this method will be ignored\&. \fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. +.RE .sp .RE If this parameter is not set then the name resolve order defined in the @@ -190,7 +191,7 @@ easy parseable output that allows processing with utilities such as grep and cut This parameter sets the maximum protocol version announced by the client\&. .RE .PP -\-P +\-P|\-\-machine\-pass .RS 4 Make queries to the external server using the machine account of the local server\&. .RE @@ -233,7 +234,7 @@ option may be useful if your NetBIOS names don\'t match your TCP/IP DNS host nam This option changes the transmit/send buffer size when getting or putting a file from/to the server\&. The default is 65520 bytes\&. Setting this value smaller (to 1200 bytes) has been observed to speed up file transfers to and from a Win9x server\&. .RE .PP -\-e +\-e|\-\-encrypt .RS 4 This command line parameter requires the remote server support the UNIX extensions\&. Request that the connection be encrypted\&. This is new for Samba 3\&.2 and will only work with Samba 3\&.2 or above servers\&. Negotiates SMB encryption using GSSAPI\&. Uses the given credentials for the encryption negotiaion (either kerberos or NTLMv1/v2 if given domain/username/password triple\&. Fails the connection if encryption cannot be negotiated\&. .RE @@ -521,6 +522,7 @@ flag\&. and \fIc\fR flags\&. +.RE .sp .RE \fITar Long File Names\fR @@ -569,7 +571,7 @@ smbclient //mypc/myshare "" \-N \-Tc backup\&.tar * Change to initial directory before starting\&. Probably only of any use with the tar \-T option\&. .RE .PP -\-c|\-\-comand command string +\-c|\-\-command command string .RS 4 command string is a semicolon\-separated list of commands to be executed instead of prompting from stdin\&. \fI \-N\fR diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index 8df5462596..1579536241 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -2,12 +2,12 @@ .\" Title: smbcontrol .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBCONTROL" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBCONTROL" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -235,6 +235,31 @@ Force daemon to reload smb\&.conf configuration file\&. Can be sent to \fBnmbd\fR, or \fBwinbindd\fR\&. .RE +.PP +idmap +.RS 4 +Notify about changes of id mapping\&. Can be sent to +\fBsmbd\fR +or (not implemented yet) +\fBwinbindd\fR\&. +.PP +flush [uid|gid] +.RS 4 +Flush caches for sid <\-> gid and/or sid <\-> uid mapping\&. +.RE +.PP +delete <ID> +.RS 4 +Remove a mapping from cache\&. The mapping is given by <ID> which may either be a sid: S\-x\-\&.\&.\&., a gid: "GID number" or a uid: "UID number"\&. +.RE +.PP +kill <ID> +.RS 4 +Remove a mapping from cache\&. Terminate +\fBsmbd\fR +if the id is currently in use\&. +.RE +.RE .SH "VERSION" .PP This man page is correct for version 3 of the Samba suite\&. diff --git a/docs/manpages/smbcquotas.1 b/docs/manpages/smbcquotas.1 index ab06826d98..eb9c71088f 100644 --- a/docs/manpages/smbcquotas.1 +++ b/docs/manpages/smbcquotas.1 @@ -2,12 +2,12 @@ .\" Title: smbcquotas .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBCQUOTAS" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBCQUOTAS" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index 8ab4f94922..fb691f5d57 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -2,12 +2,12 @@ .\" Title: smbd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "SMBD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -222,6 +222,7 @@ paramater\&. When this is set, the following restrictions apply: .IP \(bu 2.3 .\} \fISession Management\fR: When not using share level secuirty, users must pass PAM\'s session checks before access is granted\&. Note however, that this is bypassed in share level secuirty\&. Note also that some older pam configuration files may need a line added for session support\&. +.RE .SH "VERSION" .PP This man page is correct for version 3 of the Samba suite\&. diff --git a/docs/manpages/smbget.1 b/docs/manpages/smbget.1 index 863dbe6740..c5e60d8fd2 100644 --- a/docs/manpages/smbget.1 +++ b/docs/manpages/smbget.1 @@ -2,12 +2,12 @@ .\" Title: smbget .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBGET" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBGET" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -97,7 +97,7 @@ Write the file that is being downloaded to standard output\&. .PP \-f, \-\-rcfile .RS 4 -Use specified rcfile\&. This will be loaded in the order it was specified \- e\&.g\&. if you specify any options before this one, they might get overriden by the contents of the rcfile\&. +Use specified rcfile\&. This will be loaded in the order it was specified \- e\&.g\&. if you specify any options before this one, they might get overridden by the contents of the rcfile\&. .RE .PP \-q, \-\-quiet diff --git a/docs/manpages/smbgetrc.5 b/docs/manpages/smbgetrc.5 index 8784b6a7d4..791a560c1a 100644 --- a/docs/manpages/smbgetrc.5 +++ b/docs/manpages/smbgetrc.5 @@ -2,12 +2,12 @@ .\" Title: smbgetrc .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: File Formats and Conventions -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBGETRC" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions" +.TH "SMBGETRC" "5" "01/22/2012" "Samba 3\&.6" "File Formats and Conventions" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 index 1d86913f0c..c63530e4e1 100644 --- a/docs/manpages/smbpasswd.5 +++ b/docs/manpages/smbpasswd.5 @@ -2,12 +2,12 @@ .\" Title: smbpasswd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: File Formats and Conventions -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBPASSWD" "5" "08/02/2011" "Samba 3\&.5" "File Formats and Conventions" +.TH "SMBPASSWD" "5" "01/22/2012" "Samba 3\&.6" "File Formats and Conventions" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -139,6 +139,7 @@ config file\&. .\} \fIW\fR \- This means this account is a "Workstation Trust" account\&. This kind of account is used in the Samba PDC code stream to allow Windows NT Workstations and Servers to join a Domain hosted by a Samba PDC\&. +.RE .sp .RE Other flags may be added as the code is extended in future\&. The rest of this field space is filled in with spaces\&. For further information regarding the flags that are supported please refer to the man page for the diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index c7b06f0485..cefbb1edd4 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -2,12 +2,12 @@ .\" Title: smbpasswd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBPASSWD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "SMBPASSWD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -205,6 +205,7 @@ parameter\&. If no WINS server has been specified this method will be ignored\&. \fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. +.RE .sp .RE The default order is diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 index 858b87f5db..45d2b68d4e 100644 --- a/docs/manpages/smbspool.8 +++ b/docs/manpages/smbspool.8 @@ -2,12 +2,12 @@ .\" Title: smbspool .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBSPOOL" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "SMBSPOOL" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -77,6 +77,7 @@ smb://username:password@server[:port]/printer .IP \(bu 2.3 .\} smb://username:password@workgroup/server[:port]/printer +.RE .sp .RE .PP @@ -158,6 +159,7 @@ The options argument (argv[5]) contains the print options in a single string and .IP \(bu 2.3 .\} The filename argument (argv[6]) contains the name of the file to print\&. If this argument is not specified then the print file is read from the standard input\&. +.RE .SH "VERSION" .PP This man page is correct for version 3 of the Samba suite\&. diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 23370dbde3..16358a3865 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -2,12 +2,12 @@ .