diff options
Diffstat (limited to 'docs/docbook/manpages')
| -rw-r--r-- | docs/docbook/manpages/make_smbcodepage.1.sgml | 8 | ||||
| -rw-r--r-- | docs/docbook/manpages/make_unicodemap.1.sgml | 172 | ||||
| -rw-r--r-- | docs/docbook/manpages/nmbd.8.sgml | 2 | ||||
| -rw-r--r-- | docs/docbook/manpages/rpcclient.1.sgml | 31 | ||||
| -rw-r--r-- | docs/docbook/manpages/smb.conf.5.sgml | 665 | ||||
| -rw-r--r-- | docs/docbook/manpages/smbcontrol.1.sgml | 2 | ||||
| -rw-r--r-- | docs/docbook/manpages/smbspool.8.sgml | 4 | ||||
| -rw-r--r-- | docs/docbook/manpages/smbstatus.1.sgml | 2 |
8 files changed, 642 insertions, 244 deletions
diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml index 8a58b8614d..a36f9b968c 100644 --- a/docs/docbook/manpages/make_smbcodepage.1.sgml +++ b/docs/docbook/manpages/make_smbcodepage.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="findsmb"> +<refentry id="make-smbcodepage"> <refmeta> <refentrytitle>make_smbcodepage</refentrytitle> @@ -56,11 +56,11 @@ <varlistentry> <term>inputfile</term> - <listitem><para>This is the input file to process. In t - he '<parameter>c</parameter>' case this will be a text + <listitem><para>This is the input file to process. In + the <parameter>c</parameter> case this will be a text codepage definition file such as the ones found in the Samba <filename>source/codepages</filename> directory. In - the '<parameter>d</parameter>' case this will be the + the <parameter>d</parameter> case this will be the binary format codepage definition file normally found in the <filename>lib/codepages</filename> directory in the Samba install directory path.</para></listitem> diff --git a/docs/docbook/manpages/make_unicodemap.1.sgml b/docs/docbook/manpages/make_unicodemap.1.sgml new file mode 100644 index 0000000000..50a5446d60 --- /dev/null +++ b/docs/docbook/manpages/make_unicodemap.1.sgml @@ -0,0 +1,172 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="make-unicodemap"> + +<refmeta> + <refentrytitle>make_unicodemap</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>make_unicodemap</refname> + <refpurpose>construct a unicode map file for Samba</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>make_unicodemap</command> + <arg choice="req">codepage</arg> + <arg choice="req">inputfile</arg> + <arg choice="req">outputfile</arg> + </cmdsynopsis> +</refsynopsisdiv> + + + +<refsect1> + <title>DESCRIPTION</title> + + <para> + This tool is part of the <ulink url="samba.7.html">Samba</ulink> + suite. + </para> + + <para> + <command>make_unicodemap</command> compiles text unicode map + files into binary unicodef map files for use with the + internationalization features of Samba 2.2. + </para> +</refsect1> + + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>codepage</term> + <listitem><para>This is the codepage or UNIX character + set we are processing (a number, e.g. 850). + </para></listitem> + </varlistentry> + + <varlistentry> + <term>inputfile</term> + <listitem><para>This is the input file to process. This is a + text unicode map file such as the ones found in the Samba + <filename>source/codepages</filename> directory. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>outputfile</term> + <listitem><para>This is the binary output file to produce. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>Samba Unicode Map Files</title> + + <para> + A text Samba unicode map file is a description that tells Samba + how to map characters from a specified DOS code page or UNIX character + set to 16 bit unicode. + </para> + + <para>A binary Samba unicode map file is a binary representation + of the same information, including a value that specifies what + codepage or UNIX character set this file is describing. + </para> +</refsect1> + +<refsect1> + <title>Files</title> + + <para><filename>CP<codepage>.TXT</filename></para> + + <para> + These are the input (text) unicode map files provided + in the Samba <filename>source/codepages</filename> + directory. + </para> + + <para> + A text unicode map file consists of multiple lines + containing two fields. These fields are : + </para> + + <itemizedlist> + <listitem><para><parameter>character</parameter> - which is + the (hex) character mapped on this line. + </para></listitem> + + <listitem><para><parameter>unicode</parameter> - which + is the (hex) 16 bit unicode character that the character + will map to. + </para></listitem> + </itemizedlist> + + <para> + <filename>unicode_map.<codepage></filename> - These are + the output (binary) unicode map files produced and placed in + the Samba destination <filename>lib/codepage</filename> + directory. + </para> +</refsect1> + + +<refsect1> + <title>Installation</title> + + <para> + The location of the server and its support files is a matter + for individual system administrators. The following are thus + suggestions only. + </para> + + <para> + It is recommended that the <command>make_unicodemap</command> + program be installed under the + <filename>$prefix/samba</filename> hierarchy, + in a directory readable by all, writeable only by root. The + program itself should be executable by all. The program + should NOT be setuid or setgid! + </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index 5194b1072b..8db2749bfa 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -37,7 +37,7 @@ <para><command>nmbd</command> is a server that understands and can reply to NetBIOS over IP name service requests, like - those produced by SMBD/CIFS clients such as Windows 95/98/ME, + those produced by SMB/CIFS clients such as Windows 95/98/ME, Windows NT, Windows 2000, and LanManager clients. It also participates in the browsing protocols which make up the Windows "Network Neighborhood" view.