diff options
Diffstat (limited to 'docs/docbook')
376 files changed, 3735 insertions, 10216 deletions
diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 66266196d5..ae24606caf 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -21,8 +21,7 @@ MANPAGES_NAMES=findsmb.1 smbclient.1 \ smbpasswd.8 testprns.1 \ smb.conf.5 wbinfo.1 pdbedit.8 \ smbcacls.1 smbsh.1 winbindd.8 \ - smbgroupedit.8 vfstest.1 \ - profiles.1 smbtree.1 + smbgroupedit.8 vfstest.1 ## This part contains only rules. You shouldn't need to change it ## if you are adding docs @@ -84,9 +83,9 @@ $(TXTDIR)/Samba-HOWTO-Collection.txt: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2TXT) -o . $< mv ./samba-doc.txt $@ -$(TXTDIR)/Samba-Developers-Guide.txt: $(DEVDOC)/dev-doc.sgml +$(TXTDIR)/Samba-Developers-Guide.txt: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2TXT) -o . $< - mv ./dev-doc.txt $@ + mv ./samba-doc.txt $@ # PostScript @@ -94,9 +93,9 @@ $(PSDIR)/Samba-HOWTO-Collection.ps: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2PS) -o . $< mv ./samba-doc.ps $@ -$(PSDIR)/Samba-Developers-Guide.ps: $(DEVDOC)/dev-doc.sgml +$(PSDIR)/Samba-Developers-Guide.ps: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2PS) -o . $< - mv ./dev-doc.ps $@ + mv ./samba-doc.ps $@ # Adobe PDF files diff --git a/docs/docbook/configure b/docs/docbook/configure index 8680e5b5ab..609c17ed87 100755 --- a/docs/docbook/configure +++ b/docs/docbook/configure @@ -557,13 +557,10 @@ else echo "$ac_t""no" 1>&6 fi -if test "x$JW" = x; then - { echo "configure: error: "jw is required"" 1>&2; exit 1; } -fi # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:567: checking for $ac_word" >&5 +echo "configure:564: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -595,13 +592,10 @@ else echo "$ac_t""no" 1>&6 fi -if test "x$PERL" = x; then - { echo "configure: error: "perl is required"" 1>&2; exit 1; } -fi # Extract the first word of "htmldoc", so it can be a program name with args. set dummy htmldoc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:605: checking for $ac_word" >&5 +echo "configure:599: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -633,9 +627,6 @@ else echo "$ac_t""no" 1>&6 fi -if test "x$HTMLDOC" = x; then - { echo "configure: error: "htmldoc is required"" 1>&2; exit 1; } -fi DOC_BUILD_DATE=`date '+%d-%m-%Y'` diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in index 57482d134e..3a9ed51d16 100644 --- a/docs/docbook/configure.in +++ b/docs/docbook/configure.in @@ -1,18 +1,8 @@ AC_INIT(global.ent) -# Jade wrapper AC_PATH_PROG(JW, jw) -if test "x$JW" = x; then - AC_MSG_ERROR("jw is required") -fi AC_PATH_PROG(PERL, perl) -if test "x$PERL" = x; then - AC_MSG_ERROR("perl is required") -fi AC_PATH_PROG(HTMLDOC, htmldoc) -if test "x$HTMLDOC" = x; then - AC_MSG_ERROR("htmldoc is required") -fi DOC_BUILD_DATE=`date '+%d-%m-%Y'` AC_SUBST(DOC_BUILD_DATE) diff --git a/docs/docbook/devdoc/dev-doc.sgml b/docs/docbook/devdoc/dev-doc.sgml index 5e1af3d3a0..e256dbe3a2 100644 --- a/docs/docbook/devdoc/dev-doc.sgml +++ b/docs/docbook/devdoc/dev-doc.sgml @@ -12,9 +12,6 @@ <!ENTITY wins SYSTEM "wins.sgml"> <!ENTITY sam SYSTEM "sam.sgml"> <!ENTITY encryption SYSTEM "encryption.sgml"> -<!ENTITY rpc-plugin SYSTEM "rpc_plugin.sgml"> -<!ENTITY modules SYSTEM "modules.sgml"> -<!ENTITY packagers SYSTEM "packagers.sgml"> ]> <book id="Samba-Developers-Guide"> @@ -69,8 +66,5 @@ url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</u &wins; &sam; &encryption; -&modules; -&rpc-plugin; -&packagers; </book> diff --git a/docs/docbook/devdoc/modules.sgml b/docs/docbook/devdoc/modules.sgml deleted file mode 100644 index 0bcdadc66c..0000000000 --- a/docs/docbook/devdoc/modules.sgml +++ /dev/null @@ -1,156 +0,0 @@ -<chapter id="modules"> -<chapterinfo> - <author> - <firstname>Jelmer</firstname><surname>Vernooij</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address><email>jelmer@samba.org</email></address> - </affiliation> - </author> - <pubdate> 19 March 2003 </pubdate> -</chapterinfo> - -<title>Modules</title> - -<sect1> -<title>Advantages</title> - -<para> -The new modules system has the following advantages: -</para> - -<simplelist> -<member>Transparent loading of static and shared modules (no need -for a subsystem to know about modules)</member> -<member>Simple selection between shared and static modules at configure time</member> -<member>"preload modules" option for increasing performance for stable modules</member> -<member>No nasty #define stuff anymore</member> -<member>All backends are available as plugin now (including pdb_ldap and pdb_tdb)</member> -</simplelist> -</sect1> - -<sect1> -<title>Loading modules</title> - -<para> -Some subsystems in samba use different backends. These backends can be -either statically linked in to samba or available as a plugin. A subsystem -should have a function that allows a module to register itself. For example, -the passdb subsystem has: -</para> - -<para><programlisting> -BOOL smb_register_passdb(const char *name, pdb_init_function init, int version); -</programlisting></para> - -<para> -This function will be called by the initialisation function of the module to -register itself. -</para> - -<sect2> -<title>Static modules</title> - -<para> -The modules system compiles a list of initialisation functions for the -static modules of each subsystem. This is a define. For example, -it is here currently (from <filename>include/config.h</filename>): -</para> - -<para><programlisting> -/* Static init functions */ -#define static_init_pdb { pdb_mysql_init(); pdb_ldap_init(); pdb_smbpasswd_init(); pdb_tdbsam_init(); pdb_guest_init();} -</programlisting></para> - -<para> -These functions should be called before the subsystem is used. That -should be done when the subsystem is initialised or first used. -</para> - -</sect2> - -<sect2> -<title>Shared modules</title> - -<para> -If a subsystem needs a certain backend, it should check if it has -already been registered. If the backend hasn't been registered already, -the subsystem should call smb_probe_module(char *subsystem, char *backend). -This function tries to load the correct module from a certain path -($LIBDIR/subsystem/backend.so). If the first character in 'backend' -is a slash, smb_probe_module() tries to load the module from the -absolute path specified in 'backend'. -</para> - -<para>After smb_probe_module() has been executed, the subsystem -should check again if the module has been registered. -</para> - -</sect2> -</sect1> - -<sect1> -<title>Writing modules</title> - -<para> -Each module has an initialisation function. For modules that are -included with samba this name is '<replaceable>subsystem</replaceable>_<replaceable>backend</replaceable>_init'. For external modules (that will never be built-in, but only available as a module) this name is always 'init_module'. (In the case of modules included with samba, the configure system will add a #define subsystem_backend_init() init_module()). -The prototype for these functions is: -</para> - -<para><programlisting> -int init_module(void); -</programlisting></para> - -<para>This function should call one or more -registration functions. The function should return non-zero on success and zero on -failure.</para> - -<para>For example, pdb_ldap_init() contains: </para> - -<para><programlisting> -int pdb_ldap_init(void) -{ - smb_register_passdb("ldapsam", pdb_init_ldapsam, PASSDB_INTERFACE_VERSION); - smb_register_passdb("ldapsam_nua", pdb_init_ldapsam_nua, PASSDB_INTERFACE_VERSION); - return TRUE; -} -</programlisting></para> - -<sect2> -<title>Static/Shared selection in configure.in</title> - -<para> -Some macros in configure.in generate the various defines and substs that -are necessary for the system to work correct. All modules that should -be built by default have to be added to the variable 'default_modules'. -For example, if ldap is found, pdb_ldap is added to this variable. -</para> - -<para> -On the bottom of configure.in, SMB_MODULE() should be called -for each module and SMB_SUBSYSTEM() for each subsystem. -</para> - -<para>Syntax:</para> - -<para><programlisting> -SMB_MODULE(<replaceable>subsystem</replaceable>_<replaceable>backend</replaceable>, <replaceable>object files</replaceable>, <replaceable>plugin name</replaceable>, <replaceable>subsystem name</replaceable>, <replaceable>static_action</replaceable>, <replaceable>shared_action</replaceable>) -SMB_SUBSYSTEM(<replaceable>subsystem</replaceable>) -</programlisting></para> - -<para>Also, make sure to add the correct directives to -<filename>Makefile.in</filename>. <replaceable>@SUBSYSTEM_STATIC@</replaceable> -will be replaced with a list of objects files of the modules that need to -be linked in statically. <replaceable>@SUBSYSTEM_MODULES@</replaceable> will -be replaced with the names of the plugins to build. -</para> - -<para>You must make sure all .c files that contain defines that can -be changed by ./configure are rebuilded in the 'modules_clean' make target. -Practically, this means all c files that contain <command>static_init_subsystem;</command> calls need to be rebuilded. -</para> - -</sect2> -</sect1> -</chapter> diff --git a/docs/docbook/devdoc/packagers.sgml b/docs/docbook/devdoc/packagers.sgml deleted file mode 100644 index fb47c7305c..0000000000 --- a/docs/docbook/devdoc/packagers.sgml +++ /dev/null @@ -1,40 +0,0 @@ -<chapter id="Packaging"> -<chapterinfo> - <author> - <firstname>Jelmer</firstname><surname>Vernooij</surname> - </author> -</chapterinfo> - -<title>Notes to packagers</title> - -<sect1> -<title>Versioning</title> - -<para>Please, please update the version number in -<filename>source/include/version.h</filename> to include the versioning of your package. This makes it easier to distinguish standard samba builds -from custom-build samba builds (distributions often patch packages). For -example, a good version would be: </para> - -<para><programlisting> -Version 2.999+3.0.alpha21-5 for Debian -</programlisting></para> - -</sect1> - -<sect1> -<title>Modules</title> - -<para>Samba now has support for building parts of samba as plugins. This -makes it possible to, for example, put ldap or mysql support in a seperate -package, thus making it possible to have a normal samba package not -depending on ldap or mysql. To build as much parts of samba -as a plugin, run: </para> - -<para><programlisting> -./configure --with-shared-modules=rpc,vfs,auth,pdb,charset -</programlisting></para> - -</sect1> - - -</chapter> diff --git a/docs/docbook/devdoc/rpc_plugin.sgml b/docs/docbook/devdoc/rpc_plugin.sgml deleted file mode 100644 index c83742a247..0000000000 --- a/docs/docbook/devdoc/rpc_plugin.sgml +++ /dev/null @@ -1,83 +0,0 @@ -<chapter id="rpc-plugin"> -<chapterinfo> - <author> - <firstname>Anthony</firstname><surname>Liguori</surname> - <affiliation> - <orgname>IBM</orgname> - <address><email>aliguor@us.ibm.com</email></address> - </affiliation> - </author> - <author> - <firstname>Jelmer</firstname><surname>Vernooij</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address><email>jelmer@samba.org</email></address> - </affiliation> - </author> - <pubdate>January 2003</pubdate> -</chapterinfo> - -<title>RPC Pluggable Modules</title> - -<sect1> -<title>About</title> - -<para> -This document describes how to make use the new RPC Pluggable Modules features -of Samba 3.0. This architecture was added to increase the maintainability of -Samba allowing RPC Pipes to be worked on separately from the main CVS branch. -The RPM architecture will also allow third-party vendors to add functionality -to Samba through plug-ins. -</para> - -</sect1> - -<sect1> -<title>General Overview</title> - -<para> -When an RPC call is sent to smbd, smbd tries to load a shared library by the -name <filename>librpc_<pipename>.so</filename> to handle the call if -it doesn't know how to handle the call internally. For instance, LSA calls -are handled by <filename>librpc_lsass.so</filename>.. -These shared libraries should be located in the <filename><sambaroot>/lib/rpc</filename>. smbd then attempts to call the init_module function within -the shared library. Check the chapter on modules for more information. -</para> - -<para> -In the init_module function, the library should call -rpc_pipe_register_commands(). This function takes the following arguments: -</para> - -<para><programlisting> -int rpc_pipe_register_commands(const char *clnt, const char *srv, - const struct api_struct *cmds, int size); -</programlisting></para> - -<variablelist> - -<varlistentry><term>clnt</term> -<listitem><para>the Client name of the named pipe</para></listitem> -</varlistentry> - -<varlistentry><term>srv</term> -<listitem><para>the Server name of the named pipe</para></listitem> -</varlistentry> - -<varlistentry><term>cmds</term> -<listitem><para>a list of api_structs that map RPC ordinal numbers to function calls</para></listitem> -</varlistentry> - -<varlistentry><term>size</term> -<listitem><para>the number of api_structs contained in cmds</para></listitem> -</varlistentry> - -</variablelist> - -<para> -See rpc_server/srv_reg.c and rpc_server/srv_reg_nt.c for a small example of -how to use this library. -</para> - -</sect1> -</chapter> diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml index 3d44dd44c0..6d687bf772 100644 --- a/docs/docbook/faq/clientapp.sgml +++ b/docs/docbook/faq/clientapp.sgml @@ -1,8 +1,8 @@ -<chapter id="FAQ-ClientApp"> +<chapter id="ClientApp"> <title>Specific client application problems</title> <sect1> -<title>MS Office Setup reports "Cannot change properties of '\\MSOFFICE\\SETUP.INI'"</title> +<title>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</title> <para> When installing MS Office on a Samba drive for which you have admin user permissions, ie. admin users = username, you will find the @@ -60,16 +60,16 @@ set the following parameters on the share containing it: </para> <para><programlisting> -[MSOP95] - path = /where_you_put_it - comment = Your comment - volume = "The_CD_ROM_Label" - read only = yes - available = yes - share modes = no - locking = no - browseable = yes - public = yes + [MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes </programlisting></para> </listitem> diff --git a/docs/docbook/faq/config.sgml b/docs/docbook/faq/config.sgml index db27102cdf..78f73252a2 100644 --- a/docs/docbook/faq/config.sgml +++ b/docs/docbook/faq/config.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-Config"> +<chapter id="Config"> <title>Configuration problems</title> <sect1> @@ -8,18 +8,4 @@ When you have a user in 'admin users', samba will always do file operations for this user as 'root', even if 'force user' has been set. </para> </sect1> - -<sect1> -<title>I have just installed samba and I'm trying to log in from Windows, but samba refuses all logins!</title> - -<para> -Newer windows clients(NT4, 2000, XP) send encrypted passwords. Samba can't compare these -passwords to the unix password database, so it needs it's own user database. You can -add users to this database using "smbpasswd -a user-name". -</para> - -<para> -See also the "User database" chapter of the samba HOWTO Collection. -</para> -</sect1> </chapter> diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 97619ce704..6476ec064e 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-errors"> +<chapter id="errors"> <title>Common errors</title> @@ -50,6 +50,7 @@ Windows NT in the chapter "Portability" of the samba HOWTO collection </member> </simplelist> </para> + </sect1> <sect1> @@ -63,6 +64,7 @@ It also ignores the "-N" argument when querying some (but not all) of our NT servers. </quote> </para> + <para> No, it does not ignore -N, it is just that your server rejected the null password in the connection, so smbclient prompts for a password diff --git a/docs/docbook/faq/features.sgml b/docs/docbook/faq/features.sgml index 66b05379cc..bc1081e5c0 100644 --- a/docs/docbook/faq/features.sgml +++ b/docs/docbook/faq/features.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-features"> +<chapter id="features"> <title>Features</title> @@ -83,7 +83,9 @@ manual carefully.</para> <title>Tools for printing faxes</title> <para>Your incomed faxes are in: -<filename>/var/spool/fax/incoming</filename>. Print it with:</para> +<filename>/var/spool/fax/incoming</filename></para> + +<para>print it with:</para> <para><programlisting> for i in * diff --git a/docs/docbook/faq/general.sgml b/docs/docbook/faq/general.sgml index 3f7c2074f9..38bcdf49e3 100644 --- a/docs/docbook/faq/general.sgml +++ b/docs/docbook/faq/general.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-general"> +<chapter id="general"> <title>General Information</title> <sect1> diff --git a/docs/docbook/faq/install.sgml b/docs/docbook/faq/install.sgml index f8341dc65a..88520fc71d 100644 --- a/docs/docbook/faq/install.sgml +++ b/docs/docbook/faq/install.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-Install"> +<chapter id="Install"> <title>Compiling and installing Samba on a Unix host</title> <sect1> @@ -22,7 +22,7 @@ client to client - check your client's documentation. </sect1> <sect1> -<title>Some files that I KNOW are on the server don't show up when I view the files from my client!</title> +<title>Some files that I KNOW are on the server doesn't show up when I view the files from my client!</title> <para>See the next question.</para> </sect1> diff --git a/docs/docbook/faq/printing.sgml b/docs/docbook/faq/printing.sgml deleted file mode 100644 index 4a58c385bb..0000000000 --- a/docs/docbook/faq/printing.sgml +++ /dev/null @@ -1,37 +0,0 @@ -<chapter id="FAQ-Printing"> -<chapterinfo> -<author> - <firstname>Ronan</firstname><surname>Waide</surname> -</author> -</chapterinfo> - -<title>Printing problems</title> - -<sect1> -<title>setdriver or cupsaddsmb failes</title> -<para> -setdriver expects the following setup: - -<simplelist> -<member>you are a printer admin, or root. this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code.</member> -<member>printer admins has to be defined in [global]</member> -<member>upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories.</member> -<member>Make sure that the user you're connecting as is able to write to the print$ directories</member> -<member>Use adddriver (with appropriate parameters) to create the driver. note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out)</member> -<member>Use setdriver to associate the driver with a printer</member> -</simplelist> -</para> - -<para> -The setdriver call will fail if the printer doesn't already exist in -samba's view of the world. Either create the printer in cups and -restart samba, or create an add printer command (see smb.conf doco) -and use RPC calls to create a printer. NB the add printer command MUST -return a single line of text indicating which port the printer was -added on. If it doesn't, Samba won't reload the printer -definitions. Although samba doesn't really support the notion of -ports, suitable add printer command and enumport command settings can -allow you pretty good remote control of the samba printer setup. -</para> -</sect1> -</chapter> diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index 2cc7d466fd..e9e5ed7a3c 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -5,7 +5,6 @@ <!ENTITY clientapp SYSTEM "clientapp.sgml"> <!ENTITY features SYSTEM "features.sgml"> <!ENTITY config SYSTEM "config.sgml"> -<!ENTITY printing SYSTEM "printing.sgml"> ]> <book id="Samba-FAQ"> @@ -35,5 +34,4 @@ and the old samba text documents which were mostly written by John Terpstra. &clientapp; &errors; &features; -&printing; </book> diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent index 659c448ed1..46745c2773 100644 --- a/docs/docbook/global.ent +++ b/docs/docbook/global.ent @@ -31,7 +31,7 @@ <!-- Misc --> <!ENTITY samba.pub.cvshost 'pserver.samba.org'> -<!ENTITY stdarg.debug ' +<!ENTITY stdarg.debuglevel ' <varlistentry> <term>-d|--debug=debuglevel</term> <listitem> @@ -59,6 +59,13 @@ level</ulink> parameter in the <ulink url="smb.conf.5.html"> </listitem> </varlistentry>'> +<!ENTITY stdarg.help ' +<varlistentry> +<term>-h|--help</term> +<listitem><para>Print a summary of command line options. +</para></listitem> +</varlistentry>'> + <!ENTITY stdarg.configfile ' <varlistentry> <term>-s <configuration file></term> @@ -75,218 +82,7 @@ compile time.</para></listitem> <!ENTITY stdarg.version ' <varlistentry> -<term>-V</term> +<term>-v</term> <listitem><para>Prints the version number for <command>smbd</command>.</para></listitem> </varlistentry>'> - -<!ENTITY stdarg.logfile ' -<varlistentry> -<term>-l|--logfile=logbasename</term> -<listitem><para>File name for log/debug files. The extension -<constant>".client"</constant> will be appended. The log file is -never removed by the client. -</para></listitem> -</varlistentry>'> - -<!ENTITY popt.common.samba ' -&stdarg.version; -&stdarg.configfile; -&stdarg.debug; -&stdarg.logfile; -'> - -<!ENTITY stdarg.resolve.order ' -<varlistentry> -<term>-R <name resolve order></term> -<listitem><para>This option is used to determine what naming -services and in what order to resolve -host names to IP addresses. The option takes a space-separated -string of different name resolution options.</para> - -<para>The options are: "lmhosts", "host", "wins" and "bcast". -They cause names to be resolved as follows :</para> - -<itemizedlist> -<listitem><para><constant>lmhosts</constant>: -Lookup an IP address in the Samba lmhosts file. If the -line in lmhosts has no name type attached to the -NetBIOS name -(see the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details) -then any name type matches for lookup. -</para></listitem> - -<listitem><para><constant>host</constant>: -Do a standard host name to IP address resolution, using -the system <filename>/etc/hosts</filename>, NIS, or DNS -lookups. This method of name resolution is operating -system dependent, for instance on IRIX or Solaris this -may be controlled by the <filename>/etc/nsswitch.conf -</filename> file). Note that this method is only used -if the NetBIOS name type being queried is the 0x20 -(server) name type, otherwise it is ignored. -</para></listitem> - -<listitem><para><constant>wins</constant>: -Query a name with the IP address listed in the -<parameter>wins server</parameter> parameter. If no -WINS server has been specified this method will be -ignored. -</para></listitem> - -<listitem><para><constant>bcast</constant>: -Do a broadcast on each of the known local interfaces -listed in the <parameter>interfaces</parameter> -parameter. This is the least reliable of the name -resolution methods as it depends on the target host -being on a locally connected subnet. -</para></listitem> -</itemizedlist> - -<para>If this parameter is not set then the name resolve order -defined in the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> file parameter -(<parameter>name resolve order</parameter>) will be used. </para> - -<para>The default order is lmhosts, host, wins, bcast. Without -this parameter or any entry in the <parameter>name resolve order -</parameter> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> file, the name resolution methods -will be attempted in this order. </para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.netbios.name ' -<varlistentry> -<term>-n <primary NetBIOS name></term> -<listitem><para>This option allows you to override -the NetBIOS name that Samba uses for itself. This is identical -to setting the <ulink url="smb.conf.5.html#netbiosname"><parameter>NetBIOS -name</parameter></ulink> parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> file. However, a command -line setting will take precedence over settings in -<citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry>.</para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.scope ' -<varlistentry> -<term>-i <scope></term> -<listitem><para>This specifies a NetBIOS scope that -<command>nmblookup</command> will use to communicate with when -generating NetBIOS names. For details on the use of NetBIOS -scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are -<emphasis>very</emphasis> rarely used, only set this parameter -if you are the system administrator in charge of all the -NetBIOS systems you communicate with.</para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.workgroup ' -<varlistentry> -<term>-W|--workgroup=domain</term> -<listitem><para>Set the SMB domain of the username. This -overrides the default domain which is the domain defined in -smb.conf. If the domain specified is the same as the servers -NetBIOS name, it causes the client to log on using the servers local -SAM (as opposed to the Domain SAM). </para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.socket.options ' -<varlistentry> -<term>-O socket options</term> -<listitem><para>TCP socket options to set on the client -socket. See the socket options parameter in -the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> manual page for the list of valid -options. </para></listitem> -</varlistentry> -'> - -<!ENTITY popt.common.connection ' -&stdarg.netbios.name; -&stdarg.scope; -&stdarg.workgroup; -&stdarg.socket.options; -'> - -<!ENTITY stdarg.nopass ' -<varlistentry> -<term>-N</term> -<listitem><para>If specified, this parameter suppresses the normal -password prompt from the client to the user. This is useful when -accessing a service that does not require a password. </para> - -<para>Unless a password is specified on the command line or -this parameter is specified, the client will request a -password.</para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.username ' -<varlistentry> -<term>-U|--user=username[%password]</term> -<listitem><para>Sets the SMB username or username and password. </para> - -<para>If %password is not specified, the user will be prompted. The -client will first check the <envar>USER</envar> environment variable, then the -<envar>LOGNAME</envar> variable and if either exists, the -string is uppercased. If these environmental variables are not -found, the username <constant>GUEST</constant> is used. </para> - -<para>A third option is to use a credentials file which -contains the plaintext of the username and password. This -option is mainly provided for scripts where the admin does not -wish to pass the credentials on the command line or via environment -variables. If this method is used, make certain that the permissions -on the file restrict access from unwanted users. See the -<parameter>-A</parameter> for more details. </para> - -<para>Be cautious about including passwords in scripts. Also, on -many systems the command line of a running process may be seen -via the <command>ps</command> command. To be safe always allow -<command>rpcclient</command> to prompt for a password and type -it in directly. </para></listitem> -</varlistentry> -'> - -<!ENTITY stdarg.authfile ' -<varlistentry> -<term>-A|--authfile=filename</term> -<listitem><para>This option allows -you to specify a file from which to read the username and -password used in the connection. The format of the file is -</para> - -<para><programlisting> -username = <value> -password = <value> -domain = <value> -</programlisting></para> - -<para>Make certain that the permissions on the file restrict -access from unwanted users. </para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.kerberos ' -<varlistentry> -<term>-k</term> -<listitem><para> -Try to authenticate with kerberos. Only useful in -an Active Directory environment. -</para></listitem> -</varlistentry> -'> - - -<!ENTITY stdarg.help ' -<varlistentry> -<term>-h|--help</term> -<listitem><para>Print a summary of command line options. -</para></listitem> -</varlistentry>'> - -<!ENTITY popt.common.credentials ' -&stdarg.nopass; -&stdarg.kerberos; -&stdarg.authfile; -&stdarg.username; -'> diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml index 090b1c8388..0b3bbca017 100644 --- a/docs/docbook/manpages/findsmb.1.sgml +++ b/docs/docbook/manpages/findsmb.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="findsmb.1"> +<refentry id="findsmb"> <refmeta> <refentrytitle>findsmb</refentrytitle> @@ -23,16 +23,15 @@ <refsect1> <title>DESCRIPTION</title> - <para>This perl script is part of the <citerefentry> - <refentrytitle>Samba</refentrytitle><manvolnum>7</manvolnum></citerefentry> - suite.</para> + <para>This perl script is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>findsmb</command> is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. - It uses <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> - and <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum></citerefentry> - to obtain this information. + It uses <ulink url="nmblookup.1.html"><command> + nmblookup(1)</command></ulink> and <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink> to obtain this information. </para> </refsect1> @@ -46,17 +45,16 @@ bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine. This option is disabled by default because it is specific to Windows 95 and Windows 95 machines only. - If set, <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> + If set, <ulink url="nmblookup.1.html"><command>nmblookup</command></ulink> will be called with <constant>-B</constant> option.</para></listitem> </varlistentry> <varlistentry> <term>subnet broadcast address</term> <listitem><para>Without this option, <command>findsmb </command> will probe the subnet of the machine where - <citerefentry><refentrytitle>findsmb</refentrytitle><manvolnum>1</manvolnum></citerefentry> - is run. This value is passed to - <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> - as part of the <constant>-B</constant> option.</para></listitem> + <command>findsmb</command> is run. This value is passed + to <command>nmblookup</command> as part of the + <constant>-B</constant> option.</para></listitem> </varlistentry> </variablelist> </refsect1> @@ -78,21 +76,19 @@ version.</para> <para>The command with <constant>-r</constant> option - must be run on a system without <citerefentry> - <refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> running. - + must be run on a system without <ulink + url="nmbd.8.html"><command>nmbd</command></ulink> running. If <command>nmbd</command> is running on the system, you will only get the IP address and the DNS name of the machine. To get proper responses from Windows 95 and Windows 98 machines, the command must be run as root and with <constant>-r</constant> option on a machine without <command>nmbd</command> running.</para> - <para>For example, running <command>findsmb</command> - without <constant>-r</constant> option set would yield output similar + <para>For example, running <command>findsmb</command> without + <constant>-r</constant> option set would yield output similar to the following</para> -<screen> + <screen><computeroutput> IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION --------------------------------------------------------------------- 192.168.35.10 MINESET-TEST1 [DMVENGR] @@ -105,7 +101,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION 192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] 192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] 192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] -</screen> + </computeroutput></screen> </refsect1> @@ -119,12 +115,10 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION <refsect1> <title>SEE ALSO</title> - <para><citerefentry> - <refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>, and <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, and <ulink url="nmblookup.1.html"> + <command>nmblookup(1)</command></ulink> </para> </refsect1> @@ -138,11 +132,11 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink - url="ftp://ftp.icce.rug.nl/pub/unix/">ftp://ftp.icce.rug.nl/pub/unix/</ulink>) - and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.sgml index a8a5f2c072..7934c18e8e 100644 --- a/docs/docbook/manpages/lmhosts.5.sgml +++ b/docs/docbook/manpages/lmhosts.5.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="lmhosts.5"> +<refentry id="lmhosts"> <refmeta> <refentrytitle>lmhosts</refentrytitle> @@ -13,15 +13,15 @@ </refnamediv> <refsynopsisdiv> - <para><filename>lmhosts</filename> is the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> NetBIOS name to IP address mapping file.</para> + <para><filename>lmhosts</filename> is the <ulink url="samba.7.html"> + Samba</ulink> NetBIOS name to IP address mapping file.</para> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This file is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This file is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><filename>lmhosts</filename> is the <emphasis>Samba </emphasis> NetBIOS name to IP address mapping file. It @@ -35,7 +35,7 @@ <para>It is an ASCII file containing one line for NetBIOS name. The two fields on each line are separated from each other by white space. Any entry beginning with '#' is ignored. Each line - in the lmhosts file contains the following information:</para> + in the lmhosts file contains the following information :</para> <itemizedlist> <listitem><para>IP Address - in dotted decimal format.</para> @@ -52,16 +52,16 @@ </listitem> </itemizedlist> - <para>An example follows:</para> + <para>An example follows :</para> - <programlisting> + <para><programlisting> # # Sample Samba lmhosts file. # 192.9.200.1 TESTPC 192.9.200.20 NTSERVER#20 192.9.200.21 SAMBASERVER - </programlisting> + </programlisting></para> <para>Contains three IP to NetBIOS name mappings. The first and third will be returned for any queries for the names "TESTPC" @@ -73,24 +73,24 @@ be resolved.</para> <para>The default location of the <filename>lmhosts</filename> file - is in the same directory as the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file.</para> + is in the same directory as the <ulink url="smb.conf.5.html"> + smb.conf(5)></ulink> file.</para> </refsect1> <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, and <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <para><ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="smb.conf.5.html#NAMERESOLVEORDER"> + smb.conf(5)</ulink>, and <ulink url="smbpasswd.8.html"><command> + smbpasswd(8)</command></ulink> </para> </refsect1> @@ -108,8 +108,7 @@ <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml index 62cee8c1d7..aab9032f14 100644 --- a/docs/docbook/manpages/net.8.sgml +++ b/docs/docbook/manpages/net.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="net.8"> +<refentry id="net"> <refmeta> <refentrytitle>net</refentrytitle> @@ -42,8 +42,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The samba net utility is meant to work just like the net utility available for windows and DOS.</para> @@ -65,8 +65,7 @@ <varlistentry> <term>-w target-workgroup</term> <listitem><para> - Sets target workgroup or domain. You have to specify - either this option or the IP address or the name of a server. + Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. </para></listitem> </varlistentry> @@ -87,8 +86,7 @@ <varlistentry> <term>-I ip-address</term> <listitem><para> - IP address of target server to use. You have to - specify either this option or a target workgroup or a target server. + IP address of target server to use. You have to specify either this option or a target workgroup or a target server. </para></listitem> </varlistentry> @@ -116,8 +114,7 @@ <varlistentry> <term>-S server</term> <listitem><para> - Name of target server. You should specify either - this option or a target workgroup or a target IP address. + Name of target server. You should specify either this option or a target workgroup or a target IP address. </para></listitem> </varlistentry> @@ -214,7 +211,7 @@ <varlistentry> <term>SYSTEM</term> <listitem><para> - Displays the time on the remote server in a format ready for <command>/bin/date</command> + Displays the time on the remote server in a format ready for /bin/date </para></listitem> </varlistentry> @@ -222,7 +219,7 @@ <term>SET</term> <listitem><para> Tries to set the date and time of the local server to that on - the remote server using <command>/bin/date</command>. + the remote server using /bin/date. </para></listitem> </varlistentry> @@ -279,7 +276,7 @@ </varlistentry> <varlistentry> - <term>USER ADD <name> [password] [-F user flags] [misc. options]</term> + <term>USER ADD <name> [password] [-F user flags] [misc. options</term> <listitem><para> Add specified user </para></listitem> diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index f2b4ac5a05..db920c79a1 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="nmbd.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="nmbd"> <refmeta> <refentrytitle>nmbd</refentrytitle> @@ -37,8 +35,7 @@ <refsect1> <title>DESCRIPTION</title> - <para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This program is part of the Samba suite.</para> <para><command>nmbd</command> is a server that understands and can reply to NetBIOS over IP name service requests, like @@ -60,8 +57,8 @@ option (see OPTIONS below). Thus <command>nmbd</command> will reply to broadcast queries for its own name(s). Additional names for <command>nmbd</command> to respond on can be set - via parameters in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + via parameters in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> configuration file.</para> <para><command>nmbd</command> can also be used as a WINS (Windows Internet Name Server) server. What this basically means @@ -114,27 +111,46 @@ </varlistentry> <varlistentry> + <term>-a</term> + <listitem><para>If this parameter is specified, each new + connection will append log messages to the log file. + This is the default.</para></listitem> + </varlistentry> + + <varlistentry> <term>-i</term> <listitem><para>If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell. Setting this parameter negates the implicit daemon mode when run from the command line. <command>nmbd</command> also logs to standard - output, as if the <constant>-S</constant> parameter had been + output, as if the <command>-S</command> parameter had been given. </para></listitem> </varlistentry> - &stdarg.help; + <varlistentry> + <term>-o</term> + <listitem><para>If this parameter is specified, the + log files will be overwritten when opened. By default, + <command>smbd</command> will append entries to the log + files.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem><para>Prints the help information (usage) + for <command>nmbd</command>.</para></listitem> + </varlistentry> <varlistentry> <term>-H <filename></term> <listitem><para>NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name - resolution mechanism <ulink url="smb.conf.5.html#nameresolveorder"><parameter>name resolve - order</parameter></ulink> described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> to resolve any - NetBIOS name queries needed by the server. Note + resolution mechanism <ulink url="smb.conf.5.html#nameresolveorder"> + name resolve order</ulink> described in <ulink + url="smb.conf.5.html"> <filename>smb.conf(5)</filename></ulink> + to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are <emphasis>NOT</emphasis> used by <command>nmbd</command> to answer any name queries. Adding a line to this file affects name NetBIOS resolution @@ -144,13 +160,71 @@ Samba as part of the build process. Common defaults are <filename>/usr/local/samba/lib/lmhosts</filename>, <filename>/usr/samba/lib/lmhosts</filename> or - <filename>/etc/samba/lmhosts</filename>. See the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> man page for details on the contents of this file.</para></listitem> + <filename>/etc/lmhosts</filename>. See the + <ulink url="lmhosts.5.html"><filename>lmhosts(5)</filename></ulink> + man page for details on the contents of this file.</para></listitem> </varlistentry> - &popt.common.samba; + <varlistentry> + <term>-V</term> + <listitem><para>Prints the version number for + <command>nmbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-d <debug level></term> + <listitem><para>debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.</para> + + <para>The higher this value, the more detail will + be logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.</para> + + <para>Levels above 1 will generate considerable amounts + of log data, and should only be used when investigating + a problem. Levels above 3 are designed for use only by developers + and generate HUGE amounts of log data, most of which is extremely + cryptic.</para> + + <para>Note that specifying this parameter here will override + the <ulink url="smb.conf.5.html#loglevel">log level</ulink> + parameter in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file.</para></listitem> + </varlistentry> <varlistentry> + <term>-l <log directory></term> + <listitem><para>The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running <command>nmbd</command> + server. The default log directory is compiled into Samba + as part of the build process. Common defaults are <filename> + /usr/local/samba/var/log.nmb</filename>, <filename> + /usr/samba/var/log.nmb</filename> or + <filename>/var/log/log.nmb</filename>. <emphasis>Beware:</emphasis> + If the directory specified does not exist, <command>nmbd</command> + will log to the default debug log location defined at compile time. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-n <primary NetBIOS name></term> + <listitem><para>This option allows you to override + the NetBIOS name that Samba uses for itself. This is identical + to setting the <ulink url="smb.conf.5.html#netbiosname"> + NetBIOS name</ulink> parameter in the <ulink url="smb.conf.5.html"> + <filename>smb.conf</filename></ulink> file. However, a command + line setting will take precedence over settings in + <filename>smb.conf</filename>.</para></listitem> + </varlistentry> + + + <varlistentry> <term>-p <UDP port number></term> <listitem><para>UDP port number is a positive integer value. This option changes the default UDP port number (normally 137) @@ -159,6 +233,18 @@ won't need help!</para></listitem> </varlistentry> + <varlistentry> + <term>-s <configuration file></term> + <listitem><para>The default configuration file name + is set at build time, typically as <filename> + /usr/local/samba/lib/smb.conf</filename>, but + this may be changed when Samba is autoconfigured.</para> + + <para>The file specified contains the configuration details + required by the server. See <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> for more information. + </para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -172,7 +258,7 @@ <command>inetd</command> meta-daemon, this file must contain suitable startup information for the meta-daemon. See the <ulink - url="install.html">install</ulink> document + url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details. </para></listitem> </varlistentry> @@ -185,7 +271,7 @@ <para>If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server. See the <ulink - url="install.html">"How to Install and Test SAMBA"</ulink> document + url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> @@ -195,23 +281,21 @@ meta-daemon <command>inetd</command>, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp). - See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of - the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> server - configuration file. Other common places that systems + <listitem><para>This is the default location of the + <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> + server configuration file. Other common places that systems install this file are <filename>/usr/samba/lib/smb.conf</filename> - and <filename>/etc/samba/smb.conf</filename>.</para> + and <filename>/etc/smb.conf</filename>.</para> <para>When run as a WINS server (see the - <ulink url="smb.conf.5.html#WINSSUPPORT"><constant>wins support</constant></ulink> - parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> man page), + <ulink url="smb.conf.5.html#WINSSUPPORT">wins support</ulink> + parameter in the <filename>smb.conf(5)</filename> man page), <command>nmbd</command> will store the WINS database in the file <filename>wins.dat</filename> in the <filename>var/locks</filename> directory configured under @@ -219,9 +303,9 @@ <para>If <command>nmbd</command> is acting as a <emphasis> browse master</emphasis> (see the <ulink - url="smb.conf.5.html#LOCALMASTER"><constant>local master</constant></ulink> - parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> man page, <command>nmbd</command> + url="smb.conf.5.html#LOCALMASTER">local master</ulink> + parameter in the <filename>smb.conf(5)</filename> man page, + <command>nmbd</command> will store the browsing database in the file <filename>browse.dat </filename> in the <filename>var/locks</filename> directory configured under wherever Samba was configured to install itself. @@ -247,11 +331,10 @@ cause <command>nmbd</command> to dump out its server database in the <filename>log.nmb</filename> file.</para> - <para>The debug log level of nmbd may be raised or lowered - using <citerefentry><refentrytitle>smbcontrol</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> (SIGUSR[1|2] signals - are no longer used since Samba 2.2). This is to allow - transient problems to be diagnosed, whilst still running + <para>The debug log level of nmbd may be raised or lowered using + <ulink url="smbcontrol.1.html"><command>smbcontrol(1)</command> + </ulink> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + to allow transient problems to be diagnosed, whilst still running at a normally low log level.</para> </refsect1> @@ -265,15 +348,14 @@ <refsect1> <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>inetd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, and the Internet - RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + <para><command>inetd(8)</command>, <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink>, <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="testparm.1.html"><command> + testparm(1)</command></ulink>, <ulink url="testprns.1.html"> + <command>testprns(1)</command></ulink>, and the Internet RFC's + <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. In addition the CIFS (formerly SMB) specification is available as a link from the Web page <ulink url="http://samba.org/cifs/"> http://samba.org/cifs/</ulink>.</para> @@ -289,11 +371,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml index 176050b9c8..33ae631ed9 100644 --- a/docs/docbook/manpages/nmblookup.1.sgml +++ b/docs/docbook/manpages/nmblookup.1.sgml @@ -1,6 +1,4 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> <refentry id="nmblookup"> <refmeta> @@ -38,8 +36,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>nmblookup</command> is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP @@ -68,7 +66,7 @@ query to a machine running a WINS server and the user wishes to query the names in the WINS server. If this bit is unset the normal (broadcast responding) NetBIOS processing code - on a machine is used instead. See RFC1001, RFC1002 for details. + on a machine is used instead. See rfc1001, rfc1002 for details. </para></listitem> </varlistentry> @@ -88,8 +86,8 @@ where it ignores the source port of the requesting packet and only replies to UDP port 137. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and - in addition, if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon is running on this machine it also binds to this port. + in addition, if the <ulink url="nmbd.8.html">nmbd(8)</ulink> + daemon is running on this machine it also binds to this port. </para></listitem> </varlistentry> @@ -103,8 +101,12 @@ - &popt.common.connection; - &stdarg.help; + <varlistentry> + <term>-h</term> + <listitem><para>Print a help (usage) message.</para></listitem> + </varlistentry> + + <varlistentry> <term>-B <broadcast address></term> @@ -113,8 +115,7 @@ query to the broadcast address of the network interfaces as either auto-detected or defined in the <ulink url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter> - </ulink> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file. + </ulink> parameter of the <filename>smb.conf (5)</filename> file. </para></listitem> </varlistentry> @@ -129,8 +130,48 @@ </varlistentry> - &popt.common.samba; + <varlistentry> + <term>-d <debuglevel></term> + <listitem><para>debuglevel is an integer from 0 to 10.</para> + <para>The default value if this parameter is not specified + is zero.</para> + + <para>The higher this value, the more detail will be logged + about the activities of <command>nmblookup</command>. At level + 0, only critical errors and serious warnings will be logged.</para> + + <para>Levels above 1 will generate considerable amounts of + log data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of data, most of which is extremely cryptic.</para> + + <para>Note that specifying this parameter here will override + the <ulink url="smb.conf.5.html#LOGLEVEL"><parameter> + log level</parameter></ulink> parameter in the <filename> + smb.conf(5)</filename> file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-s <smb.conf></term> + <listitem><para>This parameter specifies the pathname to + the Samba configuration file, <ulink url="smb.conf.5.html"> + smb.conf(5)</ulink>. This file controls all aspects of + the Samba setup on the machine.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i <scope></term> + <listitem><para>This specifies a NetBIOS scope that + <command>nmblookup</command> will use to communicate with when + generating NetBIOS names. For details on the use of NetBIOS + scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are + <emphasis>very</emphasis> rarely used, only set this parameter + if you are the system administrator in charge of all the + NetBIOS systems you communicate with.</para></listitem> + </varlistentry> + + <varlistentry> <term>-T</term> <listitem><para>This causes any IP addresses found in the @@ -157,7 +198,7 @@ <listitem><para>This is the NetBIOS name being queried. Depending upon the previous options this may be a NetBIOS name or IP address. If a NetBIOS name then the different name types may be specified - by appending '#<type>' to the name. This name may also be + by appending '#<type>' to the name. This name may also be '*', which will return all registered names within a broadcast area.</para></listitem> </varlistentry> @@ -170,8 +211,8 @@ <para><command>nmblookup</command> can be used to query a WINS server (in the same way <command>nslookup</command> is - used to query DNS servers). To query a WINS server, <command>nmblookup</command> - must be called like this:</para> + used to query DNS servers). To query a WINS server, + <command>nmblookup</command> must be called like this:</para> <para><command>nmblookup -U server -R 'name'</command></para> @@ -192,10 +233,10 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, and <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="samba.7.html">samba(7)</ulink>, and <ulink + url="smb.conf.5.html">smb.conf(5)</ulink> + </para> </refsect1> <refsect1> @@ -208,11 +249,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml index fc9a212c19..2457d899de 100644 --- a/docs/docbook/manpages/pdbedit.8.sgml +++ b/docs/docbook/manpages/pdbedit.8.sgml @@ -1,7 +1,7 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; ]> -<refentry id="pdbedit.8"> +<refentry id="pdbedit"> <refmeta> <refentrytitle>pdbedit</refentrytitle> @@ -33,19 +33,18 @@ <arg choice="opt">-e passdb-backend</arg> <arg choice="opt">-g</arg> <arg choice="opt">-b passdb-backend</arg> - <arg choice="opt">-g</arg> <arg choice="opt">-d debuglevel</arg> <arg choice="opt">-s configfile</arg> <arg choice="opt">-P account-policy</arg> - <arg choice="opt">-C value</arg> + <arg choice="opt">-V value</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.</para> @@ -69,11 +68,12 @@ present in the users database. This option prints a list of user/uid pairs separated by the ':' character.</para> + <para>Example: <command>pdbedit -l</command></para> - <para><screen> -sorce:500:Simo Sorce -samba:45:Test User -</screen></para> + <para><programlisting> + sorce:500:Simo Sorce + samba:45:Test User + </programlisting></para> </listitem> </varlistentry> @@ -86,26 +86,26 @@ samba:45:Test User out the account fields in a descriptive format.</para> <para>Example: <command>pdbedit -l -v</command></para> - <para><screen> ---------------- -username: sorce -user ID/Group: 500/500 -user RID/GRID: 2000/2001 -Full Name: Simo Sorce -Home Directory: \\BERSERKER\sorce -HomeDir Drive: H: -Logon Script: \\BERSERKER\netlogon\sorce.bat -Profile Path: \\BERSERKER\profile ---------------- -username: samba -user ID/Group: 45/45 -user RID/GRID: 1090/1091 -Full Name: Test User -Home Directory: \\BERSERKER\samba -HomeDir Drive: -Logon Script: -Profile Path: \\BERSERKER\profile -</screen></para> + <para><programlisting> + --------------- + username: sorce + user ID/Group: 500/500 + user RID/GRID: 2000/2001 + Full Name: Simo Sorce + Home Directory: \\BERSERKER\sorce + HomeDir Drive: H: + Logon Script: \\BERSERKER\netlogon\sorce.bat + Profile Path: \\BERSERKER\profile + --------------- + username: samba + user ID/Group: 45/45 + user RID/GRID: 1090/1091 + Full Name: Test User + Home Directory: \\BERSERKER\samba + HomeDir Drive: + Logon Script: + Profile Path: \\BERSERKER\profile + </programlisting></para> </listitem> </varlistentry> @@ -116,15 +116,14 @@ Profile Path: \\BERSERKER\profile <listitem><para>This option sets the "smbpasswd" listing format. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the - <filename>smbpasswd</filename> file format. (see the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details)</para> + <filename>smbpasswd</filename> file format. (see the <ulink + url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para> <para>Example: <command>pdbedit -l -w</command></para> - <screen> -sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: -samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: -</screen> + <para><programlisting> + sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: + samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: + </programlisting></para> </listitem> </varlistentry> @@ -138,6 +137,8 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX operations.</para> </listitem> </varlistentry> + + <varlistentry> <term>-f fullname</term> @@ -162,6 +163,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX </listitem> </varlistentry> + <varlistentry> <term>-D drive</term> <listitem><para>This option can be used while adding or @@ -206,10 +208,9 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ask for the password to be used.</para> <para>Example: <command>pdbedit -a -u sorce</command> -<programlisting>new password: -retype new password -</programlisting> -</para> + <programlisting>new password: + retype new password</programlisting> + </para> </listitem> </varlistentry> @@ -278,18 +279,6 @@ retype new password </varlistentry> <varlistentry> - <term>-g</term> - <listitem><para>If you specify <parameter>-g</parameter>, - then <parameter>-i in-backend -e out-backend</parameter> - applies to the group mapping instead of the user database. - - <para>This option will ease migration from one passdb backend to - another and will ease backing up.</para> - - </listitem> - </varlistentry> - - <varlistentry> <term>-b passdb-backend</term> <listitem><para>Use a different default passdb backend. </para> @@ -305,30 +294,31 @@ retype new password maximum password age and bad lockout attempt.</para> <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para> -<para><programlisting> -account policy value for bad lockout attempt is 0 -</programlisting></para> + <para><programlisting> + account policy value for bad lockout attempt is 0 + </programlisting></para> </listitem> </varlistentry> <varlistentry> - <term>-C account-policy-value</term> + <term>-V account-policy-value</term> <listitem><para>Sets an account policy to a specified value. This option may only be used in conjunction with the <parameter>-P</parameter> option. </para> - <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para> -<para><programlisting> -account policy value for bad lockout attempt was 0 -account policy value for bad lockout attempt is now 3 -</programlisting></para> + <para>Example: <command>pdbedit -P "bad lockout attempt" -V 3</command></para> + <para><programlisting> + account policy value for bad lockout attempt was 0 + account policy value for bad lockout attempt is now 3 + </programlisting></para> </listitem> </varlistentry> + &stdarg.debuglevel; &stdarg.help; - &popt.common.samba; + &stdarg.configfile; </variablelist> </refsect1> @@ -350,9 +340,9 @@ account policy value for bad lockout attempt is now 3 <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry></para> + <para><ulink url="smbpasswd.8.html">smbpasswd(8)</ulink>, + <ulink url="samba.7.html">samba(7)</ulink> + </para> </refsect1> <refsect1> @@ -365,11 +355,11 @@ account policy value for bad lockout attempt is now 3 <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/profiles.1.sgml b/docs/docbook/manpages/profiles.1.sgml deleted file mode 100644 index 6ec8055c28..0000000000 --- a/docs/docbook/manpages/profiles.1.sgml +++ /dev/null @@ -1,89 +0,0 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="profiles.1"> - -<refmeta> - <refentrytitle>profiles</refentrytitle> - <manvolnum>1</manvolnum> -</refmeta> - - -<refnamediv> - <refname>profiles</refname> - <refpurpose>A utility to report and change SIDs in registry files - </refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>profiles</command> - <arg choice="opt">-v</arg> - <arg choice="opt">-c SID</arg> - <arg choice="opt">-n SID</arg> - <arg choice="req">file</arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para><command>profiles</command> is a utility that - reports and changes SIDs in windows registry files. It currently only - supports NT. - </para> -</refsect1> - - -<refsect1> - <title>OPTIONS</title> - - <variablelist> - <varlistentry> - <term>file</term> - <listitem><para>Registry file to view or edit. </para></listitem> - </varlistentry> - - - <varlistentry> - <term>-v,--verbose</term> - <listitem><para>Increases verbosity of messages. - </para></listitem> - </varlistentry> - - &stdarg.help; - - - <varlistentry> - <term>-c SID1 -n SID2</term> - <listitem><para>Change all occurences of SID1 in <filename>file</filename> by SID2. - </para></listitem> - </varlistentry> - - &stdarg.help; - - </variablelist> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba - suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The profiles man page was written by Jelmer Vernooij. </para> -</refsect1> - -</refentry> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index 225bb064ff..10e0ff438d 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -1,7 +1,7 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; ]> -<refentry id="rpcclient.1"> +<refentry id="rpcclient"> <refmeta> <refentrytitle>rpcclient</refentrytitle> @@ -36,8 +36,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>rpcclient</command> is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone @@ -56,18 +56,42 @@ <listitem><para>NetBIOS name of Server to which to connect. The server can be any SMB/CIFS server. The name is resolved using the <ulink url="smb.conf.5.html#NAMERESOLVEORDER"> - <parameter>name resolve order</parameter></ulink> line from <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para></listitem> + <parameter>name resolve order</parameter></ulink> line from + <filename>smb.conf(5)</filename>.</para></listitem> </varlistentry> <varlistentry> + <term>-A|--authfile=filename</term> + <listitem><para>This option allows + you to specify a file from which to read the username and + password used in the connection. The format of the file is + </para> + + <para><programlisting> + username = <value> + password = <value> + domain = <value> + </programlisting></para> + + <para>Make certain that the permissions on the file restrict + access from unwanted users. </para></listitem> + </varlistentry> + + + + <varlistentry> <term>-c|--command='command string'</term> <listitem><para>execute semicolon separated commands (listed below)) </para></listitem> </varlistentry> - + + + + &stdarg.debuglevel; + &stdarg.help; + <varlistentry> <term>-I IP-address</term> <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. @@ -86,10 +110,72 @@ above. </para></listitem> </varlistentry> - &popt.common.samba; - &popt.common.credentials; - &popt.common.connection; - &stdarg.help; + + <varlistentry> + <term>-l|--logfile=logbasename</term> + <listitem><para>File name for log/debug files. The extension + <constant>'.client'</constant> will be appended. The log file is + never removed by the client. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-N|--nopass</term> + <listitem><para>instruct <command>rpcclient</command> not to ask + for a password. By default, <command>rpcclient</command> will + prompt for a password. See also the <parameter>-U</parameter> + option.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-s|--conf=smb.conf</term> + <listitem><para>Specifies the location of the all-important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-U|--user=username[%password]</term> + <listitem><para>Sets the SMB username or username and password. </para> + + <para>If %password is not specified, the user will be prompted. The + client will first check the <envar>USER</envar> environment variable, then the + <envar>LOGNAME</envar> variable and if either exists, the + string is uppercased. If these environmental variables are not + found, the username <constant>GUEST</constant> is used. </para> + + <para>A third option is to use a credentials file which + contains the plaintext of the username and password. This + option is mainly provided for scripts where the admin does not + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + <parameter>-A</parameter> for more details. </para> + + <para>Be cautious about including passwords in scripts. Also, on + many systems the command line of a running process may be seen + via the <command>ps</command> command. To be safe always allow + <command>rpcclient</command> to prompt for a password and type + it in directly. </para></listitem> + </varlistentry> + + + + + <varlistentry> + <term>-W|--workgroup=domain</term> + <listitem><para>Set the SMB domain of the username. This + overrides the default domain which is the domain defined in + smb.conf. If the domain specified is the same as the server's NetBIOS name, + it causes the client to log on using the server's local SAM (as + opposed to the Domain SAM). </para></listitem> + </varlistentry> + + </variablelist> </refsect1> @@ -128,10 +214,12 @@ </itemizedlist> <para> </para> + + <para><emphasis>SPOOLSS</emphasis></para> <itemizedlist> - <listitem><para><command>adddriver <arch> <config></command> + <listitem><para><command>adddriver <arch> <config></command> - Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should already exist in the directory returned by @@ -141,16 +229,16 @@ The <parameter>config</parameter> parameter is defined as follows: </para> -<para><programlisting> -Long Printer Name:\ -Driver File Name:\ -Data File Name:\ -Config File Name:\ -Help File Name:\ -Language Monitor Name:\ -Default Data Type:\ -Comma Separated list of Files -</programlisting></para> + <para><programlisting> + Long Printer Name:\ + Driver File Name:\ + Data File Name:\ + Config File Name:\ + Help File Name:\ + Language Monitor Name:\ + Default Data Type:\ + Comma Separated list of Files + </programlisting></para> <para>Any empty fields should be enter as the string "NULL". </para> @@ -160,7 +248,10 @@ Comma Separated list of Files be "NULL". On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or else the RPC will fail. </para></listitem> - + + + + <listitem><para><command>addprinter <printername> <sharename> <drivername> <port></command> - Add a printer on the remote server. This printer @@ -296,7 +387,7 @@ Comma Separated list of Files <para>From Luke Leighton's original rpcclient man page:</para> - <para><emphasis>WARNING!</emphasis> The MSRPC over SMB code has + <para><emphasis>"WARNING!</emphasis> The MSRPC over SMB code has been developed from examining Network traces. No documentation is available from the original creators (Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services work. Microsoft's @@ -304,13 +395,12 @@ Comma Separated list of Files to be... a bit flaky in places. </para> <para>The development of Samba's implementation is also a bit rough, - and as more of the services are understood, it can even result in - versions of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>rpcclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> that are incompatible for some commands or services. Additionally, + and as more of the services are understood, it can even result in + versions of <command>smbd(8)</command> and <command>rpcclient(1)</command> + that are incompatible for some commands or services. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may - result in incompatibilities.</para> + result in incompatibilities." </para> </refsect1> @@ -332,8 +422,7 @@ Comma Separated list of Files <para>The original rpcclient man page was written by Matthew Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. The conversion to DocBook for Samba 2.2 was done by Gerald - Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was - done by Alexander Bokovoy.</para> + Carter.</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml index a352a6a7c6..17865edd81 100644 --- a/docs/docbook/manpages/samba.7.sgml +++ b/docs/docbook/manpages/samba.7.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="samba.7"> +<refentry id="samba"> <refmeta> <refentrytitle>samba</refentrytitle> @@ -8,7 +8,7 @@ <refnamediv> - <refname>Samba</refname> + <refname>SAMBA</refname> <refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose> </refnamediv> @@ -29,30 +29,26 @@ <variablelist> <varlistentry> - <term><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>smbd</command> daemon provides the file and print services to + <term><command>smbd</command></term> + <listitem><para>The <command>smbd </command> + daemon provides the file and print services to SMB clients, such as Windows 95/98, Windows NT, Windows for Workgroups or LanManager. The configuration file - for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> + for this daemon is described in <filename>smb.conf</filename> </para></listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> + <term><command>nmbd</command></term> <listitem><para>The <command>nmbd</command> daemon provides NetBIOS nameservice and browsing support. The configuration file for this daemon - is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + is described in <filename>smb.conf</filename></para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>smbclient</command></term> <listitem><para>The <command>smbclient</command> program implements a simple ftp-like client. This is useful for accessing SMB shares on other compatible @@ -63,17 +59,15 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>testparm</command></term> <listitem><para>The <command>testparm</command> - utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + utility is a simple syntax checker for Samba's + <filename>smb.conf</filename>configuration file.</para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>testprns</command></term> <listitem><para>The <command>testprns</command> utility supports testing printer names defined in your <filename>printcap</filename> file used @@ -82,8 +76,7 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbstatus</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>smbstatus</command></term> <listitem><para>The <command>smbstatus</command> tool provides access to information about the current connections to <command>smbd</command>.</para> @@ -91,8 +84,7 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>nmblookup</command></term> <listitem><para>The <command>nmblookup</command> tools allows NetBIOS name queries to be made from a UNIX host.</para> @@ -100,18 +92,15 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbgroupedit</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>smbgroupedit</command> - tool allows for mapping unix groups to NT Builtin, - Domain, or Local groups. Also it allows setting - priviledges for that group, such as saAddUser, etc.</para> + <term><command>make_smbcodepage</command></term> + <listitem><para>The <command>make_smbcodepage</command> + utility provides a means of creating SMB code page + definition files for your <command>smbd</command> server.</para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> + <term><command>smbpasswd</command></term> <listitem><para>The <command>smbpasswd</command> command is a tool for changing LanMan and Windows NT password hashes on Samba and Windows NT servers.</para> @@ -158,8 +147,8 @@ list. Details on how to join the mailing list are given in the README file that comes with Samba.</para> - <para>If you have access to a WWW viewer (such as Mozilla - or Konqueror) then you will also find lots of useful information, + <para>If you have access to a WWW viewer (such as Netscape + or Mosaic) then you will also find lots of useful information, including back issues of the Samba mailing list, at <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para> </refsect1> @@ -167,7 +156,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the + <para>This man page is correct for version 2.2 of the Samba suite. </para> </refsect1> @@ -181,8 +170,8 @@ <para>If you have patches to submit, visit <ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink> - for information on how to do it properly. We prefer patches - in <command>diff -u</command> format.</para> + for information on how to do it properly. We prefer patches in + <command>diff -u</command> format.</para> </refsect1> <refsect1> @@ -217,11 +206,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML - 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 0968faa584..c45b698a41 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smb.conf.5"> +<refentry id="smb.conf"> <refmeta> <refentrytitle>smb.conf</refentrytitle> @@ -15,13 +15,14 @@ <refsect1> <title>SYNOPSIS</title> - <para>The <filename>smb.conf</filename> file is a configuration - file for the Samba suite. <filename>smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename>smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> + <para>The <filename>smb.conf</filename> file is a configuration + file for the Samba suite. <filename>smb.conf</filename> contains + runtime configuration information for the Samba programs. The + <filename>smb.conf</filename> file is designed to be configured and + administered by the <ulink url="swat.8.html"><command>swat(8)</command> + </ulink> program. The complete description of the file format and + possible parameters held within are here for reference purposes.</para> +</refsect1> <refsect1> <title id="FILEFORMATSECT">FILE FORMAT</title> @@ -104,13 +105,13 @@ The user has write access to the path <filename>/home/bar</filename>. The share is accessed via the share name "foo":</para> -<screen> -<computeroutput> -[foo] - path = /home/bar - read only = no -</computeroutput> -</screen> + <screen> + <computeroutput> + [foo] + path = /home/bar + read only = no + </computeroutput> + </screen> <para>The following sample section defines a printable share. The share is readonly, but printable. That is, the only write @@ -119,15 +120,15 @@ access will be permitted as the default guest user (specified elsewhere):</para> -<screen> -<computeroutput> -[aprinter] - path = /usr/spool/public - read only = yes - printable = yes - guest ok = yes -</computeroutput> -</screen> + <screen> + <computeroutput> + [aprinter] + path = /usr/spool/public + read only = yes + printable = yes + guest ok = yes + </computeroutput> + </screen> </refsect1> <refsect1> @@ -191,12 +192,12 @@ than others. The following is a typical and suitable [homes] section:</para> -<screen> -<computeroutput> -[homes] - read only = no -</computeroutput> -</screen> + <screen> + <computeroutput> + [homes] + read only = no + </computeroutput> + </screen> <para>An important point is that if guest access is specified in the [homes] section, all home directories will be @@ -256,12 +257,12 @@ it. A typical [printers] entry would look like this:</para> -<screen><computeroutput> -[printers] - path = /usr/spool/public - guest ok = yes - printable = yes -</computeroutput></screen> + <screen><computeroutput> + [printers] + path = /usr/spool/public + guest ok = yes + printable = yes + </computeroutput></screen> <para>All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. @@ -269,11 +270,11 @@ to set up a pseudo-printcap. This is a file consisting of one or more lines like this:</para> -<screen> -<computeroutput> -alias|alias|alias|alias... -</computeroutput> -</screen> + <screen> + <computeroutput> + alias|alias|alias|alias... + </computeroutput> + </screen> <para>Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, specify @@ -471,7 +472,7 @@ alias|alias|alias|alias... </variablelist> <para>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</para> + with these substitutions and other smb.conf options.</para </refsect1> <refsect1> @@ -551,7 +552,7 @@ alias|alias|alias|alias... then steps 1 to 5 are skipped.</para> - <orderedlist numeration="arabic"> + <orderedlist numeration="Arabic"> <listitem><para>If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs then the connection is made as that @@ -685,7 +686,6 @@ alias|alias|alias|alias... <listitem><para><link linkend="LOGONSCRIPT"><parameter>logon script</parameter></link></para></listitem> <listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem> <listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLEPREFIX"><parameter>mangle prefix</parameter></link></para></listitem> <listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem> <listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem> <listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem> @@ -731,6 +731,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="PRELOAD"><parameter>preload</parameter></link></para></listitem> <listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem> <listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVERFILE"><parameter>printer driver file</parameter></link></para></listitem> <listitem><para><link linkend="PRIVATEDIR"><parameter>private dir</parameter></link></para></listitem> <listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem> <listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem> @@ -770,6 +771,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem> <listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem> <listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem> + <listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem> <listitem><para><link linkend="USESENDFILE"><parameter>use sendfile</parameter></link></para></listitem> <listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem> <listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem> @@ -805,7 +807,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="ALLOWHOSTS"><parameter>allow hosts</parameter></link></para></listitem> <listitem><para><link linkend="AVAILABLE"><parameter>available</parameter></link></para></listitem> <listitem><para><link linkend="BLOCKINGLOCKS"><parameter>blocking locks</parameter></link></para></listitem> - <listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem> +<listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem> <listitem><para><link linkend="BROWSABLE"><parameter>browsable</parameter></link></para></listitem> <listitem><para><link linkend="BROWSEABLE"><parameter>browseable</parameter></link></para></listitem> <listitem><para><link linkend="CASESENSITIVE"><parameter>case sensitive</parameter></link></para></listitem> @@ -881,6 +883,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="PATH"><parameter>path</parameter></link></para></listitem> <listitem><para><link linkend="POSIXLOCKING"><parameter>posix locking</parameter></link></para></listitem> <listitem><para><link linkend="POSTEXEC"><parameter>postexec</parameter></link></para></listitem> + <listitem><para><link linkend="POSTSCRIPT"><parameter>postscript</parameter></link></para></listitem> <listitem><para><link linkend="PREEXEC"><parameter>preexec</parameter></link></para></listitem> <listitem><para><link linkend="PREEXECCLOSE"><parameter>preexec close</parameter></link></para></listitem> <listitem><para><link linkend="PRESERVECASE"><parameter>preserve case</parameter></link></para></listitem> @@ -889,6 +892,8 @@ alias|alias|alias|alias... <listitem><para><link linkend="PRINTABLE"><parameter>printable</parameter></link></para></listitem> <listitem><para><link linkend="PRINTER"><parameter>printer</parameter></link></para></listitem> <listitem><para><link linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVER"><parameter>printer driver</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVERLOCATION"><parameter>printer driver location</parameter></link></para></listitem> <listitem><para><link linkend="PRINTERNAME"><parameter>printer name</parameter></link></para></listitem> <listitem><para><link linkend="PRINTING"><parameter>printing</parameter></link></para></listitem> <listitem><para><link linkend="PUBLIC"><parameter>public</parameter></link></para></listitem> @@ -934,10 +939,10 @@ alias|alias|alias|alias... <variablelist> <varlistentry> - <term><anchor id="ABORTSHUTDOWNSCRIPT"/>abort shutdown script (G)</term> + <term><anchor id="ABORTSHUTDOWNSCRIPT">abort shutdown script (G)</term> <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> that + This a full path name to a script called by + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link>.</para> @@ -949,7 +954,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADDPRINTERCOMMAND"/>addprinter command (G)</term> + <term><anchor id="ADDPRINTERCOMMAND">addprinter command (G)</term> <listitem><para>With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the @@ -963,12 +968,12 @@ alias|alias|alias|alias... will perform the necessary operations for adding the printer to the print system and to add the appropriate service definition to the <filename>smb.conf</filename> file in order that it can be - shared by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + shared by <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> <para>The <parameter>addprinter command</parameter> is automatically invoked with the following parameter (in - order):</para> + order:</para> <itemizedlist> <listitem><para><parameter>printer name</parameter></para></listitem> @@ -985,22 +990,16 @@ alias|alias|alias|alias... driver location" parameter is included for backwards compatibility only. The remaining fields in the structure are generated from answers to the APW questions.</para> - + <para>Once the <parameter>addprinter command</parameter> has been executed, <command>smbd</command> will reparse the <filename> smb.conf</filename> to determine if the share defined by the APW exists. If the sharename is still invalid, then <command>smbd </command> will return an ACCESS_DENIED error to the client.</para> - - <para> - The "add printer command" program can output a single line of text, - which Samba will set as the port the new printer is connected to. - If this line isn't output, Samba won't reload its printer shares. - </para> <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter> deleteprinter command</parameter></link>, <link - linkend="PRINTING"><parameter>printing</parameter></link>, + linkend="printing"><parameter>printing</parameter></link>, <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para> @@ -1013,7 +1012,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="ADDSHARECOMMAND"/>add share command (G)</term> + <term><anchor id="ADDSHARECOMMAND">add share command (G)</term> <listitem><para>Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The <parameter>add share command</parameter> is used to define an @@ -1067,10 +1066,9 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="ADDMACHINESCRIPT"/>add machine script (G)</term> + <term><anchor id="ADDMACHINESCRIPT">add machine script (G)</term> <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a machine is added + be run by <ulink url="smbd.8.html">smbd(8)</ulink> when a machine is added to it's domain using the administrator username and password method. </para> <para>This option is only required when using sam back-ends tied to the @@ -1086,7 +1084,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADSSERVER"/>ads server (G)</term> + <term><anchor id="ADSSERVER">ads server (G)</term> <listitem><para>If this option is specified, samba does not try to figure out what ads server to use itself, but uses the specified ads server. Either one DNS name or IP @@ -1099,10 +1097,10 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> + <term><anchor id="ADDUSERSCRIPT">add user script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8) + </ulink> under special circumstances described below.</para> <para>Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites @@ -1112,16 +1110,16 @@ alias|alias|alias|alias... url="smbd.8.html">smbd</ulink> to create the required UNIX users <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> - <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter> + <para>In order to use this option, <ulink url="smbd.8.html">smbd</ulink> + must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter> and <parameter>add user script</parameter> must be set to a full pathname for a script that will create a UNIX user given one argument of <parameter>%u</parameter>, which expands into the UNIX user name to create.</para> <para>When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts the <parameter>password server</parameter> and + at login (session setup in the SMB protocol) time, <ulink url="smbd.8.html"> + smbd</ulink> contacts the <parameter>password server</parameter> and attempts to authenticate the given user with the given password. If the authentication succeeds then <command>smbd</command> attempts to find a UNIX user in the UNIX password database to map the @@ -1149,10 +1147,10 @@ alias|alias|alias|alias... </listitem> </varlistentry> - <varlistentry><term><anchor id="ADDGROUPSCRIPT"/>add group script (G)</term> + <varlistentry><term><anchor id="ADDGROUPSCRIPT">add group script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a new group is + be run <emphasis>AS ROOT</emphasis> by <ulink + url="smbd.8.html">smbd(8)</ulink> when a new group is requested. It will expand any <parameter>%g</parameter> to the group name passed. This script is only useful for installations using the @@ -1165,7 +1163,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADMINUSERS"/>admin users (S)</term> + <term><anchor id="ADMINUSERS">admin users (S)</term> <listitem><para>This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).</para> @@ -1181,13 +1179,13 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADDUSERTOGROUPSCRIPT"/>add user to group script (G)</term> + <term><anchor id="ADDUSERTOGROUPSCRIPT">add user to group script (G)</term> <listitem><para>Full path to the script that will be called when a user is added to a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter>%g</parameter> will be replaced with the group name and - any <parameter>%u</parameter> will be replaced with the user name. + tools. It will be run by <ulink url="smbd.8.html">smbd(8)</ulink> + <emphasis>AS ROOT</emphasis>. Any <parameter>%g</parameter> will be + replaced with the group name and any <parameter>%u</parameter> will + be replaced with the user name. </para> <para>Default: <command>add user to group script = </command></para> @@ -1198,13 +1196,13 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ALLOWHOSTS"/>allow hosts (S)</term> + <term><anchor id="ALLOWHOSTS">allow hosts (S)</term> <listitem><para>Synonym for <link linkend="HOSTSALLOW"> <parameter>hosts allow</parameter></link>.</para></listitem> </varlistentry> <varlistentry> - <term><anchor id="ALGORITHMICRIDBASE"/>algorithmic rid base (G)</term> + <term><anchor id="ALGORITHMICRIDBASE">algorithmic rid base (G)</term> <listitem><para>This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers.</para> @@ -1227,7 +1225,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ALLOWTRUSTEDDOMAINS"/>allow trusted domains (G)</term> + <term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term> <listitem><para>This option only takes effect when the <link linkend="SECURITY"><parameter>security</parameter></link> option is set to <constant>server</constant> or <constant>domain</constant>. @@ -1251,9 +1249,10 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ANNOUNCEAS"/>announce as (G)</term> - <listitem><para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse + <term><anchor id="ANNOUNCEAS">announce as (G)</term> + <listitem><para>This specifies what type of server + <ulink url="nmbd.8.html"><command>nmbd</command></ulink> + will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, @@ -1272,7 +1271,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="ANNOUNCEVERSION"/>announce version (G)</term> + <term><anchor id="ANNOUNCEVERSION">announce version (G)</term> <listitem><para>This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.9. Do not change this parameter unless you have a specific @@ -1287,7 +1286,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="AUTOSERVICES"/>auto services (G)</term> + <term><anchor id="AUTOSERVICES">auto services (G)</term> <listitem><para>This is a synonym for the <link linkend="PRELOAD"> <parameter>preload</parameter></link>.</para> </listitem> @@ -1296,7 +1295,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="AUTHMETHODS"/>auth methods (G)</term> + <term><anchor id="AUTHMETHODS">auth methods (G)</term> <listitem><para>This option allows the administrator to chose what authentication methods <command>smbd</command> will use when authenticating a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter> @@ -1314,7 +1313,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="AVAILABLE"/>available (S)</term> + <term><anchor id="AVAILABLE">available (S)</term> <listitem><para>This parameter lets you "turn off" a service. If <parameter>available = no</parameter>, then <emphasis>ALL</emphasis> attempts to connect to the service will fail. Such failures are @@ -1328,12 +1327,12 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="BINDINTERFACESONLY"/>bind interfaces only (G)</term> + <term><anchor id="BINDINTERFACESONLY">bind interfaces only (G)</term> <listitem><para>This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. It - affects file service <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and name service <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> in a slightly different ways.</para> + affects file service <ulink url="smbd.8.html">smbd(8)</ulink> and + name service <ulink url="nmbd.8.html">nmbd(8)</ulink> in slightly + different ways.</para> <para>For name service it causes <command>nmbd</command> to bind to ports 137 and 138 on the interfaces listed in the <link @@ -1353,9 +1352,8 @@ alias|alias|alias|alias... does defeat this simple check, however, so it must not be used seriously as a security feature for <command>nmbd</command>.</para> - <para>For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list - given in the <link linkend="INTERFACES"> + <para>For file service it causes <ulink url="smbd.8.html">smbd(8)</ulink> + to bind only to the interface list given in the <link linkend="INTERFACES"> interfaces</link> parameter. This restricts the networks that <command>smbd</command> will serve to packets coming in those interfaces. Note that you should not use this parameter for machines @@ -1364,9 +1362,10 @@ alias|alias|alias|alias... <para>If <parameter>bind interfaces only</parameter> is set then unless the network address <emphasis>127.0.0.1</emphasis> is added - to the <parameter>interfaces</parameter> parameter list <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> may not work as expected due to the reasons covered below.</para> + to the <parameter>interfaces</parameter> parameter list <ulink + url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> + and <ulink url="swat.8.html"><command>swat(8)</command></ulink> may + not work as expected due to the reasons covered below.</para> <para>To change a users SMB password, the <command>smbpasswd</command> by default connects to the <emphasis>localhost - 127.0.0.1</emphasis> @@ -1376,9 +1375,9 @@ alias|alias|alias|alias... <parameter>interfaces</parameter> parameter list then <command> smbpasswd</command> will fail to connect in it's default mode. <command>smbpasswd</command> can be forced to use the primary IP interface - of the local host by using its <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <parameter>-r <replaceable>remote machine</replaceable></parameter> - parameter, with <replaceable>remote machine</replaceable> set + of the local host by using its <ulink url="smbpasswd.8.html#minusr"> + <parameter>-r <replaceable>remote machine</replaceable></parameter> + </ulink> parameter, with <replaceable>remote machine</replaceable> set to the IP name of the primary interface of the local host.</para> <para>The <command>swat</command> status page tries to connect with @@ -1398,10 +1397,9 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="BLOCKINGLOCKS"/>blocking locks (S)</term> - <listitem><para>This parameter controls the behavior - of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when given a request by a client + <term><anchor id="BLOCKINGLOCKS">blocking locks (S)</term> + <listitem><para>This parameter controls the behavior of <ulink + url="smbd.8.html">smbd(8)</ulink> when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it.</para> @@ -1421,9 +1419,9 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="BLOCKSIZE"/>block size (S)</term> - <listitem><para>This parameter controls the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when reporting disk free + <term><anchor id="BLOCKSIZE">block size (S)</term> + <listitem><para>This parameter controls the behavior of + <ulink url="smbd.8.html">smbd(8)</ulink> when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes. </para> @@ -1437,19 +1435,27 @@ alias|alias|alias|alias... <para>Changing this option does not change the disk free reporting size, just the block size unit reported to the client.</para> - </listitem> - </varlistentry> + + <para>Default: <command>block size = 1024</command></para> + <para>Example: <command>block size = 65536</command></para> + + </listitem> + </varlistentry> + + <varlistentry> - <term><anchor id="BROWSABLE"/>browsable (S)</term> + <term><anchor id="BROWSABLE">browsable (S)</term> <listitem><para>See the <link linkend="BROWSEABLE"><parameter> browseable</parameter></link>.</para></listitem> </varlistentry> + + <varlistentry> - <term><anchor id="BROWSELIST"/>browse list (G)</term> - <listitem><para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will serve a browse list to + <term><anchor id="BROWSELIST">browse list (G)</term> + <listitem><para>This controls whether <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> will serve a browse list to a client doing a <command>NetServerEnum</command> call. Normally set to <constant>yes</constant>. You should never need to change this.</para> @@ -1460,7 +1466,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="BROWSEABLE"/>browseable (S)</term> + <term><anchor id="BROWSEABLE">browseable (S)</term> <listitem><para>This controls whether this share is seen in the list of available shares in a net view and in the browse list.</para> @@ -1471,7 +1477,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CASESENSITIVE"/>case sensitive (S)</term> + <term><anchor id="CASESENSITIVE">case sensitive (S)</term> <listitem><para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> @@ -1482,7 +1488,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CASESIGNAMES"/>casesignames (S)</term> + <term><anchor id="CASESIGNAMES">casesignames (S)</term> <listitem><para>Synonym for <link linkend="CASESENSITIVE">case sensitive</link>.</para></listitem> </varlistentry> @@ -1490,12 +1496,12 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CHANGENOTIFYTIMEOUT"/>change notify timeout (G)</term> + <term><anchor id="CHANGENOTIFYTIMEOUT">change notify timeout (G)</term> <listitem><para>This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of - a directory is expensive under UNIX, hence an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon only performs such a scan + a directory is expensive under UNIX, hence an <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> daemon only performs such a scan on each requested directory once every <parameter>change notify timeout</parameter> seconds.</para> @@ -1508,7 +1514,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CHANGESHARECOMMAND"/>change share command (G)</term> + <term><anchor id="CHANGESHARECOMMAND">change share command (G)</term> <listitem><para>Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The <parameter>change share command</parameter> is used to define an @@ -1558,8 +1564,12 @@ alias|alias|alias|alias... </listitem> </varlistentry> + + + + <varlistentry> - <term><anchor id="COMMENT"/>comment (S)</term> + <term><anchor id="COMMENT">comment (S)</term> <listitem><para>This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via <command>net view</command> to list what shares @@ -1576,7 +1586,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CONFIGFILE"/>config file (G)</term> + <term><anchor id="CONFIGFILE">config file (G)</term> <listitem><para>This allows you to override the config file to use, instead of the default (usually <filename>smb.conf</filename>). There is a chicken and egg problem here as this option is set @@ -1600,7 +1610,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="COPY"/>copy (S)</term> + <term><anchor id="COPY">copy (S)</term> <listitem><para>This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current @@ -1618,7 +1628,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CREATEMASK"/>create mask (S)</term> + <term><anchor id="CREATEMASK">create mask (S)</term> <listitem><para>A synonym for this parameter is <link linkend="CREATEMODE"><parameter>create mode</parameter> </link>.</para> @@ -1662,14 +1672,14 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CREATEMODE"/>create mode (S)</term> + <term><anchor id="CREATEMODE">create mode (S)</term> <listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter> create mask</parameter></link>.</para></listitem> </varlistentry> <varlistentry> - <term><anchor id="CSCPOLICY"/>csc policy (S)</term> + <term><anchor id="CSCPOLICY">csc policy (S)</term> <listitem><para>This stands for <emphasis>client-side caching policy</emphasis>, and specifies how clients capable of offline caching will cache the files in the share. The valid values @@ -1688,7 +1698,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="DEADTIME"/>deadtime (G)</term> + <term><anchor id="DEADTIME">deadtime (G)</term> <listitem><para>The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes @@ -1714,7 +1724,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGHIRESTIMESTAMP"/>debug hires timestamp (G)</term> + <term><anchor id="DEBUGHIRESTIMESTAMP">debug hires timestamp (G)</term> <listitem><para>Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp @@ -1731,7 +1741,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGPID"/>debug pid (G)</term> + <term><anchor id="DEBUGPID">debug pid (G)</term> <listitem><para>When using only one log file for more then one forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id @@ -1746,7 +1756,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGTIMESTAMP"/>debug timestamp (G)</term> + <term><anchor id="DEBUGTIMESTAMP">debug timestamp (G)</term> <listitem><para>Samba debug log messages are timestamped by default. If you are running at a high <link linkend="DEBUGLEVEL"> <parameter>debug level</parameter></link> these timestamps @@ -1759,7 +1769,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGUID"/>debug uid (G)</term> + <term><anchor id="DEBUGUID">debug uid (G)</term> <listitem><para>Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers @@ -1775,7 +1785,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGLEVEL"/>debuglevel (G)</term> + <term><anchor id="DEBUGLEVEL">debuglevel (G)</term> <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter> log level</parameter></link>.