diff options
Diffstat (limited to 'docs/docbook')
114 files changed, 3140 insertions, 0 deletions
diff --git a/docs/docbook/projdoc/IntroSMB.sgml b/docs/docbook/projdoc/IntroSMB.sgml new file mode 100644 index 0000000000..e81155a36f --- /dev/null +++ b/docs/docbook/projdoc/IntroSMB.sgml @@ -0,0 +1,175 @@ +<chapter id="IntroSMB"> +<chapterinfo> + &author.dlechnyr; + <pubdate>April 13, 2003</pubdate> +</chapterinfo> + +<title>Introduction to Samba</title> + +<para> +Samba provides MS Windows file and print services over TCP/IP and provides compatible support for +all SMB/CIFS enabled clients. Samba can be used to provide seemless interoperability between unix +/ Linux systems and MS Windows clients and servers. A global team of about 30 active programmers +is responsible for the development of Samba, a marvelous tool that was originally developed by +Andrew Tridgell. That team of developers is known as the Samba-Team. +</para> + +<sect1> +<title>Background</title> + +<para> +Once long ago, there was a buzzword referred to as DCE/RPC. This stood for Distributed Computing +Environment/Remote Procedure Calls and conceptually was a good idea. It was originally developed +by Apollo/HP as NCA 1.0 (Network Computing Architecture) and only ran over UDP. When there was +a need to run it over TCP so that it would be compatible with DECnet 3.0, it was redesigned, +submitted to The Open Group, and officially became known as DCE/RPC. Microsoft came along and +decided, rather than pay $20 per seat to license this technology, to reimplement DCE/RPC +themselves as MSRPC. From this, the concept continued in the form of SMB (Server Message Block, +or the "what") using the NetBIOS (Network Basic Input/Output System, or the "how") compatibility +layer. You can run SMB (i.e., transport) over several different protocols; many different +implementations arose as a result, including NBIPX (NetBIOS over IPX, NwLnkNb, or NWNBLink) and +NBT (NetBIOS over TCP/IP, or NetBT). As the years passed, NBT became the most common form of +implementation until the advance of "Direct-Hosted TCP" -- the Microsoft marketing term for +eliminating NetBIOS entirely and running SMB by itself across TCP port 445 only. As of yet, +direct-hosted TCP has yet to catch on. And so the story goes. +</para> + +<para> +Perhaps the best summary of the origins of SMB are voiced in the 1997 article titled, CIFS: +Common Insecurities Fail Scrutiny: +</para> + +<para><emphasis> +Several megabytes of NT-security archives, random whitepapers, RFCs, the CIFS spec, the Samba +stuff, a few MS knowledge-base articles, strings extracted from binaries, and packet dumps have +been dutifully waded through during the information-gathering stages of this project, and there +are *still* many missing pieces... While often tedious, at least the way has been generously +littered with occurrences of clapping hand to forehead and muttering 'crikey, what are they +thinking? +</emphasis></para> + +<sect2> +<title>Terminology</title> + +<itemizedlist> + + <listitem><para> + SMB: Acronym for "Server Message Block". This is a Microsoft's file and printer + sharing protocol. + </para></listitem> + + <listitem><para> + CIFS: Acronym for the "Common Internet File System". Around 1996, Microsoft apparently + decided that SMB needed the word "Internet" in it, so they changed it to CIFS. + </para></listitem> + + <listitem><para> + Direct-Hosted: A method of providing file/printer sharing services over port 445/tcp + only, using DNS for name resolution instead of WINS. + </para></listitem> + + <listitem><para> + IPC: Acronym for "Inter-process Communication". A method to communicate specific + information between programs. + </para></listitem> + + <listitem><para> + Marshalling: - A method of serializing (i.e., sequential ordering of) variable data + suitable for transmission via a network connection or storing in a file. The source + data can be re-created using a similar process called unmarshalling. + </para></listitem> + + <listitem><para> + NetBIOS: Acronym for "Network Basic Input/Output System". This is not a protocol; + it is a method of communication across an existing protocol. This is a standard which + was originally developed for IBM by Sytek in 1983. To exaggerate the analogy a bit, + it can help to think of this in comparison your computer's BIOS -- it controlls the + essential functions of your input/output hardware -- whereas NetBIOS controlls the + essential functions of your input/output traffic via the network. Again, this is a bit + of an exaggeration but it should help that paradigm shift. What is important to realize + is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically + brilliant people tend to interchange NetBIOS with terms like NetBEUI without a second + thought; this will cause no end (and no doubt) of confusion. + </para></listitem> + + <listitem><para> + NetBEUI: Acronym for the "NetBIOS Extended User Interface". Unlike NetBIOS, NetBEUI + is a protocol, not a standard. It is also not routable, so traffic on one side of a + router will be unable to communicate with the other side. Understanding NetBEUI is + not essential to deciphering SMB; however it helps to point out that it is not the + same as NetBIOS and to improve your score in trivia at parties. NetBEUI was originally + referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver". + It is not often heard from these days. + </para></listitem> + + <listitem><para> + NBT: Acronym for "NetBIOS over TCP"; also known as "NetBT". Allows the continued use + of NetBIOS traffic proxied over TCP/IP. As a result, NetBIOS names are made equivilant + to IP addresses and NetBIOS name types are conceptually equivilant to TCP/IP ports. + This is how file and printer sharing are accomplished in Windows 95/98/ME. They + traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP port 137, + NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service + (nbsession) via TCP port 139. All name resolution is done via WINS, NetBIOS broadcasts, + and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002 + (Detailed specifications). + </para></listitem> + + <listitem><para> + W2K: Acronym for Windows 2000 Professional or Server + </para></listitem> + + <listitem><para> + W3K: Acronym for Windows 2003 Server + </para></listitem> + +</itemizedlist> + +</sect2> + +<sect2> +<title>Related Projects> + +<para> +Currently, there are two projects that are directly related to Samba: SMBFS and CIFS network +client file systems for Linux, both available in the Linux kernel itself. +</para> + +<itemizedlist> + + <listitem><para> + SMBFS (Server Message Block File System) allows you to mount SMB shares (the protocol + Windows 95/98/ME, Windows NT/2000/XP and OS/2 Lan Manager use to share files and printers + over local networks) and access them just like any other Unix directory. This is useful + if you just want to mount such filesystems without being a SMBFS server. + </para></listitem> + + <listitem><para> + CIFS (Common Internet File System) is the successor to SMB, and is actively being worked + on in the upcoming version of the Linux kernel (2.5/2.6). The intent of this module is to + provide advanced network file system functionality including support for dfs (heirarchical + name space), secure per-user session establishment, safe distributed caching (oplock), + optional packet signing, Unicode and other internationalization improvements, and optional + Winbind (nsswitch) integration. If you enable CONFIG_CIFS in the Linux kernel, be aware + that it is currently in an early development stage and may not be as stable as the existing + CONFIG_SMB_FS option. + </para></listitem> + +</itemizedlist> + +<para> +Again, it's important to note that these are implementations for client filesystems, and have +nothing to do with acting as a file and print server for SMB/CIFS clients. +</para> + +</sect2> + +<sect2> +<title>Miscellaneous</title> + +<para> +This chapter is Copyright © 2003 David Lechnyr. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/licenses/fdl.txt. +</para> + +</sect2> +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/Problems.sgml b/docs/docbook/projdoc/Problems.sgml new file mode 100644 index 0000000000..1f880a78cd --- /dev/null +++ b/docs/docbook/projdoc/Problems.sgml @@ -0,0 +1,276 @@ +<chapter id="problems"> + +<chapterinfo> + &author.jerry; + &author.jelmer; + <author> + <firstname>David</firstname><surname>Bannon</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>dbannon@samba.org</email></address> + </affiliation> + </author> + <pubdate>8 Apr 2003</pubdate> +</chapterinfo> + +<title>Analysing and solving samba problems</title> + +<para> +There are many sources of information available in the form +of mailing lists, RFC's and documentation. The docs that come +with the samba distribution contain very good explanations of +general SMB topics such as browsing.</para> + +<sect1> +<title>Diagnostics tools</title> + + <para> +One of the best diagnostic tools for debugging problems is Samba itself. +You can use the -d option for both smbd and nmbd to specify what +'debug level' at which to run. See the man pages on smbd, nmbd and +smb.conf for more information on debugging options. The debug +level can range from 1 (the default) to 10 (100 for debugging passwords). +</para> + +<para> +Another helpful method of debugging is to compile samba using the +<command>gcc -g </command> flag. This will include debug +information in the binaries and allow you to attach gdb to the +running smbd / nmbd process. In order to attach gdb to an smbd +process for an NT workstation, first get the workstation to make the +connection. Pressing ctrl-alt-delete and going down to the domain box +is sufficient (at least, on the first time you join the domain) to +generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation +maintains an open connection, and therefore there will be an smbd +process running (assuming that you haven't set a really short smbd +idle timeout) So, in between pressing ctrl alt delete, and actually +typing in your password, you can gdb attach and continue. +</para> + +<para> +Some useful samba commands worth investigating: +</para> + +<itemizedlist> + <listitem><para>testparam | more</para></listitem> + <listitem><para>smbclient -L //{netbios name of server}</para></listitem> +</itemizedlist> + +<para> +An SMB enabled version of tcpdump is available from +<ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>. +Ethereal, another good packet sniffer for Unix and Win32 +hosts, can be downloaded from <ulink +url="http://www.ethereal.com/">http://www.ethereal.com</ulink>. +</para> + +<para> +For tracing things on the Microsoft Windows NT, Network Monitor +(aka. netmon) is available on the Microsoft Developer Network CD's, +the Windows NT Server install CD and the SMS CD's. The version of +netmon that ships with SMS allows for dumping packets between any two +computers (i.e. placing the network interface in promiscuous mode). +The version on the NT Server install CD will only allow monitoring +of network traffic directed to the local NT box and broadcasts on the +local subnet. Be aware that Ethereal can read and write netmon +formatted files. +</para> + +</sect1> + +<sect1> +<title>Installing 'Network Monitor' on an NT Workstation or a Windows 9x box</title> + +<para> +Installing netmon on an NT workstation requires a couple +of steps. The following are for installing Netmon V4.00.349, which comes +with Microsoft Windows NT Server 4.0, on Microsoft Windows NT +Workstation 4.0. The process should be similar for other version of +Windows NT / Netmon. You will need both the Microsoft Windows +NT Server 4.0 Install CD and the Workstation 4.0 Install CD. +</para> + +<para> +Initially you will need to install 'Network Monitor Tools and Agent' +on the NT Server. To do this +</para> + +<itemizedlist> + <listitem><para>Goto Start - Settings - Control Panel - + Network - Services - Add </para></listitem> + + <listitem><para>Select the 'Network Monitor Tools and Agent' and + click on 'OK'.</para></listitem> + + <listitem><para>Click 'OK' on the Network Control Panel. + </para></listitem> + + <listitem><para>Insert the Windows NT Server 4.0 install CD + when prompted.</para></listitem> +</itemizedlist> + +<para> +At this point the Netmon files should exist in +<filename>%SYSTEMROOT%\System32\netmon\*.*</filename>. +Two subdirectories exist as well, <filename>parsers\</filename> +which contains the necessary DLL's for parsing the netmon packet +dump, and <filename>captures\</filename>. +</para> + +<para> +In order to install the Netmon tools on an NT Workstation, you will +first need to install the 'Network Monitor Agent' from the Workstation +install CD. +</para> + +<itemizedlist> + <listitem><para>Goto Start - Settings - Control Panel - + Network - Services - Add</para></listitem> + + <listitem><para>Select the 'Network Monitor Agent' and click + on 'OK'.</para></listitem> + + <listitem><para>Click 'OK' on the Network Control Panel. + </para></listitem> + + <listitem><para>Insert the Windows NT Workstation 4.0 install + CD when prompted.</para></listitem> +</itemizedlist> + +<para> +Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* +to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set +permissions as you deem appropriate for your site. You will need +administrative rights on the NT box to run netmon. +</para> + +<para> +To install Netmon on a Windows 9x box install the network monitor agent +from the Windows 9x CD (\admin\nettools\netmon). There is a readme +file located with the netmon driver files on the CD if you need +information on how to do this. Copy the files from a working +Netmon installation. +</para> + +</sect1> + +<sect1> +<title>Useful URL's</title> +<itemizedlist> + +<listitem><para>Home of Samba site <ulink url="http://samba.org"> + http://samba.org</ulink>. We have a mirror near you !</para></listitem> + +<listitem><para> The <emphasis>Development</emphasis> document +on the Samba mirrors might mention your problem. If so, +it might mean that the developers are working on it.</para></listitem> + +<listitem><para>See how Scott Merrill simulates a BDC behavior at + <ulink url="http://www.skippy.net/linux/smb-howto.html"> + http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem> + +<listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will + keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba"> + http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem> + +<listitem><para>Misc links to CIFS information + <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem> + +<listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/"> + http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem> + +<listitem><para>FTP site for older SMB specs: + <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> + ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem> + +</itemizedlist> + +</sect1> + +<sect1> +<title>Getting help from the mailing lists</title> + +<para> +There are a number of Samba related mailing lists. Go to <ulink +url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror +and then click on <command>Support</command> and then click on <command> +Samba related mailing lists</command>. +</para> + +<para> +For questions relating to Samba TNG go to +<ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> +It has been requested that you don't post questions about Samba-TNG to the +main stream Samba lists.</para> + +<para> +If you post a message to one of the lists please observe the following guide lines : +</para> + +<itemizedlist> + +<listitem><para> Always remember that the developers are volunteers, they are +not paid and they never guarantee to produce a particular feature at +a particular time. Any time lines are 'best guess' and nothing more. +</para></listitem> + +<listitem><para> Always mention what version of samba you are using and what +operating system its running under. You should probably list the +relevant sections of your &smb.conf; file, at least the options +in [global] that affect PDC support.</para></listitem> + +<listitem><para>In addition to the version, if you obtained Samba via +CVS mention the date when you last checked it out.</para></listitem> + +<listitem><para> Try and make your question clear and brief, lots of long, +convoluted questions get deleted before they are completely read ! +Don't post html encoded messages (if you can select colour or font +size its html).