diff options
Diffstat (limited to 'docs-xml')
| -rw-r--r-- | docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml | 16 | ||||
| -rw-r--r-- | docs-xml/manpages-3/ldbrename.1.xml | 3 | ||||
| -rw-r--r-- | docs-xml/manpages-3/net.8.xml | 14 | ||||
| -rw-r--r-- | docs-xml/manpages-3/wbinfo.1.xml | 13 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/ldap/ldapreffollow.xml | 21 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/protocol/sharefakefscaps.xml | 20 | ||||
| -rw-r--r-- | docs-xml/smbdotconf/security/lanmanauth.xml | 7 |
7 files changed, 80 insertions, 14 deletions
diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml index 33e2697bd3..b7eaa06b53 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml @@ -93,7 +93,6 @@ <indexterm><primary>idmap uid</primary></indexterm> <indexterm><primary>idmap gid</primary></indexterm> <indexterm><primary>idmap backend</primary></indexterm> -<indexterm><primary>LDAP</primary></indexterm> Winbind maintains a database called winbind_idmap.tdb in which it stores mappings between UNIX UIDs, GIDs, and NT SIDs. This mapping is used only for users and groups that do not have a local UID/GID. It stores the UID/GID @@ -210,7 +209,7 @@ Users on the UNIX machine can then use NT user and group names as they would <quote>native</quote> UNIX names. They can chown files so they are owned by NT domain users or even login to the - UNIX machine and run a UNIX X-Window session as a domain user.</para> + UNIX machine and run a UNIX X Window session as a domain user.</para> <para> <indexterm><primary>domain controller</primary></indexterm> @@ -571,7 +570,7 @@ is for you. <para> <indexterm><primary>PAM</primary></indexterm> <indexterm><primary>back up</primary></indexterm> -<indexterm><primary>boot disk`</primary></indexterm> +<indexterm><primary>boot disk</primary></indexterm> If you have a Samba configuration file that you are currently using, <emphasis>BACK IT UP!</emphasis> If your system already uses PAM, <emphasis>back up the <filename>/etc/pam.d</filename> directory contents!</emphasis> If you haven't already made a boot disk, <emphasis>MAKE ONE NOW!</emphasis> @@ -602,8 +601,8 @@ instructions on downloading the source code. <indexterm><primary>development libraries</primary></indexterm> To allow domain users the ability to access Samba shares and files, as well as potentially other services provided by your Samba machine, PAM must be set up properly on your -machine. In order to compile the Winbind modules, you should have at least the PAM development libraries installed -on your system. Please refer to the PAM Web site <ulink url="http://www.kernel.org/pub/linux/libs/pam/"/>. +machine. In order to compile the Winbind modules, the PAM development libraries should be installed +on your system. Please refer to the <ulink url="http://www.kernel.org/pub/linux/libs/pam/">PAM Web Site</ulink>. </para> </sect2> @@ -976,9 +975,6 @@ The same thing can be done for groups with the command: <indexterm><primary>/etc/init.d/smb</primary></indexterm> <indexterm><primary>/etc/init.d/samba</primary></indexterm> <indexterm><primary>/usr/local/samba/bin</primary></indexterm> -<indexterm><primary></primary></indexterm> -<indexterm><primary></primary></indexterm> -<indexterm><primary></primary></indexterm> The &winbindd; daemon needs to start up after the &smbd; and &nmbd; daemons are running. To accomplish this task, you need to modify the startup scripts of your system. They are located at <filename>/etc/init.d/smb</filename> in Red Hat Linux and in <filename>/etc/init.d/samba</filename> in Debian @@ -1119,7 +1115,7 @@ usually only starts smbd and nmbd but should now start winbindd, too. If you hav </programlisting></para> <para> -Again, if you would like to run Samba in dual daemon mode, replace: +Again, if you would like to run winbindd in dual daemon mode, replace: <programlisting> /usr/local/samba/sbin/winbindd </programlisting> @@ -1234,7 +1230,7 @@ pre-create the directories of users to make sure users can log in on UNIX with t <indexterm><primary>Winbind</primary></indexterm> <indexterm><primary>ftp access</primary></indexterm> The <filename>/etc/pam.d/ftp</filename> file can be changed to allow Winbind ftp access in a manner similar to -the samba file. My <filename>/etc/pam.d/ftp</filename> file was changed to look like this: +the <filename>/etc/pam.d/samba</filename>Samba file. My <filename>/etc/pam.d/ftp</filename> file was changed to look like this: <programlisting> auth required /lib/security/pam_listfile.so item=user sense=deny \ file=/etc/ftpusers onerr=succeed diff --git a/docs-xml/manpages-3/ldbrename.1.xml b/docs-xml/manpages-3/ldbrename.1.xml index 391ec84ccc..6a134f4268 100644 --- a/docs-xml/manpages-3/ldbrename.1.xml +++ b/docs-xml/manpages-3/ldbrename.1.xml @@ -5,6 +5,9 @@ <refmeta> <refentrytitle>ldbrename</refentrytitle> <manvolnum>1</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">User Commands</refmiscinfo> + <refmiscinfo class="version">3.6</refmiscinfo> </refmeta> diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 82fd7a57af..8ab33d58b0 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -748,6 +748,9 @@ such as domain name, domain sid and number of users and groups. <para>Add a interdomain trust account for <replaceable>DOMAIN</replaceable>. This is in fact a Samba account named <replaceable>DOMAIN$</replaceable> with the account flag <constant>'I'</constant> (interdomain trust