</para> </listitem> @@ -1784,7 +1794,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULT"/>default (G)</term> + <term><anchor id="DEFAULT">default (G)</term> <listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter> default service</parameter></link>.</para></listitem> </varlistentry> @@ -1792,7 +1802,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULTCASE"/>default case (S)</term> + <term><anchor id="DEFAULTCASE">default case (S)</term> <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> <parameter>short preserve case</parameter></link> parameter.</para> @@ -1804,7 +1814,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULTDEVMODE"/>default devmode (S)</term> + <term><anchor id="DEFAULTDEVMODE">default devmode (S)</term> <listitem><para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba @@ -1842,7 +1852,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULTSERVICE"/>default service (G)</term> + <term><anchor id="DEFAULTSERVICE">default service (G)</term> <listitem><para>This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are <emphasis>NOT</emphasis> @@ -1868,27 +1878,24 @@ alias|alias|alias|alias... <para>Example:</para> -<para><programlisting> + <para><programlisting> [global] default service = pub [pub] path = /%S -</programlisting></para> + </programlisting></para> </listitem> </varlistentry> - <varlistentry><term><anchor id="DELETEGROUPSCRIPT"/>delete group script (G)</term> + <varlistentry><term><anchor id="DELETEGROUPSCRIPT">delete group script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. - It will expand any <parameter>%g</parameter> to the group name passed. - This script is only useful for installations using the Windows NT domain administration tools. + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8)</ulink> when a group is requested to be deleted. It will expand any <parameter>%g</parameter> to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. </para></listitem> </varlistentry> <varlistentry> - <term><anchor id="DELETEPRINTERCOMMAND"/>deleteprinter command (G)</term> + <term><anchor id="DELETEPRINTERCOMMAND">deleteprinter command (G)</term> <listitem><para>With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer at run time by issuing the @@ -1914,7 +1921,7 @@ alias|alias|alias|alias... <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter> addprinter command</parameter></link>, <link - linkend="PRINTING"><parameter>printing</parameter></link>, + linkend="printing"><parameter>printing</parameter></link>, <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para> @@ -1930,7 +1937,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DELETEREADONLY"/>delete readonly (S)</term> + <term><anchor id="DELETEREADONLY">delete readonly (S)</term> <listitem><para>This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.</para> @@ -1944,7 +1951,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DELETESHARECOMMAND"/>delete share command (G)</term> + <term><anchor id="DELETESHARECOMMAND">delete share command (G)</term> <listitem><para>Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The <parameter>delete share command</parameter> is used to define an @@ -1992,11 +1999,10 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DELETEUSERSCRIPT"/>delete user script (G)</term> + <term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term> <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when managing users - with remote RPC (NT) tools. + be run by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + when managing user's with remote RPC (NT) tools. </para> <para>This script is called when a remote client removes a user @@ -2014,13 +2020,13 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="DELETEUSERFROMGROUPSCRIPT"/>delete user from group script (G)</term> + <term><anchor id="DELETEUSERFROMGROUPSCRIPT">delete user from group script (G)</term> <listitem><para>Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter>%g</parameter> will be replaced with the group name and - any <parameter>%u</parameter> will be replaced with the user name. + tools. It will be run by <ulink url="smbd.8.html">smbd(8)</ulink> + <emphasis>AS ROOT</emphasis>. Any <parameter>%g</parameter> will be + replaced with the group name and any <parameter>%u</parameter> will + be replaced with the user name. </para> <para>Default: <command>delete user from group script = </command></para> @@ -2031,7 +2037,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="DELETEVETOFILES"/>delete veto files (S)</term> + <term><anchor id="DELETEVETOFILES">delete veto files (S)</term> <listitem><para>This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the <link linkend="VETOFILES"><parameter>veto files</parameter></link> @@ -2060,7 +2066,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DENYHOSTS"/>deny hosts (S)</term> + <term><anchor id="DENYHOSTS">deny hosts (S)</term> <listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter>hosts deny</parameter></link>.</para></listitem> </varlistentry> @@ -2069,7 +2075,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DFREECOMMAND"/>dfree command (G)</term> + <term><anchor id="DFREECOMMAND">dfree command (G)</term> <listitem><para>The <parameter>dfree command</parameter> setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, @@ -2102,17 +2108,17 @@ alias|alias|alias|alias... <para>Where the script dfree (which must be made executable) could be:</para> -<para><programlisting> -#!/bin/sh -df $1 | tail -1 | awk '{print $2" "$4}' -</programlisting></para> + <para><programlisting> + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' + </programlisting></para> <para>or perhaps (on Sys V based systems):</para> -<para><programlisting> -#!/bin/sh -/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -</programlisting></para> + <para><programlisting> + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + </programlisting></para> <para>Note that you may have to replace the command names with full path names on some systems.</para> @@ -2123,7 +2129,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORY"/>directory (S)</term> + <term><anchor id="DIRECTORY">directory (S)</term> <listitem><para>Synonym for <link linkend="PATH"><parameter>path </parameter></link>.</para></listitem> </varlistentry> @@ -2131,7 +2137,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORYMASK"/>directory mask (S)</term> + <term><anchor id="DIRECTORYMASK">directory mask (S)</term> <listitem><para>This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.</para> @@ -2179,7 +2185,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORYMODE"/>directory mode (S)</term> + <term><anchor id="DIRECTORYMODE">directory mode (S)</term> <listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter> directory mask</parameter></link></para></listitem> </varlistentry> @@ -2187,7 +2193,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORYSECURITYMASK"/>directory security mask (S)</term> + <term><anchor id="DIRECTORYSECURITYMASK">directory security mask (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog @@ -2222,7 +2228,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DISABLENETBIOS"/>disable netbios (G)</term> + <term><anchor id="DISABLENETBIOS">disable netbios (G)</term> <listitem><para>Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP. </para> @@ -2237,7 +2243,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="DISABLESPOOLSS"/>disable spoolss (G)</term> + <term><anchor id="DISABLESPOOLSS">disable spoolss (G)</term> <listitem><para>Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using @@ -2258,7 +2264,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="DISPLAYCHARSET"/>display charset (G)</term> + <term><anchor id="DISPLAYCHARSET">display charset (G)</term> <listitem><para>Specifies the charset that samba will use to print messages to stdout and stderr and SWAT will use. Should generally be the same as the <command>unix charset</command>. @@ -2273,12 +2279,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DNSPROXY"/>dns proxy (G)</term> - <listitem><para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and - finding that a NetBIOS name has not been registered, should treat the - NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server - for that name on behalf of the name-querying client.</para> + <term><anchor id="DNSPROXY">dns proxy (G)</term> + <listitem><para>Specifies that <ulink url="nmbd.8.html">nmbd(8)</ulink> + when acting as a WINS server and finding that a NetBIOS name has not + been registered, should treat the NetBIOS name word-for-word as a DNS + name and do a lookup with the DNS server for that name on behalf of + the name-querying client.</para> <para>Note that the maximum length for a NetBIOS name is 15 characters, so the DNS name (or DNS alias) can likewise only be @@ -2296,7 +2302,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOMAINLOGONS"/>domain logons (G)</term> + <term><anchor id="DOMAINLOGONS">domain logons (G)</term> <listitem><para>If set to <constant>yes</constant>, the Samba server will serve Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> <parameter>workgroup</parameter></link> it is in. Samba 2.2 @@ -2311,20 +2317,20 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOMAINMASTER"/>domain master (G)</term> - <listitem><para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list + <term><anchor id="DOMAINMASTER">domain master (G)</term> + <listitem><para>Tell <ulink url="nmbd.8.html"><command> + nmbd(8)</command></ulink> to enable WAN-wide browse list collation. Setting this option causes <command>nmbd</command> to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given <link linkend="WORKGROUP"> <parameter>workgroup</parameter></link>. Local master browsers in the same <parameter>workgroup</parameter> on broadcast-isolated subnets will give this <command>nmbd</command> their local browse lists, - and then ask <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse - list for the whole wide area network. Browser clients will then contact - their local master browser, and will receive the domain-wide browse list, - instead of just the list for their broadcast-isolated subnet.</para> + and then ask <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + for a complete copy of the browse list for the whole wide area + network. Browser clients will then contact their local master browser, + and will receive the domain-wide browse list, instead of just the list + for their broadcast-isolated subnet.</para> <para>Note that Windows NT Primary Domain Controllers expect to be able to claim this <parameter>workgroup</parameter> specific special @@ -2349,7 +2355,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DONTDESCEND"/>dont descend (S)</term> + <term><anchor id="DONTDESCEND">dont descend (S)</term> <listitem><para>There are certain directories on some systems (e.g., the <filename>/proc</filename> tree under Linux) that are either not of interest to clients or are infinitely deep (recursive). This @@ -2368,22 +2374,22 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="DOSCHARSET"/>dos charset (G)</term> + <term><anchor id="DOSCHARSET">dos charset (G)</term> <listitem><para>DOS SMB clients assume the server has the same charset as they do. This option specifies which charset Samba should talk to DOS clients. </para> - <para>The default depends on which charsets you have installed. + <para>The default depends on which charsets you have instaled. Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> to check the default on your system. + case it is not available. Run <ulink url="testparm.1.html">testparm(1) + </ulink> to check the default on your system. </para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="DOSFILEMODE"/>dos filemode (S)</term> + <term><anchor id="DOSFILEMODE">dos filemode (S)</term> <listitem><para> The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior @@ -2402,13 +2408,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOSFILETIMERESOLUTION"/>dos filetime resolution (S)</term> + <term><anchor id="DOSFILETIMERESOLUTION">dos filetime resolution (S)</term> <listitem><para>Under the DOS and Windows FAT filesystem, the finest granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second - resolution is made to <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + resolution is made to <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> <para>This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. If oplocks are enabled on a @@ -2428,15 +2434,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOSFILETIMES"/>dos filetimes (S)</term> + <term><anchor id="DOSFILETIMES">dos filetimes (S)</term> <listitem><para>Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user <command>smbd</command> is acting on behalf of is not the file owner. Setting this option to <constant> - yes</constant> allows DOS semantics and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will change the file + yes</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file timestamp as DOS requires.</para> <para>Default: <command>dos filetimes = no</command></para></listitem> @@ -2445,7 +2450,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ENCRYPTPASSWORDS"/>encrypt passwords (G)</term> + <term><anchor id="ENCRYPTPASSWORDS">encrypt passwords (G)</term> <listitem><para>This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords @@ -2454,11 +2459,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' directory <filename>docs/</filename> shipped with the source code.</para> <para>In order for encrypted passwords to work correctly - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must either - have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program for information on how to set up + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> must either + have access to a local <ulink url="smbpasswd.5.html"><filename>smbpasswd(5) + </filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command> + smbpasswd(8)</command></ulink> program for information on how to set up and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which causes <command>smbd</command> to authenticate against another @@ -2469,7 +2473,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ENHANCEDBROWSING"/>enhanced browsing (G)</term> + <term><anchor id="ENHANCEDBROWSING">enhanced browsing (G)</term> <listitem><para>This option enables a couple of enhancements to cross-subnet browse propagation that have been added in Samba but which are not standard in Microsoft implementations. @@ -2495,7 +2499,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ENUMPORTSCOMMAND"/>enumports command (G)</term> + <term><anchor id="ENUMPORTSCOMMAND">enumports command (G)</term> <listitem><para>The concept of a "port" is fairly foreign to UNIX hosts. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of @@ -2518,7 +2522,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="EXEC"/>exec (S)</term> + <term><anchor id="EXEC">exec (S)</term> <listitem><para>This is a synonym for <link linkend="PREEXEC"> <parameter>preexec</parameter></link>.</para></listitem> </varlistentry> @@ -2526,7 +2530,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FAKEDIRECTORYCREATETIMES"/>fake directory create times (S)</term> + <term><anchor id="FAKEDIRECTORYCREATETIMES">fake directory create times (S)</term> <listitem><para>NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - status change time - that Unix keeps, so Samba by default @@ -2560,7 +2564,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FAKEOPLOCKS"/>fake oplocks (S)</term> + <term><anchor id="FAKEOPLOCKS">fake oplocks (S)</term> <listitem><para>Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume @@ -2592,11 +2596,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FOLLOWSYMLINKS"/>follow symlinks (S)</term> + <term><anchor id="FOLLOWSYMLINKS">follow symlinks (S)</term> <listitem><para>This parameter allows the Samba administrator - to stop <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> from following symbolic - links in a particular share. Setting this + to stop <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + from following symbolic links in a particular share. Setting this parameter to <constant>no</constant> prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a @@ -2613,7 +2616,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCECREATEMODE"/>force create mode (S)</term> + <term><anchor id="FORCECREATEMODE">force create mode (S)</term> <listitem><para>This parameter specifies a set of UNIX mode bit permissions that will <emphasis>always</emphasis> be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto @@ -2641,7 +2644,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEDIRECTORYMODE"/>force directory mode (S)</term> + <term><anchor id="FORCEDIRECTORYMODE">force directory mode (S)</term> <listitem><para>This parameter specifies a set of UNIX mode bit permissions that will <emphasis>always</emphasis> be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the @@ -2670,7 +2673,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEDIRECTORYSECURITYMODE"/>force directory security mode (S)</term> + <term><anchor id="FORCEDIRECTORYSECURITYMODE">force directory security mode (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.</para> @@ -2706,7 +2709,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEGROUP"/>force group (S)</term> + <term><anchor id="FORCEGROUP">force group (S)</term> <listitem><para>This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring @@ -2742,7 +2745,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term> + <term><anchor id="FORCESECURITYMODE">force security mode (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog @@ -2780,7 +2783,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEUSER"/>force user (S)</term> + <term><anchor id="FORCEUSER">force user (S)</term> <listitem><para>This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully @@ -2808,11 +2811,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FSTYPE"/>fstype (S)</term> + <term><anchor id="FSTYPE">fstype (S)</term> <listitem><para>This parameter allows the administrator to configure the string that specifies the type of filesystem a share - is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a client queries the filesystem type + is using that is reported by <ulink url="smbd.8.html"><command>smbd(8) + </command></ulink> when a client queries the filesystem type for a share. The default type is <constant>NTFS</constant> for compatibility with Windows NT but this can be changed to other strings such as <constant>Samba</constant> or <constant>FAT @@ -2825,7 +2828,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GETWDCACHE"/>getwd cache (G)</term> + <term><anchor id="GETWDCACHE">getwd cache (G)</term> <listitem><para>This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially @@ -2839,7 +2842,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GROUP"/>group (S)</term> + <term><anchor id="GROUP">group (S)</term> <listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter>force group</parameter></link>.</para></listitem> </varlistentry> @@ -2847,7 +2850,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GUESTACCOUNT"/>guest account (S)</term> + <term><anchor id="GUESTACCOUNT">guest account (S)</term> <listitem><para>This is a username which will be used for access to services which are specified as <link linkend="GUESTOK"><parameter> guest ok</parameter></link> (see below). Whatever privileges this @@ -2877,16 +2880,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GUESTOK"/>guest ok (S)</term> + <term><anchor id="GUESTOK">guest ok (S)</term> <listitem><para>If this parameter is <constant>yes</constant> for a service, then no password is required to connect to the service. Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter> guest account</parameter></link>.</para> - <para>This paramater nullifies the benifits of setting - <link linkend="RESTRICTANONYMOUS"><parameter>restrict - anonymous</parameter></link> = 2</para> - <para>See the section below on <link linkend="SECURITY"><parameter> security</parameter></link> for more information about this option. </para> @@ -2897,7 +2896,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GUESTONLY"/>guest only (S)</term> + <term><anchor id="GUESTONLY">guest only (S)</term> <listitem><para>If this parameter is <constant>yes</constant> for a service, then only guest connections to the service are permitted. This parameter will have no effect if <link linkend="GUESTOK"> @@ -2913,7 +2912,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDEDOTFILES"/>hide dot files (S)</term> + <term><anchor id="HIDEDOTFILES">hide dot files (S)</term> <listitem><para>This is a boolean parameter that controls whether files starting with a dot appear as hidden files.</para> @@ -2923,7 +2922,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDEFILES"/>hide files(S)</term> + <term><anchor id="HIDEFILES">hide files(S)</term> <listitem><para>This is a list of files or directories that are not visible but are accessible. The DOS 'hidden' attribute is applied to any files or directories that match.</para> @@ -2961,7 +2960,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDELOCALUSERS"/>hide local users(G)</term> + <term><anchor id="HIDELOCALUSERS">hide local users(G)</term> <listitem><para>This parameter toggles the hiding of local UNIX users (root, wheel, floppy, etc) from remote clients.</para> @@ -2971,7 +2970,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDEUNREADABLE"/>hide unreadable (G)</term> + <term><anchor id="HIDEUNREADABLE">hide unreadable (G)</term> <listitem><para>This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off.</para> @@ -2980,7 +2979,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HIDEUNWRITEABLEFILES"/>hide unwriteable files (G)</term> + <term><anchor id="HIDEUNWRITEABLEFILES">hide unwriteable files (G)</term> <listitem><para>This parameter prevents clients from seeing the existance of files that cannot be written to. Defaults to off. Note that unwriteable directories are shown as usual. @@ -2991,7 +2990,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HIDESPECIALFILES"/>hide special files (G)</term> + <term><anchor id="HIDESPECIALFILES">hide special files (G)</term> <listitem><para>This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings. @@ -3002,10 +3001,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HOMEDIRMAP"/>homedir map (G)</term> + <term><anchor id="HOMEDIRMAP">homedir map (G)</term> <listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir - </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> is also acting + </parameter></link> is <constant>yes</constant>, and <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink> is also acting as a Win95/98 <parameter>logon server</parameter> then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun @@ -3035,7 +3034,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTMSDFS"/>host msdfs (G)</term> + <term><anchor id="HOSTMSDFS">host msdfs (G)</term> <listitem><para>This boolean parameter is only available if Samba has been configured and compiled with the <command> --with-msdfs</command> option. If set to <constant>yes</constant>, @@ -3053,7 +3052,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HOSTNAMELOOKUPS"/>hostname lookups (G)</term> + <term><anchor id="HOSTNAMELOOKUPS">hostname lookups (G)</term> <listitem><para>Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead. An example place where hostname lookups are currently used is when checking @@ -3069,7 +3068,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTSALLOW"/>hosts allow (S)</term> + <term><anchor id="HOSTSALLOW">hosts allow (S)</term> <listitem><para>A synonym for this parameter is <parameter>allow hosts</parameter>.</para> @@ -3118,9 +3117,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>Note that access still requires suitable user-level passwords.</para> - <para>See <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> for a way of testing your host access - to see if it does what you expect.</para> + <para>See <ulink url="testparm.1.html"><command>testparm(1)</command> + </ulink> for a way of testing your host access to see if it does + what you expect.</para> <para>Default: <emphasis>none (i.e., all hosts permitted access) </emphasis></para> @@ -3133,7 +3132,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTSDENY"/>hosts deny (S)</term> + <term><anchor id="HOSTSDENY">hosts deny (S)</term> <listitem><para>The opposite of <parameter>hosts allow</parameter> - hosts listed here are <emphasis>NOT</emphasis> permitted access to services unless the specific services have their own lists to override @@ -3150,7 +3149,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term> + <term><anchor id="HOSTSEQUIV">hosts equiv (G)</term> <listitem><para>If this global parameter is a non-null string, it specifies the name of a file to read for the names of hosts and users who will be allowed access without specifying a password. @@ -3179,7 +3178,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INCLUDE"/>include (G)</term> + <term><anchor id="INCLUDE">include (G)</term> <listitem><para>This allows you to include one config file inside another. The file is included literally, as though typed in place.</para> @@ -3196,7 +3195,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INHERITACLS"/>inherit acls (S)</term> + <term><anchor id="INHERITACLS">inherit acls (S)</term> <listitem><para>This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a subdirectory. @@ -3214,7 +3213,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INHERITPERMISSIONS"/>inherit permissions (S)</term> + <term><anchor id="INHERITPERMISSIONS">inherit permissions (S)</term> <listitem><para>The permissions on new files and directories are normally governed by <link linkend="CREATEMASK"><parameter> create mask</parameter></link>, <link linkend="DIRECTORYMASK"> @@ -3255,7 +3254,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INTERFACES"/>interfaces (G)</term> + <term><anchor id="INTERFACES">interfaces (G)</term> <listitem><para>This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NBT traffic. By default Samba will query @@ -3307,7 +3306,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INVALIDUSERS"/>invalid users (S)</term> + <term><anchor id="INVALIDUSERS">invalid users (S)</term> <listitem><para>This is a list of users that should not be allowed to login to this service. This is really a <emphasis>paranoid</emphasis> check to absolutely ensure an improper setting does not breach @@ -3319,12 +3318,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with - '&' is interpreted only by looking in the NIS netgroup database + '&' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters - '+' and '&' may be used at the start of the name in either order + '+' and '&' may be used at the start of the name in either order so the value <parameter>+&group</parameter> means check the UNIX group database, followed by the NIS netgroup database, and - the value <parameter>&+group</parameter> means check the NIS + the value <parameter>&+group</parameter> means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix).</para> @@ -3343,7 +3342,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="KEEPALIVE"/>keepalive (G)</term> + <term><anchor id="KEEPALIVE">keepalive (G)</term> <listitem><para>The value of the parameter (an integer) represents the number of seconds between <parameter>keepalive</parameter> packets. If this parameter is zero, no keepalive packets will be @@ -3363,7 +3362,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="KERNELOPLOCKS"/>kernel oplocks (G)</term> + <term><anchor id="KERNELOPLOCKS">kernel oplocks (G)</term> <listitem><para>For UNIXes that support kernel based <link linkend="OPLOCKS"><parameter>oplocks</parameter></link> (currently only IRIX and the Linux 2.4 kernel), this parameter @@ -3371,10 +3370,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>Kernel oplocks support allows Samba <parameter>oplocks </parameter> to be broken whenever a local UNIX process or NFS operation - accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete - data consistency between SMB/CIFS, NFS and local file access (and is - a <emphasis>very</emphasis> cool feature :-).</para> + accesses a file that <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink> has oplocked. This allows complete data consistency between + SMB/CIFS, NFS and local file access (and is a <emphasis>very</emphasis> + cool feature :-).</para> <para>This parameter defaults to <constant>on</constant>, but is translated to a no-op on systems that no not have the necessary kernel support. @@ -3392,12 +3391,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LANMANAUTH"/>lanman auth (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users - using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> + <term><anchor id="LANMANAUTH">lanman auth (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will + attempt to authenticate users using the LANMAN password hash. + If disabled, only clients which support NT password hashes (e.g. Windows + NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS + network client) will be able to connect to the Samba host.</para> <para>Default : <command>lanman auth = yes</command></para> </listitem> @@ -3408,10 +3407,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LARGEREADWRITE"/>large readwrite (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> supports the new 64k streaming - read and write varient SMB requests introduced + <term><anchor id="LARGEREADWRITE">large readwrite (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> + supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with @@ -3426,17 +3424,15 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term> + <term><anchor id="LDAPADMINDN">ldap admin dn (G)</term> <listitem><para> The <parameter>ldap admin dn</parameter> defines the Distinguished Name (DN) name used by Samba to contact the ldap server when retreiving user account information. The <parameter>ldap admin dn</parameter> is used in conjunction with the admin dn password stored in the <filename>private/secrets.tdb</filename> file. See the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> man page for more information on how - to accmplish this.</para> - </listitem> - </varlistentry> + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man + page for more information on how to accmplish this. + </para> <varlistentry> <term><anchor id="LDAPDELETEDN"/>ldap del only sam attr (G)</term> @@ -3454,14 +3450,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <term><anchor id="LDAPDELONLYSAMATTR"/>ldap del only sam attr (G)</term> <listitem><para> Inverted synonym for <link linked="LDAPDELETEDN"><parameter> ldap delete dn</parameter></link>.</para> + </para> </listitem> </varlistentry> - <varlistentry> - <term><anchor id="LDAPFILTER"/>ldap filter (G)</term> + <term><anchor id="LDAPFILTER">ldap filter (G)</term> <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter. The default is to match the login name with the <constant>uid</constant> attribute for all entries matching the <constant>sambaAccount</constant> @@ -3475,7 +3471,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPPORT"/>ldap port (G)</term> + <term><anchor id="LDAPPORT">ldap port (G)</term> <listitem><para>This parameter is only available if Samba has been configure to include the <command>--with-ldapsam</command> option at compile time. @@ -3497,7 +3493,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPSERVER"/>ldap server (G)</term> + <term><anchor id="LDAPSERVER">ldap server (G)</term> <listitem><para>This parameter is only available if Samba has been configure to include the <command>--with-ldapsam</command> option at compile time. @@ -3514,7 +3510,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPSSL"/>ldap ssl (G)</term> + <term><anchor id="LDAPSSL">ldap ssl (G)</term> <listitem><para>This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is <emphasis>NOT</emphasis> related to @@ -3548,7 +3544,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term> + <term><anchor id="LDAPSUFFIX">ldap suffix (G)</term> <listitem> <para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command>ldap user suffix</command> and <command>ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para> @@ -3559,7 +3555,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term> + <term><anchor id="LDAPUSERSUFFIX">ldap user suffix (G)</term> <listitem><para>It specifies where users are added to the tree. </para> @@ -3572,7 +3568,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term> + <term><anchor id="LDAPMACHINESUFFIX">ldap machine suffix (G)</term> <listitem><para>It specifies where machines should be added to the ldap tree. </para> @@ -3584,7 +3580,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term> + <term><anchor id="LDAPPASSWDSYNC">ldap passwd sync (G)</term> <listitem><para>This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for @@ -3608,7 +3604,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term> + <term><anchor id="LDAPTRUSTIDS">ldap trust ids (G)</term> <listitem><para>Normally, Samba validates each entry in the LDAP server against getpwnam(). This allows LDAP to be used for Samba with the unix system using @@ -3627,7 +3623,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="LEVEL2OPLOCKS"/>level2 oplocks (S)</term> + <term><anchor id="LEVEL2OPLOCKS">level2 oplocks (S)</term> <listitem><para>This parameter controls whether Samba supports level2 (read-only) oplocks on a share.</para> @@ -3671,9 +3667,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LMANNOUNCE"/>lm announce (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce + <term><anchor id="LMANNOUNCE">lm announce (G)</term> + <listitem><para>This parameter determines if <ulink url="nmbd.8.html"> + <command>nmbd(8)</command></ulink> will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, <constant>yes</constant>, <constant>no</constant>, or @@ -3698,7 +3694,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LMINTERVAL"/>lm interval (G)</term> + <term><anchor id="LMINTERVAL">lm interval (G)</term> <listitem><para>If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> <parameter>lm announce</parameter></link> parameter) then this @@ -3718,7 +3714,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOADPRINTERS"/>load printers (G)</term> + <term><anchor id="LOADPRINTERS">load printers (G)</term> <listitem><para>A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. See the <link linkend="PRINTERSSECT">printers</link> section for @@ -3731,9 +3727,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCALMASTER"/>local master (G)</term> - <listitem><para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser + <term><anchor id="LOCALMASTER">local master (G)</term> + <listitem><para>This option allows <ulink url="nmbd.8.html"><command> + nmbd(8)</command></ulink> to try and become a local master browser on a subnet. If set to <constant>no</constant> then <command> nmbd</command> will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By @@ -3752,7 +3748,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKDIR"/>lock dir (G)</term> + <term><anchor id="LOCKDIR">lock dir (G)</term> <listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter> lock directory</parameter></link>.</para></listitem> </varlistentry> @@ -3760,7 +3756,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKDIRECTORY"/>lock directory (G)</term> + <term><anchor id="LOCKDIRECTORY">lock directory (G)</term> <listitem><para>This option specifies the directory where lock files will be placed. The lock files are used to implement the <link linkend="MAXCONNECTIONS"><parameter>max connections</parameter> @@ -3774,7 +3770,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKSPINCOUNT"/>lock spin count (G)</term> + <term><anchor id="LOCKSPINCOUNT">lock spin count (G)</term> <listitem><para>This parameter controls the number of times that smbd should attempt to gain a byte range lock on the behalf of a client request. Experiments have shown that @@ -3793,7 +3789,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKSPINTIME"/>lock spin time (G)</term> + <term><anchor id="LOCKSPINTIME">lock spin time (G)</term> <listitem><para>The time in microseconds that smbd should pause before attempting to gain a failed lock. See <link linkend="LOCKSPINCOUNT"><parameter>lock spin @@ -3807,7 +3803,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKING"/>locking (S)</term> + <term><anchor id="LOCKING">locking (S)</term> <listitem><para>This controls whether or not locking will be performed by the server in response to lock requests from the client.</para> @@ -3835,7 +3831,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGFILE"/>log file (G)</term> + <term><anchor id="LOGFILE">log file (G)</term> <listitem><para>This option allows you to override the name of the Samba log file (also known as the debug file).</para> @@ -3849,7 +3845,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGLEVEL"/>log level (G)</term> + <term><anchor id="LOGLEVEL">log level (G)</term> <listitem><para>The value of the parameter (a astring) allows the debug level (logging level) to be specified in the <filename>smb.conf</filename> file. This parameter has been @@ -3867,7 +3863,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONDRIVE"/>logon drive (G)</term> + <term><anchor id="LOGONDRIVE">logon drive (G)</term> <listitem><para>This parameter specifies the local path to which the home directory will be connected (see <link linkend="LOGONHOME"><parameter>logon home</parameter></link>) @@ -3884,7 +3880,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONHOME"/>logon home (G)</term> + <term><anchor id="LOGONHOME">logon home (G)</term> <listitem><para>This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do </para> @@ -3926,7 +3922,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONPATH"/>logon path (G)</term> + <term><anchor id="LOGONPATH">logon path (G)</term> <listitem><para>This parameter specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are stored. Contrary to previous versions of these manual pages, it has @@ -3974,7 +3970,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONSCRIPT"/>logon script (G)</term> + <term><anchor id="LOGONSCRIPT">logon script (G)</term> <listitem><para>This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS @@ -4016,7 +4012,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPPAUSECOMMAND"/>lppause command (S)</term> + <term><anchor id="LPPAUSECOMMAND">lppause command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job.</para> @@ -4060,7 +4056,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPQCACHETIME"/>lpq cache time (G)</term> + <term><anchor id="LPQCACHETIME">lpq cache time (G)</term> <listitem><para>This controls how long lpq info will be cached for to prevent the <command>lpq</command> command being called too often. A separate cache is kept for each variation of the <command> @@ -4089,7 +4085,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPQCOMMAND"/>lpq command (S)</term> + <term><anchor id="LPQCOMMAND">lpq command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to obtain <command>lpq </command>-style printer status information.</para> @@ -4133,7 +4129,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPRESUMECOMMAND"/>lpresume command (S)</term> + <term><anchor id="LPRESUMECOMMAND">lpresume command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job.</para> @@ -4173,7 +4169,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPRMCOMMAND"/>lprm command (S)</term> + <term><anchor id="LPRMCOMMAND">lprm command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to delete a print job.</para> @@ -4203,7 +4199,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MACHINEPASSWORDTIMEOUT"/>machine password timeout (G)</term> + <term><anchor id="MACHINEPASSWORDTIMEOUT">machine password timeout (G)</term> <listitem><para>If a Samba server is a member of a Windows NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) parameter) then periodically a running <ulink url="smbd.8.html"> @@ -4213,8 +4209,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server.</para> - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> + <para>See also <ulink url="smbpasswd.8.html"><command>smbpasswd(8) + </command></ulink>, and the <link linkend="SECURITYEQUALSDOMAIN"> security = domain</link>) parameter.</para> <para>Default: <command>machine password timeout = 604800</command></para> @@ -4223,7 +4219,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAGICOUTPUT"/>magic output (S)</term> + <term><anchor id="MAGICOUTPUT">magic output (S)</term> <listitem><para>This parameter specifies the name of a file which will contain output created by a magic script (see the <link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link> @@ -4243,7 +4239,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAGICSCRIPT"/>magic script (S)</term> + <term><anchor id="MAGICSCRIPT">magic script (S)</term> <listitem><para>This parameter specifies the name of a file which, if opened, will be executed by the server when the file is closed. This allows a UNIX script to be sent to the Samba host and @@ -4274,7 +4270,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLECASE"/>mangle case (S)</term> + <term><anchor id="MANGLECASE">mangle case (S)</term> <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> NAME MANGLING</link></para> @@ -4284,7 +4280,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLEDMAP"/>mangled map (S)</term> + <term><anchor id="MANGLEDMAP">mangled map (S)</term> <listitem><para>This is for those who want to directly map UNIX file names which cannot be represented on Windows/DOS. The mangling of names is not always what is needed. In particular you may have @@ -4309,7 +4305,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLEDNAMES"/>mangled names (S)</term> + <term><anchor id="MANGLEDNAMES">mangled names (S)</term> <listitem><para>This controls whether non-DOS names under UNIX should be mapped to DOS-compatible names ("mangled") and made visible, or whether non-DOS names should simply be ignored.</para> @@ -4368,7 +4364,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="MANGLINGMETHOD"/>mangling method (G)</term> + <term><anchor id="MANGLINGMETHOD">mangling method (G)</term> <listitem><para> controls the algorithm used for the generating the mangled names. Can take two different values, "hash" and "hash2". "hash" is the default and is the algorithm that has been @@ -4383,7 +4379,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="MANGLEPREFIX"/>mangle prefix (G)</term> + <term><anchor id="MANGLEPREFIX">mangle prefix (G)</term> <listitem><para> controls the number of prefix characters from the original name used when generating the mangled names. A larger value will give a weaker @@ -4395,10 +4391,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="MANGLEDSTACK"/>mangled stack (G)</term> + <term><anchor id="MANGLEDSTACK">mangled stack (G)</term> <listitem><para>This parameter controls the number of mangled names - that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + that should be cached in the Samba server <ulink url="smbd.8.html"> + smbd(8)</ulink>.</para> <para>This stack is a list of recently mangled base names (extensions are only maintained if they are longer than 3 characters @@ -4422,7 +4418,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLINGCHAR"/>mangling char (S)</term> + <term><anchor id="MANGLINGCHAR">mangling char (S)</term> <listitem><para>This controls what character is used as the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~' @@ -4439,7 +4435,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPARCHIVE"/>map archive (S)</term> + <term><anchor id="MAPARCHIVE">map archive (S)</term> <listitem><para>This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One @@ -4459,7 +4455,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPHIDDEN"/>map hidden (S)</term> + <term><anchor id="MAPHIDDEN">map hidden (S)</term> <listitem><para>This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.</para> @@ -4474,7 +4470,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPSYSTEM"/>map system (S)</term> + <term><anchor id="MAPSYSTEM">map system (S)</term> <listitem><para>This controls whether DOS style system files should be mapped to the UNIX group execute bit.</para> @@ -4489,15 +4485,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPTOGUEST"/>map to guest (G)</term> + <term><anchor id="MAPTOGUEST">map to guest (G)</term> <listitem><para>This parameter is only useful in <link linkend="SECURITY"> security</link> modes other than <parameter>security = share</parameter> - i.e. <constant>user</constant>, <constant>server</constant>, and <constant>domain</constant>.</para> <para>This parameter can take three different values, which tell - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> what to do with user + <ulink url="smbd.8.html">smbd(8)</ulink> what to do with user login requests that don't match a valid UNIX user in some way.</para> <para>The three settings are :</para> @@ -4545,7 +4540,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXCONNECTIONS"/>max connections (S)</term> + <term><anchor id="MAXCONNECTIONS">max connections (S)</term> <listitem><para>This option allows the number of simultaneous connections to a service to be limited. If <parameter>max connections </parameter> is greater than 0 then connections will be refused if @@ -4565,7 +4560,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXDISKSIZE"/>max disk size (G)</term> + <term><anchor id="MAXDISKSIZE">max disk size (G)</term> <listitem><para>This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in @@ -4592,7 +4587,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXLOGSIZE"/>max log size (G)</term> + <term><anchor id="MAXLOGSIZE">max log size (G)</term> <listitem><para>This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding @@ -4608,7 +4603,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXMUX"/>max mux (G)</term> + <term><anchor id="MAXMUX">max mux (G)</term> <listitem><para>This option controls the maximum number of outstanding simultaneous SMB operations that Samba tells the client it will allow. You should never need to set this parameter.</para> @@ -4620,10 +4615,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXOPENFILES"/>max open files (G)</term> + <term><anchor id="MAXOPENFILES">max open files (G)</term> <listitem><para>This parameter limits the maximum number of - open files that one <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> file + open files that one <ulink url="smbd.8.html">smbd(8)</ulink> file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses only one bit per unopened file.</para> @@ -4639,11 +4633,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXPRINTJOBS"/>max print jobs (S)</term> + <term><anchor id="MAXPRINTJOBS">max print jobs (S)</term> <listitem><para>This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will remote "Out of Space" to the client. + If this number is exceeded, <ulink url="smbd.8.html"><command> + smbd(8)</command></ulink> will remote "Out of Space" to the client. See all <link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link>. </para> @@ -4655,7 +4649,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXPROTOCOL"/>max protocol (G)</term> + <term><anchor id="MAXPROTOCOL">max protocol (G)</term> <listitem><para>The value of the parameter (a string) is the highest protocol level that will be supported by the server.</para> @@ -4693,15 +4687,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXSMBDPROCESSES"/>max smbd processes (G)</term> + <term><anchor id="MAXSMBDPROCESSES">max smbd processes (G)</term> <listitem><para>This parameter limits the maximum number of <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating - conditions, each user will have an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> associated with him or her + conditions, each user will have an <ulink url="smbd.8.html">smbd</ulink> associated with him or her to handle connections to all shares from a given host. </para> @@ -4714,9 +4707,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXTTL"/>max ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <term><anchor id="MAXTTL">max ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink> what the default 'time to live' of NetBIOS names should be (in seconds) when <command>nmbd</command> is requesting a name using either a broadcast packet or from a WINS server. You should never need to @@ -4729,9 +4721,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXWINSTTL"/>max wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT"> + <term><anchor id="MAXWINSTTL">max wins ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8) + </ulink> when acting as a WINS server (<link linkend="WINSSUPPORT"> <parameter>wins support = yes</parameter></link>) what the maximum 'time to live' of NetBIOS names that <command>nmbd</command> will grant will be (in seconds). You should never need to change this @@ -4747,7 +4739,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXXMIT"/>max xmit (G)</term> + <term><anchor id="MAXXMIT">max xmit (G)</term> <listitem><para>This option controls the maximum packet size that will be negotiated by Samba. The default is 65535, which is the maximum. In some cases you may find you get better performance @@ -4762,7 +4754,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MESSAGECOMMAND"/>message command (G)</term> + <term><anchor id="MESSAGECOMMAND">message command (G)</term> <listitem><para>This specifies what command to run when the server receives a WinPopup style message.</para> @@ -4772,13 +4764,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>An example is:</para> - <para><command>message command = csh -c 'xedit %s;rm %s' &</command> + <para><command>message command = csh -c 'xedit %s;rm %s' &</command> </para> <para>This delivers the message using <command>xedit</command>, then removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I - have the '&' on the end. If it doesn't return immediately then + have the '&' on the end. If it doesn't return immediately then your PCs may freeze when sending messages (they should recover after 30 seconds, hopefully).</para> @@ -4823,7 +4815,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>Default: <emphasis>no message command</emphasis></para> <para>Example: <command>message command = csh -c 'xedit %s; - rm %s' &</command></para> + rm %s' &</command></para> </listitem> </varlistentry> @@ -4831,7 +4823,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPASSWDLENGTH"/>min passwd length (G)</term> + <term><anchor id="MINPASSWDLENGTH">min passwd length (G)</term> <listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH"> <parameter>min password length</parameter></link>.</para> </listitem> @@ -4840,7 +4832,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPASSWORDLENGTH"/>min password length (G)</term> + <term><anchor id="MINPASSWORDLENGTH">min password length (G)</term> <listitem><para>This option sets the minimum length in characters of a plaintext password that <command>smbd</command> will accept when performing UNIX password changing.</para> @@ -4858,7 +4850,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPRINTSPACE"/>min print space (S)</term> + <term><anchor id="MINPRINTSPACE">min print space (S)</term> <listitem><para>This sets the minimum amount of free disk space that must be available before a user will be able to spool a print job. It is specified in kilobytes. The default is 0, which @@ -4876,7 +4868,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPROTOCOL"/>min protocol (G)</term> + <term><anchor id="MINPROTOCOL">min protocol (G)</term> <listitem><para>The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the <link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link> @@ -4900,9 +4892,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINWINSTTL"/>min wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <term><anchor id="MINWINSTTL">min wins ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink> when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter> wins support = yes</parameter></link>) what the minimum 'time to live' of NetBIOS names that <command>nmbd</command> will grant will be (in @@ -4915,7 +4906,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MSDFSPROXY"/>msdfs proxy (S)</term> + <term><anchor id="MSDFSPROXY">msdfs proxy (S)</term> <listitem><para>This parameter indicates that the share is a stand-in for another CIFS share whose location is specified by the value of the parameter. When clients attempt to connect to @@ -4926,7 +4917,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' and <link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link> options to find out how to set up a Dfs root share.</para> - <para>Example: <command>msdfs proxy = \\\\otherserver\\someshare</command></para> + <para>Example: <command>msdfs proxy = \otherserver\someshare</command></para> </listitem> </varlistentry> @@ -4934,17 +4925,17 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MSDFSROOT"/>msdfs root (S)</term> + <term><anchor id="MSDFSROOT">msdfs root (S)</term> <listitem><para>This boolean parameter is only available if Samba is configured and compiled with the <command> --with-msdfs</command> option. If set to <constant>yes</constant>, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic - links of the form <filename>msdfs:serverA\\shareA,serverB\\shareB</filename> + links of the form <filename>msdfs:serverA\shareA,serverB\shareB</filename> and so on. For more information on setting up a Dfs tree - on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft - Distributed File System tree on Samba"</ulink> document.</para> + on Samba, refer to <ulink url="msdfs_setup.html">msdfs_setup.html + </ulink>.</para> <para>See also <link linkend="HOSTMSDFS"><parameter>host msdfs </parameter></link></para> @@ -4954,7 +4945,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="NAMECACHETIMEOUT"/>name cache timeout (G)</term> + <term><anchor id="NAMECACHETIMEOUT">name cache timeout (G)</term> <listitem><para>Specifies the number of seconds it takes before entries in samba's hostname resolve cache time out. If the timeout is set to 0. the caching is disabled. @@ -4967,7 +4958,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="NAMERESOLVEORDER"/>name resolve order (G)</term> + <term><anchor id="NAMERESOLVEORDER">name resolve order (G)</term> <listitem><para>This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses. The option takes a space @@ -5020,7 +5011,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NETBIOSALIASES"/>netbios aliases (G)</term> + <term><anchor id="NETBIOSALIASES">netbios aliases (G)</term> <listitem><para>This is a list of NetBIOS names that <ulink url="nmbd.8.html">nmbd(8)</ulink> will advertise as additional names by which the Samba server is known. This allows one machine @@ -5041,7 +5032,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NETBIOSNAME"/>netbios name (G)</term> + <term><anchor id="NETBIOSNAME">netbios name (G)</term> <listitem><para>This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name. If a machine is a browse server or @@ -5060,7 +5051,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NETBIOSSCOPE"/>netbios scope (G)</term> + <term><anchor id="NETBIOSSCOPE">netbios scope (G)</term> <listitem><para>This sets the NetBIOS scope that Samba will operate under. This should not be set unless every machine on your LAN also sets this value.</para> @@ -5069,7 +5060,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NISHOMEDIR"/>nis homedir (G)</term> + <term><anchor id="NISHOMEDIR">nis homedir (G)</term> <listitem><para>Get the home share server from a NIS map. For UNIX systems that use an automounter, the user's home directory will often be mounted on a workstation on demand from a remote @@ -5102,7 +5093,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NONUNIXACCOUNTRANGE"/>non unix account range (G)</term> + <term><anchor id="NONUNIXACCOUNTRANGE">non unix account range (G)</term> <listitem><para>The non unix account range parameter specifies the range of 'user ids' that are allocated by the various 'non unix account' passdb backends. These backends allow @@ -5126,7 +5117,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NTACLSUPPORT"/>nt acl support (S)</term> + <term><anchor id="NTACLSUPPORT">nt acl support (S)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map UNIX permissions into Windows NT access control lists. @@ -5140,10 +5131,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NTPIPESUPPORT"/>nt pipe support (G)</term> + <term><anchor id="NTPIPESUPPORT">nt pipe support (G)</term> <listitem><para>This boolean parameter controls whether - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will allow Windows NT + <ulink url="smbd.8.html">smbd(8)</ulink> will allow Windows NT clients to connect to the NT SMB specific <constant>IPC$</constant> pipes. This is a developer debugging option and can be left alone.</para> @@ -5155,7 +5145,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NTSTATUSSUPPORT"/>nt status support (G)</term> + <term><anchor id="NTSTATUSSUPPORT">nt status support (G)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status support with Windows NT/2k/XP clients. This is a developer @@ -5172,12 +5162,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NULLPASSWORDS"/>null passwords (G)</term> + <term><anchor id="NULLPASSWORDS">null passwords (G)</term> <listitem><para>Allow or disallow client access to accounts that have null passwords. </para> - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para>See also <ulink url="smbpasswd.5.html">smbpasswd (5)</ulink>.</para> <para>Default: <command>null passwords = no</command></para> </listitem> @@ -5187,7 +5176,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OBEYPAMRESTRICTIONS"/>obey pam restrictions (G)</term> + <term><anchor id="OBEYPAMRESTRICTIONS">obey pam restrictions (G)</term> <listitem><para>When Samba 2.2 is configured to enable PAM support (i.e. --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The @@ -5208,7 +5197,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ONLYUSER"/>only user (S)</term> + <term><anchor id="ONLYUSER">only user (S)</term> <listitem><para>This is a boolean option that controls whether connections with usernames not in the <parameter>user</parameter> list will be allowed. By default this option is disabled so that a @@ -5236,7 +5225,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ONLYGUEST"/>only guest (S)</term> + <term><anchor id="ONLYGUEST">only guest (S)</term> <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter> guest only</parameter></link>.</para> </listitem> @@ -5245,7 +5234,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OPLOCKBREAKWAITTIME"/>oplock break wait time (G)</term> + <term><anchor id="OPLOCKBREAKWAITTIME">oplock break wait time (G)</term> <listitem><para>This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too quickly when that client issues an SMB that can cause an oplock @@ -5263,15 +5252,15 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OPLOCKCONTENTIONLIMIT"/>oplock contention limit (S)</term> + <term><anchor id="OPLOCKCONTENTIONLIMIT">oplock contention limit (S)</term> <listitem><para>This is a <emphasis>very</emphasis> advanced <ulink url="smbd.8.html">smbd(8)</ulink> tuning option to improve the efficiency of the granting of oplocks under multiple client contention for the same file.</para> - <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested - if the approximate number of clients contending for an oplock on the same file goes over this + <para>In brief it specifies a number, which causes <ulink url="smbd.8.html">smbd</ulink> not to + grant an oplock even when requested if the approximate number of + clients contending for an oplock on the same file goes over this limit. This causes <command>smbd</command> to behave in a similar way to Windows NT.</para> @@ -5287,7 +5276,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OPLOCKS"/>oplocks (S)</term> + <term><anchor id="OPLOCKS">oplocks (S)</term> <listitem><para>This boolean option tells <command>smbd</command> whether to issue oplocks (opportunistic locks) to file open requests on this share. The oplock code can dramatically (approx. 30% or more) improve @@ -5315,16 +5304,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="NTLMAUTH"/>ntlm auth (G)</term> - <listitem><para>This parameter determines - whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will + <term><anchor id="NTLMAUTH">ntlm auth (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will attempt to authenticate users using the NTLM password hash. If disabled, only the lanman password hashes will be used. </para> - <para>Please note that at least this option or <command>lanman auth</command> should - be enabled in order to be able to log in. + <para>Please note that at least this option or <command>lanman auth</command> should be enabled in order to be able to log in. </para> <para>Default : <command>ntlm auth = yes</command></para> @@ -5332,11 +5318,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="OSLEVEL"/>os level (G)</term> + <term><anchor id="OSLEVEL">os level (G)</term> <listitem><para>This integer value controls what level Samba advertises itself as for browse elections. The value of this - parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + parameter determines whether <ulink url="nmbd.8.html">nmbd(8)</ulink> has a chance of becoming a local master browser for the <parameter> WORKGROUP</parameter> in the local broadcast area.</para> @@ -5356,7 +5341,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OS2DRIVERMAP"/>os2 driver map (G)</term> + <term><anchor id="OS2DRIVERMAP">os2 driver map (G)</term> <listitem><para>The parameter is used to define the absolute path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:</para> @@ -5369,9 +5354,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' LaserJet 5L</command>.</para> <para>The need for the file is due to the printer driver namespace - problem described in the <ulink url="printing.html">Samba + problem described in the <ulink url="printer_driver2.html">Samba Printing HOWTO</ulink>. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> + refer to the <ulink url="OS2-Client-HOWTO.html">OS2-Client-HOWTO + </ulink> containing in the Samba documentation.</para> <para>Default: <command>os2 driver map = <empty string> </command></para> @@ -5380,7 +5366,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PAMPASSWORDCHANGE"/>pam password change (G)</term> + <term><anchor id="PAMPASSWORDCHANGE">pam password change (G)</term> <listitem><para>With the addition of better PAM support in Samba 2.2, this parameter, it is possible to use PAM's password change control flag for Samba. If enabled, then PAM will be used for password @@ -5398,12 +5384,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PANICACTION"/>panic action (G)</term> + <term><anchor id="PANICACTION">panic action (G)</term> <listitem><para>This is a Samba developer option that allows a - system command to be called when either <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> crashes. This is usually used to - draw attention to the fact that a problem occurred.</para> + system command to be called when either <ulink url="smbd.8.html"> + smbd(8)</ulink> or <ulink url="nmbd.8.html">nmbd(8)</ulink> + crashes. This is usually used to draw attention to the fact that + a problem occurred.</para> <para>Default: <command>panic action = <empty string></command></para> <para>Example: <command>panic action = "/bin/sleep 90000"</command></para> @@ -5411,24 +5397,20 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="PARANOIDSERVERSECURITY"/>paranoid server security (G)</term> + <term><anchor id="PARANOIDSERVERSECURITY">paranoid server security (G)</term> <listitem><para>Some version of NT 4.x allow non-guest users with a bad passowrd. When this option is enabled, samba will not use a broken NT 4.x server as password server, but instead complain - to the logs and exit. + to the logs and exit. </para> - <para>Disabling this option prevents Samba from making - this check, which involves deliberatly attempting a - bad logon to the remote server.</para> - <para>Default: <command>paranoid server security = yes</command></para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="PASSDBBACKEND"/>passdb backend (G)</term> + <term><anchor id="PASSDBBACKEND">passdb backend (G)</term> <listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both smbpasswd and tdbsam to be used without a recompile. Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. @@ -5521,13 +5503,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term> + <term><anchor id="PASSWDCHAT">passwd chat (G)</term> <listitem><para>This string controls the <emphasis>"chat"</emphasis> - conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and the local password changing + conversation that takes places between <ulink + url="smbd.8.html">smbd</ulink> and the local password changing program to change the user's password. The string describes a - sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the + sequence of response-receive pairs that <ulink url="smbd.8.html"> + smbd(8)</ulink> uses to determine what to send to the <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter> </link> and what to expect back. If the expected output is not received then the password is not changed.</para> @@ -5549,8 +5531,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>The string can contain the macro <parameter>%n</parameter> which is substituted for the new password. The chat sequence can also contain the standard - macros <constant>\\n</constant>, <constant>\\r</constant>, <constant> - \\t</constant> and <constant>\\s</constant> to give line-feed, + macros <constant>\n</constant>, <constant>\r</constant>, <constant> + \t</constant> and <constant>\s</constant> to give line-feed, carriage-return, tab and space. The chat sequence string can also contain a '*' which matches any sequence of characters. Double quotes can be used to collect strings with spaces @@ -5572,10 +5554,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' <parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> <parameter>pam password change</parameter></link>.</para> - <para>Default: <command>passwd chat = *new*password* %n\\n - *new*password* %n\\n *changed*</command></para> - <para>Example: <command>passwd chat = "*Enter OLD password*" %o\\n - "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password + <para>Default: <command>passwd chat = *new*password* %n\n + *new*password* %n\n *changed*</command></para> + <para>Example: <command>passwd chat = "*Enter OLD password*" %o\n + "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</command></para> </listitem> </varlistentry> @@ -5583,12 +5565,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWDCHATDEBUG"/>passwd chat debug (G)</term> + <term><anchor id="PASSWDCHATDEBUG">passwd chat debug (G)</term> <listitem><para>This boolean specifies if the passwd chat script parameter is run in <emphasis>debug</emphasis> mode. In this mode the strings passed to and received from the passwd chat are printed - in the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> log with a + in the <ulink url="smbd.8.html">smbd(8)</ulink> log with a <link linkend="DEBUGLEVEL"><parameter>debug level</parameter></link> of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the <command>smbd</command> log. It is available to help @@ -5611,7 +5592,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWDPROGRAM"/>passwd program (G)</term> + <term><anchor id="PASSWDPROGRAM">passwd program (G)</term> <listitem><para>The name of a program that can be used to set UNIX user passwords. Any occurrences of <parameter>%u</parameter> will be replaced with the user name. The user name is checked for @@ -5649,7 +5630,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWORDLEVEL"/>password level (G)</term> + <term><anchor id="PASSWORDLEVEL">password level (G)</term> <listitem><para>Some client/server combinations have difficulty with mixed-case passwords. One offending client is Windows for Workgroups, which for some reason forces passwords to upper @@ -5692,7 +5673,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWORDSERVER"/>password server (G)</term> + <term><anchor id="PASSWORDSERVER">password server (G)</term> <listitem><para>By specifying the name of another SMB server (such as a WinNT box) with this option, and using <command>security = domain </command> or <command>security = server</command> you can get Samba @@ -5787,7 +5768,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PATH"/>path (S)</term> + <term><anchor id="PATH">path (S)</term> <listitem><para>This parameter specifies a directory to which the user of the service is to be given access. In the case of printable services, this is where print data will spool prior to @@ -5818,7 +5799,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PIDDIRECTORY"/>pid directory (G)</term> + <term><anchor id="PIDDIRECTORY">pid directory (G)</term> <listitem><para>This option specifies the directory where pid files will be placed. </para> @@ -5830,9 +5811,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="POSIXLOCKING"/>posix locking (S)</term> - <listitem><para>The <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <term><anchor id="POSIXLOCKING">posix locking (S)</term> + <listitem><para>The <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> daemon maintains an database of file locks obtained by SMB clients. The default behavior is to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are @@ -5848,7 +5828,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="POSTEXEC"/>postexec (S)</term> + <term><anchor id="POSTEXEC">postexec (S)</term> <listitem><para>This option specifies a command to be run whenever the service is disconnected. It takes the usual substitutions. The command may be run as the root on some @@ -5873,7 +5853,23 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREEXEC"/>preexec (S)</term> + <term><anchor id="POSTSCRIPT">postscript (S)</term> + <listitem><para>This parameter forces a printer to interpret + the print files as PostScript. This is done by adding a <constant>%! + </constant> to the start of print output.</para> + + <para>This is most useful when you have lots of PCs that persist + in putting a control-D at the start of print jobs, which then + confuses your printer.</para> + + <para>Default: <command>postscript = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PREEXEC">preexec (S)</term> <listitem><para>This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.</para> @@ -5882,12 +5878,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' is an example:</para> <para><command>preexec = csh -c 'echo \"Welcome to %S!\" | - /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> + /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> <para>Of course, this could get annoying after a while :-)</para> <para>See also <link linkend="PREEXECCLOSE"><parameter>preexec close - </parameter></link> and <link linkend="POSTEXEC"><parameter>postexec + </parameter</link> and <link linkend="POSTEXEC"><parameter>postexec </parameter></link>.</para> <para>Default: <emphasis>none (no command executed)</emphasis></para> @@ -5899,7 +5895,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREEXECCLOSE"/>preexec close (S)</term> + <term><anchor id="PREEXECCLOSE">preexec close (S)</term> <listitem><para>This boolean option controls whether a non-zero return code from <link linkend="PREEXEC"><parameter>preexec </parameter></link> should close the service being connected to.</para> @@ -5910,7 +5906,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREFERREDMASTER"/>preferred master (G)</term> + <term><anchor id="PREFERREDMASTER">preferred master (G)</term> <listitem><para>This boolean parameter controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser for its workgroup.</para> @@ -5939,7 +5935,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREFEREDMASTER"/>prefered master (G)</term> + <term><anchor id="PREFEREDMASTER">prefered master (G)</term> <listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter> preferred master</parameter></link> for people who cannot spell :-).</para> </listitem> @@ -5948,7 +5944,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRELOAD"/>preload (G)</term> + <term><anchor id="PRELOAD">preload (G)</term> <listitem><para>This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be @@ -5966,7 +5962,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRESERVECASE"/>preserve case (S)</term> + <term><anchor id="PRESERVECASE">preserve case (S)</term> <listitem><para> This controls if new filenames are created with the case that the client passes, or if they are forced to be the <link linkend="DEFAULTCASE"><parameter>default case @@ -5982,7 +5978,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTCOMMAND"/>print command (S)</term> + <term><anchor id="PRINTCOMMAND">print command (S)</term> <listitem><para>After a print job has finished spooling to a service, this command will be used via a <command>system()</command> call to process the spool file. Typically the command specified will @@ -6072,7 +6068,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTOK"/>print ok (S)</term> + <term><anchor id="PRINTOK">print ok (S)</term> <listitem><para>Synonym for <link linkend="PRINTABLE"> <parameter>printable</parameter></link>.</para> </listitem> @@ -6082,7 +6078,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTABLE"/>printable (S)</term> + <term><anchor id="PRINTABLE">printable (S)</term> <listitem><para>If this parameter is <constant>yes</constant>, then clients may open, write to and submit spool files on the directory specified for the service. </para> @@ -6100,7 +6096,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTCAP"/>printcap (G)</term> + <term><anchor id="PRINTCAP">printcap (G)</term> <listitem><para>Synonym for <link linkend="PRINTCAPNAME"><parameter> printcap name</parameter></link>.</para> </listitem> @@ -6110,7 +6106,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTCAPNAME"/>printcap name (G)</term> + <term><anchor id="PRINTCAPNAME">printcap name (G)</term> <listitem><para>This parameter may be used to override the compiled-in default printcap name used by the server (usually <filename> /etc/printcap</filename>). See the discussion of the <link @@ -6136,13 +6132,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>A minimal printcap file would look something like this:</para> -<para><programlisting> -print1|My Printer 1 -print2|My Printer 2 -print3|My Printer 3 -print4|My Printer 4 -print5|My Printer 5 -</programlisting></para> + <para><programlisting> + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + </programlisting></para> <para>where the '|' separates aliases of a printer. The fact that the second alias has a space in it gives a hint to Samba @@ -6163,7 +6159,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRINTERADMIN"/>printer admin (S)</term> + <term><anchor id="PRINTERADMIN">printer admin (S)</term> <listitem><para>This is a list of users that can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation). Note that the root user always @@ -6177,8 +6173,113 @@ print5|My Printer 5 + + + <varlistentry> + <term><anchor id="PRINTERDRIVER">printer driver (S)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This option allows you to control the string + that clients receive when they ask the server for the printer driver + associated with a printer. If you are using Windows95 or Windows NT + then you can use this to automate the setup of printers on your + system.</para> + + <para>You need to set this parameter to the exact string (case + sensitive) that describes the appropriate printer driver for your + system. If you don't know the exact string to use then you should + first try with no <link linkend="PRINTERDRIVER"><parameter> + printer driver</parameter></link> option set and the client will + give you a list of printer drivers. The appropriate strings are + shown in a scroll box after you have chosen the printer manufacturer.</para> + + <para>See also <link linkend="PRINTERDRIVERFILE"><parameter>printer + driver file</parameter></link>.</para> + + <para>Example: <command>printer driver = HP LaserJet 4L</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTERDRIVERFILE">printer driver file (G)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This parameter tells Samba where the printer driver + definition file, used when serving drivers to Windows 95 clients, is + to be found. If this is not set, the default is :</para> + + <para><filename><replaceable>SAMBA_INSTALL_DIRECTORY</replaceable> + /lib/printers.def</filename></para> + + <para>This file is created from Windows 95 <filename>msprint.inf + </filename> files found on the Windows 95 client system. For more + details on setting up serving of printer drivers to Windows 95 + clients, see the outdated documentation file in the <filename>docs/</filename> + directory, <filename>PRINTER_DRIVER.txt</filename>.</para> + + <para>See also <link linkend="PRINTERDRIVERLOCATION"><parameter> + printer driver location</parameter></link>.</para> + + <para>Default: <emphasis>None (set in compile).</emphasis></para> + + <para>Example: <command>printer driver file = + /usr/local/samba/printers/drivers.def</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PRINTERDRIVERLOCATION">printer driver location (S)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This parameter tells clients of a particular printer + share where to find the printer driver files for the automatic + installation of drivers for Windows 95 machines. If Samba is set up + to serve printer drivers to Windows 95 machines, this should be set to</para> + + <para><command>\\MACHINE\PRINTER$</command></para> + + <para>Where MACHINE is the NetBIOS name of your Samba server, + and PRINTER$ is a share you set up for serving printer driver + files. For more details on setting this up see the outdated documentation + file in the <filename>docs/</filename> directory, <filename> + PRINTER_DRIVER.txt</filename>.</para> + + <para>See also <link linkend="PRINTERDRIVERFILE"><parameter> + printer driver file</parameter></link>.</para> + + <para>Default: <command>none</command></para> + <para>Example: <command>printer driver location = \\MACHINE\PRINTER$ + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> - <term><anchor id="PRINTERNAME"/>printer name (S)</term> + <term><anchor id="PRINTERNAME">printer name (S)</term> <listitem><para>This parameter specifies the name of the printer to which print jobs spooled through a printable service will be sent.</para> @@ -6195,7 +6296,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRINTER"/>printer (S)</term> + <term><anchor id="PRINTER">printer (S)</term> <listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter> printer name</parameter></link>.</para> </listitem> @@ -6204,7 +6305,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRINTING"/>printing (S)</term> + <term><anchor id="PRINTING">printing (S)</term> <listitem><para>This parameters controls how printer status information is interpreted on your system. It also affects the default values for the <parameter>print command</parameter>, @@ -6235,7 +6336,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRIVATEDIR"/>private dir (G)</term> + <term><anchor id="PRIVATEDIR">private dir (G)</term> <listitem><para>This parameters defines the directory smbd will use for storing such files as <filename>smbpasswd</filename> and <filename>secrets.tdb</filename>. @@ -6249,7 +6350,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PROTOCOL"/>protocol (G)</term> + <term><anchor id="PROTOCOL">protocol (G)</term> <listitem><para>Synonym for <link linkend="MAXPROTOCOL"> <parameter>max protocol</parameter></link>.</para></listitem> </varlistentry> @@ -6258,7 +6359,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PUBLIC"/>public (S)</term> + <term><anchor id="PUBLIC">public (S)</term> <listitem><para>Synonym for <link linkend="GUESTOK"><parameter>guest ok</parameter></link>.</para> </listitem> @@ -6267,7 +6368,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="QUEUEPAUSECOMMAND"/>queuepause command (S)</term> + <term><anchor id="QUEUEPAUSECOMMAND">queuepause command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to pause the printer queue.</para> @@ -6296,7 +6397,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="QUEUERESUMECOMMAND"/>queueresume command (S)</term> + <term><anchor id="QUEUERESUMECOMMAND">queueresume command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the @@ -6331,7 +6432,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READBMPX"/>read bmpx (G)</term> + <term><anchor id="READBMPX">read bmpx (G)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to @@ -6346,7 +6447,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READLIST"/>read list (S)</term> + <term><anchor id="READLIST">read list (S)</term> <listitem><para>This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the <link @@ -6368,7 +6469,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READONLY"/>read only (S)</term> + <term><anchor id="READONLY">read only (S)</term> <listitem><para>An inverted synonym is <link linkend="WRITEABLE"> <parameter>writeable</parameter></link>.</para> @@ -6387,7 +6488,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READRAW"/>read raw (G)</term> + <term><anchor id="READRAW">read raw (G)</term> <listitem><para>This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients.</para> @@ -6410,7 +6511,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READSIZE"/>read size (G)</term> + <term><anchor id="READSIZE">read size (G)</term> <listitem><para>The option <parameter>read size</parameter> affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in several of the SMB @@ -6437,7 +6538,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="REALM"/>realm (G)</term> + <term><anchor id="REALM">realm (G)</term> <listitem><para> This option specifies the kerberos realm to use. The realm is used as the ADS equivalent of the NT4<command>domain</command>. It @@ -6450,7 +6551,7 @@ print5|My Printer 5 </varlistentry> <varlistentry> - <term><anchor id="REMOTEANNOUNCE"/>remote announce (G)</term> + <term><anchor id="REMOTEANNOUNCE">remote announce (G)</term> <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name.</para> @@ -6475,7 +6576,7 @@ print5|My Printer 5 addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable.</para> - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> + <para>See the documentation file <filename>BROWSING.txt</filename> in the <filename>docs/</filename> directory.</para> <para>Default: <command>remote announce = <empty string> @@ -6486,7 +6587,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="REMOTEBROWSESYNC"/>remote browse sync (G)</term> + <term><anchor id="REMOTEBROWSESYNC">remote browse sync (G)</term> <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically request synchronization of browse lists with the master browser of a Samba @@ -6524,7 +6625,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="RESTRICTANONYMOUS"/>restrict anonymous (G)</term> + <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> <listitem><para>This is a integer parameter, and mirrors as much as possible the functinality the <constant>RestrictAnonymous</constant> @@ -6537,7 +6638,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOT"/>root (G)</term> + <term><anchor id="ROOT">root (G)</term> <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> <parameter>root directory"</parameter></link>.</para> </listitem> @@ -6546,7 +6647,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTDIR"/>root dir (G)</term> + <term><anchor id="ROOTDIR">root dir (G)</term> <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> <parameter>root directory"</parameter></link>.</para> </listitem> @@ -6554,7 +6655,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTDIRECTORY"/>root directory (G)</term> + <term><anchor id="ROOTDIRECTORY">root directory (G)</term> <listitem><para>The server will <command>chroot()</command> (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the @@ -6586,7 +6687,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTPOSTEXEC"/>root postexec (S)</term> + <term><anchor id="ROOTPOSTEXEC">root postexec (S)</term> <listitem><para>This is the same as the <parameter>postexec</parameter> parameter except that the command is run as root. This is useful for unmounting filesystems @@ -6601,7 +6702,7 @@ print5|My Printer 5 </varlistentry> <varlistentry> - <term><anchor id="ROOTPREEXEC"/>root preexec (S)</term> + <term><anchor id="ROOTPREEXEC">root preexec (S)</term> <listitem><para>This is the same as the <parameter>preexec</parameter> parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a @@ -6619,7 +6720,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTPREEXECCLOSE"/>root preexec close (S)</term> + <term><anchor id="ROOTPREEXECCLOSE">root preexec close (S)</term> <listitem><para>This is the same as the <parameter>preexec close </parameter> parameter except that the command is run as root.</para> @@ -6633,14 +6734,14 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SECURITY"/>security (G)</term> + <term><anchor id="SECURITY">security (G)</term> <listitem><para>This option affects how clients respond to Samba and is one of the most important settings in the <filename> smb.conf</filename> file.</para> <para>The option sets the "security mode bit" in replies to - protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide + protocol negotiations with <ulink url="smbd.8.html">smbd(8) + </ulink> to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server.</para> @@ -6685,7 +6786,7 @@ print5|My Printer 5 <para>The different settings will now be explained.</para> - <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE + <para><anchor id="SECURITYEQUALSSHARE"><emphasis>SECURITY = SHARE </emphasis></para> <para>When clients connect to a share level security server they @@ -6754,10 +6855,10 @@ print5|My Printer 5 <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER + <para><anchor id="SECURITYEQUALSUSER"><emphasis>SECURITY = USER </emphasis></para> - <para>This is the default security setting in Samba 3.0. + <para>This is the default security setting in Samba 2.2. With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the <link linkend="USERNAMEMAP"><parameter>username map</parameter></link> @@ -6781,27 +6882,24 @@ print5|My Printer 5 <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN - + <para><anchor id="SECURITYEQUALSSERVER"><emphasis>SECURITY = SERVER </emphasis></para> - <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has been used to add this - machine into a Windows NT Domain. It expects the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter to be set to <constant>yes</constant>. In this - mode Samba will try to validate the username/password by passing - it to a Windows NT Primary or Backup Domain Controller, in exactly - the same way that a Windows NT Server would do.</para> - - <para><emphasis>Note</emphasis> that a valid UNIX user must still - exist as well as the account on the Domain Controller to allow - Samba to have a valid UNIX account to map file access to.</para> + <para>In this mode Samba will try to validate the username/password + by passing it to another SMB server, such as an NT box. If this + fails it will revert to <command>security = user</command>, but note + that if encrypted passwords have been negotiated then Samba cannot + revert back to checking the UNIX password file, it must have a valid + <filename>smbpasswd</filename> file to check users against. See the + documentation file in the <filename>docs/</filename> directory + <filename>ENCRYPTION.txt</filename> for details on how to set this + up.</para> - <para><emphasis>Note</emphasis> that from the client's point - of view <command>security = domain</command> is the same as <command>security = user - </command>. It only affects how the server deals with the authentication, - it does not in any way affect what the client sees.</para> + <para><emphasis>Note</emphasis> that from the client's point of + view <command>security = server</command> is the same as <command> + security = user</command>. It only affects how the server deals + with the authentication, it does not in any way affect what the + client sees.</para> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -6819,42 +6917,27 @@ print5|My Printer 5 server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> </link> parameter.</para> - - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER + + <para><anchor id="SECURITYEQUALSDOMAIN"><emphasis>SECURITY = DOMAIN </emphasis></para> - <para>In this mode Samba will try to validate the username/password - by passing it to another SMB server, such as an NT box. If this - fails it will revert to <command>security = - user</command>. It expects the <link + <para>This mode will only work correctly if <ulink + url="smbpasswd.8.html">smbpasswd(8)</ulink> has been used to add this + machine into a Windows NT Domain. It expects the <link linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter to be set to - <constant>yes</constant>, unless the remote server - does not support them. However note - that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid - <filename>smbpasswd</filename> file to check users against. See the - documentation file in the <filename>docs/</filename> directory - <filename>ENCRYPTION.txt</filename> for details on how to set this - up.</para> + </link> parameter to be set to <constant>yes</constant>. In this + mode Samba will try to validate the username/password by passing + it to a Windows NT Primary or Backup Domain Controller, in exactly + the same way that a Windows NT Server would do.</para> - <para><emphasis>Note</emphasis> this mode of operation - has significant pitfalls, due to the fact that is - activly initiates a man-in-the-middle attack on the - remote SMB server. In particular, this mode of - operation can cause significant resource consuption on - the PDC, as it must maintain an active connection for - the duration of the user's session. Furthermore, if - this connection is lost, there is no way to - reestablish it, and futher authenticaions to the Samba - server may fail. (From a single client, till it - disconnects). </para> + <para><emphasis>Note</emphasis> that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to.</para> - <para><emphasis>Note</emphasis> that from the client's point of - view <command>security = server</command> is the same as <command> - security = user</command>. It only affects how the server deals - with the authentication, it does not in any way affect what the - client sees.</para> + <para><emphasis>Note</emphasis> that from the client's point + of view <command>security = domain</command> is the same as <command>security = user + </command>. It only affects how the server deals with the authentication, + it does not in any way affect what the client sees.</para> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -6865,6 +6948,14 @@ print5|My Printer 5 See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> </link> parameter for details on doing this.</para> + <para><emphasis>BUG:</emphasis> There is currently a bug in the + implementation of <command>security = domain</command> with respect + to multi-byte character set usernames. The communication with a + Domain Controller must be done in UNICODE and Samba currently + does not widen multi-byte user names to UNICODE correctly, thus + a multi-byte username will not be recognized correctly at the + Domain Controller. This issue will be addressed in a future release.</para> + <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> @@ -6872,17 +6963,16 @@ print5|My Printer 5 server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> </link> parameter.</para> - + <para>Default: <command>security = USER</command></para> <para>Example: <command>security = DOMAIN</command></para> - </listitem> </varlistentry> <varlistentry> - <term><anchor id="SECURITYMASK"/>security mask (S)</term> + <term><anchor id="SECURITYMASK">security mask (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security @@ -6917,7 +7007,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SERVERSTRING"/>server string (G)</term> + <term><anchor id="SERVERSTRING">server string (G)</term> <listitem><para>This controls what string will show up in the printer comment box in print manager and next to the IPC connection in <command>net view</command>. It can be any string that you wish @@ -6942,7 +7032,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SETDIRECTORY"/>set directory (S)</term> + <term><anchor id="SETDIRECTORY">set directory (S)</term> <listitem><para>If <command>set directory = no</command>, then users of the service may not use the setdir command to change directory.</para> @@ -6958,7 +7048,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHAREMODES"/>share modes (S)</term> + <term><anchor id="SHAREMODES">share modes (S)</term> <listitem><para>This enables or disables the honoring of the <parameter>share modes</parameter> during a file open. These modes are used by clients to gain exclusive read or write access @@ -6987,7 +7077,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHORTPRESERVECASE"/>short preserve case (S)</term> + <term><anchor id="SHORTPRESERVECASE">short preserve case (S)</term> <listitem><para>This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced @@ -7007,7 +7097,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHOWADDPRINTERWIZARD"/>show add printer wizard (G)</term> + <term><anchor id="SHOWADDPRINTERWIZARD">show add printer wizard (G)</term> <listitem><para>With the introduction of MS-RPC based printing support for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will appear on Samba hosts in the share listing. Normally this folder will @@ -7042,7 +7132,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHUTDOWNSCRIPT"/>shutdown script (G)</term> + <term><anchor id="SHUTDOWNSCRIPT">shutdown script (G)</term> <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> This a full path name to a script called by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that @@ -7068,15 +7158,15 @@ print5|My Printer 5 <para>Default: <emphasis>None</emphasis>.</para> <para>Example: <command>abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> <para>Shutdown script example: -<programlisting> -#!/bin/bash + <programlisting> + #!/bin/bash -$time=0 -let "time/60" -let "time++" + $time=0 + let "time/60" + let "time++" -/sbin/shutdown $3 $4 +$time $1 & -</programlisting> + /sbin/shutdown $3 $4 +$time $1 & + </programlisting> Shutdown does not return so we need to launch it in background. </para> @@ -7086,7 +7176,7 @@ let "time++" <varlistentry> - <term><anchor id="SMBPASSWDFILE"/>smb passwd file (G)</term> + <term><anchor id="SMBPASSWDFILE">smb passwd file (G)</term> <listitem><para>This option sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba.</para> @@ -7101,7 +7191,7 @@ let "time++" <varlistentry> - <term><anchor id="SMBPORTS"/>smb ports (G)</term> + <term><anchor id="SMBPORTS">smb ports (G)</term> <listitem><para>Specifies which ports the server should listen on for SMB traffic. </para> @@ -7112,7 +7202,7 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="SOCKETADDRESS"/>socket address (G)</term> + <term><anchor id="SOCKETADDRESS">socket address (G)</term> <listitem><para>This option allows you to control what address Samba will listen for connections on. This is used to support multiple virtual interfaces on the one server, each @@ -7129,7 +7219,7 @@ let "time++" <varlistentry> - <term><anchor id="SOCKETOPTIONS"/>socket options (G)</term> + <term><anchor id="SOCKETOPTIONS">socket options (G)</term> <listitem><para>This option allows you to set socket options to be used when talking with the client.</para> @@ -7202,7 +7292,7 @@ let "time++" <varlistentry> - <term><anchor id="SOURCEENVIRONMENT"/>source environment (G)</term> + <term><anchor id="SOURCEENVIRONMENT">source environment (G)</term> <listitem><para>This parameter causes Samba to set environment variables as per the content of the file named.</para> @@ -7224,23 +7314,17 @@ let "time++" /usr/local/smb_env_vars</command></para> </listitem> </varlistentry> +<varlistentry> +<term><anchor id="SPNEGO">use spnego (G)</term> +<listitem><para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</para> +<para>Default: <emphasis>use spnego = yes</emphasis></para> +</listitem> +</varlistentry> <varlistentry> - <term><anchor id="SPNEGO"/>use spnego (G)</term> - <listitem><para> This variable controls controls whether samba will try - to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. - Unless further issues are discovered with our SPNEGO - implementation, there is no reason this should ever be - disabled.</para> - <para>Default: <emphasis>use spnego = yes</emphasis></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="STATCACHE"/>stat cache (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will use a cache in order to + <term><anchor id="STATCACHE">stat cache (G)</term> + <listitem><para>This parameter determines if <ulink + url="smbd.8.html">smbd(8)</ulink> will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter.</para> @@ -7249,7 +7333,7 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="STATCACHESIZE"/>stat cache size (G)</term> + <term><anchor id="STATCACHESIZE">stat cache size (G)</term> <listitem><para>This parameter determines the number of entries in the <parameter>stat cache</parameter>. You should never need to change this parameter.</para> @@ -7261,7 +7345,7 @@ let "time++" <varlistentry> - <term><anchor id="STRICTALLOCATE"/>strict allocate (S)</term> + <term><anchor id="STRICTALLOCATE">strict allocate (S)</term> <listitem><para>This is a boolean that controls the handling of disk space allocation in the server. When this is set to <constant>yes</constant> the server will change from UNIX behaviour of not committing real @@ -7285,7 +7369,7 @@ let "time++" <varlistentry> - <term><anchor id="STRICTLOCKING"/>strict locking (S)</term> + <term><anchor id="STRICTLOCKING">strict locking (S)</term> <listitem><para>This is a boolean that controls the handling of file locking in the server. When this is set to <constant>yes</constant> the server will check every read and write access for file locks, and @@ -7305,7 +7389,7 @@ let "time++" <varlistentry> - <term><anchor id="STRICTSYNC"/>strict sync (S)</term> + <term><anchor id="STRICTSYNC">strict sync (S)</term> <listitem><para>Many Windows applications (including the Windows 98 explorer shell) seem to confuse flushing buffer contents to disk with doing a sync to disk. Under UNIX, a sync call forces @@ -7313,8 +7397,7 @@ let "time++" all outstanding data in kernel disk buffers has been safely stored onto stable storage. This is very slow and should only be done rarely. Setting this parameter to <constant>no</constant> (the - default) means that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> ignores the Windows applications requests for + default) means that <ulink url="smbd.8.html">smbd</ulink> ignores the Windows applications requests for a sync call. There is only a possibility of losing data if the operating system itself that Samba is running on crashes, so there is little danger in this default setting. In addition, this fixes many @@ -7330,7 +7413,7 @@ let "time++" <varlistentry> - <term><anchor id="STRIPDOT"/>strip dot (G)</term> + <term><anchor id="STRIPDOT">strip dot (G)</term> <listitem><para>This is a boolean that controls whether to strip trailing dots off UNIX filenames. This helps with some CDROMs that have filenames ending in a single dot.</para> @@ -7342,7 +7425,7 @@ let "time++" <varlistentry> - <term><anchor id="SYNCALWAYS"/>sync always (S)</term> + <term><anchor id="SYNCALWAYS">sync always (S)</term> <listitem><para>This is a boolean parameter that controls whether writes will always be written to stable storage before the write call returns. If this is <constant>no</constant> then the server will be @@ -7364,7 +7447,7 @@ let "time++" <varlistentry> - <term><anchor id="SYSLOG"/>syslog (G)</term> + <term><anchor id="SYSLOG">syslog (G)</term> <listitem><para>This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog <constant>LOG_ERR</constant>, debug @@ -7384,7 +7467,7 @@ let "time++" <varlistentry> - <term><anchor id="SYSLOGONLY"/>syslog only (G)</term> + <term><anchor id="SYSLOGONLY">syslog only (G)</term> <listitem><para>If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files.</para> @@ -7396,7 +7479,7 @@ let "time++" <varlistentry> - <term><anchor id="TEMPLATEHOMEDIR"/>template homedir (G)</term> + <term><anchor id="TEMPLATEHOMEDIR">template homedir (G)</term> <listitem><para>When filling out the user information for a Windows NT user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon uses this parameter to fill in the home directory for that user. @@ -7412,10 +7495,9 @@ let "time++" <varlistentry> - <term><anchor id="TEMPLATESHELL"/>template shell (G)</term> + <term><anchor id="TEMPLATESHELL">template shell (G)</term> <listitem><para>When filling out the user information for a Windows NT - user, the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon + user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon uses this parameter to fill in the login shell for that user.</para> <para>Default: <command>template shell = /bin/false</command></para> @@ -7425,7 +7507,7 @@ let "time++" <varlistentry> - <term><anchor id="TIMEOFFSET"/>time offset (G)</term> + <term><anchor id="TIMEOFFSET">time offset (G)</term> <listitem><para>This parameter is a setting in minutes to add to the normal GMT to local time conversion. This is useful if you are serving a lot of PCs that have incorrect daylight @@ -7439,9 +7521,9 @@ let "time++" <varlistentry> - <term><anchor id="TIMESERVER"/>time server (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows + <term><anchor id="TIMESERVER">time server (G)</term> + <listitem><para>This parameter determines if <ulink url="nmbd.8.html"> + nmbd(8)</ulink> advertises itself as a time server to Windows clients.</para> <para>Default: <command>time server = no</command></para> @@ -7450,7 +7532,7 @@ let "time++" <varlistentry> - <term><anchor id="TIMESTAMPLOGS"/>timestamp logs (G)</term> + <term><anchor id="TIMESTAMPLOGS">timestamp logs (G)</term> <listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter> debug timestamp</parameter></link>.</para> </listitem> @@ -7461,17 +7543,16 @@ let "time++" <varlistentry> - <term><anchor id="TOTALPRINTJOBS"/>total print jobs (G)</term> + <term><anchor id="TOTALPRINTJOBS">total print jobs (G)</term> <listitem><para>This parameter accepts an integer value which defines a limit on the maximum number of print jobs that will be accepted system wide at any given time. If a print job is submitted - by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will return an + by a client which will exceed this number, then <ulink url="smbd.8.html">smbd</ulink> will return an error indicating that no space is available on the server. The default value of 0 means that no such limit exists. This parameter can be used to prevent a server from exceeding its capacity and is designed as a printing throttle. See also - <link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link>. + <link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter</link>. </para> <para>Default: <command>total print jobs = 0</command></para> @@ -7480,7 +7561,7 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="UNICODE"/>unicode (G)</term> + <term><anchor id="UNICODE">unicode (G)</term> <listitem><para>Specifies whether Samba should try to use unicode on the wire by default. Note: This does NOT mean that samba will assume that the unix machine uses unicode! @@ -7492,19 +7573,19 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="UNIXCHARSET"/>unix charset (G)</term> + <term><anchor id="UNIXCHARSET">unix charset (G)</term> <listitem><para>Specifies the charset the unix machine Samba runs on uses. Samba needs to know this in order to be able to convert text to the charsets other SMB clients use. </para> - <para>Default: <command>unix charset = UTF8</command></para> - <para>Example: <command>unix charset = ASCII</command></para> + <para>Default: <command>unix charset = ASCII</command></para> + <para>Example: <command>unix charset = UTF8</command></para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="UNIXEXTENSIONS"/>unix extensions(G)</term> + <term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term> <listitem><para>This boolean parameter controls whether Samba implments the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients @@ -7520,7 +7601,7 @@ let "time++" <varlistentry> - <term><anchor id="UNIXPASSWORDSYNC"/>unix password sync (G)</term> + <term><anchor id="UNIXPASSWORDSYNC">unix password sync (G)</term> <listitem><para>This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. @@ -7541,7 +7622,7 @@ let "time++" <varlistentry> - <term><anchor id="UPDATEENCRYPTED"/>update encrypted (G)</term> + <term><anchor id="UPDATEENCRYPTED">update encrypted (G)</term> <listitem><para>This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as @@ -7572,7 +7653,7 @@ let "time++" <varlistentry> - <term><anchor id="USECLIENTDRIVER"/>use client driver (S)</term> + <term><anchor id="USECLIENTDRIVER">use client driver (S)</term> <listitem><para>This parameter applies only to Windows NT/2000 clients. It has no affect on Windows 95/98/ME clients. When serving a printer to Windows NT/2000 clients without first installing @@ -7610,7 +7691,7 @@ let "time++" <varlistentry> - <term><anchor id="USEMMAP"/>use mmap (G)</term> + <term><anchor id="USEMMAP">use mmap (G)</term> <listitem><para>This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a @@ -7628,7 +7709,27 @@ let "time++" <varlistentry> - <term><anchor id="USER"/>user (S)</term> + <term><anchor id="USERHOSTS">use rhosts (G)</term> + <listitem><para>If this global parameter is <constant>yes</constant>, it specifies + that the UNIX user's <filename>.rhosts</filename> file in their home directory + will be read to find the names of hosts and users who will be allowed + access without specifying a password.</para> + + <para><emphasis>NOTE:</emphasis> The use of <parameter>use rhosts + </parameter> can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the <parameter> + use rhosts</parameter> option be only used if you really know what + you are doing.</para> + + <para>Default: <command>use rhosts = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USER">user (S)</term> <listitem><para>Synonym for <link linkend="USERNAME"><parameter> username</parameter></link>.</para> </listitem> @@ -7637,7 +7738,7 @@ let "time++" <varlistentry> - <term><anchor id="USERS"/>users (S)</term> + <term><anchor id="USERS">users (S)</term> <listitem><para>Synonym for <link linkend="USERNAME"><parameter> username</parameter></link>.</para> </listitem> @@ -7645,7 +7746,7 @@ let "time++" <varlistentry> - <term><anchor id="USERNAME"/>username (S)</term> + <term><anchor id="USERNAME">username (S)</term> <listitem><para>Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right).</para> @@ -7686,7 +7787,7 @@ let "time++" will be looked up only in the UNIX groups database and will expand to a list of all users in the group of that name.</para> - <para>If any of the usernames begin with a '&' then the name + <para>If any of the usernames begin with a '&'then the name will be looked up only in the NIS netgroups database (if Samba is compiled with netgroup support) and will expand to a list of all users in the netgroup group of that name.</para> @@ -7710,7 +7811,7 @@ let "time++" <varlistentry> - <term><anchor id="USERNAMELEVEL"/>username level (G)</term> + <term><anchor id="USERNAMELEVEL">username level (G)</term> <listitem><para>This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the @@ -7733,7 +7834,7 @@ let "time++" <varlistentry> - <term><anchor id="USERNAMEMAP"/>username map (G)</term> + <term><anchor id="USERNAMEMAP">username map (G)</term> <listitem><para>This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames @@ -7796,10 +7897,10 @@ let "time++" '!' to tell Samba to stop processing if it gets a match on that line.</para> -<para><programlisting> -!sys = mary fred -guest = * -</programlisting></para> + <para><programlisting> + !sys = mary fred + guest = * + </programlisting></para> <para>Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and <constant> @@ -7825,7 +7926,7 @@ guest = * <varlistentry> - <term><anchor id="USESENDFILE"/>use sendfile (S)</term> + <term><anchor id="USESENDFILE">use sendfile (S)</term> <listitem><para>If this parameter is <constant>yes</constant>, and Samba was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX @@ -7842,7 +7943,7 @@ guest = * <varlistentry> - <term><anchor id="UTMP"/>utmp (G)</term> + <term><anchor id="UTMP">utmp (G)</term> <listitem><para>This boolean parameter is only available if Samba has been configured and compiled with the option <command> --with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt @@ -7864,7 +7965,7 @@ guest = * </varlistentry> <varlistentry> - <term><anchor id="UTMPDIRECTORY"/>utmp directory(G)</term> + <term><anchor id="UTMPDIRECTORY">utmp directory(G)</term> <listitem><para>This parameter is only available if Samba has been configured and compiled with the option <command> --with-utmp</command>. It specifies a directory pathname that is @@ -7881,7 +7982,7 @@ guest = * </varlistentry> <varlistentry> - <term><anchor id="WTMPDIRECTORY"/>wtmp directory(G)</term> + <term><anchor id="WTMPDIRECTORY">wtmp directory(G)</term> <listitem><para>This parameter is only available if Samba has been configured and compiled with the option <command> --with-utmp</command>. It specifies a directory pathname that is @@ -7903,9 +8004,9 @@ guest = * <varlistentry> - <term><anchor id="VALIDUSERS"/>valid users (S)</term> + <term><anchor id="VALIDUSERS">valid users (S)</term> <listitem><para>This is a list of users that should be allowed - to login to this service. Names starting with '@', '+' and '&' + to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the <parameter>invalid users</parameter> parameter.</para> @@ -7930,7 +8031,7 @@ guest = * <varlistentry> - <term><anchor id="VETOFILES"/>veto files(S)</term> + <term><anchor id="VETOFILES">veto files(S)</term> <listitem><para>This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included @@ -7978,7 +8079,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="VETOOPLOCKFILES"/>veto oplock files (S)</term> + <term><anchor id="VETOOPLOCKFILES">veto oplock files (S)</term> <listitem><para>This parameter is only valid when the <link linkend="OPLOCKS"><parameter>oplocks</parameter></link> parameter is turned on for a share. It allows the Samba administrator @@ -8004,7 +8105,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="VFSPATH"/>vfs path (S)</term> + <term><anchor id="VFSPATH">vfs path (S)</term> <listitem><para>This parameter specifies the directory to look in for vfs modules. The name of every <command>vfs object </command> will be prepended by this directory @@ -8017,7 +8118,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="VFSOBJECT"/>vfs object (S)</term> + <term><anchor id="VFSOBJECT">vfs object (S)</term> <listitem><para>This parameter specifies a shared object files that are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded @@ -8031,7 +8132,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="VFSOPTIONS"/>vfs options (S)</term> + <term><anchor id="VFSOPTIONS">vfs options (S)</term> <listitem><para>This parameter allows parameters to be passed to the vfs layer at initialization time. See also <link linkend="VFSOBJECT"><parameter> @@ -8044,7 +8145,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="VOLUME"/>volume (S)</term> + <term><anchor id="VOLUME">volume (S)</term> <listitem><para> This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.</para> @@ -8056,7 +8157,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WIDELINKS"/>wide links (S)</term> + <term><anchor id="WIDELINKS">wide links (S)</term> <listitem><para>This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the @@ -8075,10 +8176,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDCACHETIME"/>winbind cache time (G)</term> - <listitem><para>This parameter specifies the number of - seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon will cache + <term><anchor id="WINBINDCACHETIME">winbind cache time (G)</term> + <listitem><para>This parameter specifies the number of seconds the + <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon will cache user and group information before querying a Windows NT server again.</para> @@ -8088,10 +8188,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDENUMUSERS"/>winbind enum users (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be - necessary to suppress the enumeration of users through the <command>setpwent()</command>, + <term><anchor id="WINBINDENUMUSERS">winbind enum users (G)</term> + <listitem><para>On large installations using + <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be + necessary to suppress the enumeration of users through the + <command> setpwent()</command>, <command>getpwent()</command> and <command>endpwent()</command> group of system calls. If the <parameter>winbind enum users</parameter> parameter is @@ -8109,10 +8210,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="WINBINDENUMGROUPS"/>winbind enum groups (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress - the enumeration of groups through the <command>setgrent()</command>, + <term><anchor id="WINBINDENUMGROUPS">winbind enum groups (G)</term> + <listitem><para>On large installations using + <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be + necessary to suppress the enumeration of groups through the + <command> setgrent()</command>, <command>getgrent()</command> and <command>endgrent()</command> group of system calls. If the <parameter>winbind enum groups</parameter> parameter is @@ -8129,10 +8231,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDGID"/>winbind gid (G)</term> + <term><anchor id="WINBINDGID">winbind gid (G)</term> <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no + ids that are allocated by the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> daemon. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise.</para> @@ -8145,7 +8247,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDSEPARATOR"/>winbind separator (G)</term> + <term><anchor id="WINBINDSEPARATOR">winbind separator (G)</term> <listitem><para>This parameter allows an admin to define the character used when listing a username of the form of <replaceable>DOMAIN </replaceable>\<replaceable>user</replaceable>. This parameter @@ -8166,10 +8268,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDUID"/>winbind uid (G)</term> + <term><anchor id="WINBINDUID">winbind uid (G)</term> <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no + ids that are allocated by the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> daemon. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise.</para> @@ -8182,10 +8284,12 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDUSEDEFAULTDOMAIN"/>winbind use default domain (G)</term> - <listitem><para>This parameter specifies whether the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon should operate on users - without domain component in their username. + <term>winbind use default domain</term> + + <term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain (G)</term> + <listitem><para>This parameter specifies whether the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> + daemon should operate on users without domain component in their username. Users without a domain component are treated as is part of the winbindd server's own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system.</para> @@ -8198,7 +8302,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSHOOK"/>wins hook (G)</term> + <term><anchor id="WINSHOOK">wins hook (G)</term> <listitem><para>When Samba is running as a WINS server this allows you to call an external program for all changes to the WINS database. The primary use for this option is to allow the @@ -8246,7 +8350,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSPROXY"/>wins proxy (G)</term> + <term><anchor id="WINSPROXY">wins proxy (G)</term> <listitem><para>This is a boolean that controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name queries on behalf of other hosts. You may need to set this @@ -8260,10 +8364,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSSERVER"/>wins server (G)</term> + <term><anchor id="WINSSERVER">wins server (G)</term> <listitem><para>This specifies the IP address (or DNS name: IP - address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on + address for preference) of the WINS server that <ulink url="nmbd.8.html"> + nmbd(8)</ulink> should register with. If you have a WINS server on your network then you should set this to the WINS server's IP.</para> <para>You should point this at your WINS server if you have a @@ -8273,7 +8377,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly.</para> - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> + <para>See the documentation file <filename>BROWSING.txt</filename> in the docs/ directory of your Samba source distribution.</para> <para>Default: <emphasis>not enabled</emphasis></para> @@ -8284,9 +8388,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSSUPPORT"/>wins support (G)</term> - <listitem><para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should + <term><anchor id="WINSSUPPORT">wins support (G)</term> + <listitem><para>This boolean controls if the <ulink url="nmbd.8.html"> + nmbd(8)</ulink> process in Samba will act as a WINS server. You should not set this to <constant>yes</constant> unless you have a multi-subnetted network and you wish a particular <command>nmbd</command> to be your WINS server. Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> @@ -8299,7 +8403,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WORKGROUP"/>workgroup (G)</term> + <term><anchor id="WORKGROUP">workgroup (G)</term> <listitem><para>This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the <link @@ -8315,7 +8419,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITABLE"/>writable (S)</term> + <term><anchor id="WRITABLE">writable (S)</term> <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter> writeable</parameter></link> for people who can't spell :-).</para> </listitem> @@ -8324,7 +8428,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITECACHESIZE"/>write cache size (S)</term> + <term><anchor id="WRITECACHESIZE">write cache size (S)</term> <listitem><para>If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file (it does <emphasis>not</emphasis> do this for @@ -8356,7 +8460,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITELIST"/>write list (S)</term> + <term><anchor id="WRITELIST">write list (S)</term> <listitem><para>This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the <link @@ -8381,7 +8485,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSPARTNERS"/>wins partners (G)</term> + <term><anchor id="WINSPARTNERS">wins partners (G)</term> <listitem><para>A space separated list of partners' IP addresses for WINS replication. WINS partners are always defined as push/pull partners as defining only one way WINS replication is unreliable. @@ -8397,7 +8501,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITEOK"/>write ok (S)</term> + <term><anchor id="WRITEOK">write ok (S)</term> <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter> read only</parameter></link>.</para> </listitem> @@ -8406,7 +8510,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITERAW"/>write raw (G)</term> + <term><anchor id="WRITERAW">write raw (G)</term> <listitem><para>This parameter controls whether or not the server will support raw write SMB's when transferring data from clients. You should never need to change this parameter.</para> @@ -8418,7 +8522,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITEABLE"/>writeable (S)</term> + <term><anchor id="WRITEABLE">writeable (S)</term> <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter> read only</parameter></link>.</para> </listitem> @@ -8438,8 +8542,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ problem - but be aware of the possibility.</para> <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such + limit service names to eight characters. <ulink url="smbd.8.html">smbd(8) + </ulink> has no such limitation, but attempts to connect from such clients will fail if they truncate the service names. For this reason you should probably keep your service names down to eight characters in length.</para> @@ -8454,22 +8558,22 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 3.0 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>.</para> + <para><ulink url="samba.7.html">samba(7)</ulink>, + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, + <ulink url="swat.8.html"><command>swat(8)</command></ulink>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, + <ulink url="nmblookup.1.html"><command>nmblookup(1)</command></ulink>, + <ulink url="testparm.1.html"><command>testparm(1)</command></ulink>, + <ulink url="testprns.1.html"><command>testprns(1)</command></ulink> + </para> </refsect1> <refsect1> @@ -8482,11 +8586,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml index 03fcbd6fd8..766d2a78b1 100644 --- a/docs/docbook/manpages/smbcacls.1.sgml +++ b/docs/docbook/manpages/smbcacls.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbcacls.1"> +<refentry id="smbcacls"> <refmeta> <refentrytitle>smbcacls</refentrytitle> @@ -17,26 +17,24 @@ <command>smbcacls</command> <arg choice="req">//server/share</arg> <arg choice="req">filename</arg> - <arg choice="opt">-D acls</arg> - <arg choice="opt">-M acls</arg> + <arg choice="opt">-U username</arg> <arg choice="opt">-A acls</arg> + <arg choice="opt">-M acls</arg> + <arg choice="opt">-D acls</arg> <arg choice="opt">-S acls</arg> <arg choice="opt">-C name</arg> <arg choice="opt">-G name</arg> <arg choice="opt">-n</arg> - <arg choice="opt">-t</arg> - <arg choice="opt">-U username</arg> <arg choice="opt">-h</arg> - <arg choice="opt">-d</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + <para>The <command>smbcacls</command> program manipulates NT Access Control Lists (ACLs) on SMB file shares. </para> </refsect1> @@ -92,8 +90,7 @@ <listitem><para>Specifies a username used to connect to the specified service. The username may be of the form "username" in which case the user is prompted to enter in a password and the - workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file is + workgroup specified in the <filename>smb.conf</filename> file is used, or "username%password" or "DOMAIN\username%password" and the password and workgroup names are used as provided. </para></listitem> </varlistentry> @@ -133,16 +130,13 @@ and masks to a readable string format. </para></listitem> </varlistentry> + + <varlistentry> - <term>-t</term> - <listitem><para> - Don't actually do anything, only validate the correctness of - the arguments. - </para></listitem> + <term>-h</term> + <listitem><para>Print usage information on the <command>smbcacls + </command> program.</para></listitem> </varlistentry> - - &stdarg.help; - &popt.common.samba.small; </variablelist> </refsect1> @@ -153,12 +147,12 @@ <para>The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: </para> -<para><programlisting> + <para><programlisting> REVISION:<revision number> OWNER:<sid or name> GROUP:<sid or name> ACL:<sid or name>:<type>/<flags>/<mask> -</programlisting></para> + </programlisting></para> <para>The revision of the ACL specifies the internal Windows @@ -171,22 +165,24 @@ ACL:<sid or name>:<type>/<flags>/<mask> otherwise the name specified is resolved using the server on which the file or directory resides. </para> - <para>ACLs specify permissions granted to the SID. This SID again - can be specified in CWS-1-x-y-z format or as a name in which case - it is resolved against the server on which the file or directory - resides. The type, flags and mask values determine the type of - access granted to the SID. </para> - - <para>The type can be either 0 or 1 corresponding to ALLOWED or - DENIED access to the SID. The flags values are generally - zero for file ACLs and either 9 or 2 for directory ACLs. Some - common flags are: </para> - - <itemizedlist> - <listitem><para><constant>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</constant></para></listitem> - <listitem><para><constant>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</constant></para></listitem> - <listitem><para><constant>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</constant></para></listitem> - <listitem><para><constant>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</constant></para></listitem> + <para>ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. </para> + + <para>The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: </para> + + <itemizedlist> + <listitem><para>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</para></listitem> + <listitem><para>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</para></listitem> + <listitem><para>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 + </para></listitem> + <listitem><para>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</para> + </listitem> </itemizedlist> <para>At present flags can only be specified as decimal or @@ -237,7 +233,8 @@ ACL:<sid or name>:<type>/<flags>/<mask> <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> @@ -252,8 +249,7 @@ ACL:<sid or name>:<type>/<flags>/<mask> and Tim Potter.</para> <para>The conversion to DocBook for Samba 2.2 was done - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done - by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml index cd513398b9..43994a4529 100644 --- a/docs/docbook/manpages/smbclient.1.sgml +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbclient.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbclient"> <refmeta> <refentrytitle>smbclient</refentrytitle> @@ -40,20 +38,18 @@ <arg choice="opt">-R <name resolve order></arg> <arg choice="opt">-s <smb config file></arg> <arg choice="opt">-T<c|x>IXFqgbNan</arg> - <arg choice="opt">-k</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbclient</command> is a client that can 'talk' to an SMB/CIFS server. It offers an interface - similar to that of the ftp program (see <citerefentry><refentrytitle>ftp</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>). + similar to that of the ftp program (see <command>ftp(1)</command>). Operations include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server @@ -85,9 +81,7 @@ <para>The server name is looked up according to either the <parameter>-R</parameter> parameter to <command>smbclient</command> or - using the name resolve order parameter in - the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file, + using the name resolve order parameter in the <filename>smb.conf</filename> file, allowing an administrator to change the order and methods by which server names are looked up. </para></listitem> </varlistentry> @@ -118,6 +112,21 @@ </varlistentry> <varlistentry> + <term>-s smb.conf</term> + <listitem><para>Specifies the location of the all important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-O socket options</term> + <listitem><para>TCP socket options to set on the client + socket. See the socket options parameter in the <filename> + smb.conf (5)</filename> manpage for the list of valid + options. </para></listitem> + </varlistentry> + + + <varlistentry> <term>-R <name resolve order></term> <listitem><para>This option is used by the programs in the Samba suite to determine what naming services and in what order to resolve @@ -125,51 +134,44 @@ string of different name resolution options.</para> <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows:</para> + cause names to be resolved as follows :</para> <itemizedlist> - <listitem><para><constant>lmhosts</constant>: Lookup an IP + <listitem><para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see - the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details) then - any name type matches for lookup.</para> - </listitem> - - <listitem><para><constant>host</constant>: Do a standard host + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + any name type matches for lookup.</para></listitem> + + <listitem><para><constant>host</constant> : Do a standard host name to IP address resolution, using the system <filename>/etc/hosts </filename>, NIS, or DNS lookups. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the <filename>/etc/nsswitch.conf</filename> file). Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para> - </listitem> - - <listitem><para><constant>wins</constant>: Query a name with + it is ignored.</para></listitem> + + <listitem><para><constant>wins</constant> : Query a name with the IP address listed in the <parameter>wins server</parameter> parameter. If no WINS server has - been specified this method will be ignored.</para> - </listitem> - - <listitem><para><constant>bcast</constant>: Do a broadcast on + been specified this method will be ignored.</para></listitem> + + <listitem><para><constant>bcast</constant> : Do a broadcast on each of the known local interfaces listed in the <parameter>interfaces</parameter> parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally - connected subnet.</para> - </listitem> + connected subnet.</para></listitem> </itemizedlist> <para>If this parameter is not set then the name resolve order - defined in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file parameter + defined in the <filename>smb.conf</filename> file parameter (name resolve order) will be used. </para> <para>The default order is lmhosts, host, wins, bcast and without this parameter or any entry in the <parameter>name resolve order - </parameter> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file the name resolution + </parameter> parameter of the <filename>smb.conf</filename> file the name resolution methods will be attempted in this order. </para></listitem> </varlistentry> @@ -200,8 +202,8 @@ <parameter>-I</parameter> options useful, as they allow you to control the FROM and TO parts of the message. </para> - <para>See the <parameter>message command</parameter> parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for a description of how to handle incoming + <para>See the message command parameter in the <filename> + smb.conf(5)</filename> for a description of how to handle incoming WinPopup messages in Samba. </para> <para><emphasis>Note</emphasis>: Copy WinPopup into the startup group @@ -210,6 +212,70 @@ </varlistentry> <varlistentry> + <term>-i scope</term> + <listitem><para>This specifies a NetBIOS scope that smbclient will + use to communicate with when generating NetBIOS names. For details + on the use of NetBIOS scopes, see <filename>rfc1001.txt</filename> + and <filename>rfc1002.txt</filename>. + NetBIOS scopes are <emphasis>very</emphasis> rarely used, only set + this parameter if you are the system administrator in charge of all + the NetBIOS systems you communicate with. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-N</term> + <listitem><para>If specified, this parameter suppresses the normal + password prompt from the client to the user. This is useful when + accessing a service that does not require a password. </para> + + <para>Unless a password is specified on the command line or + this parameter is specified, the client will request a + password.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-n NetBIOS name</term> + <listitem><para>By default, the client will use the local + machine's hostname (in uppercase) as its NetBIOS name. This parameter + allows you to override the host name and use whatever NetBIOS + name you wish. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-d debuglevel</term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer from 0 to 10, or + the letter 'A'. </para> + + <para>The default value if this parameter is not specified + is zero. </para> + + <para>The higher this value, the more detail will be logged to + the log files about the activities of the + client. At level 0, only critical errors and serious warnings will + be logged. Level 1 is a reasonable level for day to day running - + it generates a small amount of information about operations + carried out. </para> + + <para>Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of log data, most of which is extremely + cryptic. If <replaceable>debuglevel</replaceable> is set to the letter 'A', then <emphasis>all + </emphasis> debug messages will be printed. This setting + is for developers only (and people who <emphasis>really</emphasis> want + to know how the code works internally). </para> + + <para>Note that specifying this parameter here will override + the log level parameter in the <filename>smb.conf (5)</filename> + file. </para></listitem> + </varlistentry> + + + <varlistentry> <term>-p port</term> <listitem><para>This number is the TCP port number that will be used when making connections to the server. The standard (well-known) @@ -235,7 +301,13 @@ </varlistentry> - &stdarg.help; + + <varlistentry> + <term>-h</term><listitem> + <para>Print the usage message for the client. </para></listitem> + </varlistentry> + + <varlistentry> <term>-I IP-address</term> @@ -269,6 +341,59 @@ <varlistentry> + <term>-U username[%pass]</term> + <listitem><para>Sets the SMB username or username and password. + If %pass is not specified, The user will be prompted. The client + will first check the <envar>USER</envar> environment variable, then the + <envar>LOGNAME</envar> variable and if either exists, the + string is uppercased. Anything in these variables following a '%' + sign will be treated as the password. If these environment + variables are not found, the username <constant>GUEST</constant> + is used. </para> + + <para>If the password is not included in these environment + variables (using the %pass syntax), <command>smbclient</command> will look for + a <envar>PASSWD</envar> environment variable from which + to read the password. </para> + + <para>A third option is to use a credentials file which + contains the plaintext of the domain name, username and password. This + option is mainly provided for scripts where the admin doesn't + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + <parameter>-A</parameter> for more details. </para> + + <para>Be cautious about including passwords in scripts or in + the <envar>PASSWD</envar> environment variable. Also, on + many systems the command line of a running process may be seen + via the <command>ps</command> command to be safe always allow + <command>smbclient</command> to prompt for a password and type + it in directly. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A filename</term><listitem><para>This option allows + you to specify a file from which to read the username, domain name, and + password used in the connection. The format of the file is + </para> + + <para><programlisting> +username = <value> +password = <value> +domain = <value> + </programlisting></para> + + + <para>If the domain parameter is missing the current workgroup name + is used instead. Make certain that the permissions on the file restrict + access from unwanted users. </para></listitem> + </varlistentry> + + + + <varlistentry> <term>-L</term> <listitem><para>This option allows you to look at what services are available on a server. You use it as <command>smbclient -L @@ -305,9 +430,16 @@ </para></listitem> </varlistentry> - &popt.common.samba; - &popt.common.credentials; - &popt.common.connection; + + + <varlistentry> + <term>-W WORKGROUP</term> + <listitem><para>Override the default workgroup (domain) specified + in the workgroup parameter of the <filename>smb.conf</filename> + file for this connection. This may be needed to connect to some + servers. </para></listitem> + </varlistentry> + <varlistentry> <term>-T tar options</term> @@ -387,7 +519,7 @@ <para><emphasis>Tar Filenames</emphasis></para> - <para>All file names can be given as DOS path names (with '\\' + <para>All file names can be given as DOS path names (with '\' as the component separator) or as UNIX path names (with '/' as the component separator). </para> @@ -455,7 +587,7 @@ <para><prompt>smb:\> </prompt></para> - <para>The backslash ("\\") indicates the current working directory + <para>The backslash ("\") indicates the current working directory on the server, and will change if the current working directory is changed. </para> @@ -908,8 +1040,8 @@ and writeable only by the user. </para> <para>To test the client, you will need to know the name of a - running SMB/CIFS server. It is possible to run <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> as an ordinary user - running that server as a daemon + running SMB/CIFS server. It is possible to run <command>smbd(8) + </command> as an ordinary user - running that server as a daemon on a user-accessible port (typically any port number over 1024) would provide a suitable test server. </para> </refsect1> @@ -931,7 +1063,8 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 2.2 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> @@ -945,11 +1078,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 6632e07269..166ef63e87 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbcontrol.1"> +<refentry id="smbcontrol"> <refmeta> <refentrytitle>smbcontrol</refentrytitle> @@ -29,14 +29,14 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbcontrol</command> is a very small program, which - sends messages to a <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, a <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, or a <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon running on the system.</para> + sends messages to an <ulink url="smbd.8.html">smbd(8)</ulink>, + an <ulink url="nmbd.8.html">nmbd(8)</ulink> + or a <ulink url="winbindd.8.html">winbindd(8)</ulink> + daemon running on the system.</para> </refsect1> @@ -54,7 +54,8 @@ <varlistentry> <term>destination</term> - <listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para> + <listitem><para>One of <parameter>nmbd</parameter> + <parameter>smbd</parameter> or a process ID.</para> <para>The <parameter>smbd</parameter> destination causes the message to "broadcast" to all smbd daemons.</para> @@ -189,9 +190,9 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + and <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>. + </para> </refsect1> <refsect1> @@ -204,11 +205,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml index b31d919a12..9fb80901be 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbd.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbd"> <refmeta> <refentrytitle>smbd</refentrytitle> @@ -34,8 +32,7 @@ <refsect1> <title>DESCRIPTION</title> - <para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This program is part of the Samba suite.</para> <para><command>smbd</command> is the server daemon that provides filesharing and printing services to Windows clients. @@ -49,14 +46,15 @@ <para>An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those - services (see <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>. This man page will not describe the + services (see <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink>. This man page will not describe the services, but will concentrate on the administrative aspects of running the server.</para> <para>Please note that there are significant security - implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before + implications to running this server, and the <ulink + url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> + manpage should be regarded as mandatory reading before proceeding with installation.</para> <para>A session is created whenever a client requests one. @@ -124,8 +122,17 @@ </para></listitem> </varlistentry> - &popt.common.samba; - &stdarg.help; + <varlistentry> + <term>-h</term> + <listitem><para>Prints the help information (usage) + for <command>smbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-V</term> + <listitem><para>Prints the version number for + <command>smbd</command>.</para></listitem> + </varlistentry> <varlistentry> <term>-b</term> @@ -134,6 +141,32 @@ </varlistentry> <varlistentry> + <term>-d <debug level></term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.</para> + + <para>The higher this value, the more detail will be + logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.</para> + + <para>Levels above 1 will generate considerable + amounts of log data, and should only be used when + investigating a problem. Levels above 3 are designed for + use only by developers and generate HUGE amounts of log + data, most of which is extremely cryptic.</para> + + <para>Note that specifying this parameter here will + override the <ulink url="smb.conf.5.html#loglevel">log + level</ulink> parameter in the <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> file.</para> + </listitem> + </varlistentry> + + <varlistentry> <term>-l <log directory></term> <listitem><para>If specified, <replaceable>log directory</replaceable> @@ -142,9 +175,9 @@ messages from the running server. The log file generated is never removed by the server although its size may be controlled by the <ulink - url="smb.conf.5.html#maxlogsize"><parameter>max log size</parameter></ulink> - option in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file. <emphasis>Beware:</emphasis> + url="smb.conf.5.html#maxlogsize">max log size</ulink> + option in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file. <emphasis>Beware:</emphasis> If the directory specified does not exist, <command>smbd</command> will log to the default debug log location defined at compile time. </para> @@ -154,6 +187,14 @@ </varlistentry> <varlistentry> + <term>-O <socket options></term> + <listitem><para>See the <ulink + url="smb.conf.5.html#socketoptions">socket options</ulink> + parameter in the <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink> file for details.</para></listitem> + </varlistentry> + + <varlistentry> <term>-p <port number></term> <listitem><para><replaceable>port number</replaceable> is a positive integer value. The default value if this parameter is not @@ -177,6 +218,19 @@ <para>This parameter is not normally specified except in the above situation.</para></listitem> </varlistentry> + + <varlistentry> + <term>-s <configuration file></term> + <listitem><para>The file specified contains the + configuration details required by the server. The + information in this file includes server-specific + information such as what printcap file to use, as well + as descriptions of all the services that the server is + to provide. See <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> for more information. + The default configuration file name is determined at + compile time.</para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -189,7 +243,7 @@ <listitem><para>If the server is to be run by the <command>inetd</command> meta-daemon, this file must contain suitable startup information for the - meta-daemon. See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + meta-daemon. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details. </para></listitem> </varlistentry> @@ -201,7 +255,7 @@ <para>If running the server as a daemon at startup, this file will need to contain an appropriate startup - sequence for the server. See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + sequence for the server. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> @@ -211,20 +265,21 @@ meta-daemon <command>inetd</command>, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp). - See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems + <listitem><para>This is the default location of the + <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> + server configuration file. Other common places that systems install this file are <filename>/usr/samba/lib/smb.conf</filename> - and <filename>/etc/samba/smb.conf</filename>.</para> + and <filename>/etc/smb.conf</filename>.</para> <para>This file describes all the services the server - is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for more information.</para> + is to make available to clients. See <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> for more information.</para> </listitem> </varlistentry> </variablelist> @@ -262,9 +317,9 @@ <para>Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted - by the limitations of the SMB protocol and the <ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS"><parameter>obey - pam restricions</parameter></ulink> <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply: + by the limitations of the SMB protocol and the + <ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS">obey pam restricions</ulink> + smb.conf paramater. When this is set, the following restrictions apply: </para> <itemizedlist> @@ -324,9 +379,9 @@ it to die on its own.</para> <para>The debug log level of <command>smbd</command> may be raised - or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer - used since Samba 2.2). This is to allow transient problems to be diagnosed, + or lowered using <ulink url="smbcontrol.1.html"><command>smbcontrol(1) + </command></ulink> program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.</para> <para>Note that as the signal handlers send a debug write, @@ -339,15 +394,14 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>hosts_access</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, and the - Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + <para>hosts_access(5), <command>inetd(8)</command>, + <ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink>, <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="testparm.1.html"><command> + testparm(1)</command></ulink>, <ulink url="testprns.1.html"> + <command>testprns(1)</command></ulink>, and the Internet RFC's + <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. In addition the CIFS (formerly SMB) specification is available as a link from the Web page <ulink url="http://samba.org/cifs/"> http://samba.org/cifs/</ulink>.</para> @@ -363,11 +417,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml index 6c489bb785..188218c249 100644 --- a/docs/docbook/manpages/smbgroupedit.8.sgml +++ b/docs/docbook/manpages/smbgroupedit.8.sgml @@ -1,11 +1,15 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbgroupedit.8"> +<refentry id="smbgroupedit"> <refmeta> <refentrytitle>smbgroupedit</refentrytitle> <manvolnum>8</manvolnum> </refmeta> + +<!-- **************************************************** +** Name and Options ** +**************************************************** --> <refnamediv> <refname>smbgroupedit</refname> <refpurpose>Query/set/change UNIX - Windows NT group mapping</refpurpose> @@ -21,13 +25,17 @@ +<!-- **************************************************** +** Description ** +**************************************************** --> <refsect1> <title>DESCRIPTION</title> <para> -This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> -<manvolnum>7</manvolnum></citerefentry> suite.</para> +This program is part of the <ulink url="samba.7.html">Samba</ulink> +suite. +</para> <para> The smbgroupedit command allows for mapping unix groups @@ -62,8 +70,8 @@ etc. Privilege : </programlisting></para> -<para>For example: -<programlisting> +<para>For examples,</para> +<para><programlisting> Users SID : S-1-5-32-545 Unix group: -1 @@ -83,8 +91,9 @@ Users NTGroupName(SID) -> UnixGroupName </programlisting></para> -<para>For example: -<programlisting> +<para>For example,</para> + +<para><programlisting> Users (S-1-5-32-545) -> -1 </programlisting></para> @@ -100,6 +109,8 @@ Users (S-1-5-32-545) -> -1 +<!-- **************************************************** +**************************************************** --> <refsect1> <title>FILES</title> @@ -109,6 +120,8 @@ Users (S-1-5-32-545) -> -1 +<!-- **************************************************** +**************************************************** --> <refsect1> <title>EXIT STATUS</title> @@ -150,45 +163,65 @@ the 'Domain Admins' Global group: <para>domadm:x:502:joe,john,mary</para> </listitem> - <listitem><para>map this domadm group to the 'domain admins' group:</para> + <listitem><para>map this domadm group to the 'domain admins' group: + </para> <orderedlist> - <listitem><para>Get the SID for the Windows NT "Domain Admins" group:</para> + <listitem><para>Get the SID for the Windows NT "Domain Admins" + group:</para> + <para><programlisting> <prompt>root# </prompt><command>smbgroupedit -vs | grep "Domain Admins"</command> Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 -</programlisting></para></listitem> +</programlisting></para> +</listitem> <listitem><para>map the unix domadm group to the Windows NT "Domain Admins" group, by running the command: -<programlisting> + </para> + +<para><programlisting> <prompt>root# </prompt><command>smbgroupedit \ -c S-1-5-21-1108995562-3116817432-1375597819-512 \ -u domadm -td</command> </programlisting></para> - <para><emphasis>warning:</emphasis> don't copy and paste this sample, the + <para> + <emphasis>warning:</emphasis> don't copy and paste this sample, the Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. - </para> </listitem> + </para> + </listitem> </orderedlist> </listitem> </orderedlist> <para> To verify that your mapping has taken effect: -<programlisting> +</para> + +<para><programlisting> <prompt>root# </prompt><command>smbgroupedit -vs|grep "Domain Admins"</command> Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm </programlisting></para> -<para>To give access to a certain directory on a domain member machine (an +<para> +To give access to a certain directory on a domain member machine (an NT/W2K or a samba server running winbind) to some users who are member of a group on your samba PDC, flag that group as a domain group: -<programlisting> +</para> + +<para><programlisting> <prompt>root# </prompt><command>smbgroupedit -a unixgroup -td</command> </programlisting></para> + + </refsect1> + + + +<!-- **************************************************** +**************************************************** --> <refsect1> <title>VERSION</title> @@ -199,16 +232,22 @@ the Samba suite. </para> </refsect1> +<!-- **************************************************** +**************************************************** --> + <refsect1> <title>SEE ALSO</title> <para> -<citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry></para> +<ulink url="smb.conf.5.html">smb.conf(5)</ulink> +</para> </refsect1> +<!-- **************************************************** +**************************************************** --> + <refsect1> <title>AUTHOR</title> @@ -222,8 +261,7 @@ to the way the Linux kernel is developed. <para> <command>smbgroupedit</command> was written by Jean Francois Micouleau. The current set of manpages and documentation is maintained -by the Samba Team in the same fashion as the Samba source code. The conversion -to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> +by the Samba Team in the same fashion as the Samba source code.</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml index 6d48b12b9b..55b66d5d25 100644 --- a/docs/docbook/manpages/smbmnt.8.sgml +++ b/docs/docbook/manpages/smbmnt.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbmnt.8"> +<refentry id="smbmnt"> <refmeta> <refentrytitle>smbmnt</refentrytitle> @@ -38,8 +38,8 @@ by the user, and that the user has write permission on.</para> <para>The <command>smbmnt</command> program is normally invoked - by <citerefentry><refentrytitle>smbmount</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. It should not be invoked directly by users. </para> + by <ulink url="smbmount.8.html"><command>smbmount(8)</command> + </ulink>. It should not be invoked directly by users. </para> <para>smbmount searches the normal PATH for smbmnt. You must ensure that the smbmnt version in your path matches the smbmount used.</para> @@ -107,8 +107,7 @@ </para> <para>The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml index d17e4e6bcf..c4b91a5572 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbmount.8"> +<refentry id="smbmount"> <refmeta> <refentrytitle>smbmount</refentrytitle> @@ -26,8 +26,7 @@ <para><command>smbmount</command> mounts a Linux SMB filesystem. It is usually invoked as <command>mount.smbfs</command> by - the <citerefentry><refentrytitle>mount</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> command when using the + the <command>mount(8)</command> command when using the "-t smbfs" option. This command only works in Linux, and the kernel must support the smbfs filesystem. </para> @@ -40,12 +39,11 @@ <para><command>smbmount</command> is a daemon. After mounting it keeps running until the mounted smbfs is umounted. It will log things that happen when in daemon mode using the "machine name" smbmount, so - typically this output will end up in <filename>log.smbmount</filename>. The <command> - smbmount</command> process may also be called mount.smbfs.</para> + typically this output will end up in <filename>log.smbmount</filename>. The + <command>smbmount</command> process may also be called mount.smbfs.</para> <para><emphasis>NOTE:</emphasis> <command>smbmount</command> - calls <citerefentry><refentrytitle>smbmnt</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to do the actual mount. You + calls <command>smbmnt(8)</command> to do the actual mount. You must make sure that <command>smbmnt</command> is in the path so that it can be found. </para> @@ -86,12 +84,15 @@ <varlistentry> <term>credentials=<filename></term> - <listitem><para>specifies a file that contains a username and/or password. -The format of the file is: -<programlisting> -username = <value> -password = <value> -</programlisting></para> + <listitem><para>specifies a file that contains a username + and/or password. The format of the file is:</para> + + <para> + <programlisting> + username = <value> + password = <value> + </programlisting> + </para> <para>This is preferred over having passwords in plaintext in a shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any @@ -173,8 +174,8 @@ password = <value> <varlistentry> <term>sockopt=<arg></term> <listitem><para>sets the TCP socket options. See the <ulink - url="smb.conf.5.html#SOCKETOPTIONS"><citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></ulink> <parameter>socket options</parameter> option. + url="smb.conf.5.html#SOCKETOPTIONS"><filename>smb.conf + </filename></ulink> <parameter>socket options</parameter> option. </para></listitem> </varlistentry> @@ -297,9 +298,10 @@ password = <value> <para>FreeBSD also has a smbfs, but it is not related to smbmount</para> - <para>For Solaris, HP-UX and others you may want to look at <citerefentry><refentrytitle>smbsh</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> or at other solutions, such as - Sharity or perhaps replacing the SMB server with a NFS server.</para> + <para>For Solaris, HP-UX and others you may want to look at + <ulink url="smbsh.1.html"><command>smbsh(1)</command></ulink> or at other + solutions, such as sharity or perhaps replacing the SMB server with + a NFS server.</para> </refsect1> @@ -319,8 +321,7 @@ password = <value> </para> <para>The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml index f78e986bef..5c80ac4c06 100644 --- a/docs/docbook/manpages/smbpasswd.5.sgml +++ b/docs/docbook/manpages/smbpasswd.5.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbpasswd.5"> +<refentry id="smbpasswd"> <refmeta> <refentrytitle>smbpasswd</refentrytitle> @@ -19,8 +19,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the @@ -122,7 +122,7 @@ the attributes of the users account. In the Samba 2.2 release this field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters). - The contents of this field may be any of the following characters: + The contents of this field may be any of the characters. </para> <itemizedlist> @@ -136,11 +136,12 @@ Password Hash and NT Password Hash are ignored). Note that this will only allow users to log on with no password if the <parameter> null passwords</parameter> parameter is set in the <ulink - url="smb.conf.5.html#NULLPASSWORDS"><citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></ulink> config file. </para></listitem> + url="smb.conf.5.html#NULLPASSWORDS"><filename>smb.conf(5) + </filename></ulink> config file. </para></listitem> <listitem><para><emphasis>D</emphasis> - This means the account - is disabled and no SMB/CIFS logins will be allowed for this user. </para></listitem> + is disabled and no SMB/CIFS logins will be allowed for + this user. </para></listitem> <listitem><para><emphasis>W</emphasis> - This means this account is a "Workstation Trust" account. This kind of account is used @@ -177,9 +178,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, and + <para><ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, + <ulink url="samba.7.html">samba(7)</ulink>, and the Internet RFC1321 for details on the MD4 algorithm. </para> </refsect1> @@ -194,11 +194,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml index 5d475cf08c..8e6d925ae0 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbpasswd.8"> +<refentry id="smbpasswd"> <refmeta> <refentrytitle>smbpasswd</refentrytitle> @@ -37,27 +37,25 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The smbpasswd program has several different - functions, depending on whether it is run by the <emphasis>root</emphasis> user - or not. When run as a normal user it allows the user to change + functions, depending on whether it is run by the <emphasis>root</emphasis> + user or not. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store SMB passwords. </para> <para>By default (when run with no arguments) it will attempt to change the current user's SMB password on the local machine. This is - similar to the way the <command>passwd(1)</command> program works. <command> - smbpasswd</command> differs from how the passwd program works + similar to the way the <command>passwd(1)</command> program works. + <command>smbpasswd</command> differs from how the passwd program works however in that it is not <emphasis>setuid root</emphasis> but works in - a client-server mode and communicates with a - locally running <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. As a consequence in order for this to + a client-server mode and communicates with a locally running + <command>smbd(8)</command>. As a consequence in order for this to succeed the smbd daemon must be running on the local machine. On a UNIX machine the encrypted SMB passwords are usually stored in - the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file. </para> + the <filename>smbpasswd(5)</filename> file. </para> <para>When run by an ordinary user with no options, smbpasswd will prompt them for their old SMB password and then ask them @@ -69,13 +67,12 @@ <para>smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain - Controllers. See the (<parameter>-r</parameter>) and <parameter>-U</parameter> options - below. </para> + Controllers. See the (-r) and -U options below. </para> <para>When run by root, smbpasswd allows new users to be added and deleted in the smbpasswd file, as well as allows changes to - the attributes of the user in this file to be made. When run by root, <command> - smbpasswd</command> accesses the local smbpasswd file + the attributes of the user in this file to be made. When run by root, + <command>smbpasswd</command> accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not running. </para> </refsect1> @@ -124,8 +121,8 @@ <para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 format) there is no space in the user's password entry to write - this information and the command will FAIL. See <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details on the 'old' and new password file formats. + this information and the command will FAIL. See <command>smbpasswd(5) + </command> for details on the 'old' and new password file formats. </para> <para>This option is only available when running smbpasswd as @@ -143,8 +140,7 @@ <para>If the smbpasswd file is in the 'old' format, then <command> smbpasswd</command> will FAIL to enable the account. - See <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for + See <command>smbpasswd (5)</command> for details on the 'old' and new password file formats. </para> <para>This option is only available when running smbpasswd as root. @@ -230,15 +226,15 @@ name of the host being connected to. </para> <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows: </para> + cause names to be resolved as follows : </para> <itemizedlist> - <listitem><para><constant>lmhosts</constant>: Lookup an IP + <listitem><para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details) then + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then any name type matches for lookup.</para></listitem> - <listitem><para><constant>host</constant>: Do a standard host + <listitem><para><constant>host</constant> : Do a standard host name to IP address resolution, using the system <filename>/etc/hosts </filename>, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this @@ -247,12 +243,12 @@ type being queried is the 0x20 (server) name type, otherwise it is ignored.</para></listitem> - <listitem><para><constant>wins</constant>: Query a name with + <listitem><para><constant>wins</constant> : Query a name with the IP address listed in the <parameter>wins server</parameter> parameter. If no WINS server has been specified this method will be ignored.</para></listitem> - <listitem><para><constant>bcast</constant>: Do a broadcast on + <listitem><para><constant>bcast</constant> : Do a broadcast on each of the known local interfaces listed in the <parameter>interfaces</parameter> parameter. This is the least reliable of the name resolution methods as it depends on the @@ -260,8 +256,8 @@ </itemizedlist> <para>The default order is <command>lmhosts, host, wins, bcast</command> - and without this parameter or any entry in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file the name resolution methods will + and without this parameter or any entry in the + <filename>smb.conf</filename> file the name resolution methods will be attempted in this order. </para></listitem> </varlistentry> @@ -296,6 +292,7 @@ </varlistentry> + <varlistentry> <term>-s</term> <listitem><para>This option causes smbpasswd to be silent (i.e. @@ -315,7 +312,7 @@ switch is used to specify the password to be used with the <ulink url="smb.conf.5.html#LDAPADMINDN"><parameter>ldap admin dn</parameter></ulink>. Note that the password is stored in - the <filename>secrets.tdb</filename> and is keyed off + the <filename>private/secrets.tdb</filename> and is keyed off of the admin's DN. This means that if the value of <parameter>ldap admin dn</parameter> ever changes, the password will need to be manually updated as well. @@ -358,15 +355,14 @@ mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work. A common problem is to add a restriction to the hosts that may access the <command> - smbd</command> running on the local machine by specifying either <parameter>allow - hosts</parameter> or <parameter>deny hosts</parameter> entry in - the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file and neglecting to + smbd</command> running on the local machine by specifying a + <parameter>allow hosts</parameter> or <parameter>deny hosts</parameter> + entry in the <filename>smb.conf</filename> file and neglecting to allow "localhost" access to the smbd. </para> <para>In addition, the smbpasswd command is only useful if Samba - has been set up to use encrypted passwords. See the document <ulink url="pwencrypt.html"> - "LanMan and NT Password Encryption in Samba"</ulink> in the docs directory for details + has been set up to use encrypted passwords. See the file + <filename>ENCRYPTION.txt</filename> in the docs directory for details on how to do this. </para> </refsect1> @@ -374,14 +370,15 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 3.0 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>.</para> + <para><ulink url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink>, + <ulink url="samba.7.html">samba(7)</ulink> + </para> </refsect1> <refsect1> @@ -394,11 +391,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index 5a53c53be3..c40609be4f 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbsh.1"> +<refentry id="smbsh"> <refmeta> <refentrytitle>smbsh</refentrytitle> @@ -29,8 +29,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbsh</command> allows you to access an NT filesystem using UNIX commands such as <command>ls</command>, <command> @@ -46,8 +46,7 @@ <varlistentry> <term>-W WORKGROUP</term> <listitem><para>Override the default workgroup specified in the - workgroup parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file + workgroup parameter of the <filename>smb.conf</filename> file for this session. This may be needed to connect to some servers. </para></listitem> </varlistentry> @@ -62,16 +61,91 @@ </varlistentry> <varlistentry> - <term>-P prefix</term> - <listitem><para>This option allows + <term>-P prefix</term><listitem><para>This option allows the user to set the directory prefix for SMB access. The default value if this option is not specified is <emphasis>smb</emphasis>. </para></listitem> </varlistentry> - &popt.common.samba; - &stdarg.resolve.order; + <varlistentry> + <term>-R <name resolve order></term> + <listitem><para>This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.</para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows :</para> + + <itemizedlist> + <listitem><para><constant>lmhosts</constant> : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> + for details) then any name type matches for lookup. + </para></listitem> + + <listitem><para><constant>host</constant> : + Do a standard host name to IP address resolution, using + the system <filename>/etc/hosts</filename>, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf + </filename> file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. + </para></listitem> + + <listitem><para><constant>wins</constant> : + Query a name with the IP address listed in the + <parameter>wins server</parameter> parameter. If no + WINS server has been specified this method will be + ignored. + </para></listitem> + + <listitem><para><constant>bcast</constant> : + Do a broadcast on each of the known local interfaces + listed in the <parameter>interfaces</parameter> + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. + </para></listitem> + </itemizedlist> + + <para>If this parameter is not set then the name resolve order + defined in the <filename>smb.conf</filename> file parameter + (name resolve order) will be used. </para> + + <para>The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the <parameter>name resolve order + </parameter> parameter of the <filename>smb.conf</filename> + file, the name resolution methods will be attempted in this + order. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-d <debug level></term> + <listitem><para>debug level is an integer from 0 to 10.</para> + + <para>The default value if this parameter is not specified + is zero.</para> + + <para>The higher this value, the more detail will be logged + about the activities of <command>nmblookup</command>. At level + 0, only critical errors and serious warnings will be logged. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-l logfilename</term> + <listitem><para>If specified causes all debug messages to be + written to the file specified by <replaceable>logfilename + </replaceable>. If not specified then all messages will be + written to<replaceable>stderr</replaceable>. + </para></listitem> + </varlistentry> <varlistentry> <term>-L libdir</term> @@ -90,12 +164,13 @@ <para>To use the <command>smbsh</command> command, execute <command> smbsh</command> from the prompt and enter the username and password that authenticates you to the machine running the Windows NT - operating system. -<programlisting> -<prompt>system% </prompt><userinput>smbsh</userinput> -<prompt>Username: </prompt><userinput>user</userinput> -<prompt>Password: </prompt><userinput>XXXXXXX</userinput> -</programlisting></para> + operating system.</para> + + <para><programlisting> + <prompt>system% </prompt><userinput>smbsh</userinput> + <prompt>Username: </prompt><userinput>user</userinput> + <prompt>Password: </prompt><userinput>XXXXXXX</userinput> + </programlisting></para> <para>Any dynamically linked command you execute from @@ -113,7 +188,8 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 3.0 of + the Samba suite.</para> </refsect1> <refsect1> @@ -134,9 +210,9 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> </refsect1> <refsect1> @@ -149,11 +225,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml index f30539601e..d164cb0864 100644 --- a/docs/docbook/manpages/smbspool.8.sgml +++ b/docs/docbook/manpages/smbspool.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbspool.8"> +<refentry id="smbspool"> <refmeta> <refentrytitle>smbspool</refentrytitle> @@ -27,8 +27,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments @@ -45,8 +45,10 @@ <itemizedlist> <listitem><para>smb://server/printer</para></listitem> <listitem><para>smb://workgroup/server/printer</para></listitem> - <listitem><para>smb://username:password@server/printer</para></listitem> - <listitem><para>smb://username:password@workgroup/server/printer</para></listitem> + <listitem><para>smb://username:password@server/printer</para> + </listitem> + <listitem><para>smb://username:password@workgroup/server/printer + </para></listitem> </itemizedlist> <para>smbspool tries to get the URI from argv[0]. If argv[0] @@ -95,14 +97,15 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 2.2 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>.</para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + and <ulink url="samba.7.html">samba(7)</ulink>. + </para> </refsect1> <refsect1> @@ -118,11 +121,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml index 98f7e864f6..99963a4bec 100644 --- a/docs/docbook/manpages/smbstatus.1.sgml +++ b/docs/docbook/manpages/smbstatus.1.sgml @@ -1,8 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> - -<refentry id="smbstatus.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbstatus"> <refmeta> <refentrytitle>smbstatus</refentrytitle> @@ -34,8 +31,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbstatus</command> is a very simple program to list the current Samba connections.</para> @@ -57,7 +54,13 @@ <listitem><para>gives brief output.</para></listitem> </varlistentry> - &popt.common.samba; + + <varlistentry> + <term>-d|--debug=<debuglevel></term> + <listitem><para>sets debugging to specified level</para> + </listitem> + </varlistentry> + <varlistentry> <term>-v|--verbose</term> @@ -81,8 +84,8 @@ <varlistentry> <term>-p|--processes</term> - <listitem><para>print a list of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> processes and exit. + <listitem><para>print a list of <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> processes and exit. Useful for scripting.</para></listitem> </varlistentry> @@ -93,7 +96,18 @@ </listitem> </varlistentry> - &stdarg.help; + + + <varlistentry> + <term>-s|--conf=<configuration file></term> + <listitem><para>The default configuration file name is + determined at compile time. The file specified contains the + configuration details required by the server. See <ulink + url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink> for more information.</para> + </listitem> + </varlistentry> + <varlistentry> <term>-u|--user=<username></term> @@ -114,9 +128,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink> and + <ulink url="smb.conf.5.html">smb.conf(5)</ulink>.</para> </refsect1> <refsect1> @@ -129,11 +142,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml index ffb5087347..bd70493b6b 100644 --- a/docs/docbook/manpages/smbtar.1.sgml +++ b/docs/docbook/manpages/smbtar.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbtar.1"> +<refentry id="smbtar"> <refmeta> <refentrytitle>smbtar</refentrytitle> @@ -37,12 +37,12 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbtar</command> is a very small shell script on top - of <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> which dumps SMB shares directly to tape.</para> + of <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> + which dumps SMB shares directly to tape. </para> </refsect1> <refsect1> @@ -144,9 +144,8 @@ <varlistentry> <term>-l log level</term> <listitem><para>Log (debug) level. Corresponds to the - <parameter>-d</parameter> flag of <citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>.</para></listitem> + <parameter>-d</parameter> flag of <command>smbclient(1) + </command>. </para></listitem> </varlistentry> </variablelist> </refsect1> @@ -182,9 +181,9 @@ <refsect1> <title>DIAGNOSTICS</title> - <para>See the <emphasis>DIAGNOSTICS</emphasis> section for the <citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> command.</para> + <para>See the <emphasis>DIAGNOSTICS</emphasis> section for the + <ulink url="smbclient.1.html"><command>smbclient(1)</command> + </ulink> command.</para> </refsect1> @@ -197,11 +196,10 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink>, + </para> </refsect1> <refsect1> @@ -218,11 +216,11 @@ url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many thanks to everyone who suggested extensions, improvements, bug fixes, etc. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter.</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbtree.1.sgml b/docs/docbook/manpages/smbtree.1.sgml deleted file mode 100644 index 3677695d5a..0000000000 --- a/docs/docbook/manpages/smbtree.1.sgml +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbtree.1"> - -<refmeta> - <refentrytitle>smbtree</refentrytitle> - <manvolnum>1</manvolnum> -</refmeta> - - -<refnamediv> - <refname>smbtree</refname> - <refpurpose>A text based smb network browser - </refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>smbtree</command> - <arg choice="opt">-b</arg> - <arg choice="opt">-D</arg> - <arg choice="opt">-S</arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para><command>smbtree</command> is a smb browser program - in text mode. It is similar to the "Network Neighborhood" found - on Windows computers. It prints a tree with all - the known domains, the servers in those domains and - the shares on the servers. - </para> -</refsect1> - - -<refsect1> - <title>OPTIONS</title> - - <variablelist> - <varlistentry> - <term>-b</term> - <listitem><para>Query network nodes by sending requests - as broadcasts instead of querying the (domain) master browser. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-D</term> - <listitem><para>Only print a list of all - the domains known on broadcast or by the - master browser</para></listitem> - </varlistentry> - - <varlistentry> - <term>-S</term> - <listitem><para>Only print a list of - all the domains and servers responding on broadcast or - known by the master browser. - </para></listitem> - </varlistentry> - - &popt.common.samba; - &popt.common.credentials; - &stdarg.help; - - </variablelist> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba - suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The smbtree man page was written by Jelmer Vernooij. </para> -</refsect1> - -</refentry> diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.sgml index 089ede79ea..d6a1b65b57 100644 --- a/docs/docbook/manpages/smbumount.8.sgml +++ b/docs/docbook/manpages/smbumount.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbumount.8"> +<refentry id="smbumount"> <refmeta> <refentrytitle>smbumount</refentrytitle> @@ -47,8 +47,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbmount</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></para> + <para><ulink url="smbmount.8.html"><command>smbmount(8)</command> + </ulink></para> </refsect1> @@ -67,8 +67,7 @@ </para> <para>The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml index 72b3cd65c8..c0052f3d53 100644 --- a/docs/docbook/manpages/swat.8.sgml +++ b/docs/docbook/manpages/swat.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="swat.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="swat"> <refmeta> <refentrytitle>swat</refentrytitle> @@ -25,13 +23,13 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>swat</command> allows a Samba administrator to - configure the complex <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file via a Web browser. In addition, + configure the complex <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file via a Web browser. In addition, a <command>swat</command> configuration page has help links to all the configurable options in the <filename>smb.conf</filename> file allowing an administrator to easily look up the effects of any change. </para> @@ -48,9 +46,8 @@ <term>-s smb configuration file</term> <listitem><para>The default configuration file path is determined at compile time. The file specified contains - the configuration details required by the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> server. This is the file - that <command>swat</command> will modify. + the configuration details required by the <command>smbd + </command> server. This is the file that <command>swat</command> will modify. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. @@ -68,10 +65,6 @@ <para><emphasis>WARNING: Do NOT enable this option on a production server. </emphasis></para></listitem> </varlistentry> - - &popt.common.samba; - &stdarg.help; - </variablelist> </refsect1> @@ -80,12 +73,6 @@ <title>INSTALLATION</title> - <para>Swat is included as binary package with most distributions. The - package manager in this case takes care of the installation and - configuration. This section is only for those who have compiled - swat from scratch. - </para> - <para>After you compile SWAT you need to run <command>make install </command> to install the <command>swat</command> binary and the various help files and images. A default install would put @@ -109,7 +96,7 @@ <para><command>swat 901/tcp</command></para> - <para>Note for NIS/YP and LDAP users - you may need to rebuild the + <para>Note for NIS/YP users - you may need to rebuild the NIS service maps rather than alter your local <filename> /etc/services</filename> file. </para> @@ -133,19 +120,17 @@ </refsect2> + <refsect2> + <title>Launching</title> -</refsect1> - -<refsect1> - <title>LAUNCHING</title> - - <para>To launch SWAT just run your favorite web browser and - point it at "http://localhost:901/".</para> + <para>To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/".</para> - <para>Note that you can attach to SWAT from any IP connected - machine but connecting from a remote machine leaves your - connection open to password sniffing as passwords will be sent - in the clear over the wire. </para> + <para>Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. </para> + </refsect2> </refsect1> <refsect1> @@ -167,9 +152,8 @@ <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of the <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> server configuration file that swat edits. Other + <listitem><para>This is the default location of the <filename>smb.conf(5) + </filename> server configuration file that swat edits. Other common places that systems install this file are <filename> /usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf </filename>. This file describes all the services the server @@ -182,9 +166,8 @@ <refsect1> <title>WARNINGS</title> - <para><command>swat</command> will rewrite your <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file. It will rearrange the entries and delete all + <para><command>swat</command> will rewrite your <filename>smb.conf + </filename> file. It will rearrange the entries and delete all comments, <parameter>include=</parameter> and <parameter>copy= </parameter> options. If you have a carefully crafted <filename> smb.conf</filename> then back it up or don't use swat! </para> @@ -194,15 +177,16 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><command>inetd(5)</command>, <citerefentry> - <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <para><command>inetd(5)</command>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> </refsect1> <refsect1> @@ -215,11 +199,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml index 31a9549416..f34528a43d 100644 --- a/docs/docbook/manpages/testparm.1.sgml +++ b/docs/docbook/manpages/testparm.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="testparm.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="testparm"> <refmeta> <refentrytitle>testparm</refentrytitle> @@ -31,12 +29,11 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>testparm</command> is a very simple test program - to check an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> configuration file for + to check an <command>smbd</command> configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that <command>smbd </command> will successfully load the configuration file.</para> @@ -67,9 +64,13 @@ will prompt for a carriage return after printing the service names and before dumping the service definitions.</para></listitem> </varlistentry> - - &stdarg.help; - &stdarg.version; + + + <varlistentry> + <term>-h</term> + <listitem><para>Print usage message </para></listitem> + </varlistentry> + <varlistentry> <term>-L servername</term> @@ -81,9 +82,9 @@ <varlistentry> <term>-v</term> <listitem><para>If this option is specified, testparm - will also output all options that were not used in <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> and are thus set to their defaults.</para></listitem> + will also output all options that were not used in + <filename>smb.conf</filename> and are thus set to + their defaults.</para></listitem> </varlistentry> <varlistentry> @@ -97,8 +98,7 @@ <term>configfilename</term> <listitem><para>This is the name of the configuration file to check. If this parameter is not present then the - default <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file will be checked. + default <filename>smb.conf</filename> file will be checked. </para></listitem> </varlistentry> @@ -108,9 +108,7 @@ <listitem><para>If this parameter and the following are specified, then <command>testparm</command> will examine the <parameter>hosts allow</parameter> and <parameter>hosts deny</parameter> - parameters in the <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file to + parameters in the <filename>smb.conf</filename> file to determine if the hostname with this IP address would be allowed access to the <command>smbd</command> server. If this parameter is supplied, the hostIP parameter must also @@ -132,11 +130,9 @@ <variablelist> <varlistentry> - <term><citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry></term> + <term><filename>smb.conf</filename></term> <listitem><para>This is usually the name of the configuration - file used by <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. + file used by <command>smbd</command>. </para></listitem> </varlistentry> </variablelist> @@ -162,11 +158,9 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry></para> + <para><ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + </para> </refsect1> <refsect1> @@ -179,11 +173,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.sgml index 85cc860c4a..cd99494a9a 100644 --- a/docs/docbook/manpages/testprns.1.sgml +++ b/docs/docbook/manpages/testprns.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="testprns.1"> +<refentry id="testprns"> <refmeta> <refentrytitle>testprns</refentrytitle> @@ -23,13 +23,13 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>testprns</command> is a very simple test program to determine whether a given printer name is valid for use in - a service to be provided by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + a service to be provided by <ulink url="smbd.8.html"><command> + smbd(8)</command></ulink>. </para> <para>"Valid" in this context means "can be found in the printcap specified". This program is very stupid - so stupid in @@ -54,9 +54,8 @@ done beyond that required to extract the printer name. It may be that the print spooling system is more forgiving or less forgiving than <command>testprns</command>. However, if - <command>testprns</command> finds the printer then <citerefentry> - <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> should do so as well. </para></listitem> + <command>testprns</command> finds the printer then + <command>smbd</command> should do so as well. </para></listitem> </varlistentry> <varlistentry> @@ -118,9 +117,9 @@ <refsect1> <title>SEE ALSO</title> <para><filename>printcap(5)</filename>, - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></para> + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> + </para> </refsect1> <refsect1> @@ -133,11 +132,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/vfstest.1.sgml b/docs/docbook/manpages/vfstest.1.sgml index 8be9271679..d6c7e5f142 100644 --- a/docs/docbook/manpages/vfstest.1.sgml +++ b/docs/docbook/manpages/vfstest.1.sgml @@ -1,7 +1,8 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; ]> -<refentry id="vfstest.1"> + +<refentry id="vfstest"> <refmeta> <refentrytitle>vfstest</refentrytitle> @@ -27,8 +28,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>vfstest</command> is a small command line utility that has the ability to test dso samba VFS modules. It gives the @@ -50,6 +51,7 @@ </para> </listitem> </varlistentry> + &stdarg.debuglevel; &stdarg.help; <varlistentry> @@ -60,8 +62,6 @@ </para></listitem> </varlistentry> - &popt.common.samba; - </variablelist> </refsect1> diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml index 2e9a811bcb..a6ca244243 100644 --- a/docs/docbook/manpages/wbinfo.1.sgml +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="wbinfo.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="wbinfo"> <refmeta> <refentrytitle>wbinfo</refentrytitle> @@ -19,8 +17,8 @@ <command>wbinfo</command> <arg choice="opt">-u</arg> <arg choice="opt">-g</arg> + <arg choice="opt">-i ip</arg> <arg choice="opt">-N netbios-name</arg> - <arg choice="opt">-I ip</arg> <arg choice="opt">-n name</arg> <arg choice="opt">-s sid</arg> <arg choice="opt">-U uid</arg> @@ -29,11 +27,9 @@ <arg choice="opt">-Y sid</arg> <arg choice="opt">-t</arg> <arg choice="opt">-m</arg> - <arg choice="opt">--sequence</arg> <arg choice="opt">-r user</arg> <arg choice="opt">-a user%password</arg> <arg choice="opt">-A user%password</arg> - <arg choice="opt">--get-auth-user</arg> <arg choice="opt">-p</arg> </cmdsynopsis> </refsynopsisdiv> @@ -41,15 +37,14 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The <command>wbinfo</command> program queries and returns information - created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. </para> + created and used by the <ulink url="winbindd.8.html"><command> + winbindd(8)</command></ulink> daemon. </para> - <para>The <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon must be configured + <para>The <command>winbindd(8)</command> daemon must be configured and running for the <command>wbinfo</command> program to be able to return information.</para> </refsect1> @@ -61,30 +56,27 @@ <varlistentry> <term>-u</term> <listitem><para>This option will list all users available - in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains + in the Windows NT domain for which the <command>winbindd(8) + </command> daemon is operating in. Users in all trusted domains will also be listed. Note that this operation does not assign - user ids to any users that have not already been seen by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> - .</para></listitem> + user ids to any users that have not already been seen by + <command>winbindd(8)</command>.</para></listitem> </varlistentry> <varlistentry> <term>-g</term> <listitem><para>This option will list all groups available - in the Windows NT domain for which the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains + in the Windows NT domain for which the <command>winbindd(8) + </command> daemon is operating in. Groups in all trusted domains will also be listed. Note that this operation does not assign - group ids to any groups that have not already been - seen by <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. </para></listitem> + group ids to any groups that have not already been seen by + <command>winbindd(8)</command>. </para></listitem> </varlistentry> <varlistentry> <term>-N name</term> <listitem><para>The <parameter>-N</parameter> option - queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to query the WINS + queries <command>winbindd(8)</command> to query the WINS server for the IP address associated with the NetBIOS name specified by the <parameter>name</parameter> parameter. </para></listitem> @@ -94,8 +86,7 @@ <varlistentry> <term>-I ip</term> <listitem><para>The <parameter>-I</parameter> option - queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to send a node status + queries <command>winbindd(8)</command> to send a node status request to get the NetBIOS name associated with the IP address specified by the <parameter>ip</parameter> parameter. </para></listitem> @@ -105,15 +96,13 @@ <varlistentry> <term>-n name</term> <listitem><para>The <parameter>-n</parameter> option - queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for the SID + queries <command>winbindd(8)</command> for the SID associated with the name specified. Domain names can be specified before the user name by using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1. If no domain is specified then the - domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> <parameter>workgroup - </parameter> parameter. </para></listitem> + domain used is the one specified in the <filename>smb.conf</filename> + <parameter>workgroup</parameter> parameter. </para></listitem> </varlistentry> @@ -146,18 +135,16 @@ <varlistentry> <term>-S sid</term> <listitem><para>Convert a SID to a UNIX user id. If the SID - does not correspond to a UNIX user mapped by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> then the operation will fail. </para></listitem> + does not correspond to a UNIX user mapped by <command> + winbindd(8)</command> then the operation will fail. </para></listitem> </varlistentry> <varlistentry> <term>-Y sid</term> <listitem><para>Convert a SID to a UNIX group id. If the SID - does not correspond to a UNIX group mapped by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then - the operation will fail. </para></listitem> + does not correspond to a UNIX group mapped by <command> + winbindd(8)</command> then the operation will fail. </para></listitem> </varlistentry> @@ -173,18 +160,12 @@ <varlistentry> <term>-m</term> <listitem><para>Produce a list of domains trusted by the - Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts + Windows NT server <command>winbindd(8)</command> contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. </para></listitem> </varlistentry> - <varlistentry> - <term>--sequence</term> - <listitem><para>Show sequence numbers of - all known domains</para></listitem> - </varlistentry> <varlistentry> <term>-r username</term> @@ -212,25 +193,6 @@ Windows 2000 servers only). </para></listitem> </varlistentry> - - <varlistentry> - <term>--get-auth-user</term> - <listitem><para>Print username and password used by winbindd - during session setup to a domain controller. Username - and password can be set using '-A'. Only available for - root.