</para></listitem> + +<listitem><para> If you run one of those nifty 'I'm on holidays' things when +you are away, make sure its configured to not answer mailing lists. +</para></listitem> + +<listitem><para> Don't cross post. Work out which is the best list to post to +and see what happens, i.e. don't post to both samba-ntdom and samba-technical. +Many people active on the lists subscribe to more +than one list and get annoyed to see the same message two or more times. +Often someone will see a message and thinking it would be better dealt +with on another, will forward it on for you.</para></listitem> + +<listitem><para>You might include <emphasis>partial</emphasis> +log files written at a debug level set to as much as 20. +Please don't send the entire log but enough to give the context of the +error messages.</para></listitem> + +<listitem><para>(Possibly) If you have a complete netmon trace ( from the opening of +the pipe to the error ) you can send the *.CAP file as well.</para></listitem> + +<listitem><para>Please think carefully before attaching a document to an email. +Consider pasting the relevant parts into the body of the message. The samba +mailing lists go to a huge number of people, do they all need a copy of your +smb.conf in their attach directory?</para></listitem> + +</itemizedlist> + +</sect1> + +<sect1> +<title>How to get off the mailinglists</title> + +<para>To have your name removed from a samba mailing list, go to the +same place you went to to get on it. Go to <ulink +url="http://lists.samba.org/">http://lists.samba.org</ulink>, +click on your nearest mirror and then click on <command>Support</command> and +then click on <command> Samba related mailing lists</command>. Or perhaps see +<ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink> +</para> + +<para> +Please don't post messages to the list asking to be removed, you will just +be referred to the above address (unless that process failed in some way...) +</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/smbdotconf/README b/docs/docbook/smbdotconf/README new file mode 100644 index 0000000000..9a037149ad --- /dev/null +++ b/docs/docbook/smbdotconf/README @@ -0,0 +1,158 @@ +DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0 + +Author of the document: Alexander Bokovoy <ab@samba.org> + +Welcome to new smb.conf(5) documentation build system! This directory +contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2 +sources. Note that the output might be unsatisfying untill all smb.conf(5) +parameters will converted to new format (see Chapter 4 for details). + +Content +------- + +0. Prerequisites +1. Structure +2. XSLT stylesheets +3. Usage +4. Current status of converted parameters + +Prerequisites +------------- + +In order to compile smb.conf(5) documentation from Docbook XML 4.2 +sources you'll need: + + - a working libxml2 and libxslt installation, together with xsltproc utility + + - a locally installed Docbook XSL 4.2 or higher + + - a working xmlcatalog to eliminate Web access for Docbook XSL + +The latter requisite is important: we do not specify local copies of +Docbook XSL stylesheets in our XSLTs because of real nightmare in their +location in most distributions. Fortunately, libxml2 provides standard +way to access locally installed external resources via so-called +'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and +some other distributions but wasn't at the moment of this writting (Late +March'03) in Debian. + +Structure +--------- + +smb.conf(5) sources consist of a number of XML files distributed across +a number of subdirectories. Each subdirectory represents a group of +smb.conf(5) parameters dedicated to one specific task as described in +Samba's loadparm.c source file (and shown in SWAT). + +Each XML file in subdirectories represents one parameter description, +together with some additional meta-information about it. Complete list +of meta-information attributes + +attribute description +------------------------------------------------------------------- +name smb.conf(5) parameter name +context G for global, S for services +basic set to 1 if loadparm.c's description +wizard includes appropriate flag for +advanced this parameter (FLAG_BASIC, +developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER) +------------------------------------------------------------------- + +Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general +stub for man page and several XML instructions to include: + + - a list of global parameters (auto-generated); + + - a list of service parameters (auto-generated); + + - a complete list of alphabetically sorted parameters (auto-generated). + +XSLT stylesheets +---------------- + +In order to combine and build final version of smb.conf(5) we apply a +set of XSLT stylesheets to smb.conf(5) sources. Following is the +complete description of existing stylesheets in smb.conf(5) source tree: + +1. [expand-smb.conf.xsl] Main driver, produces big XML source with all +smaller components combined. The resulted tree is then feed to Docbook +XSL for final producing. + +This stylesheet performs two main transformations: + + - Replaces <samba:parameter> tag by <varlistentry> one; + + - Generates <term> and <anchor> tags for each <samba:parameter>. + +The latter step needs some explanation. We generate automatically +<anchor> and <term> tags based on meta-information about parameter. This +way all anchors have predictable names (capitalized parameter name with +all spaces supressed) and we really don't need to dublicate data. + +There was only one exception to the generation rule in smb.conf.5.sgml: +"use spnego" parameter had anchor SPNEGO which is now unified to +USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO +achnor. + +2. [generate-context.xsl] An utility stylesheet which main purpose is to +produce a list of parameters which are applicable for selected context +(global or service). + +The generate-context.xsl is run twice to generate both +parameters.global.xml and parameters.service.xml which are included then +by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file +which is generated by [generate-file-list.sh] shell script. + +The parameters.all.xml file contains a complete list of include +instructions for XSLT processor to include all small XML files from +subdirectories. + +3. [man.xsl] Our local copy of Docbook XML to man(5) transformer. It +fixes some annoying errors in official Docbook XSL stylesheets and adds +our tuned parameters. This file really belongs to upper level where it +would occur later, as we'll move to Docbook XML completely. + +4. [split-original-smb.conf.xsl] This stylesheet isn't required anymore. +It was used for initial split of SGML-based smb.conf.5.sgml onto a set +of per-parameter XML files. I left it in source tree just for historical +interest. :) + +Usage +----- + +1. Generate [parameters.all.xml]: + sh generate-file-list.sh >parameters.all.xml + +2. Generate [parameters.global.xml]: + xsltproc --xinclude \ + --param smb.context "'G'" \ + --output parameters.global.xml \ + generate-context.xsl parameters.all.xml + +3. Generate [parameters.service.xml]: + xsltproc --xinclude \ + --param smb.context "'S'" \ + --output parameters.service.xml \ + generate-context.xsl parameters.all.xml + +4. Process smb.conf.5.xml (for example, to HTML): + xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \ + xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - > smb.conf.5.html + +Note that in step 4 we are not saving preprocessed smb.conf.5.xml to +disk and directly passing it to the next XSLT processor (in this case -- +Docbook XML to HTML generator). + +For convenience, this sequence of commands is added into source tree as +process-all.sh + +Current state of converted parameters +------------------------------------- + +Only 'misc' parameters don't converted so far. + +All undocumented parameters are listed in doc-status file in of Samba's +docs/ directory. + +Any help is greatly appreciated. + diff --git a/docs/docbook/smbdotconf/browse/browsable.xml b/docs/docbook/smbdotconf/browse/browsable.xml new file mode 100644 index 0000000000..bd35732927 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/browsable.xml @@ -0,0 +1,9 @@ +<samba:parameter name="browsable" + context="S" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the <link linkend="BROWSEABLE"> + <parameter moreinfo="none">browseable</parameter></link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browseable.xml b/docs/docbook/smbdotconf/browse/browseable.xml new file mode 100644 index 0000000000..5da61cccfb --- /dev/null +++ b/docs/docbook/smbdotconf/browse/browseable.xml @@ -0,0 +1,11 @@ +<samba:parameter name="browseable" + context="S" + basic="1" advanced="1" print="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether this share is seen in + the list of available shares in a net view and in the browse list.</para> + + <para>Default: <command moreinfo="none">browseable = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browselist.xml b/docs/docbook/smbdotconf/browse/browselist.xml new file mode 100644 index 0000000000..17a962a3f5 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/browselist.xml @@ -0,0 +1,14 @@ +<samba:parameter name="browse list" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will serve a browse list to + a client doing a <command moreinfo="none">NetServerEnum</command> call. Normally + set to <constant>yes</constant>. You should never need to change + this.</para> + + <para>Default: <command moreinfo="none">browse list = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/domainmaster.xml b/docs/docbook/smbdotconf/browse/domainmaster.xml new file mode 100644 index 0000000000..7bd334bbb5 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/domainmaster.xml @@ -0,0 +1,38 @@ +<samba:parameter name="domain master" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list + collation. Setting this option causes <command moreinfo="none">nmbd</command> to + claim a special domain specific NetBIOS name that identifies + it as a domain master browser for its given <link linkend="WORKGROUP"> + <parameter moreinfo="none">workgroup</parameter></link>. Local master browsers + in the same <parameter moreinfo="none">workgroup</parameter> on broadcast-isolated + subnets will give this <command moreinfo="none">nmbd</command> their local browse lists, + and then ask <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse + list for the whole wide area network. Browser clients will then contact + their local master browser, and will receive the domain-wide browse list, + instead of just the list for their broadcast-isolated subnet.</para> + + <para>Note that Windows NT Primary Domain Controllers expect to be + able to claim this <parameter moreinfo="none">workgroup</parameter> specific special + NetBIOS name that identifies them as domain master browsers for + that <parameter moreinfo="none">workgroup</parameter> by default (i.e. there is no + way to prevent a Windows NT PDC from attempting to do this). This + means that if this parameter is set and <command moreinfo="none">nmbd</command> claims + the special name for a <parameter moreinfo="none">workgroup</parameter> before a Windows + NT PDC is able to do so then cross subnet browsing will behave + strangely and may fail.</para> + + <para>If <link linkend="DOMAINLOGONS"><command moreinfo="none">domain logons = yes</command> + </link>, then the default behavior is to enable the <parameter moreinfo="none">domain + master</parameter> parameter. If <parameter moreinfo="none">domain logons</parameter> is + not enabled (the default setting), then neither will <parameter moreinfo="none">domain + master</parameter> be enabled by default.</para> + + <para>Default: <command moreinfo="none">domain master = auto</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml new file mode 100644 index 0000000000..8fb3be1603 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml @@ -0,0 +1,27 @@ +<samba:parameter name="enhanced browsing" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option enables a couple of enhancements to + cross-subnet browse propagation that have been added in Samba + but which are not standard in Microsoft implementations. + </para> + + <para>The first enhancement to browse propagation consists of a regular + wildcard query to a Samba WINS server for all Domain Master Browsers, + followed by a browse synchronization with each of the returned + DMBs. The second enhancement consists of a regular randomised browse + synchronization with all currently known DMBs.</para> + + <para>You may wish to disable this option if you have a problem with empty + workgroups not disappearing from browse lists. Due to the restrictions + of the browse protocols these enhancements can cause a empty workgroup + to stay around forever which can be annoying.</para> + + <para>In general you should leave this option enabled as it makes + cross-subnet browse propagation much more reliable.</para> + + <para>Default: <command moreinfo="none">enhanced browsing = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lmannounce.xml b/docs/docbook/smbdotconf/browse/lmannounce.xml new file mode 100644 index 0000000000..b18234443a --- /dev/null +++ b/docs/docbook/smbdotconf/browse/lmannounce.xml @@ -0,0 +1,27 @@ +<samba:parameter name="lm announce" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce + broadcasts that are needed by OS/2 clients in order for them to see + the Samba server in their browse list. This parameter can have three + values, <constant>yes</constant>, <constant>no</constant>, or + <constant>auto</constant>. The default is <constant>auto</constant>. + If set to <constant>no</constant> Samba will never produce these + broadcasts. If set to <constant>yes</constant> Samba will produce + Lanman announce broadcasts at a frequency set by the parameter + <parameter moreinfo="none">lm interval</parameter>. If set to <constant>auto</constant> + Samba will not send Lanman announce broadcasts by default but will + listen for them. If it hears such a broadcast on the wire it will + then start sending them at a frequency set by the parameter + <parameter moreinfo="none">lm interval</parameter>.</para> + + <para>See also <link linkend="LMINTERVAL"><parameter moreinfo="none">lm interval</parameter></link>.</para> + + <para>Default: <command moreinfo="none">lm announce = auto</command></para> + + <para>Example: <command moreinfo="none">lm announce = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lminterval.xml b/docs/docbook/smbdotconf/browse/lminterval.xml new file mode 100644 index 0000000000..58e4cc30ba --- /dev/null +++ b/docs/docbook/smbdotconf/browse/lminterval.xml @@ -0,0 +1,20 @@ +<samba:parameter name="lm interval" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If Samba is set to produce Lanman announce + broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> + <parameter moreinfo="none">lm announce</parameter></link> parameter) then this + parameter defines the frequency in seconds with which they will be + made. If this is set to zero then no Lanman announcements will be + made despite the setting of the <parameter moreinfo="none">lm announce</parameter> + parameter.</para> + + <para>See also <link linkend="LMANNOUNCE"><parameter moreinfo="none">lm announce</parameter></link>.</para> + + <para>Default: <command moreinfo="none">lm interval = 60</command></para> + + <para>Example: <command moreinfo="none">lm interval = 120</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/localmaster.xml b/docs/docbook/smbdotconf/browse/localmaster.xml new file mode 100644 index 0000000000..ac2626c679 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/localmaster.xml @@ -0,0 +1,22 @@ +<samba:parameter name="local master" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser + on a subnet. If set to <constant>no</constant> then <command moreinfo="none"> + nmbd</command> will not attempt to become a local master browser + on a subnet and will also lose in all browsing elections. By + default this value is set to <constant>yes</constant>. Setting this value to + <constant>yes</constant> doesn't mean that Samba will <emphasis>become</emphasis> the + local master browser on a subnet, just that <command moreinfo="none">nmbd</command> + will <emphasis>participate</emphasis> in elections for local master browser.</para> + + <para>Setting this value to <constant>no</constant> will cause <command + moreinfo="none">nmbd</command> <emphasis>never</emphasis> to become a local + master browser.</para> + + <para>Default: <command moreinfo="none">local master = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/oslevel.xml b/docs/docbook/smbdotconf/browse/oslevel.xml new file mode 100644 index 0000000000..560516e3f8 --- /dev/null +++ b/docs/docbook/smbdotconf/browse/oslevel.xml @@ -0,0 +1,25 @@ +<samba:parameter name="os level" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This integer value controls what level Samba + advertises itself as for browse elections. The value of this + parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + has a chance of becoming a local master browser for the <parameter moreinfo="none"> + WORKGROUP</parameter> in the local broadcast area.