diff options
Diffstat (limited to 'docs/docbook')
94 files changed, 37795 insertions, 0 deletions
diff --git a/docs/docbook/.cvsignore b/docs/docbook/.cvsignore new file mode 100644 index 0000000000..04290fcd2e --- /dev/null +++ b/docs/docbook/.cvsignore @@ -0,0 +1,4 @@ +Makefile +config.cache +config.log +config.status diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in new file mode 100644 index 0000000000..0a21b73f6f --- /dev/null +++ b/docs/docbook/Makefile.in @@ -0,0 +1,397 @@ +################################################################# +# Makefile.in for Samba Documentation +# Authors: James Moore <jmoore@php.net> +# Gerald Carter <jerry@samba.org> +# +# Please see http://www.samba.org/samba/cvs.html +# for information on getting the latest +# source and documentation source files. +# + +# Autoconf Variables +SRCDIR = @srcdir@ +JADE = @JADE@ +NSGMLS = @NSGMLS@ +SGMLSPL=@SGMLSPL@ +HTMLDOC=@HTMLDOC@ +PERL=@PERL@ +#CATALOG = @CATALOG@ +MANDIR=../manpages +HTMLDIR=../htmldocs + +#Stylesheets and Dependicies +SGML_SHARE=@SGML_SHARE@ +#SGML_CATALOG_FILES=$(SGML_CATALOG_FILES):./dbsgml/catalog +HTML_STYLESHEET = $(srcdir)/stylesheets/html.dsl +HTML_DEPS = $(srcdir)/stylesheets/html-common.dsl $(srcdir)/stylesheets/common.dsl + +MANPAGES=$(MANDIR)/findsmb.1 $(MANDIR)/smbclient.1 \ + $(MANDIR)/smbspool.8 $(MANDIR)/lmhosts.5 \ + $(MANDIR)/smbcontrol.1 $(MANDIR)/smbstatus.1 \ + $(MANDIR)/make_smbcodepage.1 $(MANDIR)/smbd.8 \ + $(MANDIR)/smbtar.1 $(MANDIR)/nmbd.8 $(MANDIR)/smbmnt.8 \ + $(MANDIR)/smbumount.8 $(MANDIR)/nmblookup.1 \ + $(MANDIR)/smbmount.8 $(MANDIR)/swat.8 $(MANDIR)/rpcclient.1 \ + $(MANDIR)/smbpasswd.5 $(MANDIR)/testparm.1 $(MANDIR)/samba.7 \ + $(MANDIR)/smbpasswd.8 $(MANDIR)/testprns.1 \ + $(MANDIR)/smb.conf.5 $(MANDIR)/wbinfo.1 $(MANDIR)/pdbedit.8 \ + $(MANDIR)/smbcacls.1 $(MANDIR)/smbsh.1 $(MANDIR)/winbindd.8 \ + $(MANDIR)/make_unicodemap.1 $(MANDIR)/net.8 \ + $(MANDIR)/smbgroupedit.8 + +SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \ + manpages/smbspool.8.sgml manpages/lmhosts.5.sgml \ + manpages/smbcontrol.1.sgml manpages/smbstatus.1.sgml \ + manpages/make_smbcodepage.1.sgml manpages/smbd.8.sgml \ + manpages/smbtar.1.sgml manpages/nmbd.8.sgml manpages/smbmnt.8.sgml \ + manpages/smbumount.8.sgml manpages/nmblookup.1.sgml \ + manpages/smbmount.8.sgml manpages/swat.8.sgml \ + manpages/rpcclient.1.sgml manpages/smbpasswd.5.sgml \ + manpages/testparm.1.sgml manpages/samba.7.sgml \ + manpages/smbpasswd.8.sgml manpages/testprns.1.sgml \ + manpages/smb.conf.5.sgml manpages/pdbedit.8.sgml \ + manpages/wbinfo.1.sgml manpages/smbcacls.1.sgml \ + manpages/smbsh.1.sgml manpages/winbindd.8.sgml \ + manpages/make_unicodemap.1.sgml manpages/smbgroupedit.8.sgml \ + manpages/net.8.sgml + +HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \ + projdoc/msdfs_setup.sgml projdoc/printer_driver2.sgml \ + projdoc/UNIX_INSTALL.sgml projdoc/winbind.sgml projdoc/OS2-Client-HOWTO.sgml \ + projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \ + projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \ + projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \ + projdoc/Samba-BDC-HOWTO.sgml + + + +###################################################################### +# Make instructions +###################################################################### +all: + @echo "Possible options to the Makefile include:" + @echo " all-docs - Force a rebuild of all documentation" + @echo " HOWTO - Build all individual HOWTOs in html format" + @echo " proj-doc - Build the Samba-HOWTO-Collection.[pdf|html] file" + @echo " man - Rebuild html and nroff versions of man pages as necessary" + @echo " syntax - Check the SGML/DocBook syntax of all source files" + +all-docs: HOWTO proj-doc man-all man-html-all + +syntax: $(SGMLMANSRC) projdoc/samba-doc.sgml + @echo Checking syntax of all SGML/DocBook source files... + @(for i in $?; do \ + echo "$$i..."; \ + $(NSGMLS) -sv $$i 2>&1 | grep -v "DTDDECL catalog entries are not supported" ; \ + done) + + + +man: $(MANPAGES) + +HOWTO: $(HOWTOSRC) + @echo Building HOWTO pages... + @(for i in $?; do \ + htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \ + echo "Making $$htmlfile"; \ + cat $$i | $(PERL) scripts/make-article.pl > /tmp/`echo $$i | sed 's,.*/,,'`; \ + $(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \ + -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'` > ../htmldocs/$$htmlfile; \ + cat /tmp/jade.log | grep -v DTDDECL; \ + /bin/rm -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'`; \ + done) + + +## I'm using htmldoc here to produc the PDF output. If you want +## Postscript output, you can run +## +## sgmltools -b ps projdoc/samba-doc.sgml +## +proj-doc: + echo Building Samba-HOWTO-Collections... + @$(PERL) scripts/collateindex.pl -N -o projdoc/index.sgml + @$(JADE) -t sgml -V html-index -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl projdoc/samba-doc.sgml + @$(PERL) scripts/collateindex.pl -o projdoc/index.sgml HTML.index + @/bin/rm HTML.index *.htm + @$(JADE) -t sgml -i html -V nochunks -d stylesheets/ldp.dsl\#html projdoc/samba-doc.sgml > samba-doc.html + @(cd scripts; ./ldp_print ../samba-doc.html) + @mv -f samba-doc.pdf ../Samba-HOWTO-Collection.pdf + @/bin/mv -f samba-doc.html ../htmldocs/Samba-HOWTO-Collection.html + + +## generate all HTML man pages +man-html-all: $(SGMLMANSRC) + @echo Building HTML formatted man pages... + @(for i in $?; do \ + htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \ + echo "Making $$htmlfile"; \ + $(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \ + cat /tmp/jade.log | grep -v DTDDECL; \ + /bin/rm -f /tmp/jade.log; \ + done) + +## generate all man pages +man-all: $(SGMLMANSRC) + @echo Building man pages... + @(for i in $?; do \ + manfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml//g"`; \ + echo "Making $$manfile"; \ + $(NSGMLS) -f /tmp/docbook2x.log $$i | $(SGMLSPL) \ + $(SGML_SHARE)/docbook2X/docbook2man-spec.pl; \ + cat /tmp/docbook2x.log | grep -v DTDDECL; \ + /bin/rm -f /tmp/docbook2x.log; \ + cat $$manfile | $(PERL) scripts/strip-links.pl > $(MANDIR)/$$manfile; \ + /bin/rm -f $$manfile; \ + done) + + + + +## +## these rules are for building individual files +## +$(MANDIR)/findsmb.1: manpages/findsmb.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbclient.1: manpages/smbclient.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbspool.8: manpages/smbspool.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/lmhosts.5: manpages/lmhosts.5.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbcontrol.1: manpages/smbcontrol.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbstatus.1: manpages/smbstatus.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/make_smbcodepage.1: manpages/make_smbcodepage.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/make_unicodemap.1: manpages/make_unicodemap.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbd.8: manpages/smbd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbtar.1: manpages/smbtar.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/nmbd.8: manpages/nmbd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbmnt.8: manpages/smbmnt.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbumount.8: manpages/smbumount.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/nmblookup.1: manpages/nmblookup.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbmount.8: manpages/smbmount.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/swat.8: manpages/swat.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/rpcclient.1: manpages/rpcclient.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbpasswd.5: manpages/smbpasswd.5.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/testparm.1: manpages/testparm.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/samba.7: manpages/samba.7.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbpasswd.8: manpages/smbpasswd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/testprns.1: manpages/testprns.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smb.conf.5: manpages/smb.conf.5.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/wbinfo.1: manpages/wbinfo.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbcacls.1: manpages/smbcacls.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbsh.1 : manpages/smbsh.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/winbindd.8: manpages/winbindd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + + +$(MANDIR)/pdbedit.8: manpages/pdbedit.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/net.8: manpages/net.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbgroupedit.8: manpages/smbgroupedit.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + + +## Clean Rule +clean: + /bin/rm -f manpage.* diff --git a/docs/docbook/configure b/docs/docbook/configure new file mode 100755 index 0000000000..26ea467482 --- /dev/null +++ b/docs/docbook/configure @@ -0,0 +1,1067 @@ +#! /bin/sh + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.13 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_help="$ac_help + --with-sgml-share=DIR change the default location of SGML stylesheets" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=global.ent + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +ac_exeext= +ac_objext=o +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + + +## check for the necesary install tools +## Openjade includes 'onsgmls' while +## the older jade package includes 'nsgmls' +# Extract the first word of "openjade", so it can be a program name with args. +set dummy openjade; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:534: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$JADE" in + /*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_JADE="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +JADE="$ac_cv_path_JADE" +if test -n "$JADE"; then + echo "$ac_t""$JADE" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + +if test -z "$JADE"; then + # Extract the first word of "jade", so it can be a program name with args. +set dummy jade; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:571: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$JADE" in + /*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_JADE="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +JADE="$ac_cv_path_JADE" +if test -n "$JADE"; then + echo "$ac_t""$JADE" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + # Extract the first word of "nsgmls", so it can be a program name with args. +set dummy nsgmls; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:606: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$NSGMLS" in + /*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_NSGMLS="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +NSGMLS="$ac_cv_path_NSGMLS" +if test -n "$NSGMLS"; then + echo "$ac_t""$NSGMLS" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +else + # Extract the first word of "onsgmls", so it can be a program name with args. +set dummy onsgmls; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:642: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$NSGMLS" in + /*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_NSGMLS="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +NSGMLS="$ac_cv_path_NSGMLS" +if test -n "$NSGMLS"; then + echo "$ac_t""$NSGMLS" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +fi + +# Extract the first word of "htmldoc", so it can be a program name with args. +set dummy htmldoc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:679: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$HTMLDOC" in + /*) + ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_HTMLDOC="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +HTMLDOC="$ac_cv_path_HTMLDOC" +if test -n "$HTMLDOC"; then + echo "$ac_t""$HTMLDOC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Extract the first word of "sgmlspl", so it can be a program name with args. +set dummy sgmlspl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:714: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_SGMLSPL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$SGMLSPL" in + /*) + ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_SGMLSPL="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +SGMLSPL="$ac_cv_path_SGMLSPL" +if test -n "$SGMLSPL"; then + echo "$ac_t""$SGMLSPL" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Extract the first word of "perl", so it can be a program name with args. +set dummy perl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:749: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$PERL" in + /*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_PERL="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +PERL="$ac_cv_path_PERL" +if test -n "$PERL"; then + echo "$ac_t""$PERL" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + +SGML_SHARE="/usr/local/share/sgml" + +# Check whether --with-sgml-share or --without-sgml-share was given. +if test "${with_sgml_share+set}" = set; then + withval="$with_sgml_share" + case "$withval" in + no) SGML_SHARE="" + ;; + yes) + ;; + /*|\\*) + SGML_SHARE="$withval" + ;; + *) + SGML_SHARE="/$withval" + ;; +esac + +fi + +# The Makefile requires docbook2X in the share/sgml directory +if ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ; then + { echo "configure: error: "Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct."" 1>&2; exit 1; } +fi + + +DOC_BUILD_DATE=`date '+%d-%m-%Y'` + + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +cat > conftest.defs <<\EOF +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g +s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g +s%\[%\\&%g +s%\]%\\&%g +s%\$%$$%g +EOF +DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` +rm -f conftest.defs + + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS <<EOF +#! /bin/sh +# Generated automatically by configure. +# Run this file to recreate the current configuration. +# This directory was configured as follows, +# on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir + +trap 'rm -fr `echo "Makefile stylesheets/ldp.dsl " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS <<EOF + +# Protect against being on the right side of a sed subst in config.status. +sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g; + s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@SHELL@%$SHELL%g +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@JADE@%$JADE%g +s%@NSGMLS@%$NSGMLS%g +s%@HTMLDOC@%$HTMLDOC%g +s%@SGMLSPL@%$SGMLSPL%g +s%@PERL@%$PERL%g +s%@SGML_SHARE@%$SGML_SHARE%g +s%@DOC_BUILD_DATE@%$DOC_BUILD_DATE%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <<EOF + +CONFIG_FILES=\${CONFIG_FILES-"Makefile stylesheets/ldp.dsl "} +EOF +cat >> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +EOF +cat >> $CONFIG_STATUS <<EOF + +EOF +cat >> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in new file mode 100644 index 0000000000..ad0613f2be --- /dev/null +++ b/docs/docbook/configure.in @@ -0,0 +1,49 @@ +AC_INIT(global.ent) + +## check for the necesary install tools +## Openjade includes 'onsgmls' while +## the older jade package includes 'nsgmls' +AC_PATH_PROG(JADE,openjade) + +if test -z "$JADE"; then + AC_PATH_PROG(JADE,jade) + AC_PATH_PROG(NSGMLS, nsgmls) +else + AC_PATH_PROG(NSGMLS, onsgmls) +fi + +AC_PATH_PROG(HTMLDOC, htmldoc) +AC_PATH_PROG(SGMLSPL, sgmlspl) +AC_PATH_PROG(PERL, perl) + +dnl ---------------------------------------------------------------- +dnl --with-sgml-share +SGML_SHARE="/usr/local/share/sgml" + +AC_ARG_WITH(sgml-share, +[ --with-sgml-share=DIR change the default location of SGML stylesheets], +[case "$withval" in + no) SGML_SHARE="" + ;; + yes) + ;; + /*|\\*) + SGML_SHARE="$withval" + ;; + *) + SGML_SHARE="/$withval" + ;; +esac +])dnl + +# The Makefile requires docbook2X in the share/sgml directory +if [ ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ]; then + AC_MSG_ERROR("Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct.") +fi + +AC_SUBST(SGML_SHARE)dnl + +DOC_BUILD_DATE=`date '+%d-%m-%Y'` +AC_SUBST(DOC_BUILD_DATE) + +AC_OUTPUT( Makefile stylesheets/ldp.dsl ) diff --git a/docs/docbook/dbsgml/40chg.txt b/docs/docbook/dbsgml/40chg.txt new file mode 100644 index 0000000000..2d2467d9eb --- /dev/null +++ b/docs/docbook/dbsgml/40chg.txt @@ -0,0 +1,45 @@ +19 June 2000 + +Changes from DocBook V3.1 to DocBook V4.1: + +Markup: + +- RFE 17: Added a common attribute 'Condition' for generic effectivity +- RFE 38: The nav.class elements (ToC|LoT|Index|Glossary|Bibliography) are + now allowed at the beginning and end of components and sections +- RFE 58: The 'optmult' and 'reqmult' attribute values have been + removed from Group +- RFE 65: Added several class attribute values to Filename and SystemItem + at the request of the Linux community +- RFE 73: Removed BookBiblio and SeriesInfo +- RFE 81: Added SidebarInfo to Sidebar +- RFE 87: Added 'xmlpi' and 'emptytag' as class values of SGMLTag +- RFE 92: Added 'CO' to Synopsis and LiteralLayout +- RFE 99: Added SimpleMsgEntry as an alternative to MsgEntry in order + to provide a simpler MsgSet construct +- RFE 103: Added RevDescription as an alternative to RevRemark in + RevHistory; this allows longer descriptive text in a revision +- RFE 104: Added 'Specification' to the list of document classes on Article +- RFE 108: Allow admonitions in Answers +- RFE 110: Allow a RevHistory on QandAEntry +- RFE 115: Allow optional Title on OrderedList and ItemizedList +- RFE 116: Added LineNumbering attribute to linespecific environments for + presentation of line numbers +- Added a common attribute 'Security' for effectivity +- Added synopsis markup for modern programming languages (e.g, object + oriented languages like Java, C++, and IDL) +- Renamed DocInfo to PrefaceInfo, ChapterInfo, AppendixInfo, etc. +- Comment was renamed Remark +- InterfaceDefinition was removed + +Other: + +- RFE 88: Added PEs to include/ignore dbnotn.mod and dbcent.mod +- RFE 102: Fixed some outstanding namecase problems +- RFE 105: Added PNG notation +- RFE 106: Removed some odd *.content PEs that interfered with + customization layers +- RFE 109: Added FPI to content of dbgenent.mod (for consistency) +- RFE 111: Added the Euro symbol +- Fixed bug in cals-tbl.dtd; a model group was used for the element + declaration, but the attlist declaration used "Table" literally. diff --git a/docs/docbook/dbsgml/41chg.txt b/docs/docbook/dbsgml/41chg.txt new file mode 100644 index 0000000000..d2a9147887 --- /dev/null +++ b/docs/docbook/dbsgml/41chg.txt @@ -0,0 +1,7 @@ +19 June 2000 + +Changes from DocBook V4.0 to DocBook V4.1: + +No user-visible changes; removed some 4.0 future use comments that had +accidentally been left in the DTD and fixed a couple of incorrect FPIs. +See 40chg.txt for a list of the significant changes. diff --git a/docs/docbook/dbsgml/50issues.txt b/docs/docbook/dbsgml/50issues.txt new file mode 100644 index 0000000000..31497420f0 --- /dev/null +++ b/docs/docbook/dbsgml/50issues.txt @@ -0,0 +1,39 @@ +19 June 2000 + +Backwards-incompatible changes to DocBook that are planned for V5.0: + +- DocBook V5.0 will be an XML DTD. This will require a wide range of + changes. As a result, DocBook V5.0 will more closely resemble + The XML version of DocBook V4.1 than the SGML version. + +- Parameter entity reorganization may greatly reduce many + content models. The goal of this effort is to remove a large + number of spurious elements that snuck into content models + during the first PE reorg, in practice these changes should have + very little "real world" impact. + +- The Coords attribute will be removed from AreaSet. + +- ArtHeader will be dropped from BiblioEntry + +- Contents attribute will be removed from BookInfo and SetInfo + +- The %indexdivcomponent.mix; will be restricted. Numbered figures + and other elements inappropriate for an Index or SetIndex will be + removed. + +- RevHistory will be removed from GlossTerm + +- Constant Class will be removed from SystemItem + +- Graphic and InlineGraphic will be removed + +- Tables will be restricted from full CALS to the OASIS Exchange model + +- An experimental XML Schema version of DocBook 5.0 will be + produced in parallel with the DTD version. It will be + backwards-incompatible in an unspecified number of ways. The + goal of the effort will be that most DocBook documents that + validate under the DTD will also validate under the Schema, + but the committee does not feel bound to guarantee this + condition. diff --git a/docs/docbook/dbsgml/ChangeLog b/docs/docbook/dbsgml/ChangeLog new file mode 100644 index 0000000000..c4673db15a --- /dev/null +++ b/docs/docbook/dbsgml/ChangeLog @@ -0,0 +1,85 @@ +2000-06-19 Norman Walsh <ndw@nwalsh.com> + + * 40chg.txt: Added notes about comment and interfacedefinition + + * 41chg.txt: New file. + + * 50issues.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, readme.txt: + Updated version numbers to 4.1 + + * dbhier.mod, dbpool.mod: Removed 4.0 future use comments + + * docbook.cat: Fixed version number in comment + + * docbook.dtd: DocBook V4.1 released. + +2000-05-18 Norman Walsh <ndw@nwalsh.com> + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Removed references to beta6 + + * docbook.dtd: DocBook V4.0 released. + +2000-04-10 Norman Walsh <ndw@nwalsh.com> + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated release date and version to 4.0beta6 + + * dbpool.mod: Added support for EBNF hook; fixed equation content bug + +2000-04-03 Norman Walsh <ndw@nwalsh.com> + + * 40chg.txt: Added note about renaming DocInfo to *Info. + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated version numbers + +2000-03-24 Norman Walsh <ndw@nwalsh.com> + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated version numbers + + * 50issues.txt: Added note about PE reorg + + * dbefsyn.mod: Removed + + * dbpool.mod: Removed ELEMENT from comments to ease text searching of the DTD. + Merged dbefsyn.mod into dbpool.mod + Added Modifier as an optional element at the end of MethodSynopsis + and MethodParam. + +2000-03-07 Norman Walsh <ndw@nwalsh.com> + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated internal versions to beta3 + +2000-03-03 Norman Walsh <ndw@nwalsh.com> + + * dbpool.mod: Removed erroneous comment about inline synopses + +2000-03-02 Norman Walsh <ndw@nwalsh.com> + + * 30chg.txt, 31chg.txt, 40issues.txt, 50issues.txt, announce.txt, cals-tbl.dtd, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Version 3.1 + + * 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: + branches: 1.1.1; + Initial revision + + * 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: + New file. + + * 31chg.txt, 40chg.txt, 40issues.txt, 50issues.txt, cals-tbl.dtd, dbcent.mod, dbefsyn.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Version 4.0beta2 + + * 50issues.txt: Added warning about exchange table model + + * dbefsyn.mod, dbpool.mod: Added ooclass, oointerface, and ooexception as wrappers for modifiers + and names in classsynopsis. Also allow them inline. + + Fixed SGML PE parsing problem with hook PEs. + + * dbhier.mod, dbpool.mod: Added hook PEs for future module extension + + * dbpool.mod, docbook.dtd: Removed reference to sgml-features PE + diff --git a/docs/docbook/dbsgml/cals-tbl.dtd b/docs/docbook/dbsgml/cals-tbl.dtd new file mode 100644 index 0000000000..78c7d5a3ae --- /dev/null +++ b/docs/docbook/dbsgml/cals-tbl.dtd @@ -0,0 +1,330 @@ +<!-- CALS TABLE MODEL DECLARATION MODULE --> + +<!-- This set of declarations defines the CALS Table Model as of the + date shown in the Formal Public Identifier (FPI) for this entity. + + This set of declarations may be referred to using a public external + entity declaration and reference as shown in the following two lines: + +<!ENTITY % calstbls PUBLIC "-//USA-DOD//DTD Table Model 951010//EN"> +%calstbls; + + If various parameter entities used within this set of declarations + are to be given non-default values, the appropriate declarations + should be given before calling in this package (i.e., before the + "%calstbls;" reference). + + NOTE: This set of declarations assumes a NAMELEN of 32 as is used in + the standard CALS defined SGML declaration. +--> + +<!-- This entity includes a set of element and attribute declarations + that partially defines the CALS table model. However, the model + is not well-defined without the accompanying natural language + description of the semantics (meanings) of these various elements, + attributes, and attribute values. The semantic writeup, available + as a separate entity, should be used in conjunction with this entity. +--> + +<!-- In order to use the CALS table model, various parameter entity + declarations are required. A brief description is as follows: + + ENTITY NAME WHERE USED WHAT IT IS + + %bodyatt In ATTLIST of: Additional (non-table related) + table element(s) attributes on the overall + (wrapper) table element(s) + + %secur In ATTLIST of: Additional (non-table related) + table element(s) attributes on all the listed + <tgroup> elements + <tbody> + table head and foot element(s) + <row> + <entrytbl> + <entry> + + %yesorno In ATTLIST of: An attribute declared value + almost all elements for a "boolean" attribute + + %titles In content model of: The "title" part of the model + table element(s) group for the table element(s) + + %paracon In content model of: The "text" (data content) part + <entry> of the model group for <entry> + + %tbl.table.name In declaration of: The name(s) of the "table" + table element(s) element(s) + + %tbl.table-titles.mdl In content model of: The model group for the title + table elements(s) part of the content model for + table element(s) + + %tbl.table-main.mdl In content model of: The model group for the main part + table elements(s) (not including titles) of the + content model for table element(s) + + %tbl.table.mdl In content model of: The model group for the content + table elements(s) model for table element(s), + often (and by default) defined + in terms of %tbl.table-titles.mdl + and %tbl.table-main.mdl + + %tbl.table.excep In content model of: The exceptions for the content + table element(s) model for table element(s) + + %tbl.table.att In ATTLIST of: Additional attributes on the + table element(s) table element(s) + + %tbl.tgroup.mdl In content model of: The model group for the content + <tgroup> model for <tgroup> + + %tbl.tgroup.att In ATTLIST of: Additional attributes on the + <tgroup> <tgroup> and <entrytbl> elements + <entrytbl> + + %tbl.hdft.name In declaration of: The name(s) of the table + head/foot element(s) head and foot element(s) + + %tbl.hdft.mdl In content model of: The model group for the content + head/foot element(s) model for head/foot element(s) + + %tbl.hdft.excep In content model of: The exceptions for the content + head/foot element(s) model for head/foot element(s) + + %tbl.row.mdl In content model of: The model group for the content + <row> model for <row> + + %tbl.row.excep In content model of: The exceptions for the content + <row> model for <row> + + %tbl.entrytbl.mdl In content model of: The model group for the content + <entrytbl> model for <entrytbl> + + %tbl.entrytbl.excep In content model of: The exceptions for the content + <entrytbl> model for <entrytbl> + + %tbl.entry.mdl In content model of: The model group for the content + <entry> model for <entry> + + %tbl.entry.excep In content model of: The exceptions for the content + <entry> model for <entry> + + If any of these parameter entities are not declared before this set of + declarations is referenced, this set of declarations will make the + following default definitions for all of these have parameter entities. +--> + +<!