diff options
author | John Terpstra <jht@samba.org> | 2007-08-20 22:47:12 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:36 -0500 |
commit | a7bcf077a471535026e38728320bc9fbe86a2dcf (patch) | |
tree | ec3bed602787aac503f1c413dab5d04cdec59edd /docs/manpages-3 | |
parent | 8a6db516f3d04b012a4b09e5f4f8dc0f9f872c92 (diff) | |
download | samba-a7bcf077a471535026e38728320bc9fbe86a2dcf.tar.gz samba-a7bcf077a471535026e38728320bc9fbe86a2dcf.tar.bz2 samba-a7bcf077a471535026e38728320bc9fbe86a2dcf.zip |
Cleanup trailing whitespace.
(This used to be commit 232e5e548ec2219944c3002dda355b377a1ea711)
Diffstat (limited to 'docs/manpages-3')
-rw-r--r-- | docs/manpages-3/idmap_ad.8.xml | 8 | ||||
-rw-r--r-- | docs/manpages-3/idmap_ldap.8.xml | 30 | ||||
-rw-r--r-- | docs/manpages-3/idmap_nss.8.xml | 8 | ||||
-rw-r--r-- | docs/manpages-3/idmap_rid.8.xml | 6 | ||||
-rw-r--r-- | docs/manpages-3/idmap_tdb.8.xml | 22 | ||||
-rw-r--r-- | docs/manpages-3/vfs_extd_audit.8.xml | 4 | ||||
-rw-r--r-- | docs/manpages-3/vfs_gpfs.8.xml | 20 | ||||
-rw-r--r-- | docs/manpages-3/vfs_shadow_copy.8.xml | 2 | ||||
-rw-r--r-- | docs/manpages-3/wbinfo.1.xml | 118 | ||||
-rw-r--r-- | docs/manpages-3/winbindd.8.xml | 206 |
10 files changed, 212 insertions, 212 deletions
diff --git a/docs/manpages-3/idmap_ad.8.xml b/docs/manpages-3/idmap_ad.8.xml index e3d6fc22e9..b7541376ed 100644 --- a/docs/manpages-3/idmap_ad.8.xml +++ b/docs/manpages-3/idmap_ad.8.xml @@ -42,7 +42,7 @@ <varlistentry> <term>schema_mode = <rfc2307 | sfu ></term> <listitem><para> - Defines the schema that idmap_ad should use when querying + Defines the schema that idmap_ad should use when querying Active Directory regarding user and group information. This can either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. @@ -79,11 +79,11 @@ <title>AUTHOR</title> <para> - The original Samba software and related utilities + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - </para> + </para> </refsect1> </refentry> diff --git a/docs/manpages-3/idmap_ldap.8.xml b/docs/manpages-3/idmap_ldap.8.xml index 173964f169..7f20014e0a 100644 --- a/docs/manpages-3/idmap_ldap.8.xml +++ b/docs/manpages-3/idmap_ldap.8.xml @@ -17,8 +17,8 @@ <title>DESCRIPTION</title> <para>The idmap_ldap plugin provides a means for Winbind to - store and retrieve SID/uid/gid mapping tables in an LDAP directory - service. The module implements both the "idmap" and + store and retrieve SID/uid/gid mapping tables in an LDAP directory + service. The module implements both the "idmap" and "idmap alloc" APIs. </para> </refsynopsisdiv> @@ -26,11 +26,11 @@ <refsect1> <title>IDMAP OPTIONS</title> - <variablelist> + <variablelist> <varlistentry> <term>ldap_base_dn = DN</term> <listitem><para> - Defines the directory base suffix to use when searching for + Defines the directory base suffix to use when searching for SID/uid/gid mapping entries. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb.conf. </para></listitem> @@ -47,8 +47,8 @@ <varlistentry> <term>ldap_url = ldap://server/</term> <listitem><para> - Specifies the LDAP server to use when searching for existing - SID/uid/gid map entries. If not defined, idmap_ldap will + Specifies the LDAP server to use when searching for existing + SID/uid/gid map entries. If not defined, idmap_ldap will assume that ldap://localhost/ should be used. </para></listitem> </varlistentry> @@ -59,9 +59,9 @@ Defines the available matching uid and gid range for which the backend is authoritative. Note that the range commonly matches the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. </para></listitem> </varlistentry> </variablelist> @@ -100,9 +100,9 @@ <varlistentry> <term>range = low - high</term> <listitem><para> - Defines the available matching uid and gid range from which - winbindd can allocate for users and groups. If the parameter - is absent, Winbind fail over to use the "idmap uid" + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. </para></listitem> </varlistentry> @@ -152,11 +152,11 @@ <title>AUTHOR</title> <para> - The original Samba software and related utilities + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - </para> + </para> </refsect1> </refentry> diff --git a/docs/manpages-3/idmap_nss.8.xml b/docs/manpages-3/idmap_nss.8.xml index cb728252d4..b5169c95c7 100644 --- a/docs/manpages-3/idmap_nss.8.xml +++ b/docs/manpages-3/idmap_nss.8.xml @@ -19,7 +19,7 @@ <para>The idmap_nss plugin provides a means to map Unix users and groups to Windows accounts and obseletes the "winbind trusted domains only" smb.conf option. This provides a simple means of ensuring that the SID - for a Unix user named jsmith is reported as the one assigned to + for a Unix user named jsmith is reported as the one assigned to DOMAIN\jsmith which is necessary for reporting ACLs on files and