</para> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index c02f935d82..0d45a5dc20 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -107,8 +107,9 @@ <varlistentry> <term>-l logbasename</term> - <listitem><para>File name for log/debug files. .client will be - appended. The log file is never removed by the client. + <listitem><para>File name for log/debug files. The extension + '.client' will be appended. The log file is never removed + by the client. </para></listitem> </varlistentry> @@ -161,9 +162,8 @@ <varlistentry> <term>-W domain</term> <listitem><para>Set the SMB domain of the username. This - overrides the default domain which is the domain of the - server specified with the <parameter>-S</parameter> option. - If the domain specified is the same as the server's NetBIOS name, + overrides the default domain which is the domain defined in + smb.conf. If the domain specified is the same as the server's NetBIOS name, it causes the client to log on using the server's local SAM (as opposed to the Domain SAM). </para></listitem> </varlistentry> @@ -179,8 +179,15 @@ <para><emphasis>LSARPC</emphasis></para> <itemizedlist> <listitem><para><command>lsaquery</command></para></listitem> - <listitem><para><command>lookupsids</command></para></listitem> - <listitem><para><command>lookupnames</command></para></listitem> + + <listitem><para><command>lookupsids</command> - Resolve a list + of SIDs to usernames. + </para></listitem> + + <listitem><para><command>lookupnames</command> - Resolve s list + of usernames to SIDs. + </para></listitem> + <listitem><para><command>enumtrusts</command></para></listitem> </itemizedlist> <para> </para> @@ -193,6 +200,10 @@ <listitem><para><command>querygroup</command></para></listitem> <listitem><para><command>queryusergroups</command></para></listitem> <listitem><para><command>querygroupmem</command></para></listitem> + <listitem><para><command>queryaliasmem</command></para></listitem> + <listitem><para><command>querydispinfo</command></para></listitem> + <listitem><para><command>querydominfo</command></para></listitem> + <listitem><para><command>enumdomgroups</command></para></listitem> </itemizedlist> <para> </para> @@ -244,6 +255,12 @@ </listitem> + <listitem><para><command>deldriver</command> - Delete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. + </para></listitem> + <listitem><para><command>enumdata</command> - Enumerate all printer setting data stored on the server. On Windows NT clients, these values are stored in the registry, while Samba servers diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index e5357d24f3..70b4cc1c8e 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -325,7 +325,7 @@ <para>Many of the strings that are settable in the config file can take substitutions. For example the option "path = - /tmp/%U" would be interpreted as "path = + /tmp/%u" would be interpreted as "path = /tmp/john" if the user connected with the username john.</para> <para>These substitutions are mostly noted in the descriptions below, @@ -586,8 +586,9 @@ each parameter for details. Note that some are synonyms.</para> <itemizedlist> + <listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>add printer command</parameter></link></para></listitem> + <listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem> <listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem> - <listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>addprinter command</parameter></link></para></listitem> <listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem> <listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem> <listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem> @@ -595,6 +596,7 @@ <listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem> <listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem> <listitem><para><link linkend="CHANGENOTIFYTIMEOUT"><parameter>change notify timeout</parameter></link></para></listitem> + <listitem><para><link linkend="CHANGESHARECOMMAND"><parameter>change share command</parameter></link></para></listitem> <listitem><para><link linkend="CHARACTERSET"><parameter>character set</parameter></link></para></listitem> <listitem><para><link linkend="CLIENTCODEPAGE"><parameter>client code page</parameter></link></para></listitem> <listitem><para><link linkend="CODEPAGEDIRECTORY"><parameter>code page directory</parameter></link></para></listitem> @@ -608,15 +610,13 @@ <listitem><para><link linkend="DEBUGLEVEL"><parameter>debuglevel</parameter></link></para></listitem> <listitem><para><link linkend="DEFAULT"><parameter>default</parameter></link></para></listitem> <listitem><para><link linkend="DEFAULTSERVICE"><parameter>default service</parameter></link></para></listitem> + <listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer command</parameter></link></para></listitem> + <listitem><para><link linkend="DELETESHARECOMMAND"><parameter>delete share command</parameter></link></para></listitem> <listitem><para><link linkend="DELETEUSERSCRIPT"><parameter>delete user