diff options
85 files changed, 321 insertions, 394 deletions
diff --git a/docs/manpages-3/winbindd.8.xml b/docs/manpages-3/winbindd.8.xml index 1ad8a6ff1e..4d02ed6a35 100644 --- a/docs/manpages-3/winbindd.8.xml +++ b/docs/manpages-3/winbindd.8.xml @@ -255,25 +255,30 @@ hosts: files wins <refsect1> <title>EXAMPLE SETUP</title> - <para>To setup winbindd for user and group lookups plus + <para> + To setup winbindd for user and group lookups plus authentication from a domain controller use something like the - following setup. This was tested on a RedHat 6.2 Linux box. </para> + following setup. This was tested on an early Red Hat Linux box. + </para> <para>In <filename>/etc/nsswitch.conf</filename> put the following: <programlisting> -passwd: files winbind -group: files winbind -</programlisting></para> +passwd: files winbind +group: files winbind +</programlisting> + </para> <para>In <filename>/etc/pam.d/*</filename> replace the <parameter> auth</parameter> lines with something like this: <programlisting> -auth required /lib/security/pam_securetty.so -auth required /lib/security/pam_nologin.so -auth sufficient /lib/security/pam_winbind.so -auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok -</programlisting></para> +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so \ + use_first_pass shadow nullok +</programlisting> + </para> <para>Note in particular the use of the <parameter>sufficient diff --git a/docs/smbdotconf/base/bindinterfacesonly.xml b/docs/smbdotconf/base/bindinterfacesonly.xml index 0fd302ceaa..ae72efd73d 100644 --- a/docs/smbdotconf/base/bindinterfacesonly.xml +++ b/docs/smbdotconf/base/bindinterfacesonly.xml @@ -10,60 +10,59 @@ <manvolnum>8</manvolnum></citerefentry> and name service <citerefentry><refentrytitle>nmbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> in a slightly different ways.</para> - <para>For name service it causes <command moreinfo="none">nmbd</command> to bind - to ports 137 and 138 on the interfaces listed in - the <link linkend="INTERFACES">interfaces</link> parameter. <command moreinfo="none">nmbd</command> also - binds to the "all addresses" interface (0.0.0.0) - on ports 137 and 138 for the purposes of reading broadcast messages. - If this option is not set then <command moreinfo="none">nmbd</command> will service - name requests on all of these sockets. If <smbconfoption name="bind interfaces only"/> is set then <command moreinfo="none">nmbd</command> will check the - source address of any packets coming in on the broadcast sockets - and discard any that don't match the broadcast addresses of the - interfaces in the <smbconfoption name="interfaces"/> parameter list. - As unicast packets are received on the other sockets it allows - <command moreinfo="none">nmbd</command> to refuse to serve names to machines that - send packets that arrive through any interfaces not listed in the - <smbconfoption name="interfaces"/> list. IP Source address spoofing - does defeat this simple check, however, so it must not be used - seriously as a security feature for <command moreinfo="none">nmbd</command>.</para> + <para> + For name service it causes <command moreinfo="none">nmbd</command> to bind to ports 137 and 138 on the + interfaces listed in the <smbconfoption name="interfaces"/> parameter. <command moreinfo="none">nmbd</command> + also binds to the "all addresses" interface (0.0.0.0) on ports 137 and 138 for the purposes of + reading broadcast messages. If this option is not set then <command moreinfo="none">nmbd</command> will + service name requests on all of these sockets. If <smbconfoption name="bind interfaces only"/> is set then + <command moreinfo="none">nmbd</command> will check the source address of any packets coming in on the + broadcast sockets and discard any that don't match the broadcast addresses of the interfaces in the + <smbconfoption name="interfaces"/> parameter list. As unicast packets are received on the other sockets it + allows <command moreinfo="none">nmbd</command> to refuse to serve names to machines that send packets that + arrive through any interfaces not listed in the <smbconfoption name="interfaces"/> list. IP Source address + spoofing does defeat this simple check, however, so it must not be used seriously as a security feature for + <command moreinfo="none">nmbd</command>. + </para> - <para>For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list - given in the <link linkend="INTERFACES">interfaces</link> parameter. This - restricts the networks that <command moreinfo="none">smbd</command> will serve - to packets coming in those interfaces. Note that you should not use this parameter - for machines that are serving PPP or other intermittent or non-broadcast network - interfaces as it will not cope with non-permanent interfaces.</para> + <para> + For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list given in the <smbconfoption + name="interfaces"/> parameter. This restricts the networks that <command moreinfo="none">smbd</command> will + serve to packets coming in those interfaces. Note that you should not use this parameter for machines that + are serving PPP or other intermittent or non-broadcast network interfaces as it will not cope with + non-permanent interfaces. + </para> -<para>If <smbconfoption name="bind interfaces only"/> is set then - unless the network address <emphasis>127.0.0.1</emphasis> is added - to the <smbconfoption name="interfaces"/> parameter - list <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> may not work as expected due - to the reasons covered below.</para> + <para> + If <smbconfoption name="bind interfaces only"/> is set then unless the network address + <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list + <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> and + <citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> may not work as + expected due to the reasons covered below. + </para> - <para>To change a users SMB password, the <command moreinfo="none">smbpasswd</command> - by default connects to the <emphasis>localhost - 127.0.0.1</emphasis> - address as an SMB client to issue the password change request. If - <smbconfoption name="bind interfaces only"/> is set then unless the - network address <emphasis>127.0.0.1</emphasis> is added to the - <smbconfoption name="interfaces"/> parameter list then <command moreinfo="none"> - smbpasswd</command> will fail to connect in it's default mode. - <command moreinfo="none">smbpasswd</command> can be forced to use the primary IP interface - of the local host by using its <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <parameter moreinfo="none">-r <replaceable>remote machine</replaceable></parameter> - parameter, with <replaceable>remote machine</replaceable> set - to the IP name of the primary interface of the local host.</para> + <para> + To change a users SMB password, the <command moreinfo="none">smbpasswd</command> by default connects to the + <emphasis>localhost - 127.0.0.1</emphasis> address as an SMB client to issue the password change request. If + <smbconfoption name="bind interfaces only"/> is set then unless the network address + <emphasis>127.0.0.1</emphasis> is added to the <smbconfoption name="interfaces"/> parameter list then <command + moreinfo="none"> smbpasswd</command> will fail to connect in it's default mode. <command + moreinfo="none">smbpasswd</command> can be forced to use the primary IP interface of the local host by using + its <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> <parameter + moreinfo="none">-r <replaceable>remote machine</replaceable></parameter> parameter, with <replaceable>remote + machine</replaceable> set to the IP name of the primary interface of the local host. + </para> - <para>The <command moreinfo="none">swat</command> status page tries to connect with - <command moreinfo="none">smbd</command> and <command moreinfo="none">nmbd</command> at the address - <emphasis>127.0.0.1</emphasis> to determine if they are running. - Not adding <emphasis>127.0.0.1</emphasis> will cause <command moreinfo="none"> - smbd</command> and <command moreinfo="none">nmbd</command> to always show - "not running" even if they really are. This can prevent <command moreinfo="none"> - swat</command> from starting/stopping/restarting <command moreinfo="none">smbd</command> - and <command moreinfo="none">nmbd</command>.</para> + <para> + The <command moreinfo="none">swat</command> status page tries to connect with <command + moreinfo="none">smbd</command> and <command moreinfo="none">nmbd</command> at the address + <emphasis>127.0.0.1</emphasis> to determine if they are running. Not adding <emphasis>127.0.0.1</emphasis> + will cause <command moreinfo="none"> smbd</command> and <command moreinfo="none">nmbd</command> to always show + "not running" even if they really are. This can prevent <command moreinfo="none"> swat</command> + from starting/stopping/restarting <command moreinfo="none">smbd</command> and <command + moreinfo="none">nmbd</command>. + </para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/filename/manglingchar.xml b/docs/smbdotconf/filename/manglingchar.xml index 39e7546ef0..95b47794d1 100644 --- a/docs/smbdotconf/filename/manglingchar.xml +++ b/docs/smbdotconf/filename/manglingchar.xml @@ -4,7 +4,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This controls what character is used as - the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The + the <emphasis>magic</emphasis> character in <smbconfoption name="name mangling"/>. The default is a '~' but this may interfere with some software. Use this option to set it to whatever you prefer. This is effective only when mangling method is hash.</para> </description> diff --git a/docs/smbdotconf/locking/fakeoplocks.xml b/docs/smbdotconf/locking/fakeoplocks.xml index 069cdaa95e..fa004d7497 100644 --- a/docs/smbdotconf/locking/fakeoplocks.xml +++ b/docs/smbdotconf/locking/fakeoplocks.xml @@ -15,8 +15,7 @@ <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> will always grant oplock requests no matter how many clients are using the file.</para> - <para>It is generally much better to use the real <link linkend="OPLOCKS"> - <parameter moreinfo="none">oplocks</parameter></link> support rather + <para>It is generally much better to use the real <smbconfoption name="oplocks"/> support rather than this parameter.</para> <para>If you enable this option on all read-only shares or diff --git a/docs/smbdotconf/locking/kerneloplocks.xml b/docs/smbdotconf/locking/kerneloplocks.xml index a89f6b4d80..c4f12b9bd4 100644 --- a/docs/smbdotconf/locking/kerneloplocks.xml +++ b/docs/smbdotconf/locking/kerneloplocks.xml @@ -3,8 +3,7 @@ context="G" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>For UNIXes that support kernel based <link linkend="OPLOCKS"> - <parameter moreinfo="none">oplocks</parameter></link> + <para>For UNIXes that support kernel based <smbconfoption name="oplocks"/> (currently only IRIX and the Linux 2.4 kernel), this parameter allows the use of them to be turned on or off.