printers stored on a Samba member server. </para> @@ -53,11 +53,11 @@ <title>AUTHOR</title> <para> - The original Samba software and related utilities + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - </para> + </para> </refsect1> </refentry> diff --git a/docs/manpages-3/idmap_rid.8.xml b/docs/manpages-3/idmap_rid.8.xml index 31d652a50a..1d571d9b41 100644 --- a/docs/manpages-3/idmap_rid.8.xml +++ b/docs/manpages-3/idmap_rid.8.xml @@ -71,11 +71,11 @@ <title>AUTHOR</title> <para> - The original Samba software and related utilities + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - </para> + </para> </refsect1> </refentry> diff --git a/docs/manpages-3/idmap_tdb.8.xml b/docs/manpages-3/idmap_tdb.8.xml index 02b533466f..ae93e5b7d6 100644 --- a/docs/manpages-3/idmap_tdb.8.xml +++ b/docs/manpages-3/idmap_tdb.8.xml @@ -25,16 +25,16 @@ <refsect1> <title>IDMAP OPTIONS</title> - <variablelist> + <variablelist> <varlistentry> <term>range = low - high</term> <listitem><para> Defines the available matching uid and gid range for which the backend is authoritative. Note that the range commonly matches the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. </para></listitem> </varlistentry> </variablelist> @@ -47,9 +47,9 @@ <varlistentry> <term>range = low - high</term> <listitem><para> - Defines the available matching uid and gid range from which - winbindd can allocate for users and groups. If the parameter - is absent, Winbind fail over to use the "idmap uid" + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" and "idmap gid" options from smb.conf. </para></listitem> </varlistentry> @@ -60,7 +60,7 @@ <title>EXAMPLES</title> <para> - The following example is equivalent to the pre-3.0.25 default idmap + The following example is equivalent to the pre-3.0.25 default idmap configuration using the "idmap backend = tdb" setting. </para> @@ -80,11 +80,11 @@ <title>AUTHOR</title> <para> - The original Samba software and related utilities + The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. - </para> + </para> </refsect1> </refentry> diff --git a/docs/manpages-3/vfs_extd_audit.8.xml b/docs/manpages-3/vfs_extd_audit.8.xml index 573c5416c5..22bc4d2bca 100644 --- a/docs/manpages-3/vfs_extd_audit.8.xml +++ b/docs/manpages-3/vfs_extd_audit.8.xml @@ -34,10 +34,10 @@ <citerefentry><refentrytitle>syslog</refentrytitle> <manvolnum>3</manvolnum></citerefentry>).</para> - <para>Other than logging to the + <para>Other than logging to the <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> log, - <command>vfs_extd_audit</command> is identical to + <command>vfs_extd_audit</command> is identical to <citerefentry><refentrytitle>vfs_audit</refentrytitle> <manvolnum>8</manvolnum></citerefentry>. </para> diff --git a/docs/manpages-3/vfs_gpfs.8.xml b/docs/manpages-3/vfs_gpfs.8.xml index 5228c666a3..e5ae11de97 100644 --- a/docs/manpages-3/vfs_gpfs.8.xml +++ b/docs/manpages-3/vfs_gpfs.8.xml @@ -27,10 +27,10 @@ <manvolnum>7</manvolnum></citerefentry> suite.</para> <para>The <command>gpfs</command> VFS module is the home - for all gpfs extensions that Samba requires for proper integration + for all gpfs extensions that Samba requires for proper integration with GPFS. It uses the GPL library interfaces provided by GPFS. </para> - + <para>Currently the gpfs vfs module provides extensions in following areas : <itemizedlist> <listitem><para>NFSv4 ACL Interfaces with configurable options for GPFS</para></listitem> @@ -38,9 +38,9 @@ <listitem><para>Lease support on GPFS</para></listitem> </itemizedlist> </para> - + <para><command>NOTE:</command>This module follows the posix-acl behaviour - and hence allows permission stealing via chown. Samba might allow at a later + and hence allows permission stealing via chown. Samba might allow at a later point in time, to restrict the chown via this module as such restrictions are the responsibility of the underlying filesystem than of Samba. </para> @@ -56,13 +56,13 @@ <variablelist> <varlistentry> - + <term>nfs4:mode = [ simple | special ]</term> <listitem> <para> Enable/Disable substitution of special IDs on GPFS. This parameter should not affect the windows users in anyway. It only ensures that Samba - sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) + sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids ) that are relevant to GPFS. </para> @@ -83,7 +83,7 @@ This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs. GPFS allows/creates duplicate ACE for different bits for same ID. </para> - + <para>Following is the behaviour of Samba for different values :</para> <itemizedlist> <listitem><para><command>dontcare (default)</command> - copy the ACEs as they come</para></listitem> @@ -94,7 +94,7 @@ </listitem> </varlistentry> - + <varlistentry> <term>nfs4:chown = [yes|no]</term> <listitem> @@ -103,7 +103,7 @@ care as it might leave your system insecure.