script</parameter></link></para></listitem> - <listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>deleteprinter command</parameter></link></para></listitem> <listitem><para><link linkend="DFREECOMMAND"><parameter>dfree command</parameter></link></para></listitem> <listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem> <listitem><para><link linkend="DOMAINADMINGROUP"><parameter>domain admin group</parameter></link></para></listitem> - <listitem><para><link linkend="DOMAINADMINUSERS"><parameter>domain admin users</parameter></link></para></listitem> - <listitem><para><link linkend="DOMAINGROUPS"><parameter>domain groups</parameter></link></para></listitem> <listitem><para><link linkend="DOMAINGUESTGROUP"><parameter>domain guest group</parameter></link></para></listitem> - <listitem><para><link linkend="DOMAINGUESTUSERS"><parameter>domain guest users</parameter></link></para></listitem> <listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem> <listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem> <listitem><para><link linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter></link></para></listitem> @@ -670,9 +670,11 @@ <listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem> <listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem> <listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem> + <listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem> <listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem> <listitem><para><link linkend="OSLEVEL"><parameter>os level</parameter></link></para></listitem> <listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem> + <listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem> <listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem> <listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem> <listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem> @@ -881,6 +883,119 @@ <variablelist> + + <varlistentry> + <term><anchor id="ADDPRINTERCOMMAND">add printer command (G)</term> + <listitem><para>With the introduction of MS-RPC based printing + support for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or Windows + NT/2000 print server.</para> + + <para>For a Samba host this means that the printer must be + physically added to underlying printing system. The <parameter>add + printer command</parameter> defines a script to be run which + will perform the necessary operations for adding the printer + to the print system and to add the appropriate service definition + to the <filename>smb.conf</filename> file in order that it can be + shared by <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> + + <para>The <parameter>add printer command</parameter> is + automatically invoked with the following parameter (in + order:</para> + + <itemizedlist> + <listitem><para><parameter>printer name</parameter></para></listitem> + <listitem><para><parameter>share name</parameter></para></listitem> + <listitem><para><parameter>port name</parameter></para></listitem> + <listitem><para><parameter>driver name</parameter></para></listitem> + <listitem><para><parameter>location</parameter></para></listitem> + <listitem><para><parameter>Windows 9x driver location</parameter> + </para></listitem> + </itemizedlist> + + <para>All parameters are filled in from the PRINTER_INFO_2 structure sent + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility + only. The remaining fields in the structure are generated from answers + to the APW questions.</para> + + <para>Once the <parameter>add printer command</parameter> has + been executed, <command>smbd</command> will reparse the <filename> + smb.conf</filename> to determine if the share defined by the APW + exists. If the sharename is still invalid, then <command>smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter> + delete printer command</parameter></link>, <link + linkend="printing"><parameter>printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>addprinter command = /usr/bin/addprinter + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ADDSHARECOMMAND">add share command (G)</term> + <listitem><para>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <parameter>add share command</parameter> is used to define an + external program or script which will add a new service definition + to <filename>smb.conf</filename>. In order to successfully + execute the <parameter>add share command</parameter>, <command>smbd</command> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </para> + + <para> + When executed, <command>smbd</command> will automatically invoke the + <parameter>add share command</parameter> with four parameters. + </para> + + <itemizedlist> + <listitem><para><parameter>configFile</parameter> - the location + of the global <filename>smb.conf</filename> file. + </para></listitem> + + <listitem><para><parameter>shareName</parameter> - the name of the new + share. + </para></listitem> + + <listitem><para><parameter>pathName</parameter> - path to an **existing** + directory on disk. + </para></listitem> + + <listitem><para><parameter>comment</parameter> - comment string to associate + with the new share. + </para></listitem> + </itemizedlist> + + <para> + This parameter is only used for add file shares. To add printer shares, + see the <link linkend="ADDPRINTERCOMMAND"><parameter>add printer + command</parameter></link>. + </para> + + <para> + See