summaryrefslogtreecommitdiff
path: root/docs/Samba3-HOWTO
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2005-07-08 10:16:53 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:04 -0500
commit97e3e540f72021d81b34f7597506da6cdc552b8a (patch)
tree0fbf5ca9ee58fead3c6ac25d60d27ffe25aeebf6 /docs/Samba3-HOWTO
parent9953c886c64bd94778d8b78aea4699748a15abac (diff)
downloadsamba-97e3e540f72021d81b34f7597506da6cdc552b8a.tar.gz
samba-97e3e540f72021d81b34f7597506da6cdc552b8a.tar.bz2
samba-97e3e540f72021d81b34f7597506da6cdc552b8a.zip
More updates.
(This used to be commit b546de20f793aeec7739ef32451d72582175ae58)
Diffstat (limited to 'docs/Samba3-HOWTO')
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-IDMAP.xml185
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-VFS.xml12
-rw-r--r--docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml144
3 files changed, 197 insertions, 144 deletions
diff --git a/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml b/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml
index a14c8b0b84..2ff794939c 100644
--- a/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml
+++ b/docs/Samba3-HOWTO/TOSHARG-IDMAP.xml
@@ -496,19 +496,24 @@ domain member servers (DMSs) and domain member clients (DMCs).
<title>NT4-Style Domains (Includes Samba Domains)</title>
<para>
- The following is a simple example of an NT4 DMS &smb.conf; file that shows only the global section.
-<screen>
-#Global parameters
-[global]
- workgroup = MEGANET2
- security = DOMAIN
- idmap uid = 10000-20000
- idmap gid = 10000-20000
- template primary group = "Domain Users"
- template shell = /bin/bash
-</screen>
+ <link linkend="idmapnt4dms">NT4 Domain Member Server smb.con</link> is a simple example of an NT4 DMS
+ &smb.conf; file that shows only the global section.
</para>
+<example id="idmapnt4dms">
+<title>NT4 Domain Member Server smb.conf</title>
+<smbconfblock>
+<smbconfcomment>Global parameters</smbconfcomment>
+<smbconfsection name="[global]"/>
+<smbconfoption name="workgroup">MEGANET2</smbconfoption>
+<smbconfoption name="security">DOMAIN</smbconfoption>
+<smbconfoption name="idmap uid">10000-20000</smbconfoption>
+<smbconfoption name="idmap gid">10000-20000</smbconfoption>
+<smbconfoption name="template primary group">"Domain Users"</smbconfoption>
+<smbconfoption name="template shell">/bin/bash</smbconfoption>
+</smbconfblock>
+</example>
+
<para>
<indexterm><primary>winbind</primary></indexterm>
<indexterm><primary>/etc/nsswitch.conf</primary></indexterm>
@@ -573,23 +578,27 @@ Join to domain 'MEGANET2' is not valid
<indexterm><primary>domain join</primary></indexterm>
<indexterm><primary>ADS domain</primary></indexterm>
The procedure for joining an ADS domain is similar to the NT4 domain join, except the &smb.conf; file
- will have the following contents:
-<screen>
-# Global parameters
-[global]
- workgroup = BUTTERNET
- netbios name = GARGOYLE
- realm = BUTTERNET.BIZ
- security = ADS
- template shell = /bin/bash
- idmap uid = 500-10000000
- idmap gid = 500-10000000
- winbind use default domain = Yes
- winbind nested groups = Yes
- printer admin = "BUTTERNET\Domain Admins"
-</screen>
+ will have the contents shown in <link linkend="idmapadsdms">ADS Domain Member Server smb.conf</link>
</para>
+<example id="idmapadsdms">