</para> <para>Some filesystems allow chown as a) giving b) stealing. It is the latter that is considered a risk.</para> - + <para>Following is the behaviour of Samba for different values : </para> <itemizedlist> <listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem> @@ -131,7 +131,7 @@ <refsect1> <title>CAVEATS</title> - <para>The gpfs gpl libraries are required by <command>gpfs</command> VFS + <para>The gpfs gpl libraries are required by <command>gpfs</command> VFS module during both compilation and runtime. Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4 </para> diff --git a/docs/manpages-3/vfs_shadow_copy.8.xml b/docs/manpages-3/vfs_shadow_copy.8.xml index ac569e8500..1ed76d0494 100644 --- a/docs/manpages-3/vfs_shadow_copy.8.xml +++ b/docs/manpages-3/vfs_shadow_copy.8.xml @@ -61,7 +61,7 @@ </itemizedlist> </para> - <para>The <command>vfs_shadow_copy</command> snapshot naming convention can be produced with the following + <para>The <command>vfs_shadow_copy</command> snapshot naming convention can be produced with the following <citerefentry><refentrytitle>date</refentrytitle> <manvolnum>1</manvolnum></citerefentry> command: <programlisting> diff --git a/docs/manpages-3/wbinfo.1.xml b/docs/manpages-3/wbinfo.1.xml index a57f56f6dd..f4d78e589e 100644 --- a/docs/manpages-3/wbinfo.1.xml +++ b/docs/manpages-3/wbinfo.1.xml @@ -57,24 +57,24 @@ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para>The <command>wbinfo</command> program queries and returns information + + <para>The <command>wbinfo</command> program queries and returns information created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> daemon. </para> <para>The <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon must be configured - and running for the <command>wbinfo</command> program to be able + <manvolnum>8</manvolnum></citerefentry> daemon must be configured + and running for the <command>wbinfo</command> program to be able to return information.</para> </refsect1> <refsect1> <title>OPTIONS</title> - <variablelist> + <variablelist> <varlistentry> <term>-a|--authenticate username%password</term> - <listitem><para>Attempt to authenticate a user via winbindd. + <listitem><para>Attempt to authenticate a user via winbindd. This checks both authenticaion methods and reports its results. </para><note><para>Do not be tempted to use this functionality for authentication in third-party @@ -96,7 +96,7 @@ <varlistentry> <term>--all-domains</term> - <listitem><para>List all domains (trusted and + <listitem><para>List all domains (trusted and own domain). </para></listitem> </varlistentry> @@ -105,7 +105,7 @@ <term>--domain name</term> <listitem><para>This parameter sets the domain on which any specified operations will performed. If special domain name '.' is used to represent - the current domain to which winbindd belongs. Currently only the + the current domain to which winbindd belongs. Currently only the <option>--sequence</option>, <option>-u</option>, and <option>-g</option> options honor this parameter. </para></listitem> @@ -116,14 +116,14 @@ <listitem><para>Show most of the info we have about the domain. </para></listitem> </varlistentry> - + <varlistentry> <term>-g|--domain-groups</term> - <listitem><para>This option will list all groups available + <listitem><para>This option will list all groups available in the Windows NT domain for which the <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains - will also be listed. Note that this operation does not assign - group ids to any groups that have not already been + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been seen by <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry>. </para></listitem> </varlistentry> @@ -131,33 +131,33 @@ <varlistentry> <term>--get-auth-user</term> <listitem><para>Print username and password used by winbindd - during session setup to a domain controller. Username - and password can be set using <option>--set-auth-user</option>. + during session setup to a domain controller. Username + and password can be set using <option>--set-auth-user</option>. Only available for root.