</para></listitem> - </varlistentry> - - <varlistentry> - <term>-p</term> - <listitem><para>Check whether winbindd is still alive. - Prints out either 'succeeded' or 'failed'. - </para></listitem> - </varlistentry> - - &stdarg.version; - &stdarg.help; - </variablelist> </refsect1> @@ -239,9 +201,8 @@ <title>EXIT STATUS</title> <para>The wbinfo program returns 0 if the operation - succeeded, or 1 if the operation failed. If the <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> daemon is not working <command>wbinfo</command> will always return + succeeded, or 1 if the operation failed. If the <command>winbindd(8) + </command> daemon is not working <command>wbinfo</command> will always return failure. </para> </refsect1> @@ -255,8 +216,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></para> + <para><ulink url="winbindd.8.html"><command>winbindd(8)</command> + </ulink></para> </refsect1> <refsect1> @@ -271,8 +232,7 @@ were written by Tim Potter.</para> <para>The conversion to DocBook for Samba 2.2 was done - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba - 3.0 was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 177265caf1..ccef2fa623 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="winbindd.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="winbindd"> <refmeta> <refentrytitle>winbindd</refentrytitle> @@ -31,8 +29,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This program is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>winbindd</command> is a daemon that provides a service for the Name Service Switch capability that is present @@ -90,11 +88,12 @@ <filename>/etc/nsswitch.conf</filename> file can be used to initially resolve user and group information from <filename>/etc/passwd </filename> and <filename>/etc/group</filename> and then from the - Windows NT server. -<programlisting> + Windows NT server. </para> + + <para><programlisting> passwd: files winbind group: files winbind -</programlisting></para> + </programlisting></para> <para>The following simple configuration in the <filename>/etc/nsswitch.conf</filename> file can be used to initially @@ -130,8 +129,13 @@ group: files winbind than a file.</para></listitem> </varlistentry> - &popt.common.samba; - &stdarg.help; + <varlistentry> + <term>-d debuglevel</term> + <listitem><para>Sets the debuglevel to an integer between + 0 and 100. 0 is for no debugging and 100 is for reams and + reams. To submit a bug report to the Samba Team, use debug + level 100 (see BUGS.txt). </para></listitem> + </varlistentry> <varlistentry> <term>-i</term> @@ -161,10 +165,15 @@ group: files winbind as 2 threads. The first will answer all requests from the cache, thus making responses to clients faster. The other will update the cache for the query that the first has just responded. - Advantage of this is that responses stay accurate and are faster. + Advantage of this is that responses are accurate and fast. </para></listitem> </varlistentry> + <varlistentry> + <term>-s|--conf=smb.conf</term> + <listitem><para>Specifies the location of the all-important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -199,9 +208,8 @@ group: files winbind <title>CONFIGURATION</title> <para>Configuration of the <command>winbindd</command> daemon - is done through configuration parameters in the <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file. All parameters should be specified in the + is done through configuration parameters in the <filename>smb.conf(5) + </filename> file. All parameters should be specified in the [global] section of smb.conf. </para> <itemizedlist> @@ -235,24 +243,27 @@ group: files winbind following setup. This was tested on a RedHat 6.2 Linux box. </para> <para>In <filename>/etc/nsswitch.conf</filename> put the - following: -<programlisting> + following:</para> + + <para><programlisting> passwd: files winbind group: files winbind -</programlisting></para> + </programlisting></para> + + <para>In <filename>/etc/pam.d/*</filename> replace the + <parameter>auth</parameter> lines with something like this: </para> - <para>In <filename>/etc/pam.d/*</filename> replace the <parameter> - auth</parameter> lines with something like this: -<programlisting> + + <para><programlisting> auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok -</programlisting></para> + </programlisting></para> - <para>Note in particular the use of the <parameter>sufficient - </parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para> + <para>Note in particular the use of the <parameter>sufficient</parameter> + keyword and the <parameter>use_first_pass</parameter> keyword. </para> <para>Now replace the account lines with this: </para> @@ -262,24 +273,26 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <para>The next step is to join the domain. To do that use the <command>smbpasswd</command> program like this: </para> - <para><command>net join -S PDC -U Administrator</command></para> + <para><command>smbpasswd -j DOMAIN -r PDC -U + Administrator</command></para> <para>The username after the <parameter>-U</parameter> can be any Domain user that has administrator privileges on the machine. - Substitute the name or IP of your PDC for "PDC".</para> + Substitute your domain name for "DOMAIN" and the name of your PDC + for "PDC".</para> <para>Next copy <filename>libnss_winbind.so</filename> to - <filename>/lib</filename> and <filename>pam_winbind.so - </filename> to <filename>/lib/security</filename>. A symbolic link needs to be + <filename>/lib</filename> and <filename>pam_winbind.so</filename> + to <filename>/lib/security</filename>. A symbolic link needs to be made from <filename>/lib/libnss_winbind.so</filename> to <filename>/lib/libnss_winbind.so.2</filename>. If you are using an older version of glibc then the target of the link should be <filename>/lib/libnss_winbind.so.1</filename>.</para> - <para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> containing directives like the - following: -<programlisting> + <para>Finally, setup a <filename>smb.conf</filename> containing directives like the + following: </para> + + <para><programlisting> [global] winbind separator = + winbind cache time = 10 @@ -290,7 +303,7 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok workgroup = DOMAIN security = domain password server = * -</programlisting></para> + </programlisting></para> <para>Now start winbindd and you should find that your user and @@ -308,10 +321,9 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <para>The following notes are useful when configuring and running <command>winbindd</command>: </para> - <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must be running on the local machine - for <command>winbindd</command> to work. <command>winbindd</command> queries - the list of trusted domains for the Windows NT server + <para><command>nmbd</command> must be running on the local machine + for <command>winbindd</command> to work. <command>winbindd</command> + queries the list of trusted domains for the Windows NT server on startup and when a SIGHUP is received. Thus, for a running <command> winbindd</command> to become aware of new trust relationships between servers, it must be sent a SIGHUP signal. </para> @@ -345,9 +357,8 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <variablelist> <varlistentry> <term>SIGHUP</term> - <listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file and - apply any parameter changes to the running + <listitem><para>Reload the <filename>smb.conf(5)</filename> + file and apply any parameter changes to the running version of winbindd. This signal also clears any cached user and group information. The list of other domains trusted by winbindd is also reloaded. </para></listitem> @@ -420,13 +431,10 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <refsect1> <title>SEE ALSO</title> - <para><filename>nsswitch.conf(5)</filename>, <citerefentry> - <refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry> - <refentrytitle>wbinfo</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry> - <refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <para><filename>nsswitch.conf(5)</filename>, + <ulink url="samba.7.html">samba(7)</ulink>, + <ulink url="wbinfo.1.html">wbinfo(1)</ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink></para> </refsect1> <refsect1> @@ -437,12 +445,11 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.</para> - <para><command>wbinfo</command> and <command>winbindd</command> were - written by Tim Potter.</para> + <para><command>wbinfo</command> and <command>winbindd</command> + were written by Tim Potter.</para> <para>The conversion to DocBook for Samba 2.2 was done - by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index 887ecd74c2..3e34d53c0a 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -14,8 +14,7 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again Windows2000 KDC. </para> -<para>Pieces you need before you begin:</para> -<para> +<para>Pieces you need before you begin: <simplelist> <member>a Windows 2000 server.</member> <member>samba 3.0 or higher.</member> @@ -27,8 +26,7 @@ Windows2000 KDC. <sect1> <title>Installing the required packages for Debian</title> -<para>On Debian you need to install the following packages:</para> -<para> +<para>On Debian you need to install the following packages: <simplelist> <member>libkrb5-dev</member> <member>krb5-user</member> @@ -39,8 +37,7 @@ Windows2000 KDC. <sect1> <title>Installing the required packages for RedHat</title> -<para>On RedHat this means you should have at least: </para> -<para> +<para>On RedHat this means you should have at least: <simplelist> <member>krb5-workstation (for kinit)</member> <member>krb5-libs (for linking with)</member> @@ -60,8 +57,7 @@ to get them off CD2.</para> <para>If your kerberos libraries are in a non-standard location then remember to add the configure option --with-krb5=DIR.</para> -<para>After you run configure make sure that include/config.h it - generates contains +<para>After you run configure make sure that include/config.h contains lines like this:</para> <para><programlisting> @@ -90,10 +86,9 @@ In case samba can't figure out your ads server using your realm name, use the </programlisting> </para> -<para>You do *not* need a smbpasswd file, and older clients will - be authenticated as if "security = domain", although it won't do any harm - and allows you to have local users not in the domain. - I expect that the above +<para>You do *not* need a smbpasswd file, although it won't do any harm + and if you have one then Samba will be able to fall back to normal + password security for older clients. I expect that the above required options will change soon when we get better active directory integration.</para> </sect1> @@ -104,7 +99,7 @@ In case samba can't figure out your ads server using your realm name, use the <para>The minimal configuration for krb5.conf is:</para> <para><programlisting> -[realms] + [realms] YOUR.KERBEROS.REALM = { kdc = your.kerberos.server } @@ -133,7 +128,7 @@ to join the realm. <para> If all you want is kerberos support in smbclient then you can skip straight to step 5 now. Step 3 is only needed if you want kerberos -support for smbd and winbindd. +support in smbd. </para> </sect1> @@ -142,7 +137,9 @@ support for smbd and winbindd. <title>Create the computer account</title> <para> -As a user that has write permission on the Samba private directory +Do a "kinit" as a user that has authority to change arbitrary +passwords on the KDC ("Administrator" is a good choice). Then as a +user that has write permission on the Samba private directory (usually root) run: <command>net ads join</command> </para> @@ -152,6 +149,8 @@ As a user that has write permission on the Samba private directory <para> <variablelist> +<varlistentry><term>"bash: kinit: command not found"</term> +<listitem><para>kinit is in the krb5-workstation RPM on RedHat systems, and is in /usr/kerberos/bin, so it won't be in the path until you log in again (or open a new terminal)</para></listitem></varlistentry> <varlistentry><term>"ADS support not compiled in"</term> <listitem><para>Samba must be reconfigured (remove config.cache) and recompiled (make clean all install) after the kerberos libs and headers are installed.</para></listitem></varlistentry> </variablelist> diff --git a/docs/docbook/projdoc/Browsing-Quickguide.sgml b/docs/docbook/projdoc/Browsing-Quickguide.sgml index 0a5cf72038..8ecc795966 100644 --- a/docs/docbook/projdoc/Browsing-Quickguide.sgml +++ b/docs/docbook/projdoc/Browsing-Quickguide.sgml @@ -1,10 +1,9 @@ <chapter id="Browsing-Quick"> <chapterinfo> <author> - <firstname>John H</firstname><surname>Terpstra</surname> + <firstname>John</firstname><surname>Terpstra</surname> </author> <pubdate>July 5, 1998</pubdate> - <pubdate>Updated: March 15, 2003</pubdate> </chapterinfo> <title>Quick Cross Subnet Browsing / Cross Workgroup Browsing guide</title> @@ -17,22 +16,16 @@ of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling except by way of name to address mapping. </para> -<para> -Note: MS Windows 2000 and later can be configured to operate with NO NetBIOS -over TCP/IP. Samba-3 and later also supports this mode of operation. -</para> - - <sect1> <title>Discussion</title> <para> Firstly, all MS Windows networking is based on SMB (Server Message -Block) based messaging. SMB messaging may be implemented using NetBIOS or -without NetBIOS. Samba implements NetBIOS by encapsulating it over TCP/IP. -MS Windows products can do likewise. NetBIOS based networking uses broadcast -messaging to affect browse list management. When running NetBIOS over -TCP/IP this uses UDP based messaging. UDP messages can be broadcast or unicast. +Block) based messaging. SMB messaging is implemented using NetBIOS. Samba +implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can +do likewise. NetBIOS based networking uses broadcast messaging to affect +browse list management. When running NetBIOS over TCP/IP this uses UDP +based messaging. UDP messages can be broadcast or unicast. </para> <para> @@ -52,27 +45,20 @@ the "remote browse sync" parameters to your smb.conf file. </para> <para> -If only one WINS server is used for an entire multi-segment network then -the use of the "remote announce" and the "remote browse sync" parameters -should NOT be necessary. -</para> - -<para> -As of Samba-3 WINS replication is being worked on. The bulk of the code has -been committed, but it still needs maturation. +If only one WINS server is used then the use of the "remote announce" and the +"remote browse sync" parameters should NOT be necessary. </para> <para> -Right now samba WINS does not support MS-WINS replication. This means that -when setting up Samba as a WINS server there must only be one nmbd configured -as a WINS server on the network. Some sites have used multiple Samba WINS -servers for redundancy (one server per subnet) and then used "remote browse -sync" and "remote announce" to affect browse list collation across all -segments. Note that this means clients will only resolve local names, -and must be configured to use DNS to resolve names on other subnets in -order to resolve the IP addresses of the servers they can see on other -subnets. This setup is not recommended, but is mentioned as a practical -consideration (ie: an 'if all else fails' scenario). +Samba WINS does not support MS-WINS replication. This means that when setting up +Samba as a WINS server there must only be one nmbd configured as a WINS server +on the network. Some sites have used multiple Samba WINS servers for redundancy +(one server per subnet) and then used "remote browse sync" and "remote announce" +to affect browse list collation across all segments. Note that this means +clients will only resolve local names, and must be configured to use DNS to +resolve names on other subnets in order to resolve the IP addresses of the +servers they can see on other subnets. This setup is not recommended, but is +mentioned as a practical consideration (ie: an 'if all else fails' scenario). </para> <para> @@ -140,9 +126,8 @@ simultaneously the LMB on it's network segment. <para> The syntax of the "remote browse sync" parameter is: - <programlisting> -remote browse sync = a.b.c.d + remote browse sync = a.b.c.d </programlisting> where a.b.c.d is either the IP address of the remote LMB or else is the network broadcast address of the remote segment. @@ -212,9 +197,8 @@ To configure Samba to register with a WINS server just add </para> <para> -<emphasis>DO NOT EVER</emphasis> use both "wins support = yes" together -with "wins server = a.b.c.d" particularly not using it's own IP address. -Specifying both will cause nmbd to refuse to start! +<emphasis>DO NOT EVER</emphasis> use both "wins support = yes" together with "wins server = a.b.c.d" +particularly not using it's own IP address. </para> </sect1> @@ -228,7 +212,7 @@ one protocol on an MS Windows machine. </para> <para> -Every NetBIOS machine takes part in a process of electing the LMB (and DMB) +Every NetBIOS machine take part in a process of electing the LMB (and DMB) every 15 minutes. A set of election criteria is used to determine the order of precidence for winning this election process. A machine running Samba or Windows NT will be biased so that the most suitable machine will predictably @@ -247,15 +231,6 @@ as an LMB and thus browse list operation on all TCP/IP only machines will fail. </para> -<para><emphasis> -Windows 95, 98, 98se, Me are referred to generically as Windows 9x. -The Windows NT4, 2000, XP and 2003 use common protocols. These are roughly -referred to as the WinNT family, but it should be recognised that 2000 and -XP/2003 introduce new protocol extensions that cause them to behave -differently from MS Windows NT4. Generally, where a server does NOT support -the newer or extended protocol, these will fall back to the NT4 protocols. -</emphasis></para> - <para> The safest rule of all to follow it this - USE ONLY ONE PROTOCOL! </para> @@ -268,35 +243,36 @@ The safest rule of all to follow it this - USE ONLY ONE PROTOCOL! <para> Resolution of NetBIOS names to IP addresses can take place using a number of methods. The only ones that can provide NetBIOS name_type information -are:</para> - +are: <simplelist> <member>WINS: the best tool!</member> <member>LMHOSTS: is static and hard to maintain.</member> <member>Broadcast: uses UDP and can not resolve names across remote segments.</member> </simplelist> +</para> <para> -Alternative means of name resolution includes:</para> +Alternative means of name resolution includes: <simplelist> <member>/etc/hosts: is static, hard to maintain, and lacks name_type info</member> <member>DNS: is a good choice but lacks essential name_type info.</member> </simplelist> +</para> <para> Many sites want to restrict DNS lookups and want to avoid broadcast name resolution traffic. The "name resolve order" parameter is of great help here. The syntax of the "name resolve order" parameter is: <programlisting> -name resolve order = wins lmhosts bcast host + name resolve order = wins lmhosts bcast host </programlisting> _or_ <programlisting> -name resolve order = wins lmhosts (eliminates bcast and host) + name resolve order = wins lmhosts (eliminates bcast and host) </programlisting> The default is: <programlisting> -name resolve order = host lmhost wins bcast + name resolve order = host lmhost wins bcast </programlisting>. where "host" refers the the native methods used by the Unix system to implement the gethostbyname() function call. This is normally diff --git a/docs/docbook/projdoc/Browsing.sgml b/docs/docbook/projdoc/Browsing.sgml index aeb3b477c5..13d6fce917 100644 --- a/docs/docbook/projdoc/Browsing.sgml +++ b/docs/docbook/projdoc/Browsing.sgml @@ -27,15 +27,8 @@ document. </para> <para> -MS Windows 2000 and later, as with Samba-3 and later, can be -configured to not use NetBIOS over TCP/IP. When configured this way -it is imperative that name resolution (using DNS/LDAP/ADS) be correctly -configured and operative. Browsing will NOT work if name resolution -from SMB machine names to IP addresses does not function correctly. -</para> - -<para> -Where NetBIOS over TCP/IP is enabled use of a WINS server is highly +Browsing will NOT work if name resolution from NetBIOS names to IP +addresses does not function correctly. Use of a WINS server is highly recommended to aid the resolution of NetBIOS (SMB) names to IP addresses. WINS allows remote segment clients to obtain NetBIOS name_type information that can NOT be provided by any other means of name resolution. @@ -47,10 +40,14 @@ that can NOT be provided by any other means of name resolution. <title>Browsing support in samba</title> <para> -Samba facilitates browsing. The browsing is supported by nmbd +Samba now fully supports browsing. The browsing is supported by nmbd and is also controlled by options in the smb.conf file (see smb.conf(5)). +</para> + +<para> Samba can act as a local browse master for a workgroup and the ability -for samba to support domain logons and scripts is now available. +for samba to support domain logons and scripts is now available. See +DOMAIN.txt for more information on domain logons. </para> <para> @@ -71,12 +68,12 @@ that is providing this service. <para> [Note that nmbd can be configured as a WINS server, but it is not -necessary to specifically use samba as your WINS server. MS Windows -NT4, Server or Advanced Server 2000 or 2003 can be configured as -your WINS server. In a mixed NT/2000/2003 server and samba environment on -a Wide Area Network, it is recommended that you use the Microsoft -WINS server capabilities. In a samba-only environment, it is -recommended that you use one and only one Samba server as your WINS server. +necessary to specifically use samba as your WINS server. NTAS can +be configured as your WINS server. In a mixed NT server and +samba environment on a Wide Area Network, it is recommended that +you use the NT server's WINS server capabilities. In a samba-only +environment, it is recommended that you use one and only one nmbd +as your WINS server]. </para> <para> @@ -116,15 +113,6 @@ connection that lists the shares is done as guest, and thus you must have a valid guest account. </para> -<para><emphasis> -MS Windows 2000 and upwards (as with Samba) can be configured to disallow -anonymous (ie: Guest account) access to the IPC$ share. In that case, the -MS Windows 2000/XP/2003 machine acting as an SMB/CIFS client will use the -name of the currently logged in user to query the IPC$ share. MS Windows -9X clients are not able to do this and thus will NOT be able to browse -server resources. -</emphasis></para> - <para> Also, a lot of people are getting bitten by the problem of too many parameters on the command line of nmbd in inetd.conf. This trick is to @@ -144,7 +132,7 @@ in smb.conf) <sect1> <title>Browsing across subnets</title> <para> -Since the release of Samba 1.9.17(alpha1) Samba has been +With the release of Samba 1.9.17(alpha1 and above) Samba has been updated to enable it to support the replication of browse lists across subnet boundaries. New code and options have been added to achieve this. This section describes how to set this feature up @@ -179,7 +167,8 @@ settings) for Samba this is in the smb.conf file. Cross subnet browsing is a complicated dance, containing multiple moving parts. It has taken Microsoft several years to get the code that achieves this correct, and Samba lags behind in some areas. -Samba is capable of cross subnet browsing when configured correctly. +However, with the 1.9.17 release, Samba is capable of cross subnet +browsing when configured correctly. </para> <para> @@ -430,9 +419,9 @@ in the [globals] section add the line </para> <para> -Versions of Samba prior to 1.9.17 had this parameter default to +Versions of Samba previous to 1.9.17 had this parameter default to yes. If you have any older versions of Samba on your network it is -strongly suggested you upgrade to a recent version, or at the very +strongly suggested you upgrade to 1.9.17 or above, or at the very least set the parameter to 'no' on all these machines. </para> @@ -484,7 +473,7 @@ machine or its IP address. Note that this line MUST NOT BE SET in the smb.conf file of the Samba server acting as the WINS server itself. If you set both the "<command>wins support = yes</command>" option and the -"<command>wins server = <name></command>" option then +"<command>wins server = >name<</command>" option then nmbd will fail to start. </para> @@ -549,12 +538,11 @@ server, if you require. <para> Next, you should ensure that each of the subnets contains a machine that can act as a local master browser for the -workgroup. Any MS Windows NT/2K/XP/2003 machine should be -able to do this, as will Windows 9x machines (although these -tend to get rebooted more often, so it's not such a good idea -to use these). To make a Samba server a local master browser -set the following options in the [global] section of the -smb.conf file : +workgroup. Any NT machine should be able to do this, as will +Windows 95 machines (although these tend to get rebooted more +often, so it's not such a good idea to use these). To make a +Samba server a local master browser set the following +options in the [global] section of the smb.conf file : </para> <para> @@ -606,7 +594,7 @@ you must not set up a Samba server as a domain master browser. By default, a Windows NT Primary Domain Controller for a Domain name is also the Domain master browser for that name, and many things will break if a Samba server registers the Domain master -browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC. +browser NetBIOS name (DOMAIN>1B<) with WINS instead of the PDC. </para> <para> @@ -673,8 +661,8 @@ samba systems!) </para> <para> -A "os level" of 2 would make it beat WfWg and Win95, but not MS Windows -NT/2K Server. A MS Windows NT/2K Server domain controller uses level 32. +A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A +NTAS domain controller uses level 32. </para> <para>The maximum os level is 255</para> diff --git a/docs/docbook/projdoc/CVS-Access.sgml b/docs/docbook/projdoc/CVS-Access.sgml new file mode 100644 index 0000000000..98ef925f20 --- /dev/null +++ b/docs/docbook/projdoc/CVS-Access.sgml @@ -0,0 +1,157 @@ +<chapter id="cvs-access"> + + +<chapterinfo> + <author> + <affiliation> + <orgname>Samba Team</orgname> + </affiliation> + </author> + + + <pubdate> (22 May 2001) </pubdate> +</chapterinfo> + +<title>HOWTO Access Samba source code via CVS</title> + +<sect1> +<title>Introduction</title> + +<para> +Samba is developed in an open environment. Developers use CVS +(Concurrent Versioning System) to "checkin" (also known as +"commit") new source code. Samba's various CVS branches can +be accessed via anonymous CVS using the instructions +detailed in this chapter. +</para> + +<para> +This document is a modified version of the instructions found at +<ulink url="http://samba.org/samba/cvs.html">http://samba.org/samba/cvs.html</ulink> +</para> + +</sect1> + + +<sect1> +<title>CVS Access to samba.org</title> + +<para> +The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host. +</para> + +<sect2> +<title>Access via CVSweb</title> + +<para> +You can access the source code via your +favourite WWW browser. This allows you to access the contents of +individual files in the repository and also to look at the revision +history and commit logs of individual files. You can also ask for a diff +listing between any two versions on the repository. +</para> + +<para> +Use the URL : <ulink +url="http://samba.org/cgi-bin/cvsweb">http://samba.org/cgi-bin/cvsweb</ulink> +</para> +</sect2> + +<sect2> +<title>Access via cvs</title> + +<para> +You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser. +</para> + +<para> +To download the latest cvs source code, point your +browser at the URL : <ulink url="http://www.cyclic.com/">http://www.cyclic.com/</ulink>. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com. +</para> + +<para> +To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name +</para> + +<orderedlist> +<listitem> + <para> + Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. + </para> +</listitem> + + +<listitem> + <para> + Run the command + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot login</command> + </para> + + <para> + When it asks you for a password type <userinput>cvs</userinput>. + </para> +</listitem> + + +<listitem> + <para> + Run the command + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</command> + </para> + + <para> + This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. + </para> + + <para> + CVS branches other HEAD can be obtained by using the <parameter>-r</parameter> + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</command> + </para> +</listitem> + +<listitem> + <para> + Whenever you want to merge in the latest code changes use + the following command from within the samba directory: + </para> + + <para> + <command>cvs update -d -P</command> + </para> +</listitem> +</orderedlist> + +</sect2> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index b178bfd2c2..8a30a5527d 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -25,29 +25,79 @@ </chapterinfo> -<title>Samba as a NT4 or Win2k domain member</title> +<title>Samba as a NT4 domain member</title> <sect1> - <title>Joining an NT Domain with Samba 3.0</title> + <title>Joining an NT Domain with Samba 2.2</title> - <para>Assume you have a Samba 3.0 server with a NetBIOS name of - <constant>SERV1</constant> and are joining an or Win2k NT domain called + <para>Assume you have a Samba 2.x server with a NetBIOS name of + <constant>SERV1</constant> and are joining an NT domain called <constant>DOM</constant>, which has a PDC with a NetBIOS name of <constant>DOMPDC</constant> and two backup domain controllers with NetBIOS names <constant>DOMBDC1</constant> and <constant>DOMBDC2 </constant>.</para> - <para>Firstly, you must edit your <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + <para>In order to join the domain, first stop all Samba daemons + and run the command:</para> + + <para><prompt>root# </prompt><userinput>smbpasswd -j DOM -r DOMPDC + -U<replaceable>Administrator%password</replaceable></userinput></para> + + <para>as we are joining the domain DOM and the PDC for that domain + (the only machine that has write access to the domain SAM database) + is DOMPDC. The <replaceable>Administrator%password</replaceable> is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:</para> + + <para><computeroutput>smbpasswd: Joined domain DOM.</computeroutput> + </para> + + <para>in your terminal window. See the <ulink url="smbpasswd.8.html"> + smbpasswd(8)</ulink> man page for more details.</para> + + <para>There is existing development code to join a domain + without having to create the machine trust account on the PDC + beforehand. This code will hopefully be available soon + in release branches as well.</para> + + <para>This command goes through the machine account password + change protocol, then writes the new (random) machine account + password for this Samba server into a file in the same directory + in which an smbpasswd file would be stored - normally :</para> + + <para><filename>/usr/local/samba/private</filename></para> + + <para>In Samba 2.0.x, the filename looks like this:</para> + + <para><filename><replaceable><NT DOMAIN NAME></replaceable>.<replaceable><Samba + Server Name></replaceable>.mac</filename></para> + + <para>The <filename>.mac</filename> suffix stands for machine account + password file. So in our example above, the file would be called:</para> + + <para><filename>DOM.SERV1.mac</filename></para> + + <para>In Samba 2.2, this file has been replaced with a TDB + (Trivial Database) file named <filename>secrets.tdb</filename>. + </para> + + + <para>This file is created and owned by root and is not + readable by any other user. It is the key to the domain-level + security for your system, and should be treated as carefully + as a shadow password file.</para> + + <para>Now, before restarting the Samba daemons you must + edit your <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> </ulink> file to tell Samba it should now use domain security.</para> <para>Change (or add) your <ulink url="smb.conf.5.html#SECURITY"> <parameter>security =</parameter></ulink> line in the [global] section of your smb.conf to read:</para> - <para><command>security = domain</command> or - <command>security = ads</command> depending on if the PDC is - NT4 or running Active Directory respectivly.</para> + <para><command>security = domain</command></para> <para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter> workgroup =</parameter></ulink> line in the [global] section to read: </para> @@ -78,47 +128,11 @@ <para><command>password server = *</command></para> - <para>This method, allows Samba to use exactly the same - mechanism that NT does. This + <para>This method, which was introduced in Samba 2.0.6, + allows Samba to use exactly the same mechanism that NT does. This method either broadcasts or uses a WINS database in order to find domain controllers to authenticate against.</para> - <para>In order to actually join the domain, you must run this - command:</para> - - <para><prompt>root# </prompt><userinput>net join -S DOMPDC - -U<replaceable>Administrator%password</replaceable></userinput></para> - - <para>as we are joining the domain DOM and the PDC for that domain - (the only machine that has write access to the domain SAM database) - is DOMPDC. The <replaceable>Administrator%password</replaceable> is - the login name and password for an account which has the necessary - privilege to add machines to the domain. If this is successful - you will see the message:</para> - - <para><computeroutput>Joined domain DOM.</computeroutput> - or <computeroutput>Joined 'SERV1' to realm 'MYREALM'</computeroutput> - </para> - - <para>in your terminal window. See the <ulink url="net.8.html"> - net(8)</ulink> man page for more details.</para> - - <para>This process joins the server to thedomain - without having to create the machine trust account on the PDC - beforehand.</para> - - <para>This command goes through the machine account password - change protocol, then writes the new (random) machine account - password for this Samba server into a file in the same directory - in which an smbpasswd file would be stored - normally :</para> - - <para><filename>/usr/local/samba/private/secrets.tdb</filename></para> - - <para>This file is created and owned by root and is not - readable by any other user. It is the key to the domain-level - security for your system, and should be treated as carefully - as a shadow password file.</para> - <para>Finally, restart your Samba daemons and get ready for clients to begin using domain security!</para> </sect1> @@ -130,8 +144,23 @@ <para> Many people have asked regarding the state of Samba's ability to participate in a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows -2000 domain operating in mixed or native mode. The steps above apply -to both NT4 and Windows 2000. +2000 domain operating in mixed or native mode. +</para> + +<para> +There is much confusion between the circumstances that require a "mixed" mode +Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode +Win2k domain controller is only needed if Windows NT BDCs must exist in the same +domain. By default, a Win2k DC in "native" mode will still support +NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and +NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server. +</para> + +<para> +The steps for adding a Samba 2.2 host to a Win2k domain are the same as those +for adding a Samba server to a Windows NT 4.0 domain. The only exception is that +the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and +Computers" MMC (Microsoft Management Console) plugin. </para> </sect1> @@ -176,7 +205,13 @@ to both NT4 and Windows 2000. <para>And finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the authentication reply, the Samba server gets the user identification information such - as the user SID, the list of NT groups the user belongs to, etc. </para> + as the user SID, the list of NT groups the user belongs to, etc. All + this information will allow Samba to be extended in the future into + a mode the developers currently call appliance mode. In this mode, + no local Unix users will be necessary, and Samba will generate Unix + uids and gids from the information passed back from the PDC when a + user is authenticated, making a Samba server truly plug and play + in an NT domain environment. Watch for this code soon.</para> <para><emphasis>NOTE:</emphasis> Much of the text of this document was first published in the Web magazine <ulink url="http://www.linuxworld.com"> diff --git a/docs/docbook/projdoc/Diagnosis.sgml b/docs/docbook/projdoc/Diagnosis.sgml index 1e2e6d7598..8c1b784433 100644 --- a/docs/docbook/projdoc/Diagnosis.sgml +++ b/docs/docbook/projdoc/Diagnosis.sgml @@ -17,7 +17,7 @@ <pubdate>Wed Jan 15</pubdate> </chapterinfo> -<title>The samba checklist</title> +<title>Diagnosing your samba server</title> <sect1> <title>Introduction</title> diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml new file mode 100644 index 0000000000..f903d7d334 --- /dev/null +++ b/docs/docbook/projdoc/ENCRYPTION.sgml @@ -0,0 +1,189 @@ +<chapter id="pwencrypt"> + + +<chapterinfo> + <author> + <firstname>Jeremy</firstname><surname>Allison</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jra@samba.org</email> + </address> + </affiliation> + </author> + + <author> + <firstname>Jelmer</firstname><surname>Vernooij</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jelmer@samba.org</email> + </address> + </affiliation> + </author> + + <pubdate>4 November 2002</pubdate> +</chapterinfo> + +<title>LanMan and NT Password Encryption in Samba</title> + + +<sect1> + <title>Introduction</title> + + <para>Newer windows clients send encrypted passwords over + the wire, instead of plain text passwords. The newest clients + will only send encrypted passwords and refuse to send plain text + passwords, unless their registry is tweaked.</para> + + <para>These passwords can't be converted to unix style encrypted + passwords. Because of that you can't use the standard unix + user database, and you have to store the Lanman and NT hashes + somewhere else. For more information, see the documentation + about the <command>passdb backend = </command> parameter. + </para> + +</sect1> + +<sect1> + <title>Important Notes About Security</title> + + <para>The unix and SMB password encryption techniques seem similar + on the surface. This similarity is, however, only skin deep. The unix + scheme typically sends clear text passwords over the network when + logging in. This is bad. The SMB encryption scheme never sends the + cleartext password over the network but it does store the 16 byte + hashed values on disk. This is also bad. Why? Because the 16 byte hashed + values are a "password equivalent". You cannot derive the user's + password from them, but they could potentially be used in a modified + client to gain access to a server. This would require considerable + technical knowledge on behalf of the attacker but is perfectly possible. + You should thus treat the smbpasswd file as though it contained the + cleartext passwords of all your users. Its contents must be kept + secret, and the file should be protected accordingly.</para> + + <para>Ideally we would like a password scheme which neither requires + plain text passwords on the net or on disk. Unfortunately this + is not available as Samba is stuck with being compatible with + other SMB systems (WinNT, WfWg, Win95 etc). </para> + + <warning> + <para>Note that Windows NT 4.0 Service pack 3 changed the + default for permissible authentication so that plaintext + passwords are <emphasis>never</emphasis> sent over the wire. + The solution to this is either to switch to encrypted passwords + with Samba or edit the Windows NT registry to re-enable plaintext + passwords. See the document WinNT.txt for details on how to do + this.</para> + + <para>Other Microsoft operating systems which also exhibit + this behavior includes</para> + + <itemizedlist> + <listitem><para>MS DOS Network client 3.0 with + the basic network redirector installed</para></listitem> + + <listitem><para>Windows 95 with the network redirector + update installed</para></listitem> + + <listitem><para>Windows 98 [se]</para></listitem> + + <listitem><para>Windows 2000</para></listitem> + </itemizedlist> + + <para><emphasis>Note :</emphasis>All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication.</para> + </warning> + + <sect2> + <title>Advantages of SMB Encryption</title> + + <itemizedlist> + <listitem><para>plain text passwords are not passed across + the network. Someone using a network sniffer cannot just + record passwords going to the SMB server.</para> + </listitem> + + <listitem><para>WinNT doesn't like talking to a server + that isn't using SMB encrypted passwords. It will refuse + to browse the server if the server is also in user level + security mode. It will insist on prompting the user for the + password on each connection, which is very annoying. The + only things you can do to stop this is to use SMB encryption. + </para></listitem> + </itemizedlist> + </sect2> + + + <sect2> + <title>Advantages of non-encrypted passwords</title> + + <itemizedlist> + <listitem><para>plain text passwords are not kept + on disk. </para></listitem> + + <listitem><para>uses same password file as other unix + services such as login and ftp</para></listitem> + + <listitem><para>you are probably already using other + services (such as telnet and ftp) which send plain text + passwords over the net, so sending them for SMB isn't + such a big deal.</para></listitem> + </itemizedlist> + </sect2> +</sect1> + + +<sect1> + <title>The smbpasswd Command</title> + + <para>The smbpasswd command maintains the two 32 byte password fields + in the smbpasswd file. If you wish to make it similar to the unix + <command>passwd</command> or <command>yppasswd</command> programs, + install it in <filename>/usr/local/samba/bin/</filename> (or your + main Samba binary directory).</para> + + <para><command>smbpasswd</command> now works in a client-server mode + where it contacts the local smbd to change the user's password on its + behalf. This has enormous benefits - as follows.</para> + + <para><command>smbpasswd</command> now has the capability + to change passwords on Windows NT servers (this only works when + the request is sent to the NT Primary Domain Controller if you + are changing an NT Domain user's password).</para> + + <para>To run smbpasswd as a normal user just type :</para> + + <para><prompt>$ </prompt><userinput>smbpasswd</userinput></para> + <para><prompt>Old SMB password: </prompt><userinput><type old value here - + or hit return if there was no old password></userinput></para> + <para><prompt>New SMB Password: </prompt><userinput><type new value> + </userinput></para> + <para><prompt>Repeat New SMB Password: </prompt><userinput><re-type new value + </userinput></para> + + <para>If the old value does not match the current value stored for + that user, or the two new values do not match each other, then the + password will not be changed.</para> + + <para>If invoked by an ordinary user it will only allow the user + to change his or her own Samba password.</para> + + <para>If run by the root user smbpasswd may take an optional + argument, specifying the user name whose SMB password you wish to + change. Note that when run as root smbpasswd does not prompt for + or check the old password value, thus allowing root to set passwords + for users who have forgotten their passwords.</para> + + <para><command>smbpasswd</command> is designed to work in the same way + and be familiar to UNIX users who use the <command>passwd</command> or + <command>yppasswd</command> commands.</para> + + <para>For more details on using <command>smbpasswd</command> refer + to the man page which will always be the definitive reference.</para> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml index 06c1d3a87e..6d5a019fcb 100644 --- a/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml +++ b/docs/docbook/projdoc/GROUP-MAPPING-HOWTO.sgml @@ -1,4 +1,3 @@ -<?xml version="1.0" encoding="iso8859-1"?> <chapter id="groupmapping"> <chapterinfo> <author> diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml index a4e79fd42b..3b0faf81af 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.sgml +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -295,16 +295,16 @@ The following are typical NetBIOS name/service type registrations: <para><programlisting> Unique NetBIOS Names: - MACHINENAME<00> = Server Service is running on MACHINENAME - MACHINENAME<03> = Generic Machine Name (NetBIOS name) - MACHINENAME<20> = LanMan Server service is running on MACHINENAME - WORKGROUP<1b> = Domain Master Browser + MACHINENAME<00> = Server Service is running on MACHINENAME + MACHINENAME<03> = Generic Machine Name (NetBIOS name) + MACHINENAME<20> = LanMan Server service is running on MACHINENAME + WORKGROUP<1b> = Domain Master Browser Group Names: - WORKGROUP<03> = Generic Name registered by all members of WORKGROUP - WORKGROUP<1c> = Domain Controllers / Netlogon Servers - WORKGROUP<1d> = Local Master Browsers - WORKGROUP<1e> = Internet Name Resolvers + WORKGROUP<03> = Generic Name registered by all members of WORKGROUP + WORKGROUP<1c> = Domain Controllers / Netlogon Servers + WORKGROUP<1d> = Local Master Browsers + WORKGROUP<1e> = Internet Name Resolvers </programlisting></para> <para> @@ -323,7 +323,7 @@ be needed. An example of this is what happens when an MS Windows client wants to locate a domain logon server. It find this service and the IP address of a server that provides it by performing a lookup (via a NetBIOS broadcast) for enumeration of all machines that have -registered the name type *<1c>. A logon request is then sent to each +registered the name type *<1c>. A logon request is then sent to each IP address that is returned in the enumerated list of IP addresses. Which ever machine first replies then ends up providing the logon services. </para> diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml index 2843331519..2259dae029 100644 --- a/docs/docbook/projdoc/NT_Security.sgml +++ b/docs/docbook/projdoc/NT_Security.sgml @@ -31,6 +31,12 @@ the security of the UNIX host Samba is running on, and still obeys all the file permission rules that a Samba administrator can set.</para> + + <para>In Samba 2.0.4 and above the default value of the + parameter <ulink url="smb.conf.5.html#NTACLSUPPORT"><parameter> + nt acl support</parameter></ulink> has been changed from + <constant>false</constant> to <constant>true</constant>, so + manipulation of permissions is turned on by default.</para> </sect1> <sect1> diff --git a/docs/docbook/projdoc/Other-Clients.sgml b/docs/docbook/projdoc/Other-Clients.sgml index 6ba04b01d3..f790024c3a 100644 --- a/docs/docbook/projdoc/Other-Clients.sgml +++ b/docs/docbook/projdoc/Other-Clients.sgml @@ -233,16 +233,6 @@ for use with <command>security = user</command> </sect2> -<sect2> -<title>Use TCP/IP as default protocol</title> - -<para>To support print queue reporting you may find -that you have to use TCP/IP as the default protocol under -WfWg. For some reason if you leave Netbeui as the default -it may break the print queue reporting on some systems. -It is presumably a WfWg bug.</para> - -</sect2> </sect1> <sect1> diff --git a/docs/docbook/projdoc/Portability.sgml b/docs/docbook/projdoc/Portability.sgml index dae267e8b5..afafacc5e4 100644 --- a/docs/docbook/projdoc/Portability.sgml +++ b/docs/docbook/projdoc/Portability.sgml @@ -175,16 +175,4 @@ Corrective Action: Delete the entry after the word loopback in the line starting 127.0.0.1 </para> </sect1> - -<sect1> -<title>AIX</title> -<sect2> -<title>Sequential Read Ahead</title> -<!-- From an email by William Jojo <jojowil@hvcc.edu> --> -<para> -Disabling Sequential Read Ahead using "vmtune -r 0" improves -samba performance significally. -</para> -</sect2> -</sect1> </chapter> diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml index e3bee32db0..7653e3d1c0 100644 --- a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml @@ -128,7 +128,7 @@ the password change is done. <sect1> -<title>Can Samba be a Backup Domain Controller to an NT PDC?</title> +<title>Can Samba be a Backup Domain Controller?</title> <para> With version 2.2, no. The native NT SAM replication protocols have @@ -138,12 +138,6 @@ been finished for version 2.2. </para> <para> -With version 3.0, the work on both the replication protocols and a -suitable storage mechanism has progressed, and some form of NT4 BDC -support is expected soon. -</para> - -<para> Can I get the benefits of a BDC with Samba? Yes. The main reason for implementing a BDC is availability. If the PDC is a Samba machine, a second Samba machine can be set up to @@ -184,8 +178,7 @@ whenever changes are made, or the PDC is set up as a NIS master server and the BDC as a NIS slave server. To set up the BDC as a mere NIS client would not be enough, as the BDC would not be able to access its user database in case of a PDC failure. -</para> -</listitem> +</para></listitem> <listitem><para> The Samba password database in the file private/smbpasswd has to be @@ -243,15 +236,5 @@ password. </sect2> -<sect2> -<title>Can I do this all with LDAP?</title> -<para>The simple answer is YES. Samba's pdb_ldap code supports -binding to a replica LDAP server, and will also follow referrals and -rebind to the master if it ever needs to make a modification to the -database. (Normally BDCs are read only, so this will not occur -often). -</para> -</sect2> - </sect1> </chapter> diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml new file mode 100644 index 0000000000..f294ddd1ff --- /dev/null +++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml @@ -0,0 +1,593 @@ +<chapter id="samba-ldap-howto"> + +<chapterinfo> + <author> + <firstname>Gerald (Jerry)</firstname><surname>Carter</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>jerry@samba.org</email></address> + </affiliation> + <firstname>Olivier (lem)</firstname><surname>Lemaire</surname> + <affiliation> + <orgname>IDEALX</orgname> + <address><email>olem@IDEALX.org</email></address> + </affiliation> + </author> + + + <pubdate> (13 Jan 2002) </pubdate> +</chapterinfo> + +<title>Storing Samba's User/Machine Account information in an LDAP Directory</title> + +<sect1> +<title>Purpose</title> + +<para> +This document describes how to use an LDAP directory for storing Samba user +account information traditionally stored in the smbpasswd(5) file. It is +assumed that the reader already has a basic understanding of LDAP concepts +and has a working directory server already installed. For more information +on LDAP architectures and Directories, please refer to the following sites. +</para> + +<itemizedlist> + <listitem><para>OpenLDAP - <ulink url="http://www.openldap.org/">http://www.openldap.org/</ulink></para></listitem> + <listitem><para>iPlanet Directory Server - <ulink url="http://iplanet.netscape.com/directory">http://iplanet.netscape.com/directory</ulink></para></listitem> +</itemizedlist> + +<para> +Note that <ulink url="http://www.ora.com/">O'Reilly Publishing</ulink> is working on +a guide to LDAP for System Administrators which has a planned release date of +early summer, 2002. +</para> + +<para> +Two additional Samba resources which may prove to be helpful are +</para> + +<itemizedlist> + <listitem><para>The <ulink url="http://www.unav.es/cti/ldap-smb/ldap-smb-3-howto.html">Samba-PDC-LDAP-HOWTO</ulink> + maintained by Ignacio Coupeau.</para></listitem> + + <listitem><para>The NT migration scripts from <ulink url="http://samba.idealx.org/">IDEALX</ulink> that are + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. + </para></listitem> +</itemizedlist> + +</sect1> + + +<sect1> +<title>Introduction</title> + +<para> +Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt +passwords = yes"</ulink> in Samba's <filename>smb.conf</filename> file, user account +information such as username, LM/NT password hashes, password change times, and account +flags have been stored in the <filename>smbpasswd(5)</filename> file. There are several +disadvantages to this approach for sites with very large numbers of users (counted +in the thousands). +</para> + +<itemizedlist> +<listitem><para> +The first is that all lookups must be performed sequentially. Given that +there are approximately two lookups per domain logon (one for a normal +session connection such as when mapping a network drive or printer), this +is a performance bottleneck for lareg sites. What is needed is an indexed approach +such as is used in databases. +</para></listitem> + +<listitem><para> +The second problem is that administrators who desired to replicate a +smbpasswd file to more than one Samba server were left to use external +tools such as <command>rsync(1)</command> and <command>ssh(1)</command> +and wrote custom, in-house scripts. +</para></listitem> + +<listitem><para> +And finally, the amount of information which is stored in an +smbpasswd entry leaves no room for additional attributes such as +a home directory, password expiration time, or even a Relative +Identified (RID). +</para></listitem> +</itemizedlist> + +<para> +As a result of these defeciencies, a more robust means of storing user attributes +used by smbd was developed. The API which defines access to user accounts +is commonly referred to as the samdb interface (previously this was called the passdb +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or +<parameter>--with-tdbsam</parameter>) requires compile time support. +</para> + +<para> +When compiling Samba to include the <parameter>--with-ldapsam</parameter> autoconf +option, smbd (and associated tools) will store and lookup user accounts in +an LDAP directory. In reality, this is very easy to understand. If you are +comfortable with using an smbpasswd file, simply replace "smbpasswd" with +"LDAP directory" in all the documentation. +</para> + +<para> +There are a few points to stress about what the <parameter>--with-ldapsam</parameter> +does not provide. The LDAP support referred to in the this documentation does not +include: +</para> + +<itemizedlist> + <listitem><para>A means of retrieving user account information from + an Windows 2000 Active Directory server.</para></listitem> + <listitem><para>A means of replacing /etc/passwd.</para></listitem> +</itemizedlist> + +<para> +The second item can be accomplished by using LDAP NSS and PAM modules. LGPL +versions of these libraries can be obtained from PADL Software +(<ulink url="http://www.padl.com/">http://www.padl.com/</ulink>). However, +the details of configuring these packages are beyond the scope of this document. +</para> + +</sect1> + +<sect1> +<title>Supported LDAP Servers</title> + +<para> +The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP +2.0 server and client libraries. The same code should be able to work with +Netscape's Directory Server and client SDK. However, due to lack of testing +so far, there are bound to be compile errors and bugs. These should not be +hard to fix. If you are so inclined, please be sure to forward all patches to +<ulink url="samba-patches@samba.org">samba-patches@samba.org</ulink> and +<ulink url="jerry@samba.org">jerry@samba.org</ulink>. +</para> + +</sect1> + + + + +<sect1> +<title>Schema and Relationship to the RFC 2307 posixAccount</title> + + +<para> +Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in +<filename>examples/LDAP/samba.schema</filename>. (Note that this schema +file has been modified since the experimental support initially included +in 2.2.2). The sambaAccount objectclass is given here: +</para> + +<para><programlisting> +objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL + DESC 'Samba Account' + MUST ( uid $ rid ) + MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ + logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ + displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ + description $ userWorkstations $ primaryGroupID $ domain )) +</programlisting></para> + +<para> +The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +owned by the Samba Team and as such is legal to be openly published. +If you translate the schema to be used with Netscape DS, please +submit the modified schema file as a patch to <ulink +url="jerry@samba.org">jerry@samba.org</ulink> +</para> + +<para> +Just as the smbpasswd file is mean to store information which supplements a +user's <filename>/etc/passwd</filename> entry, so is the sambaAccount object +meant to supplement the UNIX user account information. A sambaAccount is a +<constant>STRUCTURAL</constant> objectclass so it can be stored individually +in the directory. However, there are several fields (e.g. uid) which overlap +with the posixAccount objectclass outlined in RFC2307. This is by design. +</para> + +<!--olem: we should perhaps have a note about shadowAccounts too as many +systems use them, isn'it ? --> + +<para> +In order to store all user account information (UNIX and Samba) in the directory, +it is necessary to use the sambaAccount and posixAccount objectclasses in +combination. However, smbd will still obtain the user's UNIX account +information via the standard C library calls (e.g. getpwnam(), et. al.). +This means that the Samba server must also have the LDAP NSS library installed +and functioning correctly. This division of information makes it possible to +store all Samba account information in LDAP, but still maintain UNIX account +information in NIS while the network is transitioning to a full LDAP infrastructure. +</para> +</sect1> + +<sect1> +<title>Configuring Samba with LDAP</title> + + +<sect2> +<title>OpenLDAP configuration</title> + +<para> +To include support for the sambaAccount object in an OpenLDAP directory +server, first copy the samba.schema file to slapd's configuration directory. +</para> + +<para> +<prompt>root# </prompt><command>cp samba.schema /etc/openldap/schema/</command> +</para> + +<para> +Next, include the <filename>samba.schema</filename> file in <filename>slapd.conf</filename>. +The sambaAccount object contains two attributes which depend upon other schema +files. The 'uid' attribute is defined in <filename>cosine.schema</filename> and +the 'displayName' attribute is defined in the <filename>inetorgperson.schema</filename> +file. Both of these must be included before the <filename>samba.schema</filename> file. +</para> + +<para><programlisting> +## /etc/openldap/slapd.conf + +## schema files (core.schema is required by default) +include /etc/openldap/schema/core.schema + +## needed for sambaAccount +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/samba.schema + +## uncomment this line if you want to support the RFC2307 (NIS) schema +## include /etc/openldap/schema/nis.schema + +.... +</programlisting></para> + +<para> +It is recommended that you maintain some indices on some of the most usefull attributes, +like in the following example, to speed up searches made on sambaAccount objectclasses +(and possibly posixAccount and posixGroup as well). +</para> +<para><programlisting> +# Indices to maintain +## required by OpenLDAP 2.0 +index objectclass eq + +## support pb_getsampwnam() +index uid pres,eq +## support pdb_getsambapwrid() +index rid eq + +## uncomment these if you are storing posixAccount and +## posixGroup entries in the directory as well +##index uidNumber eq +##index gidNumber eq +##index cn eq +##index memberUid eq +</programlisting></para> +</sect2> + + +<sect2> +<title>Configuring Samba</title> +<!--lem: <title>smb.conf LDAP parameters</title> --> + +<para> +The following parameters are available in smb.conf only with <parameter>--with-ldapsam</parameter> +was included with compiling Samba. +</para> + +<itemizedlist> + <listitem><para><ulink url="smb.conf.5.html#LDAPSSL">ldap ssl</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPSERVER">ldap server</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPADMINDN">ldap admin dn</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPSUFFIX">ldap suffix</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPFILTER">ldap filter</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPPORT">ldap port</ulink></para></listitem> +</itemizedlist> + +<para> +These are described in the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> man +page and so will not be repeated here. However, a sample smb.conf file for +use with an LDAP directory could appear as +</para> + +<para><programlisting> +## /usr/local/samba/lib/smb.conf +[global] + security = user + encrypt passwords = yes + + netbios name = TASHTEGO + workgroup = NARNIA + + # ldap related parameters + + # define the DN to use when binding to the directory servers + # The password for this DN is not stored in smb.conf. Rather it + # must be set by using 'smbpasswd -w <replaceable>secretpw</replaceable>' to store the + # passphrase in the secrets.tdb file. If the "ldap admin dn" values + # changes, this password will need to be reset. + ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org" + + # specify the LDAP server's hostname (defaults to locahost) + ldap server = ahab.samba.org + + # Define the SSL option when connecting to the directory + # ('off', 'start tls', or 'on' (default)) + ldap ssl = start tls + + # define the port to use in the LDAP session (defaults to 636 when + # "ldap ssl = on") + ldap port = 389 + + # specify the base DN to use when searching the directory + ldap suffix = "ou=people,dc=samba,dc=org" + + # generally the default ldap search filter is ok + # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" +</programlisting></para> + + +</sect2> +</sect1> + + +<sect1> +<title>Accounts and Groups management</title> + +<para> +As users accounts are managed thru the sambaAccount objectclass, you should +modify you existing administration tools to deal with sambaAccount attributes. +</para> + +<para> +Machines accounts are managed with the sambaAccount objectclass, just +like users accounts. However, it's up to you to stored thoses accounts +in a different tree of you LDAP namespace: you should use +"ou=Groups,dc=plainjoe,dc=org" to store groups and +"ou=People,dc=plainjoe,dc=org" to store users. Just configure your +NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration +file). +</para> + +<para> +In Samba release 2.2.3, the group management system is based on posix +groups. This meand that Samba make usage of the posixGroup objectclass. +For now, there is no NT-like group system management (global and local +groups). +</para> + +</sect1> + +<sect1> +<title>Security and sambaAccount</title> + + +<para> +There are two important points to remember when discussing the security +of sambaAccount entries in the directory. +</para> + +<itemizedlist> + <listitem><para><emphasis>Never</emphasis> retrieve the lmPassword or + ntPassword attribute values over an unencrypted LDAP session.</para></listitem> + <listitem><para><emphasis>Never</emphasis> allow non-admin users to + view the lmPassword or ntPassword attribute values.</para></listitem> +</itemizedlist> + +<para> +These password hashes are clear text equivalents and can be used to impersonate +the user without deriving the original clear text strings. For more information +on the details of LM/NT password hashes, refer to the <ulink +url="ENCRYPTION.html">ENCRYPTION chapter</ulink> of the Samba-HOWTO-Collection. +</para> + +<para> +To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +to require an encrypted session (<command>ldap ssl = on</command>) using +the default port of 636 +when contacting the directory server. When using an OpenLDAP 2.0 server, it +is possible to use the use the StartTLS LDAP extended operation in the place of +LDAPS. In either case, you are strongly discouraged to disable this security +(<command>ldap ssl = off</command>). +</para> + +<para> +Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS +extended operation. However, the OpenLDAP library still provides support for +the older method of securing communication between clients and servers. +</para> + +<para> +The second security precaution is to prevent non-administrative users from +harvesting password hashes from the directory. This can be done using the +following ACL in <filename>slapd.conf</filename>: +</para> + +<para><programlisting> +## allow the "ldap admin dn" access, but deny everyone else +access to attrs=lmPassword,ntPassword + by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write + by * none +</programlisting></para> + + +</sect1> + + + +<sect1> +<title>LDAP specials attributes for sambaAccounts</title> + +<para> +The sambaAccount objectclass is composed of the following attributes: +</para> + +<itemizedlist> + + <listitem><para><constant>lmPassword</constant>: the LANMAN password 16-byte hash stored as a character + representation of a hexidecimal string.</para></listitem> + + <listitem><para><constant>ntPassword</constant>: the NT password hash 16-byte stored as a character + representation of a hexidecimal string.</para></listitem> + + <listitem><para><constant>pwdLastSet</constant>: The integer time in seconds since 1970 when the + <constant>lmPassword</constant> and <constant>ntPassword</constant> attributes were last set. + </para></listitem> + + <listitem><para><constant>acctFlags</constant>: string of 11 characters surrounded by square brackets [] + representing account flags such as U (user), W(workstation), X(no password expiration), and + D(disabled).</para></listitem> + + <listitem><para><constant>logonTime</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>logoffTime</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>kickoffTime</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>pwdCanChange</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>pwdMustChange</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>homeDrive</constant>: specifies the drive letter to which to map the + UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" + where X is the letter of the drive to map. Refer to the "logon drive" parameter in the + smb.conf(5) man page for more information.</para></listitem> + + <listitem><para><constant>scriptPath</constant>: The scriptPath property specifies the path of + the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path + is relative to the netlogon share. Refer to the "logon script" parameter in the + smb.conf(5) man page for more information.</para></listitem> + + <listitem><para><constant>profilePath</constant>: specifies a path to the user's profile. + This value can be a null string, a local absolute path, or a UNC path. Refer to the + "logon path" parameter in the smb.conf(5) man page for more information.</para></listitem> + + <listitem><para><constant>smbHome</constant>: The homeDirectory property specifies the path of + the home directory for the user. The string can be null. If homeDrive is set and specifies + a drive letter, homeDirectory should be a UNC path. The path must be a network + UNC path of the form \\server\share\directory. This value can be a null string. + Refer to the "logon home" parameter in the smb.conf(5) man page for more information. + </para></listitem> + + <listitem><para><constant>userWorkstation</constant>: character string value currently unused. + </para></listitem> + + <listitem><para><constant>rid</constant>: the integer representation of the user's relative identifier + (RID).</para></listitem> + + <listitem><para><constant>primaryGroupID</constant>: the relative identifier (RID) of the primary group + of the user.</para></listitem> + +</itemizedlist> + +<para> +The majority of these parameters are only used when Samba is acting as a PDC of +a domain (refer to the <ulink url="Samba-PDC-HOWTO.html">Samba-PDC-HOWTO</ulink> for details on +how to configure Samba as a Primary Domain Controller). The following four attributes +are only stored with the sambaAccount entry if the values are non-default values: +</para> + +<itemizedlist> + <listitem><para>smbHome</para></listitem> + <listitem><para>scriptPath</para></listitem> + <listitem><para>logonPath</para></listitem> + <listitem><para>homeDrive</para></listitem> +</itemizedlist> + +<para> +These attributes are only stored with the sambaAccount entry if +the values are non-default values. For example, assume TASHTEGO has now been +configured as a PDC and that <command>logon home = \\%L\%u</command> was defined in +its <filename>smb.conf</filename> file. When a user named "becky" logons to the domain, +the <parameter>logon home</parameter> string is expanded to \\TASHTEGO\becky. +If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", +this value is used. However, if this attribute does not exist, then the value +of the <parameter>logon home</parameter> parameter is used in its place. Samba +will only write the attribute value to the directory entry is the value is +something other than the default (e.g. \\MOBY\becky). +</para> + + +</sect1> + + + +<sect1> +<title>Example LDIF Entries for a sambaAccount</title> + + +<para> +The following is a working LDIF with the inclusion of the posixAccount objectclass: +</para> + +<para><programlisting> +dn: uid=guest2, ou=people,dc=plainjoe,dc=org +ntPassword: 878D8014606CDA29677A44EFA1353FC7 +pwdMustChange: 2147483647 +primaryGroupID: 1201 +lmPassword: 552902031BEDE9EFAAD3B435B51404EE +pwdLastSet: 1010179124 +logonTime: 0 +objectClass: sambaAccount +uid: guest2 +kickoffTime: 2147483647 +acctFlags: [UX ] +logoffTime: 2147483647 +rid: 19006 +pwdCanChange: 0 +</programlisting></para> + +<para> +The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses: +</para> + +<para><programlisting> +dn: uid=gcarter, ou=people,dc=plainjoe,dc=org +logonTime: 0 +displayName: Gerald Carter +lmPassword: 552902031BEDE9EFAAD3B435B51404EE +primaryGroupID: 1201 +objectClass: posixAccount +objectClass: sambaAccount +acctFlags: [UX ] +userPassword: {crypt}BpM2ej8Rkzogo +uid: gcarter +uidNumber: 9000 +cn: Gerald Carter +loginShell: /bin/bash +logoffTime: 2147483647 +gidNumber: 100 +kickoffTime: 2147483647 +pwdLastSet: 1010179230 +rid: 19000 +homeDirectory: /home/tashtego/gcarter +pwdCanChange: 0 +pwdMustChange: 2147483647 +ntPassword: 878D8014606CDA29677A44EFA1353FC7 +</programlisting></para> + + +</sect1> + + + +<sect1> +<title>Comments</title> + + +<para> +Please mail all comments regarding this HOWTO to <ulink +url="mailto:jerry@samba.org">jerry@samba.org</ulink>. This documents was +last updated to reflect the Samba 2.2.3 release. + +</para> + + +</sect1> + + +</chapter> diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml index 53dae21775..7cf3e5735c 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -13,18 +13,13 @@ <orgname>Samba Team</orgname> <address><email>dbannon@samba.org</email></address> </affiliation> - <firstname>John H</firstname><surname>Terpstra</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address><email>jht@samba.org</email></address> - </affiliation> </author> <pubdate> (26 Apr 2001) </pubdate> </chapterinfo> <title> -Samba as an NT4 or Win2k Primary Domain Controller +How to Configure Samba as a NT4 Primary Domain Controller </title> @@ -42,7 +37,8 @@ that you are comfortable with configuring basic files services in smb.conf and how to enable and administer password encryption in Samba. Theses two topics are covered in the <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> -manpage. +manpage and the <ulink url="ENCRYPTION.html">Encryption chapter</ulink> +of this HOWTO Collection. </para> @@ -60,28 +56,46 @@ manpage. Background </title> +<note> <para> -This article outlines the steps necessary for configuring Samba as a PDC. -It is necessary to have a working Samba server prior to implementing the -PDC functionality. +<emphasis>Author's Note:</emphasis> This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". +Both documents are superseded by this one. +</para> +</note> + +<para> +Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller +<indexterm><primary>Primary Domain Controller</primary></indexterm> +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in <ulink +url="UNIX_INSTALL.html"> UNIX_INSTALL.html</ulink>, please make sure +that your server is configured correctly before proceeding. Another +good resource in the <ulink url="smb.conf.5.html">smb.conf(5) man +page</ulink>. The following functionality should work in 2.2: </para> <itemizedlist> <listitem><para> - domain logons for Windows NT 4.0 / 200x / XP Professional clients. + domain logons for Windows NT 4.0/2000 clients. </para></listitem> <listitem><para> - placing Windows 9x / Me clients in user level security + placing a Windows 9x client in user level security </para></listitem> <listitem><para> retrieving a list of users and groups from a Samba PDC to - Windows 9x / Me / NT / 200x / XP Professional clients + Windows 9x/NT/2000 clients </para></listitem> <listitem><para> - roaming user profiles + roving (roaming) user profiles </para></listitem> <listitem><para> @@ -91,7 +105,7 @@ PDC functionality. <para> -The following functionalities are new to the Samba 3.0 release: +The following pieces of functionality are not included in the 2.2 release: </para> <itemizedlist> @@ -100,56 +114,42 @@ The following functionalities are new to the Samba 3.0 release: </para></listitem> <listitem><para> - Adding users via the User Manager for Domains - </para></listitem> -</itemizedlist> - -<para> -The following functionalities are NOT provided by Samba 3.0: -</para> - -<itemizedlist> - <listitem><para> SAM replication with Windows NT 4.0 Domain Controllers (i.e. a Samba PDC and a Windows NT BDC or vice versa) </para></listitem> <listitem><para> + Adding users via the User Manager for Domains + </para></listitem> + + <listitem><para> Acting as a Windows 2000 Domain Controller (i.e. Kerberos and Active Directory) </para></listitem> </itemizedlist> <para> -Please note that Windows 9x / Me / XP Home clients are not true members of a domain +Please note that Windows 9x clients are not true members of a domain for reasons outlined in this article. Therefore the protocol for support Windows 9x-style domain logons is completely different -from NT4 / Win2k type domain logons and has been officially supported for some +from NT4 domain logons and has been officially supported for some time. </para> -<para><emphasis> -MS Windows XP Home edition is NOT able to join a domain and does not permit -the use of domain logons.</emphasis> -</para> - <para> -Implementing a Samba PDC can basically be divided into 3 broad +Implementing a Samba PDC can basically be divided into 2 broad steps. </para> -<orderedlist numeration="arabic"> +<orderedlist numeration="Arabic"> <listitem><para> Configuring the Samba PDC </para></listitem> <listitem><para> - Creating machine trust accounts and joining clients to the domain - </para></listitem> - - <listitem><para> - Adding and managing domain user accounts + Creating machine trust accounts and joining clients + to the domain </para></listitem> </orderedlist> @@ -157,7 +157,7 @@ steps. There are other minor details such as user profiles, system policies, etc... However, these are not necessarily specific to a Samba PDC as much as they are related to Windows NT networking -concepts. +concepts. They will be mentioned only briefly here. </para> </sect1> @@ -174,10 +174,11 @@ concepts. <para> The first step in creating a working Samba PDC is to -understand the parameters necessary in smb.conf. Here we -attempt to explain the parameters that are covered in -<ulink url="smb.conf.5.html"> the smb.conf -man page</ulink>. +understand the parameters necessary in smb.conf. I will not +attempt to re-explain the parameters here as they are more that +adequately covered in <ulink url="smb.conf.5.html"> the smb.conf +man page</ulink>. For convenience, the parameters have been +linked with the actual smb.conf description. </para> <para> @@ -208,7 +209,8 @@ Here is an example <filename>smb.conf</filename> for acting as a PDC: ; where to store user profiles? <ulink url="smb.conf.5.html#LOGONPATH">logon path</ulink> = \\%N\profiles\%u - ; where is a user's home directory and where should it be mounted at? + ; where is a user's home directory and where should it + ; be mounted at? <ulink url="smb.conf.5.html#LOGONDRIVE">logon drive</ulink> = H: <ulink url="smb.conf.5.html#LOGONHOME">logon home</ulink> = \\homeserver\%u @@ -254,16 +256,20 @@ There are a couple of points to emphasize in the above configuration. </itemizedlist> <para> -Samba 3.0 offers a complete implementation of group mapping +As Samba 2.2 does not offer a complete implementation of group mapping between Windows NT groups and Unix groups (this is really quite -complicated to explain in a short space). +complicated to explain in a short space), you should refer to the +<ulink url="smb.conf.5.html#DOMAINADMINGROUP">domain admin +group</ulink> smb.conf parameter for information of creating "Domain +Admins" style accounts. </para> </sect1> <sect1> -<title>Creating Machine Trust Accounts and Joining Clients to the Domain</title> +<title>Creating Machine Trust Accounts and Joining Clients to the +Domain</title> <para> A machine trust account is a Samba account that is used to @@ -276,65 +282,15 @@ The password of a machine trust account acts as the shared secret for secure communication with the Domain Controller. This is a security feature to prevent an unauthorized machine with the same NetBIOS name from joining the domain and gaining access to domain user/group -accounts. Windows NT, 200x, XP Professional clients use machine trust -accounts, but Windows 9x / Me / XP Home clients do not. Hence, a -Windows 9x / Me / XP Home client is never a true member of a domain -because it does not possess a machine trust account, and thus has no -shared secret with the domain controller. +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller. </para> <para>A Windows PDC stores each machine trust account in the Windows -Registry. A Samba-3 PDC also has to stoe machine trust account information -in a suitable back-end data store. With Samba-3 there can be multiple back-ends -for this including: -</para> - -<itemizedlist> - <listitem><para> - <emphasis>smbpaswd</emphasis> - the plain ascii file stored used by - earlier versions of Samba. This file configuration option requires - a Unix/Linux system account for EVERY entry (ie: both for user and for - machine accounts). This file will be located in the <emphasis>private</emphasis> - directory (default is /usr/local/samba/lib/private or on linux /etc/samba). - </para></listitem> - - <listitem><para> - <emphasis>smbpasswd_nua</emphasis> - This file is independant of the - system wide user accounts. The use of this back-end option requires - specification of the "non unix account range" option also. It is called - smbpasswd and will be located in the <filename>private</filename> directory. - </para></listitem> - - <listitem><para> - <emphasis>tdbsam</emphasis> - a binary database backend that will be - stored in the <emphasis>private</emphasis> directory in a file called - <emphasis>passwd.tdb</emphasis>. The key benefit of this binary format - file is that it can store binary objects that can not be accomodated - in the traditional plain text smbpasswd file. - </para></listitem> - - <listitem><para> - <emphasis>tdbsam_nua</emphasis> like the smbpasswd_nua option above, this - file allows the creation of arbitrary user and machine accounts without - requiring that account to be added to the system (/etc/passwd) file. It - too requires the specification of the "non unix account range" option - in the [globals] section of the smb.conf file. - </para></listitem> - - <listitem><para> - <emphasis>ldapsam</emphasis> - An LDAP based back-end. Permits the - LDAP server to be specified. eg: ldap://localhost or ldap://frodo.murphy.com - </para></listitem> - - <listitem><para> - <emphasis>ldapsam_nua</emphasis> - LDAP based back-end with no unix - account requirement, like smbpasswd_nua and tdbsam_nua above. - </para></listitem> -</itemizedlist> - -<para> -A Samba PDC, however, stores each machine trust account in two parts, -as follows: +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: <itemizedlist> <listitem><para>A Samba account, stored in the same location as user @@ -470,7 +426,7 @@ be created manually. <para><programlisting> [global] - # <...remainder of parameters...> + # <...remainder of parameters...> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u </programlisting></para> @@ -540,7 +496,7 @@ version of Windows. </para> <para> - A 'machine name' in (typically) <filename>/etc/passwd</filename> + A 'machine name' in (typically) <filename>/etc/passwd</> of the machine name with a '$' appended. FreeBSD (and other BSD systems?) won't create a user with a '$' in their name. </para> @@ -548,7 +504,7 @@ version of Windows. <para> The problem is only in the program used to make the entry, once made, it works perfectly. So create a user without the '$' and - use <command>vipw</command> to edit the entry, adding the '$'. Or create + use <command>vipw</> to edit the entry, adding the '$'. Or create the whole entry with vipw if you like, make sure you use a unique User ID ! </para> @@ -717,8 +673,8 @@ Here are some additional details: Policy Editor can be installed on an NT Workstation/Server, it will not work with NT policies because the registry key that are set by the policy templates. However, the files from the NT Server will run happily enough on an NTws. - You need <filename>poledit.exe, common.adm</filename> and <filename>winnt.adm</filename>. It is convenient - to put the two *.adm files in <filename>c:\winnt\inf</filename> which is where + You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient + to put the two *.adm files in <filename>c:\winnt\inf</> which is where the binary will look for them unless told otherwise. Note also that that directory is 'hidden'. </para> @@ -972,7 +928,7 @@ general SMB topics such as browsing.</para> <listitem><para>See how Scott Merrill simulates a BDC behavior at <ulink url="http://www.skippy.net/linux/smb-howto.html"> - http://www.skippy.net/linux/smb-howto.html</ulink>. </para></listitem> + http://www.skippy.net/linux/smb-howto.html</>. </para></listitem> <listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba"> @@ -1002,8 +958,8 @@ general SMB topics such as browsing.</para> <para> There are a number of Samba related mailing lists. Go to <ulink url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror - and then click on <command>Support</command> and then click on <command> - Samba related mailing lists</command>. + and then click on <command>Support</> and then click on <command> + Samba related mailing lists</>. </para> <para> @@ -1072,8 +1028,8 @@ general SMB topics such as browsing.</para> <para>To have your name removed from a samba mailing list, go to the same place you went to to get on it. Go to <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>, - click on your nearest mirror and then click on <command>Support</command> and - then click on <command> Samba related mailing lists</command>. Or perhaps see + click on your nearest mirror and then click on <command>Support</> and + then click on <command> Samba related mailing lists</>. Or perhaps see <ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink> </para> @@ -1156,7 +1112,7 @@ worthwhile lookingat how a Windows 9x/ME client performs a logon: <listitem> <para> The client broadcasts (to the IP broadcast address of the subnet it is in) - a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the NetBIOS layer. The client chooses the first response it receives, which contains the NetBIOS name of the logon server to use in the format of \\SERVER. @@ -1748,7 +1704,7 @@ contrast to w95, where it _does_ transfer / update profiles correctly]. <sect1> <title> -DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba +DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba </title> <warning> diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml index 5d0d388c08..1ff735a656 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.sgml +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -3,30 +3,81 @@ <title>How to Install and Test SAMBA</title> <sect1> - <title>Obtaining and installing samba</title> - - <para>Binary packages of samba are included in almost any Linux or - Unix distribution. There are also some packages available at - <ulink url="http://samba.org/">the samba homepage</ulink> - </para> - - <para>If you need to compile samba from source, check the - appropriate appendix chapter.</para> + <title>Read the man pages</title> + + <para>The man pages distributed with SAMBA contain + lots of useful info that will help to get you started. + If you don't know how to read man pages then try + something like:</para> + + <para><prompt>$ </prompt><userinput>man smbd.8</userinput> + or + <prompt>$ </prompt><userinput>nroff -man smbd.8 | more + </userinput> on older unixes.</para> + + <para>Other sources of information are pointed to + by the Samba web site,<ulink url="http://www.samba.org/"> + http://www.samba.org</ulink></para> </sect1> <sect1> - <title>Configuring samba</title> + <title>Building the Binaries</title> + + <para>To do this, first run the program <command>./configure + </command> in the source directory. This should automatically + configure Samba for your operating system. If you have unusual + needs then you may wish to run</para> + + <para><prompt>root# </prompt><userinput>./configure --help + </userinput></para> + + <para>first to see what special options you can enable. + Then executing</para> + + <para><prompt>root# </prompt><userinput>make</userinput></para> + + <para>will create the binaries. Once it's successfully + compiled you can use </para> + + <para><prompt>root# </prompt><userinput>make install</userinput></para> + + <para>to install the binaries and manual pages. You can + separately install the binaries and/or man pages using</para> + + <para><prompt>root# </prompt><userinput>make installbin + </userinput></para> + + <para>and</para> + + <para><prompt>root# </prompt><userinput>make installman + </userinput></para> - <para>Samba's configuration is stored in the smb.conf file, - that usually resides in <filename>/etc/samba/smb.conf</filename> - or <filename>/usr/local/samba/lib/smb.conf</filename>. You can either - edit this file yourself or do it using one of the many graphical - tools that are available, such as the web-based interface swat, that - is included with samba.</para> + <para>Note that if you are upgrading for a previous version + of Samba you might like to know that the old versions of + the binaries will be renamed with a ".old" extension. You + can go back to the previous version with</para> + + <para><prompt>root# </prompt><userinput>make revert + </userinput></para> -<sect2> - <title>Editing the smb.conf file</title> + <para>if you find this version a disaster!</para> +</sect1> + +<sect1> + <title>The all important step</title> + <para>At this stage you must fetch yourself a + coffee or other drink you find stimulating. Getting the rest + of the install right can sometimes be tricky, so you will + probably need it.</para> + + <para>If you have installed samba before then you can skip + this step.</para> +</sect1> + +<sect1> + <title>Create the smb configuration file. </title> + <para>There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them carefully so you can see how the options go together in @@ -59,8 +110,9 @@ <para>For more information about security settings for the [homes] share please refer to the document UNIX_SECURITY.txt.</para> +</sect1> -<sect3> +<sect1> <title>Test your config file with <command>testparm</command></title> @@ -75,27 +127,105 @@ <para>Always run testparm again when you change <filename>smb.conf</filename>!</para> -</sect3> -</sect2> +</sect1> + +<sect1> + <title>Starting the smbd and nmbd</title> + + <para>You must choose to start smbd and nmbd either + as daemons or from <command>inetd</command>. Don't try + to do both! Either you can put them in <filename> + inetd.conf</filename> and have them started on demand + by <command>inetd</command>, or you can start them as + daemons either from the command line or in <filename> + /etc/rc.local</filename>. See the man pages for details + on the command line options. Take particular care to read + the bit about what user you need to be in order to start + Samba. In many cases you must be root.</para> + + <para>The main advantage of starting <command>smbd</command> + and <command>nmbd</command> using the recommended daemon method + is that they will respond slightly more quickly to an initial connection + request.</para> <sect2> - <title>SWAT</title> - - <para> - SWAT is a web-based interface that helps you configure samba. - SWAT might not be available in the samba package on your platform, - but in a seperate package. Please read the swat manpage - on compiling, installing and configuring swat from source. - </para> - - <para>To launch SWAT just run your favorite web browser and - point it at "http://localhost:901/". Replace <replaceable>localhost</replaceable> with the name of the computer you are running samba on if you - are running samba on a different computer then your browser.</para> - - <para>Note that you can attach to SWAT from any IP connected - machine but connecting from a remote machine leaves your - connection open to password sniffing as passwords will be sent - in the clear over the wire. </para> + <title>Starting from inetd.conf</title> + + <para>NOTE; The following will be different if + you use NIS or NIS+ to distributed services maps.</para> + + <para>Look at your <filename>/etc/services</filename>. + What is defined at port 139/tcp. If nothing is defined + then add a line like this:</para> + + <para><userinput>netbios-ssn 139/tcp</userinput></para> + + <para>similarly for 137/udp you should have an entry like:</para> + + <para><userinput>netbios-ns 137/udp</userinput></para> + + <para>Next edit your <filename>/etc/inetd.conf</filename> + and add two lines something like this:</para> + + <para><programlisting> + netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd + netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd + </programlisting></para> + + <para>The exact syntax of <filename>/etc/inetd.conf</filename> + varies between unixes. Look at the other entries in inetd.conf + for a guide.</para> + + <para>NOTE: Some unixes already have entries like netbios_ns + (note the underscore) in <filename>/etc/services</filename>. + You must either edit <filename>/etc/services</filename> or + <filename>/etc/inetd.conf</filename> to make them consistent.</para> + + <para>NOTE: On many systems you may need to use the + "interfaces" option in smb.conf to specify the IP address + and netmask of your interfaces. Run <command>ifconfig</command> + as root if you don't know what the broadcast is for your + net. <command>nmbd</command> tries to determine it at run + time, but fails on some unixes. See the section on "testing nmbd" + for a method of finding if you need to do this.</para> + + <para>!!!WARNING!!! Many unixes only accept around 5 + parameters on the command line in <filename>inetd.conf</filename>. + This means you shouldn't use spaces between the options and + arguments, or you should use a script, and start the script + from <command>inetd</command>.</para> + + <para>Restart <command>inetd</command>, perhaps just send + it a HUP. If you have installed an earlier version of <command> + nmbd</command> then you may need to kill nmbd as well.</para> + </sect2> + + <sect2> + <title>Alternative: starting it as a daemon</title> + + <para>To start the server as a daemon you should create + a script something like this one, perhaps calling + it <filename>startsmb</filename>.</para> + + <para><programlisting> + #!/bin/sh + /usr/local/samba/bin/smbd -D + /usr/local/samba/bin/nmbd -D + </programlisting></para> + + <para>then make it executable with <command>chmod + +x startsmb</command></para> + + <para>You can then run <command>startsmb</command> by + hand or execute it from <filename>/etc/rc.local</filename> + </para> + + <para>To kill it send a kill signal to the processes + <command>nmbd</command> and <command>smbd</command>.</para> + + <para>NOTE: If you use the SVR4 style init system then + you may like to look at the <filename>examples/svr4-startup</filename> + script to make Samba fit into that system.</para> </sect2> </sect1> @@ -150,8 +280,6 @@ <para>Try printing. eg:</para> - - <para><prompt>C:\WINDOWS\> </prompt><userinput>net use lpt1: \\servername\spoolservice</userinput></para> @@ -164,29 +292,90 @@ <sect1> <title>What If Things Don't Work?</title> - <para>Then you might read the file HOWTO chapter Diagnosis and the + <para>If nothing works and you start to think "who wrote + this pile of trash" then I suggest you do step 2 again (and + again) till you calm down.</para> + + <para>Then you might read the file DIAGNOSIS.txt and the FAQ. If you are still stuck then try the mailing list or newsgroup (look in the README for details). Samba has been successfully installed at thousands of sites worldwide, so maybe someone else has hit your problem and has overcome it. You could also use the WWW site to scan back issues of the samba-digest.</para> - <para>When you fix the problem <emphasis>please</emphasis> send some - updates of the documentation (or source code) to one of - the documentation maintainers or the list. - </para> + <para>When you fix the problem PLEASE send me some updates to the + documentation (or source code) so that the next person will find it + easier. </para> <sect2> + <title>Diagnosing Problems</title> + + <para>If you have installation problems then go to the + <ulink url="Diagnosis.html">Diagnosis</ulink> chapter to try to find the + problem.</para> + </sect2> + + <sect2> <title>Scope IDs</title> <para>By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will need to use the 'netbios scope' smb.conf option. - All your PCs will need to have the same setting for + All your PCs will need to have the same setting for this to work. I do not recommend scope IDs.</para> </sect2> + + <sect2> + <title>Choosing the Protocol Level</title> + + <para>The SMB protocol has many dialects. Currently + Samba supports 5, called CORE, COREPLUS, LANMAN1, + LANMAN2 and NT1.</para> + + <para>You can choose what maximum protocol to support + in the <filename>smb.conf</filename> file. The default is + NT1 and that is the best for the vast majority of sites.</para> + + <para>In older versions of Samba you may have found it + necessary to use COREPLUS. The limitations that led to + this have mostly been fixed. It is now less likely that you + will want to use less than LANMAN1. The only remaining advantage + of COREPLUS is that for some obscure reason WfWg preserves + the case of passwords in this protocol, whereas under LANMAN1, + LANMAN2 or NT1 it uppercases all passwords before sending them, + forcing you to use the "password level=" option in some cases.</para> + + <para>The main advantage of LANMAN2 and NT1 is support for + long filenames with some clients (eg: smbclient, Windows NT + or Win95). </para> + + <para>See the smb.conf(5) manual page for more details.</para> + + <para>Note: To support print queue reporting you may find + that you have to use TCP/IP as the default protocol under + WfWg. For some reason if you leave Netbeui as the default + it may break the print queue reporting on some systems. + It is presumably a WfWg bug.