+<title>ADS Domain Member Server smb.conf</title>
+<smbconfblock>
+<smbconfcomment>Global parameters</smbconfcomment>
+<smbconfsection name="[global]"/>
+<smbconfoption name="workgroup">BUTTERNET</smbconfoption>
+<smbconfoption name="netbios name">GARGOYLE</smbconfoption>
+<smbconfoption name="realm">BUTTERNET.BIZ</smbconfoption>
+<smbconfoption name="security">ADS</smbconfoption>
+<smbconfoption name="template shell">/bin/bash</smbconfoption>
+<smbconfoption name="idmap uid">500-10000000</smbconfoption>
+<smbconfoption name="idmap gid">500-10000000</smbconfoption>
+<smbconfoption name="winbind use default domain">Yes</smbconfoption>
+<smbconfoption name="winbind nested groups">Yes</smbconfoption>
+<smbconfoption name="printer admin">"BUTTERNET\Domain Admins"</smbconfoption>
+</smbconfblock>
+</example>
+
<para>
<indexterm><primary>KRB</primary></indexterm>
<indexterm><primary>kerberos</primary></indexterm>
@@ -696,28 +705,33 @@ Join to domain is not valid
</para>
<para>
- An example &smb.conf; file for and ADS domain environment is shown here:
-<screen>
-# Global parameters
-[global]
- workgroup = KPAK
- netbios name = BIGJOE
- realm = CORP.KPAK.COM
- server string = Office Server
- security = ADS
- allow trusted domains = No
- idmap backend = idmap_rid:KPAK=500-100000000
- idmap uid = 500-100000000
- idmap gid = 500-100000000
- template shell = /bin/bash
- winbind use default domain = Yes
- winbind enum users = No
- winbind enum groups = No
- winbind nested groups = Yes
- printer admin = "Domain Admins"
-</screen>
+ An example &smb.conf; file for and ADS domain environment is shown in <link linkend="idmapadsridDMS">ADS
+ Domain Member smb.conf using idmap_rid</link>.
</para>
+<example id="idmapadsridDMS">
+<title>ADS Domain Member smb.conf using idmap_rid</title>
+<smbconfblock>
+<smbconfcomment>Global parameters</smbconfcomment>
+<smbconfsection name="[global]"/>
+<smbconfoption name="workgroup">KPAK</smbconfoption>
+<smbconfoption name="netbios name">BIGJOE</smbconfoption>
+<smbconfoption name="realm">CORP.KPAK.COM</smbconfoption>
+<smbconfoption name="server string">Office Server</smbconfoption>
+<smbconfoption name="security">ADS</smbconfoption>
+<smbconfoption name="allow trusted domains">No</smbconfoption>
+<smbconfoption name="idmap backend">idmap_rid:KPAK=500-100000000</smbconfoption>
+<smbconfoption name="idmap uid">500-100000000</smbconfoption>
+<smbconfoption name="idmap gid">500-100000000</smbconfoption>
+<smbconfoption name="template shell">/bin/bash</smbconfoption>
+<smbconfoption name="winbind use default domain">Yes</smbconfoption>
+<smbconfoption name="winbind enum users">No</smbconfoption>
+<smbconfoption name="winbind enum groups">No</smbconfoption>
+<smbconfoption name="winbind nested groups">Yes</smbconfoption>
+<smbconfoption name="printer admin">"Domain Admins"</smbconfoption>
+</smbconfblock>
+</example>
+
<para>
<indexterm><primary>large domain</primary></indexterm>
<indexterm><primary>Active Directory</primary></indexterm>
@@ -815,29 +829,31 @@ administrator:x:1000:1013:Administrator:/home/BE/administrator:/bin/bash
</para>
<para>
- The following example is for an ADS domain:
+ An example is for an ADS domain is shown in <link linkend="idmapldapDMS">ADS Domain Member Server using
+ LDAP</link>.
