ading new files from 3.0

(This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75)
author: Gerald Carter <jerry@samba.org> 2003-07-16 05:42:34 +0000
committer: Gerald Carter <jerry@samba.org> 2003-07-16 05:42:34 +0000
commit: 1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e (patch)
tree: 8bdf608593fc37227886691b0a12190dd1e8ba66 /docs/docbook/smbdotconf/protocol
parent: 4a090ba06a54f5da179ac02bb307cc03d08831bf (diff)
download: samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.gz
samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.bz2
samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.zip
3 files changed, 63 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml
new file mode 100644
index 0000000000..df25fbfb20
--- /dev/null
+++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="client use spnego"
+                 context="G"
+                 developer="1"
+                 xmlns:samba="http://samba.org/common">
+<listitem>
+    <para> This variable controls controls whether samba clients will try 
+    to use Simple and Protected NEGOciation (as specified by rfc2478) with 
+    WindowsXP and Windows2000 servers to agree upon an authentication mechanism. 
+	</para>
+
+    <para>Default:  <emphasis>client use spnego = yes</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/protocol/mapaclinherit.xml b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml
new file mode 100644
index 0000000000..5b8ed7f656
--- /dev/null
+++ b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="map acl inherit"
+                 context="S"
+                 advanced="1" wizard="1"
+                 xmlns:samba="http://samba.org/common">
+<listitem>
+    <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>                                       
+    <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected'
+    access control entry flags stored in Windows ACLs into an extended attribute
+    called user.SAMBA_PAI. This parameter only takes effect if Samba is being run
+    on a platform that supports extended attributes (Linux and IRIX so far) and
+    allows the Windows 2000 ACL editor to correctly use inheritance with the Samba
+    POSIX ACL mapping code.
+    </para>
+		
+    <para>Default: <command moreinfo="none">map acl inherit = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml
new file mode 100644
index 0000000000..6f2b3ec510
--- /dev/null
+++ b/docs/docbook/smbdotconf/protocol/profileacls.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="profile acls"
+                 context="S"
+                 advanced="1" wizard="1"
+                 xmlns:samba="http://samba.org/common">
+<listitem>
+    <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle>                                       
+    <manvolnum>8</manvolnum></citerefentry> 
+	This boolean parameter was added to fix the problems that people have been
+	having with storing user profiles on Samba shares from Windows 2000 or
+	Windows XP clients. New versions of Windows 2000 or Windows XP service
+	packs do security ACL checking on the owner and ability to write of the
+	profile directory stored on a local workstation when copied from a Samba
+	share. When not in domain mode with winbindd then the security info copied
+	onto the local workstation has no meaning to the logged in user (SID) on
+	that workstation so the profile storing fails. Adding this parameter
+	onto a share used for profile storage changes two things about the
+	returned Windows ACL. Firstly it changes the owner and group owner
+	of all reported files and directories to be BUILTIN\\Administrators,
+	BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly
+	it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to
+	every returned ACL. This will allow any Windows 2000 or XP workstation
+	user to access the profile. Note that if you have multiple users logging
+	on to a workstation then in order to prevent them from being able to access
+	each others profiles you must remove the "Bypass traverse checking" advanced
+	user right. This will prevent access to other users profile directories as
+	the top level profile directory (named after the user) is created by the
+	workstation profile code and has an ACL restricting entry to the directory
+	tree to the owning user.
+    </para>
+		
+    <para>Default: <command moreinfo="none">profile acls = no</command></para>
+</listitem>
+</samba:parameter>
author	Gerald Carter <jerry@samba.org>	2003-07-16 05:42:34 +0000
committer	Gerald Carter <jerry@samba.org>	2003-07-16 05:42:34 +0000
commit	1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e (patch)
tree	8bdf608593fc37227886691b0a12190dd1e8ba66 /docs/docbook/smbdotconf/protocol
parent	4a090ba06a54f5da179ac02bb307cc03d08831bf (diff)
download	samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.gz samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.bz2 samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.zip