-- These definitions are not directly related to the table model, but are + used in the default CALS table model and are usually defined elsewhere + (and prior to the inclusion of this table module) in a CALS DTD. --> + +<!ENTITY % bodyatt ""> +<!ENTITY % secur ""> +<!ENTITY % yesorno 'NUMBER' -- no if zero(s), + yes if any other digits value --> +<!ENTITY % titles 'title?'> +<!ENTITY % paracon '#PCDATA' -- default for use in entry content --> + +<!-- +The parameter entities as defined below provide the CALS table model +as published (as part of the Example DTD) in MIL-HDBK-28001. + +These following declarations provide the CALS-compliant default definitions +for these entities. However, these entities can and should be redefined +(by giving the appropriate parameter entity declaration(s) prior to the +reference to this Table Model declaration set entity) to fit the needs +of the current application. +--> + +<!ENTITY % tbl.table.name "(table|chart)"> +<!ENTITY % tbl.table-titles.mdl "%titles,"> +<!ENTITY % tbl.table-main.mdl "(tgroup+|graphic+)"> +<!ENTITY % tbl.table.mdl "%tbl.table-titles.mdl; %tbl.table-main.mdl;"> +<!ENTITY % tbl.table.excep "-(table|chart|figure)"> +<!ENTITY % tbl.table.att ' + tabstyle NMTOKEN #IMPLIED + tocentry %yesorno; #IMPLIED + shortentry %yesorno; #IMPLIED + orient (port|land) #IMPLIED + pgwide %yesorno; #IMPLIED '> +<!ENTITY % tbl.tgroup.mdl "colspec*,spanspec*,thead?,tfoot?,tbody"> +<!ENTITY % tbl.tgroup.att ' + tgroupstyle NMTOKEN #IMPLIED '> +<!ENTITY % tbl.hdft.name "(thead|tfoot)"> +<!ENTITY % tbl.hdft.mdl "colspec*,row+"> +<!ENTITY % tbl.hdft.excep "-(entrytbl)"> +<!ENTITY % tbl.row.mdl "(entry|entrytbl)+"> +<!ENTITY % tbl.row.excep "-(pgbrk)"> +<!ENTITY % tbl.entrytbl.mdl "colspec*,spanspec*,thead?,tbody"> +<!ENTITY % tbl.entrytbl.excep "-(entrytbl|pgbrk)"> +<!ENTITY % tbl.entry.mdl "(para|warning|caution|note|legend|%paracon;)*"> +<!ENTITY % tbl.entry.excep "-(pgbrk)"> + +<!-- ===== Element and attribute declarations follow. ===== --> + +<!-- + Default declarations previously defined in this entity and + referenced below include: + ENTITY % tbl.table.name "(table|chart)" + ENTITY % tbl.table-titles.mdl "%titles," + ENTITY % tbl.table-main.mdl "(tgroup+|graphic+)" + ENTITY % tbl.table.mdl "%tbl.table-titles; %tbl.table-main.mdl;" + ENTITY % tbl.table.excep "-(table|chart|figure)" + ENTITY % tbl.table.att ' + tabstyle NMTOKEN #IMPLIED + tocentry %yesorno; #IMPLIED + shortentry %yesorno; #IMPLIED + orient (port|land) #IMPLIED + pgwide %yesorno; #IMPLIED ' +--> + +<!ELEMENT %tbl.table.name; - - (%tbl.table.mdl;) %tbl.table.excep; > + +<!ATTLIST %tbl.table.name; + frame (top|bottom|topbot|all|sides|none) #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + %tbl.table.att; + %bodyatt; + %secur; +> + +<!-- + Default declarations previously defined in this entity and + referenced below include: + ENTITY % tbl.tgroup.mdl "colspec*,spanspec*,thead?,tfoot?,tbody" + ENTITY % tbl.tgroup.att ' + tgroupstyle NMTOKEN #IMPLIED ' +--> + +<!ELEMENT tgroup - O (%tbl.tgroup.mdl;) > + +<!ATTLIST tgroup + cols NUMBER #REQUIRED + %tbl.tgroup.att; + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff NUTOKEN #IMPLIED + %secur; +> + +<!ELEMENT colspec - O EMPTY > + +<!ATTLIST colspec + colnum NUMBER #IMPLIED + colname NMTOKEN #IMPLIED + colwidth CDATA #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff NUTOKEN #IMPLIED +> + +<!ELEMENT spanspec - O EMPTY > + +<!ATTLIST spanspec + namest NMTOKEN #REQUIRED + nameend NMTOKEN #REQUIRED + spanname NMTOKEN #REQUIRED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff NUTOKEN #IMPLIED +> + + +<!-- + Default declarations previously defined in this entity and + referenced below include: + ENTITY % tbl.hdft.name "(thead|tfoot)" + ENTITY % tbl.hdft.mdl "colspec*,row+" + ENTITY % tbl.hdft.excep "-(entrytbl)" +--> + +<!ELEMENT %tbl.hdft.name; - O (%tbl.hdft.mdl;) %tbl.hdft.excep;> + +<!ATTLIST %tbl.hdft.name; + valign (top|middle|bottom) #IMPLIED + %secur; +> + + +<!ELEMENT tbody - O (row+)> + +<!ATTLIST tbody + valign (top|middle|bottom) #IMPLIED + %secur; +> + +<!-- + Default declarations previously defined in this entity and + referenced below include: + ENTITY % tbl.row.mdl "(entry|entrytbl)+" + ENTITY % tbl.row.excep "-(pgbrk)" +--> + +<!ELEMENT row - O (%tbl.row.mdl;) %tbl.row.excep;> + +<!ATTLIST row + rowsep %yesorno; #IMPLIED + valign (top|middle|bottom) #IMPLIED + %secur; +> + +<!-- + Default declarations previously defined in this entity and + referenced below include: + ENTITY % tbl.entrytbl.mdl "colspec*,spanspec*,thead?,tbody" + ENTITY % tbl.entrytbl.excep "-(entrytbl|pgbrk)" + ENTITY % tbl.tgroup.att ' + tgroupstyle NMTOKEN #IMPLIED ' +--> + +<!ELEMENT entrytbl - - (%tbl.entrytbl.mdl) %tbl.entrytbl.excep; > + +<!ATTLIST entrytbl + cols NUMBER #REQUIRED + %tbl.tgroup.att; + colname NMTOKEN #IMPLIED + spanname NMTOKEN #IMPLIED + namest NMTOKEN #IMPLIED + nameend NMTOKEN #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff NUTOKEN #IMPLIED + %secur; +> + + +<!-- + Default declarations previously defined in this entity and + referenced below include: + ENTITY % paracon "#PCDATA" + ENTITY % tbl.entry.mdl "(para|warning|caution|note|legend|%paracon;)*" + ENTITY % tbl.entry.excep "-(pgbrk)" +--> + +<!ELEMENT entry - O (%tbl.entry.mdl;) %tbl.entry.excep; > + +<!ATTLIST entry + colname NMTOKEN #IMPLIED + namest NMTOKEN #IMPLIED + nameend NMTOKEN #IMPLIED + spanname NMTOKEN #IMPLIED + morerows NUMBER #IMPLIED + colsep %yesorno; #IMPLIED + rowsep %yesorno; #IMPLIED + align (left|right|center|justify|char) #IMPLIED + char CDATA #IMPLIED + charoff NUTOKEN #IMPLIED + rotate %yesorno; #IMPLIED + valign (top|middle|bottom) #IMPLIED + %secur; +> diff --git a/docs/docbook/dbsgml/catalog b/docs/docbook/dbsgml/catalog new file mode 100644 index 0000000000..521e8201c8 --- /dev/null +++ b/docs/docbook/dbsgml/catalog @@ -0,0 +1,63 @@ + -- ...................................................................... -- + -- Catalog data for DocBook V4.1 ........................................ -- + -- File docbook.cat ..................................................... -- + + -- Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/. + -- + + -- This is the catalog data file for DocBook V4.1. It is provided as + a convenience in building your own catalog files. You need not use + the filenames listed here, and need not use the filename method of + identifying storage objects at all. See the documentation for + detailed information on the files associated with the DocBook DTD. + See SGML Open Technical Resolution 9401 for detailed information + on supplying and using catalog data. + -- + + -- ...................................................................... -- + -- SGML declaration associated with DocBook ............................. -- + +DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl" + + -- ...................................................................... -- + -- DocBook driver file .................................................. -- + +PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd" + + -- ...................................................................... -- + -- DocBook modules ...................................................... -- + +PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd" +PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod" +PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod" + + -- ...................................................................... -- + -- ISO entity sets ...................................................... -- + +PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ent/ISOdia" +PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ent/ISOnum" +PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ent/ISOpub" +PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ent/ISOtech" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ent/ISOlat1" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ent/ISOlat2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ent/ISOgrk1" +PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ent/ISOgrk2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ent/ISOgrk3" +PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ent/ISOgrk4" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ent/ISOamsa" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ent/ISOamsb" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ent/ISOamsc" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ent/ISOamsn" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ent/ISOamso" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ent/ISOamsr" +PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ent/ISObox" +PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ent/ISOcyr1" +PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ent/ISOcyr2" + + -- End of catalog data for DocBook V4.1 ................................. -- + -- ...................................................................... -- diff --git a/docs/docbook/dbsgml/dbcent.mod b/docs/docbook/dbsgml/dbcent.mod new file mode 100755 index 0000000000..7f05211019 --- /dev/null +++ b/docs/docbook/dbsgml/dbcent.mod @@ -0,0 +1,181 @@ +<!-- ...................................................................... --> +<!-- DocBook character entities module V4.1 ............................... --> +<!-- File dbcent.mod ...................................................... --> + +<!-- Copyright 1992-2000 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, and the Organization for the Advancement of + Structured Information Standards (OASIS). + + $Id: dbcent.mod,v 1.3 2001/12/06 07:37:55 jerry Exp $ + + Permission to use, copy, modify and distribute the DocBook DTD and + its accompanying documentation for any purpose and without fee is + hereby granted in perpetuity, provided that the above copyright + notice and this paragraph appear in all copies. The copyright + holders make no representation about the suitability of the DTD for + any purpose. It is provided "as is" without expressed or implied + warranty. + + If you modify the DocBook DTD in any way, except for declaring and + referencing additional sets of general entities and declaring + additional notations, label your DTD as a variant of DocBook. See + the maintenance documentation for more information. + + Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/docbook/. +--> + +<!-- ...................................................................... --> + +<!-- This module contains the entity declarations for the standard ISO + entity sets used by DocBook. + + In DTD driver files referring to this module, please use an entity + declaration that uses the public identifier shown below: + + <!ENTITY % dbcent PUBLIC + "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN"> + %dbcent; + + See the documentation for detailed information on the parameter + entity and module scheme used in DocBook, customizing DocBook and + planning for interchange, and changes made since the last release + of DocBook. +--> + +<!-- ...................................................................... --> + +<!ENTITY % ISOamsa.module "INCLUDE"> +<![ %ISOamsa.module; [ +<!ENTITY % ISOamsa PUBLIC +"ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN"> +%ISOamsa; +<!--end of ISOamsa.module-->]]> + +<!ENTITY % ISOamsb.module "INCLUDE"> +<![ %ISOamsb.module; [ +<!ENTITY % ISOamsb PUBLIC +"ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN"> +%ISOamsb; +<!--end of ISOamsb.module-->]]> + +<!ENTITY % ISOamsc.module "INCLUDE"> +<![ %ISOamsc.module; [ +<!ENTITY % ISOamsc PUBLIC +"ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN"> +%ISOamsc; +<!--end of ISOamsc.module-->]]> + +<!ENTITY % ISOamsn.module "INCLUDE"> +<![ %ISOamsn.module; [ +<!ENTITY % ISOamsn PUBLIC +"ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN"> +%ISOamsn; +<!--end of ISOamsn.module-->]]> + +<!ENTITY % ISOamso.module "INCLUDE"> +<![ %ISOamso.module; [ +<!ENTITY % ISOamso PUBLIC +"ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN"> +%ISOamso; +<!--end of ISOamso.module-->]]> + +<!ENTITY % ISOamsr.module "INCLUDE"> +<![ %ISOamsr.module; [ +<!ENTITY % ISOamsr PUBLIC +"ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN"> +%ISOamsr; +<!--end of ISOamsr.module-->]]> + +<!ENTITY % ISObox.module "INCLUDE"> +<![ %ISObox.module; [ +<!ENTITY % ISObox PUBLIC +"ISO 8879:1986//ENTITIES Box and Line Drawing//EN"> +%ISObox; +<!--end of ISObox.module-->]]> + +<!ENTITY % ISOcyr1.module "INCLUDE"> +<![ %ISOcyr1.module; [ +<!ENTITY % ISOcyr1 PUBLIC +"ISO 8879:1986//ENTITIES Russian Cyrillic//EN"> +%ISOcyr1; +<!--end of ISOcyr1.module-->]]> + +<!ENTITY % ISOcyr2.module "INCLUDE"> +<![ %ISOcyr2.module; [ +<!ENTITY % ISOcyr2 PUBLIC +"ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN"> +%ISOcyr2; +<!--end of ISOcyr2.module-->]]> + +<!ENTITY % ISOdia.module "INCLUDE"> +<![ %ISOdia.module; [ +<!ENTITY % ISOdia PUBLIC +"ISO 8879:1986//ENTITIES Diacritical Marks//EN"> +%ISOdia; +<!--end of ISOdia.module-->]]> + +<!ENTITY % ISOgrk1.module "INCLUDE"> +<![ %ISOgrk1.module; [ +<!ENTITY % ISOgrk1 PUBLIC +"ISO 8879:1986//ENTITIES Greek Letters//EN"> +%ISOgrk1; +<!--end of ISOgrk1.module-->]]> + +<!ENTITY % ISOgrk2.module "INCLUDE"> +<![ %ISOgrk2.module; [ +<!ENTITY % ISOgrk2 PUBLIC +"ISO 8879:1986//ENTITIES Monotoniko Greek//EN"> +%ISOgrk2; +<!