Moving docs tree to docs-xml to make room for generated docs in the release tarball.

(This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14)

1 files changed, 76 insertions, 0 deletions

diff --git a/docs-xml/smbdotconf/security/maptoguest.xml b/docs-xml/smbdotconf/security/maptoguest.xml
new file mode 100644
index 0000000000..0f680ae71c
--- /dev/null
+++ b/docs-xml/smbdotconf/security/maptoguest.xml
@@ -0,0 +1,76 @@
+<samba:parameter name="map to guest"
+				 type="enum"
+                 context="G"
+                 advanced="1" developer="1"
+		 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>This parameter is only useful in <smbconfoption name="SECURITY">
+    security</smbconfoption> modes other than <parameter moreinfo="none">security = share</parameter> 
+    and <parameter moreinfo="none">security = server</parameter>
+    - i.e. <constant>user</constant>, and <constant>domain</constant>.</para>
+
+    <para>This parameter can take four different values, which tell
+    <citerefentry><refentrytitle>smbd</refentrytitle>
+    <manvolnum>8</manvolnum></citerefentry> what to do with user 
+    login requests that don't match a valid UNIX user in some way.</para>
+
+    <para>The four settings are :</para>
+
+    <itemizedlist>
+	<listitem>
+	    <para><constant>Never</constant> - Means user login 
+	    requests with an invalid password are rejected. This is the 
+	    default.</para>
+	</listitem>
+			
+	<listitem>
+	    <para><constant>Bad User</constant> - Means user
+	    logins with an invalid password are rejected, unless the username 
+	    does not exist, in which case it is treated as a guest login and 
+	    mapped into the <smbconfoption name="guest account"/>.</para>
+	</listitem>
+
+	<listitem>
+	    <para><constant>Bad Password</constant> - Means user logins 
+	    with an invalid password are treated as a guest login and mapped 
+	    into the <smbconfoption name="guest account"/>. Note that 
+	    this can cause problems as it means that any user incorrectly typing 
+	    their password will be silently logged on as &quot;guest&quot; - and 
+	    will not know the reason they cannot access files they think
+	    they should - there will have been no message given to them
+	    that they got their password wrong. Helpdesk services will
+	    <emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to 
+	    guest</parameter> parameter this way :-).</para>
+	</listitem>
+	<listitem>
+	    <para><constant>Bad Uid</constant> - Is only applicable when Samba is configured
+	    in some type of domain mode security (security = {domain|ads}) and means that
+	    user logins which are successfully authenticated but which have no valid Unix
+	    user account (and smbd is unable to create one) should be mapped to the defined
+	    guest account. This was the default behavior of Samba 2.x releases.  Note that 
+	    if a member server is running winbindd,  this option should never be required
+	    because the nss_winbind library will export the Windows domain users and groups
+	    to the underlying OS via the Name Service Switch interface.</para>
+	</listitem>
+    </itemizedlist>
+
+    <para>Note that this parameter is needed to set up &quot;Guest&quot; 
+    share services when using <parameter moreinfo="none">security</parameter> modes other than 
+    share and server. This is because in these modes the name of the resource being
+    requested is <emphasis>not</emphasis> sent to the server until after 
+    the server has successfully authenticated the client so the server 
+    cannot make authentication decisions at the correct time (connection 
+    to the share) for &quot;Guest&quot; shares. This parameter is not useful with
+    <parameter moreinfo="none">security = server</parameter> as in this security mode
+    no information is returned about whether a user logon failed due to
+    a bad username or bad password, the same error is returned from a modern server
+    in both cases.</para>
+
+    <para>For people familiar with the older Samba releases, this 
+    parameter maps to the old compile-time setting of the <constant>
+		GUEST_SESSSETUP</constant> value in local.h.</para>
+</description>
+
+<value type="default">Never</value>
+<value type="example">Bad User</value>
+</samba:parameter>