diff options
| author | Gerald Carter <jerry@samba.org> | 2003-07-16 05:34:56 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-07-16 05:34:56 +0000 |
| commit | 4a090ba06a54f5da179ac02bb307cc03d08831bf (patch) | |
| tree | ed652ef36be7f16682c358816334f969a22f1c27 /docs/docbook/smbdotconf | |
| parent | 95fe82670032a3a43571b46d7bbf2c26bc8cdcd9 (diff) | |
| download | samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.tar.gz samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.tar.bz2 samba-4a090ba06a54f5da179ac02bb307cc03d08831bf.zip | |
trying to get HEAD building again. If you want the code
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
Diffstat (limited to 'docs/docbook/smbdotconf')
20 files changed, 150 insertions, 97 deletions
diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml index 42083d13a2..5f28e76dd9 100644 --- a/docs/docbook/smbdotconf/filename/mangledstack.xml +++ b/docs/docbook/smbdotconf/filename/mangledstack.xml @@ -1,4 +1,4 @@ -<samba:parameter name="mangling stack" +<samba:parameter name="mangled stack" context="G" advanced="1" developer="1" xmlns:samba="http://samba.org/common"> diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml index 5476ed1f08..cbd41f973d 100644 --- a/docs/docbook/smbdotconf/filename/mangleprefix.xml +++ b/docs/docbook/smbdotconf/filename/mangleprefix.xml @@ -1,4 +1,4 @@ -<samba:parameter name="mangling prefix" +<samba:parameter name="mangle prefix" context="G" advanced="1" developer="1" xmlns:samba="http://samba.org/common"> diff --git a/docs/docbook/smbdotconf/generate-context.xsl b/docs/docbook/smbdotconf/generate-context.xsl index 13fb216700..4afba52a86 100644 --- a/docs/docbook/smbdotconf/generate-context.xsl +++ b/docs/docbook/smbdotconf/generate-context.xsl @@ -24,17 +24,11 @@ </xsl:template> <xsl:template match="//samba:parameter"> - <xsl:message> - <xsl:text>Processing samba:parameter (</xsl:text> - <xsl:value-of select="@name"/> - <xsl:text>)</xsl:text> - </xsl:message> - <xsl:variable name="name"><xsl:value-of select="translate(translate(string(@name),' ',''), 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> </xsl:variable> - <xsl:if test="contains(@context,$smb.context)"> + <xsl:if test="contains(@context,$smb.context) or $smb.context='ALL'"> <xsl:element name="listitem"> <xsl:element name="para"> <xsl:element name="link"> diff --git a/docs/docbook/smbdotconf/generate-file-list.sh b/docs/docbook/smbdotconf/generate-file-list.sh index 3495f50c43..84c3d5d2fc 100755 --- a/docs/docbook/smbdotconf/generate-file-list.sh +++ b/docs/docbook/smbdotconf/generate-file-list.sh @@ -1,8 +1,8 @@ #!/bin/sh echo "<variablelist>" -find . -type f -name '*.xml' -mindepth 2 | sort -t/ -k3 | - while read ; do - echo "<xi:include href='$REPLY' parse='xml' xmlns:xi='http://www.w3.org/2001/XInclude'/>" - done +for I in `find . -type f -name '*.xml' -mindepth 2 | sort -t/ -k3 | xargs` +do + echo "<xi:include href='$I' parse='xml' xmlns:xi='http://www.w3.org/2001/XInclude'/>" +done echo "</variablelist>" diff --git a/docs/docbook/smbdotconf/logging/debuglevel.xml b/docs/docbook/smbdotconf/logging/debuglevel.xml index 8bd4b4e0b5..622fbf21a2 100644 --- a/docs/docbook/smbdotconf/logging/debuglevel.xml +++ b/docs/docbook/smbdotconf/logging/debuglevel.xml @@ -1,4 +1,4 @@ -<samba:parameter name="debug level" +<samba:parameter name="debuglevel" context="G" hide="1" xmlns:samba="http://samba.org/common"> diff --git a/docs/docbook/smbdotconf/printing/printcommand.xml b/docs/docbook/smbdotconf/printing/printcommand.xml index 5444309053..4b9904f6a8 100644 --- a/docs/docbook/smbdotconf/printing/printcommand.xml +++ b/docs/docbook/smbdotconf/printing/printcommand.xml @@ -15,7 +15,7 @@ <para>The print command is simply a text string. It will be used verbatim after macro substitutions have been made:</para> - <para>%s, %p - the path to the spool + <para>%s, %f - the path to the spool file name</para> <para>%p - the appropriate printer diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml index 897d04ad1c..4e88495489 100644 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml @@ -5,7 +5,8 @@ <listitem> <para>This option is used by the programs in the Samba suite to determine what naming services to use and in what order - to resolve host names to IP addresses. The option takes a space + to resolve host names to IP addresses. Its main purpose to is to + control how netbios name resolution is performed. The option takes a space separated string of name resolution options.</para> <para>The options are: "lmhosts", "host", @@ -16,7 +17,8 @@ <listitem> <para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then any name type matches for lookup.