diff options
-rw-r--r-- | docs/manpages/lmhosts.5 | 93 | ||||
-rw-r--r-- | docs/manpages/smbpasswd.5 | 210 |
2 files changed, 303 insertions, 0 deletions
diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 new file mode 100644 index 0000000000..cbdb4e55d2 --- /dev/null +++ b/docs/manpages/lmhosts.5 @@ -0,0 +1,93 @@ +.TH "lmhosts" "5" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +lmhosts \- The Samba NetBIOS hosts file +.PP +.SH "SYNOPSIS" +.PP +lmhosts is the \fBSamba\fP NetBIOS name to IP address mapping file\&. +.PP +.SH "DESCRIPTION" +.PP +This file is part of the \fBSamba\fP suite\&. +.PP +lmhosts is the \fBSamba\fP NetBIOS name to IP address mapping file\&. It +is very similar to the \fB/etc/hosts\fP file format, except that the +hostname component must correspond to the NetBIOS naming format\&. +.PP +.SH "FILE FORMAT" +.PP +It is an ASCII file containing one line for NetBIOS name\&. The two +fields on each line are separated from each other by white space\&. Any +entry beginning with # is ignored\&. Each line in the lmhosts file +contains the following information : +.PP +.IP +.IP o +\fBIP Address\fP - in dotted decimal format\&. +.IP +.IP o +\fBNetBIOS Name\fP - This name format is a maximum fifteen +character host name, with an optional trailing \f(CW\'#\'\fP character +followed by the NetBIOS name type as two hexadecimal digits\&. +.IP +If the trailing \f(CW\'#\'\fP is omitted then the given IP address will be +returned for all names that match the given name, whatever the NetBIOS +name type in the lookup\&. +.IP +.PP +An example follows : +.PP + +.DS + + + +# +# Sample Samba lmhosts file\&. +# +192\&.9\&.200\&.1 TESTPC +192\&.9\&.200\&.20 NTSERVER#20 +192\&.9\&.200\&.21 SAMBASERVER + +.DE + + +.PP +Contains three IP to NetBIOS name mappings\&. The first and third will +be returned for any queries for the names \f(CW"TESTPC"\fP and +\f(CW"SAMBASERVER"\fP respectively, whatever the type component of the +NetBIOS name requested\&. +.PP +The second mapping will be returned only when the \f(CW"0x20"\fP name type +for a name \f(CW"NTSERVER"\fP is queried\&. Any other name type will not be +resolved\&. +.PP +The default location of the \fBlmhosts\fP file is in the same directory +as the \fBsmb\&.conf\fP file\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmb\&.conf (5)\fP, +\fBsmbclient (1)\fP, +\fBsmbpasswd (8)\fP, \fBsamba (7)\fP\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 new file mode 100644 index 0000000000..88e3745711 --- /dev/null +++ b/docs/manpages/smbpasswd.5 @@ -0,0 +1,210 @@ +.TH "smbpasswd" "5" "23 Oct 1998" "Samba" "SAMBA" +.PP +.SH "NAME" +smbpasswd \- The Samba encrypted password file +.PP +.SH "SYNOPSIS" +.PP +smbpasswd is the \fBSamba\fP encrypted password file\&. +.PP +.SH "DESCRIPTION" +.PP +This file is part of the \fBSamba\fP suite\&. +.PP +smbpasswd is the \fBSamba\fP encrypted password file\&. It contains +the username, unix user id and the SMB hashed passwords of the +user, as well as account flag information and the time the password +was last changed\&. This file format has been evolving with Samba +and has had several different formats in the past\&. +.PP +.SH "FILE FORMAT" +.PP +The format of the smbpasswd file used by Samba 2\&.0 is very similar to +the familiar unix \fBpasswd (5)\fP file\&. It is an ASCII file containing +one line for each user\&. Each field within each line is separated from +the next by a colon\&. Any entry beginning with # is ignored\&. The +smbpasswd file contains the following information for each user: +.PP +.IP +.IP "\fBname\fP" +.br +.br +.IP +This is the user name\&. It must be a name that already exists +in the standard UNIX passwd file\&. +.IP +.IP "\fBuid\fP" +.br +.br +.IP +This is the UNIX uid\&. It must match the uid field for the same +user entry in the standard UNIX passwd file\&. +.IP +.IP "\fBLanman Password Hash\fP" +.br +.br +.IP +This is the \fILANMAN\fP hash of the users password, encoded as 32 hex +digits\&. The \fILANMAN\fP hash is created by DES encrypting a well known +string with the users password as the DES key\&. This is the same +password used by Windows 95/98 machines\&. Note that this password hash +is regarded as weak as it is vulnerable to dictionary attacks and if +two users choose the same password this entry will be identical (ie\&. +the password is not \fI"salted"\fP as the UNIX password is)\&. If the +user has a null password this field will contain the characters +\f(CW"NO PASSWORD"\fP as the start of the hex string\&. If the hex string +is equal to 32 \f(CW\'X\'\fP characters then the users account is marked as +\fIdisabled\fP and the user will not be able to log onto the Samba +server\&. +.IP +\fIWARNING !!