</para> + + <para><emphasis>Note :</emphasis>By default, Samba will win + a local master browsing election over all Microsoft operating + systems except a Windows NT 4.0/2000 Domain Controller. This + means that a misconfigured Samba host can effectively isolate + a subnet for browsing purposes. See <filename moreinfo="none">BROWSING.txt + </filename> in the Samba <filename moreinfo="none">docs/</filename> directory + for details.</para> + + <para>Default: <command moreinfo="none">os level = 20</command></para> + + <para>Example: <command moreinfo="none">os level = 65 </command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferedmaster.xml b/docs/docbook/smbdotconf/browse/preferedmaster.xml new file mode 100644 index 0000000000..2e8cd938ea --- /dev/null +++ b/docs/docbook/smbdotconf/browse/preferedmaster.xml @@ -0,0 +1,9 @@ +<samba:parameter name="prefered master" + context="G" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Synonym for <link linkend="PREFERREDMASTER"><parameter moreinfo="none"> + preferred master</parameter></link> for people who cannot spell :-).</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferredmaster.xml b/docs/docbook/smbdotconf/browse/preferredmaster.xml new file mode 100644 index 0000000000..31c966b4ac --- /dev/null +++ b/docs/docbook/smbdotconf/browse/preferredmaster.xml @@ -0,0 +1,29 @@ +<samba:parameter name="preferred master" + context="G" + basic="1" advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter controls if + <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> is a preferred master + browser for its workgroup.</para> + + <para>If this is set to <constant>yes</constant>, on startup, <command moreinfo="none">nmbd</command> + will force an election, and it will have a slight advantage in + winning the election. It is recommended that this parameter is + used in conjunction with <command moreinfo="none"><link linkend="DOMAINMASTER"> + <parameter moreinfo="none">domain master</parameter></link> = yes</command>, so + that <command moreinfo="none">nmbd</command> can guarantee becoming a domain master.</para> + + <para>Use this option with caution, because if there are several + hosts (whether Samba servers, Windows 95 or NT) that are + preferred master browsers on the same subnet, they will each + periodically and continuously attempt to become the local + master browser. This will result in unnecessary broadcast + traffic and reduced browsing capabilities.</para> + + <para>See also <link linkend="OSLEVEL"><parameter moreinfo="none">os level</parameter></link>.</para> + + <para>Default: <command moreinfo="none">preferred master = auto</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml new file mode 100644 index 0000000000..06017fce59 --- /dev/null +++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml @@ -0,0 +1,21 @@ +<samba:parameter name="machine password timeout" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If a Samba server is a member of a Windows + NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) + parameter) then periodically a running <ulink url="smbd.8.html"> + smbd(8)</ulink> process will try and change the MACHINE ACCOUNT + PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb + </filename>. This parameter specifies how often this password + will be changed, in seconds. The default is one week (expressed in + seconds), the same as a Windows NT Domain member server.</para> + + <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> + security = domain</link>) parameter.</para> + + <para>Default: <command moreinfo="none">machine password timeout = 604800</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/casesensitive.xml b/docs/docbook/smbdotconf/filename/casesensitive.xml new file mode 100644 index 0000000000..94b20d6c0c --- /dev/null +++ b/docs/docbook/smbdotconf/filename/casesensitive.xml @@ -0,0 +1,9 @@ +<samba:parameter name="case sensitive" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> + + <para>Default: <command moreinfo="none">case sensitive = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/casesignames.xml b/docs/docbook/smbdotconf/filename/casesignames.xml new file mode 100644 index 0000000000..3254b545c5 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/casesignames.xml @@ -0,0 +1,8 @@ +<samba:parameter name="casesignames" + context="S" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Synonym for <link linkend="CASESENSITIVE">case sensitive</link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/defaultcase.xml b/docs/docbook/smbdotconf/filename/defaultcase.xml new file mode 100644 index 0000000000..de3ad35c0c --- /dev/null +++ b/docs/docbook/smbdotconf/filename/defaultcase.xml @@ -0,0 +1,11 @@ +<samba:parameter name="default case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the section on <link linkend="NAMEMANGLINGSECT"> + NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> + <parameter moreinfo="none">short preserve case</parameter></link> parameter.</para> + + <para>Default: <command moreinfo="none">default case = lower</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/deletevetofiles.xml b/docs/docbook/smbdotconf/filename/deletevetofiles.xml new file mode 100644 index 0000000000..c851824b7e --- /dev/null +++ b/docs/docbook/smbdotconf/filename/deletevetofiles.xml @@ -0,0 +1,28 @@ +<samba:parameter name="delete veto files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used when Samba is attempting to + delete a directory that contains one or more vetoed directories + (see the <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> + option). If this option is set to <constant>no</constant> (the default) then if a vetoed + directory contains any non-vetoed files or directories then the + directory delete will fail. This is usually what you want.</para> + + <para>If this option is set to <constant>yes</constant>, then Samba + will attempt to recursively delete any files and directories within + the vetoed directory. This can be useful for integration with file + serving systems such as NetAtalk which create meta-files within + directories you might normally veto DOS/Windows users from seeing + (e.g. <filename moreinfo="none">.AppleDouble</filename>)</para> + + <para>Setting <command moreinfo="none">delete veto files = yes</command> allows these + directories to be transparently deleted when the parent directory + is deleted (so long as the user has permissions to do so).</para> + + <para>See also the <link linkend="VETOFILES"><parameter moreinfo="none">veto + files</parameter></link> parameter.</para> + + <para>Default: <command moreinfo="none">delete veto files = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidedotfiles.xml b/docs/docbook/smbdotconf/filename/hidedotfiles.xml new file mode 100644 index 0000000000..1728f01f8f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hidedotfiles.xml @@ -0,0 +1,10 @@ +<samba:parameter name="hide dot files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean parameter that controls whether + files starting with a dot appear as hidden files.</para> + + <para>Default: <command moreinfo="none">hide dot files = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidefiles.xml b/docs/docbook/smbdotconf/filename/hidefiles.xml new file mode 100644 index 0000000000..b687fc5a1f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hidefiles.xml @@ -0,0 +1,39 @@ +<samba:parameter name="hide files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a list of files or directories that are not + visible but are accessible. The DOS 'hidden' attribute is applied + to any files or directories that match.</para> + + <para>Each entry in the list must be separated by a '/', + which allows spaces to be included in the entry. '*' + and '?' can be used to specify multiple files or directories + as in DOS wildcards.</para> + + <para>Each entry must be a Unix path, not a DOS path and must + not include the Unix directory separator '/'.</para> + + <para>Note that the case sensitivity option is applicable + in hiding files.</para> + + <para>Setting this parameter will affect the performance of Samba, + as it will be forced to check all files and directories for a match + as they are scanned.</para> + + <para>See also <link linkend="HIDEDOTFILES"><parameter moreinfo="none">hide + dot files</parameter></link>, <link linkend="VETOFILES"><parameter moreinfo="none"> + veto files</parameter></link> and <link linkend="CASESENSITIVE"> + <parameter moreinfo="none">case sensitive</parameter></link>.</para> + + <para>Default: <emphasis>no file are hidden</emphasis></para> + + <para>Example: <command moreinfo="none">hide files = + /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para> + + <para>The above example is based on files that the Macintosh + SMB client (DAVE) available from <ulink url="http://www.thursby.com"> + Thursby</ulink> creates for internal use, and also still hides + all files beginning with a dot.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml new file mode 100644 index 0000000000..815e8ea63c --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml @@ -0,0 +1,12 @@ +<samba:parameter name="hide special files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter prevents clients from seeing + special files such as sockets, devices and fifo's in directory + listings. + </para> + + <para>Default: <command moreinfo="none">hide special files = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunreadable.xml b/docs/docbook/smbdotconf/filename/hideunreadable.xml new file mode 100644 index 0000000000..f34a3a597d --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hideunreadable.xml @@ -0,0 +1,10 @@ +<samba:parameter name="hide unreadable" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter prevents clients from seeing the + existance of files that cannot be read. Defaults to off.</para> + + <para>Default: <command moreinfo="none">hide unreadable = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml new file mode 100644 index 0000000000..7d20296ff2 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml @@ -0,0 +1,12 @@ +<samba:parameter name="hide unwriteable files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter prevents clients from seeing + the existance of files that cannot be written to. Defaults to off. + Note that unwriteable directories are shown as usual. + </para> + + <para>Default: <command moreinfo="none">hide unwriteable = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglecase.xml b/docs/docbook/smbdotconf/filename/manglecase.xml new file mode 100644 index 0000000000..d514375c3b --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglecase.xml @@ -0,0 +1,9 @@ +<samba:parameter name="mangle case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link></para> + + <para>Default: <command moreinfo="none">mangle case = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledmap.xml b/docs/docbook/smbdotconf/filename/mangledmap.xml new file mode 100644 index 0000000000..e790fa877d --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mangledmap.xml @@ -0,0 +1,26 @@ +<samba:parameter name="mangled map" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is for those who want to directly map UNIX + file names which cannot be represented on Windows/DOS. The mangling + of names is not always what is needed. In particular you may have + documents with file extensions that differ between DOS and UNIX. + For example, under UNIX it is common to use <filename moreinfo="none">.html</filename> + for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename> + is more commonly used.</para> + + <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename> + you would use:</para> + + <para><command moreinfo="none">mangled map = (*.html *.htm)</command></para> + + <para>One very useful case is to remove the annoying <filename moreinfo="none">;1 + </filename> off the ends of filenames on some CDROMs (only visible + under some UNIXes). To do this use a map of (*;1 *;).</para> + + <para>Default: <emphasis>no mangled map</emphasis></para> + + <para>Example: <command moreinfo="none">mangled map = (*;1 *;)</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglednames.xml b/docs/docbook/smbdotconf/filename/manglednames.xml new file mode 100644 index 0000000000..4ec088d16f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglednames.xml @@ -0,0 +1,67 @@ +<samba:parameter name="mangled names" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether non-DOS names under UNIX + should be mapped to DOS-compatible names ("mangled") and made visible, + or whether non-DOS names should simply be ignored.</para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for + details on how to control the mangling process.</para> + + <para>If mangling is used then the mangling algorithm is as follows:</para> + + <itemizedlist> + <listitem> + <para>The first (up to) five alphanumeric characters + before the rightmost dot of the filename are preserved, forced + to upper case, and appear as the first (up to) five characters + of the mangled name.</para> + </listitem> + + <listitem> + <para>A tilde "~" is appended to the first part of the mangled + name, followed by a two-character unique sequence, based on the + original root name (i.e., the original filename minus its final + extension). The final extension is included in the hash calculation + only if it contains any upper case characters or is longer than three + characters.</para> + + <para>Note that the character to use may be specified using + the <link linkend="MANGLINGCHAR"><parameter moreinfo="none">mangling char</parameter> + </link> option, if you don't like '~'.</para> + </listitem> + + <listitem> + <para>The first three alphanumeric characters of the final + extension are preserved, forced to upper case and appear as the + extension of the mangled name. The final extension is defined as that + part of the original filename after the rightmost dot. If there are no + dots in the filename, the mangled name will have no extension (except + in the case of "hidden files" - see below).</para> + </listitem> + + <listitem> + <para>Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will be created as + for other filenames, but with the leading dot removed and "___" as + its extension regardless of actual original extension (that's three + underscores).</para> + </listitem> + </itemizedlist> + + <para>The two-digit hash value consists of upper case alphanumeric characters.</para> + + <para>This algorithm can cause name collisions only if files + in a directory share the same first five alphanumeric characters. + The probability of such a clash is 1/1300.</para> + + <para>The name mangling (if enabled) allows a file to be + copied between UNIX directories from Windows/DOS while retaining + the long UNIX filename. UNIX files can be renamed to a new extension + from Windows/DOS and will retain the same basename. Mangled names + do not change between sessions.</para> + + <para>Default: <command moreinfo="none">mangled names = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml new file mode 100644 index 0000000000..42083d13a2 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mangledstack.xml @@ -0,0 +1,27 @@ +<samba:parameter name="mangling stack" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls the number of mangled names + that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>.</para> + + <para>This stack is a list of recently mangled base names + (extensions are only maintained if they are longer than 3 characters + or contains upper case characters).</para> + + <para>The larger this value, the more likely it is that mangled + names can be successfully converted to correct long UNIX names. + However, large stack sizes will slow most directory accesses. Smaller + stacks save memory in the server (each stack element costs 256 bytes). + </para> + + <para>It is not possible to absolutely guarantee correct long + filenames, so be prepared for some surprises!</para> + + <para>Default: <command moreinfo="none">mangled stack = 50</command></para> + + <para>Example: <command moreinfo="none">mangled stack = 100</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml new file mode 100644 index 0000000000..5476ed1f08 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mangleprefix.xml @@ -0,0 +1,16 @@ +<samba:parameter name="mangling prefix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> controls the number of prefix + characters from the original name used when generating + the mangled names. A larger value will give a weaker + hash and therefore more name collisions. The minimum + value is 1 and the maximum value is 6.