diff options
author | Alexander Bokovoy <ab@samba.org> | 2003-03-27 15:27:19 +0000 |
---|---|---|
committer | Alexander Bokovoy <ab@samba.org> | 2003-03-27 15:27:19 +0000 |
commit | 5cd3d3f14ef56ff5f1d92aba0174649f3d368f66 (patch) | |
tree | 7982c107cb4ecf2b739dd0d21b591aca20e9b19a /docs/docbook/smbdotconf/logon | |
parent | 7c6a4de6f97287e43405b66baa81aa328315de7c (diff) | |
download | samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.tar.gz samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.tar.bz2 samba-5cd3d3f14ef56ff5f1d92aba0174649f3d368f66.zip |
Add new framework for smb.conf(5). Please read README before trying to compile.
I will commit more meta-information updates during week-end.
(This used to be commit 8d684dffab6a90b3d612a1aa2b2c457a2bc2e6ac)
Diffstat (limited to 'docs/docbook/smbdotconf/logon')
-rw-r--r-- | docs/docbook/smbdotconf/logon/abortshutdownscript.xml | 13 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/addgroupscript.xml | 14 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/addmachinescript.xml | 18 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/adduserscript.xml | 49 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/addusertogroupscript.xml | 16 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/deletegroupscript.xml | 8 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml | 16 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/deleteuserscript.xml | 21 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/domainlogons.xml | 12 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/logondrive.xml | 13 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/logonhome.xml | 40 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/logonpath.xml | 45 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/logonscript.xml | 39 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/logon/shutdownscript.xml | 42 |
14 files changed, 346 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml new file mode 100644 index 0000000000..89fd9186bb --- /dev/null +++ b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml @@ -0,0 +1,13 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="ABORTSHUTDOWNSCRIPT"/>abort shutdown script (G)</term> + <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> that + should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"><parameter moreinfo="none">shutdown script</parameter></link>.</para> + + <para>This command will be run as user.</para> + + <para>Default: <emphasis>None</emphasis>.</para> + <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para> + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml new file mode 100644 index 0000000000..67441a1645 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addgroupscript.xml @@ -0,0 +1,14 @@ +<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="ADDGROUPSCRIPT"/>add group script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a new group is + requested. It will expand any + <parameter moreinfo="none">%g</parameter> to the group name passed. + This script is only useful for installations using the + Windows NT domain administration tools. The script is + free to create a group with an arbitrary name to + circumvent unix group name restrictions. In that case + the script must print the numeric gid of the created + group on stdout. + </para></listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml new file mode 100644 index 0000000000..fdc69c9490 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addmachinescript.xml @@ -0,0 +1,18 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="ADDMACHINESCRIPT"/>add machine script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a machine is added + to it's domain using the administrator username and password method. </para> + + <para>This option is only required when using sam back-ends tied to the + Unix uid method of RID calculation such as smbpasswd. This option is only + available in Samba 3.0.</para> + + <para>Default: <command moreinfo="none">add machine script = <empty string> + </command></para> + + <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u + </command></para> + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml new file mode 100644 index 0000000000..3afea231a5 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -0,0 +1,49 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> + + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users + <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> + + <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter> + and <parameter moreinfo="none">add user script</parameter> + must be set to a full pathname for a script that will create a UNIX + user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into + the UNIX user name to create.</para> + + <para>When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and + attempts to authenticate the given user with the given password. If the + authentication succeeds then <command moreinfo="none">smbd</command> + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script + </parameter> is set then <command moreinfo="none">smbd</command> will + call the specified script <emphasis>AS ROOT</emphasis>, expanding + any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para> + + <para>If this script successfully creates the user then <command moreinfo="none">smbd + </command> will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.</para> + + <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> + security</parameter></link>, <link linkend="PASSWORDSERVER"> + <parameter moreinfo="none">password server</parameter></link>, + <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user + script</parameter></link>.</para> + + <para>Default: <command moreinfo="none">add user script = <empty string> + </command></para> + + <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user + %u</command></para> + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml new file mode 100644 index 0000000000..fe8be5b504 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml @@ -0,0 +1,16 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="ADDUSERTOGROUPSCRIPT"/>add user to group script (G)</term> + <listitem><para>Full path to the script that will be called when + a user is added to a group using the Windows NT domain administration + tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. + Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and + any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. + </para> + + <para>Default: <command moreinfo="none">add user to group script = </command></para> + + <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para> + + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml new file mode 100644 index 0000000000..02c413115a --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deletegroupscript.xml @@ -0,0 +1,8 @@ +<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="DELETEGROUPSCRIPT"/>delete group script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. + It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed. + This script is only useful for installations using the Windows NT domain administration tools. + </para></listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml new file mode 100644 index 0000000000..bb1c5136c1 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml @@ -0,0 +1,16 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="DELETEUSERFROMGROUPSCRIPT"/>delete user from group script (G)</term> + <listitem><para>Full path to the script that will be called when + a user is removed from a group using the Windows NT domain administration + tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. + Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and + any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. + </para> + + <para>Default: <command moreinfo="none">delete user from group script = </command></para> + + <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para> + + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml new file mode 100644 index 0000000000..afb75dbe77 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deleteuserscript.xml @@ -0,0 +1,21 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="DELETEUSERSCRIPT"/>delete user script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when managing users + with remote RPC (NT) tools. + </para> + + <para>This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + <command moreinfo="none">rpcclient</command>. + </para> + + <para>This script should delete the given UNIX username. + </para> + + <para>Default: <command moreinfo="none">delete user script = <empty string> + </command></para> + <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user + %u</command></para></listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml new file mode 100644 index 0000000000..9a2f432f7d --- /dev/null +++ b/docs/docbook/smbdotconf/logon/domainlogons.xml @@ -0,0 +1,12 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="DOMAINLOGONS"/>domain logons (G)</term> + <listitem><para>If set to <constant>yes</constant>, the Samba server will serve + Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> + <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2 + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the Samba-PDC-HOWTO included in the <filename moreinfo="none">htmldocs/</filename> + directory shipped with the source code.</para> + + <para>Default: <command moreinfo="none">domain logons = no</command></para></listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml new file mode 100644 index 0000000000..d0aa4d7456 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logondrive.xml @@ -0,0 +1,13 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="LOGONDRIVE"/>logon drive (G)</term> + <listitem><para>This parameter specifies the local path to + which the home directory will be connected (see <link linkend="LOGONHOME"><parameter moreinfo="none">logon home</parameter></link>) + and is only used by NT Workstations. </para> + + <para>Note that this option is only useful if Samba is set up as a + logon server.</para> + + <para>Default: <command moreinfo="none">logon drive = z:</command></para> + <para>Example: <command moreinfo="none">logon drive = h:</command></para> + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml new file mode 100644 index 0000000000..ec19c54043 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonhome.xml @@ -0,0 +1,40 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="LOGONHOME"/>logon home (G)</term> + <listitem><para>This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do </para> + + <para><prompt moreinfo="none">C:\> </prompt><userinput moreinfo="none">NET USE H: /HOME</userinput> + </para> + + <para>from a command prompt, for example.</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way:</para> + + <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para> + + <para>This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does <command moreinfo="none">net use /home</command> + but use the whole string when dealing with profiles.</para> + + <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> + <parameter moreinfo="none">logon path</parameter></link> was returned rather than + <parameter moreinfo="none">logon home</parameter>. This broke <command moreinfo="none">net use + /home</command> but allowed profiles outside the home directory. + The current implementation is correct, and can be used for + profiles if you use the above trick.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <command moreinfo="none">logon home = "\\%N\%U"</command></para> + <para>Example: <command moreinfo="none">logon home = "\\remote_smb_server\%U"</command> + </para></listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml new file mode 100644 index 0000000000..04a2777862 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonpath.xml @@ -0,0 +1,45 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="LOGONPATH"/>logon path (G)</term> + <listitem><para>This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> + <parameter moreinfo="none">logon home</parameter></link> parameter.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>, + <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename> + and other folders, and their contents, are loaded and displayed on + your Windows NT client.</para> + + <para>The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories.</para> + + <para>Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a <emphasis>MAN</emphasis>datory + profile). </para> + + <para>Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems).</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>Note that this option is only useful if Samba is set up + as a logon server.</para> + + <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para> + <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para> + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml new file mode 100644 index 0000000000..842cf927d2 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonscript.xml @@ -0,0 +1,39 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="LOGONSCRIPT"/>logon script (G)</term> + <listitem><para>This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended.</para> + + <para>The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a <link linkend="PATH"> + <parameter moreinfo="none">path</parameter></link> of <filename moreinfo="none">/usr/local/samba/netlogon + </filename>, and <command moreinfo="none">logon script = STARTUP.BAT</command>, then + the file that will be downloaded is:</para> + + <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para> + + <para>The contents of the batch file are entirely your choice. A + suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET + /YES</command>, to force every machine to synchronize clocks with + the same time server. Another use would be to add <command moreinfo="none">NET USE + U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none"> + NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> + + <para>Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <emphasis>no logon script defined</emphasis></para> + <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para> + </listitem> + </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml new file mode 100644 index 0000000000..ac286393b5 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/shutdownscript.xml @@ -0,0 +1,42 @@ +<samba:parameter xmlns:samba="http://samba.org/common"> + <term><anchor id="SHUTDOWNSCRIPT"/>shutdown script (G)</term> + <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by + <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> that + should start a shutdown procedure.</para> + + <para>This command will be run as the user connected to the + server.</para> + + <para>%m %t %r %f parameters are expanded</para> + <para><parameter moreinfo="none">%m</parameter> will be substituted with the + shutdown message sent to the server.</para> + <para><parameter moreinfo="none">%t</parameter> will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure.</para> + <para><parameter moreinfo="none">%r</parameter> will be substituted with the + switch <emphasis>-r</emphasis>. It means reboot after shutdown + for NT. + </para> + <para><parameter moreinfo="none">%f</parameter> will be substituted with the + switch <emphasis>-f</emphasis>. It means force the shutdown + even if applications do not respond for NT.</para> + + <para>Default: <emphasis>None</emphasis>.</para> + <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> + <para>Shutdown script example: +<programlisting format="linespecific"> +#!/bin/bash + +$time=0 +let "time/60" +let "time++" + +/sbin/shutdown $3 $4 +$time $1 & +</programlisting> + Shutdown does not return so we need to launch it in background. + </para> + + <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"><parameter moreinfo="none">abort shutdown script</parameter></link>.</para> + </listitem> + </samba:parameter> |