</para></listitem> </varlistentry> - + <varlistentry> <term>--getdcname domain</term> <listitem><para>Get the DC name for the specified domain. </para></listitem> </varlistentry> - + <varlistentry> <term>-G|--gid-to-sid gid</term> - <listitem><para>Try to convert a UNIX group id to a Windows - NT SID. If the gid specified does not refer to one within + <listitem><para>Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within the idmap gid range then the operation will fail. </para></listitem> </varlistentry> - + <varlistentry> <term>-i|--user-info user</term> <listitem><para>Get user info. </para></listitem> </varlistentry> - + <varlistentry> <term>-I|--WINS-by-ip ip</term> - <listitem><para>The <parameter>-I</parameter> option + <listitem><para>The <parameter>-I</parameter> option queries <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> to send a node status request to get the NetBIOS name associated with the IP address @@ -167,37 +167,37 @@ <varlistentry> <term>-K|--krb5auth username%password</term> - <listitem><para>Attempt to authenticate a user via Kerberos. + <listitem><para>Attempt to authenticate a user via Kerberos. </para></listitem> </varlistentry> <varlistentry> <term>-m|--trusted-domains</term> - <listitem><para>Produce a list of domains trusted by the + <listitem><para>Produce a list of domains trusted by the Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts - when resolving names. This list does not include the Windows + <manvolnum>8</manvolnum></citerefentry> contacts + when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. </para></listitem> </varlistentry> - + <varlistentry> <term>-n|--name-to-sid name</term> - <listitem><para>The <parameter>-n</parameter> option + <listitem><para>The <parameter>-n</parameter> option queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for the SID - associated with the name specified. Domain names can be specified - before the user name by using the winbind separator character. + <manvolnum>8</manvolnum></citerefentry> for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator - user in the domain CWDOM1. If no domain is specified then the + user in the domain CWDOM1. If no domain is specified then the domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> <parameter>workgroup </parameter> parameter. </para></listitem> </varlistentry> - + <varlistentry> <term>-N|--WINS-by-name name</term> - <listitem><para>The <parameter>-N</parameter> option + <listitem><para>The <parameter>-N</parameter> option queries <citerefentry><refentrytitle>winbindd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> to query the WINS server for the IP address associated with the NetBIOS name @@ -213,7 +213,7 @@ <varlistentry> <term>-p|--ping</term> - <listitem><para>Check whether winbindd is still alive. + <listitem><para>Check whether winbindd is still alive. Prints out either 'succeeded' or 'failed'. </para></listitem> </varlistentry> @@ -225,12 +225,12 @@ defined on a Domain Controller. </para></listitem> </varlistentry> - + <varlistentry> <term>-s|--sid-to-name sid</term> <listitem><para>Use <parameter>-s</parameter> to resolve a SID to a name. This is the inverse of the <parameter>-n - </parameter> option above. SIDs must be specified as ASCII strings + </parameter> option above. SIDs must be specified as ASCII strings in the traditional Microsoft format. For example, S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem> </varlistentry> @@ -243,13 +243,13 @@ </varlistentry> <varlistentry> <term>--sequence</term> - <listitem><para>Show sequence numbers of + <listitem><para>Show sequence numbers of all known domains</para></listitem> </varlistentry> - + <varlistentry> <term>--set-auth-user username%password</term> - <listitem><para>Store username and password used by winbindd + <listitem><para>Store username and password used by winbindd during session setup to a domain controller. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a.k.a. Permissions compatiable with @@ -259,7 +259,7 @@ <varlistentry> <term>-S|--sid-to-uid sid</term> - <listitem><para>Convert a SID to a UNIX user id. If the SID + <listitem><para>Convert a SID to a UNIX user id. If the SID does not correspond to a UNIX user mapped by <citerefentry> <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> </citerefentry> then the operation will fail. </para></listitem> @@ -267,17 +267,17 @@ <varlistentry> <term>-t|--check-secret</term> - <listitem><para>Verify that the workstation trust account + <listitem><para>Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working. </para></listitem> </varlistentry> <varlistentry> <term>-u|--domain-users</term> - <listitem><para>This option will list all users available + <listitem><para>This option will list all users available in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains - will also be listed. Note that this operation does not assign + <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign user ids to any users that have not already been seen by <citerefentry> <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> .