</para> + + <para>Default: <command moreinfo="none">mangle prefix = 1</command></para> + + <para>Example: <command moreinfo="none">mangle prefix = 4</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml new file mode 100644 index 0000000000..57c4fa2acd --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglingchar.xml @@ -0,0 +1,14 @@ +<samba:parameter name="mangling char" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls what character is used as + the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The + default is a '~' but this may interfere with some software. Use this option to set + it to whatever you prefer.</para> + + <para>Default: <command moreinfo="none">mangling char = ~</command></para> + + <para>Example: <command moreinfo="none">mangling char = ^</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingmethod.xml b/docs/docbook/smbdotconf/filename/manglingmethod.xml new file mode 100644 index 0000000000..74366483bd --- /dev/null +++ b/docs/docbook/smbdotconf/filename/manglingmethod.xml @@ -0,0 +1,19 @@ +<samba:parameter name="mangling method" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> controls the algorithm used for the generating + the mangled names. Can take two different values, "hash" and + "hash2". "hash" is the default and is the algorithm that has been + used in Samba for many years. "hash2" is a newer and considered + a better algorithm (generates less collisions) in the names. + However, many Win32 applications store the mangled names and so + changing to the new algorithm must not be done + lightly as these applications may break unless reinstalled.</para> + + <para>Default: <command moreinfo="none">mangling method = hash2</command></para> + + <para>Example: <command moreinfo="none">mangling method = hash</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maparchive.xml b/docs/docbook/smbdotconf/filename/maparchive.xml new file mode 100644 index 0000000000..b44088efe3 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/maparchive.xml @@ -0,0 +1,19 @@ +<samba:parameter name="map archive" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether the DOS archive attribute + should be mapped to the UNIX owner execute bit. The DOS archive bit + is set when a file has been modified since its last backup. One + motivation for this option it to keep Samba/your PC from making + any file it touches from becoming executable under UNIX. This can + be quite annoying for shared source code, documents, etc...</para> + + <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> + parameter to be set such that owner execute bit is not masked out + (i.e. it must include 100). See the parameter <link linkend="CREATEMASK"> + <parameter moreinfo="none">create mask</parameter></link> for details.</para> + + <para>Default: <command moreinfo="none">map archive = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maphidden.xml b/docs/docbook/smbdotconf/filename/maphidden.xml new file mode 100644 index 0000000000..4c1a932788 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/maphidden.xml @@ -0,0 +1,15 @@ +<samba:parameter name="map hidden" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether DOS style hidden files + should be mapped to the UNIX world execute bit.</para> + + <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> + to be set such that the world execute bit is not masked out (i.e. + it must include 001). See the parameter <link linkend="CREATEMASK"> + <parameter moreinfo="none">create mask</parameter></link> for details.</para> + + <para>Default: <command moreinfo="none">map hidden = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mapsystem.xml b/docs/docbook/smbdotconf/filename/mapsystem.xml new file mode 100644 index 0000000000..7fe50bb19f --- /dev/null +++ b/docs/docbook/smbdotconf/filename/mapsystem.xml @@ -0,0 +1,15 @@ +<samba:parameter name="map system" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether DOS style system files + should be mapped to the UNIX group execute bit.</para> + + <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> + to be set such that the group execute bit is not masked out (i.e. + it must include 010). See the parameter <link linkend="CREATEMASK"> + <parameter moreinfo="none">create mask</parameter></link> for details.</para> + + <para>Default: <command moreinfo="none">map system = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/preservecase.xml b/docs/docbook/smbdotconf/filename/preservecase.xml new file mode 100644 index 0000000000..d8a4e2342d --- /dev/null +++ b/docs/docbook/smbdotconf/filename/preservecase.xml @@ -0,0 +1,14 @@ +<samba:parameter name="preserve case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> This controls if new filenames are created + with the case that the client passes, or if they are forced to + be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case + </parameter></link>.</para> + + <para>Default: <command moreinfo="none">preserve case = yes</command></para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for a fuller discussion.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/shortpreservecase.xml b/docs/docbook/smbdotconf/filename/shortpreservecase.xml new file mode 100644 index 0000000000..52c93e1370 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/shortpreservecase.xml @@ -0,0 +1,17 @@ +<samba:parameter name="short preserve case" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter controls if new files + which conform to 8.3 syntax, that is all in upper case and of + suitable length, are created upper case, or if they are forced + to be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case + </parameter></link>. This option can be use with <link linkend="PRESERVECASE"><command moreinfo="none">preserve case = yes</command> + </link> to permit long filenames to retain their case, while short + names are lowered. </para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> + + <para>Default: <command moreinfo="none">short preserve case = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/statcache.xml b/docs/docbook/smbdotconf/filename/statcache.xml new file mode 100644 index 0000000000..ee2a48732e --- /dev/null +++ b/docs/docbook/smbdotconf/filename/statcache.xml @@ -0,0 +1,13 @@ +<samba:parameter name="stat cache" + context="G" + developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will use a cache in order to + speed up case insensitive name mappings. You should never need + to change this parameter.</para> + + <para>Default: <command moreinfo="none">stat cache = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/stripdot.xml b/docs/docbook/smbdotconf/filename/stripdot.xml new file mode 100644 index 0000000000..afed63a12b --- /dev/null +++ b/docs/docbook/smbdotconf/filename/stripdot.xml @@ -0,0 +1,12 @@ +<samba:parameter name="strip dot" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean that controls whether to + strip trailing dots off UNIX filenames. This helps with some + CDROMs that have filenames ending in a single dot.</para> + + <para>Default: <command moreinfo="none">strip dot = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml new file mode 100644 index 0000000000..e7c683a518 --- /dev/null +++ b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml @@ -0,0 +1,25 @@ +<samba:parameter name="veto oplock files" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only valid when the <link linkend="OPLOCKS"> + <parameter moreinfo="none">oplocks</parameter></link> + parameter is turned on for a share. It allows the Samba administrator + to selectively turn off the granting of oplocks on selected files that + match a wildcarded list, similar to the wildcarded list used in the + <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> + parameter.</para> + + <para>Default: <emphasis>No files are vetoed for oplock grants</emphasis></para> + + <para>You might want to do this on files that you know will + be heavily contended for by clients. A good example of this + is in the NetBench SMB benchmark program, which causes heavy + client contention for files ending in <filename moreinfo="none">.SEM</filename>. + To cause Samba not to grant oplocks on these files you would use + the line (either in the [global] section or in the section for + the particular NetBench share :</para> + + <para>Example: <command moreinfo="none">veto oplock files = /*.SEM/</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml new file mode 100644 index 0000000000..301c88df7b --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml @@ -0,0 +1,16 @@ +<samba:parameter name="ldap admin dn" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> The <parameter moreinfo="none">ldap admin dn</parameter> + defines the Distinguished Name (DN) name used by Samba to + contact the ldap server when retreiving user account + information. The <parameter moreinfo="none">ldap admin + dn</parameter> is used in conjunction with the admin dn password + stored in the <filename moreinfo="none">private/secrets.tdb</filename> file. + See the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> man page for more + information on how to accmplish this.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml new file mode 100644 index 0000000000..89a75e02fd --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml @@ -0,0 +1,13 @@ +<samba:parameter name="ldap delete dn" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> This parameter specifies whether a delete + operation in the ldapsam deletes the complete entry or only the attributes + specific to Samba. + </para> + + <para>Default: <emphasis>ldap delete dn = no</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml new file mode 100644 index 0000000000..1d0ab33d89 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap filter" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the <constant>uid</constant> + attribute for all entries matching the <constant>sambaAccount</constant> + objectclass. Note that this filter should only return one entry. + </para> + + <para>Default: <command moreinfo="none">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml new file mode 100644 index 0000000000..0ef6a04abf --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml @@ -0,0 +1,10 @@ +<samba:parameter name="ldap machine suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>It specifies where machines should be added to the ldap tree.</para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml new file mode 100644 index 0000000000..8015b2fb2d --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml @@ -0,0 +1,35 @@ +<samba:parameter name="ldap passwd sync" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to define whether + or not Samba should sync the LDAP password with the NT + and LM hashes for normal accounts (NOT for + workstation, server or domain trusts) on a password + change via SAMBA. + </para> + + <para>The <parameter moreinfo="none">ldap passwd + sync</parameter> can be set to one of three values: </para> + + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">Yes</parameter> = Try + to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">No</parameter> = Update NT and + LM passwords and update the pwdLastSet time.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">Only</parameter> = Only update + the LDAP password and let the LDAP server do the rest.</para> + </listitem> + </itemizedlist> + + <para>Default: <command moreinfo="none">ldap passwd sync = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml new file mode 100644 index 0000000000..c00c525db0 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapport.xml @@ -0,0 +1,19 @@ +<samba:parameter name="ldap port" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only available if Samba has been + configure to include the <command moreinfo="none">--with-ldapsam</command> option + at compile time.</para> + + <para>This option is used to control the tcp port number used to contact + the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>. + The default is to use the stand LDAPS port 636.</para> + + <para>See Also: <link linkend="LDAPSSL">ldap ssl</link></para> + + <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para> + + <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml new file mode 100644 index 0000000000..e7a4c670ab --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml @@ -0,0 +1,15 @@ +<samba:parameter name="ldap server" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only available if Samba has been + configure to include the <command moreinfo="none">--with-ldapsam</command> + option at compile time.</para> + + <para>This parameter should contain the FQDN of the ldap directory + server which should be queried to locate user account information. + </para> + + <para>Default : <command moreinfo="none">ldap server = localhost</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml new file mode 100644 index 0000000000..13bafdf3a7 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml @@ -0,0 +1,39 @@ +<samba:parameter name="ldap ssl" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to define whether or not Samba should + use SSL when connecting to the ldap server + This is <emphasis>NOT</emphasis> related to + Samba's previous SSL support which was enabled by specifying the + <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> + script.</para> + + <para>The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:</para> + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">Off</parameter> = Never + use SSL when querying the directory.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">Start_tls</parameter> = Use + the LDAPv3 StartTLS extended operation (RFC2830) for + communicating with the directory server.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">On</parameter> = Use SSL + on the ldaps port when contacting the <parameter + moreinfo="none">ldap server</parameter>. Only available when the + backwards-compatiblity <command + moreinfo="none">--with-ldapsam</command> option is specified + to configure. See <link linkend="PASSDBBACKEND"><parameter + moreinfo="none">passdb backend</parameter></link></para> + </listitem> + </itemizedlist> + + <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml new file mode 100644 index 0000000000..609f171096 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Specifies where user and machine accounts are added to the + tree. Can be overriden by <command moreinfo="none">ldap user + suffix</command> and <command moreinfo="none">ldap machine + suffix</command>. It also used as the base dn for all ldap + searches. </para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml new file mode 100644 index 0000000000..36bbcb2fb4 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml @@ -0,0 +1,23 @@ +<samba:parameter name="ldap trust ids" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + + <para>Normally, Samba validates each entry in the LDAP server + against getpwnam(). This allows LDAP to be used for Samba with + the unix system using NIS (for example) and also ensures that + Samba does not present accounts that do not otherwise exist. + </para> + + <para>This option is used to disable this functionality, and + instead to rely on the presence of the appropriate attributes + in LDAP directly, which can result in a significant performance + boost in some situations. Setting this option to yes effectivly + assumes that the local machine is running <command + moreinfo="none">nss_ldap</command> against the same LDAP + server.</para> + + <para>Default: <command moreinfo="none">ldap trust ids = No</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml new file mode 100644 index 0000000000..731fba3420 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml @@ -0,0 +1,10 @@ +<samba:parameter name="ldap user suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>It specifies where users are added to the tree.</para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/blockinglocks.xml b/docs/docbook/smbdotconf/locking/blockinglocks.xml new file mode 100644 index 0000000000..f11d92f4f5 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/blockinglocks.xml @@ -0,0 +1,23 @@ +<samba:parameter name="blocking locks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls the behavior + of <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when given a request by a client + to obtain a byte range lock on a region of an open file, and the + request has a time limit associated with it.