</para>
- <para>
-<screen>
-# Global parameters
-[global]
- workgroup = SNOWSHOW
- netbios name = GOODELF
- realm = SNOWSHOW.COM
- server string = Samba Server
- security = ADS
- log level = 1 ads:10 auth:10 sam:10 rpc:10
- ldap admin dn = cn=Manager,dc=SNOWSHOW,dc=COM
- ldap idmap suffix = ou=Idmap
- ldap suffix = dc=SNOWSHOW,dc=COM
- idmap backend = ldap:ldap://ldap.snowshow.com
- idmap uid = 150000-550000
- idmap gid = 150000-550000
- template shell = /bin/bash
- winbind use default domain = Yes
-</screen>
- </para>
+<example id="idmapldapDMS">
+<title>ADS Domain Member Server using LDAP</title>
+<smbconfblock>
+<smbconfcomment>Global parameters</smbconfcomment>
+<smbconfsection name="[global]"/>
+<smbconfoption name="workgroup">SNOWSHOW</smbconfoption>
+<smbconfoption name="netbios name">GOODELF</smbconfoption>
+<smbconfoption name="realm">SNOWSHOW.COM</smbconfoption>
+<smbconfoption name="server string">Samba Server</smbconfoption>
+<smbconfoption name="security">ADS</smbconfoption>
+<smbconfoption name="log level">1 ads:10 auth:10 sam:10 rpc:10</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=SNOWSHOW,dc=COM</smbconfoption>
+<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
+<smbconfoption name="ldap suffix">dc=SNOWSHOW,dc=COM</smbconfoption>
+<smbconfoption name="idmap backend">ldap:ldap://ldap.snowshow.com</smbconfoption>
+<smbconfoption name="idmap uid">150000-550000</smbconfoption>
+<smbconfoption name="idmap gid">150000-550000</smbconfoption>
+<smbconfoption name="template shell">/bin/bash</smbconfoption>
+<smbconfoption name="winbind use default domain">Yes</smbconfoption>
+</smbconfblock>
+</example>
<para>
<indexterm><primary>realm</primary></indexterm>
@@ -1018,23 +1034,28 @@ Joined 'GOODELF' to realm 'SNOWSHOW.COM'
</para>
<para>
- The following is an example &smb.conf; file:
-<screen>
-# Global parameters
-[global]
- workgroup = BOBBY
- realm = BOBBY.COM
- security = ADS
- idmap uid = 150000-550000
- idmap gid = 150000-550000
- template shell = /bin/bash
- winbind cache time = 5
- winbind use default domain = Yes
- winbind trusted domains only = Yes
- winbind nested groups = Yes
-</screen>
+ An example &smb.conf; file is shown in <link linkend="idmaprfc2307">ADS Domain Member Server using
+RFC2307bis Schema Extension Date via NSS</link>.
</para>
+<example id="idmaprfc2307">
+<title>ADS Domain Member Server using RFC2307bis Schema Extension Date via NSS</title>
+<smbconfblock>
+<smbconfcomment>Global parameters</smbconfcomment>
+<smbconfsection name="[global]"/>
+<smbconfoption name="workgroup">BOBBY</smbconfoption>
+<smbconfoption name="realm">BOBBY.COM</smbconfoption>
+<smbconfoption name="security">ADS</smbconfoption>
+<smbconfoption name="idmap uid">150000-550000</smbconfoption>
+<smbconfoption name="idmap gid">150000-550000</smbconfoption>
+<smbconfoption name="template shell">/bin/bash</smbconfoption>
+<smbconfoption name="winbind cache time">5</smbconfoption>
+<smbconfoption name="winbind use default domain">Yes</smbconfoption>
+<smbconfoption name="winbind trusted domains only">Yes</smbconfoption>
+<smbconfoption name="winbind nested groups">Yes</smbconfoption>
+</smbconfblock>
+</example>
+
<para>
<indexterm><primary>nss_ldap</primary></indexterm>
The DMS must be joined to the domain using the usual procedure. Additionally, it is necessary
diff --git a/docs/Samba3-HOWTO/TOSHARG-VFS.xml b/docs/Samba3-HOWTO/TOSHARG-VFS.xml
index 41b9562c40..02bf851c63 100644
--- a/docs/Samba3-HOWTO/TOSHARG-VFS.xml
+++ b/docs/Samba3-HOWTO/TOSHARG-VFS.xml
@@ -49,15 +49,15 @@ modules example</link>:
</para>
<example id="vfsrecyc">
- <title>smb.conf with VFS modules</title>
- <smbconfblock>
- <smbconfsection name="[audit]"/>
+<title>smb.conf with VFS modules</title>
+<smbconfblock>
+<smbconfsection name="[audit]"/>
<smbconfoption name="comment">Audited /data directory</smbconfoption>
<smbconfoption name="path">/data</smbconfoption>
<smbconfoption name="vfs objects">audit recycle</smbconfoption>
<smbconfoption name="writeable">yes</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
- </smbconfblock>
+</smbconfblock>
</example>
<para>
@@ -87,8 +87,8 @@ Some modules can be used twice for the same share. This can be done using a con
shown in <link linkend="multimodule">the smb.conf with multiple VFS modules</link>.
