summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2005-10-22 00:04:38 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:10 -0500
commitf88faa0105fdf47eccfa3212870ac3066ff8113c (patch)
tree3047258902356d4d4eff006087e3b8a3a1ad0659
parent90dd48edb48f0c3fdd52b2adcb206257a3de639a (diff)
downloadsamba-f88faa0105fdf47eccfa3212870ac3066ff8113c.tar.gz
samba-f88faa0105fdf47eccfa3212870ac3066ff8113c.tar.bz2
samba-f88faa0105fdf47eccfa3212870ac3066ff8113c.zip
Fixes and reformatting from Bug #3190, plus a clean-up.
(This used to be commit 8250e36fe34394938df16533f77869b93d3be761)
-rw-r--r--docs/smbdotconf/misc/dfreecommand.xml34
-rw-r--r--docs/smbdotconf/printing/printcapname.xml54
-rw-r--r--docs/smbdotconf/security/usekerberoskeytab.xml18
-rw-r--r--docs/smbdotconf/security/usernamemap.xml166
4 files changed, 139 insertions, 133 deletions
diff --git a/docs/smbdotconf/misc/dfreecommand.xml b/docs/smbdotconf/misc/dfreecommand.xml
index be5f00aabd..546cead306 100644
--- a/docs/smbdotconf/misc/dfreecommand.xml
+++ b/docs/smbdotconf/misc/dfreecommand.xml
@@ -5,51 +5,55 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>The <parameter moreinfo="none">dfree command</parameter> setting
+ <para>
+ The <parameter moreinfo="none">dfree command</parameter> setting
should only be used on systems where a problem occurs with the
internal disk space calculations. This has been known to happen
with Ultrix, but may occur with other operating systems. The
symptom that was seen was an error of &quot;Abort Retry
- Ignore&quot; at the end of each directory listing.</para>
+ Ignore&quot; at the end of each directory listing.
+ </para>
- <para>This setting allows the replacement of the internal routines to
+ <para>
+ This setting allows the replacement of the internal routines to
calculate the total disk space and amount available with an external
routine. The example below gives a possible script that might fulfill
- this function.</para>
+ this function.
+ </para>
- <para>In Samba version 3.0.21 this parameter has been changed to be
+ <para>
+ In Samba version 3.0.21 this parameter has been changed to be
a per-share parameter, and in addition the parameter
<smbconfoption name="dfree cache time"/>dfree cache time was added
to allow the output of this script to be cached for systems under
heavy load.
</para>
- <para>The external program will be passed a single parameter indicating
+ <para>
+ The external program will be passed a single parameter indicating
a directory in the filesystem being queried. This will typically consist
of the string <filename moreinfo="none">./</filename>. The script should return two
integers in ASCII. The first should be the total disk space in blocks,
and the second should be the number of available blocks. An optional
third return value can give the block size in bytes. The default
- blocksize is 1024 bytes.</para>
+ blocksize is 1024 bytes.
+ </para>
- <para>Note: Your script should <emphasis>NOT</emphasis> be setuid or
- setgid and should be owned by (and writeable only by) root!</para>
+ <para>
+ Note: Your script should <emphasis>NOT</emphasis> be setuid or
+ setgid and should be owned by (and writeable only by) root!
+ </para>
<para>Where the script dfree (which must be made executable) could be:
<programlisting format="linespecific">
#!/bin/sh
df $1 | tail -1 | awk '{print $2&quot; &quot;$4}'
</programlisting>
- </para>
-
- <para>or perhaps (on Sys V based systems):
+ or perhaps (on Sys V based systems):
<programlisting format="linespecific">
#!/bin/sh
/usr/bin/df -k $1 | tail -1 | awk '{print $3&quot; &quot;$5}'
</programlisting>
- </para>
-
- <para>
Note that you may have to replace the command names with full path names on some systems.
</para>
diff --git a/docs/smbdotconf/printing/printcapname.xml b/docs/smbdotconf/printing/printcapname.xml
index 7ade8881b6..90c575f31c 100644
--- a/docs/smbdotconf/printing/printcapname.xml
+++ b/docs/smbdotconf/printing/printcapname.xml
@@ -5,48 +5,50 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>printcap</synonym>
<description>
- <para>This parameter may be used to override the
- compiled-in default printcap name used by the server (usually <filename moreinfo="none">
- /etc/printcap</filename>). See the discussion of the <link
- linkend="PRINTERSSECT">[printers]</link> section above for reasons
- why you might want to do this.</para>
+ <para>
+ This parameter may be used to override the compiled-in default printcap name used by the server (usually
+ <filename moreinfo="none"> /etc/printcap</filename>). See the discussion of the <link
+ linkend="PRINTERSSECT">[printers]</link> section above for reasons why you might want to do this.
