diff options
author | Gerald Carter <jerry@samba.org> | 2003-07-16 05:42:34 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2003-07-16 05:42:34 +0000 |
commit | 1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e (patch) | |
tree | 8bdf608593fc37227886691b0a12190dd1e8ba66 /docs/docbook/smbdotconf | |
parent | 4a090ba06a54f5da179ac02bb307cc03d08831bf (diff) | |
download | samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.gz samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.tar.bz2 samba-1caa6b23e417f77e7b38ecdfa47d9abe8c7b7d0e.zip |
ading new files from 3.0
(This used to be commit 99feae7b5b1c229a925367b87c0c0f636d9a2d75)
Diffstat (limited to 'docs/docbook/smbdotconf')
-rw-r--r-- | docs/docbook/smbdotconf/misc/valid.xml | 18 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/printing/totalprintjobs.xml | 22 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/protocol/clientusespnego.xml | 13 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/protocol/mapaclinherit.xml | 17 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/protocol/profileacls.xml | 33 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/security/clientlanmanauth.xml | 28 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/security/clientntlmv2auth.xml | 26 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/vfs/vfsobjects.xml | 14 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/winbind/enableridalgorithm.xml | 17 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/winbind/idmapgid.xml | 18 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/winbind/idmapuid.xml | 14 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/winbind/templateprimarygroup.xml | 14 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml | 16 | ||||
-rw-r--r-- | docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml | 16 |
14 files changed, 266 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/misc/valid.xml b/docs/docbook/smbdotconf/misc/valid.xml new file mode 100644 index 0000000000..b5756f0afe --- /dev/null +++ b/docs/docbook/smbdotconf/misc/valid.xml @@ -0,0 +1,18 @@ +<samba:parameter name="-valid" + context="S" + xmlns:samba="http://samba.org/common"> + <listitem> + <para> This parameter indicates whether a share is + valid and thus can be used. When this parameter is set to false, + the share will be in no way visible nor accessible. + </para> + + <para> + This option should not be + used by regular users but might be of help to developers. + Samba uses this option internally to mark shares as deleted. + </para> + + <para>Default: <emphasis>True</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/totalprintjobs.xml b/docs/docbook/smbdotconf/printing/totalprintjobs.xml new file mode 100644 index 0000000000..ccdb137a69 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/totalprintjobs.xml @@ -0,0 +1,22 @@ +<samba:parameter name="total print jobs" + context="G" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter accepts an integer value which defines + a limit on the maximum number of print jobs that will be accepted + system wide at any given time. If a print job is submitted + by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will return an + error indicating that no space is available on the server. The + default value of 0 means that no such limit exists. This parameter + can be used to prevent a server from exceeding its capacity and is + designed as a printing throttle. See also <link linkend="MAXPRINTJOBS"> + <parameter moreinfo="none">max print jobs</parameter></link>. + </para> + + <para>Default: <command moreinfo="none">total print jobs = 0</command></para> + + <para>Example: <command moreinfo="none">total print jobs = 5000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml new file mode 100644 index 0000000000..df25fbfb20 --- /dev/null +++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml @@ -0,0 +1,13 @@ +<samba:parameter name="client use spnego" + context="G" + developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> This variable controls controls whether samba clients will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + WindowsXP and Windows2000 servers to agree upon an authentication mechanism. + </para> + + <para>Default: <emphasis>client use spnego = yes</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/mapaclinherit.xml b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml new file mode 100644 index 0000000000..5b8ed7f656 --- /dev/null +++ b/docs/docbook/smbdotconf/protocol/mapaclinherit.xml @@ -0,0 +1,17 @@ +<samba:parameter name="map acl inherit" + context="S" + advanced="1" wizard="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will attempt to map the 'inherit' and 'protected' + access control entry flags stored in Windows ACLs into an extended attribute + called user.SAMBA_PAI. This parameter only takes effect if Samba is being run + on a platform that supports extended attributes (Linux and IRIX so far) and + allows the Windows 2000 ACL editor to correctly use inheritance with the Samba + POSIX ACL mapping code. + </para> + + <para>Default: <command moreinfo="none">map acl inherit = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml new file mode 100644 index 0000000000..6f2b3ec510 --- /dev/null +++ b/docs/docbook/smbdotconf/protocol/profileacls.xml @@ -0,0 +1,33 @@ +<samba:parameter name="profile acls" + context="S" + advanced="1" wizard="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\\Administrators, + BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user. + </para> + + <para>Default: <command moreinfo="none">profile acls = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/security/clientlanmanauth.xml b/docs/docbook/smbdotconf/security/clientlanmanauth.xml new file mode 100644 index 0000000000..a427198ea3 --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientlanmanauth.xml @@ -0,0 +1,28 @@ +<samba:parameter name="client lanman auth" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> and other samba client + tools will attempt to authenticate itself to servers using the + weaker LANMAN password hash. If disabled, only server which support NT + password hashes (e.g. Windows NT/2000, Samba, etc... but not + Windows 95/98) will be able to be connected from the Samba client.</para> + + <para>The LANMAN encrypted response is easily broken, due to it's + case-insensitive nature, and the choice of algorithm. Clients + without Windows 95/98 servers are advised to disable + this option. </para> + + <para>Disabling this option will also disable the <command + moreinfo="none">client plaintext auth</command> option</para> + + <para>Likewise, if the <command moreinfo="none">client ntlmv2 + auth</command> parameter is enabled, then only NTLMv2 logins will be + attempted. Not all servers support NTLMv2, and most will require + special configuration to us it.