also <link linkend="CHANGESHARECOMMAND"><parameter>change share + command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete share + command</parameter></link>. + </para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>add share command = /usr/local/bin/addshare</command></para> + </listitem> + </varlistentry> + + + <varlistentry> <term><anchor id="ADDUSERSCRIPT">add user script (G)</term> <listitem><para>This is the full pathname to a script that will @@ -935,63 +1050,6 @@ <varlistentry> - <term><anchor id="ADDPRINTERCOMMAND">addprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printing - support for Windows NT/2000 clients in Samba 2.2, The MS Add - Printer Wizard (APW) icon is now also available in the - "Printers..." folder displayed a share listing. The APW - allows for printers to be add remotely to a Samba or Windows - NT/2000 print server.</para> - - <para>For a Samba host this means that the printer must be - physically added to underlying printing system. The <parameter> - addprinter command</parameter> defines a script to be run which - will perform the necessary operations for adding the printer - to the print system and to add the appropriate service definition - to the <filename>smb.conf</filename> file in order that it can be - shared by <ulink url="smbd.8.html"><command>smbd(8)</command> - </ulink>.</para> - - <para>The <parameter>addprinter command</parameter> is - automatically invoked with the following parameter (in - order:</para> - - <itemizedlist> - <listitem><para><parameter>printer name</parameter></para></listitem> - <listitem><para><parameter>share name</parameter></para></listitem> - <listitem><para><parameter>port name</parameter></para></listitem> - <listitem><para><parameter>driver name</parameter></para></listitem> - <listitem><para><parameter>location</parameter></para></listitem> - <listitem><para><parameter>Windows 9x driver location</parameter> - </para></listitem> - </itemizedlist> - - <para>All parameters are filled in from the PRINTER_INFO_2 structure sent - by the Windows NT/2000 client with one exception. The "Windows 9x - driver location" parameter is included for backwards compatibility - only. The remaining fields in the structure are generated from answers - to the APW questions.</para> - - <para>Once the <parameter>addprinter command</parameter> has - been executed, <command>smbd</command> will reparse the <filename> - smb.conf</filename> to determine if the share defined by the APW - exists. If the sharename is still invalid, then <command>smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter> - deleteprinter command</parameter></link>, <link - linkend="printing"><parameter>printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>addprinter command = /usr/bin/addprinter - </command></para> - </listitem> - </varlistentry> - - - <varlistentry> <term><anchor id="ADMINUSERS">admin users (S)</term> <listitem><para>This is a list of users who will be granted administrative privileges on the share. This means that they @@ -1264,7 +1322,60 @@ <para>Would change the scan time to every 5 minutes.</para></listitem> </varlistentry> + + + <varlistentry> + <term><anchor id="CHANGESHARECOMMAND">change share command (G)</term> + <listitem><para>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <parameter>change share command</parameter> is used to define an + external program or script which will modify an existing service definition + in <filename>smb.conf</filename>. In order to successfully + execute the <parameter>change share command</parameter>, <command>smbd</command> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </para> + <para> + When executed, <command>smbd</command> will automatically invoke the + <parameter>change share command</parameter> with four parameters. + </para> + + <itemizedlist> + <listitem><para><parameter>configFile</parameter> - the location + of the global <filename>smb.conf</filename> file. + </para></listitem> + + <listitem><para><parameter>shareName</parameter> - the name of the new + share. + </para></listitem> + + <listitem><para><parameter>pathName</parameter> - path to an **existing** + directory on disk. + </para></listitem> + + <listitem><para><parameter>comment</parameter> - comment string to associate + with the new share. + </para></listitem> + </itemizedlist> + + <para> + This parameter is only used modify existing file shares definitions. To modify + printer shares, use the "Printers..." folder as seen when browsing the Samba host. + </para> + + <para> + See also <link linkend="ADDSHARECOMMAND"><parameter>add share + command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete + share command</parameter></link>. + </para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>change share command = /usr/local/bin/addshare</command></para> + </listitem> + </varlistentry> + + <varlistentry> <term><anchor id="CHARACTERSET">character set (G)</term> @@ -1545,6 +1656,11 @@ mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS"> <parameter>inherit permissions</parameter></link> parameter.</para> + <para>Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the <link + linkend="SECURITYMASK"><parameter>security mask</parameter></link>.