\" Title: smbstatus .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBSTATUS" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBSTATUS" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/smbta-util.8 b/docs/manpages/smbta-util.8 new file mode 100644 index 0000000000..14a665c4a2 --- /dev/null +++ b/docs/manpages/smbta-util.8 @@ -0,0 +1,76 @@ +'\" t +.\" Title: smbta-util +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> +.\" Date: 01/22/2012 +.\" Manual: System Administration tools +.\" Source: Samba 3.6 +.\" Language: English +.\" +.TH "SMBTA\-UTIL" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +smbta-util \- control encryption in VFS smb_traffic_analyzer +.SH "SYNOPSIS" +.HP \w'\ 'u +smbta\-util +.HP \w'\ 'u +smbta\-util [\fIOPTIONS\fR...] +.SH "DESCRIPTION" +.PP +This tool is part of the +\fBsamba\fR(7) +suite\&. +.PP +smbta\-util +is a tool to ease the configuration of the vfs_smb_traffic_analyzer module regarding data encryption\&. +.PP +The user can generate a key, install a key (activating encryption), or uninstall a key (deactivating encryption)\&. Any operation that installs a key will create a File containing the key\&. This file can be used by smbta\-tool on other machines to install the same key from the file\&. +.SH "OPTIONS" +.PP +\fB\-h\fR +.RS 4 +Show a short help text on the command line\&. +.RE +.PP +\fB\-f\fR \fIKEYFILE\fR +.RS 4 +Open an existing keyfile, read the key from the file, and install the key, activating encryption\&. +.RE +.PP +\fB\-g\fR \fIKEYFILE\fR +.RS 4 +Generate a new random key, install the key, activate encryption, and store the key into the file KEYFILE\&. +.RE +.PP +\fB\-u\fR +.RS 4 +Uninstall the key, deactivating encryption\&. +.RE +.PP +\fB\-s\fR +.RS 4 +Check if a key is installed\&. +.RE +.PP +\fB\-c\fR \fIKEYFILE\fR +.RS 4 +Create a KEYFILE from an installed key\&. +.RE +.SH "VERSION" +.PP +This man page is correct for version 3\&.6 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original version of smbta\-util was created by Holger Hetterich\&. +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index 571ddbf471..0aee5c66a1 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -2,12 +2,12 @@ .\" Title: smbtar .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBTAR" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBTAR" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/smbtree.1 b/docs/manpages/smbtree.1 index 1275e7aa27..0f999acf94 100644 --- a/docs/manpages/smbtree.1 +++ b/docs/manpages/smbtree.1 @@ -2,12 +2,12 @@ .\" Title: smbtree .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMBTREE" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "SMBTREE" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index 579180e947..48ff696cf3 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -2,12 +2,12 @@ .\" Title: swat .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SWAT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "SWAT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -152,6 +152,7 @@ binary and the various help files and images\&. A default install would put thes .IP \(bu 2.3 .\} /usr/local/samba/swat/help/* +.RE .sp .RE .SS "Inetd Installation" diff --git a/docs/manpages/tdbbackup.8 b/docs/manpages/tdbbackup.8 index 5cd42a99ff..e8e3867fcf 100644 --- a/docs/manpages/tdbbackup.8 +++ b/docs/manpages/tdbbackup.8 @@ -2,12 +2,12 @@ .\" Title: tdbbackup .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "TDBBACKUP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "TDBBACKUP" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -104,6 +104,7 @@ passdb\&.tdb *\&.tdb located in the /usr/local/samba/var directory or on some systems in the /var/cache or /var/lib/samba directories\&. +.RE .SH "VERSION" .PP This man page is correct for version 3 of the Samba suite\&. diff --git a/docs/manpages/tdbdump.8 b/docs/manpages/tdbdump.8 index 9065d24f09..76882c373e 100644 --- a/docs/manpages/tdbdump.8 +++ b/docs/manpages/tdbdump.8 @@ -2,12 +2,12 @@ .\" Title: tdbdump .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "TDBDUMP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "TDBDUMP" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/tdbtool.8 b/docs/manpages/tdbtool.8 index 29e1866b58..ca1ec60704 100644 --- a/docs/manpages/tdbtool.8 +++ b/docs/manpages/tdbtool.8 @@ -2,12 +2,12 @@ .\" Title: tdbtool .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "TDBTOOL" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "TDBTOOL" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index 6dbbd92ffd..dccd61843e 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -2,12 +2,12 @@ .\" Title: testparm .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "TESTPARM" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "TESTPARM" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -22,7 +22,7 @@ testparm \- check an smb\&.conf configuration file for internal correctness .SH "SYNOPSIS" .HP \w'\ 'u -testparm [\-s] [\-h] [\-v] [\-L\ <servername>] [\-t\ <encoding>] {config\ filename} [hostname\ hostIP] +testparm [\-s] [\-h] [\-v] [\-t\ <encoding>] {config\ filename} [hostname\ hostIP] .SH "DESCRIPTION" .PP This tool is part of the @@ -67,12 +67,6 @@ Print a summary of command line options\&. Prints the program version number\&. .RE .PP -\-L servername -.RS 4 -Sets the value of the %L macro to -\fIservername\fR\&. This is useful for testing include files specified with the %L macro\&. -.RE -.PP \-v .RS 4 If this option is specified, testparm will also output all options that were not used in diff --git a/docs/manpages/umount.cifs.8 b/docs/manpages/umount.cifs.8 deleted file mode 100644 index bf7008d918..0000000000 --- a/docs/manpages/umount.cifs.8 +++ /dev/null @@ -1,122 +0,0 @@ -'\" t -.\" Title: umount.cifs -.\" Author: [see the "AUTHOR" section] -.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 -.\" Manual: System Administration tools -.\" Source: Samba 3.5 -.\" Language: English -.\" -.TH "UMOUNT\&.CIFS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" -.\" ----------------------------------------------------------------- -.\" * set default formatting -.\" ----------------------------------------------------------------- -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.\" ----------------------------------------------------------------- -.\" * MAIN CONTENT STARTS HERE * -.\" ----------------------------------------------------------------- -.SH "NAME" -umount.cifs \- for normal, non\-root users, to unmount their own Common Internet File System (CIFS) mounts -.SH "SYNOPSIS" -.HP \w'\ 'u -umount\&.cifs {mount\-point} [\-nVvhfle] -.SH "DESCRIPTION" -.PP -This tool is part of the -\fBsamba\fR(7) -suite\&. -.PP -umount\&.cifs unmounts a Linux CIFS filesystem\&. It can be invoked indirectly by the -\fBumount\fR(8) -command when umount\&.cifs is in /sbin directory, unless you specify the "\-i" option to umount\&. Specifying \-i to umount avoids execution of umount helpers such as umount\&.cifs\&. The umount\&.cifs command only works in Linux, and the kernel must support the cifs filesystem\&. The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other commercial servers and Network Attached Storage appliances as well as by the popular Open Source server Samba\&. -.PP -The umount\&.cifs utility detaches the local directory -\fImount\-point\fR -from the corresponding UNC name (exported network resource) and frees the associated kernel resources\&. It is possible to set the mode for umount\&.cifs to setuid root (or equivalently update