</para> + </sect2> + + <sect2> + <title>Printing from UNIX to a Client PC</title> + + <para>To use a printer that is available via a smb-based + server from a unix host with LPR you will need to compile the + smbclient program. You then need to install the script + "smbprint". Read the instruction in smbprint for more details. + </para> + + <para>There is also a SYSV style script that does much + the same thing called smbprint.sysv. It contains instructions.</para> + + <para>See the CUPS manual for information about setting up + printing from a unix host with CUPS to a smb-based server. </para> + </sect2> + <sect2> <title>Locking</title> @@ -243,5 +432,14 @@ <!-- FIXME: Sync this with oplocks.sgml --> </sect2> + + <sect2> + <title>Mapping Usernames</title> + + <para>If you have different usernames on the PCs and + the unix server then take a look at the "username map" option. + See the smb.conf man page for details.</para> + </sect2> + </sect1> </chapter> diff --git a/docs/docbook/projdoc/msdfs_setup.sgml b/docs/docbook/projdoc/msdfs_setup.sgml index a86cd74235..6e1609460f 100644 --- a/docs/docbook/projdoc/msdfs_setup.sgml +++ b/docs/docbook/projdoc/msdfs_setup.sgml @@ -4,7 +4,7 @@ <author> <firstname>Shirish</firstname><surname>Kalele</surname> <affiliation> - <orgname>Samba Team & Veritas Software</orgname> + <orgname>Samba Team & Veritas Software</orgname> <address> <email>samba@samba.org</email> </address> diff --git a/docs/docbook/projdoc/pdb_mysql.sgml b/docs/docbook/projdoc/pdb_mysql.sgml new file mode 100644 index 0000000000..59a134a15f --- /dev/null +++ b/docs/docbook/projdoc/pdb_mysql.sgml @@ -0,0 +1,146 @@ +<chapter id="pdb-mysql"> +<chapterinfo> + <author> + <firstname>Jelmer</firstname><surname>Vernooij</surname> + <affiliation> + <orgname>The Samba Team</orgname> + <address><email>jelmer@samba.org</email></address> + </affiliation> + </author> + <pubdate>November 2002</pubdate> +</chapterinfo> + +<title>Passdb MySQL plugin</title> + +<sect1> +<title>Building</title> + +<para>To build the plugin, run <command>make bin/pdb_mysql.so</command> +in the <filename>source/</filename> directory of samba distribution. +</para> + +<para>Next, copy pdb_mysql.so to any location you want. I +strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</para> + +</sect1> + +<sect1> +<title>Configuring</title> + +<para>This plugin lacks some good documentation, but here is some short info:</para> + +<para>Add a the following to the <command>passdb backend</command> variable in your <filename>smb.conf</filename>: +<programlisting> +passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins] +</programlisting> +</para> + +<para>The identifier can be any string you like, as long as it doesn't collide with +the identifiers of other plugins or other instances of pdb_mysql. If you +specify multiple pdb_mysql.so entries in 'passdb backend', you also need to +use different identifiers! +</para> + +<para> +Additional options can be given thru the smb.conf file in the [global] section. +</para> + +<para><programlisting> +identifier:mysql host - host name, defaults to 'localhost' +identifier:mysql password +identifier:mysql user - defaults to 'samba' +identifier:mysql database - defaults to 'samba' +identifier:mysql port - defaults to 3306 +identifier:table - Name of the table containing users +</programlisting></para> + +<para> +<emphasis> +WARNING: since the password for the mysql user is stored in the +smb.conf file, you should make the the smb.conf file +readable only to the user that runs samba. This is considered a security +bug and will be fixed soon.</emphasis> +</para> + +<para>Names of the columns in this table(I've added column types those columns should have first):</para> + +<para><programlisting> +identifier:logon time column - int(9) +identifier:logoff time column - int(9) +identifier:kickoff time column - int(9) +identifier:pass last set time column - int(9) +identifier:pass can change time column - int(9) +identifier:pass must change time column - int(9) +identifier:username column - varchar(255) - unix username +identifier:domain column - varchar(255) - NT domain user is part of +identifier:nt username column - varchar(255) - NT username +identifier:fullname column - varchar(255) - Full name of user +identifier:home dir column - varchar(255) - Unix homedir path +identifier:dir drive column - varchar(2) - Directory drive path (eg: 'H:') +identifier:logon script column - varchar(255) - Batch file to run on client side when logging on +identifier:profile path column - varchar(255) - Path of profile +identifier:acct desc column - varchar(255) - Some ASCII NT user data +identifier:workstations column - varchar(255) - Workstations user can logon to (or NULL for all) +identifier:unknown string column - varchar(255) - unknown string +identifier:munged dial column - varchar(255) - ? +identifier:uid column - int(9) - Unix user ID (uid) +identifier:gid column - int(9) - Unix user group (gid) +identifier:user sid column - varchar(255) - NT user SID +identifier:group sid column - varchar(255) - NT group ID +identifier:lanman pass column - varchar(255) - encrypted lanman password +identifier:nt pass column - varchar(255) - encrypted nt passwd +identifier:plain pass column - varchar(255) - plaintext password +identifier:acct control column - int(9) - nt user data +identifier:unknown 3 column - int(9) - unknown +identifier:logon divs column - int(9) - ? +identifier:hours len column - int(9) - ? +identifier:unknown 5 column - int(9) - unknown +identifier:unknown 6 column - int(9) - unknown +</programlisting></para> + +<para> +Eventually, you can put a colon (:) after the name of each column, which +should specify the column to update when updating the table. You can also +specify nothing behind the colon - then the data from the field will not be +updated. +</para> + +</sect1> + +<sect1> +<title>Using plaintext passwords or encrypted password</title> + +<para> +I strongly discourage the use of plaintext passwords, however, you can use them: +</para> + +<para> +If you would like to use plaintext passwords, set 'identifier:lanman pass column' and 'identifier:nt pass column' to 'NULL' (without the quotes) and 'identifier:plain pass column' to the name of the column containing the plaintext passwords. +</para> + +<para> +If you use encrypted passwords, set the 'identifier:plain pass column' to 'NULL' (without the quotes). This is the default. +</para> + +</sect1> + +<sect1> +<title>Getting non-column data from the table</title> + +<para> +It is possible to have not all data in the database and making some 'constant'. +</para> + +<para> +For example, you can set 'identifier:fullname column' to : +<command>CONCAT(First_name,' ',Sur_name)</command> +</para> + +<para> +Or, set 'identifier:workstations column' to : +<command>NULL</command></para> + +<para>See the MySQL documentation for more language constructs.</para> + +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/pdb_xml.sgml b/docs/docbook/projdoc/pdb_xml.sgml new file mode 100644 index 0000000000..87afb7b401 --- /dev/null +++ b/docs/docbook/projdoc/pdb_xml.sgml @@ -0,0 +1,42 @@ +<chapter id="pdb-xml"> +<chapterinfo> + <author> + <firstname>Jelmer</firstname><surname>Vernooij</surname> + <affiliation> + <orgname>The Samba Team</orgname> + <address><email>jelmer@samba.org</email></address> + </affiliation> + </author> + <pubdate>November 2002</pubdate> +</chapterinfo> + +<title>Passdb XML plugin</title> + +<sect1> +<title>Building</title> + +<para>This module requires libxml2 to be installed.</para> + +<para>To build pdb_xml, run: <command>make bin/pdb_xml.so</command> in +the directory <filename>source/</filename>. </para> + +</sect1> + +<sect1> +<title>Usage</title> + +<para>The usage of pdb_xml is pretty straightforward. To export data, use: + +<command>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</command> + +(where filename is the name of the file to put the data in) +</para> + +<para> +To import data, use: +<command>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</command> + +Where filename is the name to read the data from and current-pdb to put it in. +</para> +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/printer_driver2.sgml b/docs/docbook/projdoc/printer_driver2.sgml index 8d15e437b2..7bca8dc6f5 100644 --- a/docs/docbook/projdoc/printer_driver2.sgml +++ b/docs/docbook/projdoc/printer_driver2.sgml @@ -409,8 +409,8 @@ echo " :sd=/var/spool/lpd/$2:\\" >> $PRINTCAP echo " :mx=0:ml=0:sh:\\" >> $PRINTCAP echo " :lp=/usr/local/samba/var/print/$5.prn:" >> $PRINTCAP -touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 -chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 +touch "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 +chown $LP "/usr/local/samba/var/print/$5.prn" >> /tmp/printadd.$$ 2>&1 mkdir /var/spool/lpd/$2 chmod 700 /var/spool/lpd/$2 @@ -757,7 +757,7 @@ be: /usr/bin/id -p >/tmp/tmp.print # we run the command and save the error messages # replace the command with the one appropriate for your system - /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print + /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print </programlisting></para> <para> diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index 1a2e285596..8cf16478c8 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -1,15 +1,17 @@ <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY UNIX-INSTALL SYSTEM "UNIX_INSTALL.sgml"> +<!ENTITY ENCRYPTION SYSTEM "ENCRYPTION.sgml"> <!ENTITY MS-Dfs-Setup SYSTEM "msdfs_setup.sgml"> <!ENTITY PRINTER-DRIVER2 SYSTEM "printer_driver2.sgml"> <!ENTITY DOMAIN-MEMBER SYSTEM "DOMAIN_MEMBER.sgml"> <!ENTITY WINBIND SYSTEM "winbind.sgml"> <!ENTITY NT-Security SYSTEM "NT_Security.sgml"> -<!ENTITY ServerType SYSTEM "ServerType.sgml"> <!ENTITY Samba-PDC-HOWTO SYSTEM "Samba-PDC-HOWTO.sgml"> <!ENTITY Samba-BDC-HOWTO SYSTEM "Samba-BDC-HOWTO.sgml"> +<!ENTITY CVS-Access SYSTEM "CVS-Access.sgml"> <!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml"> <!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml"> +<!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml"> <!ENTITY Diagnosis SYSTEM "Diagnosis.sgml"> <!ENTITY BUGS SYSTEM "Bugs.sgml"> <!ENTITY SECURITY-LEVEL SYSTEM "security_level.sgml"> @@ -20,13 +22,9 @@ <!ENTITY Portability SYSTEM "Portability.sgml"> <!ENTITY Other-Clients SYSTEM "Other-Clients.sgml"> <!ENTITY ADS-HOWTO SYSTEM "ADS-HOWTO.sgml"> -<!ENTITY Passdb SYSTEM "passdb.sgml"> +<!ENTITY pdb-mysql SYSTEM "pdb_mysql.sgml"> +<!ENTITY pdb-xml SYSTEM "pdb_xml.sgml"> <!ENTITY VFS SYSTEM "VFS.sgml"> -<!ENTITY GroupProfiles SYSTEM "GroupProfiles.sgml"> -<!ENTITY SecuringSamba SYSTEM "securing-samba.sgml"> -<!ENTITY Compiling SYSTEM "Compiling.sgml"> -<!ENTITY unicode SYSTEM "unicode.sgml"> -<!ENTITY CUPS SYSTEM "CUPS-printing.sgml"> ]> <book id="Samba-HOWTO-Collection"> @@ -80,8 +78,9 @@ and how to configure the parts of samba you will most likely need. PLEASE read this.</para> </partintro> &UNIX-INSTALL; +&BROWSING; &BROWSING-Quick; -&Passdb; +&ENCRYPTION; </part> <part id="type"> @@ -93,7 +92,6 @@ Samba can operate in various SMB networks. This part contains information on con for various environments. </para> </partintro> -&ServerType; &SECURITY-LEVEL; &Samba-PDC-HOWTO; &Samba-BDC-HOWTO; @@ -113,22 +111,20 @@ part each cover one specific feature.</para> &Samba-PAM; &MS-Dfs-Setup; &PRINTER-DRIVER2; -&CUPS; &WINBIND; -&BROWSING; +&pdb-mysql; +&pdb-xml; &VFS; +&Samba-LDAP; +&CVS-Access; &GROUP-MAPPING-HOWTO; &SPEED; -&GroupProfiles; -&SecuringSamba; -&unicode; </part> <part id="Appendixes"> <title>Appendixes</title> &Portability; &Other-Clients; -&Compiling; &BUGS; &Diagnosis; </part> diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/docbook/projdoc/security_level.sgml index 00dcc6e83b..e2d9cfbbaa 100644 --- a/docs/docbook/projdoc/security_level.sgml +++ b/docs/docbook/projdoc/security_level.sgml @@ -9,7 +9,7 @@ </author> </chapterinfo> -<title>Samba as Stand-Alone server (User and Share security level)</title> +<title>User and Share security level (for servers not in a domain)</title> <para> A SMB server tells the client at startup what "security level" it is diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml index f227556151..5b6b8dd635 100644 --- a/docs/docbook/projdoc/upgrading-to-3.0.sgml +++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml @@ -16,24 +16,4 @@ FIXME </sect1> -<sect1> -<title>Obsolete configuration options</title> - -<para> -In 3.0, the following configuration options have been removed. -</para> - -<simplelist> -<member>printer driver</member> -<member>printer driver file</member> -<member>printer driver location</member> -<member>use rhosts</member> -<member>postscript</member> -</simplelist> - -<para>The first three options have been replaced by new driver procedures. -Please read the printing documentation.</para> - -</sect1> - </chapter> diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml index 2d38ea44d4..d2bfb8ab67 100644 --- a/docs/docbook/projdoc/winbind.sgml +++ b/docs/docbook/projdoc/winbind.sgml @@ -2,7 +2,6 @@ <chapterinfo> - <authorgroup> <author> <firstname>Tim</firstname><surname>Potter</surname> <affiliation> @@ -11,7 +10,7 @@ </affiliation> </author> <author> - <firstname>Andrew</firstname><surname>Tridgell</surname> + <firstname>Andrew</firstname><surname>Trigdell</surname> <affiliation> <orgname>Samba Team</orgname> <address><email>tridge@linuxcare.com.au</email></address> @@ -36,7 +35,6 @@ <address><email>jelmer@nl.linux.org</email></address> </affiliation> </author> - </authorgroup> <pubdate>27 June 2002</pubdate> </chapterinfo> @@ -175,7 +173,7 @@ <sect2> <title>Microsoft Remote Procedure Calls</title> - <para>Over the last few years, efforts have been underway + <para>Over the last two years, efforts have been underway by various Samba Team members to decode various aspects of the Microsoft Remote Procedure Call (MSRPC) system. This system is used for most network related operations between @@ -194,21 +192,6 @@ </sect2> <sect2> - <title>Microsoft Active Directory Services</title> - - <para> - Since late 2001, Samba has gained the ability to - interact with Microsoft Windows 2000 using its 'Native - Mode' protocols, rather than the NT4 RPC services. - Using LDAP and Kerberos, a domain member running - winbind can enumerate users and groups in exactly the - same way as a Win2k client would, and in so doing - provide a much more efficient and - effective winbind implementation. - </para> - </sect2> - - <sect2> <title>Name Service Switch</title> <para>The Name Service Switch, or NSS, is a feature that is @@ -351,6 +334,15 @@ to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2. </para> +<para> +There is also some Solaris specific information in +<filename>docs/textdocs/Solaris-Winbind-HOWTO.txt</filename>. +Future revisions of this document will incorporate that +information. +</para> + + + <sect2> <title>Introduction</title> @@ -472,7 +464,7 @@ whether or not you have previously built the Samba binaries. <prompt>root#</prompt> <command>autoconf</command> <prompt>root#</prompt> <command>make clean</command> <prompt>root#</prompt> <command>rm config.cache</command> -<prompt>root#</prompt> <command>./configure</command> +<prompt>root#</prompt> <command>./configure --with-winbind</command> <prompt>root#</prompt> <command>make</command> <prompt>root#</prompt> <command>make install</command> </programlisting></para> @@ -560,7 +552,7 @@ include the following entries in the [global] section: <para><programlisting> [global] - <...> + <...> # separate domain and username with '+', like DOMAIN+username <ulink url="winbindd.8.html#WINBINDSEPARATOR">winbind separator</ulink> = + # use uids from 10000 to 20000 for domain users @@ -590,7 +582,7 @@ a domain user who has administrative privileges in the domain. <para> -<prompt>root#</prompt> <command>/usr/local/samba/bin/net join -S PDC -U Administrator</command> +<prompt>root#</prompt> <command>/usr/local/samba/bin/net rpc join -S PDC -U Administrator</command> </para> @@ -619,19 +611,6 @@ command as root: </para> <para> -Winbindd can now also run in 'dual daemon mode'. This will make it -run as 2 processes. The first will answer all requests from the cache, -thus making responses to clients faster. The other will -update the cache for the query that the first has just responded. -Advantage of this is that responses stay accurate and are faster. -You can enable dual daemon mode by adding '-B' to the commandline: -</para> - -<para> -<prompt>root#</prompt> <command>/usr/local/samba/bin/winbindd -B</command> -</para> - -<para> I'm always paranoid and like to make sure the daemon is really running... </para> @@ -754,28 +733,15 @@ start() { daemon /usr/local/samba/bin/winbindd RETVAL3=$? echo - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ RETVAL=1 return $RETVAL } </programlisting></para> -<para>If you would like to run winbindd in dual daemon mode, replace -the line -<programlisting> - daemon /usr/local/samba/bin/winbindd -</programlisting> - -in the example above with: - -<programlisting> - daemon /usr/local/samba/bin/winbindd -B -</programlisting>. -</para> - <para> The 'stop' function has a corresponding entry to shut down the -services and looks like this: +services and look s like this: </para> <para><programlisting> @@ -794,7 +760,7 @@ stop() { echo -n $"Shutting down $KIND services: " killproc winbindd RETVAL3=$? - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb echo "" return $RETVAL } @@ -825,7 +791,7 @@ killproc() { # kill the named process(es) pid=`/usr/bin/ps -e | /usr/bin/grep -w $1 | /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` - [ "$pid" != "" ] && kill $pid + [ "$pid" != "" ] && kill $pid } # Start/stop processes required for samba server @@ -859,19 +825,6 @@ echo Starting Winbind Daemon ;; esac </programlisting></para> - -<para>Again, if you would like to run samba in dual daemon mode, replace -<programlisting> - /usr/local/samba/bin/winbindd -</programlisting> - -in the script above with: - -<programlisting> - /usr/local/samba/bin/winbindd -B -</programlisting> -</para> - </sect4> <sect4> @@ -1089,7 +1042,7 @@ annoying double prompts for passwords. </para> <para> -Now restart your Samba and try connecting through your application that you +Now restart your Samba & try connecting through your application that you configured in the pam.conf. </para> @@ -1110,7 +1063,7 @@ configured in the pam.conf. <itemizedlist> <listitem><para>Winbind is currently only available for - the Linux, Solaris and IRIX operating systems, although ports to other operating + the Linux operating system, although ports to other operating systems are certainly possible. For such ports to be feasible, we require the C library of the target operating system to support the Name Service Switch and Pluggable Authentication @@ -1126,8 +1079,7 @@ configured in the pam.conf. <listitem><para>Currently the winbind PAM module does not take into account possible workstation and logon time restrictions - that may be been set for Windows NT users, this is - instead up to the PDC to enforce.</para></listitem> + that may be been set for Windows NT users.</para></listitem> </itemizedlist> </sect1> diff --git a/docs/docbook/smbdotconf/.cvsignore b/docs/docbook/smbdotconf/.cvsignore deleted file mode 100644 index 0f8c6cb0ed..0000000000 --- a/docs/docbook/smbdotconf/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -parameters.all.xml -parameters.global.xml -parameters.service.xml - diff --git a/docs/docbook/smbdotconf/README b/docs/docbook/smbdotconf/README deleted file mode 100644 index e69d30af5f..0000000000 --- a/docs/docbook/smbdotconf/README +++ /dev/null @@ -1,159 +0,0 @@ -DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0 - -Author of the document: Alexander Bokovoy <ab@samba.org> - -Welcome to new smb.conf(5) documentation build system! This directory -contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2 -sources. Note that the output might be unsatisfying untill all smb.conf(5) -parameters will converted to new format (see Chapter 4 for details). - -Content -------- - -0. Prerequisites -1. Structure -2. XSLT stylesheets -3. Usage -4. Current status of converted parameters - -Prerequisites -------------- - -In order to compile smb.conf(5) documentation from Docbook XML 4.2 -sources you'll need: - - - a working libxml2 and libxslt installation, together with xsltproc utility - - - a locally installed Docbook XSL 4.2 or higher - - - a working xmlcatalog to eliminate Web access for Docbook XSL - -The latter requisite is important: we do not specify local copies of -Docbook XSL stylesheets in our XSLTs because of real nightmare in their -location in most distributions. Fortunately, libxml2 provides standard -way to access locally installed external resources via so-called -'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and -some other distributions but wasn't at the moment of this writting (Late -March'03) in Debian. - -Structure ---------- - -smb.conf(5) sources consist of a number of XML files distributed across -a number of subdirectories. Each subdirectory represents a group of -smb.conf(5) parameters dedicated to one specific task as described in -Samba's loadparm.c source file (and shown in SWAT). - -Each XML file in subdirectories represents one parameter description, -together with some additional meta-information about it. Complete list -of meta-information attributes - -attribute description -------------------------------------------------------------------- -name smb.conf(5) parameter name -context G for global, S for services -basic set to 1 if loadparm.c's description -wizard includes appropriate flag for -advanced this parameter (FLAG_BASIC, -developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER) -------------------------------------------------------------------- - -Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general -stub for man page and several XML instructions to include: - - - a list of global parameters (auto-generated); - - - a list of service parameters (auto-generated); - - - a complete list of alphabetically sorted parameters (auto-generated). - -XSLT stylesheets ----------------- - -In order to combine and build final version of smb.conf(5) we apply a -set of XSLT stylesheets to smb.conf(5) sources. Following is the -complete description of existing stylesheets in smb.conf(5) source tree: - -1. [expand-smb.conf.xsl] Main driver, produces big XML source with all -smaller components combined. The resulted tree is then feed to Docbook -XSL for final producing. - -This stylesheet performs two main transformations: - - - Replaces <samba:parameter> tag by <varlistentry> one; - - - Generates <term> and <anchor> tags for each <samba:parameter>. - -The latter step needs some explanation. We generate automatically -<anchor> and <term> tags based on meta-information about parameter. This -way all anchors have predictable names (capitalized parameter name with -all spaces supressed) and we really don't need to dublicate data. - -There was only one exception to the generation rule in smb.conf.5.sgml: -"use spnego" parameter had anchor SPNEGO which is now unified to -USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO -achnor. - -2. [generate-context.xsl] An utility stylesheet which main purpose is to -produce a list of parameters which are applicable for selected context -(global or service). - -The generate-context.xsl is run twice to generate both -parameters.global.xml and parameters.service.xml which are included then -by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file -which is generated by [generate-file-list.sh] shell script. - -The parameters.all.xml file contains a complete list of include -instructions for XSLT processor to include all small XML files from -subdirectories. - -3. [man.xsl] Our local copy of Docbook XML to man(5) transformer. It -fixes some annoying errors in official Docbook XSL stylesheets and adds -our tuned parameters. This file really belongs to upper level where it -would occur later, as we'll move to Docbook XML completely. - -4. [split-original-smb.conf.xsl] This stylesheet isn't required anymore. -It was used for initial split of SGML-based smb.conf.5.sgml onto a set -of per-parameter XML files. I left it in source tree just for historical -interest. :) - -Usage ------ - -1. Generate [parameters.all.xml]: - sh generate-file-list.sh >parameters.all.xml - -2. Generate [parameters.global.xml]: - xsltproc --xinclude \ - --param smb.context "'G'" \ - --output parameters.global.xml \ - generate-context.xsl parameters.all.xml - -3. Generate [parameters.service.xml]: - xsltproc --xinclude \ - --param smb.context "'S'" \ - --output parameters.service.xml \ - generate-context.xsl parameters.all.xml - -4. Process smb.conf.5.xml (for example, to HTML): - xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \ - xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - > smb.conf.5.html - -Note that in step 4 we are not saving preprocessed smb.conf.5.xml to -disk and directly passing it to the next XSLT processor (in this case -- -Docbook XML to HTML generator). - -For convenience, this sequence of commands is added into source tree as -process-all.sh - -Current state of converted parameters -------------------------------------- - -Only 'base' parameters converted so far to serve as example of -formatting. - -All undocumented parameters are listed in doc-status file in of Samba's -docs/ directory. - -Any help is greatly appreciated. - diff --git a/docs/docbook/smbdotconf/browse/browsable.xml b/docs/docbook/smbdotconf/browse/browsable.xml deleted file mode 100644 index 779571cff2..0000000000 --- a/docs/docbook/smbdotconf/browse/browsable.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BROWSABLE"/>browsable (S)</term> - <listitem><para>See the <link linkend="BROWSEABLE"><parameter moreinfo="none"> - browseable</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browseable.xml b/docs/docbook/smbdotconf/browse/browseable.xml deleted file mode 100644 index c223d6c7d7..0000000000 --- a/docs/docbook/smbdotconf/browse/browseable.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BROWSEABLE"/>browseable (S)</term> - <listitem><para>This controls whether this share is seen in - the list of available shares in a net view and in the browse list.</para> - - <para>Default: <command moreinfo="none">browseable = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browselist.xml b/docs/docbook/smbdotconf/browse/browselist.xml deleted file mode 100644 index f15e2caf2a..0000000000 --- a/docs/docbook/smbdotconf/browse/browselist.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BROWSELIST"/>browse list (G)</term> - <listitem><para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will serve a browse list to - a client doing a <command moreinfo="none">NetServerEnum</command> call. Normally - set to <constant>yes</constant>. You should never need to change - this.</para> - - <para>Default: <command moreinfo="none">browse list = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/domainmaster.xml b/docs/docbook/smbdotconf/browse/domainmaster.xml deleted file mode 100644 index cf2d504e4d..0000000000 --- a/docs/docbook/smbdotconf/browse/domainmaster.xml +++ /dev/null @@ -1,34 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOMAINMASTER"/>domain master (G)</term> - <listitem><para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list - collation. Setting this option causes <command moreinfo="none">nmbd</command> to - claim a special domain specific NetBIOS name that identifies - it as a domain master browser for its given <link linkend="WORKGROUP"> - <parameter moreinfo="none">workgroup</parameter></link>. Local master browsers - in the same <parameter moreinfo="none">workgroup</parameter> on broadcast-isolated - subnets will give this <command moreinfo="none">nmbd</command> their local browse lists, - and then ask <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse - list for the whole wide area network. Browser clients will then contact - their local master browser, and will receive the domain-wide browse list, - instead of just the list for their broadcast-isolated subnet.</para> - - <para>Note that Windows NT Primary Domain Controllers expect to be - able to claim this <parameter moreinfo="none">workgroup</parameter> specific special - NetBIOS name that identifies them as domain master browsers for - that <parameter moreinfo="none">workgroup</parameter> by default (i.e. there is no - way to prevent a Windows NT PDC from attempting to do this). This - means that if this parameter is set and <command moreinfo="none">nmbd</command> claims - the special name for a <parameter moreinfo="none">workgroup</parameter> before a Windows - NT PDC is able to do so then cross subnet browsing will behave - strangely and may fail.</para> - - <para>If <link linkend="DOMAINLOGONS"><command moreinfo="none">domain logons = yes</command> - </link>, then the default behavior is to enable the <parameter moreinfo="none">domain - master</parameter> parameter. If <parameter moreinfo="none">domain logons</parameter> is - not enabled (the default setting), then neither will <parameter moreinfo="none">domain - master</parameter> be enabled by default.</para> - - <para>Default: <command moreinfo="none">domain master = auto</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml deleted file mode 100644 index cf8d3e54b9..0000000000 --- a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ENHANCEDBROWSING"/>enhanced browsing (G)</term> - <listitem><para>This option enables a couple of enhancements to - cross-subnet browse propagation that have been added in Samba - but which are not standard in Microsoft implementations. - </para> - - <para>The first enhancement to browse propagation consists of a regular - wildcard query to a Samba WINS server for all Domain Master Browsers, - followed by a browse synchronization with each of the returned - DMBs. The second enhancement consists of a regular randomised browse - synchronization with all currently known DMBs.</para> - - <para>You may wish to disable this option if you have a problem with empty - workgroups not disappearing from browse lists. Due to the restrictions - of the browse protocols these enhancements can cause a empty workgroup - to stay around forever which can be annoying.</para> - - <para>In general you should leave this option enabled as it makes - cross-subnet browse propagation much more reliable.</para> - - <para>Default: <command moreinfo="none">enhanced browsing = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lmannounce.xml b/docs/docbook/smbdotconf/browse/lmannounce.xml deleted file mode 100644 index 1551c0991e..0000000000 --- a/docs/docbook/smbdotconf/browse/lmannounce.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LMANNOUNCE"/>lm announce (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce - broadcasts that are needed by OS/2 clients in order for them to see - the Samba server in their browse list. This parameter can have three - values, <constant>yes</constant>, <constant>no</constant>, or - <constant>auto</constant>. The default is <constant>auto</constant>. - If set to <constant>no</constant> Samba will never produce these - broadcasts. If set to <constant>yes</constant> Samba will produce - Lanman announce broadcasts at a frequency set by the parameter - <parameter moreinfo="none">lm interval</parameter>. If set to <constant>auto</constant> - Samba will not send Lanman announce broadcasts by default but will - listen for them. If it hears such a broadcast on the wire it will - then start sending them at a frequency set by the parameter - <parameter moreinfo="none">lm interval</parameter>.</para> - - <para>See also <link linkend="LMINTERVAL"><parameter moreinfo="none">lm interval - </parameter></link>.</para> - - <para>Default: <command moreinfo="none">lm announce = auto</command></para> - <para>Example: <command moreinfo="none">lm announce = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lminterval.xml b/docs/docbook/smbdotconf/browse/lminterval.xml deleted file mode 100644 index cc17dc15b0..0000000000 --- a/docs/docbook/smbdotconf/browse/lminterval.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LMINTERVAL"/>lm interval (G)</term> - <listitem><para>If Samba is set to produce Lanman announce - broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> - <parameter moreinfo="none">lm announce</parameter></link> parameter) then this - parameter defines the frequency in seconds with which they will be - made. If this is set to zero then no Lanman announcements will be - made despite the setting of the <parameter moreinfo="none">lm announce</parameter> - parameter.</para> - - <para>See also <link linkend="LMANNOUNCE"><parameter moreinfo="none">lm - announce</parameter></link>.</para> - - <para>Default: <command moreinfo="none">lm interval = 60</command></para> - <para>Example: <command moreinfo="none">lm interval = 120</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/localmaster.xml b/docs/docbook/smbdotconf/browse/localmaster.xml deleted file mode 100644 index dffbd3cb19..0000000000 --- a/docs/docbook/smbdotconf/browse/localmaster.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCALMASTER"/>local master (G)</term> - <listitem><para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser - on a subnet. If set to <constant>no</constant> then <command moreinfo="none"> - nmbd</command> will not attempt to become a local master browser - on a subnet and will also lose in all browsing elections. By - default this value is set to <constant>yes</constant>. Setting this value to <constant>yes</constant> doesn't - mean that Samba will <emphasis>become</emphasis> the local master - browser on a subnet, just that <command moreinfo="none">nmbd</command> will <emphasis> - participate</emphasis> in elections for local master browser.</para> - - <para>Setting this value to <constant>no</constant> will cause <command moreinfo="none">nmbd</command> - <emphasis>never</emphasis> to become a local master browser.</para> - - <para>Default: <command moreinfo="none">local master = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/oslevel.xml b/docs/docbook/smbdotconf/browse/oslevel.xml deleted file mode 100644 index 927db32204..0000000000 --- a/docs/docbook/smbdotconf/browse/oslevel.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OSLEVEL"/>os level (G)</term> - <listitem><para>This integer value controls what level Samba - advertises itself as for browse elections. The value of this - parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - has a chance of becoming a local master browser for the <parameter moreinfo="none"> - WORKGROUP</parameter> in the local broadcast area.</para> - - <para><emphasis>Note :</emphasis>By default, Samba will win - a local master browsing election over all Microsoft operating - systems except a Windows NT 4.0/2000 Domain Controller. This - means that a misconfigured Samba host can effectively isolate - a subnet for browsing purposes. See <filename moreinfo="none">BROWSING.txt - </filename> in the Samba <filename moreinfo="none">docs/</filename> directory - for details.</para> - - <para>Default: <command moreinfo="none">os level = 20</command></para> - <para>Example: <command moreinfo="none">os level = 65 </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferedmaster.xml b/docs/docbook/smbdotconf/browse/preferedmaster.xml deleted file mode 100644 index 8098626c51..0000000000 --- a/docs/docbook/smbdotconf/browse/preferedmaster.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREFEREDMASTER"/>prefered master (G)</term> - <listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter moreinfo="none"> - preferred master</parameter></link> for people who cannot spell :-).</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferredmaster.xml b/docs/docbook/smbdotconf/browse/preferredmaster.xml deleted file mode 100644 index 53934fdb78..0000000000 --- a/docs/docbook/smbdotconf/browse/preferredmaster.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREFERREDMASTER"/>preferred master (G)</term> - <listitem><para>This boolean parameter controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser - for its workgroup.</para> - - <para>If this is set to <constant>yes</constant>, on startup, <command moreinfo="none">nmbd</command> - will force an election, and it will have a slight advantage in - winning the election. It is recommended that this parameter is - used in conjunction with <command moreinfo="none"><link linkend="DOMAINMASTER"><parameter moreinfo="none"> - domain master</parameter></link> = yes</command>, so that <command moreinfo="none"> - nmbd</command> can guarantee becoming a domain master.</para> - - <para>Use this option with caution, because if there are several - hosts (whether Samba servers, Windows 95 or NT) that are preferred - master browsers on the same subnet, they will each periodically - and continuously attempt to become the local master browser. - This will result in unnecessary broadcast traffic and reduced browsing - capabilities.</para> - - <para>See also <link linkend="OSLEVEL"><parameter moreinfo="none">os level</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">preferred master = auto</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml deleted file mode 100644 index 14e6d9c5df..0000000000 --- a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MACHINEPASSWORDTIMEOUT"/>machine password timeout (G)</term> - <listitem><para>If a Samba server is a member of a Windows - NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) - parameter) then periodically a running <ulink url="smbd.8.html"> - smbd(8)</ulink> process will try and change the MACHINE ACCOUNT - PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb - </filename>. This parameter specifies how often this password - will be changed, in seconds. The default is one week (expressed in - seconds), the same as a Windows NT Domain member server.</para> - - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> - security = domain</link>) parameter.</para> - - <para>Default: <command moreinfo="none">machine password timeout = 604800</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/expand-smb.conf.xsl b/docs/docbook/smbdotconf/expand-smb.conf.xsl deleted file mode 100644 index 87b4898cf7..0000000000 --- a/docs/docbook/smbdotconf/expand-smb.conf.xsl +++ /dev/null @@ -1,74 +0,0 @@ -<?xml version='1.0'?> -<!-- vim:set sts=2 shiftwidth=2 syntax=xml: --> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - xmlns:exsl="http://exslt.org/common" - xmlns:samba="http://samba.org/common" - version="1.1" - extension-element-prefixes="exsl"> - -<xsl:output method="xml"/> - -<!-- Generates one big XML file for smb.conf --> - -<xsl:param name="xmlSambaNsUri" select="'http://samba.org/common'"/> - -<!-- This is needed to copy content unchanged --> -<xsl:template match="@*|node()"> - <xsl:copy> - <xsl:apply-templates select="@*|node()"/> - </xsl:copy> -</xsl:template> - - -<xsl:template match="//samba:parameter"> - <!-- reconstruct varlistentry - not all of them will go into separate files - and also we must repair the main varlistentry itself. - --> - <xsl:message> - <xsl:text>Processing samba:parameter (</xsl:text> - <xsl:value-of select="@name"/> - <xsl:text>)</xsl:text> - </xsl:message> - - <xsl:variable name="name"><xsl:value-of select="translate(translate(string(@name),' ',''), - 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> - </xsl:variable> - - <xsl:variable name="anchor"> - <xsl:element name="anchor"> - <xsl:attribute name="id"> - <xsl:value-of select="$name"/> - </xsl:attribute> - </xsl:element> - </xsl:variable> - - <xsl:variable name="context"> - <xsl:text> (</xsl:text> - <xsl:value-of select="@context"/> - <xsl:text>)</xsl:text> - </xsl:variable> - - <xsl:variable name="term"> - <xsl:element name="term"> - <xsl:copy-of select="$anchor"/> - <xsl:value-of select="@name"/> - <xsl:value-of select="$context"/> - </xsl:element> - </xsl:variable> - - <xsl:variable name="content"> - <xsl:apply-templates/> - </xsl:variable> - - <xsl:element name="varlistentry"> - <xsl:text> -</xsl:text> - <xsl:copy-of select="$term"/> - <xsl:copy-of select="$content"/> - <xsl:text> -</xsl:text> - </xsl:element> - -</xsl:template> - -</xsl:stylesheet> diff --git a/docs/docbook/smbdotconf/filename/casesensitive.xml b/docs/docbook/smbdotconf/filename/casesensitive.xml deleted file mode 100644 index 622aea329e..0000000000 --- a/docs/docbook/smbdotconf/filename/casesensitive.xml +++ /dev/null @@ -1,7 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CASESENSITIVE"/>case sensitive (S)</term> - <listitem><para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> - - <para>Default: <command moreinfo="none">case sensitive = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/casesignames.xml b/docs/docbook/smbdotconf/filename/casesignames.xml deleted file mode 100644 index 94bcb85984..0000000000 --- a/docs/docbook/smbdotconf/filename/casesignames.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CASESIGNAMES"/>casesignames (S)</term> - <listitem><para>Synonym for <link linkend="CASESENSITIVE">case - sensitive</link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/defaultcase.xml b/docs/docbook/smbdotconf/filename/defaultcase.xml deleted file mode 100644 index f2bdf5db1c..0000000000 --- a/docs/docbook/smbdotconf/filename/defaultcase.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULTCASE"/>default case (S)</term> - <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> - <parameter moreinfo="none">short preserve case</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">default case = lower</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/deletevetofiles.xml b/docs/docbook/smbdotconf/filename/deletevetofiles.xml deleted file mode 100644 index 49a5e2232f..0000000000 --- a/docs/docbook/smbdotconf/filename/deletevetofiles.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEVETOFILES"/>delete veto files (S)</term> - <listitem><para>This option is used when Samba is attempting to - delete a directory that contains one or more vetoed directories - (see the <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> - option). If this option is set to <constant>no</constant> (the default) then if a vetoed - directory contains any non-vetoed files or directories then the - directory delete will fail. This is usually what you want.</para> - - <para>If this option is set to <constant>yes</constant>, then Samba - will attempt to recursively delete any files and directories within - the vetoed directory. This can be useful for integration with file - serving systems such as NetAtalk which create meta-files within - directories you might normally veto DOS/Windows users from seeing - (e.g. <filename moreinfo="none">.AppleDouble</filename>)</para> - - <para>Setting <command moreinfo="none">delete veto files = yes</command> allows these - directories to be transparently deleted when the parent directory - is deleted (so long as the user has permissions to do so).</para> - - <para>See also the <link linkend="VETOFILES"><parameter moreinfo="none">veto - files</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">delete veto files = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidedotfiles.xml b/docs/docbook/smbdotconf/filename/hidedotfiles.xml deleted file mode 100644 index 63e87d8059..0000000000 --- a/docs/docbook/smbdotconf/filename/hidedotfiles.xml +++ /dev/null @@ -1,7 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEDOTFILES"/>hide dot files (S)</term> - <listitem><para>This is a boolean parameter that controls whether - files starting with a dot appear as hidden files.</para> - - <para>Default: <command moreinfo="none">hide dot files = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidefiles.xml b/docs/docbook/smbdotconf/filename/hidefiles.xml deleted file mode 100644 index 6f93a2a239..0000000000 --- a/docs/docbook/smbdotconf/filename/hidefiles.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEFILES"/>hide files(S)</term> - <listitem><para>This is a list of files or directories that are not - visible but are accessible. The DOS 'hidden' attribute is applied - to any files or directories that match.</para> - - <para>Each entry in the list must be separated by a '/', - which allows spaces to be included in the entry. '*' - and '?' can be used to specify multiple files or directories - as in DOS wildcards.</para> - - <para>Each entry must be a Unix path, not a DOS path and must - not include the Unix directory separator '/'.</para> - - <para>Note that the case sensitivity option is applicable - in hiding files.</para> - - <para>Setting this parameter will affect the performance of Samba, - as it will be forced to check all files and directories for a match - as they are scanned.</para> - - <para>See also <link linkend="HIDEDOTFILES"><parameter moreinfo="none">hide - dot files</parameter></link>, <link linkend="VETOFILES"><parameter moreinfo="none"> - veto files</parameter></link> and <link linkend="CASESENSITIVE"> - <parameter moreinfo="none">case sensitive</parameter></link>.</para> - - <para>Default: <emphasis>no file are hidden</emphasis></para> - <para>Example: <command moreinfo="none">hide files = - /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para> - - <para>The above example is based on files that the Macintosh - SMB client (DAVE) available from <ulink url="http://www.thursby.com"> - Thursby</ulink> creates for internal use, and also still hides - all files beginning with a dot.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml deleted file mode 100644 index 9a8c206097..0000000000 --- a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDESPECIALFILES"/>hide special files (G)</term> - <listitem><para>This parameter prevents clients from seeing - special files such as sockets, devices and fifo's in directory - listings. - </para> - - <para>Default: <command moreinfo="none">hide special files = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunreadable.xml b/docs/docbook/smbdotconf/filename/hideunreadable.xml deleted file mode 100644 index d25153f103..0000000000 --- a/docs/docbook/smbdotconf/filename/hideunreadable.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEUNREADABLE"/>hide unreadable (G)</term> - <listitem><para>This parameter prevents clients from seeing the - existance of files that cannot be read. Defaults to off.</para> - - <para>Default: <command moreinfo="none">hide unreadable = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml deleted file mode 100644 index 9e28e8de5c..0000000000 --- a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEUNWRITEABLEFILES"/>hide unwriteable files (G)</term> - <listitem><para>This parameter prevents clients from seeing - the existance of files that cannot be written to. Defaults to off. - Note that unwriteable directories are shown as usual. - </para> - - <para>Default: <command moreinfo="none">hide unwriteable = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglecase.xml b/docs/docbook/smbdotconf/filename/manglecase.xml deleted file mode 100644 index 170d77d453..0000000000 --- a/docs/docbook/smbdotconf/filename/manglecase.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLECASE"/>mangle case (S)</term> - <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link></para> - - <para>Default: <command moreinfo="none">mangle case = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledmap.xml b/docs/docbook/smbdotconf/filename/mangledmap.xml deleted file mode 100644 index abe6c031e0..0000000000 --- a/docs/docbook/smbdotconf/filename/mangledmap.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEDMAP"/>mangled map (S)</term> - <listitem><para>This is for those who want to directly map UNIX - file names which cannot be represented on Windows/DOS. The mangling - of names is not always what is needed. In particular you may have - documents with file extensions that differ between DOS and UNIX. - For example, under UNIX it is common to use <filename moreinfo="none">.html</filename> - for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename> - is more commonly used.</para> - - <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename> - you would use:</para> - - <para><command moreinfo="none">mangled map = (*.html *.htm)</command></para> - - <para>One very useful case is to remove the annoying <filename moreinfo="none">;1 - </filename> off the ends of filenames on some CDROMs (only visible - under some UNIXes). To do this use a map of (*;1 *;).</para> - - <para>Default: <emphasis>no mangled map</emphasis></para> - <para>Example: <command moreinfo="none">mangled map = (*;1 *;)</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglednames.xml b/docs/docbook/smbdotconf/filename/manglednames.xml deleted file mode 100644 index 41592b3159..0000000000 --- a/docs/docbook/smbdotconf/filename/manglednames.xml +++ /dev/null @@ -1,58 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEDNAMES"/>mangled names (S)</term> - <listitem><para>This controls whether non-DOS names under UNIX - should be mapped to DOS-compatible names ("mangled") and made visible, - or whether non-DOS names should simply be ignored.</para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link> for details on how to control the mangling process.</para> - - <para>If mangling is used then the mangling algorithm is as follows:</para> - - <itemizedlist> - <listitem><para>The first (up to) five alphanumeric characters - before the rightmost dot of the filename are preserved, forced - to upper case, and appear as the first (up to) five characters - of the mangled name.</para></listitem> - - <listitem><para>A tilde "~" is appended to the first part of the mangled - name, followed by a two-character unique sequence, based on the - original root name (i.e., the original filename minus its final - extension). The final extension is included in the hash calculation - only if it contains any upper case characters or is longer than three - characters.</para> - - <para>Note that the character to use may be specified using - the <link linkend="MANGLINGCHAR"><parameter moreinfo="none">mangling char</parameter> - </link> option, if you don't like '~'.</para></listitem> - - <listitem><para>The first three alphanumeric characters of the final - extension are preserved, forced to upper case and appear as the - extension of the mangled name. The final extension is defined as that - part of the original filename after the rightmost dot. If there are no - dots in the filename, the mangled name will have no extension (except - in the case of "hidden files" - see below).</para></listitem> - - <listitem><para>Files whose UNIX name begins with a dot will be - presented as DOS hidden files. The mangled name will be created as - for other filenames, but with the leading dot removed and "___" as - its extension regardless of actual original extension (that's three - underscores).</para></listitem> - </itemizedlist> - - <para>The two-digit hash value consists of upper case - alphanumeric characters.</para> - - <para>This algorithm can cause name collisions only if files - in a directory share the same first five alphanumeric characters. - The probability of such a clash is 1/1300.</para> - - <para>The name mangling (if enabled) allows a file to be - copied between UNIX directories from Windows/DOS while retaining - the long UNIX filename. UNIX files can be renamed to a new extension - from Windows/DOS and will retain the same basename. Mangled names - do not change between sessions.</para> - - <para>Default: <command moreinfo="none">mangled names = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml deleted file mode 100644 index 3e6099ba92..0000000000 --- a/docs/docbook/smbdotconf/filename/mangledstack.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEDSTACK"/>mangled stack (G)</term> - <listitem><para>This parameter controls the number of mangled names - that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>This stack is a list of recently mangled base names - (extensions are only maintained if they are longer than 3 characters - or contains upper case characters).</para> - - <para>The larger this value, the more likely it is that mangled - names can be successfully converted to correct long UNIX names. - However, large stack sizes will slow most directory accesses. Smaller - stacks save memory in the server (each stack element costs 256 bytes). - </para> - - <para>It is not possible to absolutely guarantee correct long - filenames, so be prepared for some surprises!</para> - - <para>Default: <command moreinfo="none">mangled stack = 50</command></para> - <para>Example: <command moreinfo="none">mangled stack = 100</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml deleted file mode 100644 index 7dfd46199c..0000000000 --- a/docs/docbook/smbdotconf/filename/mangleprefix.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEPREFIX"/>mangle prefix (G)</term> - <listitem><para> controls the number of prefix - characters from the original name used when generating - the mangled names. A larger value will give a weaker - hash and therefore more name collisions. The minimum - value is 1 and the maximum value is 6.</para> - <para>Default: <command moreinfo="none">mangle prefix = 1</command></para> - <para>Example: <command moreinfo="none">mangle prefix = 4</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml deleted file mode 100644 index e6a9050466..0000000000 --- a/docs/docbook/smbdotconf/filename/manglingchar.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLINGCHAR"/>mangling char (S)</term> - <listitem><para>This controls what character is used as - the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~' - but this may interfere with some software. Use this option to set - it to whatever you prefer.</para> - - <para>Default: <command moreinfo="none">mangling char = ~</command></para> - <para>Example: <command moreinfo="none">mangling char = ^</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingmethod.xml b/docs/docbook/smbdotconf/filename/manglingmethod.xml deleted file mode 100644 index 11f9e9eb01..0000000000 --- a/docs/docbook/smbdotconf/filename/manglingmethod.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLINGMETHOD"/>mangling method (G)</term> - <listitem><para> controls the algorithm used for the generating - the mangled names. Can take two different values, "hash" and - "hash2". "hash" is the default and is the algorithm that has been - used in Samba for many years. "hash2" is a newer and considered - a better algorithm (generates less collisions) in the names. - However, many Win32 applications store the mangled names and so - changing to the new algorithm must not be done - lightly as these applications may break unless reinstalled.</para> - <para>Default: <command moreinfo="none">mangling method = hash2</command></para> - <para>Example: <command moreinfo="none">mangling method = hash</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maparchive.xml b/docs/docbook/smbdotconf/filename/maparchive.xml deleted file mode 100644 index 18f39791aa..0000000000 --- a/docs/docbook/smbdotconf/filename/maparchive.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPARCHIVE"/>map archive (S)</term> - <listitem><para>This controls whether the DOS archive attribute - should be mapped to the UNIX owner execute bit. The DOS archive bit - is set when a file has been modified since its last backup. One - motivation for this option it to keep Samba/your PC from making - any file it touches from becoming executable under UNIX. This can - be quite annoying for shared source code, documents, etc...</para> - - <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> - parameter to be set such that owner execute bit is not masked out - (i.e. it must include 100). See the parameter <link linkend="CREATEMASK"> - <parameter moreinfo="none">create mask</parameter></link> for details.</para> - - <para>Default: <command moreinfo="none">map archive = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maphidden.xml b/docs/docbook/smbdotconf/filename/maphidden.xml deleted file mode 100644 index 2b0266c23e..0000000000 --- a/docs/docbook/smbdotconf/filename/maphidden.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPHIDDEN"/>map hidden (S)</term> - <listitem><para>This controls whether DOS style hidden files - should be mapped to the UNIX world execute bit.</para> - - <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> - to be set such that the world execute bit is not masked out (i.e. - it must include 001). See the parameter <link linkend="CREATEMASK"> - <parameter moreinfo="none">create mask</parameter></link> for details.</para> - - <para>Default: <command moreinfo="none">map hidden = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mapsystem.xml b/docs/docbook/smbdotconf/filename/mapsystem.xml deleted file mode 100644 index ead629971a..0000000000 --- a/docs/docbook/smbdotconf/filename/mapsystem.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPSYSTEM"/>map system (S)</term> - <listitem><para>This controls whether DOS style system files - should be mapped to the UNIX group execute bit.</para> - - <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> - to be set such that the group execute bit is not masked out (i.e. - it must include 010). See the parameter <link linkend="CREATEMASK"> - <parameter moreinfo="none">create mask</parameter></link> for details.</para> - - <para>Default: <command moreinfo="none">map system = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/preservecase.xml b/docs/docbook/smbdotconf/filename/preservecase.xml deleted file mode 100644 index 3be458ce15..0000000000 --- a/docs/docbook/smbdotconf/filename/preservecase.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRESERVECASE"/>preserve case (S)</term> - <listitem><para> This controls if new filenames are created - with the case that the client passes, or if they are forced to - be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case - </parameter></link>.</para> - - <para>Default: <command moreinfo="none">preserve case = yes</command></para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME - MANGLING</link> for a fuller discussion.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/shortpreservecase.xml b/docs/docbook/smbdotconf/filename/shortpreservecase.xml deleted file mode 100644 index 1c8b36380d..0000000000 --- a/docs/docbook/smbdotconf/filename/shortpreservecase.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHORTPRESERVECASE"/>short preserve case (S)</term> - <listitem><para>This boolean parameter controls if new files - which conform to 8.3 syntax, that is all in upper case and of - suitable length, are created upper case, or if they are forced - to be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case - </parameter></link>. This option can be use with <link linkend="PRESERVECASE"><command moreinfo="none">preserve case = yes</command> - </link> to permit long filenames to retain their case, while short - names are lowered. </para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link>.</para> - - <para>Default: <command moreinfo="none">short preserve case = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/statcache.xml b/docs/docbook/smbdotconf/filename/statcache.xml deleted file mode 100644 index ee94081483..0000000000 --- a/docs/docbook/smbdotconf/filename/statcache.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STATCACHE"/>stat cache (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will use a cache in order to - speed up case insensitive name mappings. You should never need - to change this parameter.</para> - - <para>Default: <command moreinfo="none">stat cache = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/stripdot.xml b/docs/docbook/smbdotconf/filename/stripdot.xml deleted file mode 100644 index ff877144a6..0000000000 --- a/docs/docbook/smbdotconf/filename/stripdot.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRIPDOT"/>strip dot (G)</term> - <listitem><para>This is a boolean that controls whether to - strip trailing dots off UNIX filenames. This helps with some - CDROMs that have filenames ending in a single dot.</para> - - <para>Default: <command moreinfo="none">strip dot = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/vetofiles.xml b/docs/docbook/smbdotconf/filename/vetofiles.xml deleted file mode 100644 index faef2040b9..0000000000 --- a/docs/docbook/smbdotconf/filename/vetofiles.xml +++ /dev/null @@ -1,46 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VETOFILES"/>veto files(S)</term> - <listitem><para>This is a list of files and directories that - are neither visible nor accessible. Each entry in the list must - be separated by a '/', which allows spaces to be included - in the entry. '*' and '?' can be used to specify multiple files - or directories as in DOS wildcards.</para> - - <para>Each entry must be a unix path, not a DOS path and - must <emphasis>not</emphasis> include the unix directory - separator '/'.</para> - - <para>Note that the <parameter moreinfo="none">case sensitive</parameter> option - is applicable in vetoing files.</para> - - <para>One feature of the veto files parameter that it - is important to be aware of is Samba's behaviour when - trying to delete a directory. If a directory that is - to be deleted contains nothing but veto files this - deletion will <emphasis>fail</emphasis> unless you also set - the <parameter moreinfo="none">delete veto files</parameter> parameter to - <parameter moreinfo="none">yes</parameter>.</para> - - <para>Setting this parameter will affect the performance - of Samba, as it will be forced to check all files and directories - for a match as they are scanned.</para> - - <para>See also <link linkend="HIDEFILES"><parameter moreinfo="none">hide files - </parameter></link> and <link linkend="CASESENSITIVE"><parameter moreinfo="none"> - case sensitive</parameter></link>.</para> - - <para>Default: <emphasis>No files or directories are vetoed. - </emphasis></para> - -<para>Examples:<programlisting format="linespecific"> -; Veto any files containing the word Security, -; any ending in .tmp, and any directory containing the -; word root. -veto files = /*Security*/*.tmp/*root*/ - -; Veto the Apple specific files that a NetAtalk server -; creates. -veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ -</programlisting></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml deleted file mode 100644 index 0c817c97f8..0000000000 --- a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VETOOPLOCKFILES"/>veto oplock files (S)</term> - <listitem><para>This parameter is only valid when the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter></link> - parameter is turned on for a share. It allows the Samba administrator - to selectively turn off the granting of oplocks on selected files that - match a wildcarded list, similar to the wildcarded list used in the - <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> - parameter.</para> - - <para>Default: <emphasis>No files are vetoed for oplock - grants</emphasis></para> - - <para>You might want to do this on files that you know will - be heavily contended for by clients. A good example of this - is in the NetBench SMB benchmark program, which causes heavy - client contention for files ending in <filename moreinfo="none">.SEM</filename>. - To cause Samba not to grant oplocks on these files you would use - the line (either in the [global] section or in the section for - the particular NetBench share :</para> - - <para>Example: <command moreinfo="none">veto oplock files = /*.SEM/ - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/generate-context.xsl b/docs/docbook/smbdotconf/generate-context.xsl deleted file mode 100644 index c9ca31085c..0000000000 --- a/docs/docbook/smbdotconf/generate-context.xsl +++ /dev/null @@ -1,56 +0,0 @@ -<?xml version='1.0'?> -<!-- vim:set sts=2 shiftwidth=2 syntax=xml: --> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - xmlns:exsl="http://exslt.org/common" - xmlns:samba="http://samba.org/common" - version="1.1" - extension-element-prefixes="exsl"> - -<xsl:output method="xml" omit-xml-declaration="yes"/> - -<xsl:param name="smb.context" select="'G'"/> - -<!-- This is needed to copy content unchanged --> -<xsl:template match="@*|node()"> - <xsl:copy> - <xsl:apply-templates select="@*|node()"/> - </xsl:copy> -</xsl:template> - -<xsl:template match="variablelist"> - <xsl:element name="itemizedlist"> - <xsl:apply-templates/> - </xsl:element> -</xsl:template> - -<xsl:template match="//samba:parameter"> - <xsl:message> - <xsl:text>Processing samba:parameter (</xsl:text> - <xsl:value-of select="@name"/> - <xsl:text>)</xsl:text> - </xsl:message> - - <xsl:variable name="name"><xsl:value-of select="translate(translate(string(@name),' ',''), - 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> - </xsl:variable> - - <xsl:if test="contains(@context,$smb.context)"> - <xsl:element name="listitem"> - <xsl:element name="para"> - <xsl:element name="link"> - <xsl:attribute name="linkend"> - <xsl:value-of select="$name"/> - </xsl:attribute> - <xsl:element name="parameter"> - <xsl:attribute name="moreinfo"><xsl:text>none</xsl:text></xsl:attribute> - <xsl:value-of select="@name"/> - </xsl:element> - </xsl:element> - </xsl:element> - </xsl:element> - <xsl:text> -</xsl:text> - </xsl:if> -</xsl:template> - -</xsl:stylesheet> diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml deleted file mode 100644 index f92e8ce310..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term> - <listitem><para> The <parameter moreinfo="none">ldap admin dn</parameter> defines the Distinguished - Name (DN) name used by Samba to contact the ldap server when retreiving - user account information. The <parameter moreinfo="none">ldap - admin dn</parameter> is used in conjunction with the admin dn password - stored in the <filename moreinfo="none">private/secrets.tdb</filename> file. See the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> man page for more information on how - to accmplish this. - </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml deleted file mode 100644 index 2b081853c6..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPDELETEDN"/>ldap del only sam attr (G)</term> - <listitem><para> This parameter specifies whether a delete - operation in the ldapsam deletes the complete entry or only the attributes - specific to Samba. - </para> - - <para>Default : <emphasis>ldap delete dn = no</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml b/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml deleted file mode 100644 index bae5b51e60..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPDELONLYSAMATTR"/>ldap del only sam attr (G)</term> - <listitem><para> Inverted synonym for <link linked="LDAPDELETEDN"><parameter moreinfo="none"> - ldap delete dn</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml deleted file mode 100644 index 6ddf8db30f..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapfilter.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPFILTER"/>ldap filter (G)</term> - <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter. - The default is to match the login name with the <constant>uid</constant> - attribute for all entries matching the <constant>sambaAccount</constant> - objectclass. Note that this filter should only return one entry. - </para> - - - <para>Default : <command moreinfo="none">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml deleted file mode 100644 index e02bf9acfc..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term> - <listitem><para>It specifies where machines should be - added to the ldap tree. - </para> - - - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml deleted file mode 100644 index ce9449374d..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term> - <listitem><para>This option is used to define whether - or not Samba should sync the LDAP password with the NT - and LM hashes for normal accounts (NOT for - workstation, server or domain trusts) on a password - change via SAMBA. - </para> - - <para> - The <parameter moreinfo="none">ldap passwd sync</parameter> can be set to one of three values: - </para> - <itemizedlist> - <listitem><para><parameter moreinfo="none">Yes</parameter> = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem> - - <listitem><para><parameter moreinfo="none">No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem> - - <listitem><para><parameter moreinfo="none">Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem> - </itemizedlist> - - <para>Default : <command moreinfo="none">ldap passwd sync = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml deleted file mode 100644 index 97c256d423..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapport.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPPORT"/>ldap port (G)</term> - <listitem><para>This parameter is only available if Samba has been - configure to include the <command moreinfo="none">--with-ldapsam</command> option - at compile time. - </para> - - <para> - This option is used to control the tcp port number used to contact - the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>. - The default is to use the stand LDAPS port 636. - </para> - - <para>See Also: <link linkend="LDAPSSL">ldap ssl</link> - </para> - - <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para> - <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml deleted file mode 100644 index 33d5652ac9..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapserver.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPSERVER"/>ldap server (G)</term> - <listitem><para>This parameter is only available if Samba has been - configure to include the <command moreinfo="none">--with-ldapsam</command> option - at compile time. - </para> - - <para> - This parameter should contain the FQDN of the ldap directory - server which should be queried to locate user account information. - </para> - - <para>Default : <command moreinfo="none">ldap server = localhost</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml deleted file mode 100644 index d747d8f7df..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapssl.xml +++ /dev/null @@ -1,30 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPSSL"/>ldap ssl (G)</term> - <listitem><para>This option is used to define whether or not Samba should - use SSL when connecting to the ldap server - This is <emphasis>NOT</emphasis> related to - Samba's previous SSL support which was enabled by specifying the - <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> - script. - </para> - - <para> - The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values: - </para> - <itemizedlist> - <listitem><para><parameter moreinfo="none">Off</parameter> = Never use SSL when querying the directory.</para></listitem> - - <listitem><para><parameter moreinfo="none">Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation - (RFC2830) for communicating with the directory server.</para></listitem> - - <listitem><para><parameter moreinfo="none">On</parameter> = - Use SSL on the ldaps port when contacting the - <parameter moreinfo="none">ldap server</parameter>. Only - available when the backwards-compatiblity <command moreinfo="none"> - --with-ldapsam</command> option is specified - to configure. See <link linkend="PASSDBBACKEND"><parameter moreinfo="none">passdb backend</parameter></link></para></listitem> - </itemizedlist> - - <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml deleted file mode 100644 index dae15f8104..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term> - <listitem> - <para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command moreinfo="none">ldap user suffix</command> and <command moreinfo="none">ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para> - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml deleted file mode 100644 index 8fe4a1400b..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term> - <listitem><para>Normally, Samba validates each entry - in the LDAP server against getpwnam(). This allows - LDAP to be used for Samba with the unix system using - NIS (for example) and also ensures that Samba does not - present accounts that do not otherwise exist. </para> - <para>This option is used to disable this functionality, and - instead to rely on the presence of the appropriate - attributes in LDAP directly, which can result in a - significant performance boost in some situations. - Setting this option to yes effectivly assumes - that the local machine is running <command moreinfo="none">nss_ldap</command> against the - same LDAP server.</para> - - <para>Default: <command moreinfo="none">ldap trust ids = No</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml deleted file mode 100644 index e4fb681e23..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term> - <listitem><para>It specifies where users are added to the tree. - </para> - - - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/blockinglocks.xml b/docs/docbook/smbdotconf/locking/blockinglocks.xml deleted file mode 100644 index ea5e90b5cd..0000000000 --- a/docs/docbook/smbdotconf/locking/blockinglocks.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BLOCKINGLOCKS"/>blocking locks (S)</term> - <listitem><para>This parameter controls the behavior - of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when given a request by a client - to obtain a byte range lock on a region of an open file, and the - request has a time limit associated with it.</para> - - <para>If this parameter is set and the lock range requested - cannot be immediately satisfied, samba will internally - queue the lock request, and periodically attempt to obtain - the lock until the timeout period expires.</para> - - <para>If this parameter is set to <constant>no</constant>, then - samba will behave as previous versions of Samba would and - will fail the lock request immediately if the lock range - cannot be obtained.</para> - - <para>Default: <command moreinfo="none">blocking locks = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/cscpolicy.xml b/docs/docbook/smbdotconf/locking/cscpolicy.xml deleted file mode 100644 index e5139bc4f3..0000000000 --- a/docs/docbook/smbdotconf/locking/cscpolicy.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CSCPOLICY"/>csc policy (S)</term> - <listitem><para>This stands for <emphasis>client-side caching - policy</emphasis>, and specifies how clients capable of offline - caching will cache the files in the share. The valid values - are: manual, documents, programs, disable.</para> - - <para>These values correspond to those used on Windows - servers.</para> - - <para>For example, shares containing roaming profiles can have - offline caching disabled using <command moreinfo="none">csc policy = disable - </command>.</para> - - <para>Default: <command moreinfo="none">csc policy = manual</command></para> - <para>Example: <command moreinfo="none">csc policy = programs</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/fakeoplocks.xml b/docs/docbook/smbdotconf/locking/fakeoplocks.xml deleted file mode 100644 index 16887726c0..0000000000 --- a/docs/docbook/smbdotconf/locking/fakeoplocks.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FAKEOPLOCKS"/>fake oplocks (S)</term> - <listitem><para>Oplocks are the way that SMB clients get permission - from a server to locally cache file operations. If a server grants - an oplock (opportunistic lock) then the client is free to assume - that it is the only one accessing the file and it will aggressively - cache file data. With some oplock types the client may even cache - file open/close operations. This can give enormous performance benefits. - </para> - - <para>When you set <command moreinfo="none">fake oplocks = yes</command>, <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> will - always grant oplock requests no matter how many clients are using - the file.</para> - - <para>It is generally much better to use the real <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter></link> support rather - than this parameter.</para> - - <para>If you enable this option on all read-only shares or - shares that you know will only be accessed from one client at a - time such as physically read-only media like CDROMs, you will see - a big performance improvement on many operations. If you enable - this option on shares where multiple clients may be accessing the - files read-write at the same time you can get data corruption. Use - this option carefully!</para> - - <para>Default: <command moreinfo="none">fake oplocks = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/kerneloplocks.xml b/docs/docbook/smbdotconf/locking/kerneloplocks.xml deleted file mode 100644 index 98513fdd1e..0000000000 --- a/docs/docbook/smbdotconf/locking/kerneloplocks.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="KERNELOPLOCKS"/>kernel oplocks (G)</term> - <listitem><para>For UNIXes that support kernel based <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter></link> - (currently only IRIX and the Linux 2.4 kernel), this parameter - allows the use of them to be turned on or off.</para> - - <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks - </parameter> to be broken whenever a local UNIX process or NFS operation - accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete - data consistency between SMB/CIFS, NFS and local file access (and is - a <emphasis>very</emphasis> cool feature :-).</para> - - <para>This parameter defaults to <constant>on</constant>, but is translated - to a no-op on systems that no not have the necessary kernel support. - You should never need to touch this parameter.</para> - - <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">level2 oplocks - </parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">kernel oplocks = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/level2oplocks.xml b/docs/docbook/smbdotconf/locking/level2oplocks.xml deleted file mode 100644 index adae6d268f..0000000000 --- a/docs/docbook/smbdotconf/locking/level2oplocks.xml +++ /dev/null @@ -1,39 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LEVEL2OPLOCKS"/>level2 oplocks (S)</term> - <listitem><para>This parameter controls whether Samba supports - level2 (read-only) oplocks on a share.</para> - - <para>Level2, or read-only oplocks allow Windows NT clients - that have an oplock on a file to downgrade from a read-write oplock - to a read-only oplock once a second client opens the file (instead - of releasing all oplocks on a second open, as in traditional, - exclusive oplocks). This allows all openers of the file that - support level2 oplocks to cache the file for read-ahead only (ie. - they may not cache writes or lock requests) and increases performance - for many accesses of files that are not commonly written (such as - application .EXE files).</para> - - <para>Once one of the clients which have a read-only oplock - writes to the file all clients are notified (no reply is needed - or waited for) and told to break their oplocks to "none" and - delete any read-ahead caches.</para> - - <para>It is recommended that this parameter be turned on - to speed access to shared executables.</para> - - <para>For more discussions on level2 oplocks see the CIFS spec.</para> - - <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel - oplocks</parameter></link> are supported then level2 oplocks are - not granted (even if this parameter is set to <constant>yes</constant>). - Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> parameter must be set to <constant>yes</constant> on this share in order for - this parameter to have any effect.</para> - - <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> and <link linkend="OPLOCKS"><parameter moreinfo="none">kernel oplocks</parameter> - </link> parameters.</para> - - <para>Default: <command moreinfo="none">level2 oplocks = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/locking.xml b/docs/docbook/smbdotconf/locking/locking.xml deleted file mode 100644 index aa27027a11..0000000000 --- a/docs/docbook/smbdotconf/locking/locking.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKING"/>locking (S)</term> - <listitem><para>This controls whether or not locking will be - performed by the server in response to lock requests from the - client.</para> - - <para>If <command moreinfo="none">locking = no</command>, all lock and unlock - requests will appear to succeed and all lock queries will report - that the file in question is available for locking.</para> - - <para>If <command moreinfo="none">locking = yes</command>, real locking will be performed - by the server.</para> - - <para>This option <emphasis>may</emphasis> be useful for read-only - filesystems which <emphasis>may</emphasis> not need locking (such as - CDROM drives), although setting this parameter of <constant>no</constant> - is not really recommended even in this case.</para> - - <para>Be careful about disabling locking either globally or in a - specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.</para> - - <para>Default: <command moreinfo="none">locking = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml deleted file mode 100644 index 1ee1aab4d4..0000000000 --- a/docs/docbook/smbdotconf/locking/lockspincount.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKSPINCOUNT"/>lock spin count (G)</term> - <listitem><para>This parameter controls the number of times - that smbd should attempt to gain a byte range lock on the - behalf of a client request. Experiments have shown that - Windows 2k servers do not reply with a failure if the lock - could not be immediately granted, but try a few more times - in case the lock could later be aquired. This behavior - is used to support PC database formats such as MS Access - and FoxPro. - </para> - - <para>Default: <command moreinfo="none">lock spin count = 2</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspintime.xml b/docs/docbook/smbdotconf/locking/lockspintime.xml deleted file mode 100644 index 4d3ea1bdc4..0000000000 --- a/docs/docbook/smbdotconf/locking/lockspintime.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKSPINTIME"/>lock spin time (G)</term> - <listitem><para>The time in microseconds that smbd should - pause before attempting to gain a failed lock. See - <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin - count</parameter></link> for more details. - </para> - - <para>Default: <command moreinfo="none">lock spin time = 10</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml deleted file mode 100644 index 5e08200a33..0000000000 --- a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OPLOCKBREAKWAITTIME"/>oplock break wait time (G)</term> - <listitem><para>This is a tuning parameter added due to bugs in - both Windows 9x and WinNT. If Samba responds to a client too - quickly when that client issues an SMB that can cause an oplock - break request, then the network client can fail and not respond - to the break request. This tuning parameter (which is set in milliseconds) - is the amount of time Samba will wait before sending an oplock break - request to such (broken) clients.</para> - - <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> - - <para>Default: <command moreinfo="none">oplock break wait time = 0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml deleted file mode 100644 index fd3b45d0b1..0000000000 --- a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OPLOCKCONTENTIONLIMIT"/>oplock contention limit (S)</term> - <listitem><para>This is a <emphasis>very</emphasis> advanced - <ulink url="smbd.8.html">smbd(8)</ulink> tuning option to - improve the efficiency of the granting of oplocks under multiple - client contention for the same file.</para> - - <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested - if the approximate number of clients contending for an oplock on the same file goes over this - limit. This causes <command moreinfo="none">smbd</command> to behave in a similar - way to Windows NT.</para> - - <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> - - <para>Default: <command moreinfo="none">oplock contention limit = 2</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplocks.xml b/docs/docbook/smbdotconf/locking/oplocks.xml deleted file mode 100644 index 071786f35c..0000000000 --- a/docs/docbook/smbdotconf/locking/oplocks.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OPLOCKS"/>oplocks (S)</term> - <listitem><para>This boolean option tells <command moreinfo="none">smbd</command> whether to - issue oplocks (opportunistic locks) to file open requests on this - share. The oplock code can dramatically (approx. 30% or more) improve - the speed of access to files on Samba servers. It allows the clients - to aggressively cache files locally and you may want to disable this - option for unreliable network environments (it is turned on by - default in Windows NT Servers). For more information see the file - <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename> - directory.</para> - - <para>Oplocks may be selectively turned off on certain files with a - share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none"> - veto oplock files</parameter></link> parameter. On some systems - oplocks are recognized by the underlying operating system. This - allows data synchronization between all access to oplocked files, - whether it be via Samba or NFS or a local UNIX process. See the - <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para> - - <para>See also the <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel - oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none"> - level2 oplocks</parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">oplocks = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/posixlocking.xml b/docs/docbook/smbdotconf/locking/posixlocking.xml deleted file mode 100644 index 4f2e2d215b..0000000000 --- a/docs/docbook/smbdotconf/locking/posixlocking.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="POSIXLOCKING"/>posix locking (S)</term> - <listitem><para>The <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - daemon maintains an database of file locks obtained by SMB clients. - The default behavior is to map this internal database to POSIX - locks. This means that file locks obtained by SMB clients are - consistent with those seen by POSIX compliant applications accessing - the files via a non-SMB method (e.g. NFS or local file access). - You should never need to disable this parameter.</para> - - <para>Default: <command moreinfo="none">posix locking = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/sharemodes.xml b/docs/docbook/smbdotconf/locking/sharemodes.xml deleted file mode 100644 index c789ed0fb2..0000000000 --- a/docs/docbook/smbdotconf/locking/sharemodes.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHAREMODES"/>share modes (S)</term> - <listitem><para>This enables or disables the honoring of - the <parameter moreinfo="none">share modes</parameter> during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.</para> - - <para>These open modes are not directly supported by UNIX, so - they are simulated using shared memory, or lock files if your - UNIX doesn't support shared memory (almost all do).</para> - - <para>The share modes that are enabled by this option are - <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>, - <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>, - <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>. - </para> - - <para>This option gives full share compatibility and enabled - by default.</para> - - <para>You should <emphasis>NEVER</emphasis> turn this parameter - off as many Windows applications will break if you do so.</para> - - <para>Default: <command moreinfo="none">share modes = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/strictlocking.xml b/docs/docbook/smbdotconf/locking/strictlocking.xml deleted file mode 100644 index b67ae47736..0000000000 --- a/docs/docbook/smbdotconf/locking/strictlocking.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRICTLOCKING"/>strict locking (S)</term> - <listitem><para>This is a boolean that controls the handling of - file locking in the server. When this is set to <constant>yes</constant> - the server will check every read and write access for file locks, and - deny access if locks exist. This can be slow on some systems.</para> - - <para>When strict locking is <constant>no</constant> the server does file - lock checks only when the client explicitly asks for them.</para> - - <para>Well-behaved clients always ask for lock checks when it - is important, so in the vast majority of cases <command moreinfo="none">strict - locking = no</command> is preferable.</para> - - <para>Default: <command moreinfo="none">strict locking = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debughirestimestamp.xml b/docs/docbook/smbdotconf/logging/debughirestimestamp.xml deleted file mode 100644 index a5f40b73ca..0000000000 --- a/docs/docbook/smbdotconf/logging/debughirestimestamp.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGHIRESTIMESTAMP"/>debug hires timestamp (G)</term> - <listitem><para>Sometimes the timestamps in the log messages - are needed with a resolution of higher that seconds, this - boolean parameter adds microsecond resolution to the timestamp - message header when turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command moreinfo="none">debug hires timestamp = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debuglevel.xml b/docs/docbook/smbdotconf/logging/debuglevel.xml deleted file mode 100644 index 99153fa853..0000000000 --- a/docs/docbook/smbdotconf/logging/debuglevel.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGLEVEL"/>debuglevel (G)</term> - <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter moreinfo="none"> - log level</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debugpid.xml b/docs/docbook/smbdotconf/logging/debugpid.xml deleted file mode 100644 index 829e168412..0000000000 --- a/docs/docbook/smbdotconf/logging/debugpid.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGPID"/>debug pid (G)</term> - <listitem><para>When using only one log file for more then one - forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process - outputs which message. This boolean parameter is adds the process-id - to the timestamp message headers in the logfile when turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command moreinfo="none">debug pid = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debugtimestamp.xml b/docs/docbook/smbdotconf/logging/debugtimestamp.xml deleted file mode 100644 index 1265c1d21b..0000000000 --- a/docs/docbook/smbdotconf/logging/debugtimestamp.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGTIMESTAMP"/>debug timestamp (G)</term> - <listitem><para>Samba debug log messages are timestamped - by default. If you are running at a high <link linkend="DEBUGLEVEL"> - <parameter moreinfo="none">debug level</parameter></link> these timestamps - can be distracting. This boolean parameter allows timestamping - to be turned off.</para> - - <para>Default: <command moreinfo="none">debug timestamp = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debuguid.xml b/docs/docbook/smbdotconf/logging/debuguid.xml deleted file mode 100644 index 9b0786d6b3..0000000000 --- a/docs/docbook/smbdotconf/logging/debuguid.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGUID"/>debug uid (G)</term> - <listitem><para>Samba is sometimes run as root and sometime - run as the connected user, this boolean parameter inserts the - current euid, egid, uid and gid to the timestamp message headers - in the log file if turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command moreinfo="none">debug uid = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/logfile.xml b/docs/docbook/smbdotconf/logging/logfile.xml deleted file mode 100644 index 6f176ef02b..0000000000 --- a/docs/docbook/smbdotconf/logging/logfile.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGFILE"/>log file (G)</term> - <listitem><para>This option allows you to override the name - of the Samba log file (also known as the debug file).</para> - - <para>This option takes the standard substitutions, allowing - you to have separate log files for each user or machine.</para> - - <para>Example: <command moreinfo="none">log file = /usr/local/samba/var/log.%m - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/loglevel.xml b/docs/docbook/smbdotconf/logging/loglevel.xml deleted file mode 100644 index 610dc96812..0000000000 --- a/docs/docbook/smbdotconf/logging/loglevel.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGLEVEL"/>log level (G)</term> - <listitem><para>The value of the parameter (a astring) allows - the debug level (logging level) to be specified in the - <filename moreinfo="none">smb.conf</filename> file. This parameter has been - extended since the 2.2.x series, now it allow to specify the debug - level for multiple debug classes. This is to give greater - flexibility in the configuration of the system.</para> - - <para>The default will be the log level specified on - the command line or level zero if none was specified.</para> - - <para>Example: <command moreinfo="none">log level = 3 passdb:5 auth:10 winbind:2 - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/maxlogsize.xml b/docs/docbook/smbdotconf/logging/maxlogsize.xml deleted file mode 100644 index 117410b18c..0000000000 --- a/docs/docbook/smbdotconf/logging/maxlogsize.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXLOGSIZE"/>max log size (G)</term> - <listitem><para>This option (an integer in kilobytes) specifies - the max size the log file should grow to. Samba periodically checks - the size and if it is exceeded it will rename the file, adding - a <filename moreinfo="none">.old</filename> extension.</para> - - <para>A size of 0 means no limit.</para> - - <para>Default: <command moreinfo="none">max log size = 5000</command></para> - <para>Example: <command moreinfo="none">max log size = 1000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/syslog.xml b/docs/docbook/smbdotconf/logging/syslog.xml deleted file mode 100644 index ac098e690a..0000000000 --- a/docs/docbook/smbdotconf/logging/syslog.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SYSLOG"/>syslog (G)</term> - <listitem><para>This parameter maps how Samba debug messages - are logged onto the system syslog logging levels. Samba debug - level zero maps onto syslog <constant>LOG_ERR</constant>, debug - level one maps onto <constant>LOG_WARNING</constant>, debug level - two maps onto <constant>LOG_NOTICE</constant>, debug level three - maps onto LOG_INFO. All higher levels are mapped to <constant> - LOG_DEBUG</constant>.</para> - - <para>This parameter sets the threshold for sending messages - to syslog. Only messages with debug level less than this value - will be sent to syslog.</para> - - <para>Default: <command moreinfo="none">syslog = 1</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/syslogonly.xml b/docs/docbook/smbdotconf/logging/syslogonly.xml deleted file mode 100644 index a955306fe0..0000000000 --- a/docs/docbook/smbdotconf/logging/syslogonly.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SYSLOGONLY"/>syslog only (G)</term> - <listitem><para>If this parameter is set then Samba debug - messages are logged into the system syslog only, and not to - the debug log files.</para> - - <para>Default: <command moreinfo="none">syslog only = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/timestamplogs.xml b/docs/docbook/smbdotconf/logging/timestamplogs.xml deleted file mode 100644 index 5f5f42d738..0000000000 --- a/docs/docbook/smbdotconf/logging/timestamplogs.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TIMESTAMPLOGS"/>timestamp logs (G)</term> - <listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml deleted file mode 100644 index 89fd9186bb..0000000000 --- a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ABORTSHUTDOWNSCRIPT"/>abort shutdown script (G)</term> - <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> that - should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"><parameter moreinfo="none">shutdown script</parameter></link>.