</para> diff --git a/docs/smbdotconf/locking/level2oplocks.xml b/docs/smbdotconf/locking/level2oplocks.xml index 96a855c45a..496701b188 100644 --- a/docs/smbdotconf/locking/level2oplocks.xml +++ b/docs/smbdotconf/locking/level2oplocks.xml @@ -26,11 +26,11 @@ <para>For more discussions on level2 oplocks see the CIFS spec.</para> - <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel - oplocks</parameter></link> are supported then level2 oplocks are - not granted (even if this parameter is set to <constant>yes</constant>). - Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> parameter must be set to <constant>yes</constant> on this share in order for + <para> + Currently, if <smbconfoption name="kernel oplocks"/> are supported then + level2 oplocks are not granted (even if this parameter is set to + <constant>yes</constant>). Note also, the <smbconfoption name="oplocks"/> + parameter must be set to <constant>yes</constant> on this share in order for this parameter to have any effect.</para> </description> diff --git a/docs/smbdotconf/locking/lockspintime.xml b/docs/smbdotconf/locking/lockspintime.xml index 172e854894..c2e5501f07 100644 --- a/docs/smbdotconf/locking/lockspintime.xml +++ b/docs/smbdotconf/locking/lockspintime.xml @@ -5,8 +5,7 @@ <description> <para>The time in microseconds that smbd should pause before attempting to gain a failed lock. See - <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin - count</parameter></link> for more details.</para> + <smbconfoption name="lock spin count"/> for more details.</para> </description> <value type="default">10</value> </samba:parameter> diff --git a/docs/smbdotconf/locking/oplocks.xml b/docs/smbdotconf/locking/oplocks.xml index d7f453c561..3ce70a7883 100644 --- a/docs/smbdotconf/locking/oplocks.xml +++ b/docs/smbdotconf/locking/oplocks.xml @@ -14,8 +14,7 @@ directory.</para> <para>Oplocks may be selectively turned off on certain files with a - share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none"> - veto oplock files</parameter></link> parameter. On some systems + share. See the <smbconfoption name="veto oplock files"/> parameter. On some systems oplocks are recognized by the underlying operating system. This allows data synchronization between all access to oplocked files, whether it be via Samba or NFS or a local UNIX process. See the diff --git a/docs/smbdotconf/logging/debughirestimestamp.xml b/docs/smbdotconf/logging/debughirestimestamp.xml index 7da4573df5..eef5af73f0 100644 --- a/docs/smbdotconf/logging/debughirestimestamp.xml +++ b/docs/smbdotconf/logging/debughirestimestamp.xml @@ -9,8 +9,8 @@ boolean parameter adds microsecond resolution to the timestamp message header when turned on.</para> - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an + <para> + Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an effect.</para> </description> diff --git a/docs/smbdotconf/logging/debugpid.xml b/docs/smbdotconf/logging/debugpid.xml index 1d6bc95704..0d84eb5263 100644 --- a/docs/smbdotconf/logging/debugpid.xml +++ b/docs/smbdotconf/logging/debugpid.xml @@ -11,8 +11,7 @@ is adds the process-id to the timestamp message headers in the logfile when turned on.</para> - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an + <para>Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an effect.</para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/logging/debugtimestamp.xml b/docs/smbdotconf/logging/debugtimestamp.xml index 2215baeb01..ac1ce7b09e 100644 --- a/docs/smbdotconf/logging/debugtimestamp.xml +++ b/docs/smbdotconf/logging/debugtimestamp.xml @@ -6,8 +6,7 @@ <synonym>timestamp logs</synonym> <description> <para>Samba debug log messages are timestamped - by default. If you are running at a high <link linkend="DEBUGLEVEL"> - <parameter moreinfo="none">debug level</parameter></link> these timestamps + by default. If you are running at a high <smbconfoption name="debug level"/> these timestamps can be distracting. This boolean parameter allows timestamping to be turned off.</para> </description> diff --git a/docs/smbdotconf/logging/debuguid.xml b/docs/smbdotconf/logging/debuguid.xml index af84501e80..616128a581 100644 --- a/docs/smbdotconf/logging/debuguid.xml +++ b/docs/smbdotconf/logging/debuguid.xml @@ -9,8 +9,7 @@ current euid, egid, uid and gid to the timestamp message headers in the log file if turned on.</para> - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an + <para>Note that the parameter <smbconfoption name="debug timestamp"/> must be on for this to have an effect.</para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/logon/abortshutdownscript.xml b/docs/smbdotconf/logon/abortshutdownscript.xml index b9084897ff..f1ac6183dc 100644 --- a/docs/smbdotconf/logon/abortshutdownscript.xml +++ b/docs/smbdotconf/logon/abortshutdownscript.xml @@ -6,8 +6,7 @@ <description> <para>This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> that - should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"> - <parameter moreinfo="none">shutdown script</parameter></link>.</para> + should stop a shutdown procedure issued by the <smbconfoption name="shutdown script"/>.</para> <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>, right, this command will be run as user.</para> diff --git a/docs/smbdotconf/logon/adduserscript.xml b/docs/smbdotconf/logon/adduserscript.xml index 568c054a1a..1dd71b3867 100644 --- a/docs/smbdotconf/logon/adduserscript.xml +++ b/docs/smbdotconf/logon/adduserscript.xml @@ -38,11 +38,10 @@ already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts.</para> - <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link>, <link linkend="PASSWORDSERVER"> - <parameter moreinfo="none">password server</parameter></link>, - <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user - script</parameter></link>.</para> + <para> + See also <smbconfoption name="security"/>, <smbconfoption name="password server"/>, + <smbconfoption name="delete user script"/>. + </para> </description> <value type="default"/> diff --git a/docs/smbdotconf/logon/domainlogons.xml b/docs/smbdotconf/logon/domainlogons.xml index 7c432221d0..d274faa18b 100644 --- a/docs/smbdotconf/logon/domainlogons.xml +++ b/docs/smbdotconf/logon/domainlogons.xml @@ -7,8 +7,7 @@ <para> If set to <constant>yes</constant>, the Samba server will provide the netlogon service for Windows 9X network logons for the - <link linkend="WORKGROUP"> - <parameter moreinfo="none">workgroup</parameter></link> it is in. + <smbconfoption name="workgroup"/> it is in. This will also cause the Samba server to act as a domain controller for NT4 style domain services. For more details on setting up this feature see the Domain Control chapter of the diff --git a/docs/smbdotconf/logon/logondrive.xml b/docs/smbdotconf/logon/logondrive.xml index a37c2e760b..2b8f016ece 100644 --- a/docs/smbdotconf/logon/logondrive.xml +++ b/docs/smbdotconf/logon/logondrive.xml @@ -5,8 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This parameter specifies the local path to - which the home directory will be connected (see <link linkend="LOGONHOME"> - <parameter moreinfo="none">logon home</parameter></link>) + which the home directory will be connected (see <smbconfoption name="logon home"/>) and is only used by NT Workstations. </para> <para>Note that this option is only useful if Samba is set up as a diff --git a/docs/smbdotconf/logon/logonhome.xml b/docs/smbdotconf/logon/logonhome.xml index 8d07550c30..5939902625 100644 --- a/docs/smbdotconf/logon/logonhome.xml +++ b/docs/smbdotconf/logon/logonhome.xml @@ -29,8 +29,7 @@ \\server\share when a user does <command moreinfo="none">net use /home</command> but use the whole string when dealing with profiles.</para> - <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> - <parameter moreinfo="none">logon path</parameter></link> was returned rather than + <para>Note that in prior versions of Samba, the <smbconfoption name="logon path"/> was returned rather than <parameter moreinfo="none">logon home</parameter>. This broke <command moreinfo="none">net use /home</command> but allowed profiles outside the home directory. The current implementation is correct, and can be used for profiles if you use diff --git a/docs/smbdotconf/logon/logonpath.xml b/docs/smbdotconf/logon/logonpath.xml index ab87c77bb9..eb2e9de056 100644 --- a/docs/smbdotconf/logon/logonpath.xml +++ b/docs/smbdotconf/logon/logonpath.xml @@ -8,8 +8,7 @@ where roaming profiles (NTuser.dat etc files for Windows NT) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to - handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> - <parameter moreinfo="none">logon home</parameter></link> parameter.</para> + handle roaming profiles for Win 9X system, see the <smbconfoption name="logon home"/> parameter.</para> <para>This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine. It also diff --git a/docs/smbdotconf/logon/logonscript.xml b/docs/smbdotconf/logon/logonscript.xml index eb7bda66ee..847896e1ce 100644 --- a/docs/smbdotconf/logon/logonscript.xml +++ b/docs/smbdotconf/logon/logonscript.xml @@ -11,13 +11,13 @@ file is recommended.</para> <para>The script must be a relative path to the [netlogon] - service. If the [netlogon] service specifies a <link linkend="PATH"> - <parameter moreinfo="none">path</parameter></link> of <filename - moreinfo="none">/usr/local/samba/netlogon</filename>, and <command - moreinfo="none">logon script = STARTUP.BAT</command>, then - the file that will be downloaded is:</para> - - <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para> + service. If the [netlogon] service specifies a <smbconfoption name="path"/> of <filename + moreinfo="none">/usr/local/samba/netlogon</filename>, and <smbconfoption name="logon + script">STARTUP.BAT</smbconfoption>, then the file that will be downloaded is: + <screen> + /usr/local/samba/netlogon/STARTUP.BAT + </screen> + </para> <para>The contents of the batch file are entirely your choice. A suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET @@ -35,8 +35,7 @@ <para>This option takes the standard substitutions, allowing you to have separate logon scripts for each user or machine.</para> - <para>This option is only useful if Samba is set up as a logon - server.</para> + <para>This option is only useful if Samba is set up as a logon server.</para> </description> <value type="default"></value> <value type="example">scripts\%U.bat</value> diff --git a/docs/smbdotconf/misc/addsharecommand.xml b/docs/smbdotconf/misc/addsharecommand.xml index c1eecd5930..a351044e18 100644 --- a/docs/smbdotconf/misc/addsharecommand.xml +++ b/docs/smbdotconf/misc/addsharecommand.xml @@ -47,8 +47,7 @@ <para> This parameter is only used for add file shares. To add printer shares, - see the <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter - command</parameter></link>. + see the <smbconfoption name="addprinter command"/>. </para> </description> diff --git a/docs/smbdotconf/misc/defaultservice.xml b/docs/smbdotconf/misc/defaultservice.xml index f7a6c0234d..ca986d460a 100644 --- a/docs/smbdotconf/misc/defaultservice.xml +++ b/docs/smbdotconf/misc/defaultservice.xml @@ -14,14 +14,12 @@ parameter is not given, attempting to connect to a nonexistent service results in an error.