the /etc/permissions file) to allow non\-root users to umount shares to directories for which they have write permission\&. The umount\&.cifs utility is typically not needed if unmounts need only be performed by root users, or if user mounts and unmounts can rely on specifying explicit entries in /etc/fstab See -.PP -\fBfstab\fR(5) -.SH "OPTIONS" -.PP -\-V -.RS 4 -Print version and exit\&. -.RE -.PP -\-h -.RS 4 -Print help message and exit\&. -.RE -.PP -\-r -.RS 4 -In case unmounting fails, try to remount read\-only\&. -.RE -.PP -\-d -.RS 4 -In case the unmounted device was a loop device, also free this loop device\&. -.RE -.PP -\-f -.RS 4 -Force unmount (in case of an unreachable server)\&. -.RE -.PP -\-l -.RS 4 -Lazy unmount\&. Detach the filesystem from the filesysetm hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore\&. -.RE -.PP -\-e -.RS 4 -Mark the mount point as expired\&. If a mount point is not currently in use, then an initial call to unmount with this flag fails with the error EAGAIN, but marks the mount point as expired\&. The mount point remains expired as long as it isn\'t accessed by any process\&. A second unmount call specifying \-e unmounts an expired mount point\&. This flag cannot be specified with either \-f or \-l -.RE -.PP -\-v|\-\-verbose -.RS 4 -Verbose Mode\&. Print additional debugging information -.RE -.PP -\-n|\-\-no\-mtab -.RS 4 -Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information) -.RE -.SH "NOTES" -.PP -This command is normally intended to be installed setuid (since root users can already run unmount)\&. An alternative to using umount\&.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab -.SH "CONFIGURATION" -.PP -The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem\&. In the directory -/proc/fs/cifs -are various configuration files and pseudo files which can display debug information\&. For more information see the kernel file -fs/cifs/README\&. -.SH "BUGS" -.PP -At this time umount\&.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time)\&. -.PP -If the same mount point is mounted multiple times by cifs, umount\&.cifs will remove all of the matching entries from the mount table (although umount\&.cifs will actually only unmount the last one), rather than only removing the last matching entry in /etc/mtab\&. The pseudofile /proc/mounts will display correct information though, and the lack of an entry in /etc/mtab does not prevent subsequent unmounts\&. -.PP -Note that the typical response to a bug report is a suggestion to try the latest version first\&. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: umount\&.cifs (try umount\&.cifs \-V), kernel (see /proc/version) and server type you are trying to contact\&. -.SH "VERSION" -.PP -This man page is correct for version 1\&.34 of the cifs vfs filesystem (roughly Linux kernel 2\&.6\&.12)\&. -.SH "SEE ALSO" -.PP -Documentation/filesystems/cifs\&.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information\&. -.PP -\fBmount.cifs\fR(8) -.SH "AUTHOR" -.PP -Steve French -.PP -The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount\&.cifs\&.8\&. The man page was created by Steve French -.PP -The maintainer of the Linux cifs vfs and the userspace tool -\fIumount\&.cifs\fR -is -Steve French\&. The -Linux CIFS Mailing list -is the preferred place to ask questions regarding these programs\&. diff --git a/docs/manpages/vfs_acl_tdb.8 b/docs/manpages/vfs_acl_tdb.8 index 736f65e9f0..79da0da42d 100644 --- a/docs/manpages/vfs_acl_tdb.8 +++ b/docs/manpages/vfs_acl_tdb.8 @@ -2,12 +2,12 @@ .\" Title: vfs_acl_tdb .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_ACL_TDB" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_ACL_TDB" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -36,14 +36,17 @@ VFS module stores NTFS Access Control Lists (ACLs) in a tdb file\&. This enables The ACL settings are stored in $LOCKDIR/file_ntacls\&.tdb\&. .PP -Please note that this module is -\fIexperimental\fR! -.PP This module is stackable\&. .SH "OPTIONS" .PP -There are no options for -vfs_acl_tdb\&. +acl_tdb:ignore system acls = [yes|no] +.RS 4 +When set to +\fIyes\fR, a best effort mapping from/to the POSIX ACL layer will +\fInot\fR +be done by this module\&. The default is +\fIno\fR, which means that Samba keeps setting and evaluating both the system ACLs and the NT ACLs\&. This is better if you need your system ACLs be set for local or NFS file access, too\&. If you only access the data via Samba you might set this to yes to achieve better NT ACL compatibility\&. +.RE .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/vfs_acl_xattr.8 b/docs/manpages/vfs_acl_xattr.8 index 2387edcba7..36eeda8eed 100644 --- a/docs/manpages/vfs_acl_xattr.8 +++ b/docs/manpages/vfs_acl_xattr.8 @@ -2,12 +2,12 @@ .\" Title: vfs_acl_xattr .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_ACL_XATTR" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_ACL_XATTR" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -41,14 +41,17 @@ listed by getfattr \-d filename\&. To show the current value, the name of the EA must be specified (e\&.g\&. getfattr \-n security\&.NTACL filename)\&. .PP -Please note that this module is -\fIexperimental\fR! -.PP This module is stackable\&. .SH "OPTIONS" .PP -There are no options for -vfs_acl_xattr\&. +acl_xattr:ignore system acls = [yes|no] +.RS 4 +When set to +\fIyes\fR, a best effort mapping from/to the POSIX ACL layer will +\fInot\fR +be done by this module\&. The default is +\fIno\fR, which means that Samba keeps setting and evaluating both the system ACLs and the NT ACLs\&. This is better if you need your system ACLs be set for local or NFS file access, too\&. If you only access the data via Samba you might set this to yes to achieve better NT ACL compatibility\&. +.RE .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/vfs_aio_fork.8 b/docs/manpages/vfs_aio_fork.8 new file mode 100644 index 0000000000..4b2a0b77db --- /dev/null +++ b/docs/manpages/vfs_aio_fork.8 @@ -0,0 +1,59 @@ +'\" t +.\" Title: vfs_aio_fork +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> +.\" Date: 01/22/2012 +.\" Manual: System Administration tools +.\" Source: Samba 3.6 +.\" Language: English +.\" +.TH "VFS_AIO_FORK" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +vfs_aio_fork \- implement async I/O in Samba vfs +.SH "SYNOPSIS" +.HP \w'\ 'u +vfs objects = aio_fork +.SH "DESCRIPTION" +.PP +This VFS module is part of the +\fBsamba\fR(7) +suite\&. +.PP +The +aio_fork +VFS module enables async I/O for Samba on platforms where the system level Posix AIO interface is insufficient\&. Posix AIO can suffer from severe limitations\&. For example, on some Linux versions the real\-time signals that it uses are broken under heavy load\&. Other systems only allow AIO when special kernel modules are loaded or only allow a certain system\-wide amount of async requests being scheduled\&. Systems based on glibc (most Linux systems) only allow a single outstanding request per file descriptor\&. +.PP +To work around all these limitations, the aio_fork module was written\&. It uses forked helper processes instead of the internal Posix AIO interface to create asynchronousity for read and write calls\&. It has no parameters, it will create helper processes when async requests come in as needed\&. Idle helper processes will be removed every 30 seconds\&. +.PP +This module is stackable\&. +.SH "EXAMPLES" +.PP +Straight forward use: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \fI[cooldata]\fR + \m[blue]\fBpath = /data/ice\fR\m[] + \m[blue]\fBvfs objects = aio_fork\fR\m[] +.fi +.if n \{\ +.RE +.