</para> - - <para>This command will be run as user.</para> - - <para>Default: <emphasis>None</emphasis>.</para> - <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml deleted file mode 100644 index 67441a1645..0000000000 --- a/docs/docbook/smbdotconf/logon/addgroupscript.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="ADDGROUPSCRIPT"/>add group script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a new group is - requested. It will expand any - <parameter moreinfo="none">%g</parameter> to the group name passed. - This script is only useful for installations using the - Windows NT domain administration tools. The script is - free to create a group with an arbitrary name to - circumvent unix group name restrictions. In that case - the script must print the numeric gid of the created - group on stdout. - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml deleted file mode 100644 index fdc69c9490..0000000000 --- a/docs/docbook/smbdotconf/logon/addmachinescript.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDMACHINESCRIPT"/>add machine script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a machine is added - to it's domain using the administrator username and password method. </para> - - <para>This option is only required when using sam back-ends tied to the - Unix uid method of RID calculation such as smbpasswd. This option is only - available in Samba 3.0.</para> - - <para>Default: <command moreinfo="none">add machine script = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml deleted file mode 100644 index 3afea231a5..0000000000 --- a/docs/docbook/smbdotconf/logon/adduserscript.xml +++ /dev/null @@ -1,49 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> - - <para>Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users - <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> - - <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter> - and <parameter moreinfo="none">add user script</parameter> - must be set to a full pathname for a script that will create a UNIX - user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into - the UNIX user name to create.</para> - - <para>When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and - attempts to authenticate the given user with the given password. If the - authentication succeeds then <command moreinfo="none">smbd</command> - attempts to find a UNIX user in the UNIX password database to map the - Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script - </parameter> is set then <command moreinfo="none">smbd</command> will - call the specified script <emphasis>AS ROOT</emphasis>, expanding - any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para> - - <para>If this script successfully creates the user then <command moreinfo="none">smbd - </command> will continue on as though the UNIX user - already existed. In this way, UNIX users are dynamically created to - match existing Windows NT accounts.</para> - - <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link>, <link linkend="PASSWORDSERVER"> - <parameter moreinfo="none">password server</parameter></link>, - <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user - script</parameter></link>.</para> - - <para>Default: <command moreinfo="none">add user script = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user - %u</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml deleted file mode 100644 index fe8be5b504..0000000000 --- a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDUSERTOGROUPSCRIPT"/>add user to group script (G)</term> - <listitem><para>Full path to the script that will be called when - a user is added to a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and - any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. - </para> - - <para>Default: <command moreinfo="none">add user to group script = </command></para> - - <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml deleted file mode 100644 index 02c413115a..0000000000 --- a/docs/docbook/smbdotconf/logon/deletegroupscript.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="DELETEGROUPSCRIPT"/>delete group script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. - It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed. - This script is only useful for installations using the Windows NT domain administration tools. - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml deleted file mode 100644 index bb1c5136c1..0000000000 --- a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEUSERFROMGROUPSCRIPT"/>delete user from group script (G)</term> - <listitem><para>Full path to the script that will be called when - a user is removed from a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and - any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. - </para> - - <para>Default: <command moreinfo="none">delete user from group script = </command></para> - - <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml deleted file mode 100644 index afb75dbe77..0000000000 --- a/docs/docbook/smbdotconf/logon/deleteuserscript.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEUSERSCRIPT"/>delete user script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when managing users - with remote RPC (NT) tools. - </para> - - <para>This script is called when a remote client removes a user - from the server, normally using 'User Manager for Domains' or - <command moreinfo="none">rpcclient</command>. - </para> - - <para>This script should delete the given UNIX username. - </para> - - <para>Default: <command moreinfo="none">delete user script = <empty string> - </command></para> - <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user - %u</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml deleted file mode 100644 index 9a2f432f7d..0000000000 --- a/docs/docbook/smbdotconf/logon/domainlogons.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOMAINLOGONS"/>domain logons (G)</term> - <listitem><para>If set to <constant>yes</constant>, the Samba server will serve - Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> - <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2 - has limited capability to act as a domain controller for Windows - NT 4 Domains. For more details on setting up this feature see - the Samba-PDC-HOWTO included in the <filename moreinfo="none">htmldocs/</filename> - directory shipped with the source code.</para> - - <para>Default: <command moreinfo="none">domain logons = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml deleted file mode 100644 index d0aa4d7456..0000000000 --- a/docs/docbook/smbdotconf/logon/logondrive.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONDRIVE"/>logon drive (G)</term> - <listitem><para>This parameter specifies the local path to - which the home directory will be connected (see <link linkend="LOGONHOME"><parameter moreinfo="none">logon home</parameter></link>) - and is only used by NT Workstations. </para> - - <para>Note that this option is only useful if Samba is set up as a - logon server.</para> - - <para>Default: <command moreinfo="none">logon drive = z:</command></para> - <para>Example: <command moreinfo="none">logon drive = h:</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml deleted file mode 100644 index ec19c54043..0000000000 --- a/docs/docbook/smbdotconf/logon/logonhome.xml +++ /dev/null @@ -1,40 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONHOME"/>logon home (G)</term> - <listitem><para>This parameter specifies the home directory - location when a Win95/98 or NT Workstation logs into a Samba PDC. - It allows you to do </para> - - <para><prompt moreinfo="none">C:\> </prompt><userinput moreinfo="none">NET USE H: /HOME</userinput> - </para> - - <para>from a command prompt, for example.</para> - - <para>This option takes the standard substitutions, allowing - you to have separate logon scripts for each user or machine.</para> - - <para>This parameter can be used with Win9X workstations to ensure - that roaming profiles are stored in a subdirectory of the user's - home directory. This is done in the following way:</para> - - <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para> - - <para>This tells Samba to return the above string, with - substitutions made when a client requests the info, generally - in a NetUserGetInfo request. Win9X clients truncate the info to - \\server\share when a user does <command moreinfo="none">net use /home</command> - but use the whole string when dealing with profiles.</para> - - <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> - <parameter moreinfo="none">logon path</parameter></link> was returned rather than - <parameter moreinfo="none">logon home</parameter>. This broke <command moreinfo="none">net use - /home</command> but allowed profiles outside the home directory. - The current implementation is correct, and can be used for - profiles if you use the above trick.</para> - - <para>This option is only useful if Samba is set up as a logon - server.</para> - - <para>Default: <command moreinfo="none">logon home = "\\%N\%U"</command></para> - <para>Example: <command moreinfo="none">logon home = "\\remote_smb_server\%U"</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml deleted file mode 100644 index 04a2777862..0000000000 --- a/docs/docbook/smbdotconf/logon/logonpath.xml +++ /dev/null @@ -1,45 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONPATH"/>logon path (G)</term> - <listitem><para>This parameter specifies the home directory - where roaming profiles (NTuser.dat etc files for Windows NT) are - stored. Contrary to previous versions of these manual pages, it has - nothing to do with Win 9X roaming profiles. To find out how to - handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> - <parameter moreinfo="none">logon home</parameter></link> parameter.</para> - - <para>This option takes the standard substitutions, allowing you - to have separate logon scripts for each user or machine. It also - specifies the directory from which the "Application Data", - (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>, - <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename> - and other folders, and their contents, are loaded and displayed on - your Windows NT client.</para> - - <para>The share and the path must be readable by the user for - the preferences and directories to be loaded onto the Windows NT - client. The share must be writeable when the user logs in for the first - time, in order that the Windows NT client can create the NTuser.dat - and other directories.</para> - - <para>Thereafter, the directories and any of the contents can, - if required, be made read-only. It is not advisable that the - NTuser.dat file be made read-only - rename it to NTuser.man to - achieve the desired effect (a <emphasis>MAN</emphasis>datory - profile). </para> - - <para>Windows clients can sometimes maintain a connection to - the [homes] share, even though there is no user logged in. - Therefore, it is vital that the logon path does not include a - reference to the homes share (i.e. setting this parameter to - \%N\%U\profile_path will cause problems).</para> - - <para>This option takes the standard substitutions, allowing - you to have separate logon scripts for each user or machine.</para> - - <para>Note that this option is only useful if Samba is set up - as a logon server.</para> - - <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para> - <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml deleted file mode 100644 index 842cf927d2..0000000000 --- a/docs/docbook/smbdotconf/logon/logonscript.xml +++ /dev/null @@ -1,39 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONSCRIPT"/>logon script (G)</term> - <listitem><para>This parameter specifies the batch file (.bat) or - NT command file (.cmd) to be downloaded and run on a machine when - a user successfully logs in. The file must contain the DOS - style CR/LF line endings. Using a DOS-style editor to create the - file is recommended.</para> - - <para>The script must be a relative path to the [netlogon] - service. If the [netlogon] service specifies a <link linkend="PATH"> - <parameter moreinfo="none">path</parameter></link> of <filename moreinfo="none">/usr/local/samba/netlogon - </filename>, and <command moreinfo="none">logon script = STARTUP.BAT</command>, then - the file that will be downloaded is:</para> - - <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para> - - <para>The contents of the batch file are entirely your choice. A - suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET - /YES</command>, to force every machine to synchronize clocks with - the same time server. Another use would be to add <command moreinfo="none">NET USE - U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none"> - NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> - - <para>Note that it is particularly important not to allow write - access to the [netlogon] share, or to grant users write permission - on the batch files in a secure environment, as this would allow - the batch files to be arbitrarily modified and security to be - breached.</para> - - <para>This option takes the standard substitutions, allowing you - to have separate logon scripts for each user or machine.</para> - - <para>This option is only useful if Samba is set up as a logon - server.</para> - - <para>Default: <emphasis>no logon script defined</emphasis></para> - <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml deleted file mode 100644 index ac286393b5..0000000000 --- a/docs/docbook/smbdotconf/logon/shutdownscript.xml +++ /dev/null @@ -1,42 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHUTDOWNSCRIPT"/>shutdown script (G)</term> - <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by - <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> that - should start a shutdown procedure.</para> - - <para>This command will be run as the user connected to the - server.</para> - - <para>%m %t %r %f parameters are expanded</para> - <para><parameter moreinfo="none">%m</parameter> will be substituted with the - shutdown message sent to the server.</para> - <para><parameter moreinfo="none">%t</parameter> will be substituted with the - number of seconds to wait before effectively starting the - shutdown procedure.</para> - <para><parameter moreinfo="none">%r</parameter> will be substituted with the - switch <emphasis>-r</emphasis>. It means reboot after shutdown - for NT. - </para> - <para><parameter moreinfo="none">%f</parameter> will be substituted with the - switch <emphasis>-f</emphasis>. It means force the shutdown - even if applications do not respond for NT.</para> - - <para>Default: <emphasis>None</emphasis>.</para> - <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> - <para>Shutdown script example: -<programlisting format="linespecific"> -#!/bin/bash - -$time=0 -let "time/60" -let "time++" - -/sbin/shutdown $3 $4 +$time $1 & -</programlisting> - Shutdown does not return so we need to launch it in background. - </para> - - <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"><parameter moreinfo="none">abort shutdown script</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/man.xsl b/docs/docbook/smbdotconf/man.xsl deleted file mode 100644 index a7ae76bbd8..0000000000 --- a/docs/docbook/smbdotconf/man.xsl +++ /dev/null @@ -1,159 +0,0 @@ -<?xml version='1.0'?> -<!-- vim:set sts=2 shiftwidth=2 syntax=xml: --> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - version='1.0'> - -<xsl:import href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"/> - -<xsl:param name="chunk.section.depth" select="0"/> -<xsl:param name="chunk.first.sections" select="1"/> -<xsl:param name="use.id.as.filename" select="1"/> -<xsl:param name="base.dir" select="'../../manpages/'"/> - -<!-- - Our ulink stylesheet omits @url part if content was specified ---> -<xsl:template match="ulink"> - <xsl:variable name="content"> - <xsl:apply-templates/> - </xsl:variable> - <xsl:if test="$content = ''"> - <xsl:text>: </xsl:text> - </xsl:if> - <xsl:if test="$content != ''"> - <xsl:value-of select="$content" /> - </xsl:if> - <xsl:if test="$content = ''"> - <xsl:apply-templates mode="italic" select="@url" /> - </xsl:if> -</xsl:template> - -<xsl:template match="refentry"> - - <xsl:variable name="section" select="refmeta/manvolnum"/> - <xsl:variable name="name" select="refnamediv/refname[1]"/> - <xsl:variable name="base.dir" select="$base.dir"/> - <!-- standard man page width is 64 chars; 6 chars needed for the two - (x) volume numbers, and 2 spaces, leaves 56 --> - <xsl:variable name="twidth" select="(74 - string-length(refmeta/refentrytitle)) div 2"/> - - <xsl:variable name="reftitle" - select="substring(refmeta/refentrytitle, 1, $twidth)"/> - - <xsl:variable name="title"> - <xsl:choose> - <xsl:when test="refentryinfo/title"> - <xsl:value-of select="refentryinfo/title"/> - </xsl:when> - <xsl:when test="../referenceinfo/title"> - <xsl:value-of select="../referenceinfo/title"/> - </xsl:when> - </xsl:choose> - </xsl:variable> - - <xsl:variable name="date"> - <xsl:choose> - <xsl:when test="refentryinfo/date"> - <xsl:value-of select="refentryinfo/date"/> - </xsl:when> - <xsl:when test="../referenceinfo/date"> - <xsl:value-of select="../referenceinfo/date"/> - </xsl:when> - </xsl:choose> - </xsl:variable> - - <xsl:variable name="productname"> - <xsl:choose> - <xsl:when test="refentryinfo/productname"> - <xsl:value-of select="refentryinfo/productname"/> - </xsl:when> - <xsl:when test="../referenceinfo/productname"> - <xsl:value-of select="../referenceinfo/productname"/> - </xsl:when> - </xsl:choose> - </xsl:variable> - - <xsl:call-template name="write.text.chunk"> - <xsl:with-param name="filename" - select="concat($base.dir, normalize-space ($name), '.', $section)"/> - <xsl:with-param name="content"> - <xsl:text>.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "</xsl:text> - <xsl:value-of select="translate($reftitle,'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> - <xsl:text>" </xsl:text> - <xsl:value-of select="refmeta/manvolnum[1]"/> - <xsl:text> "</xsl:text> - <xsl:value-of select="normalize-space($date)"/> - <xsl:text>" "</xsl:text> - <xsl:value-of select="normalize-space($productname)"/> - <xsl:text>" "</xsl:text> - <xsl:value-of select="$title"/> - <xsl:text>" -</xsl:text> - <xsl:apply-templates/> - <xsl:text> </xsl:text> - - <!-- Author section --> - <xsl:choose> - <xsl:when test="refentryinfo//author"> - <xsl:apply-templates select="refentryinfo" mode="authorsect"/> - </xsl:when> - </xsl:choose> - </xsl:with-param> - </xsl:call-template> -</xsl:template> - -<xsl:template match="informalexample|screen|programlisting"> - <xsl:text>.nf </xsl:text> - <xsl:apply-templates/> - <xsl:text>.fi </xsl:text> -</xsl:template> - -<xsl:template match="//emphasis"> - <xsl:text>\fB</xsl:text> - <xsl:apply-templates/> - <xsl:text>\fR</xsl:text> -</xsl:template> - -<xsl:template match="para|simpara|remark" mode="list"> - <xsl:variable name="foo"> - <xsl:apply-templates/> - </xsl:variable> - <xsl:choose match="node()"> - <!-- Don't normalize-space() for verbatim paragraphs --> - <xsl:when test="informalexample|screen|programlisting"> - <xsl:value-of select="$foo"/> - </xsl:when> - <xsl:otherwise> - <xsl:value-of select="normalize-space($foo)"/> - <xsl:text> </xsl:text> - </xsl:otherwise> - </xsl:choose> - <xsl:text> </xsl:text> - <xsl:if test="following-sibling::para or following-sibling::simpara or - following-sibling::remark"> - <!-- Make sure multiple paragraphs within a list item don't --> - <!-- merge together. --> - <xsl:text> </xsl:text> - </xsl:if> -</xsl:template> - -</xsl:stylesheet> diff --git a/docs/docbook/smbdotconf/misc/addsharecommand.xml b/docs/docbook/smbdotconf/misc/addsharecommand.xml deleted file mode 100644 index 233d3e7dc4..0000000000 --- a/docs/docbook/smbdotconf/misc/addsharecommand.xml +++ /dev/null @@ -1,51 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDSHARECOMMAND"/>add share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter moreinfo="none">add share command</parameter> is used to define an - external program or script which will add a new service definition - to <filename moreinfo="none">smb.conf</filename>. In order to successfully - execute the <parameter moreinfo="none">add share command</parameter>, <command moreinfo="none">smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command moreinfo="none">smbd</command> will automatically invoke the - <parameter moreinfo="none">add share command</parameter> with four parameters. - </para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">configFile</parameter> - the location - of the global <filename moreinfo="none">smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter moreinfo="none">shareName</parameter> - the name of the new - share. - </para></listitem> - - <listitem><para><parameter moreinfo="none">pathName</parameter> - path to an **existing** - directory on disk. - </para></listitem> - - <listitem><para><parameter moreinfo="none">comment</parameter> - comment string to associate - with the new share. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used for add file shares. To add printer shares, - see the <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter - command</parameter></link>. - </para> - - <para> - See also <link linkend="CHANGESHARECOMMAND"><parameter moreinfo="none">change share - command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter moreinfo="none">delete share - command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">add share command = /usr/local/bin/addshare</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/autoservices.xml b/docs/docbook/smbdotconf/misc/autoservices.xml deleted file mode 100644 index d137f650f8..0000000000 --- a/docs/docbook/smbdotconf/misc/autoservices.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="AUTOSERVICES"/>auto services (G)</term> - <listitem><para>This is a synonym for the <link linkend="PRELOAD"> - <parameter moreinfo="none">preload</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/available.xml b/docs/docbook/smbdotconf/misc/available.xml deleted file mode 100644 index 025c1c06fb..0000000000 --- a/docs/docbook/smbdotconf/misc/available.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="AVAILABLE"/>available (S)</term> - <listitem><para>This parameter lets you "turn off" a service. If - <parameter moreinfo="none">available = no</parameter>, then <emphasis>ALL</emphasis> - attempts to connect to the service will fail. Such failures are - logged.</para> - - <para>Default: <command moreinfo="none">available = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/changesharecommand.xml b/docs/docbook/smbdotconf/misc/changesharecommand.xml deleted file mode 100644 index 3fb494c513..0000000000 --- a/docs/docbook/smbdotconf/misc/changesharecommand.xml +++ /dev/null @@ -1,50 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CHANGESHARECOMMAND"/>change share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter moreinfo="none">change share command</parameter> is used to define an - external program or script which will modify an existing service definition - in <filename moreinfo="none">smb.conf</filename>. In order to successfully - execute the <parameter moreinfo="none">change share command</parameter>, <command moreinfo="none">smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command moreinfo="none">smbd</command> will automatically invoke the - <parameter moreinfo="none">change share command</parameter> with four parameters. - </para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">configFile</parameter> - the location - of the global <filename moreinfo="none">smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter moreinfo="none">shareName</parameter> - the name of the new - share. - </para></listitem> - - <listitem><para><parameter moreinfo="none">pathName</parameter> - path to an **existing** - directory on disk. - </para></listitem> - - <listitem><para><parameter moreinfo="none">comment</parameter> - comment string to associate - with the new share. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used modify existing file shares definitions. To modify - printer shares, use the "Printers..." folder as seen when browsing the Samba host. - </para> - - <para> - See also <link linkend="ADDSHARECOMMAND"><parameter moreinfo="none">add share - command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter moreinfo="none">delete - share command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">change share command = /usr/local/bin/addshare</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/configfile.xml b/docs/docbook/smbdotconf/misc/configfile.xml deleted file mode 100644 index 3edf611b55..0000000000 --- a/docs/docbook/smbdotconf/misc/configfile.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CONFIGFILE"/>config file (G)</term> - <listitem><para>This allows you to override the config file - to use, instead of the default (usually <filename moreinfo="none">smb.conf</filename>). - There is a chicken and egg problem here as this option is set - in the config file!</para> - - <para>For this reason, if the name of the config file has changed - when the parameters are loaded then it will reload them from - the new config file.</para> - - <para>This option takes the usual substitutions, which can - be very useful.</para> - - <para>If the config file doesn't exist then it won't be loaded - (allowing you to special case the config files of just a few - clients).</para> - - <para>Example: <command moreinfo="none">config file = /usr/local/samba/lib/smb.conf.%m - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/copy.xml b/docs/docbook/smbdotconf/misc/copy.xml deleted file mode 100644 index a7945af8ae..0000000000 --- a/docs/docbook/smbdotconf/misc/copy.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="COPY"/>copy (S)</term> - <listitem><para>This parameter allows you to "clone" service - entries. The specified service is simply duplicated under the - current service's name. Any parameters specified in the current - section will override those in the section being copied.</para> - - <para>This feature lets you set up a 'template' service and - create similar services easily. Note that the service being - copied must occur earlier in the configuration file than the - service doing the copying.</para> - - <para>Default: <emphasis>no value</emphasis></para> - <para>Example: <command moreinfo="none">copy = otherservice</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/default.xml b/docs/docbook/smbdotconf/misc/default.xml deleted file mode 100644 index c396d1947b..0000000000 --- a/docs/docbook/smbdotconf/misc/default.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULT"/>default (G)</term> - <listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter moreinfo="none"> - default service</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/defaultservice.xml b/docs/docbook/smbdotconf/misc/defaultservice.xml deleted file mode 100644 index 7aeedb177a..0000000000 --- a/docs/docbook/smbdotconf/misc/defaultservice.xml +++ /dev/null @@ -1,36 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULTSERVICE"/>default service (G)</term> - <listitem><para>This parameter specifies the name of a service - which will be connected to if the service actually requested cannot - be found. Note that the square brackets are <emphasis>NOT</emphasis> - given in the parameter value (see example below).</para> - - <para>There is no default value for this parameter. If this - parameter is not given, attempting to connect to a nonexistent - service results in an error.</para> - - <para>Typically the default service would be a <link linkend="GUESTOK"> - <parameter moreinfo="none">guest ok</parameter></link>, <link linkend="READONLY"> - <parameter moreinfo="none">read-only</parameter></link> service.</para> - - <para>Also note that the apparent service name will be changed - to equal that of the requested service, this is very useful as it - allows you to use macros like <parameter moreinfo="none">%S</parameter> to make - a wildcard service.</para> - - <para>Note also that any "_" characters in the name of the service - used in the default service will get mapped to a "/". This allows for - interesting things.</para> - - - <para>Example:</para> - -<para><programlisting format="linespecific"> -[global] - default service = pub - -[pub] - path = /%S -</programlisting></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/deletereadonly.xml b/docs/docbook/smbdotconf/misc/deletereadonly.xml deleted file mode 100644 index 8e86b5b00b..0000000000 --- a/docs/docbook/smbdotconf/misc/deletereadonly.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEREADONLY"/>delete readonly (S)</term> - <listitem><para>This parameter allows readonly files to be deleted. - This is not normal DOS semantics, but is allowed by UNIX.</para> - - <para>This option may be useful for running applications such - as rcs, where UNIX file ownership prevents changing file - permissions, and DOS semantics prevent deletion of a read only file.</para> - - <para>Default: <command moreinfo="none">delete readonly = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/deletesharecommand.xml b/docs/docbook/smbdotconf/misc/deletesharecommand.xml deleted file mode 100644 index c3481c86ec..0000000000 --- a/docs/docbook/smbdotconf/misc/deletesharecommand.xml +++ /dev/null @@ -1,44 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETESHARECOMMAND"/>delete share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter moreinfo="none">delete share command</parameter> is used to define an - external program or script which will remove an existing service - definition from <filename moreinfo="none">smb.conf</filename>. In order to successfully - execute the <parameter moreinfo="none">delete share command</parameter>, <command moreinfo="none">smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command moreinfo="none">smbd</command> will automatically invoke the - <parameter moreinfo="none">delete share command</parameter> with two parameters. - </para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">configFile</parameter> - the location - of the global <filename moreinfo="none">smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter moreinfo="none">shareName</parameter> - the name of - the existing service. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used to remove file shares. To delete printer shares, - see the <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none">deleteprinter - command</parameter></link>. - </para> - - <para> - See also <link linkend="ADDSHARECOMMAND"><parameter moreinfo="none">add share - command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter moreinfo="none">change - share command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">delete share command = /usr/local/bin/delshare</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dfreecommand.xml b/docs/docbook/smbdotconf/misc/dfreecommand.xml deleted file mode 100644 index c71ec8e00b..0000000000 --- a/docs/docbook/smbdotconf/misc/dfreecommand.xml +++ /dev/null @@ -1,50 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DFREECOMMAND"/>dfree command (G)</term> - <listitem><para>The <parameter moreinfo="none">dfree command</parameter> setting should - only be used on systems where a problem occurs with the internal - disk space calculations. This has been known to happen with Ultrix, - but may occur with other operating systems. The symptom that was - seen was an error of "Abort Retry Ignore" at the end of each - directory listing.</para> - - <para>This setting allows the replacement of the internal routines to - calculate the total disk space and amount available with an external - routine. The example below gives a possible script that might fulfill - this function.</para> - - <para>The external program will be passed a single parameter indicating - a directory in the filesystem being queried. This will typically consist - of the string <filename moreinfo="none">./</filename>. The script should return two - integers in ASCII. The first should be the total disk space in blocks, - and the second should be the number of available blocks. An optional - third return value can give the block size in bytes. The default - blocksize is 1024 bytes.</para> - - <para>Note: Your script should <emphasis>NOT</emphasis> be setuid or - setgid and should be owned by (and writeable only by) root!</para> - - <para>Default: <emphasis>By default internal routines for - determining the disk capacity and remaining space will be used. - </emphasis></para> - - <para>Example: <command moreinfo="none">dfree command = /usr/local/samba/bin/dfree - </command></para> - - <para>Where the script dfree (which must be made executable) could be:</para> - -<para><programlisting format="linespecific"> -#!/bin/sh -df $1 | tail -1 | awk '{print $2" "$4}' -</programlisting></para> - - <para>or perhaps (on Sys V based systems):</para> - -<para><programlisting format="linespecific"> -#!/bin/sh -/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -</programlisting></para> - - <para>Note that you may have to replace the command names - with full path names on some systems.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dontdescend.xml b/docs/docbook/smbdotconf/misc/dontdescend.xml deleted file mode 100644 index 8136f293df..0000000000 --- a/docs/docbook/smbdotconf/misc/dontdescend.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DONTDESCEND"/>dont descend (S)</term> - <listitem><para>There are certain directories on some systems - (e.g., the <filename moreinfo="none">/proc</filename> tree under Linux) that are either not - of interest to clients or are infinitely deep (recursive). This - parameter allows you to specify a comma-delimited list of directories - that the server should always show as empty.</para> - - <para>Note that Samba can be very fussy about the exact format - of the "dont descend" entries. For example you may need <filename moreinfo="none"> - ./proc</filename> instead of just <filename moreinfo="none">/proc</filename>. - Experimentation is the best policy :-) </para> - - <para>Default: <emphasis>none (i.e., all directories are OK - to descend)</emphasis></para> - <para>Example: <command moreinfo="none">dont descend = /proc,/dev</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dosfilemode.xml b/docs/docbook/smbdotconf/misc/dosfilemode.xml deleted file mode 100644 index e8aec3b78d..0000000000 --- a/docs/docbook/smbdotconf/misc/dosfilemode.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOSFILEMODE"/>dos filemode (S)</term> - <listitem><para> The default behavior in Samba is to provide - UNIX-like behavior where only the owner of a file/directory is - able to change the permissions on it. However, this behavior - is often confusing to DOS/Windows users. Enabling this parameter - allows a user who has write access to the file (by whatever - means) to modify the permissions on it. Note that a user - belonging to the group owning the file will not be allowed to - change permissions if the group is only granted read access. - Ownership of the file/directory is not changed, only the permissions - are modified.</para> - - <para>Default: <command moreinfo="none">dos filemode = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dosfiletimeresolution.xml b/docs/docbook/smbdotconf/misc/dosfiletimeresolution.xml deleted file mode 100644 index bc82582c87..0000000000 --- a/docs/docbook/smbdotconf/misc/dosfiletimeresolution.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOSFILETIMERESOLUTION"/>dos filetime resolution (S)</term> - <listitem><para>Under the DOS and Windows FAT filesystem, the finest - granularity on time resolution is two seconds. Setting this parameter - for a share causes Samba to round the reported time down to the - nearest two second boundary when a query call that requires one second - resolution is made to <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>This option is mainly used as a compatibility option for Visual - C++ when used against Samba shares. If oplocks are enabled on a - share, Visual C++ uses two different time reading calls to check if a - file has changed since it was last read. One of these calls uses a - one-second granularity, the other uses a two second granularity. As - the two second call rounds any odd second down, then if the file has a - timestamp of an odd number of seconds then the two timestamps will not - match and Visual C++ will keep reporting the file has changed. Setting - this option causes the two timestamps to match, and Visual C++ is - happy.</para> - - <para>Default: <command moreinfo="none">dos filetime resolution = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dosfiletimes.xml b/docs/docbook/smbdotconf/misc/dosfiletimes.xml deleted file mode 100644 index d9b9f3b08b..0000000000 --- a/docs/docbook/smbdotconf/misc/dosfiletimes.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOSFILETIMES"/>dos filetimes (S)</term> - <listitem><para>Under DOS and Windows, if a user can write to a - file they can change the timestamp on it. Under POSIX semantics, - only the owner of the file or root may change the timestamp. By - default, Samba runs with POSIX semantics and refuses to change the - timestamp on a file if the user <command moreinfo="none">smbd</command> is acting - on behalf of is not the file owner. Setting this option to <constant> - yes</constant> allows DOS semantics and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will change the file - timestamp as DOS requires.</para> - - <para>Default: <command moreinfo="none">dos filetimes = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/exec.xml b/docs/docbook/smbdotconf/misc/exec.xml deleted file mode 100644 index 34963c90b2..0000000000 --- a/docs/docbook/smbdotconf/misc/exec.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="EXEC"/>exec (S)</term> - <listitem><para>This is a synonym for <link linkend="PREEXEC"> - <parameter moreinfo="none">preexec</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/fakedirectorycreatetimes.xml b/docs/docbook/smbdotconf/misc/fakedirectorycreatetimes.xml deleted file mode 100644 index 81773606ee..0000000000 --- a/docs/docbook/smbdotconf/misc/fakedirectorycreatetimes.xml +++ /dev/null @@ -1,31 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FAKEDIRECTORYCREATETIMES"/>fake directory create times (S)</term> - <listitem><para>NTFS and Windows VFAT file systems keep a create - time for all files and directories. This is not the same as the - ctime - status change time - that Unix keeps, so Samba by default - reports the earliest of the various times Unix does keep. Setting - this parameter for a share causes Samba to always report midnight - 1-1-1980 as the create time for directories.</para> - - <para>This option is mainly used as a compatibility option for - Visual C++ when used against Samba shares. Visual C++ generated - makefiles have the object directory as a dependency for each object - file, and a make rule to create the directory. Also, when NMAKE - compares timestamps it uses the creation time when examining a - directory. Thus the object directory will be created if it does not - exist, but once it does exist it will always have an earlier - timestamp than the object files it contains.</para> - - <para>However, Unix time semantics mean that the create time - reported by Samba will be updated whenever a file is created or - or deleted in the directory. NMAKE finds all object files in - the object directory. The timestamp of the last one built is then - compared to the timestamp of the object directory. If the - directory's timestamp if newer, then all object files - will be rebuilt. Enabling this option - ensures directories always predate their contents and an NMAKE build - will proceed as expected.</para> - - <para>Default: <command moreinfo="none">fake directory create times = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/followsymlinks.xml b/docs/docbook/smbdotconf/misc/followsymlinks.xml deleted file mode 100644 index 88526da320..0000000000 --- a/docs/docbook/smbdotconf/misc/followsymlinks.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FOLLOWSYMLINKS"/>follow symlinks (S)</term> - <listitem><para>This parameter allows the Samba administrator - to stop <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> from following symbolic - links in a particular share. Setting this - parameter to <constant>no</constant> prevents any file or directory - that is a symbolic link from being followed (the user will get an - error). This option is very useful to stop users from adding a - symbolic link to <filename moreinfo="none">/etc/passwd</filename> in their home - directory for instance. However it will slow filename lookups - down slightly.</para> - - <para>This option is enabled (i.e. <command moreinfo="none">smbd</command> will - follow symbolic links) by default.</para> - - <para>Default: <command moreinfo="none">follow symlinks = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/fstype.xml b/docs/docbook/smbdotconf/misc/fstype.xml deleted file mode 100644 index 566bccb465..0000000000 --- a/docs/docbook/smbdotconf/misc/fstype.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FSTYPE"/>fstype (S)</term> - <listitem><para>This parameter allows the administrator to - configure the string that specifies the type of filesystem a share - is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a client queries the filesystem type - for a share. The default type is <constant>NTFS</constant> for - compatibility with Windows NT but this can be changed to other - strings such as <constant>Samba</constant> or <constant>FAT - </constant> if required.</para> - - <para>Default: <command moreinfo="none">fstype = NTFS</command></para> - <para>Example: <command moreinfo="none">fstype = Samba</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/hidelocalusers.xml b/docs/docbook/smbdotconf/misc/hidelocalusers.xml deleted file mode 100644 index d0468ead6b..0000000000 --- a/docs/docbook/smbdotconf/misc/hidelocalusers.xml +++ /dev/null @@ -1,7 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDELOCALUSERS"/>hide local users(G)</term> - <listitem><para>This parameter toggles the hiding of local UNIX - users (root, wheel, floppy, etc) from remote clients.</para> - - <para>Default: <command moreinfo="none">hide local users = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/homedirmap.xml b/docs/docbook/smbdotconf/misc/homedirmap.xml deleted file mode 100644 index 87a59204a2..0000000000 --- a/docs/docbook/smbdotconf/misc/homedirmap.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOMEDIRMAP"/>homedir map (G)</term> - <listitem><para>If<link linkend="NISHOMEDIR"><parameter moreinfo="none">nis homedir - </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> is also acting - as a Win95/98 <parameter moreinfo="none">logon server</parameter> then this parameter - specifies the NIS (or YP) map from which the server for the user's - home directory should be extracted. At present, only the Sun - auto.home map format is understood. The form of the map is:</para> - - <para><command moreinfo="none">username server:/some/file/system</command></para> - - <para>and the program will extract the servername from before - the first ':'. There should probably be a better parsing system - that copes with different map formats and also Amd (another - automounter) maps.</para> - - <para><emphasis>NOTE :</emphasis>A working NIS client is required on - the system for this option to work.</para> - - <para>See also <link linkend="NISHOMEDIR"><parameter moreinfo="none">nis homedir</parameter> - </link>, <link linkend="DOMAINLOGONS"><parameter moreinfo="none">domain logons</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">homedir map = <empty string></command></para> - <para>Example: <command moreinfo="none">homedir map = amd.homedir</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/include.xml b/docs/docbook/smbdotconf/misc/include.xml deleted file mode 100644 index 81230d4357..0000000000 --- a/docs/docbook/smbdotconf/misc/include.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INCLUDE"/>include (G)</term> - <listitem><para>This allows you to include one config file - inside another. The file is included literally, as though typed - in place.</para> - - <para>It takes the standard substitutions, except <parameter moreinfo="none">%u - </parameter>, <parameter moreinfo="none">%P</parameter> and <parameter moreinfo="none">%S</parameter>. - </para> - - <para>Default: <emphasis>no file included</emphasis></para> - <para>Example: <command moreinfo="none">include = /usr/local/samba/lib/admin_smb.conf - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/lockdir.xml b/docs/docbook/smbdotconf/misc/lockdir.xml deleted file mode 100644 index 2c29b9b61c..0000000000 --- a/docs/docbook/smbdotconf/misc/lockdir.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKDIR"/>lock dir (G)</term> - <listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter moreinfo="none"> - lock directory</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/lockdirectory.xml b/docs/docbook/smbdotconf/misc/lockdirectory.xml deleted file mode 100644 index 7945f19864..0000000000 --- a/docs/docbook/smbdotconf/misc/lockdirectory.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKDIRECTORY"/>lock directory (G)</term> - <listitem><para>This option specifies the directory where lock - files will be placed. The lock files are used to implement the - <link linkend="MAXCONNECTIONS"><parameter moreinfo="none">max connections</parameter> - </link> option.</para> - - <para>Default: <command moreinfo="none">lock directory = ${prefix}/var/locks</command></para> - <para>Example: <command moreinfo="none">lock directory = /var/run/samba/locks</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/magicoutput.xml b/docs/docbook/smbdotconf/misc/magicoutput.xml deleted file mode 100644 index 8208d5bd4c..0000000000 --- a/docs/docbook/smbdotconf/misc/magicoutput.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAGICOUTPUT"/>magic output (S)</term> - <listitem><para>This parameter specifies the name of a file - which will contain output created by a magic script (see the - <link linkend="MAGICSCRIPT"><parameter moreinfo="none">magic script</parameter></link> - parameter below).</para> - - <para>Warning: If two clients use the same <parameter moreinfo="none">magic script - </parameter> in the same directory the output file content - is undefined.</para> - - <para>Default: <command moreinfo="none">magic output = <magic script name>.out - </command></para> - - <para>Example: <command moreinfo="none">magic output = myfile.txt</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/magicscript.xml b/docs/docbook/smbdotconf/misc/magicscript.xml deleted file mode 100644 index 73abb50fc5..0000000000 --- a/docs/docbook/smbdotconf/misc/magicscript.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAGICSCRIPT"/>magic script (S)</term> - <listitem><para>This parameter specifies the name of a file which, - if opened, will be executed by the server when the file is closed. - This allows a UNIX script to be sent to the Samba host and - executed on behalf of the connected user.</para> - - <para>Scripts executed in this way will be deleted upon - completion assuming that the user has the appropriate level - of privilege and the file permissions allow the deletion.</para> - - <para>If the script generates output, output will be sent to - the file specified by the <link linkend="MAGICOUTPUT"><parameter moreinfo="none"> - magic output</parameter></link> parameter (see above).</para> - - <para>Note that some shells are unable to interpret scripts - containing CR/LF instead of CR as - the end-of-line marker. Magic scripts must be executable - <emphasis>as is</emphasis> on the host, which for some hosts and - some shells will require filtering at the DOS end.</para> - - <para>Magic scripts are <emphasis>EXPERIMENTAL</emphasis> and - should <emphasis>NOT</emphasis> be relied upon.</para> - - <para>Default: <emphasis>None. Magic scripts disabled.</emphasis></para> - <para>Example: <command moreinfo="none">magic script = user.csh</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/messagecommand.xml b/docs/docbook/smbdotconf/misc/messagecommand.xml deleted file mode 100644 index 199fab5610..0000000000 --- a/docs/docbook/smbdotconf/misc/messagecommand.xml +++ /dev/null @@ -1,65 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MESSAGECOMMAND"/>message command (G)</term> - <listitem><para>This specifies what command to run when the - server receives a WinPopup style message.</para> - - <para>This would normally be a command that would - deliver the message somehow. How this is to be done is - up to your imagination.</para> - - <para>An example is:</para> - - <para><command moreinfo="none">message command = csh -c 'xedit %s;rm %s' &</command> - </para> - - <para>This delivers the message using <command moreinfo="none">xedit</command>, then - removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT - THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I - have the '&' on the end. If it doesn't return immediately then - your PCs may freeze when sending messages (they should recover - after 30 seconds, hopefully).</para> - - <para>All messages are delivered as the global guest user. - The command takes the standard substitutions, although <parameter moreinfo="none"> - %u</parameter> won't work (<parameter moreinfo="none">%U</parameter> may be better - in this case).</para> - - <para>Apart from the standard substitutions, some additional - ones apply. In particular:</para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">%s</parameter> = the filename containing - the message.</para></listitem> - - <listitem><para><parameter moreinfo="none">%t</parameter> = the destination that - the message was sent to (probably the server name).</para></listitem> - - <listitem><para><parameter moreinfo="none">%f</parameter> = who the message - is from.</para></listitem> - </itemizedlist> - - <para>You could make this command send mail, or whatever else - takes your fancy. Please let us know of any really interesting - ideas you have.</para> - - - <para>Here's a way of sending the messages as mail to root:</para> - - <para><command moreinfo="none">message command = /bin/mail -s 'message from %f on - %m' root < %s; rm %s</command></para> - - <para>If you don't have a message command then the message - won't be delivered and Samba will tell the sender there was - an error. Unfortunately WfWg totally ignores the error code - and carries on regardless, saying that the message was delivered. - </para> - - <para>If you want to silently delete it then try:</para> - - <para><command moreinfo="none">message command = rm %s</command></para> - - <para>Default: <emphasis>no message command</emphasis></para> - <para>Example: <command moreinfo="none">message command = csh -c 'xedit %s; - rm %s' &</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/nishomedir.xml b/docs/docbook/smbdotconf/misc/nishomedir.xml deleted file mode 100644 index 5a2980d4fd..0000000000 --- a/docs/docbook/smbdotconf/misc/nishomedir.xml +++ /dev/null @@ -1,30 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NISHOMEDIR"/>nis homedir (G)</term> - <listitem><para>Get the home share server from a NIS map. For - UNIX systems that use an automounter, the user's home directory - will often be mounted on a workstation on demand from a remote - server. </para> - - <para>When the Samba logon server is not the actual home directory - server, but is mounting the home directories via NFS then two - network hops would be required to access the users home directory - if the logon server told the client to use itself as the SMB server - for home directories (one over SMB and one over NFS). This can - be very slow.</para> - - <para>This option allows Samba to return the home share as - being on a different server to the logon server and as - long as a Samba daemon is running on the home directory server, - it will be mounted on the Samba client directly from the directory - server. When Samba is returning the home share to the client, it - will consult the NIS map specified in <link linkend="HOMEDIRMAP"> - <parameter moreinfo="none">homedir map</parameter></link> and return the server - listed there.</para> - - <para>Note that for this option to work there must be a working - NIS system and the Samba server with this option must also - be a logon server.</para> - - <para>Default: <command moreinfo="none">nis homedir = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/panicaction.xml b/docs/docbook/smbdotconf/misc/panicaction.xml deleted file mode 100644 index 6de37c2c17..0000000000 --- a/docs/docbook/smbdotconf/misc/panicaction.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PANICACTION"/>panic action (G)</term> - <listitem><para>This is a Samba developer option that allows a - system command to be called when either <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> crashes. This is usually used to - draw attention to the fact that a problem occurred.</para> - - <para>Default: <command moreinfo="none">panic action = <empty string></command></para> - <para>Example: <command moreinfo="none">panic action = "/bin/sleep 90000"</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/piddirectory.xml b/docs/docbook/smbdotconf/misc/piddirectory.xml deleted file mode 100644 index 81c1b13e75..0000000000 --- a/docs/docbook/smbdotconf/misc/piddirectory.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PIDDIRECTORY"/>pid directory (G)</term> - <listitem><para>This option specifies the directory where pid - files will be placed. </para> - - <para>Default: <command moreinfo="none">pid directory = ${prefix}/var/locks</command></para> - <para>Example: <command moreinfo="none">pid directory = /var/run/</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/postexec.xml b/docs/docbook/smbdotconf/misc/postexec.xml deleted file mode 100644 index 017177be3d..0000000000 --- a/docs/docbook/smbdotconf/misc/postexec.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="POSTEXEC"/>postexec (S)</term> - <listitem><para>This option specifies a command to be run - whenever the service is disconnected. It takes the usual - substitutions. The command may be run as the root on some - systems.</para> - - <para>An interesting example may be to unmount server - resources:</para> - - <para><command moreinfo="none">postexec = /etc/umount /cdrom</command></para> - - <para>See also <link linkend="PREEXEC"><parameter moreinfo="none">preexec</parameter> - </link>.</para> - - <para>Default: <emphasis>none (no command executed)</emphasis> - </para> - - <para>Example: <command moreinfo="none">postexec = echo \"%u disconnected from %S - from %m (%I)\" >> /tmp/log</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preexec.xml b/docs/docbook/smbdotconf/misc/preexec.xml deleted file mode 100644 index fc047e008d..0000000000 --- a/docs/docbook/smbdotconf/misc/preexec.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREEXEC"/>preexec (S)</term> - <listitem><para>This option specifies a command to be run whenever - the service is connected to. It takes the usual substitutions.</para> - - <para>An interesting example is to send the users a welcome - message every time they log in. Maybe a message of the day? Here - is an example:</para> - - <para><command moreinfo="none">preexec = csh -c 'echo \"Welcome to %S!\" | - /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> - - <para>Of course, this could get annoying after a while :-)</para> - - <para>See also <link linkend="PREEXECCLOSE"><parameter moreinfo="none">preexec close - </parameter></link> and <link linkend="POSTEXEC"><parameter moreinfo="none">postexec - </parameter></link>.</para> - - <para>Default: <emphasis>none (no command executed)</emphasis></para> - <para>Example: <command moreinfo="none">preexec = echo \"%u connected to %S from %m - (%I)\" >> /tmp/log</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preexecclose.xml b/docs/docbook/smbdotconf/misc/preexecclose.xml deleted file mode 100644 index c617a7f7fa..0000000000 --- a/docs/docbook/smbdotconf/misc/preexecclose.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREEXECCLOSE"/>preexec close (S)</term> - <listitem><para>This boolean option controls whether a non-zero - return code from <link linkend="PREEXEC"><parameter moreinfo="none">preexec - </parameter></link> should close the service being connected to.</para> - - <para>Default: <command moreinfo="none">preexec close = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preload.xml b/docs/docbook/smbdotconf/misc/preload.xml deleted file mode 100644 index 574ed1a369..0000000000 --- a/docs/docbook/smbdotconf/misc/preload.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRELOAD"/>preload (G)</term> - <listitem><para>This is a list of services that you want to be - automatically added to the browse lists. This is most useful - for homes and printers services that would otherwise not be - visible.</para> - - <para>Note that if you just want all printers in your - printcap file loaded then the <link linkend="LOADPRINTERS"> - <parameter moreinfo="none">load printers</parameter></link> option is easier.</para> - - <para>Default: <emphasis>no preloaded services</emphasis></para> - - <para>Example: <command moreinfo="none">preload = fred lp colorlp</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/remoteannounce.xml b/docs/docbook/smbdotconf/misc/remoteannounce.xml deleted file mode 100644 index e6de4bdcaf..0000000000 --- a/docs/docbook/smbdotconf/misc/remoteannounce.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="REMOTEANNOUNCE"/>remote announce (G)</term> - <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself - to arbitrary IP addresses with an arbitrary workgroup name.</para> - - <para>This is useful if you want your Samba server to appear - in a remote workgroup for which the normal browse propagation - rules don't work. The remote workgroup can be anywhere that you - can send IP packets to.</para> - - <para>For example:</para> - - <para><command moreinfo="none">remote announce = 192.168.2.255/SERVERS - 192.168.4.255/STAFF</command></para> - - <para>the above line would cause <command moreinfo="none">nmbd</command> to announce itself - to the two given IP addresses using the given workgroup names. - If you leave out the workgroup name then the one given in - the <link linkend="WORKGROUP"><parameter moreinfo="none">workgroup</parameter></link> - parameter is used instead.</para> - - <para>The IP addresses you choose would normally be the broadcast - addresses of the remote networks, but can also be the IP addresses - of known browse masters if your network config is that stable.</para> - - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> - in the <filename moreinfo="none">docs/</filename> directory.</para> - - <para>Default: <command moreinfo="none">remote announce = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/remotebrowsesync.xml b/docs/docbook/smbdotconf/misc/remotebrowsesync.xml deleted file mode 100644 index 8b0d863ed7..0000000000 --- a/docs/docbook/smbdotconf/misc/remotebrowsesync.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="REMOTEBROWSESYNC"/>remote browse sync (G)</term> - <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically request - synchronization of browse lists with the master browser of a Samba - server that is on a remote segment. This option will allow you to - gain browse lists for multiple workgroups across routed networks. This - is done in a manner that does not work with any non-Samba servers.</para> - - <para>This is useful if you want your Samba server and all local - clients to appear in a remote workgroup for which the normal browse - propagation rules don't work. The remote workgroup can be anywhere - that you can send IP packets to.</para> - - <para>For example:</para> - - <para><command moreinfo="none">remote browse sync = 192.168.2.255 192.168.4.255 - </command></para> - - <para>the above line would cause <command moreinfo="none">nmbd</command> to request - the master browser on the specified subnets or addresses to - synchronize their browse lists with the local server.</para> - - <para>The IP addresses you choose would normally be the broadcast - addresses of the remote networks, but can also be the IP addresses - of known browse masters if your network config is that stable. If - a machine IP address is given Samba makes NO attempt to validate - that the remote machine is available, is listening, nor that it - is in fact the browse master on its segment.</para> - - <para>Default: <command moreinfo="none">remote browse sync = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/rootpostexec.xml b/docs/docbook/smbdotconf/misc/rootpostexec.xml deleted file mode 100644 index ed60646677..0000000000 --- a/docs/docbook/smbdotconf/misc/rootpostexec.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTPOSTEXEC"/>root postexec (S)</term> - <listitem><para>This is the same as the <parameter moreinfo="none">postexec</parameter> - parameter except that the command is run as root. This - is useful for unmounting filesystems - (such as CDROMs) after a connection is closed.</para> - - <para>See also <link linkend="POSTEXEC"><parameter moreinfo="none"> - postexec</parameter></link>.</para> - - <para>Default: <command moreinfo="none">root postexec = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/rootpreexec.xml b/docs/docbook/smbdotconf/misc/rootpreexec.xml deleted file mode 100644 index 29802b6d63..0000000000 --- a/docs/docbook/smbdotconf/misc/rootpreexec.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTPREEXEC"/>root preexec (S)</term> - <listitem><para>This is the same as the <parameter moreinfo="none">preexec</parameter> - parameter except that the command is run as root. This - is useful for mounting filesystems (such as CDROMs) when a - connection is opened.</para> - - <para>See also <link linkend="PREEXEC"><parameter moreinfo="none"> - preexec</parameter></link> and <link linkend="PREEXECCLOSE"> - <parameter moreinfo="none">preexec close</parameter></link>.</para> - - <para>Default: <command moreinfo="none">root preexec = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/rootpreexecclose.xml b/docs/docbook/smbdotconf/misc/rootpreexecclose.xml deleted file mode 100644 index d21b0dd7b5..0000000000 --- a/docs/docbook/smbdotconf/misc/rootpreexecclose.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTPREEXECCLOSE"/>root preexec close (S)</term> - <listitem><para>This is the same as the <parameter moreinfo="none">preexec close - </parameter> parameter except that the command is run as root.</para> - - <para>See also <link linkend="PREEXEC"><parameter moreinfo="none"> - preexec</parameter></link> and <link linkend="PREEXECCLOSE"> - <parameter moreinfo="none">preexec close</parameter></link>.</para> - - <para>Default: <command moreinfo="none">root preexec close = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/setdirectory.xml b/docs/docbook/smbdotconf/misc/setdirectory.xml deleted file mode 100644 index 860632cdaf..0000000000 --- a/docs/docbook/smbdotconf/misc/setdirectory.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SETDIRECTORY"/>set directory (S)</term> - <listitem><para>If <command moreinfo="none">set directory = no</command>, then - users of the service may not use the setdir command to change - directory.</para> - - <para>The <command moreinfo="none">setdir</command> command is only implemented - in the Digital Pathworks client. See the Pathworks documentation - for details.</para> - - <para>Default: <command moreinfo="none">set directory = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/socketaddress.xml b/docs/docbook/smbdotconf/misc/socketaddress.xml deleted file mode 100644 index e77737f18b..0000000000 --- a/docs/docbook/smbdotconf/misc/socketaddress.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SOCKETADDRESS"/>socket address (G)</term> - <listitem><para>This option allows you to control what - address Samba will listen for connections on. This is used to - support multiple virtual interfaces on the one server, each - with a different configuration.</para> - - <para>By default Samba will accept connections on any - address.</para> - - <para>Example: <command moreinfo="none">socket address = 192.168.2.20</command> - </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/sourceenvironment.xml b/docs/docbook/smbdotconf/misc/sourceenvironment.xml deleted file mode 100644 index 07a8abce4d..0000000000 --- a/docs/docbook/smbdotconf/misc/sourceenvironment.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SOURCEENVIRONMENT"/>source environment (G)</term> - <listitem><para>This parameter causes Samba to set environment - variables as per the content of the file named.</para> - - <para>If the value of this parameter starts with a "|" character - then Samba will treat that value as a pipe command to open and - will set the environment variables from the output of the pipe.</para> - - <para>The contents of the file or the output of the pipe should - be formatted as the output of the standard Unix <command moreinfo="none">env(1) - </command> command. This is of the form :</para> - <para>Example environment entry:</para> - <para><command moreinfo="none">SAMBA_NETBIOS_NAME = myhostname</command></para> - - <para>Default: <emphasis>No default value</emphasis></para> - <para>Examples: <command moreinfo="none">source environment = |/etc/smb.conf.sh - </command></para> - - <para>Example: <command moreinfo="none">source environment = - /usr/local/smb_env_vars</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/timeoffset.xml b/docs/docbook/smbdotconf/misc/timeoffset.xml deleted file mode 100644 index 0c973234c3..0000000000 --- a/docs/docbook/smbdotconf/misc/timeoffset.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TIMEOFFSET"/>time offset (G)</term> - <listitem><para>This parameter is a setting in minutes to add - to the normal GMT to local time conversion. This is useful if - you are serving a lot of PCs that have incorrect daylight - saving time handling.</para> - - <para>Default: <command moreinfo="none">time offset = 0</command></para> - <para>Example: <command moreinfo="none">time offset = 60</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/utmp.xml b/docs/docbook/smbdotconf/misc/utmp.xml deleted file mode 100644 index 014b85d6bc..0000000000 --- a/docs/docbook/smbdotconf/misc/utmp.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UTMP"/>utmp (G)</term> - <listitem><para>This boolean parameter is only available if - Samba has been configured and compiled with the option <command moreinfo="none"> - --with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt - to add utmp or utmpx records (depending on the UNIX system) whenever a - connection is made to a Samba server. Sites may use this to record the - user connecting to a Samba share.</para> - - <para>Due to the requirements of the utmp record, we - are required to create a unique identifier for the - incoming user. Enabling this option creates an n^2 - algorithm to find this number. This may impede - performance on large installations. </para> - - <para>See also the <link linkend="UTMPDIRECTORY"><parameter moreinfo="none"> - utmp directory</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">utmp = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/utmpdirectory.xml b/docs/docbook/smbdotconf/misc/utmpdirectory.xml deleted file mode 100644 index 9e5574fb39..0000000000 --- a/docs/docbook/smbdotconf/misc/utmpdirectory.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UTMPDIRECTORY"/>utmp directory(G)</term> - <listitem><para>This parameter is only available if Samba has - been configured and compiled with the option <command moreinfo="none"> - --with-utmp</command>. It specifies a directory pathname that is - used to store the utmp or utmpx files (depending on the UNIX system) that - record user connections to a Samba server. See also the <link linkend="UTMP"> - <parameter moreinfo="none">utmp</parameter></link> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <filename moreinfo="none">/var/run/utmp</filename> on Linux).</para> - - <para>Default: <emphasis>no utmp directory</emphasis></para> - <para>Example: <command moreinfo="none">utmp directory = /var/run/utmp</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/volume.xml b/docs/docbook/smbdotconf/misc/volume.xml deleted file mode 100644 index f0a82c6f0c..0000000000 --- a/docs/docbook/smbdotconf/misc/volume.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VOLUME"/>volume (S)</term> - <listitem><para> This allows you to override the volume label - returned for a share. Useful for CDROMs with installation programs - that insist on a particular volume label.</para> - - <para>Default: <emphasis>the name of the share</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/widelinks.xml b/docs/docbook/smbdotconf/misc/widelinks.xml deleted file mode 100644 index b3474ce26c..0000000000 --- a/docs/docbook/smbdotconf/misc/widelinks.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WIDELINKS"/>wide links (S)</term> - <listitem><para>This parameter controls whether or not links - in the UNIX file system may be followed by the server. Links - that point to areas within the directory tree exported by the - server are always allowed; this parameter controls access only - to areas that are outside the directory tree being exported.</para> - - <para>Note that setting this parameter can have a negative - effect on your server performance due to the extra system calls - that Samba has to do in order to perform the link checks.</para> - - <para>Default: <command moreinfo="none">wide links = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/wtmpdirectory.xml b/docs/docbook/smbdotconf/misc/wtmpdirectory.xml deleted file mode 100644 index bb144473ff..0000000000 --- a/docs/docbook/smbdotconf/misc/wtmpdirectory.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WTMPDIRECTORY"/>wtmp directory(G)</term> - <listitem><para>This parameter is only available if Samba has - been configured and compiled with the option <command moreinfo="none"> - --with-utmp</command>. It specifies a directory pathname that is - used to store the wtmp or wtmpx files (depending on the UNIX system) that - record user connections to a Samba server. The difference with - the utmp directory is the fact that user info is kept after a user - has logged out. - - See also the <link linkend="UTMP"> - <parameter moreinfo="none">utmp</parameter></link> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <filename moreinfo="none">/var/run/wtmp</filename> on Linux).</para> - - <para>Default: <emphasis>no wtmp directory</emphasis></para> - <para>Example: <command moreinfo="none">wtmp directory = /var/log/wtmp</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/addprintercommand.xml b/docs/docbook/smbdotconf/printing/addprintercommand.xml deleted file mode 100644 index abff09cda4..0000000000 --- a/docs/docbook/smbdotconf/printing/addprintercommand.xml +++ /dev/null @@ -1,60 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDPRINTERCOMMAND"/>addprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printing - support for Windows NT/2000 clients in Samba 2.2, The MS Add - Printer Wizard (APW) icon is now also available in the - "Printers..." folder displayed a share listing. The APW - allows for printers to be add remotely to a Samba or Windows - NT/2000 print server.</para> - - <para>For a Samba host this means that the printer must be - physically added to the underlying printing system. The <parameter moreinfo="none">add - printer command</parameter> defines a script to be run which - will perform the necessary operations for adding the printer - to the print system and to add the appropriate service definition - to the <filename moreinfo="none">smb.conf</filename> file in order that it can be - shared by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>The <parameter moreinfo="none">addprinter command</parameter> is - automatically invoked with the following parameter (in - order):</para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">printer name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">share name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">port name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">driver name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">location</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">Windows 9x driver location</parameter> - </para></listitem> - </itemizedlist> - - <para>All parameters are filled in from the PRINTER_INFO_2 structure sent - by the Windows NT/2000 client with one exception. The "Windows 9x - driver location" parameter is included for backwards compatibility - only. The remaining fields in the structure are generated from answers - to the APW questions.</para> - - <para>Once the <parameter moreinfo="none">addprinter command</parameter> has - been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> - smb.conf</filename> to determine if the share defined by the APW - exists. If the sharename is still invalid, then <command moreinfo="none">smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para> - The "add printer command" program can output a single line of text, - which Samba will set as the port the new printer is connected to. - If this line isn't output, Samba won't reload its printer shares. - </para> - - <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none"> - deleteprinter command</parameter></link>, <link linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">addprinter command = /usr/bin/addprinter - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/defaultdevmode.xml b/docs/docbook/smbdotconf/printing/defaultdevmode.xml deleted file mode 100644 index 9609038dcd..0000000000 --- a/docs/docbook/smbdotconf/printing/defaultdevmode.xml +++ /dev/null @@ -1,34 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULTDEVMODE"/>default devmode (S)</term> - <listitem><para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. When smbd is serving - Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba - server has a Device Mode which defines things such as paper size and - orientation and duplex settings. The device mode can only correctly be - generated by the printer driver itself (which can only be executed on a - Win32 platform). Because smbd is unable to execute the driver code - to generate the device mode, the default behavior is to set this field - to NULL. - </para> - - <para>Most problems with serving printer drivers to Windows NT/2k/XP clients - can be traced to a problem with the generated device mode. Certain drivers - will do things such as crashing the client's Explorer.exe with a NULL devmode. - However, other printer drivers can cause the client's spooler service - (spoolsv.exe) to die if the devmode was not created by the driver itself - (i.e. smbd generates a default devmode). - </para> - - <para>This parameter should be used with care and tested with the printer - driver in question. It is better to leave the device mode to NULL - and let the Windows client set the correct values. Because drivers do not - do this all the time, setting <command moreinfo="none">default devmode = yes</command> - will instruct smbd to generate a default one. - </para> - - <para>For more information on Windows NT/2k printing and Device Modes, - see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. - </para> - - <para>Default: <command moreinfo="none">default devmode = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml deleted file mode 100644 index 23f2ff76b0..0000000000 --- a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEPRINTERCOMMAND"/>deleteprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printer - support for Windows NT/2000 clients in Samba 2.2, it is now - possible to delete printer at run time by issuing the - DeletePrinter() RPC call.</para> - - <para>For a Samba host this means that the printer must be - physically deleted from underlying printing system. The <parameter moreinfo="none"> - deleteprinter command</parameter> defines a script to be run which - will perform the necessary operations for removing the printer - from the print system and from <filename moreinfo="none">smb.conf</filename>. - </para> - - <para>The <parameter moreinfo="none">deleteprinter command</parameter> is - automatically called with only one parameter: <parameter moreinfo="none"> - "printer name"</parameter>.</para> - - - <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has - been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> - smb.conf</filename> to associated printer no longer exists. - If the sharename is still valid, then <command moreinfo="none">smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none"> - addprinter command</parameter></link>, <link linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">deleteprinter command = /usr/bin/removeprinter - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/disablespoolss.xml b/docs/docbook/smbdotconf/printing/disablespoolss.xml deleted file mode 100644 index dff1e63fab..0000000000 --- a/docs/docbook/smbdotconf/printing/disablespoolss.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DISABLESPOOLSS"/>disable spoolss (G)</term> - <listitem><para>Enabling this parameter will disable Samba's support - for the SPOOLSS set of MS-RPC's and will yield identical behavior - as Samba 2.0.x. Windows NT/2000 clients will downgrade to using - Lanman style printing commands. Windows 9x/ME will be uneffected by - the parameter. However, this will also disable the ability to upload - printer drivers to a Samba server via the Windows NT Add Printer - Wizard or by using the NT printer properties dialog window. It will - also disable the capability of Windows NT/2000 clients to download - print drivers from the Samba host upon demand. - <emphasis>Be very careful about enabling this parameter.</emphasis> - </para> - - <para>See also <link linkend="USECLIENTDRIVER">use client driver</link> - </para> - - <para>Default : <command moreinfo="none">disable spoolss = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/enumportscommand.xml b/docs/docbook/smbdotconf/printing/enumportscommand.xml deleted file mode 100644 index b1111a5e1c..0000000000 --- a/docs/docbook/smbdotconf/printing/enumportscommand.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ENUMPORTSCOMMAND"/>enumports command (G)</term> - <listitem><para>The concept of a "port" is fairly foreign - to UNIX hosts. Under Windows NT/2000 print servers, a port - is associated with a port monitor and generally takes the form of - a local port (i.e. LPT1:, COM1:, FILE:) or a remote port - (i.e. LPD Port Monitor, etc...). By default, Samba has only one - port defined--<constant>"Samba Printer Port"</constant>. Under - Windows NT/2000, all printers must have a valid port name. - If you wish to have a list of ports displayed (<command moreinfo="none">smbd - </command> does not use a port name for anything) other than - the default <constant>"Samba Printer Port"</constant>, you - can define <parameter moreinfo="none">enumports command</parameter> to point to - a program which should generate a list of ports, one per line, - to standard output. This listing will then be used in response - to the level 1 and 2 EnumPorts() RPC.</para> - - <para>Default: <emphasis>no enumports command</emphasis></para> - <para>Example: <command moreinfo="none">enumports command = /usr/bin/listports - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/loadprinters.xml b/docs/docbook/smbdotconf/printing/loadprinters.xml deleted file mode 100644 index adaa8afca9..0000000000 --- a/docs/docbook/smbdotconf/printing/loadprinters.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOADPRINTERS"/>load printers (G)</term> - <listitem><para>A boolean variable that controls whether all - printers in the printcap will be loaded for browsing by default. - See the <link linkend="PRINTERSSECT">printers</link> section for - more details.</para> - - <para>Default: <command moreinfo="none">load printers = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lppausecommand.xml b/docs/docbook/smbdotconf/printing/lppausecommand.xml deleted file mode 100644 index 34d7c7f800..0000000000 --- a/docs/docbook/smbdotconf/printing/lppausecommand.xml +++ /dev/null @@ -1,41 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPPAUSECOMMAND"/>lppause command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to stop printing or spooling - a specific print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number to pause the print job. One way - of implementing this is by using job priorities, where jobs - having a too low priority won't be sent to the printer.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with - the job number (an integer). On HPUX (see <parameter moreinfo="none">printing=hpux - </parameter>), if the <parameter moreinfo="none">-p%p</parameter> option is added - to the lpq command, the job will show up with the correct status, i.e. - if the job priority is lower than the set fence priority it will - have the PAUSED status, whereas if the priority is equal or higher it - will have the SPOOLED or PRINTING status.</para> - - <para>Note that it is good practice to include the absolute path - in the lppause command as the PATH may not be available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: Currently no default value is given to - this string, unless the value of the <parameter moreinfo="none">printing</parameter> - parameter is <constant>SYSV</constant>, in which case the default is :</para> - - <para><command moreinfo="none">lp -i %p-%j -H hold</command></para> - - <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter - is <constant>SOFTQ</constant>, then the default is:</para> - - <para><command moreinfo="none">qstat -s -j%j -h</command></para> - - <para>Example for HPUX: <command moreinfo="none">lppause command = /usr/bin/lpalt - %p-%j -p0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpqcachetime.xml b/docs/docbook/smbdotconf/printing/lpqcachetime.xml deleted file mode 100644 index 6f351fdaf9..0000000000 --- a/docs/docbook/smbdotconf/printing/lpqcachetime.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPQCACHETIME"/>lpq cache time (G)</term> - <listitem><para>This controls how long lpq info will be cached - for to prevent the <command moreinfo="none">lpq</command> command being called too - often. A separate cache is kept for each variation of the <command moreinfo="none"> - lpq</command> command used by the system, so if you use different - <command moreinfo="none">lpq</command> commands for different users then they won't - share cache information.</para> - - <para>The cache files are stored in <filename moreinfo="none">/tmp/lpq.xxxx</filename> - where xxxx is a hash of the <command moreinfo="none">lpq</command> command in use.</para> - - <para>The default is 10 seconds, meaning that the cached results - of a previous identical <command moreinfo="none">lpq</command> command will be used - if the cached data is less than 10 seconds old. A large value may - be advisable if your <command moreinfo="none">lpq</command> command is very slow.</para> - - <para>A value of 0 will disable caching completely.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">lpq cache time = 10</command></para> - <para>Example: <command moreinfo="none">lpq cache time = 30</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpqcommand.xml b/docs/docbook/smbdotconf/printing/lpqcommand.xml deleted file mode 100644 index ddcdf1ef49..0000000000 --- a/docs/docbook/smbdotconf/printing/lpqcommand.xml +++ /dev/null @@ -1,41 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPQCOMMAND"/>lpq command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to obtain <command moreinfo="none">lpq - </command>-style printer status information.</para> - - <para>This command should be a program or script which - takes a printer name as its only parameter and outputs printer - status information.</para> - - <para>Currently nine styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. - This covers most UNIX systems. You control which type is expected - using the <parameter moreinfo="none">printing =</parameter> option.</para> - - <para>Some clients (notably Windows for Workgroups) may not - correctly send the connection number for the printer they are - requesting status information about. To get around this, the - server reports on the first printer service connected to by the - client. This only happens if the connection number sent is invalid.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the - command.</para> - - <para>Note that it is good practice to include the absolute path - in the <parameter moreinfo="none">lpq command</parameter> as the <envar>$PATH - </envar> may not be available to the server. When compiled with - the CUPS libraries, no <parameter moreinfo="none">lpq command</parameter> is - needed because smbd will make a library call to obtain the - print queue listing.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none"> - printing</parameter></emphasis></para> - - <para>Example: <command moreinfo="none">lpq command = /usr/bin/lpq -P%p</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpresumecommand.xml b/docs/docbook/smbdotconf/printing/lpresumecommand.xml deleted file mode 100644 index fbb1ac71ad..0000000000 --- a/docs/docbook/smbdotconf/printing/lpresumecommand.xml +++ /dev/null @@ -1,37 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPRESUMECOMMAND"/>lpresume command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to restart or continue - printing or spooling a specific print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number to resume the print job. See - also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command - </parameter></link> parameter.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with - the job number (an integer).</para> - - <para>Note that it is good practice to include the absolute path - in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not - be available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: Currently no default value is given - to this string, unless the value of the <parameter moreinfo="none">printing</parameter> - parameter is <constant>SYSV</constant>, in which case the default is :</para> - - <para><command moreinfo="none">lp -i %p-%j -H resume</command></para> - - <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter - is <constant>SOFTQ</constant>, then the default is:</para> - - <para><command moreinfo="none">qstat -s -j%j -r</command></para> - - <para>Example for HPUX: <command moreinfo="none">lpresume command = /usr/bin/lpalt - %p-%j -p2</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lprmcommand.xml b/docs/docbook/smbdotconf/printing/lprmcommand.xml deleted file mode 100644 index 7f59d6c5a0..0000000000 --- a/docs/docbook/smbdotconf/printing/lprmcommand.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPRMCOMMAND"/>lprm command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to delete a print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number, and deletes the print job.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with - the job number (an integer).</para> - - <para>Note that it is good practice to include the absolute - path in the <parameter moreinfo="none">lprm command</parameter> as the PATH may not be - available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing - </parameter></emphasis></para> - - <para>Example 1: <command moreinfo="none">lprm command = /usr/bin/lprm -P%p %j - </command></para> - <para>Example 2: <command moreinfo="none">lprm command = /usr/bin/cancel %p-%j - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/maxprintjobs.xml b/docs/docbook/smbdotconf/printing/maxprintjobs.xml deleted file mode 100644 index f0c7d83d3f..0000000000 --- a/docs/docbook/smbdotconf/printing/maxprintjobs.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXPRINTJOBS"/>max print jobs (S)</term> - <listitem><para>This parameter limits the maximum number of - jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will remote "Out of Space" to the client. - See all <link linkend="TOTALPRINTJOBS"><parameter moreinfo="none">total - print jobs</parameter></link>. - </para> - - <para>Default: <command moreinfo="none">max print jobs = 1000</command></para> - <para>Example: <command moreinfo="none">max print jobs = 5000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml deleted file mode 100644 index fdfba35a49..0000000000 --- a/docs/docbook/smbdotconf/printing/os2drivermap.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OS2DRIVERMAP"/>os2 driver map (G)</term> - <listitem><para>The parameter is used to define the absolute - path to a file containing a mapping of Windows NT printer driver - names to OS/2 printer driver names. The format is:</para> - - <para><nt driver name> = <os2 driver - name>.<device name></para> - - <para>For example, a valid entry using the HP LaserJet 5 - printer driver would appear as <command moreinfo="none">HP LaserJet 5L = LASERJET.HP - LaserJet 5L</command>.</para> - - <para>The need for the file is due to the printer driver namespace - problem described in the <ulink url="printing.html">Samba - Printing HOWTO</ulink>. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> - - <para>Default: <command moreinfo="none">os2 driver map = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printable.xml b/docs/docbook/smbdotconf/printing/printable.xml deleted file mode 100644 index 22d4d73b01..0000000000 --- a/docs/docbook/smbdotconf/printing/printable.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTABLE"/>printable (S)</term> - <listitem><para>If this parameter is <constant>yes</constant>, then - clients may open, write to and submit spool files on the directory - specified for the service. </para> - - <para>Note that a printable service will ALWAYS allow writing - to the service path (user privileges permitting) via the spooling - of print data. The <link linkend="READONLY"><parameter moreinfo="none">read only - </parameter></link> parameter controls only non-printing access to - the resource.</para> - - <para>Default: <command moreinfo="none">printable = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printcap.xml b/docs/docbook/smbdotconf/printing/printcap.xml deleted file mode 100644 index 2f5e4af580..0000000000 --- a/docs/docbook/smbdotconf/printing/printcap.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTCAP"/>printcap (G)</term> - <listitem><para>Synonym for <link linkend="PRINTCAPNAME"><parameter moreinfo="none"> - printcap name</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printcapname.xml b/docs/docbook/smbdotconf/printing/printcapname.xml deleted file mode 100644 index fcfeada54c..0000000000 --- a/docs/docbook/smbdotconf/printing/printcapname.xml +++ /dev/null @@ -1,47 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTCAPNAME"/>printcap name (G)</term> - <listitem><para>This parameter may be used to override the - compiled-in default printcap name used by the server (usually <filename moreinfo="none"> - /etc/printcap</filename>). See the discussion of the <link linkend="PRINTERSSECT">[printers]</link> section above for reasons - why you might want to do this.</para> - - <para>To use the CUPS printing interface set <command moreinfo="none">printcap name = cups - </command>. This should be supplemented by an addtional setting - <link linkend="PRINTING">printing = cups</link> in the [global] - section. <command moreinfo="none">printcap name = cups</command> will use the - "dummy" printcap created by CUPS, as specified in your CUPS - configuration file. - </para> - - <para>On System V systems that use <command moreinfo="none">lpstat</command> to - list available printers you can use <command moreinfo="none">printcap name = lpstat - </command> to automatically obtain lists of available printers. This - is the default for systems that define SYSV at configure time in - Samba (this includes most System V based systems). If <parameter moreinfo="none"> - printcap name</parameter> is set to <command moreinfo="none">lpstat</command> on - these systems then Samba will launch <command moreinfo="none">lpstat -v</command> and - attempt to parse the output to obtain a printer list.</para> - - <para>A minimal printcap file would look something like this:</para> - -<para><programlisting format="linespecific"> -print1|My Printer 1 -print2|My Printer 2 -print3|My Printer 3 -print4|My Printer 4 -print5|My Printer 5 -</programlisting></para> - - <para>where the '|' separates aliases of a printer. The fact - that the second alias has a space in it gives a hint to Samba - that it's a comment.</para> - - <para><emphasis>NOTE</emphasis>: Under AIX the default printcap - name is <filename moreinfo="none">/etc/qconfig</filename>. Samba will assume the - file is in AIX <filename moreinfo="none">qconfig</filename> format if the string - <filename moreinfo="none">qconfig</filename> appears in the printcap filename.</para> - - <para>Default: <command moreinfo="none">printcap name = /etc/printcap</command></para> - <para>Example: <command moreinfo="none">printcap name = /etc/myprintcap</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printcommand.xml b/docs/docbook/smbdotconf/printing/printcommand.xml deleted file mode 100644 index c996ed6c2e..0000000000 --- a/docs/docbook/smbdotconf/printing/printcommand.xml +++ /dev/null @@ -1,86 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTCOMMAND"/>print command (S)</term> - <listitem><para>After a print job has finished spooling to - a service, this command will be used via a <command moreinfo="none">system()</command> - call to process the spool file. Typically the command specified will - submit the spool file to the host's printing subsystem, but there - is no requirement that this be the case. The server will not remove - the spool file, so whatever command you specify should remove the - spool file when it has been processed, otherwise you will need to - manually remove old spool files.</para> - - <para>The print command is simply a text string. It will be used - verbatim after macro substitutions have been made:</para> - - <para>s, %p - the path to the spool - file name</para> - - <para>%p - the appropriate printer - name</para> - - <para>%J - the job - name as transmitted by the client.</para> - - <para>%c - The number of printed pages - of the spooled job (if known).</para> - - <para>%z - the size of the spooled - print job (in bytes)</para> - - <para>The print command <emphasis>MUST</emphasis> contain at least - one occurrence of <parameter moreinfo="none">%s</parameter> or <parameter moreinfo="none">%f - </parameter> - the <parameter moreinfo="none">%p</parameter> is optional. At the time - a job is submitted, if no printer name is supplied the <parameter moreinfo="none">%p - </parameter> will be silently removed from the printer command.</para> - - <para>If specified in the [global] section, the print command given - will be used for any printable service that does not have its own - print command specified.</para> - - <para>If there is neither a specified print command for a - printable service nor a global print command, spool files will - be created but not processed and (most importantly) not removed.</para> - - <para>Note that printing may fail on some UNIXes from the - <constant>nobody</constant> account. If this happens then create - an alternative guest account that can print and set the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link> - in the [global] section.</para> - - <para>You can form quite complex print commands by realizing - that they are just passed to a shell. For example the following - will log a print job, print the file, then remove it. Note that - ';' is the usual separator for command in shell scripts.