</para> - <para>Typically the default service would be a <link linkend="GUESTOK"> - <parameter moreinfo="none">guest ok</parameter></link>, <link linkend="READONLY"> - <parameter moreinfo="none">read-only</parameter></link> service.</para> - - <para>Also note that the apparent service name will be changed - to equal that of the requested service, this is very useful as it - allows you to use macros like <parameter moreinfo="none">%S</parameter> to make - a wildcard service.</para> + <para> + Typically the default service would be a <smbconfoption name="guest ok"/>, <smbconfoption + name="read-only"/> service.</para> <para>Also note that the apparent service name will be changed to equal + that of the requested service, this is very useful as it allows you to use macros like <parameter + moreinfo="none">%S</parameter> to make a wildcard service. + </para> <para>Note also that any "_" characters in the name of the service used in the default service will get mapped to a "/". This allows for diff --git a/docs/smbdotconf/misc/deletesharecommand.xml b/docs/smbdotconf/misc/deletesharecommand.xml index 1489a4136d..1afce2fd24 100644 --- a/docs/smbdotconf/misc/deletesharecommand.xml +++ b/docs/smbdotconf/misc/deletesharecommand.xml @@ -35,8 +35,7 @@ <para> This parameter is only used to remove file shares. To delete printer shares, - see the <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none">deleteprinter - command</parameter></link>. + see the <smbconfoption name="deleteprinter command"/>. </para> </description> diff --git a/docs/smbdotconf/misc/homedirmap.xml b/docs/smbdotconf/misc/homedirmap.xml index 4e4e0d9fe5..3459928b58 100644 --- a/docs/smbdotconf/misc/homedirmap.xml +++ b/docs/smbdotconf/misc/homedirmap.xml @@ -4,8 +4,8 @@ advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>If<link linkend="NISHOMEDIR"><parameter moreinfo="none">nis homedir - </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle> + <para>If <smbconfoption name="nis homedir"/> is <constant>yes</constant>, + and <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> is also acting as a Win95/98 <parameter moreinfo="none">logon server</parameter> then this parameter specifies the NIS (or YP) map from which the server for the user's diff --git a/docs/smbdotconf/misc/lockdirectory.xml b/docs/smbdotconf/misc/lockdirectory.xml index a0abf8cf97..d96351a4fb 100644 --- a/docs/smbdotconf/misc/lockdirectory.xml +++ b/docs/smbdotconf/misc/lockdirectory.xml @@ -7,8 +7,8 @@ <description> <para>This option specifies the directory where lock files will be placed. The lock files are used to implement the - <link linkend="MAXCONNECTIONS"><parameter moreinfo="none">max connections</parameter> -</link> option.</para> + <smbconfoption name="max connections"/> option. + </para> </description> <value type="default">${prefix}/var/locks</value> diff --git a/docs/smbdotconf/misc/magicoutput.xml b/docs/smbdotconf/misc/magicoutput.xml index 1e41a9ff55..ed0cb0b21c 100644 --- a/docs/smbdotconf/misc/magicoutput.xml +++ b/docs/smbdotconf/misc/magicoutput.xml @@ -3,10 +3,11 @@ type="string" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter specifies the name of a file + <para> + This parameter specifies the name of a file which will contain output created by a magic script (see the - <link linkend="MAGICSCRIPT"><parameter moreinfo="none">magic script</parameter></link> - parameter below).</para> + <smbconfoption name="magic script"/> parameter below). + </para> <warning><para>If two clients use the same <parameter moreinfo="none">magic script </parameter> in the same directory the output file content diff --git a/docs/smbdotconf/misc/magicscript.xml b/docs/smbdotconf/misc/magicscript.xml index 143576e7bd..b621f00c38 100644 --- a/docs/smbdotconf/misc/magicscript.xml +++ b/docs/smbdotconf/misc/magicscript.xml @@ -13,8 +13,8 @@ of privilege and the file permissions allow the deletion.</para> <para>If the script generates output, output will be sent to - the file specified by the <link linkend="MAGICOUTPUT"><parameter moreinfo="none"> - magic output</parameter></link> parameter (see above).</para> + the file specified by the <smbconfoption name="magic output"/> + parameter (see above).</para> <para>Note that some shells are unable to interpret scripts containing CR/LF instead of CR as diff --git a/docs/smbdotconf/misc/nishomedir.xml b/docs/smbdotconf/misc/nishomedir.xml index a1bfd947b6..45c451197e 100644 --- a/docs/smbdotconf/misc/nishomedir.xml +++ b/docs/smbdotconf/misc/nishomedir.xml @@ -21,8 +21,8 @@ long as a Samba daemon is running on the home directory server, it will be mounted on the Samba client directly from the directory server. When Samba is returning the home share to the client, it - will consult the NIS map specified in <link linkend="HOMEDIRMAP"> - <parameter moreinfo="none">homedir map</parameter></link> and return the server + will consult the NIS map specified in + <smbconfoption name="homedir map"/> and return the server listed there.</para> <para>Note that for this option to work there must be a working diff --git a/docs/smbdotconf/misc/preexec.xml b/docs/smbdotconf/misc/preexec.xml index 001f9c2b42..6608c83050 100644 --- a/docs/smbdotconf/misc/preexec.xml +++ b/docs/smbdotconf/misc/preexec.xml @@ -12,13 +12,16 @@ message every time they log in. Maybe a message of the day? Here is an example:</para> - <para><command moreinfo="none">preexec = csh -c 'echo \"Welcome to %S!\" | /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> + <para> + <command moreinfo="none">preexec = csh -c 'echo \"Welcome to %S!\" | + /usr/local/samba/bin/smbclient -M %m -I %I' & </command> + </para> <para>Of course, this could get annoying after a while :-)</para> - <para>See also <link linkend="PREEXECCLOSE"><parameter moreinfo="none">preexec close</parameter></link> and <link - linkend="POSTEXEC"><parameter moreinfo="none">postexec - </parameter></link>.</para> + <para> + See also <smbconfoption name="preexec close"/> and <smbconfoption name="postexec"/>. + </para> </description> <value type="default"></value> diff --git a/docs/smbdotconf/misc/preexecclose.xml b/docs/smbdotconf/misc/preexecclose.xml index a557a58a36..c616ad7f07 100644 --- a/docs/smbdotconf/misc/preexecclose.xml +++ b/docs/smbdotconf/misc/preexecclose.xml @@ -5,8 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This boolean option controls whether a non-zero - return code from <link linkend="PREEXEC"><parameter moreinfo="none">preexec -</parameter></link> should close the service being connected to.</para> + return code from <smbconfoption name="preexec"/> should close the service being connected to.</para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/misc/preload.xml b/docs/smbdotconf/misc/preload.xml index 70b5b2968b..94905a67ef 100644 --- a/docs/smbdotconf/misc/preload.xml +++ b/docs/smbdotconf/misc/preload.xml @@ -10,9 +10,11 @@ for homes and printers services that would otherwise not be visible.</para> - <para>Note that if you just want all printers in your - printcap file loaded then the <link linkend="LOADPRINTERS"> - <parameter moreinfo="none">load printers</parameter></link> option is easier.</para> + <para> + Note that if you just want all printers in your + printcap file loaded then the <smbconfoption name="load printers"/> + option is easier. + </para> </description> <value type="default"></value> diff --git a/docs/smbdotconf/misc/remoteannounce.xml b/docs/smbdotconf/misc/remoteannounce.xml index 891790327d..fc46a46e89 100644 --- a/docs/smbdotconf/misc/remoteannounce.xml +++ b/docs/smbdotconf/misc/remoteannounce.xml @@ -21,14 +21,13 @@ <para>the above line would cause <command moreinfo="none">nmbd</command> to announce itself to the two given IP addresses using the given workgroup names. If you leave out the workgroup name then the one given in - the <link linkend="WORKGROUP"><parameter moreinfo="none">workgroup</parameter></link> - parameter is used instead.</para> + the <smbconfoption name="workgroup"/> parameter is used instead.</para> <para>The IP addresses you choose would normally be the broadcast addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable.</para> -<para>See <link linkend="NetworkBrowsing"/>.</para> +<para>See <smbconfoption name="NetworkBrowsing"/>.</para> </description> <value type="default"></value> diff --git a/docs/smbdotconf/printing/cupsoptions.xml b/docs/smbdotconf/printing/cupsoptions.xml index ce3eb83c7e..6bb3782dc3 100644 --- a/docs/smbdotconf/printing/cupsoptions.xml +++ b/docs/smbdotconf/printing/cupsoptions.xml @@ -4,8 +4,8 @@ print="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter is only applicable if <link - linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link> is + <para> + This parameter is only applicable if <smbconfoption name="printing"/> is set to <constant>cups</constant>. Its value is a free form string of options passed directly to the cups library. </para> diff --git a/docs/smbdotconf/printing/cupsserver.xml b/docs/smbdotconf/printing/cupsserver.xml index ecd2958e61..045d260277 100644 --- a/docs/smbdotconf/printing/cupsserver.xml +++ b/docs/smbdotconf/printing/cupsserver.xml @@ -4,9 +4,7 @@ print="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter is only applicable if <link - linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link> is - set to <constant>cups</constant>. + <para>This parameter is only applicable if <smbconfoption name="printing"/> is set to <constant>cups</constant>. </para> <para>If set, this option overrides the ServerName option in the CUPS diff --git a/docs/smbdotconf/printing/defaultdevmode.xml b/docs/smbdotconf/printing/defaultdevmode.xml index 971c507e5a..fba5b898bb 100644 --- a/docs/smbdotconf/printing/defaultdevmode.xml +++ b/docs/smbdotconf/printing/defaultdevmode.xml @@ -4,7 +4,7 @@ print="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. + <para>This parameter is only applicable to <smbconfoption name="printable"/> services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba server has a Device Mode which defines things such as paper size and orientation and duplex settings. The device mode can only correctly be diff --git a/docs/smbdotconf/printing/deleteprintercommand.xml b/docs/smbdotconf/printing/deleteprintercommand.xml index ed24ff4048..1f9a91656d 100644 --- a/docs/smbdotconf/printing/deleteprintercommand.xml +++ b/docs/smbdotconf/printing/deleteprintercommand.xml @@ -10,17 +10,17 @@ DeletePrinter() RPC call.