</para></listitem> @@ -294,25 +294,25 @@ <listitem><para>Get user domain groups. </para></listitem> </varlistentry> - + <varlistentry> <term>--user-sids SID</term> <listitem><para>Get user group SIDs for user. </para></listitem> </varlistentry> - + <varlistentry> <term>-U|--uid-to-sid uid</term> - <listitem><para>Try to convert a UNIX user id to a Windows NT + <listitem><para>Try to convert a UNIX user id to a Windows NT SID. If the uid specified does not refer to one within the idmap uid range then the operation will fail. </para></listitem> </varlistentry> - + <varlistentry> <term>-Y|--sid-to-gid sid</term> - <listitem><para>Convert a SID to a UNIX group id. If the SID + <listitem><para>Convert a SID to a UNIX group id. If the SID does not correspond to a UNIX group mapped by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then + <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then the operation will fail. </para></listitem> </varlistentry> @@ -327,10 +327,10 @@ <refsect1> <title>EXIT STATUS</title> - <para>The wbinfo program returns 0 if the operation + <para>The wbinfo program returns 0 if the operation succeeded, or 1 if the operation failed. If the <citerefentry> <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> daemon is not working <command>wbinfo</command> will always return + </citerefentry> daemon is not working <command>wbinfo</command> will always return failure. </para> </refsect1> @@ -338,7 +338,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of + <para>This man page is correct for version 3.0 of the Samba suite.</para> </refsect1> @@ -351,16 +351,16 @@ <refsect1> <title>AUTHOR</title> - - <para>The original Samba software and related utilities + + <para>The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.</para> - + <para><command>wbinfo</command> and <command>winbindd</command> were written by Tim Potter.</para> - - <para>The conversion to DocBook for Samba 2.2 was done + + <para>The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> </refsect1> diff --git a/docs/manpages-3/winbindd.8.xml b/docs/manpages-3/winbindd.8.xml index d377a3f5f0..0749b295aa 100644 --- a/docs/manpages-3/winbindd.8.xml +++ b/docs/manpages-3/winbindd.8.xml @@ -10,7 +10,7 @@ <refnamediv> <refname>winbindd</refname> - <refpurpose>Name Service Switch daemon for resolving names + <refpurpose>Name Service Switch daemon for resolving names from NT servers</refpurpose> </refnamediv> @@ -33,7 +33,7 @@ <para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>7</manvolnum></citerefentry> suite.</para> - <para><command>winbindd</command> is a daemon that provides + <para><command>winbindd</command> is a daemon that provides a number of services to the Name Service Switch capability found in most modern C libraries, to arbitary applications via PAM and <command>ntlm_auth</command> and to Samba itself.</para> @@ -46,24 +46,24 @@ <smbconfoption name="idmap gid"/> parameters are not required. (This is known as `netlogon proxy only mode'.)</para> - <para> The Name Service Switch allows user - and system information to be obtained from different databases - services such as NIS or DNS. The exact behaviour can be configured - throught the <filename>/etc/nsswitch.conf</filename> file. - Users and groups are allocated as they are resolved to a range - of user and group ids specified by the administrator of the + <para> The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the <filename>/etc/nsswitch.conf</filename> file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the Samba system.</para> - <para>The service provided by <command>winbindd</command> is called `winbind' and - can be used to resolve user and group information from a + <para>The service provided by <command>winbindd</command> is called `winbind' and + can be used to resolve user and group information from a Windows NT server. The service can also provide authentication services via an associated PAM module. </para> - + <para> The <filename>pam_winbind</filename> module supports the <parameter>auth</parameter>, <parameter>account</parameter> and <parameter>password</parameter> - module-types. It should be noted that the + module-types. It should be noted that the <parameter>account</parameter> module simply performs a getpwnam() to verify that the system can obtain a uid for the user, as the domain controller has already performed access control. If the @@ -71,15 +71,15 @@ installed, or an alternate source of names configured, this should always succeed. </para> - <para>The following nsswitch databases are implemented by + <para>The following nsswitch databases are implemented by the winbindd service: </para> <variablelist> <varlistentry> <term>hosts</term> <listitem><para>This feature is only available on IRIX. - User information traditionally stored in - the <filename>hosts(5)</filename> file and used by + User information traditionally stored in + the <filename>hosts(5)</filename> file and used by <command>gethostbyname(3)</command> functions. Names are resolved through the WINS server or by broadcast. </para></listitem> @@ -87,30 +87,30 @@ <varlistentry> <term>passwd</term> - <listitem><para>User information traditionally stored in - the <filename>passwd(5)</filename> file and used by + <listitem><para>User information traditionally stored in + the <filename>passwd(5)</filename> file and used by <command>getpwent(3)</command> functions. </para></listitem> </varlistentry> <varlistentry> <term>group</term> - <listitem><para>Group information traditionally stored in - the <filename>group(5)</filename> file and used by + <listitem><para>Group information traditionally stored in + the <filename>group(5)</filename> file and used by <command>getgrent(3)</command> functions. </para></listitem> </varlistentry> </variablelist> <para>For example, the following simple configuration in the - <filename>/etc/nsswitch.conf</filename> file can be used to initially + <filename>/etc/nsswitch.conf</filename> file can be used to initially resolve user and group information from <filename>/etc/passwd - </filename> and <filename>/etc/group</filename> and then from the + </filename> and <filename>/etc/group</filename> and then from the Windows NT server. <programlisting> passwd: files winbind group: files winbind ## only available on IRIX; Linux users should us libnss_wins.so hosts: files dns winbind -</programlisting></para> +</programlisting></para> <para>The following simple configuration in the <filename>/etc/nsswitch.conf</filename> file can be used to initially @@ -154,9 +154,9 @@ hosts: files wins <varlistentry> <term>-i</term> - <listitem><para>Tells <command>winbindd</command> to not - become a daemon and detach from the current terminal. This - option is used by developers when interactive debugging + <listitem><para>Tells <command>winbindd</command> to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging of <command>winbindd</command> is required. <command>winbindd</command> also logs to standard output, as if the <command>-S</command> parameter had been given. @@ -165,20 +165,20 @@ hosts: files wins <varlistentry> <term>-n</term> - <listitem><para>Disable caching. This means winbindd will - always have to wait for a response from the domain controller - before it can respond to a client and this thus makes things - slower. The results will however be more accurate, since - results from the cache might not be up-to-date. This + <listitem><para>Disable caching. This means winbindd will + always have to wait for a response from the domain controller + before it can respond to a client and this thus makes things + slower. The results will however be more accurate, since + results from the cache might not be up-to-date. This might also temporarily hang winbindd if the DC doesn't respond. </para></listitem> </varlistentry> <varlistentry> <term>-Y</term> - <listitem><para>Single daemon mode. This means winbindd will run - as a single process (the mode of operation in Samba 2.2). Winbindd's - default behavior is to launch a child process that is responsible for + <listitem><para>Single daemon mode. This means winbindd will run + as a single process (the mode of operation in Samba 2.2). Winbindd's + default behavior is to launch a child process that is responsible for updating expired cache entries. </para></listitem> </varlistentry> @@ -190,24 +190,24 @@ hosts: files wins <refsect1> <title>NAME AND ID RESOLUTION</title> - <para>Users and groups on a Windows NT server are assigned - a security id (SID) which is globally unique when the - user or group is created. To convert the Windows NT user or group - into a unix user or group, a mapping between SIDs and unix user + <para>Users and groups on a Windows NT server are assigned + a security id (SID) which is globally unique when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between SIDs and unix user and group ids is required. This is one of the jobs that <command> winbindd</command> performs. </para> - <para>As winbindd users and groups are resolved from a server, user + <para>As winbindd users and groups are resolved from a server, user and group ids are allocated from a specified range. This - is done on a first come, first served basis, although all existing - users and groups will be mapped as soon as a client performs a user - or group enumeration command. The allocated unix ids are stored + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored in a database and will be remembered. </para> - <para>WARNING: The SID to unix id database is the only location - where the user and group mappings are stored by winbindd. If this - store is deleted or corrupted, there is no way for winbindd to - determine which user and group ids correspond to Windows NT user + <para>WARNING: The SID to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + store is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user and group