\} +.SH "VERSION" +.PP +This man page is correct for version 3\&.6\&.0 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/vfs_audit.8 b/docs/manpages/vfs_audit.8 index 6b802d7b3a..af5c5f114d 100644 --- a/docs/manpages/vfs_audit.8 +++ b/docs/manpages/vfs_audit.8 @@ -2,12 +2,12 @@ .\" Title: vfs_audit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_AUDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_AUDIT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_cacheprime.8 b/docs/manpages/vfs_cacheprime.8 index e9aea3c766..7b6b883739 100644 --- a/docs/manpages/vfs_cacheprime.8 +++ b/docs/manpages/vfs_cacheprime.8 @@ -2,12 +2,12 @@ .\" Title: vfs_cacheprime .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_CACHEPRIME" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_CACHEPRIME" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -80,6 +80,7 @@ M .\} G \- BYTES is a number of gigabytes +.RE .sp .RE .RE diff --git a/docs/manpages/vfs_cap.8 b/docs/manpages/vfs_cap.8 index edcd96216a..272a8693a9 100644 --- a/docs/manpages/vfs_cap.8 +++ b/docs/manpages/vfs_cap.8 @@ -2,12 +2,12 @@ .\" Title: vfs_cap .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_CAP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_CAP" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_catia.8 b/docs/manpages/vfs_catia.8 index c697fb915f..8393c040e6 100644 --- a/docs/manpages/vfs_catia.8 +++ b/docs/manpages/vfs_catia.8 @@ -2,12 +2,12 @@ .\" Title: vfs_catia .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_CATIA" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_CATIA" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_commit.8 b/docs/manpages/vfs_commit.8 index 5eb28fa306..82ae986297 100644 --- a/docs/manpages/vfs_commit.8 +++ b/docs/manpages/vfs_commit.8 @@ -2,12 +2,12 @@ .\" Title: vfs_commit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_COMMIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_COMMIT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -79,6 +79,7 @@ M .\} G \- BYTES is a number of gigabytes +.RE .sp .RE .RE diff --git a/docs/manpages/vfs_crossrename.8 b/docs/manpages/vfs_crossrename.8 new file mode 100644 index 0000000000..09453860e1 --- /dev/null +++ b/docs/manpages/vfs_crossrename.8 @@ -0,0 +1,88 @@ +'\" t +.\" Title: vfs_crossrename +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> +.\" Date: 01/22/2012 +.\" Manual: System Administration tools +.\" Source: Samba 3.6 +.\" Language: English +.\" +.TH "VFS_CROSSRENAME" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +vfs_crossrename \- server side rename files across filesystem boundaries +.SH "SYNOPSIS" +.HP \w'\ 'u +vfs objects = crossrename +.SH "DESCRIPTION" +.PP +This VFS module is part of the +\fBsamba\fR(7) +suite\&. +.PP +The +vfs_crossrename +VFS module allows server side rename operations even if source and target are on different physical devices\&. A "move" in Explorer is usually a rename operation if it is inside of a single share or device\&. Usually such a rename operation returns NT_STATUS_NOT_SAME_DEVICE and the client has to move the file by manual copy and delete operations\&. If the rename by copy is done by the server this can be much more efficient\&. vfs_crossrename tries to do this server\-side cross\-device rename operation\&. There are however limitations that this module currently does not solve: +.PP +.RS 4 + + the ACLs of files are not preserved + .RE +.PP +.RS 4 + + meta data in EAs are not preserved + .RE +.PP +.RS 4 + + renames of whole subdirectories cannot be done recursively, + in that case we still return STATUS_NOT_SAME_DEVICE and + let the client decide what to do + .RE +.PP +.RS 4 + + rename operations of huge files can cause hangs on the + client because clients expect a rename operation to + return fast + .RE +.PP +This module is stackable\&. +.SH "OPTIONS" +.PP +crossrename:sizelimit = BYTES +.RS 4 +server\-side cross\-device\-renames are only done for files if the filesize is not larger than the defined size in MiB to prevent timeouts\&. The default sizelimit is 20 (MiB) +.RE +.SH "EXAMPLES" +.PP +To add server\-side cross\-device renames inside of a share for all files sized up to 50MB: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \fI[testshare]\fR + \m[blue]\fBpath = /data/mounts\fR\m[] + \m[blue]\fBvfs objects = crossrename\fR\m[] + \m[blue]\fBcrossrename:sizelimit = 50\fR\m[] +.fi +.if n \{\ +.RE +.\} +.SH "VERSION" +.PP +This man page is correct for version 3\&.6\&.0 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/vfs_default_quota.8 b/docs/manpages/vfs_default_quota.8 index 0977c2b854..864ac7a76a 100644 --- a/docs/manpages/vfs_default_quota.8 +++ b/docs/manpages/vfs_default_quota.8 @@ -2,12 +2,12 @@ .\" Title: vfs_default_quota .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_DEFAULT_QUOTA" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_DEFAULT_QUOTA" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_dirsort.8 b/docs/manpages/vfs_dirsort.8 index ca52664f1d..73bb4ec992 100644 --- a/docs/manpages/vfs_dirsort.8 +++ b/docs/manpages/vfs_dirsort.8 @@ -2,12 +2,12 @@ .\" Title: vfs_dirsort .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_DIRSORT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_DIRSORT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_extd_audit.8 b/docs/manpages/vfs_extd_audit.8 index ec63a54433..33625e7946 100644 --- a/docs/manpages/vfs_extd_audit.8 +++ b/docs/manpages/vfs_extd_audit.8 @@ -2,12 +2,12 @@ .\" Title: vfs_extd_audit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_EXTD_AUDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_EXTD_AUDIT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_fake_perms.8 b/docs/manpages/vfs_fake_perms.8 index 9381202754..77012f654f 100644 --- a/docs/manpages/vfs_fake_perms.8 +++ b/docs/manpages/vfs_fake_perms.8 @@ -2,12 +2,12 @@ .\" Title: vfs_fake_perms .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_FAKE_PERMS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_FAKE_PERMS" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_fileid.8 b/docs/manpages/vfs_fileid.8 index 895c6390e1..096eff6760 100644 --- a/docs/manpages/vfs_fileid.8 +++ b/docs/manpages/vfs_fileid.8 @@ -2,12 +2,12 @@ .\" Title: vfs_fileid .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_FILEID" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_FILEID" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_full_audit.8 b/docs/manpages/vfs_full_audit.8 index 0e4fd3de0b..a2d207e4ad 100644 --- a/docs/manpages/vfs_full_audit.8 +++ b/docs/manpages/vfs_full_audit.8 @@ -2,12 +2,12 @@ .\" Title: vfs_full_audit .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_FULL_AUDIT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_FULL_AUDIT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -385,6 +385,7 @@ RESULT .\} FILE \- the name of the file or directory the operation was performed on +.RE .sp .RE .PP @@ -399,12 +400,12 @@ Prepend audit messages with STRING\&. STRING is processed for standard substitut .PP vfs_full_audit:success = LIST .RS 4 -LIST is a list of VFS operations that should be recorded if they succeed\&. Operations are specified using the names listed above\&. +LIST is a list of VFS operations that should be recorded if they succeed\&. Operations are specified using the names listed above\&. Operations can be unset by prefixing the names with "!"\&. .RE .PP vfs_full_audit:failure = LIST .RS 4 -LIST is a list of VFS operations that should be recorded if they failed\&. Operations are specified using the names listed above\&. +LIST is a list of VFS operations that should be recorded if they failed\&. Operations are specified using the names listed above\&. Operations can be unset by prefixing the names with "!"