</para> - - <para><command moreinfo="none">print command = echo Printing %s >> - /tmp/print.log; lpr -P %p %s; rm %s</command></para> - - <para>You may have to vary this command considerably depending - on how you normally print files on your system. The default for - the parameter varies depending on the setting of the <link linkend="PRINTING"> - <parameter moreinfo="none">printing</parameter></link> parameter.</para> - - <para>Default: For <command moreinfo="none">printing = BSD, AIX, QNX, LPRNG - or PLP :</command></para> - <para><command moreinfo="none">print command = lpr -r -P%p %s</command></para> - - <para>For <command moreinfo="none">printing = SYSV or HPUX :</command></para> - <para><command moreinfo="none">print command = lp -c -d%p %s; rm %s</command></para> - - <para>For <command moreinfo="none">printing = SOFTQ :</command></para> - <para><command moreinfo="none">print command = lp -d%p -s %s; rm %s</command></para> - - <para>For printing = CUPS : If SAMBA is compiled against - libcups, then <link linkend="PRINTING">printcap = cups</link> - uses the CUPS API to - submit jobs, etc. Otherwise it maps to the System V - commands with the -oraw option for printing, i.e. it - uses <command moreinfo="none">lp -c -d%p -oraw; rm %s</command>. - With <command moreinfo="none">printing = cups</command>, - and if SAMBA is compiled against libcups, any manually - set print command will be ignored.</para> - - - <para>Example: <command moreinfo="none">print command = /usr/local/samba/bin/myprintscript - %p %s</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printer.xml b/docs/docbook/smbdotconf/printing/printer.xml deleted file mode 100644 index 4cf90b06fa..0000000000 --- a/docs/docbook/smbdotconf/printing/printer.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTER"/>printer (S)</term> - <listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter moreinfo="none"> - printer name</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printername.xml b/docs/docbook/smbdotconf/printing/printername.xml deleted file mode 100644 index 25e6afa1f2..0000000000 --- a/docs/docbook/smbdotconf/printing/printername.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTERNAME"/>printer name (S)</term> - <listitem><para>This parameter specifies the name of the printer - to which print jobs spooled through a printable service will be sent.</para> - - <para>If specified in the [global] section, the printer - name given will be used for any printable service that does - not have its own printer name specified.</para> - - <para>Default: <emphasis>none (but may be <constant>lp</constant> - on many systems)</emphasis></para> - - <para>Example: <command moreinfo="none">printer name = laserwriter</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printing.xml b/docs/docbook/smbdotconf/printing/printing.xml deleted file mode 100644 index d49c0e2471..0000000000 --- a/docs/docbook/smbdotconf/printing/printing.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTING"/>printing (S)</term> - <listitem><para>This parameters controls how printer status - information is interpreted on your system. It also affects the - default values for the <parameter moreinfo="none">print command</parameter>, - <parameter moreinfo="none">lpq command</parameter>, <parameter moreinfo="none">lppause command - </parameter>, <parameter moreinfo="none">lpresume command</parameter>, and - <parameter moreinfo="none">lprm command</parameter> if specified in the - [global] section.</para> - - <para>Currently nine printing styles are supported. They are - <constant>BSD</constant>, <constant>AIX</constant>, - <constant>LPRNG</constant>, <constant>PLP</constant>, - <constant>SYSV</constant>, <constant>HPUX</constant>, - <constant>QNX</constant>, <constant>SOFTQ</constant>, - and <constant>CUPS</constant>.</para> - - <para>To see what the defaults are for the other print - commands when using the various options use the <ulink url="testparm.1.html">testparm(1)</ulink> program.</para> - - <para>This option can be set on a per printer basis</para> - - <para>See also the discussion in the <link linkend="PRINTERSSECT"> - [printers]</link> section.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printok.xml b/docs/docbook/smbdotconf/printing/printok.xml deleted file mode 100644 index 7900e91bbb..0000000000 --- a/docs/docbook/smbdotconf/printing/printok.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTOK"/>print ok (S)</term> - <listitem><para>Synonym for <link linkend="PRINTABLE"> - <parameter moreinfo="none">printable</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queuepausecommand.xml b/docs/docbook/smbdotconf/printing/queuepausecommand.xml deleted file mode 100644 index c991994f7f..0000000000 --- a/docs/docbook/smbdotconf/printing/queuepausecommand.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="QUEUEPAUSECOMMAND"/>queuepause command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to pause the printer queue.</para> - - <para>This command should be a program or script which takes - a printer name as its only parameter and stops the printer queue, - such that no longer jobs are submitted to the printer.</para> - - <para>This command is not supported by Windows for Workgroups, - but can be issued from the Printers window under Windows 95 - and NT.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the command. - </para> - - <para>Note that it is good practice to include the absolute - path in the command as the PATH may not be available to the - server.</para> - - <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing - </parameter></emphasis></para> - <para>Example: <command moreinfo="none">queuepause command = disable %p</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queueresumecommand.xml b/docs/docbook/smbdotconf/printing/queueresumecommand.xml deleted file mode 100644 index 7c0d60961a..0000000000 --- a/docs/docbook/smbdotconf/printing/queueresumecommand.xml +++ /dev/null @@ -1,31 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="QUEUERESUMECOMMAND"/>queueresume command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to resume the printer queue. It - is the command to undo the behavior that is caused by the - previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none"> - queuepause command</parameter></link>).</para> - - <para>This command should be a program or script which takes - a printer name as its only parameter and resumes the printer queue, - such that queued jobs are resubmitted to the printer.</para> - - <para>This command is not supported by Windows for Workgroups, - but can be issued from the Printers window under Windows 95 - and NT.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the - command.</para> - - <para>Note that it is good practice to include the absolute - path in the command as the PATH may not be available to the - server.</para> - - <para>Default: <emphasis>depends on the setting of <link linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link></emphasis> - </para> - - <para>Example: <command moreinfo="none">queuepause command = enable %p - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml deleted file mode 100644 index 9bf5160ad5..0000000000 --- a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml +++ /dev/null @@ -1,31 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHOWADDPRINTERWIZARD"/>show add printer wizard (G)</term> - <listitem><para>With the introduction of MS-RPC based printing support - for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will - appear on Samba hosts in the share listing. Normally this folder will - contain an icon for the MS Add Printer Wizard (APW). However, it is - possible to disable this feature regardless of the level of privilege - of the connected user.</para> - - <para>Under normal circumstances, the Windows NT/2000 client will - open a handle on the printer server with OpenPrinterEx() asking for - Administrator privileges. If the user does not have administrative - access on the print server (i.e is not root or a member of the - <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx() - call fails and the client makes another open call with a request for - a lower privilege level. This should succeed, however the APW - icon will not be displayed.</para> - - <para>Disabling the <parameter moreinfo="none">show add printer wizard</parameter> - parameter will always cause the OpenPrinterEx() on the server - to fail. Thus the APW icon will never be displayed. <emphasis> - Note :</emphasis>This does not prevent the same user from having - administrative privilege on an individual printer.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter - command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND"> - <parameter moreinfo="none">deleteprinter command</parameter></link>, <link linkend="PRINTERADMIN"><parameter moreinfo="none">printer admin</parameter></link></para> - - <para>Default :<command moreinfo="none">show add printer wizard = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/totalprintjobs.xml b/docs/docbook/smbdotconf/printing/totalprintjobs.xml deleted file mode 100644 index 25784a3c29..0000000000 --- a/docs/docbook/smbdotconf/printing/totalprintjobs.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TOTALPRINTJOBS"/>total print jobs (G)</term> - <listitem><para>This parameter accepts an integer value which defines - a limit on the maximum number of print jobs that will be accepted - system wide at any given time. If a print job is submitted - by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will return an - error indicating that no space is available on the server. The - default value of 0 means that no such limit exists. This parameter - can be used to prevent a server from exceeding its capacity and is - designed as a printing throttle. See also - <link linkend="MAXPRINTJOBS"><parameter moreinfo="none">max print jobs</parameter></link>. - </para> - - <para>Default: <command moreinfo="none">total print jobs = 0</command></para> - <para>Example: <command moreinfo="none">total print jobs = 5000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/useclientdriver.xml b/docs/docbook/smbdotconf/printing/useclientdriver.xml deleted file mode 100644 index 8327d0aaa4..0000000000 --- a/docs/docbook/smbdotconf/printing/useclientdriver.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USECLIENTDRIVER"/>use client driver (S)</term> - <listitem><para>This parameter applies only to Windows NT/2000 - clients. It has no affect on Windows 95/98/ME clients. When - serving a printer to Windows NT/2000 clients without first installing - a valid printer driver on the Samba host, the client will be required - to install a local printer driver. From this point on, the client - will treat the print as a local printer and not a network printer - connection. This is much the same behavior that will occur - when <command moreinfo="none">disable spoolss = yes</command>. </para> - - <para>The differentiating - factor is that under normal circumstances, the NT/2000 client will - attempt to open the network printer using MS-RPC. The problem is that - because the client considers the printer to be local, it will attempt - to issue the OpenPrinterEx() call requesting access rights associated - with the logged on user. If the user possesses local administator rights - but not root privilegde on the Samba host (often the case), the OpenPrinterEx() - call will fail. The result is that the client will now display an "Access - Denied; Unable to connect" message in the printer queue window (even though - jobs may successfully be printed). </para> - - <para>If this parameter is enabled for a printer, then any attempt - to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped - to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() - call to succeed. <emphasis>This parameter MUST not be able enabled - on a print share which has valid print driver installed on the Samba - server.</emphasis></para> - - <para>See also <link linkend="DISABLESPOOLSS">disable spoolss</link> - </para> - - <para>Default: <command moreinfo="none">use client driver = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/process-all.sh b/docs/docbook/smbdotconf/process-all.sh deleted file mode 100755 index 6d8c9941b4..0000000000 --- a/docs/docbook/smbdotconf/process-all.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -sh generate-file-list.sh >parameters.all.xml - -xsltproc --xinclude \ - --param smb.context "'G'" \ - --output parameters.global.xml \ - generate-context.xsl parameters.all.xml - -xsltproc --xinclude \ - --param smb.context "'S'" \ - --output parameters.service.xml \ - generate-context.xsl parameters.all.xml - -xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \ -xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - diff --git a/docs/docbook/smbdotconf/protocol/announceas.xml b/docs/docbook/smbdotconf/protocol/announceas.xml deleted file mode 100644 index 1f3169609c..0000000000 --- a/docs/docbook/smbdotconf/protocol/announceas.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ANNOUNCEAS"/>announce as (G)</term> - <listitem><para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse - list. By default this is set to Windows NT. The valid options - are : "NT Server" (which can also be written as "NT"), - "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, - Windows NT Workstation, Windows 95 and Windows for Workgroups - respectively. Do not change this parameter unless you have a - specific need to stop Samba appearing as an NT server as this - may prevent Samba servers from participating as browser servers - correctly.</para> - - <para>Default: <command moreinfo="none">announce as = NT Server</command></para> - - <para>Example: <command moreinfo="none">announce as = Win95</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/announceversion.xml b/docs/docbook/smbdotconf/protocol/announceversion.xml deleted file mode 100644 index 03ad429dbd..0000000000 --- a/docs/docbook/smbdotconf/protocol/announceversion.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ANNOUNCEVERSION"/>announce version (G)</term> - <listitem><para>This specifies the major and minor version numbers - that nmbd will use when announcing itself as a server. The default - is 4.9. Do not change this parameter unless you have a specific - need to set a Samba server to be a downlevel server.</para> - - <para>Default: <command moreinfo="none">announce version = 4.9</command></para> - - <para>Example: <command moreinfo="none">announce version = 2.0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/disablenetbios.xml b/docs/docbook/smbdotconf/protocol/disablenetbios.xml deleted file mode 100644 index ac97cdf7c3..0000000000 --- a/docs/docbook/smbdotconf/protocol/disablenetbios.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DISABLENETBIOS"/>disable netbios (G)</term> - <listitem><para>Enabling this parameter will disable netbios support - in Samba. Netbios is the only available form of browsing in - all windows versions except for 2000 and XP. </para> - - <para>Note that clients that only support netbios won't be able to - see your samba server when netbios support is disabled. - </para> - - <para>Default: <command moreinfo="none">disable netbios = no</command></para> - <para>Example: <command moreinfo="none">disable netbios = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/largereadwrite.xml b/docs/docbook/smbdotconf/protocol/largereadwrite.xml deleted file mode 100644 index 9aa28593e6..0000000000 --- a/docs/docbook/smbdotconf/protocol/largereadwrite.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LARGEREADWRITE"/>large readwrite (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> supports the new 64k streaming - read and write varient SMB requests introduced - with Windows 2000. Note that due to Windows 2000 client redirector bugs - this requires Samba to be running on a 64-bit capable operating system such - as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with - Windows 2000 clients. Defaults to on. Not as tested as some other Samba - code paths. - </para> - - <para>Default : <command moreinfo="none">large readwrite = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxmux.xml b/docs/docbook/smbdotconf/protocol/maxmux.xml deleted file mode 100644 index 51296e0747..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxmux.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXMUX"/>max mux (G)</term> - <listitem><para>This option controls the maximum number of - outstanding simultaneous SMB operations that Samba tells the client - it will allow. You should never need to set this parameter.</para> - - <para>Default: <command moreinfo="none">max mux = 50</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxprotocol.xml b/docs/docbook/smbdotconf/protocol/maxprotocol.xml deleted file mode 100644 index be859f8ee3..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxprotocol.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXPROTOCOL"/>max protocol (G)</term> - <listitem><para>The value of the parameter (a string) is the highest - protocol level that will be supported by the server.</para> - - <para>Possible values are :</para> - <itemizedlist> - <listitem><para><constant>CORE</constant>: Earliest version. No - concept of user names.</para></listitem> - - <listitem><para><constant>COREPLUS</constant>: Slight improvements on - CORE for efficiency.</para></listitem> - - <listitem><para><constant>LANMAN1</constant>: First <emphasis> - modern</emphasis> version of the protocol. Long filename - support.</para></listitem> - - <listitem><para><constant>LANMAN2</constant>: Updates to Lanman1 protocol. - </para></listitem> - - <listitem><para><constant>NT1</constant>: Current up to date version of - the protocol. Used by Windows NT. Known as CIFS.</para></listitem> - </itemizedlist> - - <para>Normally this option should not be set as the automatic - negotiation phase in the SMB protocol takes care of choosing - the appropriate protocol.</para> - - <para>See also <link linkend="MINPROTOCOL"><parameter moreinfo="none">min - protocol</parameter></link></para> - - <para>Default: <command moreinfo="none">max protocol = NT1</command></para> - <para>Example: <command moreinfo="none">max protocol = LANMAN1</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxttl.xml b/docs/docbook/smbdotconf/protocol/maxttl.xml deleted file mode 100644 index 04c6771308..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxttl.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXTTL"/>max ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - what the default 'time to live' of NetBIOS names should be (in seconds) - when <command moreinfo="none">nmbd</command> is requesting a name using either a - broadcast packet or from a WINS server. You should never need to - change this parameter. The default is 3 days.</para> - - <para>Default: <command moreinfo="none">max ttl = 259200</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxwinsttl.xml b/docs/docbook/smbdotconf/protocol/maxwinsttl.xml deleted file mode 100644 index c8e2d9df8d..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxwinsttl.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXWINSTTL"/>max wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT"> - <parameter moreinfo="none">wins support = yes</parameter></link>) what the maximum - 'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command> - will grant will be (in seconds). You should never need to change this - parameter. The default is 6 days (518400 seconds).</para> - - <para>See also the <link linkend="MINWINSTTL"><parameter moreinfo="none">min - wins ttl</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">max wins ttl = 518400</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxxmit.xml b/docs/docbook/smbdotconf/protocol/maxxmit.xml deleted file mode 100644 index c16cf47655..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxxmit.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXXMIT"/>max xmit (G)</term> - <listitem><para>This option controls the maximum packet size - that will be negotiated by Samba. The default is 65535, which - is the maximum. In some cases you may find you get better performance - with a smaller value. A value below 2048 is likely to cause problems. - </para> - - <para>Default: <command moreinfo="none">max xmit = 65535</command></para> - <para>Example: <command moreinfo="none">max xmit = 8192</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/minprotocol.xml b/docs/docbook/smbdotconf/protocol/minprotocol.xml deleted file mode 100644 index 6b1d420a4b..0000000000 --- a/docs/docbook/smbdotconf/protocol/minprotocol.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPROTOCOL"/>min protocol (G)</term> - <listitem><para>The value of the parameter (a string) is the - lowest SMB protocol dialect than Samba will support. Please refer - to the <link linkend="MAXPROTOCOL"><parameter moreinfo="none">max protocol</parameter></link> - parameter for a list of valid protocol names and a brief description - of each. You may also wish to refer to the C source code in - <filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol - dialects supported by clients.</para> - - <para>If you are viewing this parameter as a security measure, you should - also refer to the <link linkend="LANMANAUTH"><parameter moreinfo="none">lanman - auth</parameter></link> parameter. Otherwise, you should never need - to change this parameter.</para> - - <para>Default : <command moreinfo="none">min protocol = CORE</command></para> - <para>Example : <command moreinfo="none">min protocol = NT1</command> # disable DOS - clients</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/minwinsttl.xml b/docs/docbook/smbdotconf/protocol/minwinsttl.xml deleted file mode 100644 index e67c253f2e..0000000000 --- a/docs/docbook/smbdotconf/protocol/minwinsttl.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINWINSTTL"/>min wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter moreinfo="none"> - wins support = yes</parameter></link>) what the minimum 'time to live' - of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in - seconds). You should never need to change this parameter. The default - is 6 hours (21600 seconds).</para> - - <para>Default: <command moreinfo="none">min wins ttl = 21600</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml deleted file mode 100644 index a5dd893902..0000000000 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ /dev/null @@ -1,47 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NAMERESOLVEORDER"/>name resolve order (G)</term> - <listitem><para>This option is used by the programs in the Samba - suite to determine what naming services to use and in what order - to resolve host names to IP addresses. The option takes a space - separated string of name resolution options.</para> - - <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows :</para> - - <itemizedlist> - <listitem><para><constant>lmhosts</constant> : Lookup an IP - address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then - any name type matches for lookup.</para></listitem> - - <listitem><para><constant>host</constant> : Do a standard host - name to IP address resolution, using the system <filename moreinfo="none">/etc/hosts - </filename>, NIS, or DNS lookups. This method of name resolution - is operating system depended for instance on IRIX or Solaris this - may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename> - file. Note that this method is only used if the NetBIOS name - type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para></listitem> - - <listitem><para><constant>wins</constant> : Query a name with - the IP address listed in the <link linkend="WINSSERVER"><parameter moreinfo="none"> - wins server</parameter></link> parameter. If no WINS server has - been specified this method will be ignored.</para></listitem> - - <listitem><para><constant>bcast</constant> : Do a broadcast on - each of the known local interfaces listed in the <link linkend="INTERFACES"><parameter moreinfo="none">interfaces</parameter></link> - parameter. This is the least reliable of the name resolution - methods as it depends on the target host being on a locally - connected subnet.</para></listitem> - </itemizedlist> - - <para>Default: <command moreinfo="none">name resolve order = lmhosts host wins bcast - </command></para> - <para>Example: <command moreinfo="none">name resolve order = lmhosts bcast host - </command></para> - - <para>This will cause the local lmhosts file to be examined - first, followed by a broadcast attempt, followed by a normal - system hostname lookup.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/ntaclsupport.xml b/docs/docbook/smbdotconf/protocol/ntaclsupport.xml deleted file mode 100644 index df0d8dc068..0000000000 --- a/docs/docbook/smbdotconf/protocol/ntaclsupport.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTACLSUPPORT"/>nt acl support (S)</term> - <listitem><para>This boolean parameter controls whether - <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map - UNIX permissions into Windows NT access control lists. - This parameter was formally a global parameter in releases - prior to 2.2.2.</para> - - <para>Default: <command moreinfo="none">nt acl support = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/ntpipesupport.xml b/docs/docbook/smbdotconf/protocol/ntpipesupport.xml deleted file mode 100644 index cab2032847..0000000000 --- a/docs/docbook/smbdotconf/protocol/ntpipesupport.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTPIPESUPPORT"/>nt pipe support (G)</term> - <listitem><para>This boolean parameter controls whether - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will allow Windows NT - clients to connect to the NT SMB specific <constant>IPC$</constant> - pipes. This is a developer debugging option and can be left - alone.</para> - - <para>Default: <command moreinfo="none">nt pipe support = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/ntstatussupport.xml b/docs/docbook/smbdotconf/protocol/ntstatussupport.xml deleted file mode 100644 index 17dafa47c5..0000000000 --- a/docs/docbook/smbdotconf/protocol/ntstatussupport.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTSTATUSSUPPORT"/>nt status support (G)</term> - <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status - support with Windows NT/2k/XP clients. This is a developer - debugging option and should be left alone. - If this option is set to <constant>no</constant> then Samba offers - exactly the same DOS error codes that versions prior to Samba 2.2.3 - reported.</para> - - <para>You should not need to ever disable this parameter.</para> - - <para>Default: <command moreinfo="none">nt status support = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/protocol.xml b/docs/docbook/smbdotconf/protocol/protocol.xml deleted file mode 100644 index 5161806cfc..0000000000 --- a/docs/docbook/smbdotconf/protocol/protocol.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PROTOCOL"/>protocol (G)</term> - <listitem><para>Synonym for <link linkend="MAXPROTOCOL"> - <parameter moreinfo="none">max protocol</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/readbmpx.xml b/docs/docbook/smbdotconf/protocol/readbmpx.xml deleted file mode 100644 index 0bc8f1d10b..0000000000 --- a/docs/docbook/smbdotconf/protocol/readbmpx.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READBMPX"/>read bmpx (G)</term> - <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will support the "Read - Block Multiplex" SMB. This is now rarely used and defaults to - <constant>no</constant>. You should never need to set this - parameter.</para> - - <para>Default: <command moreinfo="none">read bmpx = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/readraw.xml b/docs/docbook/smbdotconf/protocol/readraw.xml deleted file mode 100644 index b867816e84..0000000000 --- a/docs/docbook/smbdotconf/protocol/readraw.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READRAW"/>read raw (G)</term> - <listitem><para>This parameter controls whether or not the server - will support the raw read SMB requests when transferring data - to clients.</para> - - <para>If enabled, raw reads allow reads of 65535 bytes in - one packet. This typically provides a major performance benefit. - </para> - - <para>However, some clients either negotiate the allowable - block size incorrectly or are incapable of supporting larger block - sizes, and for these clients you may need to disable raw reads.</para> - - <para>In general this parameter should be viewed as a system tuning - tool and left severely alone. See also <link linkend="WRITERAW"> - <parameter moreinfo="none">write raw</parameter></link>.</para> - - <para>Default: <command moreinfo="none">read raw = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/smbports.xml b/docs/docbook/smbdotconf/protocol/smbports.xml deleted file mode 100644 index ed088ab9d2..0000000000 --- a/docs/docbook/smbdotconf/protocol/smbports.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SMBPORTS"/>smb ports (G)</term> - <listitem><para>Specifies which ports the server should listen on - for SMB traffic. - </para> - - <para>Default: <command moreinfo="none">smb ports = 445 139</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/timeserver.xml b/docs/docbook/smbdotconf/protocol/timeserver.xml deleted file mode 100644 index eb1a720a8d..0000000000 --- a/docs/docbook/smbdotconf/protocol/timeserver.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TIMESERVER"/>time server (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows - clients.</para> - - <para>Default: <command moreinfo="none">time server = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/unicode.xml b/docs/docbook/smbdotconf/protocol/unicode.xml deleted file mode 100644 index 866dad28a0..0000000000 --- a/docs/docbook/smbdotconf/protocol/unicode.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UNICODE"/>unicode (G)</term> - <listitem><para>Specifies whether Samba should try - to use unicode on the wire by default. Note: This does NOT - mean that samba will assume that the unix machine uses unicode! - </para> - - <para>Default: <command moreinfo="none">unicode = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/unixextensions.xml b/docs/docbook/smbdotconf/protocol/unixextensions.xml deleted file mode 100644 index d0adde9d27..0000000000 --- a/docs/docbook/smbdotconf/protocol/unixextensions.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UNIXEXTENSIONS"/>unix extensions(G)</term> - <listitem><para>This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. - These extensions enable Samba to better serve UNIX CIFS clients - by supporting features such as symbolic links, hard links, etc... - These extensions require a similarly enabled client, and are of - no current use to Windows clients.</para> - - <para>Default: <command moreinfo="none">unix extensions = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/usespnego.xml b/docs/docbook/smbdotconf/protocol/usespnego.xml deleted file mode 100644 index 9e3c873a4b..0000000000 --- a/docs/docbook/smbdotconf/protocol/usespnego.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USESPNEGO"/>use spnego (G)</term> - <listitem><para> This variable controls controls whether samba will try - to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. - Unless further issues are discovered with our SPNEGO - implementation, there is no reason this should ever be - disabled.</para> - <para>Default: <emphasis>use spnego = yes</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/writeraw.xml b/docs/docbook/smbdotconf/protocol/writeraw.xml deleted file mode 100644 index dbaad0130e..0000000000 --- a/docs/docbook/smbdotconf/protocol/writeraw.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITERAW"/>write raw (G)</term> - <listitem><para>This parameter controls whether or not the server - will support raw write SMB's when transferring data from clients. - You should never need to change this parameter.</para> - - <para>Default: <command moreinfo="none">write raw = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/adminusers.xml b/docs/docbook/smbdotconf/security/adminusers.xml deleted file mode 100644 index 2e1abaf6e1..0000000000 --- a/docs/docbook/smbdotconf/security/adminusers.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADMINUSERS"/>admin users (S)</term> - <listitem><para>This is a list of users who will be granted - administrative privileges on the share. This means that they - will do all file operations as the super-user (root).</para> - - <para>You should use this option very carefully, as any user in - this list will be able to do anything they like on the share, - irrespective of file permissions.</para> - - <para>Default: <emphasis>no admin users</emphasis></para> - - <para>Example: <command moreinfo="none">admin users = jason</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/algorithmicridbase.xml b/docs/docbook/smbdotconf/security/algorithmicridbase.xml deleted file mode 100644 index 3c2bf8686e..0000000000 --- a/docs/docbook/smbdotconf/security/algorithmicridbase.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ALGORITHMICRIDBASE"/>algorithmic rid base (G)</term> - <listitem><para>This determines how Samba will use its - algorithmic mapping from uids/gid to the RIDs needed to construct - NT Security Identifiers.</para> - - <para>Setting this option to a larger value could be useful to sites - transitioning from WinNT and Win2k, as existing user and - group rids would otherwise clash with sytem users etc. - </para> - - <para>All UIDs and GIDs must be able to be resolved into SIDs for - the correct operation of ACLs on the server. As such the algorithmic - mapping can't be 'turned off', but pushing it 'out of the way' should - resolve the issues. Users and groups can then be assigned 'low' RIDs - in arbitary-rid supporting backends. </para> - - <para>Default: <command moreinfo="none">algorithmic rid base = 1000</command></para> - - <para>Example: <command moreinfo="none">algorithmic rid base = 100000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/allowhosts.xml b/docs/docbook/smbdotconf/security/allowhosts.xml deleted file mode 100644 index 7fd2f426f8..0000000000 --- a/docs/docbook/smbdotconf/security/allowhosts.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ALLOWHOSTS"/>allow hosts (S)</term> - <listitem><para>Synonym for <link linkend="HOSTSALLOW"> - <parameter moreinfo="none">hosts allow</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml deleted file mode 100644 index 35dcd76cbd..0000000000 --- a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ALLOWTRUSTEDDOMAINS"/>allow trusted domains (G)</term> - <listitem><para>This option only takes effect when the <link linkend="SECURITY"><parameter moreinfo="none">security</parameter></link> option is set to - <constant>server</constant> or <constant>domain</constant>. - If it is set to no, then attempts to connect to a resource from - a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running - in will fail, even if that domain is trusted by the remote server - doing the authentication.</para> - - <para>This is useful if you only want your Samba server to - serve resources to users in the domain it is a member of. As - an example, suppose that there are two domains DOMA and DOMB. DOMB - is trusted by DOMA, which contains the Samba server. Under normal - circumstances, a user with an account in DOMB can then access the - resources of a UNIX account with the same account name on the - Samba server even if they do not have an account in DOMA. This - can make implementing a security boundary difficult.</para> - - <para>Default: <command moreinfo="none">allow trusted domains = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/authmethods.xml b/docs/docbook/smbdotconf/security/authmethods.xml deleted file mode 100644 index 2e569558a0..0000000000 --- a/docs/docbook/smbdotconf/security/authmethods.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="AUTHMETHODS"/>auth methods (G)</term> - <listitem><para>This option allows the administrator to chose what - authentication methods <command moreinfo="none">smbd</command> will use when authenticating - a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link>. - - Each entry in the list attempts to authenticate the user in turn, until - the user authenticates. In practice only one method will ever actually - be able to complete the authentication. - </para> - - <para>Default: <command moreinfo="none">auth methods = <empty string></command></para> - <para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/createmask.xml b/docs/docbook/smbdotconf/security/createmask.xml deleted file mode 100644 index 9a197bf7c3..0000000000 --- a/docs/docbook/smbdotconf/security/createmask.xml +++ /dev/null @@ -1,39 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CREATEMASK"/>create mask (S)</term> - <listitem><para>A synonym for this parameter is - <link linkend="CREATEMODE"><parameter moreinfo="none">create mode</parameter> - </link>.</para> - - <para>When a file is created, the necessary permissions are - calculated according to the mapping from DOS modes to UNIX - permissions, and the resulting UNIX mode is then bit-wise 'AND'ed - with this parameter. This parameter may be thought of as a bit-wise - MASK for the UNIX modes of a file. Any bit <emphasis>not</emphasis> - set here will be removed from the modes set on a file when it is - created.</para> - - <para>The default value of this parameter removes the - 'group' and 'other' write and execute bits from the UNIX modes.</para> - - <para>Following this Samba will bit-wise 'OR' the UNIX mode created - from this parameter with the value of the <link linkend="FORCECREATEMODE"><parameter moreinfo="none">force create mode</parameter></link> - parameter which is set to 000 by default.</para> - - <para>This parameter does not affect directory modes. See the - parameter <link linkend="DIRECTORYMODE"><parameter moreinfo="none">directory mode - </parameter></link> for details.</para> - - <para>See also the <link linkend="FORCECREATEMODE"><parameter moreinfo="none">force - create mode</parameter></link> parameter for forcing particular mode - bits to be set on created files. See also the <link linkend="DIRECTORYMODE"> - <parameter moreinfo="none">directory mode</parameter></link> parameter for masking - mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS"> - <parameter moreinfo="none">inherit permissions</parameter></link> parameter.</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link linkend="SECURITYMASK"><parameter moreinfo="none">security mask</parameter></link>.</para> - - <para>Default: <command moreinfo="none">create mask = 0744</command></para> - <para>Example: <command moreinfo="none">create mask = 0775</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/createmode.xml b/docs/docbook/smbdotconf/security/createmode.xml deleted file mode 100644 index 7e78ab0181..0000000000 --- a/docs/docbook/smbdotconf/security/createmode.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CREATEMODE"/>create mode (S)</term> - <listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter moreinfo="none"> - create mask</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/denyhosts.xml b/docs/docbook/smbdotconf/security/denyhosts.xml deleted file mode 100644 index f50fb33d33..0000000000 --- a/docs/docbook/smbdotconf/security/denyhosts.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DENYHOSTS"/>deny hosts (S)</term> - <listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter moreinfo="none">hosts - deny</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/directorymask.xml b/docs/docbook/smbdotconf/security/directorymask.xml deleted file mode 100644 index 0844733ede..0000000000 --- a/docs/docbook/smbdotconf/security/directorymask.xml +++ /dev/null @@ -1,43 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DIRECTORYMASK"/>directory mask (S)</term> - <listitem><para>This parameter is the octal modes which are - used when converting DOS modes to UNIX modes when creating UNIX - directories.</para> - - <para>When a directory is created, the necessary permissions are - calculated according to the mapping from DOS modes to UNIX permissions, - and the resulting UNIX mode is then bit-wise 'AND'ed with this - parameter. This parameter may be thought of as a bit-wise MASK for - the UNIX modes of a directory. Any bit <emphasis>not</emphasis> set - here will be removed from the modes set on a directory when it is - created.</para> - - <para>The default value of this parameter removes the 'group' - and 'other' write bits from the UNIX mode, allowing only the - user who owns the directory to modify it.</para> - - <para>Following this Samba will bit-wise 'OR' the UNIX mode - created from this parameter with the value of the <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force directory mode - </parameter></link> parameter. This parameter is set to 000 by - default (i.e. no extra mode bits are added).</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory security mask</parameter></link>.</para> - - <para>See the <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force - directory mode</parameter></link> parameter to cause particular mode - bits to always be set on created directories.</para> - - <para>See also the <link linkend="CREATEMODE"><parameter moreinfo="none">create mode - </parameter></link> parameter for masking mode bits on created files, - and the <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory - security mask</parameter></link> parameter.</para> - - <para>Also refer to the <link linkend="INHERITPERMISSIONS"><parameter moreinfo="none"> - inherit permissions</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">directory mask = 0755</command></para> - <para>Example: <command moreinfo="none">directory mask = 0775</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/directorymode.xml b/docs/docbook/smbdotconf/security/directorymode.xml deleted file mode 100644 index 9678cd91ad..0000000000 --- a/docs/docbook/smbdotconf/security/directorymode.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DIRECTORYMODE"/>directory mode (S)</term> - <listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter moreinfo="none"> - directory mask</parameter></link></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/directorysecuritymask.xml b/docs/docbook/smbdotconf/security/directorysecuritymask.xml deleted file mode 100644 index 76d153f6f4..0000000000 --- a/docs/docbook/smbdotconf/security/directorysecuritymask.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DIRECTORYSECURITYMASK"/>directory security mask (S)</term> - <listitem><para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog - box.</para> - - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> - - <para>If not set explicitly this parameter is set to 0777 - meaning a user is allowed to modify all the user/group/world - permissions on a directory.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it as the default of <constant>0777</constant>.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none"> - force directory security mode</parameter></link>, <link linkend="SECURITYMASK"><parameter moreinfo="none">security mask</parameter></link>, - <link linkend="FORCESECURITYMODE"><parameter moreinfo="none">force security mode - </parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">directory security mask = 0777</command></para> - <para>Example: <command moreinfo="none">directory security mask = 0700</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/encryptpasswords.xml b/docs/docbook/smbdotconf/security/encryptpasswords.xml deleted file mode 100644 index d7ceb8d598..0000000000 --- a/docs/docbook/smbdotconf/security/encryptpasswords.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ENCRYPTPASSWORDS"/>encrypt passwords (G)</term> - <listitem><para>This boolean controls whether encrypted passwords - will be negotiated with the client. Note that Windows NT 4.0 SP3 and - above and also Windows 98 will by default expect encrypted passwords - unless a registry entry is changed. To use encrypted passwords in - Samba see the file ENCRYPTION.txt in the Samba documentation - directory <filename moreinfo="none">docs/</filename> shipped with the source code.</para> - - <para>In order for encrypted passwords to work correctly - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must either - have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program for information on how to set up - and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which - causes <command moreinfo="none">smbd</command> to authenticate against another - server.</para> - - <para>Default: <command moreinfo="none">encrypt passwords = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcecreatemode.xml b/docs/docbook/smbdotconf/security/forcecreatemode.xml deleted file mode 100644 index 238340d7c5..0000000000 --- a/docs/docbook/smbdotconf/security/forcecreatemode.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCECREATEMODE"/>force create mode (S)</term> - <listitem><para>This parameter specifies a set of UNIX mode bit - permissions that will <emphasis>always</emphasis> be set on a - file created by Samba. This is done by bitwise 'OR'ing these bits onto - the mode bits of a file that is being created or having its - permissions changed. The default for this parameter is (in octal) - 000. The modes in this parameter are bitwise 'OR'ed onto the file - mode after the mask set in the <parameter moreinfo="none">create mask</parameter> - parameter is applied.</para> - - <para>See also the parameter <link linkend="CREATEMASK"><parameter moreinfo="none">create - mask</parameter></link> for details on masking mode bits on files.</para> - - <para>See also the <link linkend="INHERITPERMISSIONS"><parameter moreinfo="none">inherit - permissions</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">force create mode = 000</command></para> - <para>Example: <command moreinfo="none">force create mode = 0755</command></para> - - <para>would force all created files to have read and execute - permissions set for 'group' and 'other' as well as the - read/write/execute bits set for the 'user'.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcedirectorymode.xml b/docs/docbook/smbdotconf/security/forcedirectorymode.xml deleted file mode 100644 index 460a7fc6f2..0000000000 --- a/docs/docbook/smbdotconf/security/forcedirectorymode.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEDIRECTORYMODE"/>force directory mode (S)</term> - <listitem><para>This parameter specifies a set of UNIX mode bit - permissions that will <emphasis>always</emphasis> be set on a directory - created by Samba. This is done by bitwise 'OR'ing these bits onto the - mode bits of a directory that is being created. The default for this - parameter is (in octal) 0000 which will not add any extra permission - bits to a created directory. This operation is done after the mode - mask in the parameter <parameter moreinfo="none">directory mask</parameter> is - applied.</para> - - <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter moreinfo="none"> - directory mask</parameter></link> for details on masking mode bits - on created directories.</para> - - <para>See also the <link linkend="INHERITPERMISSIONS"><parameter moreinfo="none"> - inherit permissions</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">force directory mode = 000</command></para> - <para>Example: <command moreinfo="none">force directory mode = 0755</command></para> - - <para>would force all created directories to have read and execute - permissions set for 'group' and 'other' as well as the - read/write/execute bits set for the 'user'.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcedirectorysecuritymode.xml b/docs/docbook/smbdotconf/security/forcedirectorysecuritymode.xml deleted file mode 100644 index a01b297b05..0000000000 --- a/docs/docbook/smbdotconf/security/forcedirectorysecuritymode.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEDIRECTORYSECURITYMODE"/>force directory security mode (S)</term> - <listitem><para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a directory, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is 000, which - allows a user to modify all the user/group/world permissions on a - directory without restrictions.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it set as 0000.</para> - - <para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none"> - directory security mask</parameter></link>, <link linkend="SECURITYMASK"> - <parameter moreinfo="none">security mask</parameter></link>, - <link linkend="FORCESECURITYMODE"><parameter moreinfo="none">force security mode - </parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">force directory security mode = 0</command></para> - <para>Example: <command moreinfo="none">force directory security mode = 700</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcegroup.xml b/docs/docbook/smbdotconf/security/forcegroup.xml deleted file mode 100644 index abfec79e03..0000000000 --- a/docs/docbook/smbdotconf/security/forcegroup.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEGROUP"/>force group (S)</term> - <listitem><para>This specifies a UNIX group name that will be - assigned as the default primary group for all users connecting - to this service. This is useful for sharing files by ensuring - that all access to files on service will use the named group for - their permissions checking. Thus, by assigning permissions for this - group to the files and directories within this service the Samba - administrator can restrict or allow sharing of these files.</para> - - <para>In Samba 2.0.5 and above this parameter has extended - functionality in the following way. If the group name listed here - has a '+' character prepended to it then the current user accessing - the share only has the primary group default assigned to this group - if they are already assigned as a member of that group. This allows - an administrator to decide that only users who are already in a - particular group will create files with group ownership set to that - group. This gives a finer granularity of ownership assignment. For - example, the setting <filename moreinfo="none">force group = +sys</filename> means - that only users who are already in group sys will have their default - primary group assigned to sys when accessing this Samba share. All - other users will retain their ordinary primary group.</para> - - <para>If the <link linkend="FORCEUSER"><parameter moreinfo="none">force user - </parameter></link> parameter is also set the group specified in - <parameter moreinfo="none">force group</parameter> will override the primary group - set in <parameter moreinfo="none">force user</parameter>.</para> - - <para>See also <link linkend="FORCEUSER"><parameter moreinfo="none">force - user</parameter></link>.</para> - - <para>Default: <emphasis>no forced group</emphasis></para> - <para>Example: <command moreinfo="none">force group = agroup</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcesecuritymode.xml b/docs/docbook/smbdotconf/security/forcesecuritymode.xml deleted file mode 100644 index 2db50f1ce3..0000000000 --- a/docs/docbook/smbdotconf/security/forcesecuritymode.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term> - <listitem><para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security dialog - box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a file, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is set to 0, - and allows a user to modify all the user/group/world permissions on a file, - with no restrictions.</para> - - <para><emphasis>Note</emphasis> that users who can access - the Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - this set to 0000.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none"> - force directory security mode</parameter></link>, - <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory security - mask</parameter></link>, <link linkend="SECURITYMASK"><parameter moreinfo="none"> - security mask</parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">force security mode = 0</command></para> - <para>Example: <command moreinfo="none">force security mode = 700</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forceuser.xml b/docs/docbook/smbdotconf/security/forceuser.xml deleted file mode 100644 index 4747db13fe..0000000000 --- a/docs/docbook/smbdotconf/security/forceuser.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEUSER"/>force user (S)</term> - <listitem><para>This specifies a UNIX user name that will be - assigned as the default user for all users connecting to this service. - This is useful for sharing files. You should also use it carefully - as using it incorrectly can cause security problems.</para> - - <para>This user name only gets used once a connection is established. - Thus clients still need to connect as a valid user and supply a - valid password. Once connected, all file operations will be performed - as the "forced user", no matter what username the client connected - as. This can be very useful.</para> - - <para>In Samba 2.0.5 and above this parameter also causes the - primary group of the forced user to be used as the primary group - for all file activity. Prior to 2.0.5 the primary group was left - as the primary group of the connecting user (this was a bug).</para> - - <para>See also <link linkend="FORCEGROUP"><parameter moreinfo="none">force group - </parameter></link></para> - - <para>Default: <emphasis>no forced user</emphasis></para> - <para>Example: <command moreinfo="none">force user = auser</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/group.xml b/docs/docbook/smbdotconf/security/group.xml deleted file mode 100644 index afc410ce34..0000000000 --- a/docs/docbook/smbdotconf/security/group.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GROUP"/>group (S)</term> - <listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter moreinfo="none">force - group</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/guestaccount.xml b/docs/docbook/smbdotconf/security/guestaccount.xml deleted file mode 100644 index ab15c4460d..0000000000 --- a/docs/docbook/smbdotconf/security/guestaccount.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GUESTACCOUNT"/>guest account (S)</term> - <listitem><para>This is a username which will be used for access - to services which are specified as <link linkend="GUESTOK"><parameter moreinfo="none"> - guest ok</parameter></link> (see below). Whatever privileges this - user has will be available to any client connecting to the guest service. - Typically this user will exist in the password file, but will not - have a valid login. The user account "ftp" is often a good choice - for this parameter. If a username is specified in a given service, - the specified username overrides this one.</para> - - <para>One some systems the default guest account "nobody" may not - be able to print. Use another account in this case. You should test - this by trying to log in as your guest user (perhaps by using the - <command moreinfo="none">su -</command> command) and trying to print using the - system print command such as <command moreinfo="none">lpr(1)</command> or <command moreinfo="none"> - lp(1)</command>.</para> - - <para>This parameter does not accept % macros, because - many parts of the system require this value to be - constant for correct operation.</para> - - <para>Default: <emphasis>specified at compile time, usually - "nobody"</emphasis></para> - - <para>Example: <command moreinfo="none">guest account = ftp</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/guestok.xml b/docs/docbook/smbdotconf/security/guestok.xml deleted file mode 100644 index 2b7a8cee8a..0000000000 --- a/docs/docbook/smbdotconf/security/guestok.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GUESTOK"/>guest ok (S)</term> - <listitem><para>If this parameter is <constant>yes</constant> for - a service, then no password is required to connect to the service. - Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> - guest account</parameter></link>.</para> - - <para>This paramater nullifies the benifits of setting - <link linkend="RESTRICTANONYMOUS"><parameter moreinfo="none">restrict - anonymous</parameter></link> = 2</para> - - <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link> for more information about this option. - </para> - - <para>Default: <command moreinfo="none">guest ok = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/guestonly.xml b/docs/docbook/smbdotconf/security/guestonly.xml deleted file mode 100644 index ac7f62ad68..0000000000 --- a/docs/docbook/smbdotconf/security/guestonly.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GUESTONLY"/>guest only (S)</term> - <listitem><para>If this parameter is <constant>yes</constant> for - a service, then only guest connections to the service are permitted. - This parameter will have no effect if <link linkend="GUESTOK"> - <parameter moreinfo="none">guest ok</parameter></link> is not set for the service.</para> - - <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link> for more information about this option. - </para> - - <para>Default: <command moreinfo="none">guest only = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/hostsallow.xml b/docs/docbook/smbdotconf/security/hostsallow.xml deleted file mode 100644 index ea91b73903..0000000000 --- a/docs/docbook/smbdotconf/security/hostsallow.xml +++ /dev/null @@ -1,60 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSALLOW"/>hosts allow (S)</term> - <listitem><para>A synonym for this parameter is <parameter moreinfo="none">allow - hosts</parameter>.</para> - - <para>This parameter is a comma, space, or tab delimited - set of hosts which are permitted to access a service.</para> - - <para>If specified in the [global] section then it will - apply to all services, regardless of whether the individual - service has a different setting.</para> - - <para>You can specify the hosts by name or IP number. For - example, you could restrict access to only the hosts on a - Class C subnet with something like <command moreinfo="none">allow hosts = 150.203.5. - </command>. The full syntax of the list is described in the man - page <filename moreinfo="none">hosts_access(5)</filename>. Note that this man - page may not be present on your system, so a brief description will - be given here also.</para> - - <para>Note that the localhost address 127.0.0.1 will always - be allowed access unless specifically denied by a <link linkend="HOSTSDENY"><parameter moreinfo="none">hosts deny</parameter></link> option.</para> - - <para>You can also specify hosts by network/netmask pairs and - by netgroup names if your system supports netgroups. The - <emphasis>EXCEPT</emphasis> keyword can also be used to limit a - wildcard list. The following examples may provide some help:</para> - - <para>Example 1: allow all IPs in 150.203.*.*; except one</para> - - <para><command moreinfo="none">hosts allow = 150.203. EXCEPT 150.203.6.66</command></para> - - <para>Example 2: allow hosts that match the given network/netmask</para> - - <para><command moreinfo="none">hosts allow = 150.203.15.0/255.255.255.0</command></para> - - <para>Example 3: allow a couple of hosts</para> - - <para><command moreinfo="none">hosts allow = lapland, arvidsjaur</command></para> - - <para>Example 4: allow only hosts in NIS netgroup "foonet", but - deny access from one particular host</para> - - <para><command moreinfo="none">hosts allow = @foonet</command></para> - - <para><command moreinfo="none">hosts deny = pirate</command></para> - - <para>Note that access still requires suitable user-level passwords.</para> - - <para>See <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> for a way of testing your host access - to see if it does what you expect.</para> - - <para>Default: <emphasis>none (i.e., all hosts permitted access) - </emphasis></para> - - <para>Example: <command moreinfo="none">allow hosts = 150.203.5. myhost.mynet.edu.au - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/hostsdeny.xml b/docs/docbook/smbdotconf/security/hostsdeny.xml deleted file mode 100644 index f37e2b7e4d..0000000000 --- a/docs/docbook/smbdotconf/security/hostsdeny.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSDENY"/>hosts deny (S)</term> - <listitem><para>The opposite of <parameter moreinfo="none">hosts allow</parameter> - - hosts listed here are <emphasis>NOT</emphasis> permitted access to - services unless the specific services have their own lists to override - this one. Where the lists conflict, the <parameter moreinfo="none">allow</parameter> - list takes precedence.</para> - - <para>Default: <emphasis>none (i.e., no hosts specifically excluded) - </emphasis></para> - - <para>Example: <command moreinfo="none">hosts deny = 150.203.4. badhost.mynet.edu.au - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/hostsequiv.xml b/docs/docbook/smbdotconf/security/hostsequiv.xml deleted file mode 100644 index 68d6d628e8..0000000000 --- a/docs/docbook/smbdotconf/security/hostsequiv.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term> - <listitem><para>If this global parameter is a non-null string, - it specifies the name of a file to read for the names of hosts - and users who will be allowed access without specifying a password. - </para> - - <para>This is not be confused with <link linkend="HOSTSALLOW"> - <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts - access to services and is more useful for guest services. <parameter moreinfo="none"> - hosts equiv</parameter> may be useful for NT clients which will - not supply passwords to Samba.</para> - - <para><emphasis>NOTE :</emphasis> The use of <parameter moreinfo="none">hosts equiv - </parameter> can be a major security hole. This is because you are - trusting the PC to supply the correct username. It is very easy to - get a PC to supply a false username. I recommend that the - <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really - know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you <emphasis>really</emphasis> trust - them :-).</para> - - <para>Default: <emphasis>no host equivalences</emphasis></para> - <para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/inheritacls.xml b/docs/docbook/smbdotconf/security/inheritacls.xml deleted file mode 100644 index f70c0d9165..0000000000 --- a/docs/docbook/smbdotconf/security/inheritacls.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INHERITACLS"/>inherit acls (S)</term> - <listitem><para>This parameter can be used to ensure - that if default acls exist on parent directories, - they are always honored when creating a subdirectory. - The default behavior is to use the mode specified - when creating the directory. Enabling this option - sets the mode to 0777, thus guaranteeing that - default directory acls are propagated. - </para> - - <para>Default: <command moreinfo="none">inherit acls = no</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/inheritpermissions.xml b/docs/docbook/smbdotconf/security/inheritpermissions.xml deleted file mode 100644 index 34fade33d0..0000000000 --- a/docs/docbook/smbdotconf/security/inheritpermissions.xml +++ /dev/null @@ -1,36 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INHERITPERMISSIONS"/>inherit permissions (S)</term> - <listitem><para>The permissions on new files and directories - are normally governed by <link linkend="CREATEMASK"><parameter moreinfo="none"> - create mask</parameter></link>, <link linkend="DIRECTORYMASK"> - <parameter moreinfo="none">directory mask</parameter></link>, <link linkend="FORCECREATEMODE"><parameter moreinfo="none">force create mode</parameter> - </link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force - directory mode</parameter></link> but the boolean inherit - permissions parameter overrides this.</para> - - <para>New directories inherit the mode of the parent directory, - including bits such as setgid.</para> - - <para>New files inherit their read/write bits from the parent - directory. Their execute bits continue to be determined by - <link linkend="MAPARCHIVE"><parameter moreinfo="none">map archive</parameter> - </link>, <link linkend="MAPHIDDEN"><parameter moreinfo="none">map hidden</parameter> - </link> and <link linkend="MAPSYSTEM"><parameter moreinfo="none">map system</parameter> - </link> as usual.</para> - - <para>Note that the setuid bit is <emphasis>never</emphasis> set via - inheritance (the code explicitly prohibits this).</para> - - <para>This can be particularly useful on large systems with - many users, perhaps several thousand, to allow a single [homes] - share to be used flexibly by each user.</para> - - <para>See also <link linkend="CREATEMASK"><parameter moreinfo="none">create mask - </parameter></link>, <link linkend="DIRECTORYMASK"><parameter moreinfo="none"> - directory mask</parameter></link>, <link linkend="FORCECREATEMODE"> - <parameter moreinfo="none">force create mode</parameter></link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force directory mode</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">inherit permissions = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/invalidusers.xml b/docs/docbook/smbdotconf/security/invalidusers.xml deleted file mode 100644 index 34e534ff28..0000000000 --- a/docs/docbook/smbdotconf/security/invalidusers.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INVALIDUSERS"/>invalid users (S)</term> - <listitem><para>This is a list of users that should not be allowed - to login to this service. This is really a <emphasis>paranoid</emphasis> - check to absolutely ensure an improper setting does not breach - your security.</para> - - <para>A name starting with a '@' is interpreted as an NIS - netgroup first (if your system supports NIS), and then as a UNIX - group if the name was not found in the NIS netgroup database.</para> - - <para>A name starting with '+' is interpreted only - by looking in the UNIX group database. A name starting with - '&' is interpreted only by looking in the NIS netgroup database - (this requires NIS to be working on your system). The characters - '+' and '&' may be used at the start of the name in either order - so the value <parameter moreinfo="none">+&group</parameter> means check the - UNIX group database, followed by the NIS netgroup database, and - the value <parameter moreinfo="none">&+group</parameter> means check the NIS - netgroup database, followed by the UNIX group database (the - same as the '@' prefix).</para> - - <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. - This is useful in the [homes] section.</para> - - <para>See also <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users - </parameter></link>.</para> - - <para>Default: <emphasis>no invalid users</emphasis></para> - <para>Example: <command moreinfo="none">invalid users = root fred admin @wheel - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/lanmanauth.xml b/docs/docbook/smbdotconf/security/lanmanauth.xml deleted file mode 100644 index 851b1ae4ac..0000000000 --- a/docs/docbook/smbdotconf/security/lanmanauth.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LANMANAUTH"/>lanman auth (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users - using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> - - <para>Default : <command moreinfo="none">lanman auth = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/maptoguest.xml b/docs/docbook/smbdotconf/security/maptoguest.xml deleted file mode 100644 index 966260a9b1..0000000000 --- a/docs/docbook/smbdotconf/security/maptoguest.xml +++ /dev/null @@ -1,53 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPTOGUEST"/>map to guest (G)</term> - <listitem><para>This parameter is only useful in <link linkend="SECURITY"> - security</link> modes other than <parameter moreinfo="none">security = share</parameter> - - i.e. <constant>user</constant>, <constant>server</constant>, - and <constant>domain</constant>.</para> - - <para>This parameter can take three different values, which tell - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> what to do with user - login requests that don't match a valid UNIX user in some way.</para> - - <para>The three settings are :</para> - - <itemizedlist> - <listitem><para><constant>Never</constant> - Means user login - requests with an invalid password are rejected. This is the - default.</para></listitem> - - <listitem><para><constant>Bad User</constant> - Means user - logins with an invalid password are rejected, unless the username - does not exist, in which case it is treated as a guest login and - mapped into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> - guest account</parameter></link>.</para></listitem> - - <listitem><para><constant>Bad Password</constant> - Means user logins - with an invalid password are treated as a guest login and mapped - into the <link linkend="GUESTACCOUNT">guest account</link>. Note that - this can cause problems as it means that any user incorrectly typing - their password will be silently logged on as "guest" - and - will not know the reason they cannot access files they think - they should - there will have been no message given to them - that they got their password wrong. Helpdesk services will - <emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to - guest</parameter> parameter this way :-).</para></listitem> - </itemizedlist> - - <para>Note that this parameter is needed to set up "Guest" - share services when using <parameter moreinfo="none">security</parameter> modes other than - share. This is because in these modes the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client so the server - cannot make authentication decisions at the correct time (connection - to the share) for "Guest" shares.</para> - - <para>For people familiar with the older Samba releases, this - parameter maps to the old compile-time setting of the <constant> - GUEST_SESSSETUP</constant> value in local.h.</para> - - <para>Default: <command moreinfo="none">map to guest = Never</command></para> - <para>Example: <command moreinfo="none">map to guest = Bad User</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/minpasswdlength.xml b/docs/docbook/smbdotconf/security/minpasswdlength.xml deleted file mode 100644 index 8e52b923fb..0000000000 --- a/docs/docbook/smbdotconf/security/minpasswdlength.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPASSWDLENGTH"/>min passwd length (G)</term> - <listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH"> - <parameter moreinfo="none">min password length</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/minpasswordlength.xml b/docs/docbook/smbdotconf/security/minpasswordlength.xml deleted file mode 100644 index da1e65a55b..0000000000 --- a/docs/docbook/smbdotconf/security/minpasswordlength.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPASSWORDLENGTH"/>min password length (G)</term> - <listitem><para>This option sets the minimum length in characters - of a plaintext password that <command moreinfo="none">smbd</command> will accept when performing - UNIX password changing.</para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix - password sync</parameter></link>, <link linkend="PASSWDPROGRAM"> - <parameter moreinfo="none">passwd program</parameter></link> and <link linkend="PASSWDCHATDEBUG"><parameter moreinfo="none">passwd chat debug</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">min password length = 5</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/nonunixaccountrange.xml b/docs/docbook/smbdotconf/security/nonunixaccountrange.xml deleted file mode 100644 index a8e426649e..0000000000 --- a/docs/docbook/smbdotconf/security/nonunixaccountrange.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NONUNIXACCOUNTRANGE"/>non unix account range (G)</term> - <listitem><para>The non unix account range parameter specifies - the range of 'user ids' that are allocated by the various 'non unix - account' passdb backends. These backends allow - the storage of passwords for users who don't exist in /etc/passwd. - This is most often used for machine account creation. - This range of ids should have no existing local or NIS users within - it as strange conflicts can occur otherwise.</para> - - <para>NOTE: These userids never appear on the system and Samba will never - 'become' these users. They are used only to ensure that the algorithmic - RID mapping does not conflict with normal users. - </para> - - <para>Default: <command moreinfo="none">non unix account range = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">non unix account range = 10000-20000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/ntlmauth.xml b/docs/docbook/smbdotconf/security/ntlmauth.xml deleted file mode 100644 index a3b8caf062..0000000000 --- a/docs/docbook/smbdotconf/security/ntlmauth.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTLMAUTH"/>ntlm auth (G)</term> - <listitem><para>This parameter determines - whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will - attempt to authenticate users using the NTLM password hash. - If disabled, only the lanman password hashes will be used. - </para> - - <para>Please note that at least this option or <command moreinfo="none">lanman auth</command> should - be enabled in order to be able to log in. - </para> - - <para>Default : <command moreinfo="none">ntlm auth = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/nullpasswords.xml b/docs/docbook/smbdotconf/security/nullpasswords.xml deleted file mode 100644 index 40b687fceb..0000000000 --- a/docs/docbook/smbdotconf/security/nullpasswords.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NULLPASSWORDS"/>null passwords (G)</term> - <listitem><para>Allow or disallow client access to accounts - that have null passwords. </para> - - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> - - <para>Default: <command moreinfo="none">null passwords = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/obeypamrestrictions.xml b/docs/docbook/smbdotconf/security/obeypamrestrictions.xml deleted file mode 100644 index 92a6bce22d..0000000000 --- a/docs/docbook/smbdotconf/security/obeypamrestrictions.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OBEYPAMRESTRICTIONS"/>obey pam restrictions (G)</term> - <listitem><para>When Samba 2.2 is configured to enable PAM support - (i.e. --with-pam), this parameter will control whether or not Samba - should obey PAM's account and session management directives. The - default behavior is to use PAM for clear text authentication only - and to ignore any account or session management. Note that Samba - always ignores PAM for authentication in the case of <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypt passwords = yes</parameter> - </link>. The reason is that PAM modules cannot support the challenge/response - authentication mechanism needed in the presence of SMB password encryption. - </para> - - <para>Default: <command moreinfo="none">obey pam restrictions = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/onlyguest.xml b/docs/docbook/smbdotconf/security/onlyguest.xml deleted file mode 100644 index 018fa1a0b5..0000000000 --- a/docs/docbook/smbdotconf/security/onlyguest.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ONLYGUEST"/>only guest (S)</term> - <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter moreinfo="none"> - guest only</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/onlyuser.xml b/docs/docbook/smbdotconf/security/onlyuser.xml deleted file mode 100644 index d0bbac7541..0000000000 --- a/docs/docbook/smbdotconf/security/onlyuser.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ONLYUSER"/>only user (S)</term> - <listitem><para>This is a boolean option that controls whether - connections with usernames not in the <parameter moreinfo="none">user</parameter> - list will be allowed. By default this option is disabled so that a - client can supply a username to be used by the server. Enabling - this parameter will force the server to only use the login - names from the <parameter moreinfo="none">user</parameter> list and is only really - useful in <link linkend="SECURITYEQUALSSHARE">share level</link> - security.</para> - - <para>Note that this also means Samba won't try to deduce - usernames from the service name. This can be annoying for - the [homes] section. To get around this you could use <command moreinfo="none">user = - %S</command> which means your <parameter moreinfo="none">user</parameter> list - will be just the service name, which for home directories is the - name of the user.</para> - - <para>See also the <link linkend="USER"><parameter moreinfo="none">user</parameter> - </link> parameter.</para> - - <para>Default: <command moreinfo="none">only user = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/pampasswordchange.xml b/docs/docbook/smbdotconf/security/pampasswordchange.xml deleted file mode 100644 index 8f0e91ae2d..0000000000 --- a/docs/docbook/smbdotconf/security/pampasswordchange.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PAMPASSWORDCHANGE"/>pam password change (G)</term> - <listitem><para>With the addition of better PAM support in Samba 2.2, - this parameter, it is possible to use PAM's password change control - flag for Samba. If enabled, then PAM will be used for password - changes when requested by an SMB client instead of the program listed in - <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter></link>. - It should be possible to enable this without changing your - <link linkend="PASSWDCHAT"><parameter moreinfo="none">passwd chat</parameter></link> - parameter for most setups. - </para> - - <para>Default: <command moreinfo="none">pam password change = no</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passdbbackend.xml b/docs/docbook/smbdotconf/security/passdbbackend.xml deleted file mode 100644 index 918c802e78..0000000000 --- a/docs/docbook/smbdotconf/security/passdbbackend.xml +++ /dev/null @@ -1,91 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSDBBACKEND"/>passdb backend (G)</term> - <listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. - Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. - Experimental backends must still be selected - (eg --with-tdbsam) at configure time. - </para> - - <para>This parameter is in two parts, the backend's name, and a 'location' - string that has meaning only to that particular backed. These are separated - by a : character.</para> - - <para>Available backends can include: - <itemizedlist> - <listitem><para><command moreinfo="none">smbpasswd</command> - The default smbpasswd - backend. Takes a path to the smbpasswd file as an optional argument.</para></listitem> - - <listitem><para><command moreinfo="none">smbpasswd_nua</command> - The smbpasswd - backend, but with support for 'not unix accounts'. - Takes a path to the smbpasswd file as an optional argument.</para> - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para></listitem> - - <listitem><para><command moreinfo="none">tdbsam</command> - The TDB based password storage - backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter moreinfo="none">private dir</parameter></link> directory.</para></listitem> - - <listitem><para><command moreinfo="none">tdbsam_nua</command> - The TDB based password storage - backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter moreinfo="none">private dir</parameter></link> directory.</para> - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para></listitem> - - <listitem><para><command moreinfo="none">ldapsam</command> - The LDAP based passdb - backend. Takes an LDAP URL as an optional argument (defaults to - <command moreinfo="none">ldap://localhost</command>)</para></listitem> - - <listitem><para><command moreinfo="none">ldapsam_nua</command> - The LDAP based passdb - backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to - <command moreinfo="none">ldap://localhost</command>)</para> - - <para>Note: In this module, any account without a matching POSIX account is regarded - as 'non unix'. </para> - - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account - range</parameter></link></para> - - <para>LDAP connections should be secured where - possible. This may be done using either - Start-TLS (see <link linkend="LDAPSSL"> - <parameter moreinfo="none">ldap ssl</parameter></link>) or by - specifying <parameter moreinfo="none">ldaps://</parameter> in - the URL argument. - </para></listitem> - - <listitem><para><command moreinfo="none">nisplussam</command> - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. </para></listitem> - - <listitem><para><command moreinfo="none">plugin</command> - Allows Samba to load an - arbitary passdb backend from the .so specified as a compulsary argument. - </para> - - <para>Any characters after the (optional) second : are passed to the plugin - for its own processing</para> - </listitem> - - <listitem><para><command moreinfo="none">unixsam</command> - Allows samba to map all (other) available unix users</para> - - <para>This backend uses the standard unix database for retrieving users. Users included - in this pdb are NOT listed in samba user listings and users included in this pdb won't be - able to login. The use of this backend is to always be able to display the owner of a file - on the samba server - even when the user doesn't have a 'real' samba account in one of the - other passdb backends. - </para> - - <para>This backend should always be the last backend listed, since it contains all users in - the unix passdb and might 'override' mappings if specified earlier. It's meant to only return - accounts for users that aren't covered by the previous backends.</para> - </listitem> - </itemizedlist> - </para> - - <para>Default: <command moreinfo="none">passdb backend = smbpasswd unixsam</command></para> - <para>Example: <command moreinfo="none">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam</command></para> - <para>Example: <command moreinfo="none">passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam</command></para> - <para>Example: <command moreinfo="none">passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdchat.xml b/docs/docbook/smbdotconf/security/passwdchat.xml deleted file mode 100644 index 922f1a878c..0000000000 --- a/docs/docbook/smbdotconf/security/passwdchat.xml +++ /dev/null @@ -1,58 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term> - <listitem><para>This string controls the <emphasis>"chat"</emphasis> - conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and the local password changing - program to change the user's password. The string describes a - sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the - <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter> - </link> and what to expect back. If the expected output is not - received then the password is not changed.</para> - - <para>This chat sequence is often quite site specific, depending - on what local methods are used for password control (such as NIS - etc).</para> - <para>Note that this parameter only is only used if the <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix - password sync</parameter></link> parameter is set to <constant>yes</constant>. This - sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password - in the smbpasswd file is being changed, without access to the old - password cleartext. This means that root must be able to reset the user's password - without knowing the text of the previous password. In the presence of NIS/YP, - this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be - executed on the NIS master. - </para> - - - <para>The string can contain the macro <parameter moreinfo="none">%n</parameter> which is substituted - for the new password. The chat sequence can also contain the standard - macros <constant>\\n</constant>, <constant>\\r</constant>, <constant> - \\t</constant> and <constant>\\s</constant> to give line-feed, - carriage-return, tab and space. The chat sequence string can also contain - a '*' which matches any sequence of characters. - Double quotes can be used to collect strings with spaces - in them into a single string.</para> - - <para>If the send string in any part of the chat sequence - is a full stop ".", then no string is sent. Similarly, - if the expect string is a full stop then no string is expected.</para> - - <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam - password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs - may be matched in any order, and success is determined by the PAM result, - not any particular output. The \n macro is ignored for PAM conversions. - </para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix password - sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter moreinfo="none"> - passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG"> - <parameter moreinfo="none">passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> - <parameter moreinfo="none">pam password change</parameter></link>.</para> - - <para>Default: <command moreinfo="none">passwd chat = *new*password* %n\\n - *new*password* %n\\n *changed*</command></para> - <para>Example: <command moreinfo="none">passwd chat = "*Enter OLD password*" %o\\n - "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password - changed*"</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdchatdebug.xml b/docs/docbook/smbdotconf/security/passwdchatdebug.xml deleted file mode 100644 index a5771b72d2..0000000000 --- a/docs/docbook/smbdotconf/security/passwdchatdebug.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWDCHATDEBUG"/>passwd chat debug (G)</term> - <listitem><para>This boolean specifies if the passwd chat script - parameter is run in <emphasis>debug</emphasis> mode. In this mode the - strings passed to and received from the passwd chat are printed - in the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> log with a - <link linkend="DEBUGLEVEL"><parameter moreinfo="none">debug level</parameter></link> - of 100. This is a dangerous option as it will allow plaintext passwords - to be seen in the <command moreinfo="none">smbd</command> log. It is available to help - Samba admins debug their <parameter moreinfo="none">passwd chat</parameter> scripts - when calling the <parameter moreinfo="none">passwd program</parameter> and should - be turned off after this has been done. This option has no effect if the - <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam password change</parameter></link> - paramter is set. This parameter is off by default.</para> - - - <para>See also <link linkend="PASSWDCHAT"><parameter moreinfo="none">passwd chat</parameter> - </link>, <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam password change</parameter> - </link>, <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">passwd chat debug = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdprogram.xml b/docs/docbook/smbdotconf/security/passwdprogram.xml deleted file mode 100644 index dae24e22a1..0000000000 --- a/docs/docbook/smbdotconf/security/passwdprogram.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWDPROGRAM"/>passwd program (G)</term> - <listitem><para>The name of a program that can be used to set - UNIX user passwords. Any occurrences of <parameter moreinfo="none">%u</parameter> - will be replaced with the user name. The user name is checked for - existence before calling the password changing program.</para> - - <para>Also note that many passwd programs insist in <emphasis>reasonable - </emphasis> passwords, such as a minimum length, or the inclusion - of mixed case chars and digits. This can pose a problem as some clients - (such as Windows for Workgroups) uppercase the password before sending - it.</para> - - <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix - password sync</parameter> parameter is set to <constant>yes - </constant> then this program is called <emphasis>AS ROOT</emphasis> - before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5) - </ulink> file is changed. If this UNIX password change fails, then - <command moreinfo="none">smbd</command> will fail to change the SMB password also - (this is by design).</para> - - <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter - is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> - for <emphasis>ALL</emphasis> programs called, and must be examined - for security implications. Note that by default <parameter moreinfo="none">unix - password sync</parameter> is set to <constant>no</constant>.</para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix - password sync</parameter></link>.</para> - - <para>Default: <command moreinfo="none">passwd program = /bin/passwd</command></para> - <para>Example: <command moreinfo="none">passwd program = /sbin/npasswd %u</command> - </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwordlevel.xml b/docs/docbook/smbdotconf/security/passwordlevel.xml deleted file mode 100644 index 408082f838..0000000000 --- a/docs/docbook/smbdotconf/security/passwordlevel.xml +++ /dev/null @@ -1,40 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWORDLEVEL"/>password level (G)</term> - <listitem><para>Some client/server combinations have difficulty - with mixed-case passwords. One offending client is Windows for - Workgroups, which for some reason forces passwords to upper - case when using the LANMAN1 protocol, but leaves them alone when - using COREPLUS! Another problem child is the Windows 95/98 - family of operating systems. These clients upper case clear - text passwords even when NT LM 0.12 selected by the protocol - negotiation request/response.</para> - - <para>This parameter defines the maximum number of characters - that may be upper case in passwords.</para> - - <para>For example, say the password given was "FRED". If <parameter moreinfo="none"> - password level</parameter> is set to 1, the following combinations - would be tried if "FRED" failed:</para> - - <para>"Fred", "fred", "fRed", "frEd","freD"</para> - - <para>If <parameter moreinfo="none">password level</parameter> was set to 2, - the following combinations would also be tried: </para> - - <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para> - - <para>And so on.</para> - - <para>The higher value this parameter is set to the more likely - it is that a mixed case password will be matched against a single - case password. However, you should be aware that use of this - parameter reduces security and increases the time taken to - process a new connection.</para> - - <para>A value of zero will cause only two attempts to be - made - the password as is and the password in all-lower case.</para> - - <para>Default: <command moreinfo="none">password level = 0</command></para> - <para>Example: <command moreinfo="none">password level = 4</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwordserver.xml b/docs/docbook/smbdotconf/security/passwordserver.xml deleted file mode 100644 index df50ac8f8a..0000000000 --- a/docs/docbook/smbdotconf/security/passwordserver.xml +++ /dev/null @@ -1,92 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWORDSERVER"/>password server (G)</term> - <listitem><para>By specifying the name of another SMB server (such - as a WinNT box) with this option, and using <command moreinfo="none">security = domain - </command> or <command moreinfo="none">security = server</command> you can get Samba - to do all its username/password validation via a remote server.</para> - - <para>This option sets the name of the password server to use. - It must be a NetBIOS name, so if the machine's NetBIOS name is - different from its Internet name then you may have to add its NetBIOS - name to the lmhosts file which is stored in the same directory - as the <filename moreinfo="none">smb.conf</filename> file.</para> - - <para>The name of the password server is looked up using the - parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name - resolve order</parameter></link> and so may resolved - by any method and order described in that parameter.</para> - - <para>The password server must be a machine capable of using - the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in - user level security mode.</para> - - <para><emphasis>NOTE:</emphasis> Using a password server - means your UNIX box (running Samba) is only as secure as your - password server. <emphasis>DO NOT CHOOSE A PASSWORD SERVER THAT - YOU DON'T COMPLETELY TRUST</emphasis>.</para> - - <para>Never point a Samba server at itself for password - serving. This will cause a loop and could lock up your Samba - server!</para> - - <para>The name of the password server takes the standard - substitutions, but probably the only useful one is <parameter moreinfo="none">%m - </parameter>, which means the Samba server will use the incoming - client as the password server. If you use this then you better - trust your clients, and you had better restrict them with hosts allow!</para> - - <para>If the <parameter moreinfo="none">security</parameter> parameter is set to - <constant>domain</constant>, then the list of machines in this - option must be a list of Primary or Backup Domain controllers for the - Domain or the character '*', as the Samba server is effectively - in that domain, and will use cryptographically authenticated RPC calls - to authenticate the user logging on. The advantage of using <command moreinfo="none"> - security = domain</command> is that if you list several hosts in the - <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd - </command> will try each in turn till it finds one that responds. This - is useful in case your primary server goes down.</para> - - <para>If the <parameter moreinfo="none">password server</parameter> option is set - to the character '*', then Samba will attempt to auto-locate the - Primary or Backup Domain controllers to authenticate against by - doing a query for the name <constant>WORKGROUP<1C></constant> - and then contacting each server returned in the list of IP - addresses from the name resolution source. </para> - - <para>If the list of servers contains both names and the '*' - character, the list is treated as a list of preferred - domain controllers, but an auto lookup of all remaining DC's - will be added to the list as well. Samba will not attempt to optimize - this list by locating the closest DC.</para> - - <para>If the <parameter moreinfo="none">security</parameter> parameter is - set to <constant>server</constant>, then there are different - restrictions that <command moreinfo="none">security = domain</command> doesn't - suffer from:</para> - - <itemizedlist> - <listitem><para>You may list several password servers in - the <parameter moreinfo="none">password server</parameter> parameter, however if an - <command moreinfo="none">smbd</command> makes a connection to a password server, - and then the password server fails, no more users will be able - to be authenticated from this <command moreinfo="none">smbd</command>. This is a - restriction of the SMB/CIFS protocol when in <command moreinfo="none">security = server - </command> mode and cannot be fixed in Samba.</para></listitem> - - <listitem><para>If you are using a Windows NT server as your - password server then you will have to ensure that your users - are able to login from the Samba server, as when in <command moreinfo="none"> - security = server</command> mode the network logon will appear to - come from there rather than from the users workstation.</para></listitem> - </itemizedlist> - - <para>See also the <link linkend="SECURITY"><parameter moreinfo="none">security - </parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">password server = <empty string></command> - </para> - <para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, * - </command></para> - <para>Example: <command moreinfo="none">password server = *</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/printeradmin.xml b/docs/docbook/smbdotconf/security/printeradmin.xml deleted file mode 100644 index 7037facca0..0000000000 --- a/docs/docbook/smbdotconf/security/printeradmin.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTERADMIN"/>printer admin (S)</term> - <listitem><para>This is a list of users that can do anything to - printers via the remote administration interfaces offered by MS-RPC - (usually using a NT workstation). Note that the root user always - has admin rights.