rids. </para> <para>See the <smbconfoption><name>idmap @@ -221,10 +221,10 @@ hosts: files wins <refsect1> <title>CONFIGURATION</title> - <para>Configuration of the <command>winbindd</command> daemon + <para>Configuration of the <command>winbindd</command> daemon is done through configuration parameters in the <citerefentry> <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file. All parameters should be specified in the + </citerefentry> file. All parameters should be specified in the [global] section of smb.conf. </para> <itemizedlist> @@ -262,18 +262,18 @@ hosts: files wins <title>EXAMPLE SETUP</title> <para> - To setup winbindd for user and group lookups plus - authentication from a domain controller use something like the + To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the following setup. This was tested on an early Red Hat Linux box. </para> - <para>In <filename>/etc/nsswitch.conf</filename> put the + <para>In <filename>/etc/nsswitch.conf</filename> put the following: <programlisting> passwd: files winbind group: files winbind </programlisting> - </para> + </para> <para>In <filename>/etc/pam.d/*</filename> replace the <parameter> auth</parameter> lines with something like this: @@ -285,7 +285,7 @@ auth required /lib/security/pam_unix.so \ use_first_pass shadow nullok </programlisting> </para> - + <note><para> The PAM module pam_unix has recently replaced the module pam_pwdb. Some Linux systems use the module pam_unix2 in place of pam_unix. @@ -294,21 +294,21 @@ auth required /lib/security/pam_unix.so \ <para>Note in particular the use of the <parameter>sufficient </parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para> - <para>Now replace the account lines with this: </para> - + <para>Now replace the account lines with this: </para> + <para><command>account required /lib/security/pam_winbind.so </command></para> - - <para>The next step is to join the domain. To do that use the + + <para>The next step is to join the domain. To do that use the <command>net</command> program like this: </para> - + <para><command>net join -S PDC -U Administrator</command></para> - + <para>The username after the <parameter>-U</parameter> can be any Domain user that has administrator privileges on the machine. Substitute the name or IP of your PDC for "PDC".</para> - <para>Next copy <filename>libnss_winbind.so</filename> to + <para>Next copy <filename>libnss_winbind.so</filename> to <filename>/lib</filename> and <filename>pam_winbind.so </filename> to <filename>/lib/security</filename>. A symbolic link needs to be made from <filename>/lib/libnss_winbind.so</filename> to @@ -317,7 +317,7 @@ auth required /lib/security/pam_unix.so \ <filename>/lib/libnss_winbind.so.1</filename>.</para> <para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> containing directives like the + <manvolnum>5</manvolnum></citerefentry> containing directives like the following: <programlisting> [global] @@ -331,12 +331,12 @@ auth required /lib/security/pam_unix.so \ security = domain password server = * </programlisting></para> - - <para>Now start winbindd and you should find that your user and - group database is expanded to include your NT users and groups, - and that you can login to your unix box as a domain user, using - the DOMAIN+user syntax for the username. You may wish to use the + + <para>Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the commands <command>getent passwd</command> and <command>getent group </command> to confirm the correct operation of winbindd.</para> </refsect1> @@ -345,24 +345,24 @@ auth required /lib/security/pam_unix.so \ <refsect1> <title>NOTES</title> - <para>The following notes are useful when configuring and + <para>The following notes are useful when configuring and running <command>winbindd</command>: </para> <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must be running on the local machine + <manvolnum>8</manvolnum></citerefentry> must be running on the local machine for <command>winbindd</command> to work. </para> - <para>PAM is really easy to misconfigure. Make sure you know what - you are doing when modifying PAM configuration files. It is possible + <para>PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system. </para> - - <para>If more than one UNIX machine is running <command>winbindd</command>, - then in general the user and groups ids allocated by winbindd will not - be the same. The user and group ids will only be valid for the local + + <para>If more than one UNIX machine is running <command>winbindd</command>, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local machine, unless a shared <smbconfoption><name>idmap backend</name></smbconfoption> is configured.