<example id="multimodule">
- <title>smb.conf with multiple VFS modules</title>
- <smbconfblock>
+<title>smb.conf with multiple VFS modules</title>
+<smbconfblock>
<smbconfsection name="[test]"/>
<smbconfoption name="comment">VFS TEST</smbconfoption>
<smbconfoption name="path">/data</smbconfoption>
diff --git a/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml b/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
index ab328eda0b..8898232304 100644
--- a/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
+++ b/docs/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
@@ -178,7 +178,7 @@ complete descriptions of new or modified parameters.
<title>Removed Parameters</title>
<indexterm><primary>deleted parameters</primary></indexterm>
-<para>In alphabetical order, these are the parameters eliminated for Samba 3.0.20.</para>
+<para>In alphabetical order, these are the parameters eliminated during the Samba 3.0.0 series prior to release of Samba 3.0.20.</para>
<itemizedlist>
<listitem><para>admin log </para></listitem>
@@ -190,17 +190,22 @@ complete descriptions of new or modified parameters.
<listitem><para>domain admin group </para></listitem>
<listitem><para>domain guest group </para></listitem>
<listitem><para>force unknown acl user </para></listitem>
+ <listitem><para>ldap filter</para></listitem>
<listitem><para>nt smb support </para></listitem>
<listitem><para>post script </para></listitem>
<listitem><para>printer driver </para></listitem>
<listitem><para>printer driver file </para></listitem>
<listitem><para>printer driver location </para></listitem>
+ <listitem><para>read size</para></listitem>
+ <listitem><para>source environment</para></listitem>
<listitem><para>status </para></listitem>
<listitem><para>strip dot </para></listitem>
<listitem><para>total print jobs </para></listitem>
+ <listitem><para>unicode</para></listitem>
<listitem><para>use rhosts </para></listitem>
<listitem><para>valid chars </para></listitem>
<listitem><para>vfs options </para></listitem>
+ <listitem><para>winbind enable local accounts</para></listitem>
</itemizedlist>
</sect2>
@@ -208,114 +213,135 @@ complete descriptions of new or modified parameters.
<sect2>
<title>New Parameters</title>
-<para>New parameters in Samba 3.0.20 are grouped by function):</para>
+<para>New parameters in the Samba 3.0.0 series prior to release of Samba 3.0.20 are grouped by function):</para>
<para>Remote Management</para>
<indexterm><primary>new parameters</primary></indexterm>
<itemizedlist>
- <listitem><para>abort shutdown script </para></listitem>
- <listitem><para>shutdown script </para></listitem>
+ <listitem><para>abort shutdown script</para></listitem>
+ <listitem><para>shutdown script</para></listitem>
</itemizedlist>
<para>User and Group Account Management</para>
<itemizedlist>
- <listitem><para>add group script </para></listitem>
- <listitem><para>add machine script </para></listitem>
- <listitem><para>add user to group script </para></listitem>
- <listitem><para>algorithmic rid base </para></listitem>
- <listitem><para>delete group script </para></listitem>
- <listitem><para>delete user from group script </para></listitem>
- <listitem><para>passdb backend </para></listitem>
- <listitem><para>set primary group script </para></listitem>
+ <listitem><para>add group script</para></listitem>
+ <listitem><para>add machine script</para></listitem>
+ <listitem><para>add user to group script</para></listitem>
+ <listitem><para>algorithmic rid base</para></listitem>
+ <listitem><para>delete group script</para></listitem>
+ <listitem><para>delete user from group script</para></listitem>
+ <listitem><para>passdb backend</para></listitem>
+ <listitem><para>set primary group script</para></listitem>
</itemizedlist>
<para>Authentication</para>
<itemizedlist>