account). +This is required for incoming trusts to work. It makes Samba be a +trusted domain of the foreign (trusting) domain. +Users of the Samba domain will be made available in the foreign domain. If the command is used against localhost it has the same effect as <command>smbpasswd -a -i DOMAIN</command>. Please note that both commands expect a appropriate UNIX account. @@ -769,8 +772,13 @@ it has the same effect as <command>smbpasswd -x DOMAIN$</command>. <title>RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable></title> <para> -Establish a trust relationship to a trusting domain. +Establish a trust relationship to a trusted domain. Interdomain account must already be created on the remote PDC. +This is required for outgoing trusts to work. It makes Samba be a +trusting domain of a foreign (trusted) domain. +Users of the foreign domain will be made available in our domain. +You'll need winbind and a working idmap config to make them +appear in your system. </para> </refsect3> @@ -784,7 +792,7 @@ Interdomain account must already be created on the remote PDC. <refsect3> <title>RPC TRUSTDOM LIST</title> -<para>List all current interdomain trust relationships.</para> +<para>List all interdomain trust relationships.</para> </refsect3> @@ -835,7 +843,7 @@ Force shutting down all applications. Timeout before system will be shut down. An interactive user of the system can use this time to cancel the shutdown. </para></listitem> -</varlistentry>'> +</varlistentry> <varlistentry> <term>-C message</term> diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml index 7803d1064f..d6628e7da9 100644 --- a/docs-xml/manpages-3/wbinfo.1.xml +++ b/docs-xml/manpages-3/wbinfo.1.xml @@ -23,6 +23,7 @@ <arg choice="opt">--all-domains</arg> <arg choice="opt">--allocate-gid</arg> <arg choice="opt">--allocate-uid</arg> + <arg choice="opt">-c</arg> <arg choice="opt">-D domain</arg> <arg choice="opt">--domain domain</arg> <arg choice="opt">-g</arg> @@ -111,6 +112,14 @@ </varlistentry> <varlistentry> + <term>-c|--change-secret</term> + <listitem><para>Change the trust account password. May be used + in conjunction with <option>domain</option> in order to change + interdomain trust account passwords. + </para></listitem> + </varlistentry> + + <varlistentry> <term>--domain <replaceable>name</replaceable></term> <listitem><para>This parameter sets the domain on which any specified operations will performed. If special domain name '.' is used to represent @@ -283,7 +292,9 @@ <term>-t|--check-secret</term> <listitem><para>Verify that the workstation trust account created when the Samba server is added to the Windows NT - domain is working. </para></listitem> + domain is working. May be used in conjunction with + <option>domain</option> in order to verify interdomain + trust accounts.</para></listitem> </varlistentry> <varlistentry> diff --git a/docs-xml/smbdotconf/ldap/ldapreffollow.xml b/docs-xml/smbdotconf/ldap/ldapreffollow.xml new file mode 100644 index 0000000000..f059f15f15 --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapreffollow.xml @@ -0,0 +1,21 @@ +<samba:parameter name="ldap ref follow" context="G" type="enum" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> + +<description> + + <para>This option controls whether to follow LDAP referrals or not when + searching for entries in the LDAP database. Possible values are + <emphasis>on</emphasis> to enable following referrals, + <emphasis>off</emphasis> to disable this, and + <emphasis>auto</emphasis>, to use the libldap default settings. + libldap's choice of following referrals or not is set in + /etc/openldap/ldap.conf with the REFERRALS parameter as documented in + ldap.conf(5).</para> + +</description> + +<value type="default">auto</value> +<value type="example">off</value> + +</samba:parameter> diff --git a/docs-xml/smbdotconf/protocol/sharefakefscaps.xml b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml new file mode 100644 index 0000000000..713b95bda7 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml @@ -0,0 +1,20 @@ +<samba:parameter name="share:fake_fscaps" + context="G" + type="string" + advanced="1" developer="0" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + + <para> + This is needed to support some special application that makes + QFSINFO calls to check whether we set the SPARSE_FILES bit + (0x40). If this bit is not set that particular application + refuses to work against + Samba. With <smbconfoption name="share:fake_fscaps">64</smbconfoption> + the SPARSE_FILES file system capability flag is set. Use other + decimal values to specify the bitmask you need to fake. + </para> + +</description> +<value type="default">0</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml index 4e68c5e03a..e055bd35f1 100644 --- a/docs-xml/smbdotconf/security/lanmanauth.xml +++ b/docs-xml/smbdotconf/security/lanmanauth.xml @@ -16,6 +16,13 @@ case-insensitive nature, and the choice of algorithm. Servers without Windows 95/98/ME or MS DOS clients are advised to disable this option. </para> + + <para>When this parameter is set to <value>no</value> this + will also result in sambaLMPassword in Samba's passdb being + blanked after the next password change. As a result of that + lanman clients won't be able to authenticate, even if lanman + auth is reenabled later on. + </para> <para>Unlike the <command moreinfo="none">encrypt passwords</command> option, this parameter cannot alter client |