\&. .RE .PP full_audit:facility = FACILITY @@ -422,7 +423,7 @@ priority\&. .RE .SH "EXAMPLES" .PP -Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address: +Log file and directory open operations on the [records] share using the LOCAL7 facility and ALERT priority, including the username and IP address\&. Logging excludes the open VFS function on failures: .sp .if n \{\ .RS 4 @@ -433,7 +434,7 @@ Log file and directory open operations on the [records] share using the LOCAL7 f \m[blue]\fBvfs objects = full_audit\fR\m[] \m[blue]\fBfull_audit:prefix = %u|%I\fR\m[] \m[blue]\fBfull_audit:success = open opendir\fR\m[] - \m[blue]\fBfull_audit:failure = all\fR\m[] + \m[blue]\fBfull_audit:failure = all !open\fR\m[] \m[blue]\fBfull_audit:facility = LOCAL7\fR\m[] \m[blue]\fBfull_audit:priority = ALERT\fR\m[] .fi diff --git a/docs/manpages/vfs_gpfs.8 b/docs/manpages/vfs_gpfs.8 index e137ca4375..b9f58f88e5 100644 --- a/docs/manpages/vfs_gpfs.8 +++ b/docs/manpages/vfs_gpfs.8 @@ -2,12 +2,12 @@ .\" Title: vfs_gpfs .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_GPFS" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_GPFS" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -66,6 +66,7 @@ Kernel oplock support on GPFS .IP \(bu 2.3 .\} Lease support on GPFS +.RE .sp .RE .PP @@ -74,6 +75,251 @@ NOTE:This module follows the posix\-acl behaviour and hence allows permission st This module is stackable\&. .SH "OPTIONS" .PP +gpfs:sharemodes = [ yes | no ] +.RS 4 +Enable/Disable cross node sharemode handling for GPFS\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +yes(default) +\- propagate sharemodes across all GPFS nodes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no +\- do not propagate sharemodes across all GPFS nodes\&. This should only be used if the GPFS file system is exclusively exported by Samba\&. Access by local unix application or NFS exports could lead to corrupted files\&. +.RE +.sp +.RE +.RE +.PP +gpfs:leases = [ yes | no ] +.RS 4 +Enable/Disable cross node leases (oplocks) for GPFS\&. You should also set the +oplocks +and +kernel oplocks +options to the same value\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +yes(default) +\- propagate leases across all GPFS nodes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no +\- do not propagate leases across all GPFS nodes\&. This should only be used if the GPFS file system is exclusively exported by Samba\&. Access by local unix application or NFS exports could lead to corrupted files\&. +.RE +.sp +.RE +.RE +.PP +gpfs:hsm = [ yes | no ] +.RS 4 +Enable/Disable announcing if this FS has HSM enabled\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no(default) +\- Do not announce HSM\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no +\- Announce HSM\&. +.RE +.sp +.RE +.RE +.PP +gpfs:getrealfilename = [ yes | no ] +.RS 4 +Enable/Disable usage of the +gpfs_get_realfilename_path() +function\&. This improves the casesensitive wildcard file name access\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +yes(default) +\- use +gpfs_get_realfilename_path()\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no +\- do not use +gpfs_get_realfilename_path()\&. It seems that +gpfs_get_realfilename_path() +doesn\'t work on AIX\&. +.RE +.sp +.RE +.RE +.PP +gpfs:winattr = [ yes | no ] +.RS 4 +Enable/Disable usage of the windows attributes in GPFS\&. GPFS is able to store windows file attributes e\&.g\&. HIDDEN, READONLY, SYSTEM and others natively\&. That means Samba doesn\'t need to map them to permission bits or extended attributes\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no(default) +\- do not use GPFS windows attributes\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +yes +\- use GPFS windows attributes\&. +.RE +.sp +.RE +.RE +.PP +gpfs:merge_writeappend = [ yes | no ] +.RS 4 +GPFS ACLs doesn\'t know about the \'APPEND\' right\&. This optionen lets Samba map the \'APPEND\' right to \'WRITE\'\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +yes(default) +\- map \'APPEND\' to \'WRITE\'\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no +\- do not map \'APPEND\' to \'WRITE\'\&. +.RE +.sp +.RE +.RE +.PP +gpfs:refuse_dacl_protected = [ yes | no ] +.RS 4 +As GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would be the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is currently silently ignored by Samba\&. That means that if you deselect the "Allow inheritable permissions\&.\&.\&." checkbox in Windows\' ACL dialog and then apply the ACL, the flag will be back immediately\&. +.sp +To make sure that automatic migration with e\&.g\&. robocopy does not lead to ACLs silently (and unintentionally) changed, you can set +gpfs:refuse_dacl_protected = yes +to enable an explicit check for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so errors are shown up on the Windows side and the Administrator is aware of the ACLs not being settable like intended +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +no(default) +\- ignore the DESC_DACL_PROTECTED flags\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +yes +\- reject ACLs with DESC_DACL_PROTECTED\&. +.RE +.sp +.RE +.RE +.PP nfs4:mode = [ simple | special ] .RS 4 Enable/Disable substitution of special IDs on GPFS\&. This parameter should not affect the windows users in anyway\&. It only ensures that Samba sets the special IDs \- OWNER@ and GROUP@ ( mappings to simple uids ) that are relevant to GPFS\&. @@ -102,6 +348,7 @@ simple(default) .\} special \- use special IDs in GPFS ACEs\&. +.RE .sp .RE .RE @@ -158,6 +405,7 @@ ignore .\} merge \- bitwise OR the 2 ace\&.flag fields and 2 ace\&.mask fields of the 2 duplicate ACEs into 1 ACE +.RE .sp .RE .RE @@ -192,6 +440,38 @@ yes .\} no (default) \- Disable chown +.RE +.sp +.RE +.RE +.PP +gpfs:syncio = [yes|no] +.RS 4 +This parameter makes Samba open all files with O_SYNC\&. This triggers optimizations in GPFS for workloads that heavily share files\&. +.sp +Following is the behaviour of Samba for different values: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +yesOpen files with O_SYNC +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +no (default)Open files as normal Samba would do +.RE .sp .RE .RE @@ -214,9 +494,25 @@ A GPFS mount can be exported via Samba as follows : .\} .SH "CAVEATS" .PP -The gpfs gpl libraries are required by +Depending on the version of gpfs, the +libgpfs_gpl +library or the +libgpfs +library is needed at runtime by the gpfs -VFS module during both compilation and runtime\&. Also this VFS module is tested to work on SLES 9/10 and RHEL 4\&.4 +VFS module: Starting with gpfs 3\&.2\&.1 PTF8, the complete +libgpfs +is available as open source and +libgpfs_gpl +does no longer exist\&. With earlier versions of gpfs, only the +libgpfs_gpl +library was open source and could be used at run time\&. +.PP +At build time, only the header file +gpfs_gpl\&.h +is required , which is a symlink to +gpfs\&.h +in gpfs versions newer than 3\&.2\&.1 PTF8\&. .SH "VERSION" .PP This man page is correct for version 3\&.0\&.25 of the Samba suite\&. diff --git a/docs/manpages/vfs_netatalk.8 b/docs/manpages/vfs_netatalk.8 index 1ef0dd13eb..e1571532c2 100644 --- a/docs/manpages/vfs_netatalk.8 +++ b/docs/manpages/vfs_netatalk.8 @@ -2,12 +2,12 @@ .\" Title: vfs_netatalk .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_NETATALK" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_NETATALK" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_notify_fam.8 b/docs/manpages/vfs_notify_fam.8 index cb8e49b490..1ef7d56331 100644 --- a/docs/manpages/vfs_notify_fam.8 +++ b/docs/manpages/vfs_notify_fam.8 @@ -2,12 +2,12 @@ .\" Title: vfs_notify_fam .