--end of ISOgrk2.module-->]]> + +<!ENTITY % ISOgrk3.module "INCLUDE"> +<![ %ISOgrk3.module; [ +<!ENTITY % ISOgrk3 PUBLIC +"ISO 8879:1986//ENTITIES Greek Symbols//EN"> +%ISOgrk3; +<!--end of ISOgrk3.module-->]]> + +<!ENTITY % ISOgrk4.module "INCLUDE"> +<![ %ISOgrk4.module; [ +<!ENTITY % ISOgrk4 PUBLIC +"ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN"> +%ISOgrk4; +<!--end of ISOgrk4.module-->]]> + +<!ENTITY % ISOlat1.module "INCLUDE"> +<![ %ISOlat1.module; [ +<!ENTITY % ISOlat1 PUBLIC +"ISO 8879:1986//ENTITIES Added Latin 1//EN"> +%ISOlat1; +<!--end of ISOlat1.module-->]]> + +<!ENTITY % ISOlat2.module "INCLUDE"> +<![ %ISOlat2.module; [ +<!ENTITY % ISOlat2 PUBLIC +"ISO 8879:1986//ENTITIES Added Latin 2//EN"> +%ISOlat2; +<!--end of ISOlat2.module-->]]> + +<!ENTITY % ISOnum.module "INCLUDE"> +<![ %ISOnum.module; [ +<!ENTITY % ISOnum PUBLIC +"ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN"> +%ISOnum; +<!--end of ISOnum.module-->]]> + +<!ENTITY % ISOpub.module "INCLUDE"> +<![ %ISOpub.module; [ +<!ENTITY % ISOpub PUBLIC +"ISO 8879:1986//ENTITIES Publishing//EN"> +%ISOpub; +<!--end of ISOpub.module-->]]> + +<!ENTITY % ISOtech.module "INCLUDE"> +<![ %ISOtech.module; [ +<!ENTITY % ISOtech PUBLIC +"ISO 8879:1986//ENTITIES General Technical//EN"> +%ISOtech; +<!--end of ISOtech.module-->]]> diff --git a/docs/docbook/dbsgml/dbgenent.mod b/docs/docbook/dbsgml/dbgenent.mod new file mode 100644 index 0000000000..b60c5b2714 --- /dev/null +++ b/docs/docbook/dbsgml/dbgenent.mod @@ -0,0 +1,39 @@ +<!-- ...................................................................... --> +<!-- DocBook additional general entities V4.1 ............................. --> + +<!-- Copyright 1992-2000 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, and the Organization for the Advancement of + Structured Information Standards (OASIS). + + In DTD driver files referring to this module, please use an entity + declaration that uses the public identifier shown below: + + <!ENTITY % dbgenent PUBLIC + "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" + %dbgenent; +--> + +<!-- File dbgenent.mod .................................................... --> + +<!-- You can edit this file to add the following: + + o General entity declarations of any kind. For example: + + <!ENTITY happyface SDATA "insert-face"> (system-specific data) + <!ENTITY productname "WinWidget"> (small boilerplate) + <!ENTITY legal-notice SYSTEM "notice.sgm"> (large boilerplate) + + o Notation declarations. For example: + + <!NOTATION chicken-scratch SYSTEM> + + o Declarations for and references to external parameter entities + containing collections of any of the above. For example: + + <!ENTITY % all-titles PUBLIC "-//DocTools//ELEMENTS Book Titles//EN"> + %all-titles; +--> + +<!-- End of DocBook additional general entities V4.1 ...................... --> +<!-- ...................................................................... --> diff --git a/docs/docbook/dbsgml/dbhier.mod b/docs/docbook/dbsgml/dbhier.mod new file mode 100755 index 0000000000..10e1f3f33f --- /dev/null +++ b/docs/docbook/dbsgml/dbhier.mod @@ -0,0 +1,2100 @@ +<!-- ...................................................................... --> +<!-- DocBook document hierarchy module V4.1 ............................... --> +<!-- File dbhier.mod ...................................................... --> + +<!-- Copyright 1992-2000 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, and the Organization for the Advancement of + Structured Information Standards (OASIS). + + $Id: dbhier.mod,v 1.3 2001/12/06 07:37:55 jerry Exp $ + + Permission to use, copy, modify and distribute the DocBook DTD and + its accompanying documentation for any purpose and without fee is + hereby granted in perpetuity, provided that the above copyright + notice and this paragraph appear in all copies. The copyright + holders make no representation about the suitability of the DTD for + any purpose. It is provided "as is" without expressed or implied + warranty. + + If you modify the DocBook DTD in any way, except for declaring and + referencing additional sets of general entities and declaring + additional notations, label your DTD as a variant of DocBook. See + the maintenance documentation for more information. + + Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/docbook/. +--> + +<!-- ...................................................................... --> + +<!-- This module contains the definitions for the overall document + hierarchies of DocBook documents. It covers computer documentation + manuals and manual fragments, as well as reference entries (such as + man pages) and technical journals or anthologies containing + articles. + + This module depends on the DocBook information pool module. All + elements and entities referenced but not defined here are assumed + to be defined in the information pool module. + + In DTD driver files referring to this module, please use an entity + declaration that uses the public identifier shown below: + + <!ENTITY % dbhier PUBLIC + "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN"> + %dbhier; + + See the documentation for detailed information on the parameter + entity and module scheme used in DocBook, customizing DocBook and + planning for interchange, and changes made since the last release + of DocBook. +--> + +<!-- ...................................................................... --> +<!-- Entities for module inclusions ....................................... --> + +<!ENTITY % dbhier.redecl.module "IGNORE"> +<!ENTITY % dbhier.redecl2.module "IGNORE"> + +<!-- ...................................................................... --> +<!-- Entities for element classes ......................................... --> + +<!ENTITY % local.appendix.class ""> +<!ENTITY % appendix.class "Appendix %local.appendix.class;"> + +<!ENTITY % local.article.class ""> +<!ENTITY % article.class "Article %local.article.class;"> + +<!ENTITY % local.book.class ""> +<!ENTITY % book.class "Book %local.book.class;"> + +<!ENTITY % local.chapter.class ""> +<!ENTITY % chapter.class "Chapter %local.chapter.class;"> + +<!ENTITY % local.index.class ""> +<!ENTITY % index.class "Index|SetIndex %local.index.class;"> + +<!ENTITY % local.refentry.class ""> +<!ENTITY % refentry.class "RefEntry %local.refentry.class;"> + +<!ENTITY % local.nav.class ""> +<!ENTITY % nav.class "ToC|LoT|Index|Glossary|Bibliography + %local.nav.class;"> + +<!-- Redeclaration placeholder ............................................ --> + +<!-- For redeclaring entities that are declared after this point while + retaining their references to the entities that are declared before + this point --> + +<![ %dbhier.redecl.module; [ +%rdbhier; +<!--end of dbhier.redecl.module-->]]> + +<!-- ...................................................................... --> +<!-- Entities for element mixtures ........................................ --> + +<!-- The DocBook TC may produce an official forms module for DocBook. --> +<!-- This PE provides the hook by which it can be inserted into the DTD. --> +<!ENTITY % forms.hook ""> + +<!ENTITY % local.divcomponent.mix ""> +<!ENTITY % divcomponent.mix + "%list.class; |%admon.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |%compound.class; + |%genobj.class; |%descobj.class; + |%ndxterm.class; + %forms.hook; + %local.divcomponent.mix;"> + +<!ENTITY % local.refcomponent.mix ""> +<!ENTITY % refcomponent.mix + "%list.class; |%admon.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |%compound.class; + |%genobj.class; |%descobj.class; + |%ndxterm.class; + %local.refcomponent.mix;"> + +<!ENTITY % local.indexdivcomponent.mix ""> +<!ENTITY % indexdivcomponent.mix + "ItemizedList|OrderedList|VariableList|SimpleList + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |Anchor|Remark + |%link.char.class; + %local.indexdivcomponent.mix;"> + +<!ENTITY % local.refname.char.mix ""> +<!ENTITY % refname.char.mix + "#PCDATA + |%tech.char.class; + %local.refname.char.mix;"> + +<!ENTITY % local.partcontent.mix ""> +<!ENTITY % partcontent.mix + "%appendix.class;|%chapter.class;|%nav.class;|%article.class; + |Preface|%refentry.class;|Reference %local.partcontent.mix;"> + +<!ENTITY % local.refinline.char.mix ""> +<!ENTITY % refinline.char.mix + "#PCDATA + |%xref.char.class; |%gen.char.class; + |%link.char.class; |%tech.char.class; + |%base.char.class; |%docinfo.char.class; + |%other.char.class; + |%ndxterm.class; + %local.refinline.char.mix;"> + +<!ENTITY % local.refclass.char.mix ""> +<!ENTITY % refclass.char.mix + "#PCDATA + |Application + %local.refclass.char.mix;"> + +<!-- Redeclaration placeholder 2 .......................................... --> + +<!-- For redeclaring entities that are declared after this point while + retaining their references to the entities that are declared before + this point --> + +<![ %dbhier.redecl2.module; [ +%rdbhier2; +<!--end of dbhier.redecl2.module-->]]> + +<!-- ...................................................................... --> +<!-- Entities for content models .......................................... --> + +<!ENTITY % div.title.content + "Title, Subtitle?, TitleAbbrev?"> + +<!ENTITY % bookcomponent.title.content + "Title, Subtitle?, TitleAbbrev?"> + +<!ENTITY % sect.title.content + "Title, Subtitle?, TitleAbbrev?"> + +<!ENTITY % refsect.title.content + "Title, Subtitle?, TitleAbbrev?"> + +<!ENTITY % bookcomponent.content + "((%divcomponent.mix;)+, + (Sect1*|(%refentry.class;)*|SimpleSect*|Section*)) + | (Sect1+|(%refentry.class;)+|SimpleSect+|Section+)"> + +<!-- ...................................................................... --> +<!-- Set and SetInfo ...................................................... --> + +<!ENTITY % set.content.module "INCLUDE"> +<![ %set.content.module; [ +<!ENTITY % set.module "INCLUDE"> +<![ %set.module; [ +<!ENTITY % local.set.attrib ""> +<!ENTITY % set.role.attrib "%role.attrib;"> + +<!ENTITY % set.element "INCLUDE"> +<![ %set.element; [ +<!ELEMENT Set - O ((%div.title.content;)?, SetInfo?, ToC?, (%book.class;)+, + SetIndex?) %ubiq.inclusion;> +<!--end of set.element-->]]> + +<!ENTITY % set.attlist "INCLUDE"> +<![ %set.attlist; [ +<!ATTLIST Set + -- + FPI: SGML formal public identifier + -- + FPI CDATA #IMPLIED + %status.attrib; + %common.attrib; + %set.role.attrib; + %local.set.attrib; +> +<!--end of set.attlist-->]]> +<!--end of set.module-->]]> + +<!ENTITY % setinfo.module "INCLUDE"> +<![ %setinfo.module; [ +<!ENTITY % local.setinfo.attrib ""> +<!ENTITY % setinfo.role.attrib "%role.attrib;"> + +<!ENTITY % setinfo.element "INCLUDE"> +<![ %setinfo.element; [ +<!ELEMENT SetInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec | SubjectSet + | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of setinfo.element-->]]> + +<!ENTITY % setinfo.attlist "INCLUDE"> +<![ %setinfo.attlist; [ +<!--FUTURE USE (V5.0): +...................... +The Contents attribute will be removed from SetInfo +...................... +--> +<!ATTLIST SetInfo + -- + Contents: IDs of the ToC, Books, and SetIndex that comprise + the set, in the order of their appearance + -- + Contents IDREFS #IMPLIED + %common.attrib; + %setinfo.role.attrib; + %local.setinfo.attrib; +> +<!--end of setinfo.attlist-->]]> +<!--end of setinfo.module-->]]> +<!--end of set.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Book and BookInfo .................................................... --> + +<!ENTITY % book.content.module "INCLUDE"> +<![ %book.content.module; [ +<!ENTITY % book.module "INCLUDE"> +<![ %book.module; [ + +<!ENTITY % local.book.attrib ""> +<!ENTITY % book.role.attrib "%role.attrib;"> + +<!ENTITY % book.element "INCLUDE"> +<![ %book.element; [ +<!ELEMENT Book - O ((%div.title.content;)?, BookInfo?, + (Dedication | ToC | LoT + | Glossary | Bibliography | Preface + | %chapter.class; | Reference | Part + | %article.class; + | %appendix.class; + | %index.class; + | Colophon)*) + %ubiq.inclusion;> +<!--end of book.element-->]]> + +<!ENTITY % book.attlist "INCLUDE"> +<![ %book.attlist; [ +<!ATTLIST Book + -- + FPI: SGML formal public identifier + -- + FPI CDATA #IMPLIED + %label.attrib; + %status.attrib; + %common.attrib; + %book.role.attrib; + %local.book.attrib; +> +<!--end of book.attlist-->]]> +<!--end of book.module-->]]> + +<!ENTITY % bookinfo.module "INCLUDE"> +<![ %bookinfo.module; [ +<!ENTITY % local.bookinfo.attrib ""> +<!ENTITY % bookinfo.role.attrib "%role.attrib;"> + +<!ENTITY % bookinfo.element "INCLUDE"> +<![ %bookinfo.element; [ +<!ELEMENT BookInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec | SubjectSet + | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of bookinfo.element-->]]> + +<!ENTITY % bookinfo.attlist "INCLUDE"> +<![ %bookinfo.attlist; [ +<!--FUTURE USE (V5.0): +...................... +The Contents attribute will be removed from BookInfo +...................... +--> +<!ATTLIST BookInfo + -- + Contents: IDs of the ToC, LoTs, Prefaces, Parts, Chapters, + Appendixes, References, GLossary, Bibliography, and indexes + comprising the Book, in the order of their appearance + -- + Contents IDREFS #IMPLIED + %common.attrib; + %bookinfo.role.attrib; + %local.bookinfo.attrib; +> +<!--end of bookinfo.attlist-->]]> +<!--end of bookinfo.module-->]]> +<!--end of book.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Dedication, ToC, and LoT ............................................. --> + +<!ENTITY % dedication.module "INCLUDE"> +<![ %dedication.module; [ +<!ENTITY % local.dedication.attrib ""> +<!ENTITY % dedication.role.attrib "%role.attrib;"> + +<!ENTITY % dedication.element "INCLUDE"> +<![ %dedication.element; [ +<!ELEMENT Dedication - O ((%sect.title.content;)?, (%legalnotice.mix;)+)> +<!