</para> + <para>Default: <command>create mask = 0744</command></para> <para>Example: <command>create mask = 0775</command></para></listitem> </varlistentry> @@ -1648,15 +1764,9 @@ <varlistentry> <term><anchor id="DEBUGLEVEL">debuglevel (G)</term> - <listitem><para>The value of the parameter (an integer) allows - the debug level (logging level) to be specified in the - <filename>smb.conf</filename> file. This is to give greater - flexibility in the configuration of the system.</para> - - <para>The default will be the debug level specified on - the command line or level zero if none was specified.</para> - - <para>Example: <command>debug level = 3</command></para></listitem> + <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter> + log level</parameter></link>.</para> + </listitem> </varlistentry> @@ -1721,6 +1831,48 @@ <varlistentry> + <term><anchor id="DELETEPRINTERCOMMAND">delete printer command (G)</term> + <listitem><para>With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call.</para> + + <para>For a Samba host this means that the printer must be + physically deleted from underlying printing system. The <parameter> + deleteprinter command</parameter> defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from <filename>smb.conf</filename>. + </para> + + <para>The <parameter>delete printer command</parameter> is + automatically called with only one parameter: <parameter> + "printer name"</parameter>.</para> + + + <para>Once the <parameter>delete printer command</parameter> has + been executed, <command>smbd</command> will reparse the <filename> + smb.conf</filename> to associated printer no longer exists. + If the sharename is still valid, then <command>smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter> + add printer command</parameter></link>, <link + linkend="printing"><parameter>printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>deleteprinter command = /usr/bin/removeprinter + </command></para> + </listitem> + </varlistentry> + + + + + + + <varlistentry> <term><anchor id="DELETEREADONLY">delete readonly (S)</term> <listitem><para>This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.</para> @@ -1733,6 +1885,53 @@ </varlistentry> + + <varlistentry> + <term><anchor id="DELETESHARECOMMAND">delete share command (G)</term> + <listitem><para>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <parameter>delete share command</parameter> is used to define an + external program or script which will remove an existing service + definition from <filename>smb.conf</filename>. In order to successfully + execute the <parameter>delete share command</parameter>, <command>smbd</command> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </para> + + <para> + When executed, <command>smbd</command> will automatically invoke the + <parameter>delete share command</parameter> with two parameters. + </para> + + <itemizedlist> + <listitem><para><parameter>configFile</parameter> - the location + of the global <filename>smb.conf</filename> file. + </para></listitem> + + <listitem><para><parameter>shareName</parameter> - the name of + the existing service. + </para></listitem> + </itemizedlist> + + <para> + This parameter is only used to remove file shares. To delete printer shares, + see the <link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer + command</parameter></link>. + </para> + + <para> + See also <link linkend="ADDSHARECOMMAND"><parameter>delete share + command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter>change + share</parameter></link>. + </para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>delete share command = /usr/local/bin/delshare</command></para> + + </listitem> + </varlistentry> + + <varlistentry> @@ -1797,46 +1996,6 @@ - <varlistentry> - <term><anchor id="DELETEPRINTERCOMMAND">deleteprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printer - support for Windows NT/2000 clients in Samba 2.2, it is now - possible to delete printer at run time by issuing the - DeletePrinter() RPC call.</para> - - <para>For a Samba host this means that the printer must be - physically deleted from underlying printing system. The <parameter> - deleteprinter command</parameter> defines a script to be run which - will perform the necessary operations for removing the printer - from the print system and from <filename>smb.conf</filename>. - </para> - - <para>The <parameter>deleteprinter command</parameter> is - automatically called with only one parameter: <parameter> - "printer name"</parameter>.</para> - - - <para>Once the <parameter>deleteprinter command</parameter> has - been executed, <command>smbd</command> will reparse the <filename> - smb.conf</filename> to associated printer no longer exists. - If the sharename is still valid, then <command>smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter> - addprinter command</parameter></link>, <link - linkend="printing"><parameter>printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command>deleteprinter command = /usr/bin/removeprinter - </command></para> - </listitem> - </varlistentry> - - - - <varlistentry> <term><anchor id="DELETEVETOFILES">delete veto files (S)</term> @@ -1962,6 +2121,11 @@ </parameter></link> parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).</para> + <para>Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the <link + linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link>.</para> + <para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link> parameter to cause particular mode bits to always be set on created directories.