- <listitem><para>auth methods </para></listitem>
- <listitem><para>realm </para></listitem>
+ <listitem><para>auth methods</para></listitem>
+ <listitem><para>ldap password sync</para></listitem>
+ <listitem><para>realm</para></listitem>
</itemizedlist>
<para>Protocol Options</para>
<itemizedlist>
- <listitem><para>client lanman auth </para></listitem>
- <listitem><para>client NTLMv2 auth </para></listitem>
- <listitem><para>client schannel </para></listitem>
- <listitem><para>client signing </para></listitem>
- <listitem><para>client use spnego </para></listitem>
- <listitem><para>disable netbios </para></listitem>
- <listitem><para>ntlm auth </para></listitem>
+ <listitem><para>afs token lifetime</para></listitem>
+ <listitem><para>client lanman auth</para></listitem>
+ <listitem><para>client NTLMv2 auth</para></listitem>
+ <listitem><para>client schannel</para></listitem>
+ <listitem><para>client signing</para></listitem>
+ <listitem><para>client use spnego</para></listitem>
+ <listitem><para>defer sharing violations</para></listitem>
+ <listitem><para>disable netbios</para></listitem>
+ <listitem><para>enable privileges</para></listitem>
+ <listitem><para>use kerberos keytab</para></listitem>
+ <listitem><para>log nt token command</para></listitem>
+ <listitem><para>ntlm auth</para></listitem>
<listitem><para>paranoid server security </para></listitem>
- <listitem><para>server schannel </para></listitem>
- <listitem><para>server signing </para></listitem>
- <listitem><para>smb ports </para></listitem>
- <listitem><para>use spnego </para></listitem>
+ <listitem><para>sendfile</para></listitem>
+ <listitem><para>server schannel</para></listitem>
+ <listitem><para>server signing</para></listitem>
+ <listitem><para>smb ports</para></listitem>
+ <listitem><para>use spnego</para></listitem>
</itemizedlist>
<para>File Service</para>
<itemizedlist>
- <listitem><para>get quota command </para></listitem>
- <listitem><para>hide special files </para></listitem>
- <listitem><para>hide unwriteable files </para></listitem>
- <listitem><para>hostname lookups </para></listitem>
- <listitem><para>kernel change notify </para></listitem>
- <listitem><para>mangle prefix </para></listitem>
- <listitem><para>map acl inherit </para></listitem>
- <listitem><para>msdfs proxy </para></listitem>
- <listitem><para>set quota command </para></listitem>
- <listitem><para>use sendfile </para></listitem>
- <listitem><para>vfs objects </para></listitem>
+ <listitem><para>allocation roundup size</para></listitem>
+ <listitem><para>acl check permissions</para></listitem>
+ <listitem><para>ea support</para></listitem>
+ <listitem><para>enable asu support</para></listitem>
+ <listitem><para>force unknown acl user</para></listitem>
+ <listitem><para>get quota command</para></listitem>
+ <listitem><para>hide special files</para></listitem>
+ <listitem><para>hide unwriteable files</para></listitem>
+ <listitem><para>inherit owner</para></listitem>
+ <listitem><para>hostname lookups</para></listitem>
+ <listitem><para>kernel change notify</para></listitem>
+ <listitem><para>mangle prefix</para></listitem>
+ <listitem><para>map acl inherit</para></listitem>
+ <listitem><para>max stat cache size</para></listitem>
+ <listitem><para>msdfs proxy</para></listitem>
+ <listitem><para>set quota command</para></listitem>
+ <listitem><para>store dos attributes</para></listitem>
+ <listitem><para>use sendfile</para></listitem>
+ <listitem><para>vfs objects</para></listitem>
</itemizedlist>
<para>Printing</para>
<itemizedlist>
- <listitem><para>max reported print jobs </para></listitem>
+ <listitem><para>cups options</para></listitem>
+ <listitem><para>cups server</para></listitem>
+ <listitem><para>force printername</para></listitem>
+ <listitem><para>max reported print jobs</para></listitem>
+ <listitem><para>printcap cache time</para></listitem>