</para> <para>For a Samba host this means that the printer must be - physically deleted from underlying printing system. The <parameter moreinfo="none"> - deleteprinter command</parameter> defines a script to be run which + physically deleted from underlying printing system. The + <smbconfoption name="deleteprinter command"/> defines a script to be run which will perform the necessary operations for removing the printer from the print system and from <filename moreinfo="none">smb.conf</filename>. </para> - <para>The <parameter moreinfo="none">deleteprinter command</parameter> is - automatically called with only one parameter: <parameter moreinfo="none"> - "printer name"</parameter>.</para> + <para>The <smbcomfoption name="deleteprinter command"/> is + automatically called with only one parameter: <smbconfoption name="printer name"/>. + </para> - <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has + <para>Once the <smbconfoption name="deleteprinter command"/> has been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> smb.conf</filename> to associated printer no longer exists. If the sharename is still valid, then <command moreinfo="none">smbd diff --git a/docs/smbdotconf/printing/loadprinters.xml b/docs/smbdotconf/printing/loadprinters.xml index 63b110dadf..b136505009 100644 --- a/docs/smbdotconf/printing/loadprinters.xml +++ b/docs/smbdotconf/printing/loadprinters.xml @@ -6,7 +6,7 @@ <description> <para>A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. - See the <link linkend="PRINTERSSECT">printers</link> section for + See the <smbconfoption name="printers"/> section for more details.</para> </description> diff --git a/docs/smbdotconf/printing/lpresumecommand.xml b/docs/smbdotconf/printing/lpresumecommand.xml index 4a703057de..dc807f1f71 100644 --- a/docs/smbdotconf/printing/lpresumecommand.xml +++ b/docs/smbdotconf/printing/lpresumecommand.xml @@ -10,8 +10,7 @@ <para>This command should be a program or script which takes a printer name and job number to resume the print job. See - also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command - </parameter></link> parameter.</para> + also the <smbconfoption name="lppause command"/> parameter.</para> <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with @@ -21,8 +20,7 @@ in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not be available to the server.</para> - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> + <para>See also the <smbconfoption name="printing"/> parameter.</para> <para>Default: Currently no default value is given to this string, unless the value of the <parameter moreinfo="none">printing</parameter> diff --git a/docs/smbdotconf/printing/os2drivermap.xml b/docs/smbdotconf/printing/os2drivermap.xml index ac49babd40..d646071e3a 100644 --- a/docs/smbdotconf/printing/os2drivermap.xml +++ b/docs/smbdotconf/printing/os2drivermap.xml @@ -15,7 +15,7 @@ LaserJet 5L</command>.</para> <para>The need for the file is due to the printer driver namespace - problem described in <link linkend="printing"/>. For more details on OS/2 clients, please + problem described in <link linkend="classicalprinting"/>. For more details on OS/2 clients, please refer to <link linkend="Other-Clients"/>.</para> </description> <value type="default"/> diff --git a/docs/smbdotconf/printing/printable.xml b/docs/smbdotconf/printing/printable.xml index b8991ae9ad..73aa533ed3 100644 --- a/docs/smbdotconf/printing/printable.xml +++ b/docs/smbdotconf/printing/printable.xml @@ -11,8 +11,7 @@ <para>Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling - of print data. The <link linkend="READONLY"><parameter moreinfo="none">read only - </parameter></link> parameter controls only non-printing access to + of print data. The <smbconfoption name="read only"/> parameter controls only non-printing access to the resource.</para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/printing/printcapname.xml b/docs/smbdotconf/printing/printcapname.xml index c0d228896e..7ade8881b6 100644 --- a/docs/smbdotconf/printing/printcapname.xml +++ b/docs/smbdotconf/printing/printcapname.xml @@ -13,7 +13,7 @@ <para>To use the CUPS printing interface set <command moreinfo="none">printcap name = cups </command>. This should be supplemented by an addtional setting - <link linkend="PRINTING">printing = cups</link> in the [global] + <smbconfoption name="printing">cups</smbconfoption> in the [global] section. <command moreinfo="none">printcap name = cups</command> will use the "dummy" printcap created by CUPS, as specified in your CUPS configuration file. diff --git a/docs/smbdotconf/printing/printcommand.xml b/docs/smbdotconf/printing/printcommand.xml index e17fb7ae2f..461d6de8e3 100644 --- a/docs/smbdotconf/printing/printcommand.xml +++ b/docs/smbdotconf/printing/printcommand.xml @@ -47,8 +47,7 @@ <para>Note that printing may fail on some UNIXes from the <constant>nobody</constant> account. If this happens then create - an alternative guest account that can print and set the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link> + an alternative guest account that can print and set the <smbconfoption name="guest account"/> in the [global] section.</para> <para>You can form quite complex print commands by realizing @@ -61,8 +60,8 @@ <para>You may have to vary this command considerably depending on how you normally print files on your system. The default for - the parameter varies depending on the setting of the <link linkend="PRINTING"> - <parameter moreinfo="none">printing</parameter></link> parameter.</para> + the parameter varies depending on the setting of the <smbconfoption name="printing"/> + parameter.</para> <para>Default: For <command moreinfo="none">printing = BSD, AIX, QNX, LPRNG or PLP :</command></para> @@ -75,7 +74,7 @@ <para><command moreinfo="none">print command = lp -d%p -s %s; rm %s</command></para> <para>For printing = CUPS : If SAMBA is compiled against - libcups, then <link linkend="PRINTING">printcap = cups</link> + libcups, then <smbconfoption name="printcap">cups</smbconfoption> uses the CUPS API to submit jobs, etc. Otherwise it maps to the System V commands with the -oraw option for printing, i.e. it diff --git a/docs/smbdotconf/printing/printername.xml b/docs/smbdotconf/printing/printername.xml index ed55a9bb70..fad127cad1 100644 --- a/docs/smbdotconf/printing/printername.xml +++ b/docs/smbdotconf/printing/printername.xml @@ -5,14 +5,22 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <synonym>printer</synonym> <description> - <para>This parameter specifies the name of the printer - to which print jobs spooled through a printable service will be sent.</para> + <para> + This parameter specifies the name of the printer to which print jobs spooled through a printable service + will be sent. + </para> - <para>If specified in the [global] section, the printer - name given will be used for any printable service that does - not have its own printer name specified.</para> + <para> + If specified in the [global] section, the printer name given will be used for any printable service that + does not have its own printer name specified. + </para> + + <para> + The default value of the <smbconfoption name="printer name"/> may be <literal>lp</literal> on many + systems. + </para> </description> -<value type="default"><comment>none (but may be <constant>lp</constant> on many systems)</comment></value> +<value type="default">none</value> <value type="example">laserwriter</value> </samba:parameter> diff --git a/docs/smbdotconf/printing/queueresumecommand.xml b/docs/smbdotconf/printing/queueresumecommand.xml index 1a878c2098..f6593c2289 100644 --- a/docs/smbdotconf/printing/queueresumecommand.xml +++ b/docs/smbdotconf/printing/queueresumecommand.xml @@ -7,8 +7,7 @@ <para>This parameter specifies the command to be executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the - previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none"> - queuepause command</parameter></link>).</para> + previous parameter (<smbconfoption name="queuepause command"/>).</para> <para>This command should be a program or script which takes a printer name as its only parameter and resumes the printer queue, diff --git a/docs/smbdotconf/protocol/maxwinsttl.xml b/docs/smbdotconf/protocol/maxwinsttl.xml index 20461b7a49..09935cdd9b 100644 --- a/docs/smbdotconf/protocol/maxwinsttl.xml +++ b/docs/smbdotconf/protocol/maxwinsttl.xml @@ -5,8 +5,8 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT"> - <parameter moreinfo="none">wins support = yes</parameter></link>) what the maximum + <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server + (<smbconfoption name="wins support">yes</smbconfoption>) what the maximum 'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds).</para> diff --git a/docs/smbdotconf/protocol/minprotocol.xml b/docs/smbdotconf/protocol/minprotocol.xml index a1480756bd..0bec282467 100644 --- a/docs/smbdotconf/protocol/minprotocol.xml +++ b/docs/smbdotconf/protocol/minprotocol.xml @@ -6,15 +6,14 @@ <description> <para>The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer - to the <link linkend="MAXPROTOCOL"><parameter moreinfo="none">max protocol</parameter></link> + to the <smbconfoption name="max protocol"/> parameter for a list of valid protocol names and a brief description of each. You may also wish to refer to the C source code in <filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol dialects supported by clients.</para> <para>If you are viewing this parameter as a security measure, you should - also refer to the <link linkend="LANMANAUTH"><parameter moreinfo="none">lanman - auth</parameter></link> parameter. Otherwise, you should never need + also refer to the <smbconfoption name="lanman auth"/> parameter. Otherwise, you should never need to change this parameter.</para> </description> diff --git a/docs/smbdotconf/protocol/minwinsttl.xml b/docs/smbdotconf/protocol/minwinsttl.xml index 9c308d8b73..38fbd7b0eb 100644 --- a/docs/smbdotconf/protocol/minwinsttl.xml +++ b/docs/smbdotconf/protocol/minwinsttl.xml @@ -6,8 +6,7 @@ <description> <para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> - when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter moreinfo="none"> - wins support = yes</parameter></link>) what the minimum 'time to live' + when acting as a WINS server (<smbconfoption name="wins support">yes</smbconfoption>) what the minimum 'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in seconds). You should never need to change this parameter. The default is 6 hours (21600 seconds).</para> diff --git a/docs/smbdotconf/protocol/nameresolveorder.xml b/docs/smbdotconf/protocol/nameresolveorder.xml index a3637a3ee0..d8bbb39589 100644 --- a/docs/smbdotconf/protocol/nameresolveorder.xml +++ b/docs/smbdotconf/protocol/nameresolveorder.xml @@ -18,8 +18,8 @@ <listitem> <para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <ulink - noescape="1" url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + no name type attached to the NetBIOS name (see the <usmbconfoption + noescape="1" url="lmhosts.5.html">lmhosts(5)</usmbconfoption> for details) then any name type matches for lookup.