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_NOTIFY_FAM" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_NOTIFY_FAM" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_prealloc.8 b/docs/manpages/vfs_prealloc.8 index 025034328d..af050e6052 100644 --- a/docs/manpages/vfs_prealloc.8 +++ b/docs/manpages/vfs_prealloc.8 @@ -2,12 +2,12 @@ .\" Title: vfs_prealloc .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_PREALLOC" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_PREALLOC" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -76,6 +76,7 @@ M .\} G \- BYTES is a number of gigabytes +.RE .sp .RE .RE diff --git a/docs/manpages/vfs_preopen.8 b/docs/manpages/vfs_preopen.8 index 282cad89f3..de2f8fe7ef 100644 --- a/docs/manpages/vfs_preopen.8 +++ b/docs/manpages/vfs_preopen.8 @@ -2,12 +2,12 @@ .\" Title: vfs_preopen .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_PREOPEN" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_PREOPEN" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_readahead.8 b/docs/manpages/vfs_readahead.8 index 2e406c34d7..65db0e943b 100644 --- a/docs/manpages/vfs_readahead.8 +++ b/docs/manpages/vfs_readahead.8 @@ -2,12 +2,12 @@ .\" Title: vfs_readahead .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_READAHEAD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_READAHEAD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -90,6 +90,7 @@ M .\} G \- BYTES is a number of gigabytes +.RE .SH "EXAMPLES" .sp .if n \{\ diff --git a/docs/manpages/vfs_readonly.8 b/docs/manpages/vfs_readonly.8 index 8eccf2ab4c..cfdcaa60c8 100644 --- a/docs/manpages/vfs_readonly.8 +++ b/docs/manpages/vfs_readonly.8 @@ -2,12 +2,12 @@ .\" Title: vfs_readonly .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_READONLY" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_READONLY" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_recycle.8 b/docs/manpages/vfs_recycle.8 index dd913a01d4..27541fbfe4 100644 --- a/docs/manpages/vfs_recycle.8 +++ b/docs/manpages/vfs_recycle.8 @@ -2,12 +2,12 @@ .\" Title: vfs_recycle .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_RECYCLE" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_RECYCLE" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_scannedonly.8 b/docs/manpages/vfs_scannedonly.8 index 19a0fe7ff0..4f6aa7c4b4 100644 --- a/docs/manpages/vfs_scannedonly.8 +++ b/docs/manpages/vfs_scannedonly.8 @@ -2,12 +2,12 @@ .\" Title: vfs_scannedonly .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_SCANNEDONLY" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_SCANNEDONLY" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -149,7 +149,7 @@ Enable anti\-virus scanning: This is not true on\-access scanning\&. However, it is very fast for files that have been scanned already\&. .SH "VERSION" .PP -This man page is correct for version 3\&.5\&.0 of the Samba suite\&. +This man page is correct for version 3\&.6\&.0 of the Samba suite\&. .SH "AUTHOR" .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Scannedonly was developed for Samba by Olivier Sessink\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. diff --git a/docs/manpages/vfs_shadow_copy.8 b/docs/manpages/vfs_shadow_copy.8 index 65ba062c89..5fc9d262d0 100644 --- a/docs/manpages/vfs_shadow_copy.8 +++ b/docs/manpages/vfs_shadow_copy.8 @@ -2,12 +2,12 @@ .\" Title: vfs_shadow_copy .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_SHADOW_COPY" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_SHADOW_COPY" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -114,6 +114,7 @@ is the 2 digit minute .\} ss is the 2 digit second\&. +.RE .sp .RE .PP diff --git a/docs/manpages/vfs_shadow_copy2.8 b/docs/manpages/vfs_shadow_copy2.8 index 404dd80eb2..90d2a39a31 100644 --- a/docs/manpages/vfs_shadow_copy2.8 +++ b/docs/manpages/vfs_shadow_copy2.8 @@ -2,12 +2,12 @@ .\" Title: vfs_shadow_copy2 .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_SHADOW_COPY2" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_SHADOW_COPY2" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -140,6 +140,7 @@ is the 2 digit minute .\} ss is the 2 digit second\&. +.RE .sp .RE .PP @@ -171,6 +172,21 @@ shadow:basedir = BASEDIR Path to the base directory that snapshots are from\&. .RE .PP +shadow:sort = asc/desc, or not specified for unsorted (default) +.RS 4 +By this parameter one can specify that the shadow copy directories should be sorted before they are sent to the client\&. This can be beneficial as unix filesystems are usually not listed alphabetically sorted\&. If enabled, you typically want to specify descending order\&. +.RE +.PP +shadow:localtime = yes/no +.RS 4 +This is an optional parameter that indicates whether the snapshot names are in UTC/GMT or in local time\&. By default UTC is expected\&. +.RE +.PP +shadow:format = format specification for snapshot names +.RS 4 +This is an optional parameter that specifies the format specification for the naming of snapshots\&. The format must be compatible with the conversion specifications recognized by str[fp]time\&. The default value is "@GMT\-%Y\&.%m\&.%d\-%H\&.%M\&.%S"\&. +.RE +.PP shadow:fixinodes = yes/no .RS 4 If you enable @@ -189,6 +205,7 @@ Add shadow copy support to user home directories: \m[blue]\fBvfs objects = shadow_copy2\fR\m[] \m[blue]\fBshadow:snapdir = /data/snaphots\fR\m[] \m[blue]\fBshadow:basedir = /data/home\fR\m[] + \m[blue]\fBshadow:sort = desc\fR\m[] .fi .if n \{\ .RE diff --git a/docs/manpages/vfs_smb_traffic_analyzer.8 b/docs/manpages/vfs_smb_traffic_analyzer.8 index def1140233..fe0e8bf3d9 100644 --- a/docs/manpages/vfs_smb_traffic_analyzer.8 +++ b/docs/manpages/vfs_smb_traffic_analyzer.8 @@ -2,12 +2,12 @@ .\" Title: smb_traffic_analyzer .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "SMB_TRAFFIC_ANALYZER" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "SMB_TRAFFIC_ANALYZER" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -31,10 +31,11 @@ suite\&. .PP The vfs_smb_traffic_analyzer -VFS module logs client write and read operations on a Samba server and sends this data over a socket to a helper program, which feeds a SQL database\&. More information on the helper programs can be obtained from the homepage of the project at: http://holger123\&.wordpress\&.com/smb\-traffic\-analyzer/ +VFS module logs client file operations on a Samba server and sends this data over a socket to a helper program (in the following the "Receiver"), which feeds a SQL database\&. More information on the helper programs can be obtained from the homepage of the project at: http://holger123\&.wordpress\&.com/smb\-traffic\-analyzer/ Since the VFS module depends on a receiver that is doing something with the data, it is evolving in it\'s development\&. Therefore, the module works with different protocol versions, and the receiver has to be able to decode the protocol that is used\&. The protocol version 1 was introduced to Samba at September 25, 2008\&. It was a very simple protocol, supporting only a small list of VFS operations, and had several drawbacks\&. The protocol version 2 is a try to solve the problems version 1 had while at the same time adding new features\&. With the release of Samba 3\&.6\&.0, the module will run protocol version 2 by default\&. +.SH "PROTOCOL VERSION 1 DOCUMENTATION" .PP vfs_smb_traffic_analyzer -currently is aware of the following VFS operations: +protocol version 1 is aware of the following VFS operations: .RS 4 write .RE @@ -146,11 +147,130 @@ FILENAME .