</para> @@ -2002,17 +2166,15 @@ mask may be treated as a set of bits the user is not allowed to change.</para> - <para>If not set explicitly this parameter is set to the same - value as the <link linkend="DIRECTORYMASK"><parameter>directory - mask</parameter></link> parameter. To allow a user to - modify all the user/group/world permissions on a directory, set - this parameter to 0777.</para> + <para>If not set explicitly this parameter is set to 0777 + meaning a user is allowed to modify all the user/group/world + permissions on a directory.</para> <para><emphasis>Note</emphasis> that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to set - it to 0777.</para> + Administrators of most normal systems will probably want to leave + it as the default of 0777.</para> <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter> force directory security mode</parameter></link>, <link @@ -2020,9 +2182,8 @@ <link linkend="FORCESECURITYMODE"><parameter>force security mode </parameter></link> parameters.</para> - <para>Default: <command>directory security mask = <same as - directory mask></command></para> - <para>Example: <command>directory security mask = 0777</command></para> + <para>Default: <command>directory security mask = 0777</command></para> + <para>Example: <command>directory security mask = 0700</command></para> </listitem> </varlistentry> @@ -2054,67 +2215,47 @@ <varlistentry> <term><anchor id="DOMAINADMINGROUP">domain admin group (G)</term> - <listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <ulink - url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by - visiting the web page at <ulink url="http://lists.samba.org/"> - http://lists.samba.org/</ulink>.</para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="DOMAINADMINUSERS">domain admin users (G)</term> - <listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <ulink - url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by - visiting the web page at <ulink url="http://lists.samba.org/"> - http://lists.samba.org/</ulink>.</para></listitem> + <listitem><para>This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Admins" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + <filename>smb.conf</filename> notation. + </para> + + <para>See also <link linkend="DOMAINGUESTGROUP"><parameter>domain + guest group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain + logons</parameter></link> + </para> + + <para>Default: <emphasis>no domain administrators</emphasis></para> + <para>Example: <command>domain admin group = root @wheel</command></para> + </listitem> </varlistentry> - <varlistentry> - <term><anchor id="DOMAINGROUPS">domain groups (G)</term> - <listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <ulink - url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by - visiting the web page at <ulink url="http://lists.samba.org/"> - http://lists.samba.org/</ulink>.</para></listitem> - </varlistentry> - <varlistentry> <term><anchor id="DOMAINGUESTGROUP">domain guest group (G)</term> - <listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <ulink - url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by - visiting the web page at <ulink url="http://lists.samba.org/"> - http://lists.samba.org/</ulink>.</para></listitem> - </varlistentry> - - - <varlistentry> - <term><anchor id="DOMAINGUESTUSERS">domain guest users (G)</term> - <listitem><para>This is an <emphasis>EXPERIMENTAL</emphasis> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <ulink - url="mailto:samba-ntdom@samba.org">samba-ntdom</ulink> available by - visiting the web page at <ulink url="http://lists.samba.org/"> - http://lists.samba.org/</ulink>.</para></listitem> + <listitem><para>This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Guests" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + <filename>smb.conf</filename> notation. + </para> + + <para>See also <link linkend="DOMAINADMINGROUP"><parameter>domain + admin group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain + logons</parameter></link> + </para> + + <para>Default: <emphasis>no domain guests</emphasis></para> + <para>Example: <command>domain guest group = nobody @guest</command></para> + </listitem> </varlistentry> @@ -2431,6 +2572,12 @@ mode after the mask set in the <parameter>create mask</parameter> parameter is applied.</para> + <para>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <link + linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with + mask</parameter></link> to true.</para> + <para>See also the parameter <link linkend="CREATEMASK"><parameter>create mask</parameter></link> for details on masking mode bits on files.</para> @@ -2459,6 +2606,12 @@ mask in the parameter <parameter>directory mask</parameter> is applied.</para> + <para>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <link + linkend="RESTRICTACLWITHMASK"><parameter>restrict acl with + mask</parameter></link> to true.</para> + <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter> directory mask</parameter></link> for details on masking mode bits on created directories.</para> @@ -2490,17 +2643,15 @@ mask may be treated as a set of bits that, when modifying security on a directory, the user has always set to be 'on'.