</para> </listitem> @@ -37,14 +37,14 @@ <listitem> <para><constant>wins</constant> : Query a name with - the IP address listed in the <link linkend="WINSSERVER"><parameter moreinfo="none"> - wins server</parameter></link> parameter. If no WINS server has + the IP address listed in the <smbconfoption name="WINSSERVER"><parameter moreinfo="none"> + wins server</parameter></smbconfoption> parameter. If no WINS server has been specified this method will be ignored.</para> </listitem> <listitem> <para><constant>bcast</constant> : Do a broadcast on - each of the known local interfaces listed in the <link linkend="INTERFACES"><parameter moreinfo="none">interfaces</parameter></link> + each of the known local interfaces listed in the <smbconfoption name="interfaces"/> parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet.</para> diff --git a/docs/smbdotconf/security/adminusers.xml b/docs/smbdotconf/security/adminusers.xml index 6c2d8e8f72..d8f14b6d74 100644 --- a/docs/smbdotconf/security/adminusers.xml +++ b/docs/smbdotconf/security/adminusers.xml @@ -11,8 +11,7 @@ this list will be able to do anything they like on the share, irrespective of file permissions.</para> - <para>This parameter will not work with the <link linkend="SECURITY"> - <parameter moreinfo="none">security = share</parameter></link> in + <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in Samba 3.0. This is by design.</para> </description> diff --git a/docs/smbdotconf/security/allowtrusteddomains.xml b/docs/smbdotconf/security/allowtrusteddomains.xml index ad84513417..7bc5554550 100644 --- a/docs/smbdotconf/security/allowtrusteddomains.xml +++ b/docs/smbdotconf/security/allowtrusteddomains.xml @@ -4,8 +4,8 @@ advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This option only takes effect when the <link linkend="SECURITY"> - <parameter moreinfo="none">security</parameter></link> option is set to + <para> + This option only takes effect when the <smbconfoption name="security"/> option is set to <constant>server</constant>,<constant>domain</constant> or <constant>ads</constant>. If it is set to no, then attempts to connect to a resource from a domain or workgroup other than the one which smbd is running diff --git a/docs/smbdotconf/security/authmethods.xml b/docs/smbdotconf/security/authmethods.xml index 2eaf6a352b..6e6b88c519 100644 --- a/docs/smbdotconf/security/authmethods.xml +++ b/docs/smbdotconf/security/authmethods.xml @@ -4,12 +4,12 @@ basic="1" advanced="1" wizard="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This option allows the administrator to chose what - authentication methods <command moreinfo="none">smbd</command> will use when authenticating - a user. This option defaults to sensible values based on <link linkend="SECURITY"> - <parameter moreinfo="none">security</parameter></link>. This should be considered - a developer option and used only in rare circumstances. In the majority (if not all) - of production servers, the default setting should be adequate.</para> + <para> + This option allows the administrator to chose what authentication methods <command + moreinfo="none">smbd</command> will use when authenticating a user. This option defaults to sensible values + based on <smbconfoption name="security"/>. This should be considered a developer option and used only in rare + circumstances. In the majority (if not all) of production servers, the default setting should be adequate. + </para> <para>Each entry in the list attempts to authenticate the user in turn, until the user authenticates. In practice only one method will ever actually diff --git a/docs/smbdotconf/security/createmask.xml b/docs/smbdotconf/security/createmask.xml index 14b8253a87..7f9f93caaa 100644 --- a/docs/smbdotconf/security/createmask.xml +++ b/docs/smbdotconf/security/createmask.xml @@ -17,18 +17,15 @@ 'group' and 'other' write and execute bits from the UNIX modes.</para> <para>Following this Samba will bit-wise 'OR' the UNIX mode created - from this parameter with the value of the <link linkend="FORCECREATEMODE"> - <parameter moreinfo="none">force create mode</parameter></link> + from this parameter with the value of the <smbconfoption name="force create mode"/> parameter which is set to 000 by default.</para> <para>This parameter does not affect directory modes. See the - parameter <link linkend="DIRECTORYMODE"><parameter moreinfo="none">directory mode - </parameter></link> for details.</para> + parameter <smbconfoption name="directory mode"/> for details.</para> <para>Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link linkend="SECURITYMASK"> - <parameter moreinfo="none">security mask</parameter></link>.</para> + a mask on access control lists also, they need to set the <smbconfoption name="security mask"/>.</para> </description> <related>force create mode</related> diff --git a/docs/smbdotconf/security/directorymask.xml b/docs/smbdotconf/security/directorymask.xml index 8662b31e15..414239bcff 100644 --- a/docs/smbdotconf/security/directorymask.xml +++ b/docs/smbdotconf/security/directorymask.xml @@ -21,14 +21,12 @@ user who owns the directory to modify it.</para> <para>Following this Samba will bit-wise 'OR' the UNIX mode - created from this parameter with the value of the <link linkend="FORCEDIRECTORYMODE"> - <parameter moreinfo="none">force directory mode</parameter></link> parameter. + created from this parameter with the value of the <smbconfoption name="force directory mode"/> parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).</para> <para>Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link linkend="DIRECTORYSECURITYMASK"> - <parameter moreinfo="none">directory security mask</parameter></link>.</para> + a mask on access control lists also, they need to set the <smbconfoption name="directory security mask"/>.</para> </description> <related>force directory mode</related> diff --git a/docs/smbdotconf/security/encryptpasswords.xml b/docs/smbdotconf/security/encryptpasswords.xml index e3bc3f6dea..8d2b86cb8c 100644 --- a/docs/smbdotconf/security/encryptpasswords.xml +++ b/docs/smbdotconf/security/encryptpasswords.xml @@ -32,7 +32,7 @@ have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> program for information on how to set up - and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which + and maintain this file), or set the <smbconfoption name="security">[server|domain|ads]</smbconfoption> parameter which causes <command moreinfo="none">smbd</command> to authenticate against another server.</para> </description> diff --git a/docs/smbdotconf/security/forcegroup.xml b/docs/smbdotconf/security/forcegroup.xml index 2d8f5790d8..f6c9974f99 100644 --- a/docs/smbdotconf/security/forcegroup.xml +++ b/docs/smbdotconf/security/forcegroup.xml @@ -25,8 +25,8 @@ primary group assigned to sys when accessing this Samba share. All other users will retain their ordinary primary group.</para> - <para>If the <link linkend="FORCEUSER"><parameter moreinfo="none">force user</parameter> - </link> parameter is also set the group specified in + <para> + If the <smbconfoption name="force user"/> parameter is also set the group specified in <parameter moreinfo="none">force group</parameter> will override the primary group set in <parameter moreinfo="none">force user</parameter>.</para> diff --git a/docs/smbdotconf/security/guestaccount.xml b/docs/smbdotconf/security/guestaccount.xml index fd791c7423..8132835a82 100644 --- a/docs/smbdotconf/security/guestaccount.xml +++ b/docs/smbdotconf/security/guestaccount.xml @@ -5,8 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This is a username which will be used for access - to services which are specified as <link linkend="GUESTOK"><parameter moreinfo="none"> - guest ok</parameter></link> (see below). Whatever privileges this + to services which are specified as <smbconfoption name="guest ok"/> (see below). Whatever privileges this user has will be available to any client connecting to the guest service. This user must exist in the password file, but does not require a valid login. The user account "ftp" is often a good choice diff --git a/docs/smbdotconf/security/guestok.xml b/docs/smbdotconf/security/guestok.xml index f2e5f0adcd..7cbf4e50bb 100644 --- a/docs/smbdotconf/security/guestok.xml +++ b/docs/smbdotconf/security/guestok.xml @@ -7,15 +7,13 @@ <description> <para>If this parameter is <constant>yes</constant> for a service, then no password is required to connect to the service. - Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> - guest account</parameter></link>.</para> + Privileges will be those of the <smbconfoption name="guest account"/>.</para> <para>This paramater nullifies the benifits of setting - <link linkend="RESTRICTANONYMOUS"><parameter moreinfo="none">restrict - anonymous</parameter></link> = 2</para> + <smbconfoption name="restrict anonymous">2</smbconfoption> + </para> - <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link> for more information about this option. + <para>See the section below on <smbconfoption name="security"/> for more information about this option. </para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/security/guestonly.xml b/docs/smbdotconf/security/guestonly.xml index 9d70c16c3f..258eba9267 100644 --- a/docs/smbdotconf/security/guestonly.xml +++ b/docs/smbdotconf/security/guestonly.xml @@ -6,11 +6,9 @@ <description> <para>If this parameter is <constant>yes</constant> for a service, then only guest connections to the service are permitted. - This parameter will have no effect if <link linkend="GUESTOK"> - <parameter moreinfo="none">guest ok</parameter></link> is not set for the service.</para> + This parameter will have no effect if <smbconfoption name="guest ok"/> is not set for the service.</para> - <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link> for more information about this option. + <para>See the section below on <smbconfoption name="security"/> for more information about this option. </para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/security/hostsallow.xml b/docs/smbdotconf/security/hostsallow.xml index e71377a289..5e807daa68 100644 --- a/docs/smbdotconf/security/hostsallow.xml +++ b/docs/smbdotconf/security/hostsallow.xml @@ -24,8 +24,7 @@ be given here also.</para> <para>Note that the localhost address 127.0.0.1 will always - be allowed access unless specifically denied by a <link linkend="HOSTSDENY"> - <parameter moreinfo="none">hosts deny</parameter></link> option.</para> + be allowed access unless specifically denied by a <smbconfoption name="hosts deny"/> option.