--end of dedication.element-->]]> + +<!ENTITY % dedication.attlist "INCLUDE"> +<![ %dedication.attlist; [ +<!ATTLIST Dedication + %status.attrib; + %common.attrib; + %dedication.role.attrib; + %local.dedication.attrib; +> +<!--end of dedication.attlist-->]]> +<!--end of dedication.module-->]]> + +<!ENTITY % colophon.module "INCLUDE"> +<![ %colophon.module; [ +<!ENTITY % local.colophon.attrib ""> +<!ENTITY % colophon.role.attrib "%role.attrib;"> + +<!ENTITY % colophon.element "INCLUDE"> +<![ %colophon.element; [ +<!ELEMENT Colophon - O ((%sect.title.content;)?, (%textobject.mix;)+)> +<!--end of colophon.element-->]]> + +<!ENTITY % colophon.attlist "INCLUDE"> +<![ %colophon.attlist; [ +<!ATTLIST Colophon + %status.attrib; + %common.attrib; + %colophon.role.attrib; + %local.colophon.attrib;> +<!--end of colophon.attlist-->]]> +<!--end of colophon.module-->]]> + +<!ENTITY % toc.content.module "INCLUDE"> +<![ %toc.content.module; [ +<!ENTITY % toc.module "INCLUDE"> +<![ %toc.module; [ +<!ENTITY % local.toc.attrib ""> +<!ENTITY % toc.role.attrib "%role.attrib;"> + +<!ENTITY % toc.element "INCLUDE"> +<![ %toc.element; [ +<!ELEMENT ToC - O ((%bookcomponent.title.content;)?, ToCfront*, + (ToCpart | ToCchap)*, ToCback*)> +<!--end of toc.element-->]]> + +<!ENTITY % toc.attlist "INCLUDE"> +<![ %toc.attlist; [ +<!ATTLIST ToC + %pagenum.attrib; + %common.attrib; + %toc.role.attrib; + %local.toc.attrib; +> +<!--end of toc.attlist-->]]> +<!--end of toc.module-->]]> + +<!ENTITY % tocfront.module "INCLUDE"> +<![ %tocfront.module; [ +<!ENTITY % local.tocfront.attrib ""> +<!ENTITY % tocfront.role.attrib "%role.attrib;"> + +<!ENTITY % tocfront.element "INCLUDE"> +<![ %tocfront.element; [ +<!ELEMENT ToCfront - O ((%para.char.mix;)+)> +<!--end of tocfront.element-->]]> + +<!ENTITY % tocfront.attlist "INCLUDE"> +<![ %tocfront.attlist; [ +<!ATTLIST ToCfront + %label.attrib; + %linkend.attrib; --to element that this entry represents-- + %pagenum.attrib; + %common.attrib; + %tocfront.role.attrib; + %local.tocfront.attrib; +> +<!--end of tocfront.attlist-->]]> +<!--end of tocfront.module-->]]> + +<!ENTITY % tocentry.module "INCLUDE"> +<![ %tocentry.module; [ +<!ENTITY % local.tocentry.attrib ""> +<!ENTITY % tocentry.role.attrib "%role.attrib;"> + +<!ENTITY % tocentry.element "INCLUDE"> +<![ %tocentry.element; [ +<!ELEMENT ToCentry - - ((%para.char.mix;)+)> +<!--end of tocentry.element-->]]> + +<!ENTITY % tocentry.attlist "INCLUDE"> +<![ %tocentry.attlist; [ +<!ATTLIST ToCentry + %linkend.attrib; --to element that this entry represents-- + %pagenum.attrib; + %common.attrib; + %tocentry.role.attrib; + %local.tocentry.attrib; +> +<!--end of tocentry.attlist-->]]> +<!--end of tocentry.module-->]]> + +<!ENTITY % tocpart.module "INCLUDE"> +<![ %tocpart.module; [ +<!ENTITY % local.tocpart.attrib ""> +<!ENTITY % tocpart.role.attrib "%role.attrib;"> + +<!ENTITY % tocpart.element "INCLUDE"> +<![ %tocpart.element; [ +<!ELEMENT ToCpart - O (ToCentry+, ToCchap*)> +<!--end of tocpart.element-->]]> + +<!ENTITY % tocpart.attlist "INCLUDE"> +<![ %tocpart.attlist; [ +<!ATTLIST ToCpart + %common.attrib; + %tocpart.role.attrib; + %local.tocpart.attrib; +> +<!--end of tocpart.attlist-->]]> +<!--end of tocpart.module-->]]> + +<!ENTITY % tocchap.module "INCLUDE"> +<![ %tocchap.module; [ +<!ENTITY % local.tocchap.attrib ""> +<!ENTITY % tocchap.role.attrib "%role.attrib;"> + +<!ENTITY % tocchap.element "INCLUDE"> +<![ %tocchap.element; [ +<!ELEMENT ToCchap - O (ToCentry+, ToClevel1*)> +<!--end of tocchap.element-->]]> + +<!ENTITY % tocchap.attlist "INCLUDE"> +<![ %tocchap.attlist; [ +<!ATTLIST ToCchap + %label.attrib; + %common.attrib; + %tocchap.role.attrib; + %local.tocchap.attrib; +> +<!--end of tocchap.attlist-->]]> +<!--end of tocchap.module-->]]> + +<!ENTITY % toclevel1.module "INCLUDE"> +<![ %toclevel1.module; [ +<!ENTITY % local.toclevel1.attrib ""> +<!ENTITY % toclevel1.role.attrib "%role.attrib;"> + +<!ENTITY % toclevel1.element "INCLUDE"> +<![ %toclevel1.element; [ +<!ELEMENT ToClevel1 - O (ToCentry+, ToClevel2*)> +<!--end of toclevel1.element-->]]> + +<!ENTITY % toclevel1.attlist "INCLUDE"> +<![ %toclevel1.attlist; [ +<!ATTLIST ToClevel1 + %common.attrib; + %toclevel1.role.attrib; + %local.toclevel1.attrib; +> +<!--end of toclevel1.attlist-->]]> +<!--end of toclevel1.module-->]]> + +<!ENTITY % toclevel2.module "INCLUDE"> +<![ %toclevel2.module; [ +<!ENTITY % local.toclevel2.attrib ""> +<!ENTITY % toclevel2.role.attrib "%role.attrib;"> + +<!ENTITY % toclevel2.element "INCLUDE"> +<![ %toclevel2.element; [ +<!ELEMENT ToClevel2 - O (ToCentry+, ToClevel3*)> +<!--end of toclevel2.element-->]]> + +<!ENTITY % toclevel2.attlist "INCLUDE"> +<![ %toclevel2.attlist; [ +<!ATTLIST ToClevel2 + %common.attrib; + %toclevel2.role.attrib; + %local.toclevel2.attrib; +> +<!--end of toclevel2.attlist-->]]> +<!--end of toclevel2.module-->]]> + +<!ENTITY % toclevel3.module "INCLUDE"> +<![ %toclevel3.module; [ +<!ENTITY % local.toclevel3.attrib ""> +<!ENTITY % toclevel3.role.attrib "%role.attrib;"> + +<!ENTITY % toclevel3.element "INCLUDE"> +<![ %toclevel3.element; [ +<!ELEMENT ToClevel3 - O (ToCentry+, ToClevel4*)> +<!--end of toclevel3.element-->]]> + +<!ENTITY % toclevel3.attlist "INCLUDE"> +<![ %toclevel3.attlist; [ +<!ATTLIST ToClevel3 + %common.attrib; + %toclevel3.role.attrib; + %local.toclevel3.attrib; +> +<!--end of toclevel3.attlist-->]]> +<!--end of toclevel3.module-->]]> + +<!ENTITY % toclevel4.module "INCLUDE"> +<![ %toclevel4.module; [ +<!ENTITY % local.toclevel4.attrib ""> +<!ENTITY % toclevel4.role.attrib "%role.attrib;"> + +<!ENTITY % toclevel4.element "INCLUDE"> +<![ %toclevel4.element; [ +<!ELEMENT ToClevel4 - O (ToCentry+, ToClevel5*)> +<!--end of toclevel4.element-->]]> + +<!ENTITY % toclevel4.attlist "INCLUDE"> +<![ %toclevel4.attlist; [ +<!ATTLIST ToClevel4 + %common.attrib; + %toclevel4.role.attrib; + %local.toclevel4.attrib; +> +<!--end of toclevel4.attlist-->]]> +<!--end of toclevel4.module-->]]> + +<!ENTITY % toclevel5.module "INCLUDE"> +<![ %toclevel5.module; [ +<!ENTITY % local.toclevel5.attrib ""> +<!ENTITY % toclevel5.role.attrib "%role.attrib;"> + +<!ENTITY % toclevel5.element "INCLUDE"> +<![ %toclevel5.element; [ +<!ELEMENT ToClevel5 - O (ToCentry+)> +<!--end of toclevel5.element-->]]> + +<!ENTITY % toclevel5.attlist "INCLUDE"> +<![ %toclevel5.attlist; [ +<!ATTLIST ToClevel5 + %common.attrib; + %toclevel5.role.attrib; + %local.toclevel5.attrib; +> +<!--end of toclevel5.attlist-->]]> +<!--end of toclevel5.module-->]]> + +<!ENTITY % tocback.module "INCLUDE"> +<![ %tocback.module; [ +<!ENTITY % local.tocback.attrib ""> +<!ENTITY % tocback.role.attrib "%role.attrib;"> + +<!ENTITY % tocback.element "INCLUDE"> +<![ %tocback.element; [ +<!ELEMENT ToCback - O ((%para.char.mix;)+)> +<!--end of tocback.element-->]]> + +<!ENTITY % tocback.attlist "INCLUDE"> +<![ %tocback.attlist; [ +<!ATTLIST ToCback + %label.attrib; + %linkend.attrib; --to element that this entry represents-- + %pagenum.attrib; + %common.attrib; + %tocback.role.attrib; + %local.tocback.attrib; +> +<!--end of tocback.attlist-->]]> +<!--end of tocback.module-->]]> +<!--end of toc.content.module-->]]> + +<!ENTITY % lot.content.module "INCLUDE"> +<![ %lot.content.module; [ +<!ENTITY % lot.module "INCLUDE"> +<![ %lot.module; [ +<!ENTITY % local.lot.attrib ""> +<!ENTITY % lot.role.attrib "%role.attrib;"> + +<!ENTITY % lot.element "INCLUDE"> +<![ %lot.element; [ +<!ELEMENT LoT - O ((%bookcomponent.title.content;)?, LoTentry*)> +<!--end of lot.element-->]]> + +<!ENTITY % lot.attlist "INCLUDE"> +<![ %lot.attlist; [ +<!ATTLIST LoT + %label.attrib; + %common.attrib; + %lot.role.attrib; + %local.lot.attrib; +> +<!--end of lot.attlist-->]]> +<!--end of lot.module-->]]> + +<!ENTITY % lotentry.module "INCLUDE"> +<![ %lotentry.module; [ +<!ENTITY % local.lotentry.attrib ""> +<!ENTITY % lotentry.role.attrib "%role.attrib;"> + +<!ENTITY % lotentry.element "INCLUDE"> +<![ %lotentry.element; [ +<!ELEMENT LoTentry - - ((%para.char.mix;)+ )> +<!--end of lotentry.element-->]]> + +<!ENTITY % lotentry.attlist "INCLUDE"> +<![ %lotentry.attlist; [ +<!ATTLIST LoTentry + -- + SrcCredit: Information about the source of the entry, + as for a list of illustrations + -- + SrcCredit CDATA #IMPLIED + %pagenum.attrib; + %common.attrib; + %linkend.attrib; --to element that this entry represents-- + %lotentry.role.attrib; + %local.lotentry.attrib; +> +<!--end of lotentry.attlist-->]]> +<!--end of lotentry.module-->]]> +<!--end of lot.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Appendix, Chapter, Part, Preface, Reference, PartIntro ............... --> + +<!ENTITY % appendix.module "INCLUDE"> +<![ %appendix.module; [ +<!ENTITY % local.appendix.attrib ""> +<!ENTITY % appendix.role.attrib "%role.attrib;"> + +<!ENTITY % appendix.element "INCLUDE"> +<![ %appendix.element; [ +<!ELEMENT Appendix - O (AppendixInfo?, + (%bookcomponent.title.content;), + (%nav.class)*, + ToCchap?, + (%bookcomponent.content;), + (%nav.class)*) + %ubiq.inclusion;> +<!--end of appendix.element-->]]> + +<!ENTITY % appendix.attlist "INCLUDE"> +<![ %appendix.attlist; [ +<!ATTLIST Appendix + %label.attrib; + %status.attrib; + %common.attrib; + %appendix.role.attrib; + %local.appendix.attrib; +> +<!--end of appendix.attlist-->]]> +<!--end of appendix.module-->]]> + +<!ENTITY % chapter.module "INCLUDE"> +<![ %chapter.module; [ +<!ENTITY % local.chapter.attrib ""> +<!ENTITY % chapter.role.attrib "%role.attrib;"> + +<!ENTITY % chapter.element "INCLUDE"> +<![ %chapter.element; [ +<!ELEMENT Chapter - O (ChapterInfo?, + (%bookcomponent.title.content;), + (%nav.class)*, + ToCchap?, + (%bookcomponent.content;), + (%nav.class)*) + %ubiq.inclusion;> +<!--end of chapter.element-->]]> + +<!ENTITY % chapter.attlist "INCLUDE"> +<![ %chapter.attlist; [ +<!ATTLIST Chapter + %label.attrib; + %status.attrib; + %common.attrib; + %chapter.role.attrib; + %local.chapter.attrib; +> +<!--end of chapter.attlist-->]]> +<!--end of chapter.module-->]]> + +<!ENTITY % part.module "INCLUDE"> +<![ %part.module; [ + +<!-- Note that Part was to have its content model reduced in V4.1. This +change will not be made after all. --> + +<!ENTITY % local.part.attrib ""> +<!ENTITY % part.role.attrib "%role.attrib;"> + +<!ENTITY % part.element "INCLUDE"> +<![ %part.element; [ +<!ELEMENT Part - - (PartInfo?, (%bookcomponent.title.content;), PartIntro?, + (%partcontent.mix;)+) %ubiq.inclusion;> +<!--end of part.element-->]]> + +<!ENTITY % part.attlist "INCLUDE"> +<![ %part.attlist; [ +<!ATTLIST Part + %label.attrib; + %status.attrib; + %common.attrib; + %part.role.attrib; + %local.part.attrib; +> +<!--end of part.attlist-->]]> +<!--ELEMENT PartIntro (defined below)--> +<!--end of part.module-->]]> + +<!ENTITY % preface.module "INCLUDE"> +<![ %preface.module; [ +<!ENTITY % local.preface.attrib ""> +<!ENTITY % preface.role.attrib "%role.attrib;"> + +<!ENTITY % preface.element "INCLUDE"> +<![ %preface.element; [ +<!ELEMENT Preface - O (PrefaceInfo?, + (%bookcomponent.title.content;), + (%nav.class)*, + ToCchap?, + (%bookcomponent.content;), + (%nav.class)*) + %ubiq.inclusion;> +<!--end of preface.element-->]]> + +<!ENTITY % preface.attlist "INCLUDE"> +<![ %preface.attlist; [ +<!ATTLIST Preface + %status.attrib; + %common.attrib; + %preface.role.attrib; + %local.preface.attrib; +> +<!--end of preface.attlist-->]]> +<!--end of preface.module-->]]> + +<!ENTITY % reference.module "INCLUDE"> +<![ %reference.module; [ +<!ENTITY % local.reference.attrib ""> +<!ENTITY % reference.role.attrib "%role.attrib;"> + +<!ENTITY % reference.element "INCLUDE"> +<![ %reference.element; [ +<!ELEMENT Reference - O (ReferenceInfo?, (%bookcomponent.title.content;), + PartIntro?, + (%refentry.class;)+) %ubiq.inclusion;> +<!--end of reference.element-->]]> + +<!ENTITY % reference.attlist "INCLUDE"> +<![ %reference.attlist; [ +<!ATTLIST Reference + %label.attrib; + %status.attrib; + %common.attrib; + %reference.role.attrib; + %local.reference.attrib; +> +<!--end of reference.attlist-->]]> +<!--ELEMENT PartIntro (defined below)--> +<!--end of reference.module-->]]> + +<!ENTITY % partintro.module "INCLUDE"> +<![ %partintro.module; [ +<!ENTITY % local.partintro.attrib ""> +<!ENTITY % partintro.role.attrib "%role.attrib;"> + +<!ENTITY % partintro.element "INCLUDE"> +<![ %partintro.element; [ +<!ELEMENT PartIntro - O ((%div.title.content;)?, (%bookcomponent.content;)) + %ubiq.inclusion;> +<!--end of partintro.element-->]]> + +<!ENTITY % partintro.attlist "INCLUDE"> +<![ %partintro.attlist; [ +<!ATTLIST PartIntro + %label.attrib; + %common.attrib; + %local.partintro.attrib; + %partintro.role.attrib; +> +<!--end of partintro.attlist-->]]> +<!--end of partintro.module-->]]> + +<!-- ...................................................................... --> +<!-- Other Info elements .................................................. --> + +<!ENTITY % appendixinfo.module "INCLUDE"> +<![ %appendixinfo.module; [ +<!ENTITY % local.appendixinfo.attrib ""> +<!ENTITY % appendixinfo.role.attrib "%role.attrib;"> + +<!ENTITY % appendixinfo.element "INCLUDE"> +<![ %appendixinfo.element; [ +<!ELEMENT AppendixInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of appendixinfo.element-->]]> + +<!ENTITY % appendixinfo.attlist "INCLUDE"> +<![ %appendixinfo.attlist; [ +<!ATTLIST AppendixInfo + %common.attrib; + %appendixinfo.role.attrib; + %local.appendixinfo.attrib; +> +<!--end of appendixinfo.attlist-->]]> +<!