</para> + + <para>If this parameter is set and the lock range requested + cannot be immediately satisfied, samba will internally + queue the lock request, and periodically attempt to obtain + the lock until the timeout period expires.</para> + + <para>If this parameter is set to <constant>no</constant>, then + samba will behave as previous versions of Samba would and + will fail the lock request immediately if the lock range + cannot be obtained.</para> + + <para>Default: <command moreinfo="none">blocking locks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/cscpolicy.xml b/docs/docbook/smbdotconf/locking/cscpolicy.xml new file mode 100644 index 0000000000..7567ed9286 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/cscpolicy.xml @@ -0,0 +1,20 @@ +<samba:parameter name="csc policy" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This stands for <emphasis>client-side caching + policy</emphasis>, and specifies how clients capable of offline + caching will cache the files in the share. The valid values + are: manual, documents, programs, disable.</para> + + <para>These values correspond to those used on Windows servers.</para> + + <para>For example, shares containing roaming profiles can have + offline caching disabled using <command + moreinfo="none">csc policy = disable</command>.</para> + + <para>Default: <command moreinfo="none">csc policy = manual</command></para> + + <para>Example: <command moreinfo="none">csc policy = programs</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/fakeoplocks.xml b/docs/docbook/smbdotconf/locking/fakeoplocks.xml new file mode 100644 index 0000000000..b7deac68ba --- /dev/null +++ b/docs/docbook/smbdotconf/locking/fakeoplocks.xml @@ -0,0 +1,31 @@ +<samba:parameter name="fake oplocks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Oplocks are the way that SMB clients get permission + from a server to locally cache file operations. If a server grants + an oplock (opportunistic lock) then the client is free to assume + that it is the only one accessing the file and it will aggressively + cache file data. With some oplock types the client may even cache + file open/close operations. This can give enormous performance benefits. + </para> + + <para>When you set <command moreinfo="none">fake oplocks = yes</command>, <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> will + always grant oplock requests no matter how many clients are using the file.</para> + + <para>It is generally much better to use the real <link linkend="OPLOCKS"> + <parameter moreinfo="none">oplocks</parameter></link> support rather + than this parameter.</para> + + <para>If you enable this option on all read-only shares or + shares that you know will only be accessed from one client at a + time such as physically read-only media like CDROMs, you will see + a big performance improvement on many operations. If you enable + this option on shares where multiple clients may be accessing the + files read-write at the same time you can get data corruption. Use + this option carefully!</para> + + <para>Default: <command moreinfo="none">fake oplocks = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/kerneloplocks.xml b/docs/docbook/smbdotconf/locking/kerneloplocks.xml new file mode 100644 index 0000000000..f155fddc8f --- /dev/null +++ b/docs/docbook/smbdotconf/locking/kerneloplocks.xml @@ -0,0 +1,27 @@ +<samba:parameter name="kernel oplocks" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>For UNIXes that support kernel based <link linkend="OPLOCKS"> + <parameter moreinfo="none">oplocks</parameter></link> + (currently only IRIX and the Linux 2.4 kernel), this parameter + allows the use of them to be turned on or off.</para> + + <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks + </parameter> to be broken whenever a local UNIX process or NFS operation + accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete + data consistency between SMB/CIFS, NFS and local file access (and is + a <emphasis>very</emphasis> cool feature :-).</para> + + <para>This parameter defaults to <constant>on</constant>, but is translated + to a no-op on systems that no not have the necessary kernel support. + You should never need to touch this parameter.</para> + + <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> + </link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">level2 oplocks + </parameter></link> parameters.</para> + + <para>Default: <command moreinfo="none">kernel oplocks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/level2oplocks.xml b/docs/docbook/smbdotconf/locking/level2oplocks.xml new file mode 100644 index 0000000000..c2c090b1a8 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/level2oplocks.xml @@ -0,0 +1,41 @@ +<samba:parameter name="level2 oplocks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls whether Samba supports + level2 (read-only) oplocks on a share.</para> + + <para>Level2, or read-only oplocks allow Windows NT clients + that have an oplock on a file to downgrade from a read-write oplock + to a read-only oplock once a second client opens the file (instead + of releasing all oplocks on a second open, as in traditional, + exclusive oplocks). This allows all openers of the file that + support level2 oplocks to cache the file for read-ahead only (ie. + they may not cache writes or lock requests) and increases performance + for many accesses of files that are not commonly written (such as + application .EXE files).</para> + + <para>Once one of the clients which have a read-only oplock + writes to the file all clients are notified (no reply is needed + or waited for) and told to break their oplocks to "none" and + delete any read-ahead caches.</para> + + <para>It is recommended that this parameter be turned on to + speed access to shared executables.</para> + + <para>For more discussions on level2 oplocks see the CIFS spec.</para> + + <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel + oplocks</parameter></link> are supported then level2 oplocks are + not granted (even if this parameter is set to <constant>yes</constant>). + Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> + </link> parameter must be set to <constant>yes</constant> on this share in order for + this parameter to have any effect.</para> + + <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> + </link> and <link linkend="OPLOCKS"><parameter moreinfo="none">kernel oplocks</parameter> + </link> parameters.</para> + + <para>Default: <command moreinfo="none">level2 oplocks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/locking.xml b/docs/docbook/smbdotconf/locking/locking.xml new file mode 100644 index 0000000000..8526224316 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/locking.xml @@ -0,0 +1,27 @@ +<samba:parameter name="locking" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This controls whether or not locking will be + performed by the server in response to lock requests from the + client.</para> + + <para>If <command moreinfo="none">locking = no</command>, all lock and unlock + requests will appear to succeed and all lock queries will report + that the file in question is available for locking.</para> + + <para>If <command moreinfo="none">locking = yes</command>, real locking will be performed + by the server.</para> + + <para>This option <emphasis>may</emphasis> be useful for read-only + filesystems which <emphasis>may</emphasis> not need locking (such as + CDROM drives), although setting this parameter of <constant>no</constant> + is not really recommended even in this case.</para> + + <para>Be careful about disabling locking either globally or in a + specific service, as lack of locking may result in data corruption. + You should never need to set this parameter.</para> + + <para>Default: <command moreinfo="none">locking = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml new file mode 100644 index 0000000000..d308f5d845 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/lockspincount.xml @@ -0,0 +1,17 @@ +<samba:parameter name="lock spin count" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. + </para> + + <para>Default: <command moreinfo="none">lock spin count = 2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspintime.xml b/docs/docbook/smbdotconf/locking/lockspintime.xml new file mode 100644 index 0000000000..460b2827b4 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/lockspintime.xml @@ -0,0 +1,12 @@ +<samba:parameter name="lock spin time" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin + count</parameter></link> for more details.</para> + + <para>Default: <command moreinfo="none">lock spin time = 10</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml new file mode 100644 index 0000000000..0dc130eab3 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml @@ -0,0 +1,18 @@ +<samba:parameter name="oplock break wait time" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a tuning parameter added due to bugs in + both Windows 9x and WinNT. If Samba responds to a client too + quickly when that client issues an SMB that can cause an oplock + break request, then the network client can fail and not respond + to the break request. This tuning parameter (which is set in milliseconds) + is the amount of time Samba will wait before sending an oplock break + request to such (broken) clients.</para> + + <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND + UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> + + <para>Default: <command moreinfo="none">oplock break wait time = 0</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml new file mode 100644 index 0000000000..1b24e5cdec --- /dev/null +++ b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml @@ -0,0 +1,22 @@ +<samba:parameter name="oplock contention limit" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a <emphasis>very</emphasis> advanced + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> tuning option to + improve the efficiency of the granting of oplocks under multiple + client contention for the same file.</para> + + <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested + if the approximate number of clients contending for an oplock on the same file goes over this + limit. This causes <command moreinfo="none">smbd</command> to behave in a similar + way to Windows NT.</para> + + <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> + + <para>Default: <command moreinfo="none">oplock contention limit = 2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplocks.xml b/docs/docbook/smbdotconf/locking/oplocks.xml new file mode 100644 index 0000000000..0ba53ba765 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/oplocks.xml @@ -0,0 +1,29 @@ +<samba:parameter name="oplocks" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean option tells <command moreinfo="none">smbd</command> whether to + issue oplocks (opportunistic locks) to file open requests on this + share. The oplock code can dramatically (approx. 30% or more) improve + the speed of access to files on Samba servers. It allows the clients + to aggressively cache files locally and you may want to disable this + option for unreliable network environments (it is turned on by + default in Windows NT Servers). For more information see the file + <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename> + directory.</para> + + <para>Oplocks may be selectively turned off on certain files with a + share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none"> + veto oplock files</parameter></link> parameter. On some systems + oplocks are recognized by the underlying operating system. This + allows data synchronization between all access to oplocked files, + whether it be via Samba or NFS or a local UNIX process. See the + <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para> + + <para>See also the <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel + oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none"> + level2 oplocks</parameter></link> parameters.</para> + + <para>Default: <command moreinfo="none">oplocks = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/posixlocking.xml b/docs/docbook/smbdotconf/locking/posixlocking.xml new file mode 100644 index 0000000000..c81bdcff38 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/posixlocking.xml @@ -0,0 +1,16 @@ +<samba:parameter name="posix locking" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> + daemon maintains an database of file locks obtained by SMB clients. + The default behavior is to map this internal database to POSIX + locks. This means that file locks obtained by SMB clients are + consistent with those seen by POSIX compliant applications accessing + the files via a non-SMB method (e.g. NFS or local file access). + You should never need to disable this parameter.</para> + + <para>Default: <command moreinfo="none">posix locking = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/sharemodes.xml b/docs/docbook/smbdotconf/locking/sharemodes.xml new file mode 100644 index 0000000000..529ec44106 --- /dev/null +++ b/docs/docbook/smbdotconf/locking/sharemodes.xml @@ -0,0 +1,28 @@ +<samba:parameter name="share modes" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This enables or disables the honoring of + the <parameter moreinfo="none">share modes</parameter> during a file open. These + modes are used by clients to gain exclusive read or write access + to a file.</para> + + <para>These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files if your + UNIX doesn't support shared memory (almost all do).</para> + + <para>The share modes that are enabled by this option are + <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>, + <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>, + <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>. + </para> + + <para>This option gives full share compatibility and enabled + by default.</para> + + <para>You should <emphasis>NEVER</emphasis> turn this parameter + off as many Windows applications will break if you do so.</para> + + <para>Default: <command moreinfo="none">share modes = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/strictlocking.xml b/docs/docbook/smbdotconf/locking/strictlocking.xml new file mode 100644 index 0000000000..34c1c7fe5e --- /dev/null +++ b/docs/docbook/smbdotconf/locking/strictlocking.xml @@ -0,0 +1,19 @@ +<samba:parameter name="strict locking" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean that controls the handling of + file locking in the server. When this is set to <constant>yes</constant> + the server will check every read and write access for file locks, and + deny access if locks exist. This can be slow on some systems.</para> + + <para>When strict locking is <constant>no</constant> the server does file + lock checks only when the client explicitly asks for them.</para> + + <para>Well-behaved clients always ask for lock checks when it + is important, so in the vast majority of cases <command moreinfo="none">strict + locking = no</command> is preferable.</para> + + <para>Default: <command moreinfo="none">strict locking = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml new file mode 100644 index 0000000000..e9a7dba792 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml @@ -0,0 +1,18 @@ +<samba:parameter name="abort shutdown script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> that + should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"> + <parameter moreinfo="none">shutdown script</parameter></link>.</para> + + <para>This command will be run as user.</para> + + <para>Default: <emphasis>None</emphasis>.</para> + + <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml new file mode 100644 index 0000000000..25906d0889 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addgroupscript.xml @@ -0,0 +1,17 @@ +<samba:parameter name="add group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will be run + <emphasis>AS ROOT</emphasis> by <citerefentry> + <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> + when a new group is requested. It will expand any <parameter + moreinfo="none">%g</parameter> to the group name passed. This + script is only useful for installations using the Windows NT + domain administration tools. The script is free to create a + group with an arbitrary name to circumvent unix group name + restrictions. In that case the script must print the numeric gid + of the created group on stdout.