+ </para>
- <para>To use the CUPS printing interface set <command moreinfo="none">printcap name = cups
- </command>. This should be supplemented by an addtional setting
- <smbconfoption name="printing">cups</smbconfoption> in the [global]
- section. <command moreinfo="none">printcap name = cups</command> will use the
- &quot;dummy&quot; printcap created by CUPS, as specified in your CUPS
- configuration file.
+ <para>
+ To use the CUPS printing interface set <command moreinfo="none">printcap name = cups </command>. This should
+ be supplemented by an addtional setting <smbconfoption name="printing">cups</smbconfoption> in the [global]
+ section. <command moreinfo="none">printcap name = cups</command> will use the &quot;dummy&quot; printcap
+ created by CUPS, as specified in your CUPS configuration file.
</para>
- <para>On System V systems that use <command moreinfo="none">lpstat</command> to
+ <para>
+ On System V systems that use <command moreinfo="none">lpstat</command> to
list available printers you can use <command moreinfo="none">printcap name = lpstat
</command> to automatically obtain lists of available printers. This
is the default for systems that define SYSV at configure time in
Samba (this includes most System V based systems). If <parameter moreinfo="none">
printcap name</parameter> is set to <command moreinfo="none">lpstat</command> on
these systems then Samba will launch <command moreinfo="none">lpstat -v</command> and
- attempt to parse the output to obtain a printer list.</para>
+ attempt to parse the output to obtain a printer list.
+ </para>
- <para>A minimal printcap file would look something like this:</para>
-
-<para><programlisting format="linespecific">
+ <para>
+ A minimal printcap file would look something like this:
+<programlisting format="linespecific">
print1|My Printer 1
print2|My Printer 2
print3|My Printer 3
print4|My Printer 4
print5|My Printer 5
-</programlisting></para>
-
- <para>where the '|' separates aliases of a printer. The fact
- that the second alias has a space in it gives a hint to Samba
- that it's a comment.</para>
+</programlisting>
+ where the '|' separates aliases of a printer. The fact that the second alias has a space in
+ it gives a hint to Samba that it's a comment.
+ </para>
+
+ <note><para>
+ Under AIX the default printcap name is <filename moreinfo="none">/etc/qconfig</filename>. Samba will
+ assume the file is in AIX <filename moreinfo="none">qconfig</filename> format if the string <filename
+ moreinfo="none">qconfig</filename> appears in the printcap filename.
+ </para></note>
- <note><para>Under AIX the default printcap
- name is <filename moreinfo="none">/etc/qconfig</filename>. Samba will assume the
- file is in AIX <filename moreinfo="none">qconfig</filename> format if the string
- <filename moreinfo="none">qconfig</filename> appears in the printcap filename.</para></note>
- </description>
+</description>
<value type="default">/etc/printcap</value>
<value type="example">/etc/myprintcap</value>
diff --git a/docs/smbdotconf/security/usekerberoskeytab.xml b/docs/smbdotconf/security/usekerberoskeytab.xml
index 0fb9e0ff9e..ad6cc88278 100644
--- a/docs/smbdotconf/security/usekerberoskeytab.xml
+++ b/docs/smbdotconf/security/usekerberoskeytab.xml
@@ -3,18 +3,20 @@
type="boolean"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
-<para>
-Specifies whether Samba should attempt to maintain service principals in the systems
-keytab file for <constant>host/FQDN</constant> and <constant>cifs/FQDN</constant>.
-</para>
-
-<para>When you are using the heimdal Kerberos libraries, you must also
-specify the following in <filename>/etc/krb5.conf</filename>:</para>
+ <para>
+ Specifies whether Samba should attempt to maintain service principals in the systems
+ keytab file for <constant>host/FQDN</constant> and <constant>cifs/FQDN</constant>.