--end of appendixinfo.module-->]]> + + +<!ENTITY % bibliographyinfo.module "INCLUDE"> +<![ %bibliographyinfo.module; [ +<!ENTITY % local.bibliographyinfo.attrib ""> +<!ENTITY % bibliographyinfo.role.attrib "%role.attrib;"> + +<!ENTITY % bibliographyinfo.element "INCLUDE"> +<![ %bibliographyinfo.element; [ +<!ELEMENT BibliographyInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of bibliographyinfo.element-->]]> + +<!ENTITY % bibliographyinfo.attlist "INCLUDE"> +<![ %bibliographyinfo.attlist; [ +<!ATTLIST BibliographyInfo + %common.attrib; + %bibliographyinfo.role.attrib; + %local.bibliographyinfo.attrib; +> +<!--end of bibliographyinfo.attlist-->]]> +<!--end of bibliographyinfo.module-->]]> + +<!ENTITY % chapterinfo.module "INCLUDE"> +<![ %chapterinfo.module; [ +<!ENTITY % local.chapterinfo.attrib ""> +<!ENTITY % chapterinfo.role.attrib "%role.attrib;"> + +<!ENTITY % chapterinfo.element "INCLUDE"> +<![ %chapterinfo.element; [ +<!ELEMENT ChapterInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of chapterinfo.element-->]]> + +<!ENTITY % chapterinfo.attlist "INCLUDE"> +<![ %chapterinfo.attlist; [ +<!ATTLIST ChapterInfo + %common.attrib; + %chapterinfo.role.attrib; + %local.chapterinfo.attrib; +> +<!--end of chapterinfo.attlist-->]]> +<!--end of chapterinfo.module-->]]> + +<!ENTITY % glossaryinfo.module "INCLUDE"> +<![ %glossaryinfo.module; [ +<!ENTITY % local.glossaryinfo.attrib ""> +<!ENTITY % glossaryinfo.role.attrib "%role.attrib;"> + +<!ENTITY % glossaryinfo.element "INCLUDE"> +<![ %glossaryinfo.element; [ +<!ELEMENT GlossaryInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of glossaryinfo.element-->]]> + +<!ENTITY % glossaryinfo.attlist "INCLUDE"> +<![ %glossaryinfo.attlist; [ +<!ATTLIST GlossaryInfo + %common.attrib; + %glossaryinfo.role.attrib; + %local.glossaryinfo.attrib; +> +<!--end of glossaryinfo.attlist-->]]> +<!--end of glossaryinfo.module-->]]> + + +<!ENTITY % indexinfo.module "INCLUDE"> +<![ %indexinfo.module; [ +<!ENTITY % local.indexinfo.attrib ""> +<!ENTITY % indexinfo.role.attrib "%role.attrib;"> + +<!ENTITY % indexinfo.element "INCLUDE"> +<![ %indexinfo.element; [ +<!ELEMENT IndexInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of indexinfo.element-->]]> + +<!ENTITY % indexinfo.attlist "INCLUDE"> +<![ %indexinfo.attlist; [ +<!ATTLIST IndexInfo + %common.attrib; + %indexinfo.role.attrib; + %local.indexinfo.attrib; +> +<!--end of indexinfo.attlist-->]]> +<!--end of indexinfo.module-->]]> + +<!ENTITY % partinfo.module "INCLUDE"> +<![ %partinfo.module; [ +<!ENTITY % local.partinfo.attrib ""> +<!ENTITY % partinfo.role.attrib "%role.attrib;"> + +<!ENTITY % partinfo.element "INCLUDE"> +<![ %partinfo.element; [ +<!ELEMENT PartInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of partinfo.element-->]]> + +<!ENTITY % partinfo.attlist "INCLUDE"> +<![ %partinfo.attlist; [ +<!ATTLIST PartInfo + %common.attrib; + %partinfo.role.attrib; + %local.partinfo.attrib; +> +<!--end of partinfo.attlist-->]]> +<!--end of partinfo.module-->]]> + + +<!ENTITY % prefaceinfo.module "INCLUDE"> +<![ %prefaceinfo.module; [ +<!ENTITY % local.prefaceinfo.attrib ""> +<!ENTITY % prefaceinfo.role.attrib "%role.attrib;"> + +<!ENTITY % prefaceinfo.element "INCLUDE"> +<![ %prefaceinfo.element; [ +<!ELEMENT PrefaceInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of prefaceinfo.element-->]]> + +<!ENTITY % prefaceinfo.attlist "INCLUDE"> +<![ %prefaceinfo.attlist; [ +<!ATTLIST PrefaceInfo + %common.attrib; + %prefaceinfo.role.attrib; + %local.prefaceinfo.attrib; +> +<!--end of prefaceinfo.attlist-->]]> +<!--end of prefaceinfo.module-->]]> + + +<!ENTITY % refentryinfo.module "INCLUDE"> +<![ %refentryinfo.module; [ +<!ENTITY % local.refentryinfo.attrib ""> +<!ENTITY % refentryinfo.role.attrib "%role.attrib;"> + +<!ENTITY % refentryinfo.element "INCLUDE"> +<![ %refentryinfo.element; [ +<!ELEMENT RefEntryInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of refentryinfo.element-->]]> + +<!ENTITY % refentryinfo.attlist "INCLUDE"> +<![ %refentryinfo.attlist; [ +<!ATTLIST RefEntryInfo + %common.attrib; + %refentryinfo.role.attrib; + %local.refentryinfo.attrib; +> +<!--end of refentryinfo.attlist-->]]> +<!--end of refentryinfo.module-->]]> + + +<!ENTITY % refsect1info.module "INCLUDE"> +<![ %refsect1info.module; [ +<!ENTITY % local.refsect1info.attrib ""> +<!ENTITY % refsect1info.role.attrib "%role.attrib;"> + +<!ENTITY % refsect1info.element "INCLUDE"> +<![ %refsect1info.element; [ +<!ELEMENT RefSect1Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of refsect1info.element-->]]> + +<!ENTITY % refsect1info.attlist "INCLUDE"> +<![ %refsect1info.attlist; [ +<!ATTLIST RefSect1Info + %common.attrib; + %refsect1info.role.attrib; + %local.refsect1info.attrib; +> +<!--end of refsect1info.attlist-->]]> +<!--end of refsect1info.module-->]]> + + +<!ENTITY % refsect2info.module "INCLUDE"> +<![ %refsect2info.module; [ +<!ENTITY % local.refsect2info.attrib ""> +<!ENTITY % refsect2info.role.attrib "%role.attrib;"> + +<!ENTITY % refsect2info.element "INCLUDE"> +<![ %refsect2info.element; [ +<!ELEMENT RefSect2Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of refsect2info.element-->]]> + +<!ENTITY % refsect2info.attlist "INCLUDE"> +<![ %refsect2info.attlist; [ +<!ATTLIST RefSect2Info + %common.attrib; + %refsect2info.role.attrib; + %local.refsect2info.attrib; +> +<!--end of refsect2info.attlist-->]]> +<!--end of refsect2info.module-->]]> + + +<!ENTITY % refsect3info.module "INCLUDE"> +<![ %refsect3info.module; [ +<!ENTITY % local.refsect3info.attrib ""> +<!ENTITY % refsect3info.role.attrib "%role.attrib;"> + +<!ENTITY % refsect3info.element "INCLUDE"> +<![ %refsect3info.element; [ +<!ELEMENT RefSect3Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of refsect3info.element-->]]> + +<!ENTITY % refsect3info.attlist "INCLUDE"> +<![ %refsect3info.attlist; [ +<!ATTLIST RefSect3Info + %common.attrib; + %refsect3info.role.attrib; + %local.refsect3info.attrib; +> +<!--end of refsect3info.attlist-->]]> +<!--end of refsect3info.module-->]]> + + +<!ENTITY % refsynopsisdivinfo.module "INCLUDE"> +<![ %refsynopsisdivinfo.module; [ +<!ENTITY % local.refsynopsisdivinfo.attrib ""> +<!ENTITY % refsynopsisdivinfo.role.attrib "%role.attrib;"> + +<!ENTITY % refsynopsisdivinfo.element "INCLUDE"> +<![ %refsynopsisdivinfo.element; [ +<!ELEMENT RefSynopsisDivInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of refsynopsisdivinfo.element-->]]> + +<!ENTITY % refsynopsisdivinfo.attlist "INCLUDE"> +<![ %refsynopsisdivinfo.attlist; [ +<!ATTLIST RefSynopsisDivInfo + %common.attrib; + %refsynopsisdivinfo.role.attrib; + %local.refsynopsisdivinfo.attrib; +> +<!--end of refsynopsisdivinfo.attlist-->]]> +<!--end of refsynopsisdivinfo.module-->]]> + + +<!ENTITY % referenceinfo.module "INCLUDE"> +<![ %referenceinfo.module; [ +<!ENTITY % local.referenceinfo.attrib ""> +<!ENTITY % referenceinfo.role.attrib "%role.attrib;"> + +<!ENTITY % referenceinfo.element "INCLUDE"> +<![ %referenceinfo.element; [ +<!ELEMENT ReferenceInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of referenceinfo.element-->]]> + +<!ENTITY % referenceinfo.attlist "INCLUDE"> +<![ %referenceinfo.attlist; [ +<!ATTLIST ReferenceInfo + %common.attrib; + %referenceinfo.role.attrib; + %local.referenceinfo.attrib; +> +<!--end of referenceinfo.attlist-->]]> +<!--end of referenceinfo.module-->]]> + + +<!ENTITY % sect1info.module "INCLUDE"> +<![ %sect1info.module; [ +<!ENTITY % local.sect1info.attrib ""> +<!ENTITY % sect1info.role.attrib "%role.attrib;"> + +<!ENTITY % sect1info.element "INCLUDE"> +<![ %sect1info.element; [ +<!ELEMENT Sect1Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of sect1info.element-->]]> + +<!ENTITY % sect1info.attlist "INCLUDE"> +<![ %sect1info.attlist; [ +<!ATTLIST Sect1Info + %common.attrib; + %sect1info.role.attrib; + %local.sect1info.attrib; +> +<!--end of sect1info.attlist-->]]> +<!--end of sect1info.module-->]]> + + +<!ENTITY % sect2info.module "INCLUDE"> +<![ %sect2info.module; [ +<!ENTITY % local.sect2info.attrib ""> +<!ENTITY % sect2info.role.attrib "%role.attrib;"> + +<!ENTITY % sect2info.element "INCLUDE"> +<![ %sect2info.element; [ +<!ELEMENT Sect2Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of sect2info.element-->]]> + +<!ENTITY % sect2info.attlist "INCLUDE"> +<![ %sect2info.attlist; [ +<!ATTLIST Sect2Info + %common.attrib; + %sect2info.role.attrib; + %local.sect2info.attrib; +> +<!--end of sect2info.attlist-->]]> +<!--end of sect2info.module-->]]> + + +<!ENTITY % sect3info.module "INCLUDE"> +<![ %sect3info.module; [ +<!ENTITY % local.sect3info.attrib ""> +<!ENTITY % sect3info.role.attrib "%role.attrib;"> + +<!ENTITY % sect3info.element "INCLUDE"> +<![ %sect3info.element; [ +<!ELEMENT Sect3Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of sect3info.element-->]]> + +<!ENTITY % sect3info.attlist "INCLUDE"> +<![ %sect3info.attlist; [ +<!ATTLIST Sect3Info + %common.attrib; + %sect3info.role.attrib; + %local.sect3info.attrib; +> +<!--end of sect3info.attlist-->]]> +<!--end of sect3info.module-->]]> + + +<!ENTITY % sect4info.module "INCLUDE"> +<![ %sect4info.module; [ +<!ENTITY % local.sect4info.attrib ""> +<!ENTITY % sect4info.role.attrib "%role.attrib;"> + +<!ENTITY % sect4info.element "INCLUDE"> +<![ %sect4info.element; [ +<!ELEMENT Sect4Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of sect4info.element-->]]> + +<!ENTITY % sect4info.attlist "INCLUDE"> +<![ %sect4info.attlist; [ +<!ATTLIST Sect4Info + %common.attrib; + %sect4info.role.attrib; + %local.sect4info.attrib; +> +<!--end of sect4info.attlist-->]]> +<!--end of sect4info.module-->]]> + + +<!ENTITY % sect5info.module "INCLUDE"> +<![ %sect5info.module; [ +<!ENTITY % local.sect5info.attrib ""> +<!ENTITY % sect5info.role.attrib "%role.attrib;"> + +<!ENTITY % sect5info.element "INCLUDE"> +<![ %sect5info.element; [ +<!ELEMENT Sect5Info - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of sect5info.element-->]]> + +<!ENTITY % sect5info.attlist "INCLUDE"> +<![ %sect5info.attlist; [ +<!ATTLIST Sect5Info + %common.attrib; + %sect5info.role.attrib; + %local.sect5info.attrib; +> +<!--end of sect5info.attlist-->]]> +<!--end of sect5info.module-->]]> + + +<!ENTITY % setindexinfo.module "INCLUDE"> +<![ %setindexinfo.module; [ +<!ENTITY % local.setindexinfo.attrib ""> +<!ENTITY % setindexinfo.role.attrib "%role.attrib;"> + +<!ENTITY % setindexinfo.element "INCLUDE"> +<![ %setindexinfo.element; [ +<!ELEMENT SetIndexInfo - - ((Graphic | MediaObject + | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + %beginpage.exclusion;> +<!--end of setindexinfo.element-->]]> + +<!ENTITY % setindexinfo.attlist "INCLUDE"> +<![ %setindexinfo.attlist; [ +<!ATTLIST SetIndexInfo + %common.attrib; + %setindexinfo.role.attrib; + %local.setindexinfo.attrib; +> +<!--end of setindexinfo.attlist-->]]> +<!--end of setindexinfo.module-->]]> + +<!-- ...................................................................... --> +<!-- Section (parallel to Sect*) ......................................... --> + +<!ENTITY % section.content.module "INCLUDE"> +<![ %section.content.module; [ +<!ENTITY % section.module "INCLUDE"> +<![ %section.module; [ +<!ENTITY % local.section.attrib ""> +<!ENTITY % section.role.attrib "%role.attrib;"> + +<!ENTITY % section.element "INCLUDE"> +<![ %section.element; [ +<!ELEMENT Section - - (SectionInfo?, + (%sect.title.content;), + (%nav.class;)*, + (((%divcomponent.mix;)+, + ((%refentry.class;)*|Section*)) + | (%refentry.class;)+|Section+), + (%nav.class;)*) + %ubiq.inclusion;> +<!--end of section.element-->]]> + +<!ENTITY % section.attlist "INCLUDE"> +<![ %section.attlist; [ +<!ATTLIST Section + -- + What did we decide about RenderAs? + Renderas (Sect1 + |Sect2 + |Sect3 + |Sect4 + |Sect5) #IMPLIED + -- + %label.attrib; + %status.attrib; + %common.attrib; + %section.role.attrib; + %local.section.attrib; +> +<!--end of section.attlist-->]]> +<!--end of section.module-->]]> + +<!ENTITY % sectioninfo.module "INCLUDE"> +<![ %sectioninfo.module; [ +<!ENTITY % sectioninfo.role.attrib "%role.attrib;"> +<!ENTITY % local.sectioninfo.attrib ""> + +<!ENTITY % sectioninfo.element "INCLUDE"> +<![ %sectioninfo.element; [ +<!ELEMENT SectionInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + -(BeginPage)> +<!--end of sectioninfo.element-->]]> + +<!ENTITY % sectioninfo.attlist "INCLUDE"> +<![ %sectioninfo.attlist; [ +<!ATTLIST SectionInfo + %common.attrib; + %sectioninfo.role.attrib; + %local.sectioninfo.attrib; +> +<!--end of sectioninfo.attlist-->]]> +<!--end of sectioninfo.module-->]]> +<!--end of section.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Sect1, Sect2, Sect3, Sect4, Sect5 .................................... --> + +<!ENTITY % sect1.module "INCLUDE"> +<![ %sect1.module; [ +<!ENTITY % local.sect1.attrib ""> +<!ENTITY % sect1.role.attrib "%role.attrib;"> + +<!ENTITY % sect1.element "INCLUDE"> +<![ %sect1.element; [ +<!ELEMENT Sect1 - O (Sect1Info?, (%sect.title.content;), (%nav.class;)*, + (((%divcomponent.mix;)+, + ((%refentry.class;)* | Sect2* | SimpleSect*)) + | (%refentry.class;)+ | Sect2+ | SimpleSect+), (%nav.class;)*) + %ubiq.inclusion;> +<!--end of sect1.element-->]]> + +<!ENTITY % sect1.attlist "INCLUDE"> +<![ %sect1.attlist; [ +<!ATTLIST Sect1 + -- + Renderas: Indicates the format in which the heading should + appear + -- + Renderas (Sect2 + |Sect3 + |Sect4 + |Sect5) #IMPLIED + %label.attrib; + %status.attrib; + %common.attrib; + %sect1.role.attrib; + %local.sect1.attrib; +> +<!--end of sect1.attlist-->]]> +<!--end of sect1.module-->]]> + +<!ENTITY % sect2.module "INCLUDE"> +<![ %sect2.module; [ +<!ENTITY % local.sect2.attrib ""> +<!ENTITY % sect2.role.attrib "%role.attrib;"> + +<!ENTITY % sect2.element "INCLUDE"> +<![ %sect2.element; [ +<!ELEMENT Sect2 - O (Sect2Info?, (%sect.title.content;), (%nav.class;)*, + (((%divcomponent.mix;)+, + ((%refentry.class;)* | Sect3* | SimpleSect*)) + | (%refentry.class;)+ | Sect3+ | SimpleSect+), (%nav.class;)*)> +<!