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml new file mode 100644 index 0000000000..7aef54d8b0 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addmachinescript.xml @@ -0,0 +1,21 @@ +<samba:parameter name="add machine script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will be run by + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a machine is added + to it's domain using the administrator username and password + method. </para> + + <para>This option is only required when using sam back-ends tied + to the Unix uid method of RID calculation such as smbpasswd. + This option is only available in Samba 3.0.</para> + + <para>Default: <command moreinfo="none">add machine script = <empty string></command></para> + + <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g + machines -c Machine -d /dev/null -s /bin/false %u</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml new file mode 100644 index 0000000000..34d3e7ea58 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -0,0 +1,50 @@ +<samba:parameter name="add user script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> + + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users + <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> + + <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter> + and <parameter moreinfo="none">add user script</parameter> + must be set to a full pathname for a script that will create a UNIX + user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into + the UNIX user name to create.</para> + + <para>When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and + attempts to authenticate the given user with the given password. If the + authentication succeeds then <command moreinfo="none">smbd</command> + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script + </parameter> is set then <command moreinfo="none">smbd</command> will + call the specified script <emphasis>AS ROOT</emphasis>, expanding + any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para> + + <para>If this script successfully creates the user then <command moreinfo="none">smbd + </command> will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.</para> + + <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> + security</parameter></link>, <link linkend="PASSWORDSERVER"> + <parameter moreinfo="none">password server</parameter></link>, + <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user + script</parameter></link>.</para> + + <para>Default: <command moreinfo="none">add user script = <empty string></command></para> + + <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user %u</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml new file mode 100644 index 0000000000..ed17b9c0d9 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml @@ -0,0 +1,18 @@ +<samba:parameter name="add user to group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Full path to the script that will be called when + a user is added to a group using the Windows NT domain administration + tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. + Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and + any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. + </para> + + <para>Default: <command moreinfo="none">add user to group script = </command></para> + + <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml new file mode 100644 index 0000000000..2e78c6ae7d --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deletegroupscript.xml @@ -0,0 +1,13 @@ +<samba:parameter name="delete group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. + It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed. + This script is only useful for installations using the Windows NT domain administration tools. + </para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml new file mode 100644 index 0000000000..76594c75d8 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml @@ -0,0 +1,18 @@ +<samba:parameter name="delete user from group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Full path to the script that will be called when + a user is removed from a group using the Windows NT domain administration + tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. + Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and + any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. + </para> + + <para>Default: <command moreinfo="none">delete user from group script = </command></para> + + <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml new file mode 100644 index 0000000000..233844555b --- /dev/null +++ b/docs/docbook/smbdotconf/logon/deleteuserscript.xml @@ -0,0 +1,22 @@ +<samba:parameter name="delete user script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is the full pathname to a script that will + be run by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when managing users + with remote RPC (NT) tools. + </para> + + <para>This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + <command moreinfo="none">rpcclient</command>.</para> + + <para>This script should delete the given UNIX username.</para> + + <para>Default: <command moreinfo="none">delete user script = <empty string></command></para> + + <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user %u</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml new file mode 100644 index 0000000000..e45621e553 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/domainlogons.xml @@ -0,0 +1,15 @@ +<samba:parameter name="domain logons" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>If set to <constant>yes</constant>, the Samba server will serve + Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> + <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2 + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the Samba-PDC-HOWTO included in the Samba documentation.</para> + + <para>Default: <command moreinfo="none">domain logons = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml new file mode 100644 index 0000000000..8c6be709bf --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logondrive.xml @@ -0,0 +1,18 @@ +<samba:parameter name="logon drive" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the local path to + which the home directory will be connected (see <link linkend="LOGONHOME"> + <parameter moreinfo="none">logon home</parameter></link>) + and is only used by NT Workstations. </para> + + <para>Note that this option is only useful if Samba is set up as a + logon server.</para> + + <para>Default: <command moreinfo="none">logon drive = z:</command></para> + + <para>Example: <command moreinfo="none">logon drive = h:</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml new file mode 100644 index 0000000000..05c69524c2 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonhome.xml @@ -0,0 +1,45 @@ +<samba:parameter name="logon home" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do </para> + + <para><prompt moreinfo="none">C:\></prompt> + <userinput moreinfo="none">NET USE H: /HOME</userinput> + </para> + + <para>from a command prompt, for example.</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way:</para> + + <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para> + + <para>This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does <command moreinfo="none">net use /home</command> + but use the whole string when dealing with profiles.</para> + + <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> + <parameter moreinfo="none">logon path</parameter></link> was returned rather than + <parameter moreinfo="none">logon home</parameter>. This broke <command + moreinfo="none">net use /home</command> but allowed profiles outside the home directory. + The current implementation is correct, and can be used for profiles if you use + the above trick.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <command moreinfo="none">logon home = "\\%N\%U"</command></para> + + <para>Example: <command moreinfo="none">logon home = "\\remote_smb_server\%U"</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml new file mode 100644 index 0000000000..9abcf0d702 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonpath.xml @@ -0,0 +1,49 @@ +<samba:parameter name="logon path" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> + <parameter moreinfo="none">logon home</parameter></link> parameter.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>, + <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename> + and other folders, and their contents, are loaded and displayed on + your Windows NT client.</para> + + <para>The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories.</para> + + <para>Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a <emphasis>MAN</emphasis>datory + profile). </para> + + <para>Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems).</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>Note that this option is only useful if Samba is set up + as a logon server.</para> + + <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para> + + <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml new file mode 100644 index 0000000000..65b6253c0c --- /dev/null +++ b/docs/docbook/smbdotconf/logon/logonscript.xml @@ -0,0 +1,44 @@ +<samba:parameter name="logon script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended.</para> + + <para>The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a <link linkend="PATH"> + <parameter moreinfo="none">path</parameter></link> of <filename + moreinfo="none">/usr/local/samba/netlogon</filename>, and <command + moreinfo="none">logon script = STARTUP.BAT</command>, then + the file that will be downloaded is:</para> + + <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para> + + <para>The contents of the batch file are entirely your choice. A + suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET + /YES</command>, to force every machine to synchronize clocks with + the same time server. Another use would be to add <command moreinfo="none">NET USE + U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none"> + NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> + + <para>Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <emphasis>no logon script defined</emphasis></para> + + <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml new file mode 100644 index 0000000000..c19c307417 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml @@ -0,0 +1,21 @@ +<samba:parameter name="set primary group script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + + <para>Thanks to the Posix subsystem in NT a Windows User has a + primary group in addition to the auxiliary groups. This script + sets the primary group in the unix userdatase when an + administrator sets the primary group from the windows user + manager or when fetching a SAM with <command>net rpc + vampire</command>. <parameter>%u</parameter> will be replaced + with the user whose primary group is to be set. + <parameter>%g</parameter> will be replaced with the group to + set.</para> + + <para>Default: <emphasis>No default value</emphasis></para> + + <para>Example: <command>set primary group script = /usr/sbin/usermod -g '%g' '%u'</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml new file mode 100644 index 0000000000..0eaffea747 --- /dev/null +++ b/docs/docbook/smbdotconf/logon/shutdownscript.xml @@ -0,0 +1,59 @@ +<samba:parameter name="shutdown script" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> that should start a shutdown procedure.</para> + + <para>This command will be run as the user connected to the server.</para> + + <para>%m %t %r %f parameters are expanded:</para> + + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">%m</parameter> will be substituted with the + shutdown message sent to the server.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">%t</parameter> will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">%r</parameter> will be substituted with the + switch <emphasis>-r</emphasis>. It means reboot after shutdown + for NT.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">%f</parameter> will be substituted with the + switch <emphasis>-f</emphasis>. It means force the shutdown + even if applications do not respond for NT.</para> + </listitem> + </itemizedlist> + + <para>Default: <emphasis>None</emphasis>.</para> + + <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> + + <para>Shutdown script example: +<programlisting format="linespecific"> +#!/bin/bash + +$time=0 +let "time/60" +let "time++" + +/sbin/shutdown $3 $4 +$time $1 & +</programlisting> +Shutdown does not return so we need to launch it in background. +</para> + + <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"> + <parameter moreinfo="none">abort shutdown script</parameter></link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/addprintercommand.xml b/docs/docbook/smbdotconf/printing/addprintercommand.xml new file mode 100644 index 0000000000..63b3f567b1 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/addprintercommand.xml @@ -0,0 +1,63 @@ +<samba:parameter name="addprinter command" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>With the introduction of MS-RPC based printing + support for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or Windows + NT/2000 print server.</para> + + <para>For a Samba host this means that the printer must be + physically added to the underlying printing system. The <parameter moreinfo="none">add + printer command</parameter> defines a script to be run which + will perform the necessary operations for adding the printer + to the print system and to add the appropriate service definition + to the <filename moreinfo="none">smb.conf</filename> file in order that it can be + shared by <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>.</para> + + <para>The <parameter moreinfo="none">addprinter command</parameter> is + automatically invoked with the following parameter (in + order):</para> + + <itemizedlist> + <listitem><para><parameter moreinfo="none">printer name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">share name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">port name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">driver name</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">location</parameter></para></listitem> + <listitem><para><parameter moreinfo="none">Windows 9x driver location</parameter></para></listitem> + </itemizedlist> + + <para>All parameters are filled in from the PRINTER_INFO_2 structure sent + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility + only. The remaining fields in the structure are generated from answers + to the APW questions.</para> + + <para>Once the <parameter moreinfo="none">addprinter command</parameter> has + been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> + smb.conf</filename> to determine if the share defined by the APW + exists. If the sharename is still invalid, then <command moreinfo="none">smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para> + The "add printer command" program can output a single line of text, + which Samba will set as the port the new printer is connected to. + If this line isn't output, Samba won't reload its printer shares. + </para> + + <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none"> + deleteprinter command</parameter></link>, <link linkend="PRINTING"> + <parameter moreinfo="none">printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + + <para>Example: <command moreinfo="none">addprinter command = /usr/bin/addprinter</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/defaultdevmode.xml b/docs/docbook/smbdotconf/printing/defaultdevmode.xml new file mode 100644 index 0000000000..1f14b21f5f --- /dev/null +++ b/docs/docbook/smbdotconf/printing/defaultdevmode.xml @@ -0,0 +1,37 @@ +<samba:parameter name="default devmode" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. + When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as paper size and + orientation and duplex settings. The device mode can only correctly be + generated by the printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the driver code + to generate the device mode, the default behavior is to set this field + to NULL. + </para> + + <para>Most problems with serving printer drivers to Windows NT/2k/XP clients + can be traced to a problem with the generated device mode. Certain drivers + will do things such as crashing the client's Explorer.exe with a NULL devmode. + However, other printer drivers can cause the client's spooler service + (spoolsv.exe) to die if the devmode was not created by the driver itself + (i.e. smbd generates a default devmode). + </para> + + <para>This parameter should be used with care and tested with the printer + driver in question. It is better to leave the device mode to NULL + and let the Windows client set the correct values. Because drivers do not + do this all the time, setting <command moreinfo="none">default devmode = yes</command> + will instruct smbd to generate a default one. + </para> + + <para>For more information on Windows NT/2k printing and Device Modes, + see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. + </para> + + <para>Default: <command moreinfo="none">default devmode = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml new file mode 100644 index 0000000000..864f75168d --- /dev/null +++ b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml @@ -0,0 +1,38 @@ +<samba:parameter name="deleteprinter command" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call.