</para> - - <para>Default: <command moreinfo="none">printer admin = <empty string></command> - </para> - <para>Example: <command moreinfo="none">printer admin = admin, @staff</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/privatedir.xml b/docs/docbook/smbdotconf/security/privatedir.xml deleted file mode 100644 index ca22089122..0000000000 --- a/docs/docbook/smbdotconf/security/privatedir.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRIVATEDIR"/>private dir (G)</term> - <listitem><para>This parameters defines the directory - smbd will use for storing such files as <filename moreinfo="none">smbpasswd</filename> - and <filename moreinfo="none">secrets.tdb</filename>. - </para> - - <para>Default :<command moreinfo="none">private dir = ${prefix}/private</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/public.xml b/docs/docbook/smbdotconf/security/public.xml deleted file mode 100644 index a1f6a1ee29..0000000000 --- a/docs/docbook/smbdotconf/security/public.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PUBLIC"/>public (S)</term> - <listitem><para>Synonym for <link linkend="GUESTOK"><parameter moreinfo="none">guest - ok</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/readlist.xml b/docs/docbook/smbdotconf/security/readlist.xml deleted file mode 100644 index 15d135d54e..0000000000 --- a/docs/docbook/smbdotconf/security/readlist.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READLIST"/>read list (S)</term> - <listitem><para>This is a list of users that are given read-only - access to a service. If the connecting user is in this list then - they will not be given write access, no matter what the <link linkend="READONLY"><parameter moreinfo="none">read only</parameter></link> - option is set to. The list can include group names using the - syntax described in the <link linkend="INVALIDUSERS"><parameter moreinfo="none"> - invalid users</parameter></link> parameter.</para> - - <para>See also the <link linkend="WRITELIST"><parameter moreinfo="none"> - write list</parameter></link> parameter and the <link linkend="INVALIDUSERS"><parameter moreinfo="none">invalid users</parameter> - </link> parameter.</para> - - <para>Default: <command moreinfo="none">read list = <empty string></command></para> - <para>Example: <command moreinfo="none">read list = mary, @students</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/readonly.xml b/docs/docbook/smbdotconf/security/readonly.xml deleted file mode 100644 index 02721935de..0000000000 --- a/docs/docbook/smbdotconf/security/readonly.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READONLY"/>read only (S)</term> - <listitem><para>An inverted synonym is <link linkend="WRITEABLE"> - <parameter moreinfo="none">writeable</parameter></link>.</para> - - <para>If this parameter is <constant>yes</constant>, then users - of a service may not create or modify files in the service's - directory.</para> - - <para>Note that a printable service (<command moreinfo="none">printable = yes</command>) - will <emphasis>ALWAYS</emphasis> allow writing to the directory - (user privileges permitting), but only via spooling operations.</para> - - <para>Default: <command moreinfo="none">read only = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml deleted file mode 100644 index 4b09b7d2bc..0000000000 --- a/docs/docbook/smbdotconf/security/restrictanonymous.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="RESTRICTANONYMOUS"/>restrict anonymous (G)</term> - <listitem><para>This is a integer parameter, and - mirrors as much as possible the functinality the - <constant>RestrictAnonymous</constant> - registry key does on NT/Win2k. </para> - - <para>Default: <command moreinfo="none">restrict anonymous = 0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/root.xml b/docs/docbook/smbdotconf/security/root.xml deleted file mode 100644 index f69c1a1ae1..0000000000 --- a/docs/docbook/smbdotconf/security/root.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOT"/>root (G)</term> - <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> - <parameter moreinfo="none">root directory"</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/rootdir.xml b/docs/docbook/smbdotconf/security/rootdir.xml deleted file mode 100644 index 1f543aed6a..0000000000 --- a/docs/docbook/smbdotconf/security/rootdir.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTDIR"/>root dir (G)</term> - <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> - <parameter moreinfo="none">root directory"</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/rootdirectory.xml b/docs/docbook/smbdotconf/security/rootdirectory.xml deleted file mode 100644 index 9efc11e3c6..0000000000 --- a/docs/docbook/smbdotconf/security/rootdirectory.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTDIRECTORY"/>root directory (G)</term> - <listitem><para>The server will <command moreinfo="none">chroot()</command> (i.e. - Change its root directory) to this directory on startup. This is - not strictly necessary for secure operation. Even without it the - server will deny access to files not in one of the service entries. - It may also check for, and deny access to, soft links to other - parts of the filesystem, or attempts to use ".." in file names - to access other directories (depending on the setting of the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter></link> - parameter).</para> - - <para>Adding a <parameter moreinfo="none">root directory</parameter> entry other - than "/" adds an extra level of security, but at a price. It - absolutely ensures that no access is given to files not in the - sub-tree specified in the <parameter moreinfo="none">root directory</parameter> - option, <emphasis>including</emphasis> some files needed for - complete operation of the server. To maintain full operability - of the server you will need to mirror some system files - into the <parameter moreinfo="none">root directory</parameter> tree. In particular - you will need to mirror <filename moreinfo="none">/etc/passwd</filename> (or a - subset of it), and any binaries or configuration files needed for - printing (if required). The set of files that must be mirrored is - operating system dependent.</para> - - <para>Default: <command moreinfo="none">root directory = /</command></para> - <para>Example: <command moreinfo="none">root directory = /homes/smb</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/security.xml b/docs/docbook/smbdotconf/security/security.xml deleted file mode 100644 index 8e97d8721f..0000000000 --- a/docs/docbook/smbdotconf/security/security.xml +++ /dev/null @@ -1,237 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SECURITY"/>security (G)</term> - <listitem><para>This option affects how clients respond to - Samba and is one of the most important settings in the <filename moreinfo="none"> - smb.conf</filename> file.</para> - - <para>The option sets the "security mode bit" in replies to - protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide - based on this bit whether (and how) to transfer user and password - information to the server.</para> - - - <para>The default is <command moreinfo="none">security = user</command>, as this is - the most common setting needed when talking to Windows 98 and - Windows NT.</para> - - <para>The alternatives are <command moreinfo="none">security = share</command>, - <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain - </command>.</para> - - <para>In versions of Samba prior to 2.0.0, the default was - <command moreinfo="none">security = share</command> mainly because that was - the only option at one stage.</para> - - <para>There is a bug in WfWg that has relevance to this - setting. When in user or server level security a WfWg client - will totally ignore the password you type in the "connect - drive" dialog box. This makes it very difficult (if not impossible) - to connect to a Samba service as anyone except the user that - you are logged into WfWg as.</para> - - <para>If your PCs use usernames that are the same as their - usernames on the UNIX machine then you will want to use - <command moreinfo="none">security = user</command>. If you mostly use usernames - that don't exist on the UNIX box then use <command moreinfo="none">security = - share</command>.</para> - - <para>You should also use <command moreinfo="none">security = share</command> if you - want to mainly setup shares without a password (guest shares). This - is commonly used for a shared printer server. It is more difficult - to setup guest shares with <command moreinfo="none">security = user</command>, see - the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link>parameter for details.</para> - - <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis> - hybrid mode</emphasis> where it is offers both user and share - level security under different <link linkend="NETBIOSALIASES"> - <parameter moreinfo="none">NetBIOS aliases</parameter></link>. </para> - - <para>The different settings will now be explained.</para> - - - <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE - </emphasis></para> - - <para>When clients connect to a share level security server they - need not log onto the server with a valid username and password before - attempting to connect to a shared resource (although modern clients - such as Windows 95/98 and Windows NT will send a logon request with - a username but no password when talking to a <command moreinfo="none">security = share - </command> server). Instead, the clients send authentication information - (passwords) on a per-share basis, at the time they attempt to connect - to that share.</para> - - <para>Note that <command moreinfo="none">smbd</command> <emphasis>ALWAYS</emphasis> - uses a valid UNIX user to act on behalf of the client, even in - <command moreinfo="none">security = share</command> level security.</para> - - <para>As clients are not required to send a username to the server - in share level security, <command moreinfo="none">smbd</command> uses several - techniques to determine the correct UNIX user to use on behalf - of the client.</para> - - <para>A list of possible UNIX usernames to match with the given - client password is constructed using the following methods :</para> - - <itemizedlist> - <listitem><para>If the <link linkend="GUESTONLY"><parameter moreinfo="none">guest - only</parameter></link> parameter is set, then all the other - stages are missed and only the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link> username is checked. - </para></listitem> - - <listitem><para>Is a username is sent with the share connection - request, then this username (after mapping - see <link linkend="USERNAMEMAP"><parameter moreinfo="none">username map</parameter></link>), - is added as a potential username.</para></listitem> - - <listitem><para>If the client did a previous <emphasis>logon - </emphasis> request (the SessionSetup SMB call) then the - username sent in this SMB will be added as a potential username. - </para></listitem> - - <listitem><para>The name of the service the client requested is - added as a potential username.</para></listitem> - - <listitem><para>The NetBIOS name of the client is added to - the list as a potential username.</para></listitem> - - <listitem><para>Any users on the <link linkend="USER"><parameter moreinfo="none"> - user</parameter></link> list are added as potential usernames. - </para></listitem> - </itemizedlist> - - <para>If the <parameter moreinfo="none">guest only</parameter> parameter is - not set, then this list is then tried with the supplied password. - The first user for whom the password matches will be used as the - UNIX user.</para> - - <para>If the <parameter moreinfo="none">guest only</parameter> parameter is - set, or no username can be determined then if the share is marked - as available to the <parameter moreinfo="none">guest account</parameter>, then this - guest user will be used, otherwise access is denied.</para> - - <para>Note that it can be <emphasis>very</emphasis> confusing - in share-level security as to which UNIX username will eventually - be used in granting access.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER - </emphasis></para> - - <para>This is the default security setting in Samba 3.0. - With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the <link linkend="USERNAMEMAP"><parameter moreinfo="none">username map</parameter></link> - parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter></link> parameter) can also - be used in this security mode. Parameters such as <link linkend="USER"> - <parameter moreinfo="none">user</parameter></link> and <link linkend="GUESTONLY"> - <parameter moreinfo="none">guest only</parameter></link> if set are then applied and - may change the UNIX user to use on this connection, but only after - the user has been successfully authenticated.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN - - </emphasis></para> - - <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has been used to add this - machine into a Windows NT Domain. It expects the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter to be set to <constant>yes</constant>. In this - mode Samba will try to validate the username/password by passing - it to a Windows NT Primary or Backup Domain Controller, in exactly - the same way that a Windows NT Server would do.</para> - - <para><emphasis>Note</emphasis> that a valid UNIX user must still - exist as well as the account on the Domain Controller to allow - Samba to have a valid UNIX account to map file access to.</para> - - <para><emphasis>Note</emphasis> that from the client's point - of view <command moreinfo="none">security = domain</command> is the same as <command moreinfo="none">security = user - </command>. It only affects how the server deals with the authentication, - it does not in any way affect what the client sees.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password - server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter.</para> - - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER - </emphasis></para> - - <para>In this mode Samba will try to validate the username/password - by passing it to another SMB server, such as an NT box. If this - fails it will revert to <command moreinfo="none">security = - user</command>. It expects the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter to be set to - <constant>yes</constant>, unless the remote server - does not support them. However note - that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid - <filename moreinfo="none">smbpasswd</filename> file to check users against. See the - documentation file in the <filename moreinfo="none">docs/</filename> directory - <filename moreinfo="none">ENCRYPTION.txt</filename> for details on how to set this - up.</para> - - <para><emphasis>Note</emphasis> this mode of operation - has significant pitfalls, due to the fact that is - activly initiates a man-in-the-middle attack on the - remote SMB server. In particular, this mode of - operation can cause significant resource consuption on - the PDC, as it must maintain an active connection for - the duration of the user's session. Furthermore, if - this connection is lost, there is no way to - reestablish it, and futher authenticaions to the Samba - server may fail. (From a single client, till it - disconnects). </para> - - <para><emphasis>Note</emphasis> that from the client's point of - view <command moreinfo="none">security = server</command> is the same as <command moreinfo="none"> - security = user</command>. It only affects how the server deals - with the authentication, it does not in any way affect what the - client sees.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password - server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter.</para> - - <para>Default: <command moreinfo="none">security = USER</command></para> - <para>Example: <command moreinfo="none">security = DOMAIN</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/securitymask.xml b/docs/docbook/smbdotconf/security/securitymask.xml deleted file mode 100644 index 9ed0adcbf4..0000000000 --- a/docs/docbook/smbdotconf/security/securitymask.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SECURITYMASK"/>security mask (S)</term> - <listitem><para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security - dialog box.</para> - - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> - - <para>If not set explicitly this parameter is 0777, allowing - a user to modify all the user/group/world permissions on a file. - </para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone - "appliance" systems. Administrators of most normal systems will - probably want to leave it set to <constant>0777</constant>.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"> - <parameter moreinfo="none">force directory security mode</parameter></link>, - <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory - security mask</parameter></link>, <link linkend="FORCESECURITYMODE"> - <parameter moreinfo="none">force security mode</parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">security mask = 0777</command></para> - <para>Example: <command moreinfo="none">security mask = 0770</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/smbpasswdfile.xml b/docs/docbook/smbdotconf/security/smbpasswdfile.xml deleted file mode 100644 index 2efbd12169..0000000000 --- a/docs/docbook/smbdotconf/security/smbpasswdfile.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SMBPASSWDFILE"/>smb passwd file (G)</term> - <listitem><para>This option sets the path to the encrypted - smbpasswd file. By default the path to the smbpasswd file - is compiled into Samba.</para> - - <para>Default: <command moreinfo="none">smb passwd file = ${prefix}/private/smbpasswd - </command></para> - - <para>Example: <command moreinfo="none">smb passwd file = /etc/samba/smbpasswd - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/unixpasswordsync.xml b/docs/docbook/smbdotconf/security/unixpasswordsync.xml deleted file mode 100644 index 41c6d983d0..0000000000 --- a/docs/docbook/smbdotconf/security/unixpasswordsync.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UNIXPASSWORDSYNC"/>unix password sync (G)</term> - <listitem><para>This boolean parameter controls whether Samba - attempts to synchronize the UNIX password with the SMB password - when the encrypted SMB password in the smbpasswd file is changed. - If this is set to <constant>yes</constant> the program specified in the <parameter moreinfo="none">passwd - program</parameter>parameter is called <emphasis>AS ROOT</emphasis> - - to allow the new UNIX password to be set without access to the - old UNIX password (as the SMB password change code has no - access to the old password cleartext, only the new).</para> - - <para>See also <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd - program</parameter></link>, <link linkend="PASSWDCHAT"><parameter moreinfo="none"> - passwd chat</parameter></link>.</para> - - <para>Default: <command moreinfo="none">unix password sync = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/updateencrypted.xml b/docs/docbook/smbdotconf/security/updateencrypted.xml deleted file mode 100644 index 45c66e0de2..0000000000 --- a/docs/docbook/smbdotconf/security/updateencrypted.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UPDATEENCRYPTED"/>update encrypted (G)</term> - <listitem><para>This boolean parameter allows a user logging - on with a plaintext password to have their encrypted (hashed) - password in the smbpasswd file to be updated automatically as - they log on. This option allows a site to migrate from plaintext - password authentication (users authenticate with plaintext - password over the wire, and are checked against a UNIX account - database) to encrypted password authentication (the SMB - challenge/response authentication mechanism) without forcing - all users to re-enter their passwords via smbpasswd at the time the - change is made. This is a convenience option to allow the change over - to encrypted passwords to be made over a longer period. Once all users - have encrypted representations of their passwords in the smbpasswd - file this parameter should be set to <constant>no</constant>.</para> - - <para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypt passwords</parameter> - </link> parameter must be set to <constant>no</constant> when - this parameter is set to <constant>yes</constant>.</para> - - <para>Note that even when this parameter is set a user - authenticating to <command moreinfo="none">smbd</command> must still enter a valid - password in order to connect correctly, and to update their hashed - (smbpasswd) passwords.</para> - - <para>Default: <command moreinfo="none">update encrypted = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/user.xml b/docs/docbook/smbdotconf/security/user.xml deleted file mode 100644 index 9c0502061b..0000000000 --- a/docs/docbook/smbdotconf/security/user.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USER"/>user (S)</term> - <listitem><para>Synonym for <link linkend="USERNAME"><parameter moreinfo="none"> - username</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/username.xml b/docs/docbook/smbdotconf/security/username.xml deleted file mode 100644 index 779f24170b..0000000000 --- a/docs/docbook/smbdotconf/security/username.xml +++ /dev/null @@ -1,62 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAME"/>username (S)</term> - <listitem><para>Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).</para> - - <para>The <parameter moreinfo="none">username</parameter> line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.</para> - - <para>The <parameter moreinfo="none">username</parameter> line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - <parameter moreinfo="none">username</parameter> line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.</para> - - <para>Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.</para> - - <para>To restrict a service to a particular set of users you - can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users - </parameter></link> parameter.</para> - - <para>If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.</para> - - <para>If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.</para> - - <para>If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.</para> - - <para>Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.</para> - - <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</link> for more information on how - this parameter determines access to the services.</para> - - <para>Default: <command moreinfo="none">The guest account if a guest service, - else <empty string>.</command></para> - - <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane, - @users, @pcgroup</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/usernamelevel.xml b/docs/docbook/smbdotconf/security/usernamelevel.xml deleted file mode 100644 index a4deff3bf9..0000000000 --- a/docs/docbook/smbdotconf/security/usernamelevel.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAMELEVEL"/>username level (G)</term> - <listitem><para>This option helps Samba to try and 'guess' at - the real UNIX username, as many DOS clients send an all-uppercase - username. By default Samba tries all lowercase, followed by the - username with the first letter capitalized, and fails if the - username is not found on the UNIX machine.</para> - - <para>If this parameter is set to non-zero the behavior changes. - This parameter is a number that specifies the number of uppercase - combinations to try while trying to determine the UNIX user name. The - higher the number the more combinations will be tried, but the slower - the discovery of usernames will be. Use this parameter when you have - strange usernames on your UNIX machine, such as <constant>AstrangeUser - </constant>.</para> - - <para>Default: <command moreinfo="none">username level = 0</command></para> - <para>Example: <command moreinfo="none">username level = 5</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/usernamemap.xml b/docs/docbook/smbdotconf/security/usernamemap.xml deleted file mode 100644 index 37ee72c235..0000000000 --- a/docs/docbook/smbdotconf/security/usernamemap.xml +++ /dev/null @@ -1,90 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAMEMAP"/>username map (G)</term> - <listitem><para>This option allows you to specify a file containing - a mapping of usernames from the clients to the server. This can be - used for several purposes. The most common is to map usernames - that users use on DOS or Windows machines to those that the UNIX - box uses. The other is to map multiple users to a single username - so that they can more easily share files.</para> - - <para>The map file is parsed line by line. Each line should - contain a single UNIX username on the left then a '=' followed - by a list of usernames on the right. The list of usernames on the - right may contain names of the form @group in which case they - will match any UNIX username in that group. The special client - name '*' is a wildcard and matches any name. Each line of the - map file may be up to 1023 characters long.</para> - - <para>The file is processed on each line by taking the - supplied username and comparing it with each username on the right - hand side of the '=' signs. If the supplied name matches any of - the names on the right hand side then it is replaced with the name - on the left. Processing then continues with the next line.</para> - - <para>If any line begins with a '#' or a ';' then it is - ignored</para> - - <para>If any line begins with an '!' then the processing - will stop after that line if a mapping was done by the line. - Otherwise mapping continues with every line being processed. - Using '!' is most useful when you have a wildcard mapping line - later in the file.</para> - - <para>For example to map from the name <constant>admin</constant> - or <constant>administrator</constant> to the UNIX name <constant> - root</constant> you would use:</para> - - <para><command moreinfo="none">root = admin administrator</command></para> - - <para>Or to map anyone in the UNIX group <constant>system</constant> - to the UNIX name <constant>sys</constant> you would use:</para> - - <para><command moreinfo="none">sys = @system</command></para> - - <para>You can have as many mappings as you like in a username - map file.</para> - - - <para>If your system supports the NIS NETGROUP option then - the netgroup database is checked before the <filename moreinfo="none">/etc/group - </filename> database for matching groups.</para> - - <para>You can map Windows usernames that have spaces in them - by using double quotes around the name. For example:</para> - - <para><command moreinfo="none">tridge = "Andrew Tridgell"</command></para> - - <para>would map the windows username "Andrew Tridgell" to the - unix username "tridge".</para> - - <para>The following example would map mary and fred to the - unix user sys, and map the rest to guest. Note the use of the - '!' to tell Samba to stop processing if it gets a match on - that line.</para> - -<para><programlisting format="linespecific"> -!sys = mary fred -guest = * -</programlisting></para> - - <para>Note that the remapping is applied to all occurrences - of usernames. Thus if you connect to \\server\fred and <constant> - fred</constant> is remapped to <constant>mary</constant> then you - will actually be connecting to \\server\mary and will need to - supply a password suitable for <constant>mary</constant> not - <constant>fred</constant>. The only exception to this is the - username passed to the <link linkend="PASSWORDSERVER"><parameter moreinfo="none"> - password server</parameter></link> (if you have one). The password - server will receive whatever username the client supplies without - modification.</para> - - <para>Also note that no reverse mapping is done. The main effect - this has is with printing. Users who have been mapped may have - trouble deleting print jobs as PrintManager under WfWg will think - they don't own the print job.</para> - - <para>Default: <emphasis>no username map</emphasis></para> - <para>Example: <command moreinfo="none">username map = /usr/local/samba/lib/users.map - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/users.xml b/docs/docbook/smbdotconf/security/users.xml deleted file mode 100644 index e78d259f62..0000000000 --- a/docs/docbook/smbdotconf/security/users.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERS"/>users (S)</term> - <listitem><para>Synonym for <link linkend="USERNAME"><parameter moreinfo="none"> - username</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/validusers.xml b/docs/docbook/smbdotconf/security/validusers.xml deleted file mode 100644 index 5155a5ef34..0000000000 --- a/docs/docbook/smbdotconf/security/validusers.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VALIDUSERS"/>valid users (S)</term> - <listitem><para>This is a list of users that should be allowed - to login to this service. Names starting with '@', '+' and '&' - are interpreted using the same rules as described in the - <parameter moreinfo="none">invalid users</parameter> parameter.</para> - - <para>If this is empty (the default) then any user can login. - If a username is in both this list and the <parameter moreinfo="none">invalid - users</parameter> list then access is denied for that user.</para> - - <para>The current servicename is substituted for <parameter moreinfo="none">%S - </parameter>. This is useful in the [homes] section.</para> - - <para>See also <link linkend="INVALIDUSERS"><parameter moreinfo="none">invalid users - </parameter></link></para> - - <para>Default: <emphasis>No valid users list (anyone can login) - </emphasis></para> - - <para>Example: <command moreinfo="none">valid users = greg, @pcusers</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writable.xml b/docs/docbook/smbdotconf/security/writable.xml deleted file mode 100644 index 66ba44cc44..0000000000 --- a/docs/docbook/smbdotconf/security/writable.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITABLE"/>writable (S)</term> - <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter moreinfo="none"> - writeable</parameter></link> for people who can't spell :-).</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writeable.xml b/docs/docbook/smbdotconf/security/writeable.xml deleted file mode 100644 index b963410374..0000000000 --- a/docs/docbook/smbdotconf/security/writeable.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITEABLE"/>writeable (S)</term> - <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter moreinfo="none"> - read only</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writelist.xml b/docs/docbook/smbdotconf/security/writelist.xml deleted file mode 100644 index 76ee56c93a..0000000000 --- a/docs/docbook/smbdotconf/security/writelist.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITELIST"/>write list (S)</term> - <listitem><para>This is a list of users that are given read-write - access to a service. If the connecting user is in this list then - they will be given write access, no matter what the <link linkend="READONLY"><parameter moreinfo="none">read only</parameter></link> - option is set to. The list can include group names using the - @group syntax.</para> - - <para>Note that if a user is in both the read list and the - write list then they will be given write access.</para> - - <para>See also the <link linkend="READLIST"><parameter moreinfo="none">read list - </parameter></link> option.</para> - - <para>Default: <command moreinfo="none">write list = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">write list = admin, root, @staff - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writeok.xml b/docs/docbook/smbdotconf/security/writeok.xml deleted file mode 100644 index 103c2be993..0000000000 --- a/docs/docbook/smbdotconf/security/writeok.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITEOK"/>write ok (S)</term> - <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter moreinfo="none"> - read only</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/smb.conf.5.xml b/docs/docbook/smbdotconf/smb.conf.5.xml deleted file mode 100644 index e37add4206..0000000000 --- a/docs/docbook/smbdotconf/smb.conf.5.xml +++ /dev/null @@ -1,685 +0,0 @@ -<?xml version="1.0" encoding="iso8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ - -<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; -]> -<refentry id="smb.conf.5"> - -<refmeta> - <refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum> -</refmeta> - - -<refnamediv> - <refname>smb.conf</refname> - <refpurpose>The configuration file for the Samba suite</refpurpose> -</refnamediv> - -<refsect1> - <title>SYNOPSIS</title> - - <para>The <filename moreinfo="none">smb.conf</filename> file is a configuration - file for the Samba suite. <filename moreinfo="none">smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename moreinfo="none">smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> - -<refsect1> - <title id="FILEFORMATSECT">FILE FORMAT</title> - - <para>The file consists of sections and parameters. A section - begins with the name of the section in square brackets and continues - until the next section begins. Sections contain parameters of the - form</para> - - <para><replaceable>name</replaceable> = <replaceable>value - </replaceable></para> - - <para>The file is line-based - that is, each newline-terminated - line represents either a comment, a section name or a parameter.</para> - - <para>Section and parameter names are not case sensitive.</para> - - <para>Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. - Leading, trailing and internal whitespace in section and parameter - names is irrelevant. Leading and trailing whitespace in a parameter - value is discarded. Internal whitespace within a parameter value - is retained verbatim.</para> - - <para>Any line beginning with a semicolon (';') or a hash ('#') - character is ignored, as are lines containing only whitespace.</para> - - <para>Any line ending in a '\' is continued - on the next line in the customary UNIX fashion.</para> - - <para>The values following the equals sign in parameters are all - either a string (no quotes needed) or a boolean, which may be given - as yes/no, 0/1 or true/false. Case is not significant in boolean - values, but is preserved in string values. Some items such as - create modes are numeric.</para> -</refsect1> - -<refsect1> - <title>SECTION DESCRIPTIONS</title> - - <para>Each section in the configuration file (except for the - [global] section) describes a shared resource (known - as a "share"). The section name is the name of the - shared resource and the parameters within the section define - the shares attributes.</para> - - <para>There are three special sections, [global], - [homes] and [printers], which are - described under <emphasis>special sections</emphasis>. The - following notes apply to ordinary section descriptions.</para> - - <para>A share consists of a directory to which access is being - given plus a description of the access rights which are granted - to the user of the service. Some housekeeping options are - also specifiable.</para> - - <para>Sections are either file share services (used by the - client as an extension of their native file systems) or - printable services (used by the client to access print services - on the host running the server).</para> - - <para>Sections may be designated <emphasis>guest</emphasis> services, - in which case no password is required to access them. A specified - UNIX <emphasis>guest account</emphasis> is used to define access - privileges in this case.</para> - - <para>Sections other than guest services will require a password - to access them. The client provides the username. As older clients - only provide passwords and not usernames, you may specify a list - of usernames to check against the password using the "user =" - option in the share definition. For modern clients such as - Windows 95/98/ME/NT/2000, this should not be necessary.</para> - - <para>Note that the access rights granted by the server are - masked by the access rights granted to the specified or guest - UNIX user by the host system. The server does not grant more - access than the host system grants.</para> - - <para>The following sample section defines a file space share. - The user has write access to the path <filename moreinfo="none">/home/bar</filename>. - The share is accessed via the share name "foo":</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[foo] - path = /home/bar - read only = no -</computeroutput> -</screen> - - <para>The following sample section defines a printable share. - The share is readonly, but printable. That is, the only write - access permitted is via calls to open, write to and close a - spool file. The <emphasis>guest ok</emphasis> parameter means - access will be permitted as the default guest user (specified - elsewhere):</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[aprinter] - path = /usr/spool/public - read only = yes - printable = yes - guest ok = yes -</computeroutput> -</screen> -</refsect1> - -<refsect1> - <title>SPECIAL SECTIONS</title> - - <refsect2> - <title>The [global] section</title> - - <para>parameters in this section apply to the server - as a whole, or are defaults for sections which do not - specifically define certain items. See the notes - under PARAMETERS for more information.</para> - </refsect2> - - <refsect2> - <title id="HOMESECT">The [homes] section</title> - - <para>If a section called homes is included in the - configuration file, services connecting clients to their - home directories can be created on the fly by the server.</para> - - <para>When the connection request is made, the existing - sections are scanned. If a match is found, it is used. If no - match is found, the requested section name is treated as a - user name and looked up in the local password file. If the - name exists and the correct password has been given, a share is - created by cloning the [homes] section.</para> - - <para>Some modifications are then made to the newly - created share:</para> - - <itemizedlist> - <listitem><para>The share name is changed from homes to - the located username.</para></listitem> - - <listitem><para>If no path was given, the path is set to - the user's home directory.</para></listitem> - </itemizedlist> - - <para>If you decide to use a <emphasis>path =</emphasis> line - in your [homes] section then you may find it useful - to use the %S macro. For example :</para> - - <para><userinput moreinfo="none">path = /data/pchome/%S</userinput></para> - - <para>would be useful if you have different home directories - for your PCs than for UNIX access.</para> - - <para>This is a fast and simple way to give a large number - of clients access to their home directories with a minimum - of fuss.</para> - - <para>A similar process occurs if the requested section - name is "homes", except that the share name is not - changed to that of the requesting user. This method of using - the [homes] section works well if different users share - a client PC.</para> - - <para>The [homes] section can specify all the parameters - a normal service section can specify, though some make more sense - than others. The following is a typical and suitable [homes] - section:</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[homes] - read only = no -</computeroutput> -</screen> - - <para>An important point is that if guest access is specified - in the [homes] section, all home directories will be - visible to all clients <emphasis>without a password</emphasis>. - In the very unlikely event that this is actually desirable, it - would be wise to also specify <emphasis>read only - access</emphasis>.</para> - - <para>Note that the <emphasis>browseable</emphasis> flag for - auto home directories will be inherited from the global browseable - flag, not the [homes] browseable flag. This is useful as - it means setting <emphasis>browseable = no</emphasis> in - the [homes] section will hide the [homes] share but make - any auto home directories visible.</para> - </refsect2> - - <refsect2> - <title id="PRINTERSSECT">The [printers] section</title> - - <para>This section works like [homes], - but for printers.</para> - - <para>If a [printers] section occurs in the - configuration file, users are able to connect to any printer - specified in the local host's printcap file.</para> - - <para>When a connection request is made, the existing sections - are scanned. If a match is found, it is used. If no match is found, - but a [homes] section exists, it is used as described - above. Otherwise, the requested section name is treated as a - printer name and the appropriate printcap file is scanned to see - if the requested section name is a valid printer share name. If - a match is found, a new printer share is created by cloning - the [printers] section.</para> - - <para>A few modifications are then made to the newly created - share:</para> - - <itemizedlist> - <listitem><para>The share name is set to the located printer - name</para></listitem> - - <listitem><para>If no printer name was given, the printer name - is set to the located printer name</para></listitem> - - <listitem><para>If the share does not permit guest access and - no username was given, the username is set to the located - printer name.</para></listitem> - </itemizedlist> - - <para>Note that the [printers] service MUST be - printable - if you specify otherwise, the server will refuse - to load the configuration file.</para> - - <para>Typically the path specified would be that of a - world-writeable spool directory with the sticky bit set on - it. A typical [printers] entry would look like - this:</para> - -<screen format="linespecific"><computeroutput moreinfo="none"> -[printers] - path = /usr/spool/public - guest ok = yes - printable = yes -</computeroutput></screen> - - <para>All aliases given for a printer in the printcap file - are legitimate printer names as far as the server is concerned. - If your printing subsystem doesn't work like that, you will have - to set up a pseudo-printcap. This is a file consisting of one or - more lines like this:</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -alias|alias|alias|alias... -</computeroutput> -</screen> - - <para>Each alias should be an acceptable printer name for - your printing subsystem. In the [global] section, specify - the new file as your printcap. The server will then only recognize - names found in your pseudo-printcap, which of course can contain - whatever aliases you like. The same technique could be used - simply to limit access to a subset of your local printers.</para> - - <para>An alias, by the way, is defined as any component of the - first entry of a printcap record. Records are separated by newlines, - components (if there are more than one) are separated by vertical - bar symbols ('|').</para> - - <para>NOTE: On SYSV systems which use lpstat to determine what - printers are defined on the system you may be able to use - "printcap name = lpstat" to automatically obtain a list - of printers. See the "printcap name" option - for more details.</para> - </refsect2> -</refsect1> - -<refsect1> - <title>PARAMETERS</title> - - <para>parameters define the specific attributes of sections.</para> - - <para>Some parameters are specific to the [global] section - (e.g., <emphasis>security</emphasis>). Some parameters are usable - in all sections (e.g., <emphasis>create mode</emphasis>). All others - are permissible only in normal sections. For the purposes of the - following descriptions the [homes] and [printers] - sections will be considered normal. The letter <emphasis>G</emphasis> - in parentheses indicates that a parameter is specific to the - [global] section. The letter <emphasis>S</emphasis> - indicates that a parameter can be specified in a service specific - section. Note that all <emphasis>S</emphasis> parameters can also be specified in - the [global] section - in which case they will define - the default behavior for all services.</para> - - <para>parameters are arranged here in alphabetical order - this may - not create best bedfellows, but at least you can find them! Where - there are synonyms, the preferred synonym is described, others refer - to the preferred synonym.</para> -</refsect1> - -<refsect1> - <title>VARIABLE SUBSTITUTIONS</title> - - <para>Many of the strings that are settable in the config file - can take substitutions. For example the option "path = - /tmp/%u" would be interpreted as "path = - /tmp/john" if the user connected with the username john.</para> - - <para>These substitutions are mostly noted in the descriptions below, - but there are some general substitutions which apply whenever they - might be relevant. These are:</para> - - <variablelist> - <varlistentry> - <term>%U</term> - <listitem><para>session user name (the user name that the client - wanted, not necessarily the same as the one they got).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%G</term> - <listitem><para>primary group name of %U.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%h</term> - <listitem><para>the Internet hostname that Samba is running - on.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%m</term> - <listitem><para>the NetBIOS name of the client machine - (very useful).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%L</term> - <listitem><para>the NetBIOS name of the server. This allows you - to change your config based on what the client calls you. Your - server can have a "dual personality".</para> - - <para>Note that this parameter is not available when Samba listens - on port 445, as clients no longer send this information </para> - </listitem> - - </varlistentry> - - <varlistentry> - <term>%M</term> - <listitem><para>the Internet name of the client machine. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>%R</term> - <listitem><para>the selected protocol level after - protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2 or NT1.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%d</term> - <listitem><para>The process id of the current server - process.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%a</term> - <listitem><para>the architecture of the remote - machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, Win95, - WinNT and Win2k. Anything else will be known as - "UNKNOWN". If it gets it wrong then sending a level - 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org - </ulink> should allow it to be fixed.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%I</term> - <listitem><para>The IP address of the client machine.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%T</term> - <listitem><para>the current date and time.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%D</term> - <listitem><para>Name of the domain or workgroup of the current user.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%$(<replaceable>envvar</replaceable>)</term> - <listitem><para>The value of the environment variable - <replaceable>envar</replaceable>.</para></listitem> - </varlistentry> - </variablelist> - - <para>The following substitutes apply only to some configuration options(only those - that are used when a connection has been established):</para> - - <variablelist> - <varlistentry> - <term>%S</term> - <listitem><para>the name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%P</term> - <listitem><para>the root directory of the current service, - if any.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%u</term> - <listitem><para>user name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%g</term> - <listitem><para>primary group name of %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%H</term> - <listitem><para>the home directory of the user given - by %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%N</term> - <listitem><para>the name of your NIS home directory server. - This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <emphasis>--with-automount</emphasis> - option then this value will be the same as %L.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%p</term> - <listitem><para>the path of the service's home directory, - obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as "%N:%p".</para></listitem> - </varlistentry> - </variablelist> - - <para>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</para> -</refsect1> - -<refsect1> - <title id="NAMEMANGLINGSECT">NAME MANGLING</title> - - <para>Samba supports "name mangling" so that DOS and - Windows clients can use files that don't conform to the 8.3 format. - It can also be set to adjust the case of 8.3 format filenames.</para> - - <para>There are several options that control the way mangling is - performed, and they are grouped here rather than listed separately. - For the defaults look at the output of the testparm program. </para> - - <para>All of these options can be set separately for each service - (or globally, of course). </para> - - <para>The options are: </para> - - <variablelist> - - <varlistentry> - <term>mangle case = yes/no</term> - <listitem><para> controls if names that have characters that - aren't of the "default" case are mangled. For example, - if this is yes then a name like "Mail" would be mangled. - Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>case sensitive = yes/no</term> - <listitem><para>controls whether filenames are case sensitive. If - they aren't then Samba must do a filename search and match on passed - names. Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>default case = upper/lower</term> - <listitem><para>controls what the default case is for new - filenames. Default <emphasis>lower</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>preserve case = yes/no</term> - <listitem><para>controls if new files are created with the - case that the client passes, or if they are forced to be the - "default" case. Default <emphasis>yes</emphasis>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>short preserve case = yes/no</term> - <listitem><para>controls if new files which conform to 8.3 syntax, - that is all in upper case and of suitable length, are created - upper case, or if they are forced to be the "default" - case. This option can be use with "preserve case = yes" - to permit long filenames to retain their case, while short names - are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> - </varlistentry> - </variablelist> - - <para>By default, Samba 3.0 has the same semantics as a Windows - NT server, in that it is case insensitive but case preserving.</para> - -</refsect1> - -<refsect1> - <title id="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> - - <para>There are a number of ways in which a user can connect - to a service. The server uses the following steps in determining - if it will allow a connection to a specified service. If all the - steps fail, then the connection request is rejected. However, if one of the - steps succeeds, then the following steps are not checked.</para> - - <para>If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") - then steps 1 to 5 are skipped.</para> - - - <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> - <listitem><para>If the client has passed a username/password - pair and that username/password pair is validated by the UNIX - system's password programs then the connection is made as that - username. Note that this includes the - \\server\service%<replaceable>username</replaceable> method of passing - a username.</para></listitem> - - <listitem><para>If the client has previously registered a username - with the system and now supplies a correct password for that - username then the connection is allowed.</para></listitem> - - <listitem><para>The client's NetBIOS name and any previously - used user names are checked against the supplied password, if - they match then the connection is allowed as the corresponding - user.</para></listitem> - - <listitem><para>If the client has previously validated a - username/password pair with the server and the client has passed - the validation token then that username is used. </para></listitem> - - <listitem><para>If a "user = " field is given in the - <filename moreinfo="none">smb.conf</filename> file for the service and the client - has supplied a password, and that password matches (according to - the UNIX system's password checking) with one of the usernames - from the "user =" field then the connection is made as - the username in the "user =" line. If one - of the username in the "user =" list begins with a - '@' then that name expands to a list of names in - the group of the same name.</para></listitem> - - <listitem><para>If the service is a guest service then a - connection is made as the username given in the "guest - account =" for the service, irrespective of the - supplied password.</para></listitem> - </orderedlist> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF GLOBAL PARAMETERS</title> - - <para>Here is a list of all global parameters. See the section of - each parameter for details. Note that some are synonyms.</para> - - <xi:include href="parameters.global.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF SERVICE PARAMETERS</title> - - <para>Here is a list of all service parameters. See the section on - each parameter for details. Note that some are synonyms.</para> - - <xi:include href="parameters.service.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>EXPLANATION OF EACH PARAMETER</title> - - <xi:include href="parameters.all.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>WARNINGS</title> - - <para>Although the configuration file permits service names - to contain spaces, your client software may not. Spaces will - be ignored in comparisons anyway, so it shouldn't be a - problem - but be aware of the possibility.</para> - - <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such - clients will fail if they truncate the service names. For this reason - you should probably keep your service names down to eight characters - in length.</para> - - <para>Use of the [homes] and [printers] special sections make life - for an administrator easy, but the various combinations of default - attributes can be tricky. Take extreme care when designing these - sections. In particular, ensure that the permissions on spool - directories are correct.</para> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> -</refsect1> - -</refentry> diff --git a/docs/docbook/smbdotconf/tuning/blocksize.xml b/docs/docbook/smbdotconf/tuning/blocksize.xml deleted file mode 100644 index da42ca9ece..0000000000 --- a/docs/docbook/smbdotconf/tuning/blocksize.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BLOCKSIZE"/>block size (S)</term> - <listitem><para>This parameter controls the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when reporting disk free - sizes. By default, this reports a disk block size of 1024 bytes. - </para> - - <para>Changing this parameter may have some effect on the - efficiency of client writes, this is not yet confirmed. This - parameter was added to allow advanced administrators to change - it (usually to a higher value) and test the effect it has on - client write performance without re-compiling the code. As this - is an experimental option it may be removed in a future release. - </para> - - <para>Changing this option does not change the disk free reporting - size, just the block size unit reported to the client.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/changenotifytimeout.xml b/docs/docbook/smbdotconf/tuning/changenotifytimeout.xml deleted file mode 100644 index 18c8b9a176..0000000000 --- a/docs/docbook/smbdotconf/tuning/changenotifytimeout.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CHANGENOTIFYTIMEOUT"/>change notify timeout (G)</term> - <listitem><para>This SMB allows a client to tell a server to - "watch" a particular directory for any changes and only reply to - the SMB request when a change has occurred. Such constant scanning of - a directory is expensive under UNIX, hence an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon only performs such a scan - on each requested directory once every <parameter moreinfo="none">change notify - timeout</parameter> seconds.</para> - - <para>Default: <command moreinfo="none">change notify timeout = 60</command></para> - <para>Example: <command moreinfo="none">change notify timeout = 300</command></para> - - <para>Would change the scan time to every 5 minutes.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/deadtime.xml b/docs/docbook/smbdotconf/tuning/deadtime.xml deleted file mode 100644 index dbad06f25b..0000000000 --- a/docs/docbook/smbdotconf/tuning/deadtime.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEADTIME"/>deadtime (G)</term> - <listitem><para>The value of the parameter (a decimal integer) - represents the number of minutes of inactivity before a connection - is considered dead, and it is disconnected. The deadtime only takes - effect if the number of open files is zero.</para> - - <para>This is useful to stop a server's resources being - exhausted by a large number of inactive connections.</para> - - <para>Most clients have an auto-reconnect feature when a - connection is broken so in most cases this parameter should be - transparent to users.</para> - - <para>Using this parameter with a timeout of a few minutes - is recommended for most systems.</para> - - <para>A deadtime of zero indicates that no auto-disconnection - should be performed.</para> - - <para>Default: <command moreinfo="none">deadtime = 0</command></para> - <para>Example: <command moreinfo="none">deadtime = 15</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/getwdcache.xml b/docs/docbook/smbdotconf/tuning/getwdcache.xml deleted file mode 100644 index c797bad414..0000000000 --- a/docs/docbook/smbdotconf/tuning/getwdcache.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GETWDCACHE"/>getwd cache (G)</term> - <listitem><para>This is a tuning option. When this is enabled a - caching algorithm will be used to reduce the time taken for getwd() - calls. This can have a significant impact on performance, especially - when the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter> - </link>parameter is set to <constant>no</constant>.</para> - - <para>Default: <command moreinfo="none">getwd cache = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/hostnamelookups.xml b/docs/docbook/smbdotconf/tuning/hostnamelookups.xml deleted file mode 100644 index daad09da8b..0000000000 --- a/docs/docbook/smbdotconf/tuning/hostnamelookups.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTNAMELOOKUPS"/>hostname lookups (G)</term> - <listitem><para>Specifies whether samba should use (expensive) - hostname lookups or use the ip addresses instead. An example place - where hostname lookups are currently used is when checking - the <command moreinfo="none">hosts deny</command> and <command moreinfo="none">hosts allow</command>. - </para> - - <para>Default: <command moreinfo="none">hostname lookups = yes</command></para> - - <para>Example: <command moreinfo="none">hostname lookups = no</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/keepalive.xml b/docs/docbook/smbdotconf/tuning/keepalive.xml deleted file mode 100644 index 746cda929e..0000000000 --- a/docs/docbook/smbdotconf/tuning/keepalive.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="KEEPALIVE"/>keepalive (G)</term> - <listitem><para>The value of the parameter (an integer) represents - the number of seconds between <parameter moreinfo="none">keepalive</parameter> - packets. If this parameter is zero, no keepalive packets will be - sent. Keepalive packets, if sent, allow the server to tell whether - a client is still present and responding.</para> - - <para>Keepalives should, in general, not be needed if the socket - being used has the SO_KEEPALIVE attribute set on it (see <link linkend="SOCKETOPTIONS"><parameter moreinfo="none">socket options</parameter></link>). - Basically you should only use this option if you strike difficulties.</para> - - <para>Default: <command moreinfo="none">keepalive = 300</command></para> - <para>Example: <command moreinfo="none">keepalive = 600</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxconnections.xml b/docs/docbook/smbdotconf/tuning/maxconnections.xml deleted file mode 100644 index 24af886b60..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxconnections.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXCONNECTIONS"/>max connections (S)</term> - <listitem><para>This option allows the number of simultaneous - connections to a service to be limited. If <parameter moreinfo="none">max connections - </parameter> is greater than 0 then connections will be refused if - this number of connections to the service are already open. A value - of zero mean an unlimited number of connections may be made.</para> - - <para>Record lock files are used to implement this feature. The - lock files will be stored in the directory specified by the <link linkend="LOCKDIRECTORY"><parameter moreinfo="none">lock directory</parameter></link> - option.</para> - - <para>Default: <command moreinfo="none">max connections = 0</command></para> - <para>Example: <command moreinfo="none">max connections = 10</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxdisksize.xml b/docs/docbook/smbdotconf/tuning/maxdisksize.xml deleted file mode 100644 index 8aebe91902..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxdisksize.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXDISKSIZE"/>max disk size (G)</term> - <listitem><para>This option allows you to put an upper limit - on the apparent size of disks. If you set this option to 100 - then all shares will appear to be not larger than 100 MB in - size.</para> - - <para>Note that this option does not limit the amount of - data you can put on the disk. In the above case you could still - store much more than 100 MB on the disk, but if a client ever asks - for the amount of free disk space or the total disk size then the - result will be bounded by the amount specified in <parameter moreinfo="none">max - disk size</parameter>.</para> - - <para>This option is primarily useful to work around bugs - in some pieces of software that can't handle very large disks, - particularly disks over 1GB in size.</para> - - <para>A <parameter moreinfo="none">max disk size</parameter> of 0 means no limit.</para> - - <para>Default: <command moreinfo="none">max disk size = 0</command></para> - <para>Example: <command moreinfo="none">max disk size = 1000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxopenfiles.xml b/docs/docbook/smbdotconf/tuning/maxopenfiles.xml deleted file mode 100644 index 85b76a3378..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxopenfiles.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXOPENFILES"/>max open files (G)</term> - <listitem><para>This parameter limits the maximum number of - open files that one <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> file - serving process may have open for a client at any one time. The - default for this parameter is set very high (10,000) as Samba uses - only one bit per unopened file.</para> - - <para>The limit of the number of open files is usually set - by the UNIX per-process file descriptor limit rather than - this parameter so you should never need to touch this parameter.</para> - - <para>Default: <command moreinfo="none">max open files = 10000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxsmbdprocesses.xml b/docs/docbook/smbdotconf/tuning/maxsmbdprocesses.xml deleted file mode 100644 index e46f0185ce..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxsmbdprocesses.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXSMBDPROCESSES"/>max smbd processes (G)</term> - <listitem><para>This parameter limits the maximum number of - <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> - processes concurrently running on a system and is intended - as a stopgap to prevent degrading service to clients in the event - that the server has insufficient resources to handle more than this - number of connections. Remember that under normal operating - conditions, each user will have an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> associated with him or her - to handle connections to all shares from a given host. - </para> - - <para>Default: <command moreinfo="none">max smbd processes = 0</command> ## no limit</para> - <para>Example: <command moreinfo="none">max smbd processes = 1000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/minprintspace.xml b/docs/docbook/smbdotconf/tuning/minprintspace.xml deleted file mode 100644 index acbb65fa41..0000000000 --- a/docs/docbook/smbdotconf/tuning/minprintspace.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPRINTSPACE"/>min print space (S)</term> - <listitem><para>This sets the minimum amount of free disk - space that must be available before a user will be able to spool - a print job. It is specified in kilobytes. The default is 0, which - means a user can always spool a print job.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">min print space = 0</command></para> - <para>Example: <command moreinfo="none">min print space = 2000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/namecachetimeout.xml b/docs/docbook/smbdotconf/tuning/namecachetimeout.xml deleted file mode 100644 index 0500a75c8d..0000000000 --- a/docs/docbook/smbdotconf/tuning/namecachetimeout.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NAMECACHETIMEOUT"/>name cache timeout (G)</term> - <listitem><para>Specifies the number of seconds it takes before - entries in samba's hostname resolve cache time out. If - the timeout is set to 0. the caching is disabled. - </para> - - - <para>Default: <command moreinfo="none">name cache timeout = 660</command></para> - <para>Example: <command moreinfo="none">name cache timeout = 0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/paranoidserversecurity.xml b/docs/docbook/smbdotconf/tuning/paranoidserversecurity.xml deleted file mode 100644 index d60f179176..0000000000 --- a/docs/docbook/smbdotconf/tuning/paranoidserversecurity.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PARANOIDSERVERSECURITY"/>paranoid server security (G)</term> - <listitem><para>Some version of NT 4.x allow non-guest - users with a bad passowrd. When this option is enabled, samba will not - use a broken NT 4.x server as password server, but instead complain - to the logs and exit. - </para> - - <para>Disabling this option prevents Samba from making - this check, which involves deliberatly attempting a - bad logon to the remote server.</para> - - <para>Default: <command moreinfo="none">paranoid server security = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/readsize.xml b/docs/docbook/smbdotconf/tuning/readsize.xml deleted file mode 100644 index 59c6848c76..0000000000 --- a/docs/docbook/smbdotconf/tuning/readsize.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READSIZE"/>read size (G)</term> - <listitem><para>The option <parameter moreinfo="none">read size</parameter> - affects the overlap of disk reads/writes with network reads/writes. - If the amount of data being transferred in several of the SMB - commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger - than this value then the server begins writing the data before it - has received the whole packet from the network, or in the case of - SMBreadbraw, it begins writing to the network before all the data - has been read from disk.</para> - - <para>This overlapping works best when the speeds of disk and - network access are similar, having very little effect when the - speed of one is much greater than the other.</para> - - <para>The default value is 16384, but very little experimentation - has been done yet to determine the optimal value, and it is likely - that the best value will vary greatly between systems anyway. - A value over 65536 is pointless and will cause you to allocate - memory unnecessarily.</para> - - <para>Default: <command moreinfo="none">read size = 16384</command></para> - <para>Example: <command moreinfo="none">read size = 8192</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/socketoptions.xml b/docs/docbook/smbdotconf/tuning/socketoptions.xml deleted file mode 100644 index 3acc259083..0000000000 --- a/docs/docbook/smbdotconf/tuning/socketoptions.xml +++ /dev/null @@ -1,69 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SOCKETOPTIONS"/>socket options (G)</term> - <listitem><para>This option allows you to set socket options - to be used when talking with the client.</para> - - <para>Socket options are controls on the networking layer - of the operating systems which allow the connection to be - tuned.</para> - - <para>This option will typically be used to tune your Samba - server for optimal performance for your local network. There is - no way that Samba can know what the optimal parameters are for - your net, so you must experiment and choose them yourself. We - strongly suggest you read the appropriate documentation for your - operating system first (perhaps <command moreinfo="none">man setsockopt</command> - will help).</para> - - <para>You may find that on some systems Samba will say - "Unknown socket option" when you supply an option. This means you - either incorrectly typed it or you need to add an include file - to includes.h for your OS. If the latter is the case please - send the patch to <ulink url="mailto:samba@samba.org"> - samba@samba.org</ulink>.</para> - - <para>Any of the supported socket options may be combined - in any way you like, as long as your OS allows it.</para> - - <para>This is the list of socket options currently settable - using this option:</para> - - <itemizedlist> - <listitem><para>SO_KEEPALIVE</para></listitem> - <listitem><para>SO_REUSEADDR</para></listitem> - <listitem><para>SO_BROADCAST</para></listitem> - <listitem><para>TCP_NODELAY</para></listitem> - <listitem><para>IPTOS_LOWDELAY</para></listitem> - <listitem><para>IPTOS_THROUGHPUT</para></listitem> - <listitem><para>SO_SNDBUF *</para></listitem> - <listitem><para>SO_RCVBUF *</para></listitem> - <listitem><para>SO_SNDLOWAT *</para></listitem> - <listitem><para>SO_RCVLOWAT *</para></listitem> - </itemizedlist> - - <para>Those marked with a <emphasis>'*'</emphasis> take an integer - argument. The others can optionally take a 1 or 0 argument to enable - or disable the option, by default they will be enabled if you - don't specify 1 or 0.</para> - - <para>To specify an argument use the syntax SOME_OPTION = VALUE - for example <command moreinfo="none">SO_SNDBUF = 8192</command>. Note that you must - not have any spaces before or after the = sign.</para> - - <para>If you are on a local network then a sensible option - might be</para> - <para><command moreinfo="none">socket options = IPTOS_LOWDELAY</command></para> - - <para>If you have a local network then you could try:</para> - <para><command moreinfo="none">socket options = IPTOS_LOWDELAY TCP_NODELAY</command></para> - - <para>If you are on a wide area network then perhaps try - setting IPTOS_THROUGHPUT. </para> - - <para>Note that several of the options may cause your Samba - server to fail completely. Use these options with caution!</para> - - <para>Default: <command moreinfo="none">socket options = TCP_NODELAY</command></para> - <para>Example: <command moreinfo="none">socket options = IPTOS_LOWDELAY</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/statcachesize.xml b/docs/docbook/smbdotconf/tuning/statcachesize.xml deleted file mode 100644 index fe7d3a7be2..0000000000 --- a/docs/docbook/smbdotconf/tuning/statcachesize.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STATCACHESIZE"/>stat cache size (G)</term> - <listitem><para>This parameter determines the number of - entries in the <parameter moreinfo="none">stat cache</parameter>. You should - never need to change this parameter.</para> - - <para>Default: <command moreinfo="none">stat cache size = 50</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/strictallocate.xml b/docs/docbook/smbdotconf/tuning/strictallocate.xml deleted file mode 100644 index 7b33ef3fc3..0000000000 --- a/docs/docbook/smbdotconf/tuning/strictallocate.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRICTALLOCATE"/>strict allocate (S)</term> - <listitem><para>This is a boolean that controls the handling of - disk space allocation in the server. When this is set to <constant>yes</constant> - the server will change from UNIX behaviour of not committing real - disk storage blocks when a file is extended to the Windows behaviour - of actually forcing the disk system to allocate real storage blocks - when a file is created or extended to be a given size. In UNIX - terminology this means that Samba will stop creating sparse files. - This can be slow on some systems.</para> - - <para>When strict allocate is <constant>no</constant> the server does sparse - disk block allocation when a file is extended.</para> - - <para>Setting this to <constant>yes</constant> can help Samba return - out of quota messages on systems that are restricting the disk quota - of users.</para> - - <para>Default: <command moreinfo="none">strict allocate = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/strictsync.xml b/docs/docbook/smbdotconf/tuning/strictsync.xml deleted file mode 100644 index b228f7cfcb..0000000000 --- a/docs/docbook/smbdotconf/tuning/strictsync.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRICTSYNC"/>strict sync (S)</term> - <listitem><para>Many Windows applications (including the Windows - 98 explorer shell) seem to confuse flushing buffer contents to - disk with doing a sync to disk. Under UNIX, a sync call forces - the process to be suspended until the kernel has ensured that - all outstanding data in kernel disk buffers has been safely stored - onto stable storage. This is very slow and should only be done - rarely. Setting this parameter to <constant>no</constant> (the - default) means that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> ignores the Windows applications requests for - a sync call. There is only a possibility of losing data if the - operating system itself that Samba is running on crashes, so there is - little danger in this default setting. In addition, this fixes many - performance problems that people have reported with the new Windows98 - explorer shell file copies.</para> - - <para>See also the <link linkend="SYNCALWAYS"><parameter moreinfo="none">sync - always></parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">strict sync = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/syncalways.xml b/docs/docbook/smbdotconf/tuning/syncalways.xml deleted file mode 100644 index c5c32343a7..0000000000 --- a/docs/docbook/smbdotconf/tuning/syncalways.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SYNCALWAYS"/>sync always (S)</term> - <listitem><para>This is a boolean parameter that controls - whether writes will always be written to stable storage before - the write call returns. If this is <constant>no</constant> then the server will be - guided by the client's request in each write call (clients can - set a bit indicating that a particular write should be synchronous). - If this is <constant>yes</constant> then every write will be followed by a <command moreinfo="none">fsync() - </command> call to ensure the data is written to disk. Note that - the <parameter moreinfo="none">strict sync</parameter> parameter must be set to - <constant>yes</constant> in order for this parameter to have - any affect.</para> - - <para>See also the <link linkend="STRICTSYNC"><parameter moreinfo="none">strict - sync</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">sync always = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/usemmap.xml b/docs/docbook/smbdotconf/tuning/usemmap.xml deleted file mode 100644 index 46fa4600de..0000000000 --- a/docs/docbook/smbdotconf/tuning/usemmap.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USEMMAP"/>use mmap (G)</term> - <listitem><para>This global parameter determines if the tdb internals of Samba can - depend on mmap working correctly on the running system. Samba requires a coherent - mmap/read-write system memory cache. Currently only HPUX does not have such a - coherent cache, and so this parameter is set to <constant>no</constant> by - default on HPUX. On all other systems this parameter should be left alone. This - parameter is provided to help the Samba developers track down problems with - the tdb internal code. - </para> - - <para>Default: <command moreinfo="none">use mmap = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/usesendfile.xml b/docs/docbook/smbdotconf/tuning/usesendfile.xml deleted file mode 100644 index 5f2dcb72a9..0000000000 --- a/docs/docbook/smbdotconf/tuning/usesendfile.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USESENDFILE"/>use sendfile (S)</term> - <listitem><para>If this parameter is <constant>yes</constant>, and Samba - was built with the --with-sendfile-support option, and the underlying operating - system supports sendfile system call, then some SMB read calls (mainly ReadAndX - and ReadRaw) will use the more efficient sendfile system call for files that - are exclusively oplocked. This may make more efficient use of the system CPU's - and cause Samba to be faster. This is off by default as it's effects are unknown - as yet. - </para> - - <para>Default: <command moreinfo="none">use sendfile = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/writecachesize.xml b/docs/docbook/smbdotconf/tuning/writecachesize.xml deleted file mode 100644 index b54a0e4fd6..0000000000 --- a/docs/docbook/smbdotconf/tuning/writecachesize.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITECACHESIZE"/>write cache size (S)</term> - <listitem><para>If this integer parameter is set to non-zero value, - Samba will create an in-memory cache for each oplocked file - (it does <emphasis>not</emphasis> do this for - non-oplocked files). All writes that the client does not request - to be flushed directly to disk will be stored in this cache if possible. - The cache is flushed onto disk when a write comes in whose offset - would not fit into the cache or when the file is closed by the client. - Reads for the file are also served from this cache if the data is stored - within it.</para> - - <para>This cache allows Samba to batch client writes into a more - efficient write size for RAID disks (i.e. writes may be tuned to - be the RAID stripe size) and can improve performance on systems - where the disk subsystem is a bottleneck but there is free - memory for userspace programs.</para> - - <para>The integer parameter specifies the size of this cache - (per oplocked file) in bytes.</para> - - <para>Default: <command moreinfo="none">write cache size = 0</command></para> - <para>Example: <command moreinfo="none">write cache size = 262144</command></para> - - <para>for a 256k cache size per file.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml deleted file mode 100644 index 0496fd7f47..0000000000 --- a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTMSDFS"/>host msdfs (G)</term> - <listitem><para>This boolean parameter is only available - if Samba has been configured and compiled with the <command moreinfo="none"> - --with-msdfs</command> option. If set to <constant>yes</constant>, - Samba will act as a Dfs server, and allow Dfs-aware clients - to browse Dfs trees hosted on the server.</para> - - <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none"> - msdfs root</parameter></link> share level parameter. For - more information on setting up a Dfs tree on Samba, - refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. - </para> - - <para>Default: <command moreinfo="none">host msdfs = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml deleted file mode 100644 index 41b36cb91b..0000000000 --- a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MSDFSPROXY"/>msdfs proxy (S)</term> - <listitem><para>This parameter indicates that the share is a - stand-in for another CIFS share whose location is specified by - the value of the parameter. When clients attempt to connect to - this share, they are redirected to the proxied share using - the SMB-Dfs protocol.</para> - <para>Only Dfs roots can act as proxy shares. Take a look at the - <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link> - and - <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link> - options to find out how to set up a Dfs root share.</para> - <para>Example: <command moreinfo="none">msdfs proxy = \\\\otherserver\\someshare</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml deleted file mode 100644 index dc50ba5e57..0000000000 --- a/docs/docbook/smbdotconf/vfs/msdfsroot.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MSDFSROOT"/>msdfs root (S)</term> - <listitem><para>This boolean parameter is only available if - Samba is configured and compiled with the <command moreinfo="none"> - --with-msdfs</command> option. If set to <constant>yes</constant>, - Samba treats the share as a Dfs root and allows clients to browse - the distributed file system tree rooted at the share directory. - Dfs links are specified in the share directory by symbolic - links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename> - and so on. For more information on setting up a Dfs tree - on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft - Distributed File System tree on Samba"</ulink> document.</para> - - <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs - </parameter></link></para> - - <para>Default: <command moreinfo="none">msdfs root = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml deleted file mode 100644 index d334552dae..0000000000 --- a/docs/docbook/smbdotconf/vfs/vfsobject.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VFSOBJECT"/>vfs object (S)</term> - <listitem><para>This parameter specifies a shared object files that - are used for Samba VFS I/O operations. By default, normal - disk I/O operations are used but these can be overloaded - with one or more VFS objects. </para> - - <para>Default : <emphasis>no value</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsoptions.xml b/docs/docbook/smbdotconf/vfs/vfsoptions.xml deleted file mode 100644 index 28f14a09bf..0000000000 --- a/docs/docbook/smbdotconf/vfs/vfsoptions.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VFSOPTIONS"/>vfs options (S)</term> - <listitem><para>This parameter allows parameters to be passed - to the vfs layer at initialization time. - See also <link linkend="VFSOBJECT"><parameter moreinfo="none"> - vfs object</parameter></link>.</para> - - <para>Default : <emphasis>no value</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfspath.xml b/docs/docbook/smbdotconf/vfs/vfspath.xml deleted file mode 100644 index 78c27302a8..0000000000 --- a/docs/docbook/smbdotconf/vfs/vfspath.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VFSPATH"/>vfs path (S)</term> - <listitem><para>This parameter specifies the directory - to look in for vfs modules. The name of every <command moreinfo="none">vfs object - </command> will be prepended by this directory - </para> - - <para>Default: <command moreinfo="none">vfs path = </command></para> - <para>Example: <command moreinfo="none">vfs path = /usr/lib/samba/vfs</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templatehomedir.xml b/docs/docbook/smbdotconf/winbind/templatehomedir.xml deleted file mode 100644 index a931e9b5a3..0000000000 --- a/docs/docbook/smbdotconf/winbind/templatehomedir.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TEMPLATEHOMEDIR"/>template homedir (G)</term> - <listitem><para>When filling out the user information for a Windows NT - user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon - uses this parameter to fill in the home directory for that user. - If the string <parameter moreinfo="none">%D</parameter> is present it is substituted - with the user's Windows NT domain name. If the string <parameter moreinfo="none">%U - </parameter> is present it is substituted with the user's Windows - NT user name.</para> - - <para>Default: <command moreinfo="none">template homedir = /home/%D/%U</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templateshell.xml b/docs/docbook/smbdotconf/winbind/templateshell.xml deleted file mode 100644 index e0b9f1a2ca..0000000000 --- a/docs/docbook/smbdotconf/winbind/templateshell.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TEMPLATESHELL"/>template shell (G)</term> - <listitem><para>When filling out the user information for a Windows NT - user, the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon - uses this parameter to fill in the login shell for that user.</para> - - <para>Default: <command moreinfo="none">template shell = /bin/false</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml deleted file mode 100644 index adbb8b12f6..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDCACHETIME"/>winbind cache time (G)</term> - <listitem><para>This parameter specifies the number of - seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon will cache - user and group information before querying a Windows NT server - again.</para> - - <para>Default: <command moreinfo="none">winbind cache type = 15</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml deleted file mode 100644 index 096c280fc2..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDENUMGROUPS"/>winbind enum groups (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress - the enumeration of groups through the <command moreinfo="none">setgrent()</command>, - <command moreinfo="none">getgrent()</command> and - <command moreinfo="none">endgrent()</command> group of system calls. If - the <parameter moreinfo="none">winbind enum groups</parameter> parameter is - <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system - call will not return any data. </para> - - <para><emphasis>Warning:</emphasis> Turning off group - enumeration may cause some programs to behave oddly. - </para> - - <para>Default: <command moreinfo="none">winbind enum groups = yes </command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml deleted file mode 100644 index 7935755f0c..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDENUMUSERS"/>winbind enum users (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be - necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>, - <command moreinfo="none">getpwent()</command> and - <command moreinfo="none">endpwent()</command> group of system calls. If - the <parameter moreinfo="none">winbind enum users</parameter> parameter is - <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call - will not return any data. </para> - - <para><emphasis>Warning:</emphasis> Turning off user - enumeration may cause some programs to behave oddly. For - example, the finger program relies on having access to the - full user list when searching for matching - usernames. </para> - - <para>Default: <command moreinfo="none">winbind enum users = yes </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml deleted file mode 100644 index a8a9683b01..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindgid.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDGID"/>winbind gid (G)</term> - <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no - existing local or NIS groups within it as strange conflicts can - occur otherwise.</para> - - <para>Default: <command moreinfo="none">winbind gid = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">winbind gid = 10000-20000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindseparator.xml b/docs/docbook/smbdotconf/winbind/winbindseparator.xml deleted file mode 100644 index 416adcb531..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindseparator.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDSEPARATOR"/>winbind separator (G)</term> - <listitem><para>This parameter allows an admin to define the character - used when listing a username of the form of <replaceable>DOMAIN - </replaceable>\<replaceable>user</replaceable>. This parameter - is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename> - and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services. - </para> - - <para>Please note that setting this parameter to + causes problems - with group membership at least on glibc systems, as the character + - is used as a special character for NIS in /etc/group.</para> - - <para>Default: <command moreinfo="none">winbind separator = '\'</command></para> - <para>Example: <command moreinfo="none">winbind separator = +</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml deleted file mode 100644 index ecd7848f61..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbinduid.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDUID"/>winbind uid (G)</term> - <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no - existing local or NIS users within it as strange conflicts can - occur otherwise.</para> - - <para>Default: <command moreinfo="none">winbind uid = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">winbind uid = 10000-20000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml deleted file mode 100644 index a6b7bcd7e5..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDUSEDEFAULTDOMAIN"/>winbind use default domain (G)</term> - <listitem><para>This parameter specifies whether the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon should operate on users - without domain component in their username. - Users without a domain component are treated as is part of the winbindd server's - own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail - function in a way much closer to the way they would in a native unix system.</para> - - <para>Default: <command moreinfo="none">winbind use default domain = <no> - </command></para> - <para>Example: <command moreinfo="none">winbind use default domain = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/dnsproxy.xml b/docs/docbook/smbdotconf/wins/dnsproxy.xml deleted file mode 100644 index fd53ae7ded..0000000000 --- a/docs/docbook/smbdotconf/wins/dnsproxy.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DNSPROXY"/>dns proxy (G)</term> - <listitem><para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and - finding that a NetBIOS name has not been registered, should treat the - NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server - for that name on behalf of the name-querying client.</para> - - <para>Note that the maximum length for a NetBIOS name is 15 - characters, so the DNS name (or DNS alias) can likewise only be - 15 characters, maximum.</para> - - <para><command moreinfo="none">nmbd</command> spawns a second copy of itself to do the - DNS name lookup requests, as doing a name lookup is a blocking - action.</para> - - <para>See also the parameter <link linkend="WINSSUPPORT"><parameter moreinfo="none"> - wins support</parameter></link>.</para> - - <para>Default: <command moreinfo="none">dns proxy = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winshook.xml b/docs/docbook/smbdotconf/wins/winshook.xml deleted file mode 100644 index e0c4a87c5b..0000000000 --- a/docs/docbook/smbdotconf/wins/winshook.xml +++ /dev/null @@ -1,43 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSHOOK"/>wins hook (G)</term> - <listitem><para>When Samba is running as a WINS server this - allows you to call an external program for all changes to the - WINS database. The primary use for this option is to allow the - dynamic update of external name resolution databases such as - dynamic DNS.</para> - - <para>The wins hook parameter specifies the name of a script - or executable that will be called as follows:</para> - - <para><command moreinfo="none">wins_hook operation name nametype ttl IP_list - </command></para> - - <itemizedlist> - <listitem><para>The first argument is the operation and is one - of "add", "delete", or "refresh". In most cases the operation can - be ignored as the rest of the parameters provide sufficient - information. Note that "refresh" may sometimes be called when the - name has not previously been added, in that case it should be treated - as an add.</para></listitem> - - <listitem><para>The second argument is the NetBIOS name. If the - name is not a legal name then the wins hook is not called. - Legal names contain only letters, digits, hyphens, underscores - and periods.</para></listitem> - - <listitem><para>The third argument is the NetBIOS name - type as a 2 digit hexadecimal number. </para></listitem> - - <listitem><para>The fourth argument is the TTL (time to live) - for the name in seconds.</para></listitem> - - <listitem><para>The fifth and subsequent arguments are the IP - addresses currently registered for that name. If this list is - empty then the name should be deleted.</para></listitem> - </itemizedlist> - - <para>An example script that calls the BIND dynamic DNS update - program <command moreinfo="none">nsupdate</command> is provided in the examples - directory of the Samba source code. </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml deleted file mode 100644 index 840435ae4e..0000000000 --- a/docs/docbook/smbdotconf/wins/winspartners.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSPARTNERS"/>wins partners (G)</term> - <listitem><para>A space separated list of partners' IP addresses for - WINS replication. WINS partners are always defined as push/pull - partners as defining only one way WINS replication is unreliable. - WINS replication is currently experimental and unreliable between - samba servers. - </para> - - <para>Default: <command moreinfo="none">wins partners = </command></para> - - <para>Example: <command moreinfo="none">wins partners = 192.168.0.1 172.16.1.2</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsproxy.xml b/docs/docbook/smbdotconf/wins/winsproxy.xml deleted file mode 100644 index 31978d3b24..0000000000 --- a/docs/docbook/smbdotconf/wins/winsproxy.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSPROXY"/>wins proxy (G)</term> - <listitem><para>This is a boolean that controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name - queries on behalf of other hosts. You may need to set this - to <constant>yes</constant> for some older clients.</para> - - <para>Default: <command moreinfo="none">wins proxy = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml deleted file mode 100644 index ba49f687f6..0000000000 --- a/docs/docbook/smbdotconf/wins/winsserver.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSSERVER"/>wins server (G)</term> - <listitem><para>This specifies the IP address (or DNS name: IP - address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on - your network then you should set this to the WINS server's IP.</para> - - <para>You should point this at your WINS server if you have a - multi-subnetted network.</para> - - <para><emphasis>NOTE</emphasis>. You need to set up Samba to point - to a WINS server if you have multiple subnets and wish cross-subnet - browsing to work correctly.</para> - - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> - in the docs/ directory of your Samba source distribution.</para> - - <para>Default: <emphasis>not enabled</emphasis></para> - <para>Example: <command moreinfo="none">wins server = 192.9.200.1</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winssupport.xml b/docs/docbook/smbdotconf/wins/winssupport.xml deleted file mode 100644 index 5ad886a9b1..0000000000 --- a/docs/docbook/smbdotconf/wins/winssupport.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSSUPPORT"/>wins support (G)</term> - <listitem><para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should - not set this to <constant>yes</constant> unless you have a multi-subnetted network and - you wish a particular <command moreinfo="none">nmbd</command> to be your WINS server. - Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> - on more than one machine in your network.</para> - - <para>Default: <command moreinfo="none">wins support = no</command></para> - </listitem> - </samba:parameter> |