\} TIMESTAMP \- a timestamp, formatted as "yyyy\-mm\-dd hh\-mm\-ss\&.ms" indicating when the VFS operation occured +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +IP +\- The IP Address (v4 or v6) of the client machine that initiated the VFS operation\&. +.RE .sp .RE .PP This module is stackable\&. -.SH "OPTIONS" +.SH "DRAWBACKS OF PROTOCOL VERSION 1" +.PP +Several drawbacks have been seen with protocol version 1 over time\&. +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +Problematic parsing \- +Protocol version 1 uses hyphen and comma to seperate blocks of data\&. Once there is a filename with a hyphen, you will run into problems because the receiver decodes the data in a wrong way\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +Insecure network transfer \- +Protocol version 1 sends all it\'s data as plaintext over the network\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +Limited set of supported VFS operations \- +Protocol version 1 supports only four VFS operations\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} + +No subreleases of the protocol \- +Protocol version 1 is fixed on it\'s version, making it unable to introduce new features or bugfixes through compatible sub\-releases\&. +.RE +.SH "VERSION 2 OF THE PROTOCOL" +.PP +Protocol version 2 is an approach to solve the problems introduced with protcol v1\&. From the users perspective, the following changes are most prominent among other enhancements: +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The data from the module may be send encrypted, with a key stored in secrets\&.tdb\&. The Receiver then has to use the same key\&. The module does AES block encryption over the data to send\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The module now can identify itself against the receiver with a sub\-release number, where the receiver may run with a different sub\-release number than the module\&. However, as long as both run on the V2\&.x protocol, the receiver will not crash, even if the module uses features only implemented in the newer subrelease\&. If the module uses a new feature from a newer subrelease, and the receiver runs an older protocol, it is just ignoring the functionality\&. Of course it is best to have both the receiver and the module running the same subrelease of the protocol\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The parsing problems of protocol V1 can no longer happen, because V2 is marshalling the data packages in a proper way\&. +.RE +.sp +.RS 4 +.ie n \{\ +\h'-04'\(bu\h'+03'\c +.\} +.el \{\ +.sp -1 +.IP \(bu 2.3 +.\} +The module now potientially has the ability to create data on every VFS function\&. As of protocol V2\&.0, there is support for 8 VFS functions, namely write,read,pread,pwrite, rename,chdir,mkdir and rmdir\&. Supporting more VFS functions is one of the targets for the upcoming sub\-releases\&. +.RE +.sp +.RE +.PP +To enable protocol V2, the protocol_version vfs option has to be used (see OPTIONS)\&. +.SH "OPTIONS WITH PROTOCOL V1 AND V2.X" .PP smb_traffic_analyzer:mode = STRING .RS 4 @@ -169,15 +289,37 @@ The module will send the data using the TCP port given in STRING\&. .PP smb_traffic_analyzer:anonymize_prefix = STRING .RS 4 -The module will replace the user names with a prefix given by STRING and a simple hash number\&. +The module will replace the user names with a prefix given by STRING and a simple hash number\&. In version 2\&.x of the protocol, the users SID will also be anonymized\&. .RE .PP smb_traffic_analyzer:total_anonymization = STRING .RS 4 -If STRING matches to \'yes\', the module will replace any user name with the string given by the option smb_traffic_analyzer:anonymize_prefix, without generating an additional hash number\&. This means that any transfer data will be mapped to a single user, leading to a total anonymization of user related data\&. +If STRING matches to \'yes\', the module will replace any user name with the string given by the option smb_traffic_analyzer:anonymize_prefix, without generating an additional hash number\&. This means that any transfer data will be mapped to a single user, leading to a total anonymization of user related data\&. In version 2\&.x of the protocol, the users SID will also be anonymized\&. +.RE +.PP +smb_traffic_analyzer:protocol_version = STRING +.RS 4 +If STRING matches to V1, the module will use version 1 of the protocol\&. If STRING is not given, the module will use version 2 of the protocol, which is the default\&. .RE .SH "EXAMPLES" .PP +Running protocol V2 on share "example_share", using an internet socket\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + \fI[example_share]\fR + \m[blue]\fBpath = /data/example\fR\m[] + \m[blue]\fBvfs_objects = smb_traffic_analyzer\fR\m[] + \m[blue]\fBsmb_traffic_analyzer:host = examplehost\fR\m[] + \m[blue]\fBsmb_traffic_analyzer:port = 3491\fR\m[] + +.fi +.if n \{\ +.RE +.\} +.PP The module running on share "example_share", using a unix domain socket .sp .if n \{\ diff --git a/docs/manpages/vfs_streams_depot.8 b/docs/manpages/vfs_streams_depot.8 index 5485d9fa58..680a9e6f2b 100644 --- a/docs/manpages/vfs_streams_depot.8 +++ b/docs/manpages/vfs_streams_depot.8 @@ -2,12 +2,12 @@ .\" Title: vfs_streams_depot .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_STREAMS_DEPOT" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_STREAMS_DEPOT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_streams_xattr.8 b/docs/manpages/vfs_streams_xattr.8 index 89566cc344..3f23972c46 100644 --- a/docs/manpages/vfs_streams_xattr.8 +++ b/docs/manpages/vfs_streams_xattr.8 @@ -2,12 +2,12 @@ .\" Title: vfs_streams_xattr .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_STREAMS_XATTR" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_STREAMS_XATTR" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfs_time_audit.8 b/docs/manpages/vfs_time_audit.8 new file mode 100644 index 0000000000..4c58096f80 --- /dev/null +++ b/docs/manpages/vfs_time_audit.8 @@ -0,0 +1,71 @@ +'\" t +.\" Title: vfs_time_audit +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> +.\" Date: 01/22/2012 +.\" Manual: System Administration tools +.\" Source: Samba 3.6 +.\" Language: English +.\" +.TH "VFS_TIME_AUDIT" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +vfs_time_audit \- samba vfs module to log slow VFS operations +.SH "SYNOPSIS" +.HP \w'\ 'u +vfs objects = time_audit +.SH "DESCRIPTION" +.PP +This VFS module is part of the +\fBsamba\fR(7) +suite\&. +.PP +The +time_audit +VFS module logs system calls that take longer than the number of milliseconds defined by the variable +time_audit:audit_timeout\&. It will log the calls and the time spent in it\&. +.PP +It\'s kind of comparable with +strace \-T +and is helpful to reveal performance problems with the underlying file and storage subsystems\&. +.PP +This module is stackable\&. +.SH "OPTIONS" +.PP +time_audit:audit_timeout = number of milliseconds +.RS 4 +VFS calls that take longer than the defined number of milliseconds that should be logged\&. The default is 10000 (10s)\&. +.RE +.SH "EXAMPLES" +.PP +This would log VFS calls that take longer than 3 seconds: +.sp +.if n \{\ +.RS 4 +.\} +.nf + \fI[sample_share]\fR + \m[blue]\fBpath = /test/sample_share\fR\m[] + \m[blue]\fBvfs objects = time_audit\fR\m[] + \m[blue]\fBtime_audit: audit_timeout = 3000\fR\m[] +.fi +.if n \{\ +.RE +.\} +.SH "VERSION" +.PP +This man page is correct for version 3\&.6\&.0 of the Samba suite\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. +.PP +The time_audit VFS module was created with contributions from Abhidnya Chirmule\&. diff --git a/docs/manpages/vfs_xattr_tdb.8 b/docs/manpages/vfs_xattr_tdb.8 index 5626b0001b..a7ff006c4b 100644 --- a/docs/manpages/vfs_xattr_tdb.8 +++ b/docs/manpages/vfs_xattr_tdb.8 @@ -2,12 +2,12 @@ .\" Title: vfs_xattr_tdb .