</para> + + <para>For a Samba host this means that the printer must be + physically deleted from underlying printing system. The <parameter moreinfo="none"> + deleteprinter command</parameter> defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from <filename moreinfo="none">smb.conf</filename>. + </para> + + <para>The <parameter moreinfo="none">deleteprinter command</parameter> is + automatically called with only one parameter: <parameter moreinfo="none"> + "printer name"</parameter>.</para> + + <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has + been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> + smb.conf</filename> to associated printer no longer exists. + If the sharename is still valid, then <command moreinfo="none">smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none"> + addprinter command</parameter></link>, <link linkend="PRINTING"> + <parameter moreinfo="none">printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + + <para>Example: <command moreinfo="none">deleteprinter command = /usr/bin/removeprinter</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/enumportscommand.xml b/docs/docbook/smbdotconf/printing/enumportscommand.xml new file mode 100644 index 0000000000..7cdf0cc370 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/enumportscommand.xml @@ -0,0 +1,25 @@ +<samba:parameter name="enumports command" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The concept of a "port" is fairly foreign + to UNIX hosts. Under Windows NT/2000 print servers, a port + is associated with a port monitor and generally takes the form of + a local port (i.e. LPT1:, COM1:, FILE:) or a remote port + (i.e. LPD Port Monitor, etc...). By default, Samba has only one + port defined--<constant>"Samba Printer Port"</constant>. Under + Windows NT/2000, all printers must have a valid port name. + If you wish to have a list of ports displayed (<command moreinfo="none">smbd + </command> does not use a port name for anything) other than + the default <constant>"Samba Printer Port"</constant>, you + can define <parameter moreinfo="none">enumports command</parameter> to point to + a program which should generate a list of ports, one per line, + to standard output. This listing will then be used in response + to the level 1 and 2 EnumPorts() RPC.</para> + + <para>Default: <emphasis>no enumports command</emphasis></para> + + <para>Example: <command moreinfo="none">enumports command = /usr/bin/listports</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lppausecommand.xml b/docs/docbook/smbdotconf/printing/lppausecommand.xml new file mode 100644 index 0000000000..15c5aca990 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/lppausecommand.xml @@ -0,0 +1,43 @@ +<samba:parameter name="lppause command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to stop printing or spooling + a specific print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number to pause the print job. One way + of implementing this is by using job priorities, where jobs + having a too low priority won't be sent to the printer.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with + the job number (an integer). On HPUX (see <parameter moreinfo="none">printing=hpux + </parameter>), if the <parameter moreinfo="none">-p%p</parameter> option is added + to the lpq command, the job will show up with the correct status, i.e. + if the job priority is lower than the set fence priority it will + have the PAUSED status, whereas if the priority is equal or higher it + will have the SPOOLED or PRINTING status.</para> + + <para>Note that it is good practice to include the absolute path + in the lppause command as the PATH may not be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing + </parameter></link> parameter.</para> + + <para>Default: Currently no default value is given to + this string, unless the value of the <parameter moreinfo="none">printing</parameter> + parameter is <constant>SYSV</constant>, in which case the default is :</para> + + <para><command moreinfo="none">lp -i %p-%j -H hold</command></para> + + <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter + is <constant>SOFTQ</constant>, then the default is:</para> + + <para><command moreinfo="none">qstat -s -j%j -h</command></para> + + <para>Example for HPUX: <command moreinfo="none">lppause command = /usr/bin/lpalt %p-%j -p0</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpresumecommand.xml b/docs/docbook/smbdotconf/printing/lpresumecommand.xml new file mode 100644 index 0000000000..ae3241bfa9 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/lpresumecommand.xml @@ -0,0 +1,39 @@ +<samba:parameter name="lpresume command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to restart or continue + printing or spooling a specific print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number to resume the print job. See + also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command + </parameter></link> parameter.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with + the job number (an integer).</para> + + <para>Note that it is good practice to include the absolute path + in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not + be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing + </parameter></link> parameter.</para> + + <para>Default: Currently no default value is given + to this string, unless the value of the <parameter moreinfo="none">printing</parameter> + parameter is <constant>SYSV</constant>, in which case the default is :</para> + + <para><command moreinfo="none">lp -i %p-%j -H resume</command></para> + + <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter + is <constant>SOFTQ</constant>, then the default is:</para> + + <para><command moreinfo="none">qstat -s -j%j -r</command></para> + + <para>Example for HPUX: <command moreinfo="none">lpresume command = /usr/bin/lpalt %p-%j -p2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml new file mode 100644 index 0000000000..478031c7b9 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml @@ -0,0 +1,23 @@ +<samba:parameter name="os2 driver map" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The parameter is used to define the absolute + path to a file containing a mapping of Windows NT printer driver + names to OS/2 printer driver names. The format is:</para> + + <para><nt driver name> = <os2 driver name>.<device name></para> + + <para>For example, a valid entry using the HP LaserJet 5 + printer driver would appear as <command moreinfo="none">HP LaserJet 5L = LASERJET.HP + LaserJet 5L</command>.</para> + + <para>The need for the file is due to the printer driver namespace + problem described in the <ulink url="printing.html">Samba + Printing HOWTO</ulink>. For more details on OS/2 clients, please + refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> + + <para>Default: <command moreinfo="none">os2 driver map = <empty string></command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printer.xml b/docs/docbook/smbdotconf/printing/printer.xml new file mode 100644 index 0000000000..0a9611ee03 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/printer.xml @@ -0,0 +1,9 @@ +<samba:parameter name="printer" + context="S" + hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Synonym for <link linkend="PRINTERNAME"><parameter moreinfo="none"> + printer name</parameter></link>.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printername.xml b/docs/docbook/smbdotconf/printing/printername.xml new file mode 100644 index 0000000000..9f76a673ad --- /dev/null +++ b/docs/docbook/smbdotconf/printing/printername.xml @@ -0,0 +1,18 @@ +<samba:parameter name="printer name" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the name of the printer + to which print jobs spooled through a printable service will be sent.</para> + + <para>If specified in the [global] section, the printer + name given will be used for any printable service that does + not have its own printer name specified.</para> + + <para>Default: <emphasis>none (but may be <constant>lp</constant> + on many systems)</emphasis></para> + + <para>Example: <command moreinfo="none">printer name = laserwriter</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printing.xml b/docs/docbook/smbdotconf/printing/printing.xml new file mode 100644 index 0000000000..633666eea7 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/printing.xml @@ -0,0 +1,31 @@ +<samba:parameter name="printing" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameters controls how printer status information is + interpreted on your system. It also affects the default values for + the <parameter moreinfo="none">print command</parameter>, <parameter + moreinfo="none">lpq command</parameter>, <parameter + moreinfo="none">lppause command </parameter>, <parameter + moreinfo="none">lpresume command</parameter>, and <parameter + moreinfo="none">lprm command</parameter> if specified in the + [global] section.</para> + + <para>Currently nine printing styles are supported. They are + <constant>BSD</constant>, <constant>AIX</constant>, + <constant>LPRNG</constant>, <constant>PLP</constant>, + <constant>SYSV</constant>, <constant>HPUX</constant>, + <constant>QNX</constant>, <constant>SOFTQ</constant>, + and <constant>CUPS</constant>.</para> + + <para>To see what the defaults are for the other print + commands when using the various options use the <citerefentry><refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum></citerefentry> program.</para> + + <para>This option can be set on a per printer basis</para> + + <para>See also the discussion in the <link linkend="PRINTERSSECT"> + [printers]</link> section.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queuepausecommand.xml b/docs/docbook/smbdotconf/printing/queuepausecommand.xml new file mode 100644 index 0000000000..13741a0e7f --- /dev/null +++ b/docs/docbook/smbdotconf/printing/queuepausecommand.xml @@ -0,0 +1,29 @@ +<samba:parameter name="queuepause command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to pause the printer queue.</para> + + <para>This command should be a program or script which takes + a printer name as its only parameter and stops the printer queue, + such that no longer jobs are submitted to the printer.</para> + + <para>This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the command. + </para> + + <para>Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.</para> + + <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing</parameter></emphasis></para> + + <para>Example: <command moreinfo="none">queuepause command = disable %p</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queueresumecommand.xml b/docs/docbook/smbdotconf/printing/queueresumecommand.xml new file mode 100644 index 0000000000..23f6702192 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/queueresumecommand.xml @@ -0,0 +1,33 @@ +<samba:parameter name="queueresume command" + context="S" + print="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the command to be + executed on the server host in order to resume the printer queue. It + is the command to undo the behavior that is caused by the + previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none"> + queuepause command</parameter></link>).</para> + + <para>This command should be a program or script which takes + a printer name as its only parameter and resumes the printer queue, + such that queued jobs are resubmitted to the printer.</para> + + <para>This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.</para> + + <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command.</para> + + <para>Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.</para> + + <para>Default: <emphasis>depends on the setting of <link linkend="PRINTING"> + <parameter moreinfo="none">printing</parameter></link></emphasis></para> + + <para>Example: <command moreinfo="none">queuepause command = enable %p</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml new file mode 100644 index 0000000000..5a0d5c8877 --- /dev/null +++ b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml @@ -0,0 +1,35 @@ +<samba:parameter name="show add printer wizard" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>With the introduction of MS-RPC based printing support + for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will + appear on Samba hosts in the share listing. Normally this folder will + contain an icon for the MS Add Printer Wizard (APW). However, it is + possible to disable this feature regardless of the level of privilege + of the connected user.</para> + + <para>Under normal circumstances, the Windows NT/2000 client will + open a handle on the printer server with OpenPrinterEx() asking for + Administrator privileges. If the user does not have administrative + access on the print server (i.e is not root or a member of the + <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx() + call fails and the client makes another open call with a request for + a lower privilege level. This should succeed, however the APW + icon will not be displayed.</para> + + <para>Disabling the <parameter moreinfo="none">show add printer wizard</parameter> + parameter will always cause the OpenPrinterEx() on the server + to fail. Thus the APW icon will never be displayed. <emphasis> + Note :</emphasis>This does not prevent the same user from having + administrative privilege on an individual printer.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter + command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND"> + <parameter moreinfo="none">deleteprinter command</parameter></link>, <link linkend="PRINTERADMIN"> + <parameter moreinfo="none">printer admin</parameter></link></para> + + <para>Default :<command moreinfo="none">show add printer wizard = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/security/encryptpasswords.xml b/docs/docbook/smbdotconf/security/encryptpasswords.xml new file mode 100644 index 0000000000..20b9353648 --- /dev/null +++ b/docs/docbook/smbdotconf/security/encryptpasswords.xml @@ -0,0 +1,24 @@ +<samba:parameter name="encrypt passwords" + context="G" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean controls whether encrypted passwords + will be negotiated with the client. Note that Windows NT 4.0 SP3 and + above and also Windows 98 will by default expect encrypted passwords + unless a registry entry is changed. To use encrypted passwords in + Samba see the chapter "User Database" in the Samba HOWTO Collection. </para> + + <para>In order for encrypted passwords to work correctly + <citerefentry><refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> must either + have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> program for information on how to set up + and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which + causes <command moreinfo="none">smbd</command> to authenticate against another + server.</para> + + <para>Default: <command moreinfo="none">encrypt passwords = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml new file mode 100644 index 0000000000..c843969e50 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml @@ -0,0 +1,20 @@ +<samba:parameter name="host msdfs" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter is only available + if Samba has been configured and compiled with the <command moreinfo="none"> + --with-msdfs</command> option. If set to <constant>yes</constant>, + Samba will act as a Dfs server, and allow Dfs-aware clients + to browse Dfs trees hosted on the server.</para> + + <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none"> + msdfs root</parameter></link> share level parameter. For + more information on setting up a Dfs tree on Samba, + refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. + </para> + + <para>Default: <command moreinfo="none">host msdfs = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml new file mode 100644 index 0000000000..c16968fda7 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml @@ -0,0 +1,18 @@ +<samba:parameter name="msdfs proxy" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter indicates that the share is a + stand-in for another CIFS share whose location is specified by + the value of the parameter. When clients attempt to connect to + this share, they are redirected to the proxied share using + the SMB-Dfs protocol.