</para> <para>You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The diff --git a/docs/smbdotconf/security/hostsequiv.xml b/docs/smbdotconf/security/hostsequiv.xml index 014c75369a..db7cbaffc8 100644 --- a/docs/smbdotconf/security/hostsequiv.xml +++ b/docs/smbdotconf/security/hostsequiv.xml @@ -9,8 +9,7 @@ and users who will be allowed access without specifying a password. </para> - <para>This is not be confused with <link linkend="HOSTSALLOW"> - <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts + <para>This is not be confused with <smbconfoption name="hosts allow"/> which is about hosts access to services and is more useful for guest services. <parameter moreinfo="none"> hosts equiv</parameter> may be useful for NT clients which will not supply passwords to Samba.</para> diff --git a/docs/smbdotconf/security/inheritpermissions.xml b/docs/smbdotconf/security/inheritpermissions.xml index b6c774ab93..6e09f4f033 100644 --- a/docs/smbdotconf/security/inheritpermissions.xml +++ b/docs/smbdotconf/security/inheritpermissions.xml @@ -3,24 +3,20 @@ type="boolean" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>The permissions on new files and directories - are normally governed by <link linkend="CREATEMASK"><parameter moreinfo="none"> - create mask</parameter></link>, <link linkend="DIRECTORYMASK"> - <parameter moreinfo="none">directory mask</parameter></link>, <link linkend="FORCECREATEMODE"> - <parameter moreinfo="none">force create mode</parameter> - </link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force - directory mode</parameter></link> but the boolean inherit - permissions parameter overrides this.</para> + <para> + The permissions on new files and directories are normally governed by <smbconfoption name="create mask"/>, + <smbconfoption name="directory mask"/>, <smbconfoption name="force create mode"/> and <smbconfoption + name="force directory mode"/> but the boolean inherit permissions parameter overrides this. + </para> <para>New directories inherit the mode of the parent directory, including bits such as setgid.</para> - <para>New files inherit their read/write bits from the parent - directory. Their execute bits continue to be determined by - <link linkend="MAPARCHIVE"><parameter moreinfo="none">map archive</parameter> - </link>, <link linkend="MAPHIDDEN"><parameter moreinfo="none">map hidden</parameter> - </link> and <link linkend="MAPSYSTEM"><parameter moreinfo="none">map system</parameter> - </link> as usual.</para> + <para> + New files inherit their read/write bits from the parent directory. Their execute bits continue to be + determined by <smbconfoption name="map archive"/>, <smbconfoption name="map hidden"/> and <smbconfoption + name="map system"/> as usual. + </para> <para>Note that the setuid bit is <emphasis>never</emphasis> set via inheritance (the code explicitly prohibits this).</para> diff --git a/docs/smbdotconf/security/maptoguest.xml b/docs/smbdotconf/security/maptoguest.xml index 8993959073..52600a5dcc 100644 --- a/docs/smbdotconf/security/maptoguest.xml +++ b/docs/smbdotconf/security/maptoguest.xml @@ -4,8 +4,8 @@ advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This parameter is only useful in <link linkend="SECURITY"> - security</link> modes other than <parameter moreinfo="none">security = share</parameter> + <para>This parameter is only useful in <smbconfoption name="SECURITY"> + security</smbconfoption> modes other than <parameter moreinfo="none">security = share</parameter> - i.e. <constant>user</constant>, <constant>server</constant>, and <constant>domain</constant>.</para> @@ -27,14 +27,13 @@ <para><constant>Bad User</constant> - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and - mapped into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> - guest account</parameter></link>.</para> + mapped into the <smbconfoption name="guest account"/>.</para> </listitem> <listitem> <para><constant>Bad Password</constant> - Means user logins with an invalid password are treated as a guest login and mapped - into the <link linkend="GUESTACCOUNT">guest account</link>. Note that + into the <smbconfoption name="guest account"/>. Note that this can cause problems as it means that any user incorrectly typing their password will be silently logged on as "guest" - and will not know the reason they cannot access files they think diff --git a/docs/smbdotconf/security/obeypamrestrictions.xml b/docs/smbdotconf/security/obeypamrestrictions.xml index fd12e456b6..40777f4f5d 100644 --- a/docs/smbdotconf/security/obeypamrestrictions.xml +++ b/docs/smbdotconf/security/obeypamrestrictions.xml @@ -9,8 +9,8 @@ should obey PAM's account and session management directives. The default behavior is to use PAM for clear text authentication only and to ignore any account or session management. Note that Samba - always ignores PAM for authentication in the case of <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypt passwords = yes</parameter></link>. The reason + always ignores PAM for authentication in the case of <smbconfoption + name="encrypt passwords">yes</smbconfoption>. The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption. </para> diff --git a/docs/smbdotconf/security/onlyuser.xml b/docs/smbdotconf/security/onlyuser.xml index d94d3d523d..b1ef1b7606 100644 --- a/docs/smbdotconf/security/onlyuser.xml +++ b/docs/smbdotconf/security/onlyuser.xml @@ -9,8 +9,7 @@ client can supply a username to be used by the server. Enabling this parameter will force the server to only use the login names from the <parameter moreinfo="none">user</parameter> list and is only really - useful in <link linkend="SECURITYEQUALSSHARE">share level</link> - security.</para> + useful in <smbconfoption name="security">share</smbconfoption> level security.</para> <para>Note that this also means Samba won't try to deduce usernames from the service name. This can be annoying for diff --git a/docs/smbdotconf/security/pampasswordchange.xml b/docs/smbdotconf/security/pampasswordchange.xml index 22dc98d4e9..e5c04d405c 100644 --- a/docs/smbdotconf/security/pampasswordchange.xml +++ b/docs/smbdotconf/security/pampasswordchange.xml @@ -8,10 +8,9 @@ this parameter, it is possible to use PAM's password change control flag for Samba. If enabled, then PAM will be used for password changes when requested by an SMB client instead of the program listed in - <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter></link>. + <smbconfoption name="passwd program"/>. It should be possible to enable this without changing your - <link linkend="PASSWDCHAT"><parameter moreinfo="none">passwd chat</parameter></link> - parameter for most setups.</para> + <smbconfoption name="passwd chat"/> parameter for most setups.</para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/security/passdbbackend.xml b/docs/smbdotconf/security/passdbbackend.xml index 74f26b89ea..bbe1d13106 100644 --- a/docs/smbdotconf/security/passdbbackend.xml +++ b/docs/smbdotconf/security/passdbbackend.xml @@ -27,8 +27,7 @@ <listitem> <para><command moreinfo="none">tdbsam</command> - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter moreinfo="none">private dir</parameter></link> directory.</para> + in the <smbconfoption name="private dir"/> directory.</para> </listitem> <listitem> @@ -37,7 +36,7 @@ <command moreinfo="none">ldap://localhost</command>)</para> <para>LDAP connections should be secured where possible. This may be done using either - Start-TLS (see <link linkend="LDAPSSL"><parameter moreinfo="none">ldap ssl</parameter></link>) or by + Start-TLS (see <smbconfoption name="ldap ssl"/>) or by specifying <parameter moreinfo="none">ldaps://</parameter> in the URL argument. </para> diff --git a/docs/smbdotconf/security/passwdchat.xml b/docs/smbdotconf/security/passwdchat.xml index f3a7395710..32ae5b3033 100644 --- a/docs/smbdotconf/security/passwdchat.xml +++ b/docs/smbdotconf/security/passwdchat.xml @@ -10,22 +10,20 @@ program to change the user's password. The string describes a sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the - <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter> - </link> and what to expect back. If the expected output is not + <smbconfoption name="passwd program"/> and what to expect back. If the expected output is not received then the password is not changed.</para> <para>This chat sequence is often quite site specific, depending on what local methods are used for password control (such as NIS etc).</para> - <para>Note that this parameter only is only used if the <link - linkend="UNIXPASSWORDSYNC"> <parameter moreinfo="none">unix password sync</parameter> - </link> parameter is set to <constant>yes</constant>. This sequence is + <para>Note that this parameter only is only used if the <smbconfoption + name="unix password sync"/> parameter is set to <constant>yes</constant>. This sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password in the smbpasswd file is being changed, without access to the old password cleartext. This means that root must be able to reset the user's password without knowing the text of the previous password. In the presence of - NIS/YP, this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must + NIS/YP, this means that the <smbconfoption name="passwd program"/> must be executed on the NIS master. </para> @@ -41,10 +39,9 @@ stop ".", then no string is sent. Similarly, if the expect string is a full stop then no string is expected.</para> - <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam - password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs - may be matched in any order, and success is determined by the PAM result, - not any particular output. The \n macro is ignored for PAM conversions. + <para>If the <smbconfoption name="pam password change"/> parameter is set to <constant>yes</constant>, the + chat pairs may be matched in any order, and success is determined by the PAM result, not any particular + output. The \n macro is ignored for PAM conversions. </para> </description> diff --git a/docs/smbdotconf/security/passwdchatdebug.xml b/docs/smbdotconf/security/passwdchatdebug.xml index 6211688eb7..78714ab8b5 100644 --- a/docs/smbdotconf/security/passwdchatdebug.xml +++ b/docs/smbdotconf/security/passwdchatdebug.xml @@ -9,13 +9,13 @@ strings passed to and received from the passwd chat are printed in the <citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> log with a - <link linkend="DEBUGLEVEL"><parameter moreinfo="none">debug level</parameter></link> + <smbconfoption name="debug level"/> of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the <command moreinfo="none">smbd</command> log. It is available to help Samba admins debug their <parameter moreinfo="none">passwd chat</parameter> scripts when calling the <parameter moreinfo="none">passwd program</parameter> and should be turned off after this has been done. This option has no effect if the - <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam password change</parameter></link> + <smbconfoption name="pam password change"/> paramter is set. This parameter is off by default.