</para> - <para>If not set explicitly this parameter is set to the same - value as the <link linkend="FORCEDIRECTORYMODE"><parameter>force - directory mode</parameter></link> parameter. To allow - a user to modify all the user/group/world permissions on a - directory without restrictions, set this parameter to 000.</para> + <para>If not set explicitly this parameter is 000, which + allows a user to modify all the user/group/world permissions on a + directory without restrictions.</para> <para><emphasis>Note</emphasis> that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to set - it to 0000.</para> + Administrators of most normal systems will probably want to leave + it set as 0000.</para> <para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter> directory security mask</parameter></link>, <link linkend="SECURITYMASK"> @@ -2508,9 +2659,8 @@ <link linkend="FORCESECURITYMODE"><parameter>force security mode </parameter></link> parameters.</para> - <para>Default: <command>force directory security mode = <same as - force directory mode></command></para> - <para>Example: <command>force directory security mode = 0</command></para> + <para>Default: <command>force directory security mode = 0</command></para> + <para>Example: <command>force directory security mode = 700</command></para> </listitem> </varlistentry> @@ -2568,17 +2718,15 @@ mask may be treated as a set of bits that, when modifying security on a file, the user has always set to be 'on'.</para> - <para>If not set explicitly this parameter is set to the same - value as the <link linkend="FORCECREATEMODE"><parameter>force - create mode</parameter></link> parameter. To allow a user to - modify all the user/group/world permissions on a file, with no - restrictions set this parameter to 000.</para> + <para>If not set explicitly this parameter is set to 0, + and allows a user to modify all the user/group/world permissions on a file, + with no restrictions.</para> <para><emphasis>Note</emphasis> that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to set - it to 0000.</para> + Administrators of most normal systems will probably want to leave + this set to 0000.</para> <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter> force directory security mode</parameter></link>, @@ -2586,9 +2734,8 @@ mask</parameter></link>, <link linkend="SECURITYMASK"><parameter> security mask</parameter></link> parameters.</para> - <para>Default: <command>force security mode = <same as force - create mode></command></para> - <para>Example: <command>force security mode = 0</command></para> + <para>Default: <command>force security mode = 0</command></para> + <para>Example: <command>force security mode = 700</command></para> </listitem> </varlistentry> @@ -3340,9 +3487,15 @@ <varlistentry> <term><anchor id="LOGLEVEL">log level (G)</term> - <listitem><para>Synonym for <link linkend="DEBUGLEVEL"><parameter> - debug level</parameter></link>.</para> - </listitem> + <listitem><para>The value of the parameter (an integer) allows + the debug level (logging level) to be specified in the + <filename>smb.conf</filename> file. This is to give greater + flexibility in the configuration of the system.</para> + + <para>The default will be the log level specified on + the command line or level zero if none was specified.</para> + + <para>Example: <command>log level = 3</command></para></listitem> </varlistentry> @@ -4580,6 +4733,28 @@ + + <varlistentry> + <term><anchor id="OBEYPAMRESTRICTIONS">obey pam restrictions (G)</term> + <listitem><para>When Samba 2.2 is configure to enable PAM support + (i.e. --with-pam), this parameter will control whether or not Samba + should obey PAM's account and session management directives. The + default behavior is to use PAM for clear text authentication only + and to ignore any account or session management. Note that Samba + always ignores PAM for authentication in the case of <link + linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords = yes</parameter> + </link>. The reason is that PAM modules cannot support the challenge/response + authentication mechanism needed in the presence of SMB password encryption. + </para> + + <para>Default: <command>obey pam restrictions = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> <term><anchor id="ONLYUSER">only user (S)</term> <listitem><para>This is a boolean option that controls whether @@ -4608,24 +4783,6 @@ - - <varlistentry> - <term><anchor id="OLELOCKINGCOMPATIBILITY">ole locking compatibility (G)</term> - <listitem><para>This parameter allows an administrator to turn - off the byte range lock manipulation that is done within Samba to - give compatibility for OLE applications. Windows OLE applications - use byte range locking as a form of inter-process communication, by - locking ranges of bytes around the 2^32 region of a file range. This - can cause certain UNIX lock managers to crash or otherwise cause - problems. Setting this parameter to <constant>no</constant> means you - trust your UNIX lock manager to handle such cases correctly.