--end of sect2.element-->]]> + +<!ENTITY % sect2.attlist "INCLUDE"> +<![ %sect2.attlist; [ +<!ATTLIST Sect2 + -- + Renderas: Indicates the format in which the heading should + appear + -- + Renderas (Sect1 + |Sect3 + |Sect4 + |Sect5) #IMPLIED + %label.attrib; + %status.attrib; + %common.attrib; + %sect2.role.attrib; + %local.sect2.attrib; +> +<!--end of sect2.attlist-->]]> +<!--end of sect2.module-->]]> + +<!ENTITY % sect3.module "INCLUDE"> +<![ %sect3.module; [ +<!ENTITY % local.sect3.attrib ""> +<!ENTITY % sect3.role.attrib "%role.attrib;"> + +<!ENTITY % sect3.element "INCLUDE"> +<![ %sect3.element; [ +<!ELEMENT Sect3 - O (Sect3Info?, (%sect.title.content;), (%nav.class;)*, + (((%divcomponent.mix;)+, + ((%refentry.class;)* | Sect4* | SimpleSect*)) + | (%refentry.class;)+ | Sect4+ | SimpleSect+), (%nav.class;)*)> +<!--end of sect3.element-->]]> + +<!ENTITY % sect3.attlist "INCLUDE"> +<![ %sect3.attlist; [ +<!ATTLIST Sect3 + -- + Renderas: Indicates the format in which the heading should + appear + -- + Renderas (Sect1 + |Sect2 + |Sect4 + |Sect5) #IMPLIED + %label.attrib; + %status.attrib; + %common.attrib; + %sect3.role.attrib; + %local.sect3.attrib; +> +<!--end of sect3.attlist-->]]> +<!--end of sect3.module-->]]> + +<!ENTITY % sect4.module "INCLUDE"> +<![ %sect4.module; [ +<!ENTITY % local.sect4.attrib ""> +<!ENTITY % sect4.role.attrib "%role.attrib;"> + +<!ENTITY % sect4.element "INCLUDE"> +<![ %sect4.element; [ +<!ELEMENT Sect4 - O (Sect4Info?, (%sect.title.content;), (%nav.class;)*, + (((%divcomponent.mix;)+, + ((%refentry.class;)* | Sect5* | SimpleSect*)) + | (%refentry.class;)+ | Sect5+ | SimpleSect+), (%nav.class;)*)> +<!--end of sect4.element-->]]> + +<!ENTITY % sect4.attlist "INCLUDE"> +<![ %sect4.attlist; [ +<!ATTLIST Sect4 + -- + Renderas: Indicates the format in which the heading should + appear + -- + Renderas (Sect1 + |Sect2 + |Sect3 + |Sect5) #IMPLIED + %label.attrib; + %status.attrib; + %common.attrib; + %sect4.role.attrib; + %local.sect4.attrib; +> +<!--end of sect4.attlist-->]]> +<!--end of sect4.module-->]]> + +<!ENTITY % sect5.module "INCLUDE"> +<![ %sect5.module; [ +<!ENTITY % local.sect5.attrib ""> +<!ENTITY % sect5.role.attrib "%role.attrib;"> + +<!ENTITY % sect5.element "INCLUDE"> +<![ %sect5.element; [ +<!ELEMENT Sect5 - O (Sect5Info?, (%sect.title.content;), (%nav.class;)*, + (((%divcomponent.mix;)+, ((%refentry.class;)* | SimpleSect*)) + | (%refentry.class;)+ | SimpleSect+), (%nav.class;)*)> +<!--end of sect5.element-->]]> + +<!ENTITY % sect5.attlist "INCLUDE"> +<![ %sect5.attlist; [ +<!ATTLIST Sect5 + -- + Renderas: Indicates the format in which the heading should + appear + -- + Renderas (Sect1 + |Sect2 + |Sect3 + |Sect4) #IMPLIED + %label.attrib; + %status.attrib; + %common.attrib; + %sect5.role.attrib; + %local.sect5.attrib; +> +<!--end of sect5.attlist-->]]> +<!--end of sect5.module-->]]> + +<!ENTITY % simplesect.module "INCLUDE"> +<![ %simplesect.module; [ +<!ENTITY % local.simplesect.attrib ""> +<!ENTITY % simplesect.role.attrib "%role.attrib;"> + +<!ENTITY % simplesect.element "INCLUDE"> +<![ %simplesect.element; [ +<!ELEMENT SimpleSect - O ((%sect.title.content;), (%divcomponent.mix;)+) + %ubiq.inclusion;> +<!--end of simplesect.element-->]]> + +<!ENTITY % simplesect.attlist "INCLUDE"> +<![ %simplesect.attlist; [ +<!ATTLIST SimpleSect + %common.attrib; + %simplesect.role.attrib; + %local.simplesect.attrib; +> +<!--end of simplesect.attlist-->]]> +<!--end of simplesect.module-->]]> + +<!-- ...................................................................... --> +<!-- Bibliography ......................................................... --> + +<!ENTITY % bibliography.content.module "INCLUDE"> +<![ %bibliography.content.module; [ +<!ENTITY % bibliography.module "INCLUDE"> +<![ %bibliography.module; [ +<!ENTITY % local.bibliography.attrib ""> +<!ENTITY % bibliography.role.attrib "%role.attrib;"> + +<!ENTITY % bibliography.element "INCLUDE"> +<![ %bibliography.element; [ +<!ELEMENT Bibliography - O (BibliographyInfo?, + (%bookcomponent.title.content;)?, + (%component.mix;)*, + (BiblioDiv+ | (BiblioEntry|BiblioMixed)+))> +<!--end of bibliography.element-->]]> + +<!ENTITY % bibliography.attlist "INCLUDE"> +<![ %bibliography.attlist; [ +<!ATTLIST Bibliography + %status.attrib; + %common.attrib; + %bibliography.role.attrib; + %local.bibliography.attrib; +> +<!--end of bibliography.attlist-->]]> +<!--end of bibliography.module-->]]> + +<!ENTITY % bibliodiv.module "INCLUDE"> +<![ %bibliodiv.module; [ +<!ENTITY % local.bibliodiv.attrib ""> +<!ENTITY % bibliodiv.role.attrib "%role.attrib;"> + +<!ENTITY % bibliodiv.element "INCLUDE"> +<![ %bibliodiv.element; [ +<!ELEMENT BiblioDiv - O ((%sect.title.content;)?, (%component.mix;)*, + (BiblioEntry|BiblioMixed)+)> +<!--end of bibliodiv.element-->]]> + +<!ENTITY % bibliodiv.attlist "INCLUDE"> +<![ %bibliodiv.attlist; [ +<!ATTLIST BiblioDiv + %status.attrib; + %common.attrib; + %bibliodiv.role.attrib; + %local.bibliodiv.attrib; +> +<!--end of bibliodiv.attlist-->]]> +<!--end of bibliodiv.module-->]]> +<!--end of bibliography.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Glossary ............................................................. --> + +<!ENTITY % glossary.content.module "INCLUDE"> +<![ %glossary.content.module; [ +<!ENTITY % glossary.module "INCLUDE"> +<![ %glossary.module; [ +<!ENTITY % local.glossary.attrib ""> +<!ENTITY % glossary.role.attrib "%role.attrib;"> + +<!ENTITY % glossary.element "INCLUDE"> +<![ %glossary.element; [ +<!ELEMENT Glossary - O (GlossaryInfo?, + (%bookcomponent.title.content;)?, (%component.mix;)*, + (GlossDiv+ | GlossEntry+), Bibliography?)> +<!--end of glossary.element-->]]> + +<!ENTITY % glossary.attlist "INCLUDE"> +<![ %glossary.attlist; [ +<!ATTLIST Glossary + %status.attrib; + %common.attrib; + %glossary.role.attrib; + %local.glossary.attrib; +> +<!--end of glossary.attlist-->]]> +<!--end of glossary.module-->]]> + +<!ENTITY % glossdiv.module "INCLUDE"> +<![ %glossdiv.module; [ +<!ENTITY % local.glossdiv.attrib ""> +<!ENTITY % glossdiv.role.attrib "%role.attrib;"> + +<!ENTITY % glossdiv.element "INCLUDE"> +<![ %glossdiv.element; [ +<!ELEMENT GlossDiv - O ((%sect.title.content;), (%component.mix;)*, + GlossEntry+)> +<!--end of glossdiv.element-->]]> + +<!ENTITY % glossdiv.attlist "INCLUDE"> +<![ %glossdiv.attlist; [ +<!ATTLIST GlossDiv + %status.attrib; + %common.attrib; + %glossdiv.role.attrib; + %local.glossdiv.attrib; +> +<!--end of glossdiv.attlist-->]]> +<!--end of glossdiv.module-->]]> +<!--end of glossary.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Index and SetIndex ................................................... --> + +<!ENTITY % index.content.module "INCLUDE"> +<![ %index.content.module; [ +<!ENTITY % index.module "INCLUDE"> +<![ %index.module; [ +<!ENTITY % local.index.attrib ""> +<!ENTITY % index.role.attrib "%role.attrib;"> + +<!ENTITY % index.element "INCLUDE"> +<![ %index.element; [ +<!ELEMENT Index - O (IndexInfo?, (%bookcomponent.title.content;)?, + (%component.mix;)*, (IndexDiv* | IndexEntry*)) + %ndxterm.exclusion;> +<!--end of index.element-->]]> + +<!ENTITY % index.attlist "INCLUDE"> +<![ %index.attlist; [ +<!ATTLIST Index + %common.attrib; + %index.role.attrib; + %local.index.attrib; +> +<!--end of index.attlist-->]]> +<!--end of index.module-->]]> + +<!ENTITY % setindex.module "INCLUDE"> +<![ %setindex.module; [ +<!ENTITY % local.setindex.attrib ""> +<!ENTITY % setindex.role.attrib "%role.attrib;"> + +<!ENTITY % setindex.element "INCLUDE"> +<![ %setindex.element; [ +<!ELEMENT SetIndex - O (SetIndexInfo?, (%bookcomponent.title.content;)?, + (%component.mix;)*, (IndexDiv* | IndexEntry*)) + %ndxterm.exclusion;> +<!--end of setindex.element-->]]> + +<!ENTITY % setindex.attlist "INCLUDE"> +<![ %setindex.attlist; [ +<!ATTLIST SetIndex + %common.attrib; + %setindex.role.attrib; + %local.setindex.attrib; +> +<!--end of setindex.attlist-->]]> +<!--end of setindex.module-->]]> + +<!ENTITY % indexdiv.module "INCLUDE"> +<![ %indexdiv.module; [ + +<!-- SegmentedList in this content is useful for marking up permuted + indices. --> + +<!ENTITY % local.indexdiv.attrib ""> +<!ENTITY % indexdiv.role.attrib "%role.attrib;"> + +<!ENTITY % indexdiv.element "INCLUDE"> +<![ %indexdiv.element; [ +<!ELEMENT IndexDiv - O ((%sect.title.content;)?, ((%indexdivcomponent.mix;)*, + (IndexEntry+ | SegmentedList)))> +<!--end of indexdiv.element-->]]> + +<!ENTITY % indexdiv.attlist "INCLUDE"> +<![ %indexdiv.attlist; [ +<!ATTLIST IndexDiv + %common.attrib; + %indexdiv.role.attrib; + %local.indexdiv.attrib; +> +<!--end of indexdiv.attlist-->]]> +<!--end of indexdiv.module-->]]> + +<!ENTITY % indexentry.module "INCLUDE"> +<![ %indexentry.module; [ +<!-- Index entries appear in the index, not the text. --> + +<!ENTITY % local.indexentry.attrib ""> +<!ENTITY % indexentry.role.attrib "%role.attrib;"> + +<!ENTITY % indexentry.element "INCLUDE"> +<![ %indexentry.element; [ +<!ELEMENT IndexEntry - O (PrimaryIE, (SeeIE|SeeAlsoIE)*, + (SecondaryIE, (SeeIE|SeeAlsoIE|TertiaryIE)*)*)> +<!--end of indexentry.element-->]]> + +<!ENTITY % indexentry.attlist "INCLUDE"> +<![ %indexentry.attlist; [ +<!ATTLIST IndexEntry + %common.attrib; + %indexentry.role.attrib; + %local.indexentry.attrib; +> +<!--end of indexentry.attlist-->]]> +<!--end of indexentry.module-->]]> + +<!ENTITY % primsecterie.module "INCLUDE"> +<![ %primsecterie.module; [ +<!ENTITY % local.primsecterie.attrib ""> +<!ENTITY % primsecterie.role.attrib "%role.attrib;"> + +<!ENTITY % primsecterie.elements "INCLUDE"> +<![ %primsecterie.elements; [ +<!ELEMENT (PrimaryIE | SecondaryIE | TertiaryIE) - O ((%ndxterm.char.mix;)+)> +<!--end of primsecterie.elements-->]]> + +<!ENTITY % primsecterie.attlists "INCLUDE"> +<![ %primsecterie.attlists; [ +<!ATTLIST (PrimaryIE | SecondaryIE | TertiaryIE) + %linkends.attrib; --to IndexTerms that these entries represent-- + %common.attrib; + %primsecterie.role.attrib; + %local.primsecterie.attrib; +> +<!--end of primsecterie.attlists-->]]> +<!--end of primsecterie.module-->]]> + +<!ENTITY % seeie.module "INCLUDE"> +<![ %seeie.module; [ +<!ENTITY % local.seeie.attrib ""> +<!ENTITY % seeie.role.attrib "%role.attrib;"> + +<!ENTITY % seeie.element "INCLUDE"> +<![ %seeie.element; [ +<!ELEMENT SeeIE - O ((%ndxterm.char.mix;)+)> +<!--end of seeie.element-->]]> + +<!ENTITY % seeie.attlist "INCLUDE"> +<![ %seeie.attlist; [ +<!ATTLIST SeeIE + %linkend.attrib; --to IndexEntry to look up-- + %common.attrib; + %seeie.role.attrib; + %local.seeie.attrib; +> +<!--end of seeie.attlist-->]]> +<!--end of seeie.module-->]]> + +<!ENTITY % seealsoie.module "INCLUDE"> +<![ %seealsoie.module; [ +<!ENTITY % local.seealsoie.attrib ""> +<!ENTITY % seealsoie.role.attrib "%role.attrib;"> + +<!ENTITY % seealsoie.element "INCLUDE"> +<![ %seealsoie.element; [ +<!ELEMENT SeeAlsoIE - O ((%ndxterm.char.mix;)+)> +<!--end of seealsoie.element-->]]> + +<!ENTITY % seealsoie.attlist "INCLUDE"> +<![ %seealsoie.attlist; [ +<!ATTLIST SeeAlsoIE + %linkends.attrib; --to related IndexEntries-- + %common.attrib; + %seealsoie.role.attrib; + %local.seealsoie.attrib; +> +<!--end of seealsoie.attlist-->]]> +<!--end of seealsoie.module-->]]> +<!--end of index.content.module-->]]> + +<!-- ...................................................................... --> +<!-- RefEntry ............................................................. --> + +<!ENTITY % refentry.content.module "INCLUDE"> +<![ %refentry.content.module; [ +<!ENTITY % refentry.module "INCLUDE"> +<![ %refentry.module; [ +<!ENTITY % local.refentry.attrib ""> +<!ENTITY % refentry.role.attrib "%role.attrib;"> + +<!ENTITY % refentry.element "INCLUDE"> +<![ %refentry.element; [ +<!ELEMENT RefEntry - O (RefEntryInfo?, RefMeta?, (Remark|%link.char.class;)*, + RefNameDiv, RefSynopsisDiv?, RefSect1+) %ubiq.inclusion;> +<!--end of refentry.element-->]]> + +<!ENTITY % refentry.attlist "INCLUDE"> +<![ %refentry.attlist; [ +<!ATTLIST RefEntry + %status.attrib; + %common.attrib; + %refentry.role.attrib; + %local.refentry.attrib; +> +<!--end of refentry.attlist-->]]> +<!--end of refentry.module-->]]> + +<!ENTITY % refmeta.module "INCLUDE"> +<![ %refmeta.module; [ +<!ENTITY % local.refmeta.attrib ""> +<!ENTITY % refmeta.role.attrib "%role.attrib;"> + +<!ENTITY % refmeta.element "INCLUDE"> +<![ %refmeta.element; [ +<!ELEMENT RefMeta - - (RefEntryTitle, ManVolNum?, RefMiscInfo*) + %beginpage.exclusion;> +<!--end of refmeta.element-->]]> + +<!ENTITY % refmeta.attlist "INCLUDE"> +<![ %refmeta.attlist; [ +<!ATTLIST RefMeta + %common.attrib; + %refmeta.role.attrib; + %local.refmeta.attrib; +> +<!--end of refmeta.attlist-->]]> +<!--end of refmeta.module-->]]> + +<!ENTITY % refmiscinfo.module "INCLUDE"> +<![ %refmiscinfo.module; [ +<!ENTITY % local.refmiscinfo.attrib ""> +<!ENTITY % refmiscinfo.role.attrib "%role.attrib;"> + +<!ENTITY % refmiscinfo.element "INCLUDE"> +<![ %refmiscinfo.element; [ +<!ELEMENT RefMiscInfo - - ((%docinfo.char.mix;)+)> +<!--end of refmiscinfo.element-->]]> + +<!ENTITY % refmiscinfo.attlist "INCLUDE"> +<![ %refmiscinfo.attlist; [ +<!ATTLIST RefMiscInfo + -- + Class: Freely assignable parameter; no default + -- + Class CDATA #IMPLIED + %common.attrib; + %refmiscinfo.role.attrib; + %local.refmiscinfo.attrib; +> +<!--end of refmiscinfo.attlist-->]]> +<!--end of refmiscinfo.module-->]]> + +<!ENTITY % refnamediv.module "INCLUDE"> +<![ %refnamediv.module; [ +<!ENTITY % local.refnamediv.attrib ""> +<!ENTITY % refnamediv.role.attrib "%role.attrib;"> + +<!ENTITY % refnamediv.element "INCLUDE"> +<![ %refnamediv.element; [ +<!ELEMENT RefNameDiv - O (RefDescriptor?, RefName+, RefPurpose, RefClass*, + (Remark|%link.char.class;)*)> +<!