</para> - <para>If the the Windows NT SID to UNIX user and group id mapping + <para>If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost. </para> </refsect1> @@ -370,27 +370,27 @@ auth required /lib/security/pam_unix.so \ <refsect1> <title>SIGNALS</title> - <para>The following signals can be used to manipulate the + <para>The following signals can be used to manipulate the <command>winbindd</command> daemon. </para> <variablelist> <varlistentry> <term>SIGHUP</term> <listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file and - apply any parameter changes to the running - version of winbindd. This signal also clears any cached - user and group information. The list of other domains trusted + <manvolnum>5</manvolnum></citerefentry> file and + apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted by winbindd is also reloaded. </para></listitem> </varlistentry> <varlistentry> <term>SIGUSR2</term> <listitem><para>The SIGUSR2 signal will cause <command> - winbindd</command> to write status information to the winbind + winbindd</command> to write status information to the winbind log file.</para> - <para>Log files are stored in the filename specified by the + <para>Log files are stored in the filename specified by the log file parameter.</para></listitem> </varlistentry> </variablelist> @@ -405,29 +405,29 @@ auth required /lib/security/pam_unix.so \ <listitem><para>Name service switch configuration file.</para> </listitem> </varlistentry> - + <varlistentry> <term>/tmp/.winbindd/pipe</term> - <listitem><para>The UNIX pipe over which clients communicate with - the <command>winbindd</command> program. For security reasons, the - winbind client will only attempt to connect to the winbindd daemon + <listitem><para>The UNIX pipe over which clients communicate with + the <command>winbindd</command> program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon if both the <filename>/tmp/.winbindd</filename> directory - and <filename>/tmp/.winbindd/pipe</filename> file are owned by + and <filename>/tmp/.winbindd/pipe</filename> file are owned by root. </para></listitem> </varlistentry> <varlistentry> <term>$LOCKDIR/winbindd_privileged/pipe</term> - <listitem><para>The UNIX pipe over which 'privileged' clients - communicate with the <command>winbindd</command> program. For security - reasons, access to some winbindd functions - like those needed by + <listitem><para>The UNIX pipe over which 'privileged' clients + communicate with the <command>winbindd</command> program. For security + reasons, access to some winbindd functions - like those needed by the <command>ntlm_auth</command> utility - is restricted. By default, only users in the 'root' group will get this access, however the administrator may change the group permissions on $LOCKDIR/winbindd_privileged to allow programs like 'squid' to use ntlm_auth. - Note that the winbind client will only attempt to connect to the winbindd daemon + Note that the winbind client will only attempt to connect to the winbindd daemon if both the <filename>$LOCKDIR/winbindd_privileged</filename> directory - and <filename>$LOCKDIR/winbindd_privileged/pipe</filename> file are owned by + and <filename>$LOCKDIR/winbindd_privileged/pipe</filename> file are owned by root. </para></listitem> </varlistentry> @@ -436,16 +436,16 @@ auth required /lib/security/pam_unix.so \ <listitem><para>Implementation of name service switch library. </para></listitem> </varlistentry> - + <varlistentry> <term>$LOCKDIR/winbindd_idmap.tdb</term> - <listitem><para>Storage for the Windows NT rid to UNIX user/group - id mapping. The lock directory is specified when Samba is initially + <listitem><para>Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially compiled using the <parameter>--with-lockdir</parameter> option. This directory is by default <filename>/usr/local/samba/var/locks </filename>. </para></listitem> </varlistentry> - + <varlistentry> <term>$LOCKDIR/winbindd_cache.tdb</term> <listitem><para>Storage for cached user and group information. @@ -464,7 +464,7 @@ auth required /lib/security/pam_unix.so \ <refsect1> <title>SEE ALSO</title> - + <para><filename>nsswitch.conf(5)</filename>, <citerefentry> <refentrytitle>samba</refentrytitle> <manvolnum>7</manvolnum></citerefentry>, <citerefentry> @@ -480,16 +480,16 @@ auth required /lib/security/pam_unix.so \ <refsect1> <title>AUTHOR</title> - - <para>The original Samba software and related utilities + + <para>The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar + by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.</para> - - <para><command>wbinfo</command> and <command>winbindd</command> were + + <para><command>wbinfo</command> and <command>winbindd</command> were written by Tim Potter.</para> - - <para>The conversion to DocBook for Samba 2.2 was done + + <para>The conversion to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> </refsect1> |