</para> - - <para>Default: <command>ole locking compatibility = yes</command></para> - </listitem> - </varlistentry> - - - <varlistentry> <term><anchor id="ONLYGUEST">only guest (S)</term> <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter> @@ -4755,6 +4912,21 @@ </varlistentry> + <varlistentry> + <term><anchor id="PAMPASSWORDCHANGE">pam password change (G)</term> + <listitem><para>With the addition of better PAM support in Samba 2.2, + this parameter, it is possible to use PAM's password change control + flag for Samba. If enabled, then PAM will be used for password + changes when requested by an SMB client, and the <link + linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link> must be + be changed to work with the pam prompts. + </para> + + <para>Default: <command>pam password change = no</command></para> + + </listitem> + </varlistentry> + <varlistentry> <term><anchor id="PANICACTION">panic action (G)</term> @@ -4810,10 +4982,21 @@ password cleartext. In this case the old password cleartext is set to "" (the empty string).</para> + <para>Also, if the <link linkend="PAMPASSWORDCHANGE"><parameter>pam + password change</parameter></link> parameter is set to true, then the + chat sequence should consist of three elements. The first element should + match the pam prompt for the old password, the second element should match + the pam prompt for the first request for the new password, and the final + element should match the pam prompt for the second request for the new password. + These matches are done case insentively. Under most conditions this change + is done as root so the prompt for the old password will never be matched. + </para> + <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter> - passwd program</parameter></link> and <link linkend="PASSWDCHATDEBUG"> - <parameter>passwd chat debug</parameter></link>.</para> + passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG"> + <parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> + <parameter>pam password change</parameter></link>.</para> <para>Default: <command>passwd chat = *new*password* %n\n *new*password* %n\n *changed*</command></para> @@ -5799,6 +5982,35 @@ <varlistentry> + <term><anchor id="RESTRICTACLWITHMASK">restrict acl with mask (S)</term> + <listitem><para>This is a boolean parameter. If set to false (default), then + Creation of files with access control lists (ACLS) and modification of ACLs + using the Windows NT/2000 ACL editor will be applied directly to the file + or directory.</para> + + <para>If set to True, then all requests to set an ACL on a file will have the + parameters <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, + <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link> + applied before setting the ACL, and all requests to set an ACL on a directory will + have the parameters <link linkend="DIRECTORYMASK"><parameter>directory + mask</parameter></link>, <link linkend="FORCEDIRECTORYMODE"><parameter>force + directory mode</parameter></link> applied before setting the ACL. + </para> + + <para>See also <link linkend="CREATEMASK"><parameter>create mask</parameter></link>, + <link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link>, + <link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link>, + <link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link> + </para> + + <para>Default: <command>restrict acl with mask = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> <listitem><para>This is a boolean parameter. If it is true, then anonymous access to the server will be restricted, namely in the @@ -6176,17 +6388,15 @@ mask may be treated as a set of bits the user is not allowed to change.</para> - <para>If not set explicitly this parameter is set to the same - value as the <link linkend="CREATEMASK"><parameter>create mask - </parameter></link> parameter. To allow a user to modify all the - user/group/world permissions on a file, set this parameter to - 0777.</para> + <para>If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions on a file. + </para> <para><emphasis>Note</emphasis> that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will - probably want to set it to 0777.</para> + probably want to leave it set to 0777.</para> <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"> <parameter>force directory security mode</parameter></link>, @@ -6194,9 +6404,8 @@ security mask</parameter></link>, <link linkend="FORCESECURITYMODE"> <parameter>force security mode</parameter></link> parameters.</para> - <para>Default: <command>security mask = <same as create mask> - </command></para> - <para>Example: <command>security mask = 0777</command></para> + <para>Default: <command>security mask = 0777</command></para> + <para>Example: <command>security mask = 0770</command></para> </listitem> </varlistentry> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 44418ea85f..8e529d8b71 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="findsmb"> +<refentry id="smbcontrol"> <refmeta> <refentrytitle>smbcontrol</refentrytitle> diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml index b847aadd05..5b409bb9de 100644 --- a/docs/docbook/manpages/smbspool.8.sgml +++ b/docs/docbook/manpages/smbspool.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="findsmb"> +<refentry id="smbspool"> <refmeta> <refentrytitle>smbspool</refentrytitle> @@ -8,7 +8,7 @@ <refnamediv> - <refname>nmblookup</refname> + <refname>smbspool</refname> <refpurpose>send print file to an SMB printer</refpurpose> </refnamediv> diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml index 6f2361d021..c2f638b88e 100644 --- a/docs/docbook/manpages/smbstatus.1.sgml +++ b/docs/docbook/manpages/smbstatus.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="findsmb"> +<refentry id="smbstatus"> <refmeta> <refentrytitle>smbstatus</refentrytitle> |