</para> </listitem> @@ -26,9 +28,10 @@ </filename>, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename> - file. Note that this method is only used if the NetBIOS name - type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para> + file. Note that this method is used only if the NetBIOS name + type being queried is the 0x20 (server) name type or 0x1c (domain controllers). + The latter case is only useful for active directory domains and results in a DNS + query for the SRV RR entry matching _ldap._tcp.domain.</para> </listitem> <listitem> @@ -50,9 +53,18 @@ <para>Default: <command moreinfo="none">name resolve order = lmhosts host wins bcast</command></para> <para>Example: <command moreinfo="none">name resolve order = lmhosts bcast host</command></para> - + <para>This will cause the local lmhosts file to be examined first, followed by a broadcast attempt, followed by a normal system hostname lookup.</para> + + <para>When Samba is functioning in ADS security mode (<command moreinfo="none">security = ads</command>) + it is advised to use following settings for <parameter moreinfo="none">name resolve order</parameter>:</para> + + <para><command moreinfo="none">name resolve order = wins bcast</command></para> + + <para>DC lookups will still be done via DNS, but fallbacks to netbios names will + not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups.</para> + </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/usespnego.xml b/docs/docbook/smbdotconf/protocol/usespnego.xml index 88c9f1df7a..7dddbd3f74 100644 --- a/docs/docbook/smbdotconf/protocol/usespnego.xml +++ b/docs/docbook/smbdotconf/protocol/usespnego.xml @@ -5,7 +5,7 @@ <listitem> <para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. + WindowsXP and Windows2000 clients to agree upon an authentication mechanism. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled.</para> diff --git a/docs/docbook/smbdotconf/security/authmethods.xml b/docs/docbook/smbdotconf/security/authmethods.xml index 0b7965d55b..7c0f5a71e1 100644 --- a/docs/docbook/smbdotconf/security/authmethods.xml +++ b/docs/docbook/smbdotconf/security/authmethods.xml @@ -6,14 +6,24 @@ <para>This option allows the administrator to chose what authentication methods <command moreinfo="none">smbd</command> will use when authenticating a user. This option defaults to sensible values based on <link linkend="SECURITY"> - <parameter moreinfo="none">security</parameter></link>.</para> + <parameter moreinfo="none">security</parameter></link>. This should be considered + a developer option and used only in rare circumstances. In the majority (if not all) + of production servers, the default setting should be adequate.</para> <para>Each entry in the list attempts to authenticate the user in turn, until the user authenticates. In practice only one method will ever actually be able to complete the authentication. </para> + <para>Possible options include <constant>guest</constant> (anonymous access), + <constant>sam</constant> (lookups in local list of accounts based on netbios + name or domain name), <constant>winbind</constant> (relay authentication requests + for remote users through winbindd), <constant>ntdomain</constant> (pre-winbindd + method of authentication for remote domain users; deprecated in favour of winbind method), + <constant>trustdomain</constant> (authenticate trusted users by contacting the + remote DC directly from smbd; deprecated in favour of winbind method).</para> + <para>Default: <command moreinfo="none">auth methods = <empty string></command></para> - <para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para> + <para>Example: <command moreinfo="none">auth methods = guest sam winbind</command></para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/lanmanauth.xml b/docs/docbook/smbdotconf/security/lanmanauth.xml index e293242472..0a8fdd3ef3 100644 --- a/docs/docbook/smbdotconf/security/lanmanauth.xml +++ b/docs/docbook/smbdotconf/security/lanmanauth.xml @@ -8,7 +8,23 @@ using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> + + <para>The LANMAN encrypted response is easily broken, due to it's + case-insensitive nature, and the choice of algorithm. Servers + without Windows 95/98 or MS DOS clients are advised to disable + this option. </para> + <para>Unlike the <command moreinfo="none">encypt + passwords</command> option, this parameter cannot alter client + behaviour, and the LANMAN response will still be sent over the + network. See the <command moreinfo="none">client lanman + auth</command> to disable this for Samba's clients (such as smbclient)</para> + + <para>If this option, and <command moreinfo="none">ntlm + auth</command> are both disabled, then only NTLMv2 logins will be + permited. Not all clients support NTLMv2, and most will require + special configuration to us it.