</itemizedlist>
<para>Unicode and Character Sets</para>
<itemizedlist>
- <listitem><para>display charset </para></listitem>
- <listitem><para>dos charset </para></listitem>
- <listitem><para>unicode </para></listitem>
- <listitem><para>UNIX charset </para></listitem>
+ <listitem><para>display charset</para></listitem>
+ <listitem><para>dos charset</para></listitem>
+ <listitem><para>UNIX charset</para></listitem>
</itemizedlist>
<para>SID to UID/GID Mappings</para>
<itemizedlist>
- <listitem><para>idmap backend </para></listitem>
- <listitem><para>idmap gid </para></listitem>
- <listitem><para>idmap uid </para></listitem>
- <listitem><para>winbind enable local accounts </para></listitem>
- <listitem><para>winbind trusted domains only </para></listitem>
- <listitem><para>template primary group </para></listitem>
- <listitem><para>enable rid algorithm </para></listitem>
+ <listitem><para>idmap backend</para></listitem>
+ <listitem><para>idmap gid</para></listitem>
+ <listitem><para>idmap uid</para></listitem>
+ <listitem><para>winbind enable local accounts</para></listitem>
+ <listitem><para>winbind nested groups</para></listitem>
+ <listitem><para>winbind trusted domains only</para></listitem>
+ <listitem><para>template primary group</para></listitem>
+ <listitem><para>enable rid algorithm</para></listitem>
</itemizedlist>
<para>LDAP</para>
<itemizedlist>
- <listitem><para>ldap delete dn </para></listitem>
- <listitem><para>ldap group suffix </para></listitem>
- <listitem><para>ldap idmap suffix </para></listitem>
- <listitem><para>ldap machine suffix </para></listitem>
- <listitem><para>ldap passwd sync </para></listitem>
- <listitem><para>ldap user suffix </para></listitem>
+ <listitem><para>ldap delete dn</para></listitem>
+ <listitem><para>ldap group suffix</para></listitem>
+ <listitem><para>ldap idmap suffix</para></listitem>
+ <listitem><para>ldap machine suffix</para></listitem>
+ <listitem><para>ldap passwd sync</para></listitem>
+ <listitem><para>ldap replication sleep</para></listitem>
+ <listitem><para>ldap timeout</para></listitem>
+ <listitem><para>ldap user suffix</para></listitem>
</itemizedlist>
<para>General Configuration</para>
<itemizedlist>
- <listitem><para>preload modules </para></listitem>
- <listitem><para>privatedir </para></listitem>
+ <listitem><para>preload modules</para></listitem>
+ <listitem><para>privatedir</para></listitem>
</itemizedlist>
</sect2>
@@ -324,17 +350,23 @@ complete descriptions of new or modified parameters.
<title>Modified Parameters (Changes in Behavior)</title>
<itemizedlist>
+ <listitem><para>dos filetimes (enabled by default)</para></listitem>
<listitem><para>encrypt passwords (enabled by default) </para></listitem>
<listitem><para>mangling method (set to hash2 by default) </para></listitem>
+ <listitem><para>map to guest (new parameter added)</para></listitem>
+ <listitem><para>min password length (deprecated)</para></listitem>
+ <listitem><para>only user (deprecated)</para></listitem>
<listitem><para>passwd chat </para></listitem>
<listitem><para>passwd program </para></listitem>
<listitem><para>password server </para></listitem>
+ <listitem><para>printer admin (deprecated)</para></listitem>
<listitem><para>restrict anonymous (integer value) </para></listitem>
<listitem><para>security (new ads value) </para></listitem>
<listitem><para>strict locking (enabled by default) </para></listitem>
<listitem><para>winbind cache time (increased to 5 minutes) </para></listitem>
<listitem><para>winbind uid (deprecated in favor of idmap uid) </para></listitem>
<listitem><para>winbind gid (deprecated in favor of idmap gid) </para></listitem>
+ <listitem><para>write cache (deprecated)</para></listitem>
</itemizedlist>
</sect2>
generated by cgit (git 2.34.1) at 2024-11-15 10:53:09 +0000