+ </para>
+ <para>
+ When you are using the heimdal Kerberos libraries, you must also specify the following in
+ <filename>/etc/krb5.conf</filename>:
<programlisting>
[libdefaults]
- default_keytab_name = FILE:/etc/krb5.keytab
+default_keytab_name = FILE:/etc/krb5.keytab
</programlisting>
+ </para>
+
</description>
<value type="default">False</value>
diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml
index c30e2327c5..59c0cdde7c 100644
--- a/docs/smbdotconf/security/usernamemap.xml
+++ b/docs/smbdotconf/security/usernamemap.xml
@@ -4,102 +4,102 @@
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option allows you to specify a file containing
- a mapping of usernames from the clients to the server. This can be
- used for several purposes. The most common is to map usernames
- that users use on DOS or Windows machines to those that the UNIX
- box uses. The other is to map multiple users to a single username
- so that they can more easily share files.</para>
-
- <para>Please note that for user or share mode security, the
- username map is applied prior to validating the user credentials.
- Domain member servers (domain or ads) apply the username map
- after the user has been successfully authenticated by the domain
- controller and require fully qualified enties in the map table
- (e.g. biddle = DOMAIN\foo).</para>
-
- <para>The map file is parsed line by line. Each line should
- contain a single UNIX username on the left then a '=' followed
- by a list of usernames on the right. The list of usernames on the
- right may contain names of the form @group in which case they
- will match any UNIX username in that group. The special client
- name '*' is a wildcard and matches any name. Each line of the
- map file may be up to 1023 characters long.</para>
-
- <para>The file is processed on each line by taking the
- supplied username and comparing it with each username on the right
- hand side of the '=' signs. If the supplied name matches any of
- the names on the right hand side then it is replaced with the name
- on the left. Processing then continues with the next line.</para>
-
- <para>If any line begins with a '#' or a ';' then it is ignored</para>
-
- <para>If any line begins with an '!' then the processing
- will stop after that line if a mapping was done by the line.
- Otherwise mapping continues with every line being processed.
- Using '!' is most useful when you have a wildcard mapping line
- later in the file.</para>
-
- <para>For example to map from the name <constant>admin</constant>
- or <constant>administrator</constant> to the UNIX name <constant>
- root</constant> you would use:</para>
-
- <para><command moreinfo="none">root = admin administrator</command></para>
+ <para>
+ This option allows you to specify a file containing a mapping of usernames from the clients to the server.
+ This can be used for several purposes. The most common is to map usernames that users use on DOS or Windows
+ machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they
+ can more easily share files.
+ </para>
- <para>Or to map anyone in the UNIX group <constant>system</constant>
- to the UNIX name <constant>sys</constant> you would use:</para>
+ <para>
+ Please note that for user or share mode security, the username map is applied prior to validating the user
+ credentials. Domain member servers (domain or ads) apply the username map after the user has been
+ successfully authenticated by the domain controller and require fully qualified enties in the map table (e.g.
+ biddle = DOMAIN\foo).
+ </para>
+
+ <para>
+ The map file is parsed line by line. Each line should contain a single UNIX username on the left then a '='
+ followed by a list of usernames on the right. The list of usernames on the right may contain names of the form
+ @group in which case they will match any UNIX username in that group. The special client name '*' is a
+ wildcard and matches any name. Each line of the map file may be up to 1023 characters long.
+ </para>
- <para><command moreinfo="none">sys = @system</command></para>
+ <para>
+ The file is processed on each line by taking the supplied username and comparing it with each username on the
+ right hand side of the '=' signs. If the supplied name matches any of the names on the right hand side then it
+ is replaced with the name on the left. Processing then continues with the next line.
+ </para>
- <para>You can have as many mappings as you like in a username map file.</para>
+ <para>
+ If any line begins with a '#' or a ';' then it is ignored.
+ </para>
+ <para>
+ If any line begins with an '!' then the processing will stop after that line if a mapping was done by the
+ line. Otherwise mapping continues with every line being processed. Using '!' is most useful when you have a
+ wildcard mapping line later in the file.
+ </para>
- <para>If your system supports the NIS NETGROUP option then
- the netgroup database is checked before the <filename moreinfo="none">/etc/group
- </filename> database for matching groups.</para>
+ <para>
+ For example to map from the name <constant>admin</constant> or <constant>administrator</constant> to the UNIX
+ name <constant> root</constant> you would use:
+<programlisting>
+<command moreinfo="none">root = admin administrator</command>
+</programlisting>
+ Or to map anyone in the UNIX group <constant>system</constant> to the UNIX name <constant>sys</constant> you would use:
+<programlisting>
+<command moreinfo="none">sys = @system</command>
+</programlisting>
+ </para>
- <para>You can map Windows usernames that have spaces in them
- by using double quotes around the name. For example:</para>
+ <para>
+ You can have as many mappings as you like in a username map file.