</para> + <para>Default : <command moreinfo="none">lanman auth = yes</command></para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/ntlmauth.xml b/docs/docbook/smbdotconf/security/ntlmauth.xml index b0b3179ab7..96092152c9 100644 --- a/docs/docbook/smbdotconf/security/ntlmauth.xml +++ b/docs/docbook/smbdotconf/security/ntlmauth.xml @@ -4,11 +4,15 @@ xmlns:samba="http://samba.org/common"> <listitem> <para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users using the NTLM password hash. - If disabled, only the lanman password hashes will be used.</para> + <manvolnum>8</manvolnum></citerefentry> will attempt to + authenticate users using the NTLM encrypted password response. + If disabled, either the lanman password hash or an NTLMv2 response + will need to be sent by the client.</para> - <para>Please note that at least this option or <command moreinfo="none">lanman auth</command> should - be enabled in order to be able to log in.</para> + <para>If this option, and <command moreinfo="none">lanman + auth</command> are both disabled, then only NTLMv2 logins will be + permited. Not all clients support NTLMv2, and most will require + special configuration to us it.</para> <para>Default : <command moreinfo="none">ntlm auth = yes</command></para> </listitem> diff --git a/docs/docbook/smbdotconf/security/passdbbackend.xml b/docs/docbook/smbdotconf/security/passdbbackend.xml index d755cfc313..1a3a83946a 100644 --- a/docs/docbook/smbdotconf/security/passdbbackend.xml +++ b/docs/docbook/smbdotconf/security/passdbbackend.xml @@ -24,15 +24,6 @@ </listitem> <listitem> - <para><command moreinfo="none">smbpasswd_nua</command> - The smbpasswd - backend, but with support for 'not unix accounts'. - Takes a path to the smbpasswd file as an optional argument.</para> - - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para> - </listitem> - - <listitem> <para><command moreinfo="none">tdbsam</command> - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the <link linkend="PRIVATEDIR"> @@ -40,32 +31,10 @@ </listitem> <listitem> - <para><command moreinfo="none">tdbsam_nua</command> - The TDB based password storage - backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter moreinfo="none">private dir</parameter></link> directory.</para> - - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para> - </listitem> - - <listitem> <para><command moreinfo="none">ldapsam</command> - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to <command moreinfo="none">ldap://localhost</command>)</para> - </listitem> - <listitem> - <para><command moreinfo="none">ldapsam_nua</command> - The LDAP based passdb - backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to - <command moreinfo="none">ldap://localhost</command>)</para> - - <para>Note: In this module, any account without a matching POSIX account is regarded - as 'non unix'. </para> - - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para> - <para>LDAP connections should be secured where possible. This may be done using either Start-TLS (see <link linkend="LDAPSSL"><parameter moreinfo="none">ldap ssl</parameter></link>) or by specifying <parameter moreinfo="none">ldaps://</parameter> in @@ -79,15 +48,29 @@ </para> </listitem> + <listitem> + <para><command moreinfo="none">mysql</command> - + The MySQL based passdb backend. Takes an identifier as + argument. Read the Samba HOWTO Collection for configuration + details. + </para></listitem> + + <listitem> + <para><command moreinfo="none">guest</command> - + Very simple backend that only provides one user: the guest user. + Only maps the NT guest user to the <parameter>guest account</parameter>. + Required in pretty much all situations. + </para></listitem> + </itemizedlist> </para> - <para>Default: <command moreinfo="none">passdb backend = smbpasswd unixsam</command></para> + <para>Default: <command moreinfo="none">passdb backend = smbpasswd</command></para> <para>Example: <command moreinfo="none">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest</command></para> - <para>Example: <command moreinfo="none">passdb backend = ldapsam_nua:ldaps://ldap.example.com guest</command></para> + <para>Example: <command moreinfo="none">passdb backend = ldapsam:ldaps://ldap.example.com guest</command></para> - <para>Example: <command moreinfo="none">passdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para> + <para>Example: <command moreinfo="none">passdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest</command></para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwordserver.xml b/docs/docbook/smbdotconf/security/passwordserver.xml index e40ff32b75..f854027041 100644 --- a/docs/docbook/smbdotconf/security/passwordserver.xml +++ b/docs/docbook/smbdotconf/security/passwordserver.xml @@ -3,18 +3,22 @@ advanced="1" wizard="1" developer="1" xmlns:samba="http://samba.org/common"> <listitem> - <para>By specifying the name of another SMB server (such - as a WinNT box) with this option, and using <command moreinfo="none">security = domain - </command> or <command moreinfo="none">security = server</command> you can get Samba - to do all its username/password validation via a remote server.