</para> + + <para>Only Dfs roots can act as proxy shares. Take a look at the + <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link> + and <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link> + options to find out how to set up a Dfs root share.</para> + + <para>Example: <command moreinfo="none">msdfs proxy = \\\\otherserver\\someshare</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml new file mode 100644 index 0000000000..35142ff037 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml @@ -0,0 +1,20 @@ +<samba:parameter name="msdfs root" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean parameter is only available if + Samba is configured and compiled with the <command moreinfo="none"> + --with-msdfs</command> option. If set to <constant>yes</constant>, + Samba treats the share as a Dfs root and allows clients to browse + the distributed file system tree rooted at the share directory. + Dfs links are specified in the share directory by symbolic + links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename> + and so on. For more information on setting up a Dfs tree + on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft + Distributed File System tree on Samba"</ulink> document.</para> + + <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para> + + <para>Default: <command moreinfo="none">msdfs root = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml new file mode 100644 index 0000000000..c68e8d0135 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfsobject.xml @@ -0,0 +1,12 @@ +<samba:parameter name="vfs object" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies a shared object files that + are used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with one or more VFS objects. </para> + + <para>Default: <emphasis>no value</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsoptions.xml b/docs/docbook/smbdotconf/vfs/vfsoptions.xml new file mode 100644 index 0000000000..d07ec461e2 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfsoptions.xml @@ -0,0 +1,12 @@ +<samba:parameter name="vfs options" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter allows parameters to be passed + to the vfs layer at initialization time. + See also <link linkend="VFSOBJECT"><parameter moreinfo="none"> + vfs object</parameter></link>.</para> + + <para>Default: <emphasis>no value</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfspath.xml b/docs/docbook/smbdotconf/vfs/vfspath.xml new file mode 100644 index 0000000000..c6718a0076 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/vfspath.xml @@ -0,0 +1,13 @@ +<samba:parameter name="vfs path" + context="S" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the directory + to look in for vfs modules. The name of every <command moreinfo="none">vfs object + </command> will be prepended by this directory.</para> + + <para>Default: <command moreinfo="none">vfs path = </command></para> + + <para>Example: <command moreinfo="none">vfs path = /usr/lib/samba/vfs</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templatehomedir.xml b/docs/docbook/smbdotconf/winbind/templatehomedir.xml new file mode 100644 index 0000000000..6c19617bab --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/templatehomedir.xml @@ -0,0 +1,17 @@ +<samba:parameter name="template homedir" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>When filling out the user information for a Windows NT + user, the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon uses this + parameter to fill in the home directory for that user. If the + string <parameter moreinfo="none">%D</parameter> is present it + is substituted with the user's Windows NT domain name. If the + string <parameter moreinfo="none">%U</parameter> is present it + is substituted with the user's Windows NT user name.</para> + + <para>Default: <command moreinfo="none">template homedir = /home/%D/%U</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templateshell.xml b/docs/docbook/smbdotconf/winbind/templateshell.xml new file mode 100644 index 0000000000..1104387331 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/templateshell.xml @@ -0,0 +1,13 @@ +<samba:parameter name="template shell" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>When filling out the user information for a Windows NT + user, the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon uses this + parameter to fill in the login shell for that user.</para> + + <para>Default: <command moreinfo="none">template shell = /bin/false</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml new file mode 100644 index 0000000000..3080adc7c8 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml @@ -0,0 +1,14 @@ +<samba:parameter name="winbind cache time" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the number of + seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon will cache + user and group information before querying a Windows NT server + again.</para> + + <para>Default: <command moreinfo="none">winbind cache type = 15</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml new file mode 100644 index 0000000000..1cffca7492 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml @@ -0,0 +1,21 @@ +<samba:parameter name="winbind enum groups" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress + the enumeration of groups through the <command moreinfo="none">setgrent()</command>, + <command moreinfo="none">getgrent()</command> and + <command moreinfo="none">endgrent()</command> group of system calls. If + the <parameter moreinfo="none">winbind enum groups</parameter> parameter is + <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system + call will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off group + enumeration may cause some programs to behave oddly. + </para> + + <para>Default: <command moreinfo="none">winbind enum groups = yes </command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml new file mode 100644 index 0000000000..95f1e7ff4c --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml @@ -0,0 +1,23 @@ +<samba:parameter name="winbind enum users" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> it may be + necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>, + <command moreinfo="none">getpwent()</command> and + <command moreinfo="none">endpwent()</command> group of system calls. If + the <parameter moreinfo="none">winbind enum users</parameter> parameter is + <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call + will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off user + enumeration may cause some programs to behave oddly. For + example, the finger program relies on having access to the + full user list when searching for matching + usernames. </para> + + <para>Default: <command moreinfo="none">winbind enum users = yes </command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml new file mode 100644 index 0000000000..a8414e9e8c --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindgid.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind gid" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The winbind gid parameter specifies the range of group + ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can + occur otherwise.</para> + + <para>Default: <command moreinfo="none">winbind gid = <empty string></command></para> + + <para>Example: <command moreinfo="none">winbind gid = 10000-20000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindseparator.xml b/docs/docbook/smbdotconf/winbind/winbindseparator.xml new file mode 100644 index 0000000000..cefc69d5bd --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindseparator.xml @@ -0,0 +1,21 @@ +<samba:parameter name="winbind separator" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter allows an admin to define the character + used when listing a username of the form of <replaceable>DOMAIN + </replaceable>\<replaceable>user</replaceable>. This parameter + is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename> + and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services. + </para> + + <para>Please note that setting this parameter to + causes problems + with group membership at least on glibc systems, as the character + + is used as a special character for NIS in /etc/group.</para> + + <para>Default: <command moreinfo="none">winbind separator = '\'</command></para> + + <para>Example: <command moreinfo="none">winbind separator = +</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml new file mode 100644 index 0000000000..6fee40fcb8 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbinduid.xml @@ -0,0 +1,16 @@ +<samba:parameter name="winbind uid" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>The winbind gid parameter specifies the range of group + ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no + existing local or NIS users within it as strange conflicts can + occur otherwise.</para> + + <para>Default: <command moreinfo="none">winbind uid = <empty string></command></para> + + <para>Example: <command moreinfo="none">winbind uid = 10000-20000</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml new file mode 100644 index 0000000000..5c31a7f9b0 --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml @@ -0,0 +1,19 @@ +<samba:parameter name="winbind used default domain" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies whether the + <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon should operate on users + without domain component in their username. Users without a domain + component are treated as is part of the winbindd server's own + domain. While this does not benifit Windows users, it makes SSH, FTP and + e-mail function in a way much closer to the way they + would in a native unix system.</para> + + <para>Default: <command moreinfo="none">winbind use default domain = <no></command></para> + + <para>Example: <command moreinfo="none">winbind use default domain = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/dnsproxy.xml b/docs/docbook/smbdotconf/wins/dnsproxy.xml new file mode 100644 index 0000000000..45ec160c5a --- /dev/null +++ b/docs/docbook/smbdotconf/wins/dnsproxy.xml @@ -0,0 +1,25 @@ +<samba:parameter name="dns proxy" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and + finding that a NetBIOS name has not been registered, should treat the + NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server + for that name on behalf of the name-querying client.</para> + + <para>Note that the maximum length for a NetBIOS name is 15 + characters, so the DNS name (or DNS alias) can likewise only be + 15 characters, maximum.</para> + + <para><command moreinfo="none">nmbd</command> spawns a second copy of itself to do the + DNS name lookup requests, as doing a name lookup is a blocking + action.</para> + + <para>See also the parameter <link linkend="WINSSUPPORT"><parameter moreinfo="none"> + wins support</parameter></link>.</para> + + <para>Default: <command moreinfo="none">dns proxy = yes</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winshook.xml b/docs/docbook/smbdotconf/wins/winshook.xml new file mode 100644 index 0000000000..e38e93f6b5 --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winshook.xml @@ -0,0 +1,57 @@ +<samba:parameter name="wins hook" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>When Samba is running as a WINS server this + allows you to call an external program for all changes to the + WINS database. The primary use for this option is to allow the + dynamic update of external name resolution databases such as + dynamic DNS.</para> + + <para>The wins hook parameter specifies the name of a script + or executable that will be called as follows:</para> + + <para><command moreinfo="none">wins_hook operation name nametype ttl IP_list</command></para> + + <itemizedlist> + <listitem> + <para>The first argument is the operation and is + one of "add", "delete", or + "refresh". In most cases the operation + can be ignored as the rest of the parameters + provide sufficient information. Note that + "refresh" may sometimes be called when + the name has not previously been added, in that + case it should be treated as an add.</para> + </listitem> + + <listitem> + <para>The second argument is the NetBIOS name. If the + name is not a legal name then the wins hook is not called. + Legal names contain only letters, digits, hyphens, underscores + and periods.</para> + </listitem> + + <listitem> + <para>The third argument is the NetBIOS name + type as a 2 digit hexadecimal number. </para> + </listitem> + + <listitem> + <para>The fourth argument is the TTL (time to live) + for the name in seconds.</para> + </listitem> + + <listitem> + <para>The fifth and subsequent arguments are the IP + addresses currently registered for that name. If this list is + empty then the name should be deleted.</para> + </listitem> + </itemizedlist> + + <para>An example script that calls the BIND dynamic DNS update + program <command moreinfo="none">nsupdate</command> is provided in the examples + directory of the Samba source code. </para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml new file mode 100644 index 0000000000..9ec277ed2d --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winspartners.xml @@ -0,0 +1,17 @@ +<samba:parameter name="wins partner" + context="G" + advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>A space separated list of partners' IP addresses for + WINS replication. WINS partners are always defined as push/pull + partners as defining only one way WINS replication is unreliable. + WINS replication is currently experimental and unreliable between + samba servers. + </para> + + <para>Default: <command moreinfo="none">wins partners = </command></para> + + <para>Example: <command moreinfo="none">wins partners = 192.168.0.1 172.16.1.2</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsproxy.xml b/docs/docbook/smbdotconf/wins/winsproxy.xml new file mode 100644 index 0000000000..11f47e31c7 --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winsproxy.xml @@ -0,0 +1,13 @@ +<samba:parameter name="wins proxy" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This is a boolean that controls if <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> will respond to broadcast name + queries on behalf of other hosts. You may need to set this + to <constant>yes</constant> for some older clients.</para> + + <para>Default: <command moreinfo="none">wins proxy = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml new file mode 100644 index 0000000000..12ee635acd --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winsserver.xml @@ -0,0 +1,37 @@ +<samba:parameter name="wins server" + context="G" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This specifies the IP address (or DNS name: IP + address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on + your network then you should set this to the WINS server's IP.</para> + + <para>You should point this at your WINS server if you have a + multi-subnetted network.</para> + + <para>If you want to work in multiple namespaces, you can + give every wins server a 'tag'. For each tag, only one + (working) server will be queried for a name. The tag should be + seperated from the ip address by a colon. + </para> + + <note><para>You need to set up Samba to point + to a WINS server if you have multiple subnets and wish cross-subnet + browsing to work correctly.</para></note> + + <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para> + + <para>Default: <emphasis>not enabled</emphasis></para> + + <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para> + + <para>For this example when querying a certain name, 192.19.200.1 will + be asked first and if that doesn't respond 192.168.2.61. If either + of those doesn't know the name 192.168.3.199 will be queried. + </para> + + <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winssupport.xml b/docs/docbook/smbdotconf/wins/winssupport.xml new file mode 100644 index 0000000000..eef59e708f --- /dev/null +++ b/docs/docbook/smbdotconf/wins/winssupport.xml @@ -0,0 +1,15 @@ +<samba:parameter name="wins support" + context="G" + basic="1" advanced="1" wizard="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should + not set this to <constant>yes</constant> unless you have a multi-subnetted network and + you wish a particular <command moreinfo="none">nmbd</command> to be your WINS server. + Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> + on more than one machine in your network.</para> + + <para>Default: <command moreinfo="none">wins support = no</command></para> +</listitem> +</samba:parameter> |