\fP\&. Note that, due to the challenge-response nature of the +SMB/CIFS authentication protocol, anyone with a knowledge of this +password hash will be able to impersonate the user of the network\&. +For this reason these hashes are known as \fI"plain text equivalent"\fP +and must \fINOT\fP be made available to anyone but the root user\&. To +protect these passwords the \fBsmbpasswd\fP file is placed in a +directory with read and traverse access only to the root user and the +\fBsmbpasswd\fP file itself must be set to be read/write only by root, +with no other access\&. +.IP +.IP "\fBNT Password Hash\fP" +.br +.br +.IP +This is the \fIWindows NT\fP hash of the users password, encoded as 32 +hex digits\&. The \fIWindows NT\fP hash is created by taking the users +password as represented in 16-bit, little-endian UNICODE and then +applying the \fIMD4\fP (internet rfc1321) hashing algorithm to it\&. +.IP +This password hash is considered more secure than the \fBLanman +Password Hash\fP as it preserves the case of the +password and uses a much higher quality hashing algorithm\&. However, it +is still the case that if two users choose the same password this +entry will be identical (ie\&. the password is not \fI"salted"\fP as the +UNIX password is)\&. +.IP +\fIWARNING !!\fP\&. Note that, due to the challenge-response nature of the +SMB/CIFS authentication protocol, anyone with a knowledge of this +password hash will be able to impersonate the user of the network\&. +For this reason these hashes are known as \fI"plain text equivalent"\fP +and must \fINOT\fP be made available to anyone but the root user\&. To +protect these passwords the \fBsmbpasswd\fP file is placed in a +directory with read and traverse access only to the root user and the +\fBsmbpasswd\fP file itself must be set to be read/write only by root, +with no other access\&. +.IP +.IP "\fBAccount Flags\fP" +.br +.br +.IP +This section contains flags that describe the attributes of the users +account\&. In the \fBSamba2\&.0\fP release this field is bracketed by \f(CW\'[\'\fP +and \f(CW\']\'\fP characters and is always 13 characters in length (including +the \f(CW\'[\'\fP and \f(CW\']\'\fP characters)\&. The contents of this field may be +any of the characters\&. +.IP +.IP +.IP o +\fB\'U\'\fP This means this is a \fI"User"\fP account, ie\&. an ordinary +user\&. Only \fBUser\fP and \fBWorskstation Trust\fP accounts are +currently supported in the \fBsmbpasswd\fP file\&. +.IP +.IP o +\fB\'N\'\fP This means the account has \fIno\fP password (the passwords +in the fields \fBLanman Password Hash\fP and +\fBNT Password Hash\fP are ignored)\&. Note that this +will only allow users to log on with no password if the +\fBnull passwords\fP parameter is set +in the \fBsmb\&.conf (5)\fP config file\&. +.IP +.IP o +\fB\'D\'\fP This means the account is diabled and no SMB/CIFS logins +will be allowed for this user\&. +.IP +.IP o +\fB\'W\'\fP This means this account is a \fI"Workstation Trust"\fP account\&. +This kind of account is used in the Samba PDC code stream to allow Windows +NT Workstations and Servers to join a Domain hosted by a Samba PDC\&. +.IP +.IP +Other flags may be added as the code is extended in future\&. The rest of +this field space is filled in with spaces\&. +.IP +.IP "\fBLast Change Time\fP" +.br +.br +.IP +This field consists of the time the account was last modified\&. It consists of +the characters \f(CWLCT-\fP (standing for \fI"Last Change Time"\fP) followed by a numeric +encoding of the UNIX time in seconds since the epoch (1970) that the last change +was made\&. +.IP +.IP "\fBFollowing fields\fP" +.br +.br +.IP +All other colon separated fields are ignored at this time\&. +.IP +.PP +.SH "NOTES" +.PP +In previous versions of Samba (notably the 1\&.9\&.18 series) this file +did not contain the \fBAccount Flags\fP or +\fBLast Change Time\fP fields\&. The Samba 2\&.0 +code will read and write these older password files but will not be able to +modify the old entries to add the new fields\&. New entries added with +\fBsmbpasswd (8)\fP will contain the new fields +in the added accounts however\&. Thus an older \fBsmbpasswd\fP file used +with Samba 2\&.0 may end up with some accounts containing the new fields +and some not\&. +.PP +In order to convert from an old-style \fBsmbpasswd\fP file to a new +style, run the script \fBconvert_smbpasswd\fP, installed in the +Samba \f(CWbin/\fP directory (the same place that the \fBsmbd\fP +and \fBnmbd\fP binaries are installed) as follows: +.PP + +.DS + + + + cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file + + +.DE + + +.PP +The \fBconvert_smbpasswd\fP script reads from stdin and writes to stdout +so as not to overwrite any files by accident\&. +.PP +Once this script has been run, check the contents of the new smbpasswd +file to ensure that it has not been damaged by the conversion script +(which uses \fBawk\fP), and then replace the \f(CW<old smbpasswd file>\fP +with the \f(CW<new smbpasswd file>\fP\&. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2\&.0 of the Samba suite\&. +.PP +.SH "SEE ALSO" +.PP +\fBsmbpasswd (8)\fP, \fBsamba +(7)\fP, and the Internet RFC1321 for details on the MD4 +algorithm\&. +.PP +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by +Andrew Tridgell (samba-bugs@samba\&.anu\&.edu\&.au)\&. Samba is now developed +by the Samba Team as an Open Source project similar to the way the +Linux kernel is developed\&. +.PP +The original Samba man pages were written by Karl Auer\&. The man page +sources were converted to YODL format (another excellent piece of Open +Source software) and updated for the Samba2\&.0 release by Jeremy +Allison, \fIsamba-bugs@samba\&.anu\&.edu\&.au\fP\&. +.PP +See \fBsamba (7)\fP to find out how to get a full +list of contributors and details on how to submit bug reports, +comments etc\&. |