</para> + + <para>Default : <command moreinfo="none">client lanman auth = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml new file mode 100644 index 0000000000..0bf196488b --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml @@ -0,0 +1,26 @@ +<samba:parameter name="client ntlmv2 auth" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter determines whether or not <citerefentry><refentrytitle>smbclient</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will attempt to + authenticate itself to servers using the NTLMv2 encrypted password + response.</para> + + <para>If enabled, only an NTLMv2 and LMv2 response (both much more + secure than earlier versions) will be sent. Many servers + (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with + NTLMv2. </para> + + <para>If disabled, an NTLM response (and possibly a LANMAN response) + will be sent by the client, depending on the value of <command + moreinfo="none">client lanman auth</command>. </para> + + <para>Note that some sites (particularly + those following 'best practice' security polices) only allow NTLMv2 + responses, and not the weaker LM or NTLM.</para> + + <para>Default : <command moreinfo="none">client ntlmv2 auth = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsobjects.xml b/docs/docbook/smbdotconf/vfs/vfsobjects.xml new file mode 100644 index 0000000000..32a10b5bd6 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfsobjects.xml @@ -0,0 +1,14 @@ +<samba:parameter name="vfs objects" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the backend names which + are used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with one or more VFS objects. </para> + + <para>Default: <emphasis>no value</emphasis></para> + + <para>Example: <command moreinfo="none">vfs objects = extd_audit recycle</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml b/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml new file mode 100644 index 0000000000..86786f0734 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/enableridalgorithm.xml @@ -0,0 +1,17 @@ +<samba:parameter name="enable rid algorithm" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to control whether or not smbd in Samba 3.0 should fallback + to the algorithm used by Samba 2.2 to generate user and group RIDs. The longterm + development goal is to remove the algorithmic mappings of RIDs altogether, but + this has proved to be difficult. This parameter is mainly provided so that + developers can turn the algorithm on and off and see what breaks. This parameter + should not be disabled by non-developers because certain features in Samba will fail + to work without it. + </para> + + <para>Default: <command moreinfo="none">enable rid algorithm = <yes></command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/idmapgid.xml b/docs/docbook/smbdotconf/winbind/idmapgid.xml new file mode 100644 index 0000000000..8bd46a80c6 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/idmapgid.xml @@ -0,0 +1,18 @@ +<samba:parameter name="idmap gid" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + + <para>The idmap gid parameter specifies the range of group ids that are allocated for + the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can occur otherwise.</para> + + <para>The availability of an idmap gid range is essential for correct operation of + all group mapping.</para> + + <para>Default: <command moreinfo="none">idmap gid = <empty string></command></para> + + <para>Example: <command moreinfo="none">idmap gid = 10000-20000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/idmapuid.xml b/docs/docbook/smbdotconf/winbind/idmapuid.xml new file mode 100644 index 0000000000..5e6a245bfe --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/idmapuid.xml @@ -0,0 +1,14 @@ +<samba:parameter name="idmap uid" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The idmap uid parameter specifies the range of user ids that are allocated for use + in mapping UNIX users to NT user SIDs. This range of ids should have no existing local + or NIS users within it as strange conflicts can occur otherwise.</para> + + <para>Default: <command moreinfo="none">idmap uid = <empty string></command></para> + + <para>Example: <command moreinfo="none">idmap uid = 10000-20000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml b/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml new file mode 100644 index 0000000000..bd59ea7ee0 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/templateprimarygroup.xml @@ -0,0 +1,14 @@ +<samba:parameter name="template primary group" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option defines the default primary group for + each user created by <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>'s local account management + functions (similar to the 'add user script'). + </para> + + <para>Default: <command moreinfo="none">template primary group = nobody</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml b/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml new file mode 100644 index 0000000000..f6e7cfb359 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindenablelocalaccounts.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind enable local accounts" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls whether or not winbindd + will act as a stand in replacement for the various account + management hooks in smb.conf (e.g. 'add user script'). + If enabled, winbindd will support the creation of local + users and groups as another source of UNIX account information + available via getpwnam() or getgrgid(), etc... + </para> + + <para>Default: <command moreinfo="none">winbind enable local accounts = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml new file mode 100644 index 0000000000..bf383131d4 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindtrusteddomainsonly.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind trusted domains only" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is designed to allow Samba servers that + are members of a Samba controlled domain to use UNIX accounts + distributed vi NIS, rsync, or LDAP as the uid's for winbindd users + in the hosts primary domain. Therefore, the user 'SAMBA\user1' would + be mapped to the account 'user1' in /etc/passwd instead of allocating + a new uid for him or her. + </para> + + <para>Default: <command moreinfo="none">winbind trusted domains only = <no></command></para> +</listitem> +</samba:parameter> |