</para> </description> diff --git a/docs/smbdotconf/security/passwordlevel.xml b/docs/smbdotconf/security/passwordlevel.xml index 33a0f13e2a..1da11e406b 100644 --- a/docs/smbdotconf/security/passwordlevel.xml +++ b/docs/smbdotconf/security/passwordlevel.xml @@ -40,8 +40,7 @@ <para>This parameter is used only when using plain-text passwords. It is not at all used when encrypted passwords as in use (that is the default - since samba-3.0.0). Use this only when <link linkend="ENCRYPTPASSWORDS"> - encrypt passwords = No</link>.</para> + since samba-3.0.0). Use this only when <smbconfoption name="encrypt passwords">No</smbconfoption>.</para> </description> <value type="default">0</value> diff --git a/docs/smbdotconf/security/passwordserver.xml b/docs/smbdotconf/security/passwordserver.xml index 4836a17731..188cea88d1 100644 --- a/docs/smbdotconf/security/passwordserver.xml +++ b/docs/smbdotconf/security/passwordserver.xml @@ -20,8 +20,7 @@ connections.</para> <para>If parameter is a name, it is looked up using the - parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name - resolve order</parameter></link> and so may resolved + parameter <smbconfoption name="name resolve order"/> and so may resolved by any method and order described in that parameter.</para> <para>The password server must be a machine capable of using diff --git a/docs/smbdotconf/security/readlist.xml b/docs/smbdotconf/security/readlist.xml index 613758ec2a..df6b4f129b 100644 --- a/docs/smbdotconf/security/readlist.xml +++ b/docs/smbdotconf/security/readlist.xml @@ -3,16 +3,14 @@ type="list" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This is a list of users that are given read-only - access to a service. If the connecting user is in this list then - they will not be given write access, no matter what the <link linkend="READONLY"> - <parameter moreinfo="none">read only</parameter></link> - option is set to. The list can include group names using the - syntax described in the <link linkend="INVALIDUSERS"><parameter moreinfo="none"> - invalid users</parameter></link> parameter.</para> + <para> + This is a list of users that are given read-only access to a service. If the connecting user is in this list + then they will not be given write access, no matter what the <smbconfoption name="read only"/> option is set + to. The list can include group names using the syntax described in the <smbconfoption name="invalid users"/> + parameter. + </para> - <para>This parameter will not work with the <link linkend="SECURITY"> - <parameter moreinfo="none">security = share</parameter></link> in + <para>This parameter will not work with the <smbconfoption name="security">share</smbconfoption> in Samba 3.0. This is by design.</para> </description> diff --git a/docs/smbdotconf/security/readonly.xml b/docs/smbdotconf/security/readonly.xml index 686b28aede..6e1f6dd2b8 100644 --- a/docs/smbdotconf/security/readonly.xml +++ b/docs/smbdotconf/security/readonly.xml @@ -4,8 +4,7 @@ basic="1" advanced="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>An inverted synonym is <link linkend="WRITEABLE"> - <parameter moreinfo="none">writeable</parameter></link>.</para> + <para>An inverted synonym is <smbconfoption name="writeable"/>.</para> <para>If this parameter is <constant>yes</constant>, then users of a service may not create or modify files in the service's diff --git a/docs/smbdotconf/security/restrictanonymous.xml b/docs/smbdotconf/security/restrictanonymous.xml index a7aaa31b0b..2a45ef1561 100644 --- a/docs/smbdotconf/security/restrictanonymous.xml +++ b/docs/smbdotconf/security/restrictanonymous.xml @@ -29,8 +29,7 @@ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ <note> <para> The security advantage of using restrict anonymous = 2 is removed - by setting <link linkend="GUESTOK"><parameter moreinfo="none">guest - ok</parameter> = yes</link> on any share. + by setting <smbconfoption name="guest ok">yes</smbconfoption> on any share. </para> </note> </description> diff --git a/docs/smbdotconf/security/rootdirectory.xml b/docs/smbdotconf/security/rootdirectory.xml index ed894d57cb..8736598001 100644 --- a/docs/smbdotconf/security/rootdirectory.xml +++ b/docs/smbdotconf/security/rootdirectory.xml @@ -12,9 +12,8 @@ server will deny access to files not in one of the service entries. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use ".." in file names - to access other directories (depending on the setting of the <link linkend="WIDELINKS"> - <parameter moreinfo="none">wide links</parameter></link> - parameter). + to access other directories (depending on the setting of the + <smbconfoption name="wide smbconfoptions"/> parameter). </para> <para>Adding a <parameter moreinfo="none">root directory</parameter> entry other diff --git a/docs/smbdotconf/security/security.xml b/docs/smbdotconf/security/security.xml index fe5cf5404f..226d1c1270 100644 --- a/docs/smbdotconf/security/security.xml +++ b/docs/smbdotconf/security/security.xml @@ -47,13 +47,11 @@ want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. It is more difficult to setup guest shares with <command moreinfo="none">security = user</command>, see - the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link>parameter for details.</para> + the <smbconfoption name="map to guest"/>parameter for details.</para> <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis> hybrid mode</emphasis> where it is offers both user and share - level security under different <link linkend="NETBIOSALIASES"> - <parameter moreinfo="none">NetBIOS aliases</parameter></link>. </para> + level security under different <smbconfoption name="NetBIOS aliases"/>. </para> <para>The different settings will now be explained.</para> @@ -83,17 +81,14 @@ <itemizedlist> <listitem> - <para>If the <link linkend="GUESTONLY"><parameter moreinfo="none">guest - only</parameter></link> parameter is set, then all the other - stages are missed and only the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link> username is checked. + <para>If the <smbconfoption name="guest only"/> parameter is set, then all the other + stages are missed and only the <smbconfoption name="guest account"/> username is checked. </para> </listitem> <listitem> <para>Is a username is sent with the share connection - request, then this username (after mapping - see <link linkend="USERNAMEMAP"> - <parameter moreinfo="none">username map</parameter></link>), + request, then this username (after mapping - see <smbconfoption name="username map"/>), is added as a potential username. </para> </listitem> @@ -118,8 +113,7 @@ </listitem> <listitem> - <para>Any users on the <link linkend="USER"><parameter moreinfo="none"> - user</parameter></link> list are added as potential usernames. + <para>Any users on the <smbconfoption name="user"/> list are added as potential usernames. </para> </listitem> </itemizedlist> @@ -145,13 +139,10 @@ <para>This is the default security setting in Samba 3.0. With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the <link linkend="USERNAMEMAP"> - <parameter moreinfo="none">username map</parameter></link> - parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter></link> parameter) can also - be used in this security mode. Parameters such as <link linkend="USER"> - <parameter moreinfo="none">user</parameter></link> and <link linkend="GUESTONLY"> - <parameter moreinfo="none">guest only</parameter></link> if set are then applied and + valid username and password (which can be mapped using the <smbconfoption name="username map"/> + parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also + be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption + name="guest only"/> if set are then applied and may change the UNIX user to use on this connection, but only after the user has been successfully authenticated.</para> @@ -159,21 +150,17 @@ requested is <emphasis>not</emphasis> sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> + the server to automatically map unknown users into the <smbconfoption name="guest account"/>. + See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> + <para>See also the section <link linkend="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN</emphasis></para> <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> <manvolnum>8</manvolnum></citerefentry> has been used to add this - machine into a Windows NT Domain. It expects the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter to be set to <constant>yes</constant>. In this + machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/> + parameter to be set to <constant>yes</constant>. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do.</para> @@ -192,31 +179,26 @@ requested is <emphasis>not</emphasis> sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> + the server to automatically map unknown users into the <smbconfoption name="guest account"/>. + See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password - server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter.</para> + <para>See also the <smbconfoption name="password server"/> parameter and + the <smbconfoption name="encrypted passwords"/> parameter.</para> <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER</emphasis></para> - <para>In this mode Samba will try to validate the username/password - by passing it to another SMB server, such as an NT box. If this - fails it will revert to <command moreinfo="none">security = - user</command>. It expects the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter></link> parameter - to be set to <constant>yes</constant>, unless the remote server - does not support them. However note that if encrypted passwords have been - negotiated then Samba cannot revert back to checking the UNIX password file, - it must have a valid <filename moreinfo="none">smbpasswd</filename> file to check - users against. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up.</para> + <para> + In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an + NT box. If this fails it will revert to <command moreinfo="none">security = user</command>. It expects the + <smbconfoption name="encrypted passwords"/> parameter to be set to <constant>yes</constant>, unless the remote + server does not support them. However note that if encrypted passwords have been negotiated then Samba cannot + revert back to checking the UNIX password file, it must have a valid <filename + moreinfo="none">smbpasswd</filename> file to check users against. See the chapter about the User Database in + the Samba HOWTO Collection for details on how to set this up. +</para> <note><para>This mode of operation has significant pitfalls, due to the fact that is activly initiates a @@ -238,17 +220,14 @@ requested is <emphasis>not</emphasis> sent to the server until after the server has successfully authenticated the client. This is why guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> + the server to automatically map unknown users into the <smbconfoption name="guest account"/>. + See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para> <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password - server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter></link> parameter.