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFS_XATTR_TDB" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "VFS_XATTR_TDB" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1 index f630e03f33..08139f94a4 100644 --- a/docs/manpages/vfstest.1 +++ b/docs/manpages/vfstest.1 @@ -2,12 +2,12 @@ .\" Title: vfstest .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "VFSTEST" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "VFSTEST" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -518,6 +518,7 @@ mknod .\} realpath \- VFS realpath() +.RE .sp .RE .PP @@ -581,6 +582,7 @@ freemem .\} exit \- Exit vfstest +.RE .SH "VERSION" .PP This man page is correct for version 3 of the Samba suite\&. diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 72ddbceee3..5c8c876dae 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -2,12 +2,12 @@ .\" Title: wbinfo .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: User Commands -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "WBINFO" "1" "08/02/2011" "Samba 3\&.5" "User Commands" +.TH "WBINFO" "1" "01/22/2012" "Samba 3\&.6" "User Commands" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -22,7 +22,7 @@ wbinfo \- Query information from winbind daemon .SH "SYNOPSIS" .HP \w'\ 'u -wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-P|\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-\-remove\-uid\-mapping\ uid,sid] [\-\-remove\-gid\-mapping\ gid,sid] [\-s\ sid] [\-\-separator] [\-\-sequence] [\-\-set\-auth\-user\ user%password] [\-\-set\-uid\-mapping\ uid,sid] [\-\-set\-gid\-mapping\ gid,sid] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid] +wbinfo [\-a\ user%password] [\-\-all\-domains] [\-\-allocate\-gid] [\-\-allocate\-uid] [\-c] [\-\-ccache\-save] [\-\-change\-user\-password] [\-D\ domain] [\-\-domain\ domain] [\-\-dsgetdcname\ domain] [\-g] [\-\-getdcname\ domain] [\-\-get\-auth\-user] [\-G\ gid] [\-\-gid\-info] [\-\-group\-info] [\-\-help|\-?] [\-i\ user] [\-I\ ip] [\-K\ user%password] [\-\-lanman] [\-m] [\-n\ name] [\-N\ netbios\-name] [\-\-ntlmv2] [\-\-online\-status] [\-\-own\-domain] [\-p] [\-P|\-\-ping\-dc] [\-r\ user] [\-R|\-\-lookup\-rids] [\-s\ sid] [\-\-separator] [\-\-set\-auth\-user\ user%password] [\-S\ sid] [\-\-sid\-aliases] [\-\-sid\-to\-fullname] [\-t] [\-u] [\-\-uid\-info\ uid] [\-\-usage] [\-\-user\-domgroups\ sid] [\-\-user\-sids\ sid] [\-U\ uid] [\-V] [\-\-verbose] [\-Y\ sid] .SH "DESCRIPTION" .PP This tool is part of the @@ -101,7 +101,6 @@ Change the password of a user\&. The old and new password will be prompted\&. This parameter sets the domain on which any specified operations will performed\&. If special domain name \'\&.\' is used to represent the current domain to which \fBwinbindd\fR(8) belongs\&. Currently only the -\fB\-\-sequence\fR, \fB\-u\fR, and \fB\-g\fR options honor this parameter\&. @@ -236,6 +235,11 @@ Check whether is still alive\&. Prints out either \'succeeded\' or \'failed\'\&. .RE .PP +\-P|\-\-ping\-dc +.RS 4 +Issue a no\-effect command to our DC\&. This checks if our secure channel connection to our domain controller is still alive\&. It has much less impact than wbinfo \-t\&. +.RE +.PP \-r|\-\-user\-groups \fIusername\fR .RS 4 Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&. @@ -260,11 +264,6 @@ option above\&. SIDs must be specified as ASCII strings in the traditional Micro Get the active winbind separator\&. .RE .PP -\-\-sequence -.RS 4 -Show sequence numbers of all known domains\&. -.RE -.PP \-\-set\-auth\-user \fIusername%password\fR .RS 4 Store username and password used by @@ -327,7 +326,7 @@ Get user group SIDs for user\&. .PP \-U|\-\-uid\-to\-sid \fIuid\fR .RS 4 -Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap uid range then the operation will fail\&. +Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap range then the operation will fail\&. .RE .PP \-\-verbose @@ -342,26 +341,6 @@ Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX gro then the operation will fail\&. .RE .PP -\-\-remove\-uid\-mapping uid,sid -.RS 4 -Remove an existing uid to sid mapping entry from the IDmap backend\&. -.RE -.PP -\-\-remove\-gid\-mapping gid,sid -.RS 4 -Remove an existing gid to sid mapping entry from the IDmap backend\&. -.RE -.PP -\-\-set\-uid\-mapping uid,sid -.RS 4 -Create a new or modify an existing uid to sid mapping in the IDmap backend\&. -.RE -.PP -\-\-set\-gid\-mapping gid,sid -.RS 4 -Create a new or modify an existing gid to sid mapping in the IDmap backend\&. -.RE -.PP \-V|\-\-version .RS 4 Prints the program version number\&. diff --git a/docs/manpages/winbind_krb5_locator.7 b/docs/manpages/winbind_krb5_locator.7 index d0c34f2f3d..394d60025e 100644 --- a/docs/manpages/winbind_krb5_locator.7 +++ b/docs/manpages/winbind_krb5_locator.7 @@ -2,12 +2,12 @@ .\" Title: winbind_krb5_locator .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: 7 -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "WINBIND_KRB5_LOCATOR" "7" "08/02/2011" "Samba 3\&.5" "7" +.TH "WINBIND_KRB5_LOCATOR" "7" "01/22/2012" "Samba 3\&.6" "7" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 0e74f560cb..22ff268c3e 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -2,12 +2,12 @@ .\" Title: winbindd .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "WINBINDD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "WINBINDD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -39,11 +39,9 @@ smbd, ntlm_auth and the pam_winbind\&.so -PAM module, by managing connections to domain controllers\&. In this configuraiton the -\m[blue]\fBidmap uid\fR\m[] -and -\m[blue]\fBidmap gid\fR\m[] -parameters are not required\&. (This is known as `netlogon proxy only mode\'\&.) +PAM module, by managing connections to domain controllers\&. In this configuration the +\m[blue]\fBidmap config * : range\fR\m[] +parameter is not required\&. (This is known as `netlogon proxy only mode\'\&.) .PP The Name Service Switch allows user and system information to be obtained from different databases services such as NIS or DNS\&. The exact behaviour can be configured through the /etc/nsswitch\&.conf @@ -265,7 +263,7 @@ file\&. All parameters should be specified in the [global] section of smb\&.conf .IP \(bu 2.3 .\} -\m[blue]\fBidmap uid\fR\m[] +\m[blue]\fBidmap config * : range\fR\m[] .RE .sp .RS 4 @@ -277,19 +275,7 @@ file\&. All parameters should be specified in the [global] section of smb\&.conf .IP \(bu 2.3 .\} -\m[blue]\fBidmap gid\fR\m[] -.RE -.sp -.RS 4 -.ie n \{\ -\h'-04'\(bu\h'+03'\c -.\} -.el \{\ -.sp -1 -.IP \(bu 2.3 -.\} - -\m[blue]\fBidmap backend\fR\m[] +\m[blue]\fBidmap config * : backend\fR\m[] .RE .sp .RS 4 @@ -375,6 +361,7 @@ file\&. All parameters should be specified in the [global] section of smb\&.conf \m[blue]\fBwinbind: rpc only\fR\m[] Setting this parameter forces winbindd to use RPC instead of LDAP to retrieve information from Domain Controllers\&. +.RE .SH "EXAMPLE SETUP" .PP To setup winbindd for user and group lookups plus authentication from a domain controller use something like the following setup\&. This was tested on an early Red Hat Linux box\&. @@ -477,8 +464,7 @@ containing directives like the following: winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U - idmap uid = 10000\-20000 - idmap gid = 10000\-20000 + idmap config * : range = 10000\-20000 workgroup = DOMAIN security = domain password server = * @@ -506,7 +492,7 @@ PAM is really easy to misconfigure\&. Make sure you know what you are doing when .PP If more than one UNIX machine is running winbindd, then in general the user and groups ids allocated by winbindd will not be the same\&. The user and group ids will only be valid for the local machine, unless a shared -\m[blue]\fBidmap backend\fR\m[] +\m[blue]\fBidmap config * : backend\fR\m[] is configured\&. .PP If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost\&. |