+ </para>
- <para><command moreinfo="none">tridge = &quot;Andrew Tridgell&quot;</command></para>
- <para>would map the windows username &quot;Andrew Tridgell&quot; to the
- unix username &quot;tridge&quot;.</para>
+ <para>
+ If your system supports the NIS NETGROUP option then the netgroup database is checked before the <filename
+ moreinfo="none">/etc/group </filename> database for matching groups.
+ </para>
- <para>The following example would map mary and fred to the
- unix user sys, and map the rest to guest. Note the use of the
- '!' to tell Samba to stop processing if it gets a match on
- that line.</para>
+ <para>
+ You can map Windows usernames that have spaces in them by using double quotes around the name. For example:
+<programlisting>
+<command moreinfo="none">tridge = &quot;Andrew Tridgell&quot;</command>
+</programlisting>
+ would map the windows username &quot;Andrew Tridgell&quot; to the unix username &quot;tridge&quot;.
+ </para>
-<para><programlisting format="linespecific">
+ <para>
+ The following example would map mary and fred to the unix user sys, and map the rest to guest. Note the use of the
+ '!' to tell Samba to stop processing if it gets a match on that line:
+<programlisting format="linespecific">
!sys = mary fred
guest = *
-</programlisting></para>
+</programlisting>
+ </para>
<para>
- Note that the remapping is applied to all occurrences
- of usernames. Thus if you connect to \\server\fred and <constant>
- fred</constant> is remapped to <constant>mary</constant> then you
- will actually be connecting to \\server\mary and will need to
- supply a password suitable for <constant>mary</constant> not
- <constant>fred</constant>. The only exception to this is the
- username passed to the <smbconfoption name="password server"/>
- (if you have one). The password server will receive whatever
- username the client supplies without modification.
+ Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and
+ <constant>fred</constant> is remapped to <constant>mary</constant> then you will actually be connecting to
+ \\server\mary and will need to supply a password suitable for <constant>mary</constant> not
+ <constant>fred</constant>. The only exception to this is the username passed to the <smbconfoption
+ name="password server"/> (if you have one). The password server will receive whatever username the client
+ supplies without modification.
</para>
- <para>Also note that no reverse mapping is done. The main effect
- this has is with printing. Users who have been mapped may have
- trouble deleting print jobs as PrintManager under WfWg will think
- they don't own the print job.</para>
+ <para>
+ Also note that no reverse mapping is done. The main effect this has is with printing. Users who have been
+ mapped may have trouble deleting print jobs as PrintManager under WfWg will think they don't own the print
+ job.
+ </para>
<para>
- Samba versions prior to 3.0.8 would only support reading the fully qualified
- username (e.g.: DOMAIN\user) from the username map when performing a
- kerberos login from a client. However, when looking up a map
- entry for a user authenticated by NTLM[SSP], only the login name would be
- used for matches. This resulted in inconsistent behavior sometimes
- even on the same server.
+ Samba versions prior to 3.0.8 would only support reading the fully qualified username (e.g.: DOMAIN\user) from
+ the username map when performing a kerberos login from a client. However, when looking up a map entry for a
+ user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent
+ behavior sometimes even on the same server.
</para>
<para>
@@ -107,16 +107,13 @@ guest = *
</para>
<para>
- When performing local authentication, the username map is
- applied to the login name before attempting to authenticate
+ When performing local authentication, the username map is applied to the login name before attempting to authenticate
the connection.
</para>
<para>
- When relying upon a external domain controller for validating
- authentication requests, smbd will apply the username map
- to the fully qualified username (i.e. DOMAIN\user) only
- after the user has been successfully authenticated.
+ When relying upon a external domain controller for validating authentication requests, smbd will apply the username map
+ to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated.
</para>
<para>
@@ -125,6 +122,7 @@ guest = *
username map = /usr/local/samba/lib/users.map
</programlisting>
</para>
+
</description>
<value type="default"><comment>no username map</comment></value>