</para> + <para>See also the <smbconfoption name="password server"/> parameter and the + <smbconfoption name="encrypted passwords"/> parameter.</para> <para><anchor id="SECURITYEQUALSADS"/><emphasis>SECURITY = ADS</emphasis></para> diff --git a/docs/smbdotconf/security/serverschannel.xml b/docs/smbdotconf/security/serverschannel.xml index 0f264a0f7d..6317448fb6 100644 --- a/docs/smbdotconf/security/serverschannel.xml +++ b/docs/smbdotconf/security/serverschannel.xml @@ -4,20 +4,18 @@ basic="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This controls whether the server offers or even - demands the use of the netlogon schannel. - <parameter>server schannel = no</parameter> does not - offer the schannel, <parameter>server schannel = - auto</parameter> offers the schannel but does not - enforce it, and <parameter>server schannel = - yes</parameter> denies access if the client is not - able to speak netlogon schannel. This is only the case - for Windows NT4 before SP4.</para> + <para> + This controls whether the server offers or even demands the use of the netlogon schannel. + <smbconfoption name="server schannel">no</smbconfoption> does not offer the schannel, <smbconfoption + name="server schannel">auto</smbconfoption> offers the schannel but does not enforce it, and <smbconfoption + name="server schannel">yes</smbconfoption> denies access if the client is not able to speak netlogon schannel. + This is only the case for Windows NT4 before SP4. + </para> - <para>Please note that with this set to - <parameter>no</parameter> you will have to apply the - WindowsXP requireSignOrSeal-Registry patch found in - the docs/Registry subdirectory.</para> + <para> + Please note that with this set to <literal>no</literal> you will have to apply the WindowsXP + <filename>WinXP_SignOrSeal.reg</filename> registry patch found in the docs/registry subdirectory of the Samba distribution tarball. + </para> </description> <value type="default">auto</value> diff --git a/docs/smbdotconf/security/updateencrypted.xml b/docs/smbdotconf/security/updateencrypted.xml index 7042a11678..da493665cf 100644 --- a/docs/smbdotconf/security/updateencrypted.xml +++ b/docs/smbdotconf/security/updateencrypted.xml @@ -5,29 +5,29 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This boolean parameter allows a user logging on with - a plaintext password to have their encrypted (hashed) password in - the smbpasswd file to be updated automatically as they log - on. This option allows a site to migrate from plaintext - password authentication (users authenticate with plaintext - password over the wire, and are checked against a UNIX account - database) to encrypted password authentication (the SMB - challenge/response authentication mechanism) without forcing all - users to re-enter their passwords via smbpasswd at the time the - change is made. This is a convenience option to allow the change - over to encrypted passwords to be made over a longer period. - Once all users have encrypted representations of their passwords - in the smbpasswd file this parameter should be set to - <constant>no</constant>.</para> + <para> + This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) + password in the smbpasswd file to be updated automatically as they log on. This option allows a site to + migrate from plaintext password authentication (users authenticate with plaintext password over the + wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB + challenge/response authentication mechanism) without forcing all users to re-enter their passwords via + smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted + passwords to be made over a longer period. Once all users have encrypted representations of their passwords + in the smbpasswd file this parameter should be set to <constant>no</constant>. + </para> - <para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypt passwords</parameter></link> parameter must - be set to <constant>no</constant> when this parameter is set to <constant>yes</constant>.</para> + <para> + In order for this parameter to be operative the <smbconfoption name="encrypt passwords"/> parameter must + be set to <constant>no</constant>. The default value of <smbconfoption name="encrypt + passwords">Yes</smbconfoption>. Note: This must be set to <constant>no</constant> for this <smbconfoption + name="update encrypted"/> to work. + </para> - <para>Note that even when this parameter is set a user - authenticating to <command moreinfo="none">smbd</command> must still enter a valid - password in order to connect correctly, and to update their hashed - (smbpasswd) passwords.</para> + <para> + Note that even when this parameter is set a user authenticating to <command moreinfo="none">smbd</command> + must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) + passwords. + </para> </description> <value type="default">no</value> diff --git a/docs/smbdotconf/security/username.xml b/docs/smbdotconf/security/username.xml index 9a6d83ae71..3a45d4d72f 100644 --- a/docs/smbdotconf/security/username.xml +++ b/docs/smbdotconf/security/username.xml @@ -32,8 +32,7 @@ so they cannot do anything that user cannot do.</para> <para>To restrict a service to a particular set of users you - can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users - </parameter></link> parameter.</para> + can use the <smbconfoption name="valid users"/> parameter.</para> <para>If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba @@ -54,9 +53,9 @@ quite some time, and some clients may time out during the search.</para> - <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</link> for more information on how -this parameter determines access to the services.</para> + <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT + USERNAME/PASSWORD VALIDATION</link> for more information on how + this parameter determines access to the services.</para> </description> <value type="default"><comment>The guest account if a guest service, diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml index 1c76d31711..ef4291733e 100644 --- a/docs/smbdotconf/security/usernamemap.xml +++ b/docs/smbdotconf/security/usernamemap.xml @@ -75,8 +75,7 @@ guest = * will actually be connecting to \\server\mary and will need to supply a password suitable for <constant>mary</constant> not <constant>fred</constant>. The only exception to this is the - username passed to the <link linkend="PASSWORDSERVER"><parameter moreinfo="none"> - password server</parameter></link> (if you have one). The password + username passed to the <smbconfoption name="password server"/> (if you have one). The password server will receive whatever username the client supplies without modification.</para> diff --git a/docs/smbdotconf/security/writeable.xml b/docs/smbdotconf/security/writeable.xml index 1bb0e41810..f811c47e5c 100644 --- a/docs/smbdotconf/security/writeable.xml +++ b/docs/smbdotconf/security/writeable.xml @@ -4,7 +4,6 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <synonym>writable</synonym> <description> - <para>Inverted synonym for <link linkend="READONLY"> - <parameter moreinfo="none">read only</parameter></link>.</para> + <para>Inverted synonym for <smbconfoption name="read only"/>.</para> </description> </samba:parameter> diff --git a/docs/smbdotconf/tuning/getwdcache.xml b/docs/smbdotconf/tuning/getwdcache.xml index cac8dba47b..74d30c28e5 100644 --- a/docs/smbdotconf/tuning/getwdcache.xml +++ b/docs/smbdotconf/tuning/getwdcache.xml @@ -6,8 +6,7 @@ <para>This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially - when the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter> -</link> parameter is set to <constant>no</constant>.</para> + when the <smbconfoption name="wide smbconfoptions"/> parameter is set to <constant>no</constant>.</para> </description> <value type="default">yes</value> diff --git a/docs/smbdotconf/tuning/keepalive.xml b/docs/smbdotconf/tuning/keepalive.xml index 5648253478..0586365512 100644 --- a/docs/smbdotconf/tuning/keepalive.xml +++ b/docs/smbdotconf/tuning/keepalive.xml @@ -11,8 +11,7 @@ a client is still present and responding.</para> <para>Keepalives should, in general, not be needed if the socket - has the SO_KEEPALIVE attribute set on it by default. (see <link linkend="SOCKETOPTIONS"> - <parameter moreinfo="none">socket options</parameter></link>). + has the SO_KEEPALIVE attribute set on it by default. (see <smbconfoption name="socket options"/>). Basically you should only use this option if you strike difficulties.</para> </description> diff --git a/docs/smbdotconf/tuning/maxconnections.xml b/docs/smbdotconf/tuning/maxconnections.xml index ac014100ea..1e3043b2f7 100644 --- a/docs/smbdotconf/tuning/maxconnections.xml +++ b/docs/smbdotconf/tuning/maxconnections.xml @@ -9,8 +9,7 @@ of zero mean an unlimited number of connections may be made.</para> <para>Record lock files are used to implement this feature. The lock files will be stored in - the directory specified by the <link linkend="LOCKDIRECTORY"> - <parameter moreinfo="none">lock directory</parameter></link> option.</para> + the directory specified by the <smbconfoption name="lock directory"/> option.</para> </description> <value type="default">0</value> diff --git a/docs/smbdotconf/vfs/hostmsdfs.xml b/docs/smbdotconf/vfs/hostmsdfs.xml index f941621a6c..877daac998 100644 --- a/docs/smbdotconf/vfs/hostmsdfs.xml +++ b/docs/smbdotconf/vfs/hostmsdfs.xml @@ -8,8 +8,7 @@ server, and allow Dfs-aware clients to browse Dfs trees hosted on the server.</para> - <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none"> - msdfs root</parameter></link> share level parameter. For + <para>See also the <smbconfoption name="msdfs root"/> share level parameter. For more information on setting up a Dfs tree on Samba, refer to <link linkend="msdfs"/>. </para> diff --git a/docs/smbdotconf/vfs/msdfsproxy.xml b/docs/smbdotconf/vfs/msdfsproxy.xml index 86e8175f06..5117bae224 100644 --- a/docs/smbdotconf/vfs/msdfsproxy.xml +++ b/docs/smbdotconf/vfs/msdfsproxy.xml @@ -10,8 +10,7 @@ the SMB-Dfs protocol.</para> <para>Only Dfs roots can act as proxy shares. Take a look at the - <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link> - and <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link> + <smbconfoption name="msdfs root"/> and <smbconfoption name="host msdfs"/> options to find out how to set up a Dfs root share.</para> </description> diff --git a/docs/smbdotconf/vfs/msdfsroot.xml b/docs/smbdotconf/vfs/msdfsroot.xml index 5fdaef5092..24b8884ffc 100644 --- a/docs/smbdotconf/vfs/msdfsroot.xml +++ b/docs/smbdotconf/vfs/msdfsroot.xml @@ -16,5 +16,5 @@ <related>host msdfs</related> <value type="default">no</value> - <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para> + <para>See also <smbconfoption name="host msdfs"/></para> </samba:parameter> |