</para> + <para>By specifying the name of another SMB server + or Active Directory domain controller with this option, + and using <command moreinfo="none">security = [ads|domain|server]</command> + it is possible to get Samba to + to do all its username/password validation using a specific remote server.</para> - <para>This option sets the name of the password server to use. - It must be a NetBIOS name, so if the machine's NetBIOS name is - different from its Internet name then you may have to add its NetBIOS - name to the lmhosts file which is stored in the same directory - as the <filename moreinfo="none">smb.conf</filename> file.</para> + <para>This option sets the name or IP address of the password server to use. + New syntax has been added to support defining the port to use when connecting + to the server the case of an ADS realm. To define a port other than the + default LDAP port of 389, add the port number using a colon after the + name or IP address (e.g. 192.168.1.100:389). If you do not specify a port, + Samba will use the standard LDAP port of tcp/389. Note that port numbers + have no effect on password servers for Windows NT 4.0 domains or netbios + connections.</para> - <para>The name of the password server is looked up using the + <para>If parameter is a name, it is looked up using the parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name resolve order</parameter></link> and so may resolved by any method and order described in that parameter.</para> @@ -38,14 +42,14 @@ trust your clients, and you had better restrict them with hosts allow!</para> <para>If the <parameter moreinfo="none">security</parameter> parameter is set to - <constant>domain</constant>, then the list of machines in this + <constant>domain</constant> or <constant>ads</constant>, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character '*', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on. The advantage of using <command moreinfo="none"> security = domain</command> is that if you list several hosts in the <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd - </command> will try each in turn till it finds one that responds. This + </command> will try each in turn till it finds one that responds. This is useful in case your primary server goes down.</para> <para>If the <parameter moreinfo="none">password server</parameter> option is set @@ -55,7 +59,7 @@ and then contacting each server returned in the list of IP addresses from the name resolution source. </para> - <para>If the list of servers contains both names and the '*' + <para>If the list of servers contains both names/IP's and the '*' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC's will be added to the list as well. Samba will not attempt to optimize @@ -93,6 +97,8 @@ <para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, *</command></para> + <para>Example: <command moreinfo="none">password server = windc.mydomain.com:389 192.168.1.101 *</command></para> + <para>Example: <command moreinfo="none">password server = *</command></para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml index 803bc06b2b..25d2ba0df6 100644 --- a/docs/docbook/smbdotconf/security/restrictanonymous.xml +++ b/docs/docbook/smbdotconf/security/restrictanonymous.xml @@ -14,12 +14,21 @@ Windows 2000/XP and Samba, no anonymous connections are allowed at all. This can break third party and Microsoft applications which expect to be allowed to perform - operations anonymously. + operations anonymously.</para> + <para> The security advantage of using restrict anonymous = 1 is dubious, as user and group list information can be obtained using other - means. - </para> + means. + </para> + + <note> + <para> + The security advantage of using restrict anonymous = 2 is removed + by setting <link linkend="GUESTOK"><parameter moreinfo="none">guest + ok</parameter> = yes</link> on any share. + </para> + </note> <para>Default: <command moreinfo="none">restrict anonymous = 0</command></para> </listitem> diff --git a/docs/docbook/smbdotconf/security/security.xml b/docs/docbook/smbdotconf/security/security.xml index 68c5f2cdd2..030abc1de1 100644 --- a/docs/docbook/smbdotconf/security/security.xml +++ b/docs/docbook/smbdotconf/security/security.xml @@ -212,10 +212,9 @@ does not support them. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid <filename moreinfo="none">smbpasswd</filename> file to check - users against. See the documentation file in the <filename moreinfo="none">docs/</filename> directory - <filename moreinfo="none">ENCRYPTION.txt</filename> for details on how to set this up.</para> + users against. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up.</para> - <para><emphasis>Note</emphasis> this mode of operation has + <note><para>This mode of operation has significant pitfalls, due to the fact that is activly initiates a man-in-the-middle attack on the remote SMB server. In particular, this mode of operation can cause significant resource consuption on @@ -223,13 +222,13 @@ of the user's session. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authenticaions to the Samba server may fail. (From a single client, till it disconnects). - </para> + </para></note> - <para><emphasis>Note</emphasis> that from the client's point of + <note><para>From the client's point of view <command moreinfo="none">security = server</command> is the same as <command moreinfo="none">security = user</command>. It only affects how the server deals with the authentication, it does - not in any way affect what the client sees.</para> + not in any way affect what the client sees.</para></note> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -246,6 +245,23 @@ <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"> <parameter moreinfo="none">encrypted passwords</parameter></link> parameter.</para> + + <para><anchor id="SECURITYEQUALSADS"/><emphasis>SECURITY = ADS</emphasis></para> + + <para>In this mode, Samba will act as a domain member in an ADS realm. To operate + in this mode, the machine running Samba will need to have Kerberos installed + and configured and Samba will need to be joined to the ADS realm using the + net utility. </para> + + <para>Note that this mode does NOT make Samba operate as a Active Directory Domain + Controller. </para> + + <para>Read the chapter about Domain Membership in the HOWTO for details.</para> + + <para>See also the <link linkend="ADSSERVER"><parameter moreinfo="none">ads server + </parameter></link> parameter, the <link linkend="REALM"><parameter moreinfo="none">realm + </parameter></link> paramter and the <link linkend="ENCRYPTPASSWORDS"> + <parameter moreinfo="none">encrypted passwords</parameter></link> parameter.</para> <para>Default: <command moreinfo="none">security = USER</command></para> <para>Example: <command moreinfo="none">security = DOMAIN</command></para> diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml index c68e8d0135..1a45e36c40 100644 --- a/docs/docbook/smbdotconf/vfs/vfsobject.xml +++ b/docs/docbook/smbdotconf/vfs/vfsobject.xml @@ -1,12 +1,12 @@ <samba:parameter name="vfs object" context="S" + hide="1" xmlns:samba="http://samba.org/common"> <listitem> - <para>This parameter specifies a shared object files that - are used for Samba VFS I/O operations. By default, normal - disk I/O operations are used but these can be overloaded - with one or more VFS objects. </para> - - <para>Default: <emphasis>no value</emphasis></para> + <para>Synonym for + <link linkend="VFSOBJECTS"> + <parameter moreinfo="none">vfs objects</parameter> + </link>. + </para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml index a8414e9e8c..e00e576389 100644 --- a/docs/docbook/smbdotconf/winbind/winbindgid.xml +++ b/docs/docbook/smbdotconf/winbind/winbindgid.xml @@ -3,6 +3,8 @@ advanced="1" developer="1" hide="1" xmlns:samba="http://samba.org/common"> <listitem> + <para>This parameter is now an alias for <command moreinfo="none">idmap gid</command></para> + <para>The winbind gid parameter specifies the range of group ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml index 6fee40fcb8..0f61bac13c 100644 --- a/docs/docbook/smbdotconf/winbind/winbinduid.xml +++ b/docs/docbook/smbdotconf/winbind/winbinduid.xml @@ -3,11 +3,12 @@ advanced="1" developer="1" hide="1" xmlns:samba="http://samba.org/common"> <listitem> - <para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no - existing local or NIS users within it as strange conflicts can - occur otherwise.</para> + <para>This parameter is now an alias for <command moreinfo="none">idmap uid</command></para> + + <para>The winbind gid parameter specifies the range of user ids that are allocated by the + <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> + daemon. This range of ids should have no existing local or NIS users within it as strange + conflicts can occur otherwise.</para> <para>Default: <command moreinfo="none">winbind uid = <empty string></command></para> diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml index 5c31a7f9b0..8112331f5e 100644 --- a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml +++ b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml @@ -1,4 +1,4 @@ -<samba:parameter name="winbind used default domain" +<samba:parameter name="winbind use default domain" context="G" advanced="1" developer="1" xmlns:samba="http://samba.org/common"> diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml index 9ec277ed2d..13e252b2c0 100644 --- a/docs/docbook/smbdotconf/wins/winspartners.xml +++ b/docs/docbook/smbdotconf/wins/winspartners.xml @@ -1,4 +1,4 @@ -<samba:parameter name="wins partner" +<samba:parameter name="wins partners" context="G" advanced="1" wizard="1" developer="1" xmlns:samba="http://samba.org/common"> |