--end of refnamediv.element-->]]> + +<!ENTITY % refnamediv.attlist "INCLUDE"> +<![ %refnamediv.attlist; [ +<!ATTLIST RefNameDiv + %common.attrib; + %refnamediv.role.attrib; + %local.refnamediv.attrib; +> +<!--end of refnamediv.attlist-->]]> +<!--end of refnamediv.module-->]]> + +<!ENTITY % refdescriptor.module "INCLUDE"> +<![ %refdescriptor.module; [ +<!ENTITY % local.refdescriptor.attrib ""> +<!ENTITY % refdescriptor.role.attrib "%role.attrib;"> + +<!ENTITY % refdescriptor.element "INCLUDE"> +<![ %refdescriptor.element; [ +<!ELEMENT RefDescriptor - O ((%refname.char.mix;)+)> +<!--end of refdescriptor.element-->]]> + +<!ENTITY % refdescriptor.attlist "INCLUDE"> +<![ %refdescriptor.attlist; [ +<!ATTLIST RefDescriptor + %common.attrib; + %refdescriptor.role.attrib; + %local.refdescriptor.attrib; +> +<!--end of refdescriptor.attlist-->]]> +<!--end of refdescriptor.module-->]]> + +<!ENTITY % refname.module "INCLUDE"> +<![ %refname.module; [ +<!ENTITY % local.refname.attrib ""> +<!ENTITY % refname.role.attrib "%role.attrib;"> + +<!ENTITY % refname.element "INCLUDE"> +<![ %refname.element; [ +<!ELEMENT RefName - O ((%refname.char.mix;)+)> +<!--end of refname.element-->]]> + +<!ENTITY % refname.attlist "INCLUDE"> +<![ %refname.attlist; [ +<!ATTLIST RefName + %common.attrib; + %refname.role.attrib; + %local.refname.attrib; +> +<!--end of refname.attlist-->]]> +<!--end of refname.module-->]]> + +<!ENTITY % refpurpose.module "INCLUDE"> +<![ %refpurpose.module; [ +<!ENTITY % local.refpurpose.attrib ""> +<!ENTITY % refpurpose.role.attrib "%role.attrib;"> + +<!ENTITY % refpurpose.element "INCLUDE"> +<![ %refpurpose.element; [ +<!ELEMENT RefPurpose - O ((%refinline.char.mix;)+)> +<!--end of refpurpose.element-->]]> + +<!ENTITY % refpurpose.attlist "INCLUDE"> +<![ %refpurpose.attlist; [ +<!ATTLIST RefPurpose + %common.attrib; + %refpurpose.role.attrib; + %local.refpurpose.attrib; +> +<!--end of refpurpose.attlist-->]]> +<!--end of refpurpose.module-->]]> + +<!ENTITY % refclass.module "INCLUDE"> +<![ %refclass.module; [ +<!ENTITY % local.refclass.attrib ""> +<!ENTITY % refclass.role.attrib "%role.attrib;"> + +<!ENTITY % refclass.element "INCLUDE"> +<![ %refclass.element; [ +<!ELEMENT RefClass - O ((%refclass.char.mix;)+)> +<!--end of refclass.element-->]]> + +<!ENTITY % refclass.attlist "INCLUDE"> +<![ %refclass.attlist; [ +<!ATTLIST RefClass + %common.attrib; + %refclass.role.attrib; + %local.refclass.attrib; +> +<!--end of refclass.attlist-->]]> +<!--end of refclass.module-->]]> + +<!ENTITY % refsynopsisdiv.module "INCLUDE"> +<![ %refsynopsisdiv.module; [ +<!ENTITY % local.refsynopsisdiv.attrib ""> +<!ENTITY % refsynopsisdiv.role.attrib "%role.attrib;"> + +<!ENTITY % refsynopsisdiv.element "INCLUDE"> +<![ %refsynopsisdiv.element; [ +<!ELEMENT RefSynopsisDiv - O (RefSynopsisDivInfo?, (%refsect.title.content;)?, + (((%refcomponent.mix;)+, RefSect2*) | (RefSect2+)))> +<!--end of refsynopsisdiv.element-->]]> + +<!ENTITY % refsynopsisdiv.attlist "INCLUDE"> +<![ %refsynopsisdiv.attlist; [ +<!ATTLIST RefSynopsisDiv + %common.attrib; + %refsynopsisdiv.role.attrib; + %local.refsynopsisdiv.attrib; +> +<!--end of refsynopsisdiv.attlist-->]]> +<!--end of refsynopsisdiv.module-->]]> + +<!ENTITY % refsect1.module "INCLUDE"> +<![ %refsect1.module; [ +<!ENTITY % local.refsect1.attrib ""> +<!ENTITY % refsect1.role.attrib "%role.attrib;"> + +<!ENTITY % refsect1.element "INCLUDE"> +<![ %refsect1.element; [ +<!ELEMENT RefSect1 - O (RefSect1Info?, (%refsect.title.content;), + (((%refcomponent.mix;)+, RefSect2*) | RefSect2+))> +<!--end of refsect1.element-->]]> + +<!ENTITY % refsect1.attlist "INCLUDE"> +<![ %refsect1.attlist; [ +<!ATTLIST RefSect1 + %status.attrib; + %common.attrib; + %refsect1.role.attrib; + %local.refsect1.attrib; +> +<!--end of refsect1.attlist-->]]> +<!--end of refsect1.module-->]]> + +<!ENTITY % refsect2.module "INCLUDE"> +<![ %refsect2.module; [ +<!ENTITY % local.refsect2.attrib ""> +<!ENTITY % refsect2.role.attrib "%role.attrib;"> + +<!ENTITY % refsect2.element "INCLUDE"> +<![ %refsect2.element; [ +<!ELEMENT RefSect2 - O (RefSect2Info?, (%refsect.title.content;), + (((%refcomponent.mix;)+, RefSect3*) | RefSect3+))> +<!--end of refsect2.element-->]]> + +<!ENTITY % refsect2.attlist "INCLUDE"> +<![ %refsect2.attlist; [ +<!ATTLIST RefSect2 + %status.attrib; + %common.attrib; + %refsect2.role.attrib; + %local.refsect2.attrib; +> +<!--end of refsect2.attlist-->]]> +<!--end of refsect2.module-->]]> + +<!ENTITY % refsect3.module "INCLUDE"> +<![ %refsect3.module; [ +<!ENTITY % local.refsect3.attrib ""> +<!ENTITY % refsect3.role.attrib "%role.attrib;"> + +<!ENTITY % refsect3.element "INCLUDE"> +<![ %refsect3.element; [ +<!ELEMENT RefSect3 - O (RefSect3Info?, (%refsect.title.content;), + (%refcomponent.mix;)+)> +<!--end of refsect3.element-->]]> + +<!ENTITY % refsect3.attlist "INCLUDE"> +<![ %refsect3.attlist; [ +<!ATTLIST RefSect3 + %status.attrib; + %common.attrib; + %refsect3.role.attrib; + %local.refsect3.attrib; +> +<!--end of refsect3.attlist-->]]> +<!--end of refsect3.module-->]]> +<!--end of refentry.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Article .............................................................. --> + +<!ENTITY % article.module "INCLUDE"> +<![ %article.module; [ +<!-- An Article is a chapter-level, stand-alone document that is often, + but need not be, collected into a Book. --> + +<!ENTITY % local.article.attrib ""> +<!ENTITY % article.role.attrib "%role.attrib;"> + +<!ENTITY % article.element "INCLUDE"> +<![ %article.element; [ +<!ELEMENT Article - O ((%div.title.content;)?, ArticleInfo?, ToCchap?, LoT*, + (%bookcomponent.content;), + ((%nav.class;) | (%appendix.class;) | Ackno)*) + %ubiq.inclusion;> +<!--end of article.element-->]]> + +<!ENTITY % article.attlist "INCLUDE"> +<![ %article.attlist; [ +<!ATTLIST Article + -- + Class: Indicates the type of a particular article; + all articles have the same structure and general purpose. + No default. + -- + Class (JournalArticle + |ProductSheet + |WhitePaper + |TechReport + |Specification + |FAQ) #IMPLIED + -- + ParentBook: ID of the enclosing Book + -- + ParentBook IDREF #IMPLIED + %status.attrib; + %common.attrib; + %article.role.attrib; + %local.article.attrib; +> +<!--end of article.attlist-->]]> +<!--end of article.module-->]]> + +<!-- End of DocBook document hierarchy module V4.1 ........................ --> +<!-- ...................................................................... --> diff --git a/docs/docbook/dbsgml/dbnotn.mod b/docs/docbook/dbsgml/dbnotn.mod new file mode 100755 index 0000000000..b980630bba --- /dev/null +++ b/docs/docbook/dbsgml/dbnotn.mod @@ -0,0 +1,97 @@ +<!-- ...................................................................... --> +<!-- DocBook notations module V4.1 ........................................ --> +<!-- File dbnotn.mod ...................................................... --> + +<!-- Copyright 1992-2000 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, and the Organization for the Advancement of + Structured Information Standards (OASIS). + + $Id: dbnotn.mod,v 1.3 2001/12/06 07:37:55 jerry Exp $ + + Permission to use, copy, modify and distribute the DocBook DTD and + its accompanying documentation for any purpose and without fee is + hereby granted in perpetuity, provided that the above copyright + notice and this paragraph appear in all copies. The copyright + holders make no representation about the suitability of the DTD for + any purpose. It is provided "as is" without expressed or implied + warranty. + + If you modify the DocBook DTD in any way, except for declaring and + referencing additional sets of general entities and declaring + additional notations, label your DTD as a variant of DocBook. See + the maintenance documentation for more information. + + Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/docbook/. +--> + +<!-- ...................................................................... --> + +<!-- This module contains the entity declarations for the standard + notations used by DocBook. + + In DTD driver files referring to this module, please use an entity + declaration that uses the public identifier shown below: + + <!ENTITY % dbnotn PUBLIC + "-//OASIS//ENTITIES DocBook Notations V4.1//EN"> + %dbnotn; + + See the documentation for detailed information on the parameter + entity and module scheme used in DocBook, customizing DocBook and + planning for interchange, and changes made since the last release + of DocBook. +--> + +<!ENTITY % local.notation.class ""> +<!ENTITY % notation.class + "BMP| CGM-CHAR | CGM-BINARY | CGM-CLEAR | DITROFF | DVI + | EPS | EQN | FAX | GIF | GIF87a | GIF89a + | JPG | JPEG | IGES | PCX + | PIC | PNG | PS | SGML | TBL | TEX | TIFF | WMF | WPG + | linespecific + %local.notation.class;"> + +<!NOTATION BMP PUBLIC +"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows bitmap//EN"> +<!NOTATION CGM-CHAR PUBLIC "ISO 8632/2//NOTATION Character encoding//EN"> +<!NOTATION CGM-BINARY PUBLIC "ISO 8632/3//NOTATION Binary encoding//EN"> +<!NOTATION CGM-CLEAR PUBLIC "ISO 8632/4//NOTATION Clear text encoding//EN"> +<!NOTATION DITROFF SYSTEM "DITROFF"> +<!NOTATION DVI SYSTEM "DVI"> +<!NOTATION EPS PUBLIC +"+//ISBN 0-201-18127-4::Adobe//NOTATION PostScript Language Ref. Manual//EN"> +<!-- EQN was SYSTEM "-//AT&T//NOTATION EQN-1//EN" --> +<!NOTATION EQN SYSTEM> +<!NOTATION FAX PUBLIC +"-//USA-DOD//NOTATION CCITT Group 4 Facsimile Type 1 Untiled Raster//EN"> +<!NOTATION GIF SYSTEM "GIF"> +<!NOTATION GIF87a PUBLIC +"-//CompuServe//NOTATION Graphics Interchange Format 87a//EN"> + +<!NOTATION GIF89a PUBLIC +"-//CompuServe//NOTATION Graphics Interchange Format 89a//EN"> +<!NOTATION JPG SYSTEM "JPG"> +<!NOTATION JPEG SYSTEM "JPG"> +<!NOTATION IGES PUBLIC +"-//USA-DOD//NOTATION (ASME/ANSI Y14.26M-1987) Initial Graphics Exchange Specification//EN"> +<!NOTATION PCX PUBLIC +"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION ZSoft PCX bitmap//EN"> +<!-- PIC was SYSTEM "-//AT&T//NOTATION EQN-1//EN" --> +<!NOTATION PIC SYSTEM> +<!NOTATION PNG SYSTEM "http://www.w3.org/TR/REC-png"> +<!NOTATION PS SYSTEM "PS"> +<!NOTATION SGML PUBLIC +"ISO 8879:1986//NOTATION Standard Generalized Markup Language//EN"> +<!-- TBL was SYSTEM "-//AT&T//NOTATION EQN-1//EN" --> +<!NOTATION TBL SYSTEM> +<!NOTATION TEX PUBLIC +"+//ISBN 0-201-13448-9::Knuth//NOTATION The TeXbook//EN"> +<!NOTATION TIFF SYSTEM "TIFF"> +<!NOTATION WMF PUBLIC +"+//ISBN 0-7923-9432-1::Graphic Notation//NOTATION Microsoft Windows Metafile//EN"> +<!NOTATION WPG SYSTEM "WPG" --WordPerfect Graphic format--> +<!NOTATION linespecific SYSTEM +"line ends and leading white space must be preserved in output"> diff --git a/docs/docbook/dbsgml/dbpool.mod b/docs/docbook/dbsgml/dbpool.mod new file mode 100755 index 0000000000..3867d070e8 --- /dev/null +++ b/docs/docbook/dbsgml/dbpool.mod @@ -0,0 +1,7396 @@ +<!-- ...................................................................... --> +<!-- DocBook information pool module V4.1 ................................. --> +<!-- File dbpool.mod ...................................................... --> + +<!-- Copyright 1992-2000 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, and the Organization for the Advancement of + Structured Information Standards (OASIS). + + $Id: dbpool.mod,v 1.3 2001/12/06 07:37:55 jerry Exp $ + + Permission to use, copy, modify and distribute the DocBook DTD and + its accompanying documentation for any purpose and without fee is + hereby granted in perpetuity, provided that the above copyright + notice and this paragraph appear in all copies. The copyright + holders make no representation about the suitability of the DTD for + any purpose. It is provided "as is" without expressed or implied + warranty. + + If you modify the DocBook DTD in any way, except for declaring and + referencing additional sets of general entities and declaring + additional notations, label your DTD as a variant of DocBook. See + the maintenance documentation for more information. + + Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/docbook/. +--> + +<!-- ...................................................................... --> + +<!-- This module contains the definitions for the objects, inline + elements, and so on that are available to be used as the main + content of DocBook documents. Some elements are useful for general + publishing, and others are useful specifically for computer + documentation. + + This module has the following dependencies on other modules: + + o It assumes that a %notation.class; entity is defined by the + driver file or other high-level module. This entity is + referenced in the NOTATION attributes for the graphic-related and + ModeSpec elements. + + o It assumes that an appropriately parameterized table module is + available for use with the table-related elements. + + In DTD driver files referring to this module, please use an entity + declaration that uses the public identifier shown below: + + <!ENTITY % dbpool PUBLIC + "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN"> + %dbpool; + + See the documentation for detailed information on the parameter + entity and module scheme used in DocBook, customizing DocBook and + planning for interchange, and changes made since the last release + of DocBook. +--> + +<!-- ...................................................................... --> +<!-- General-purpose semantics entities ................................... --> + +<!ENTITY % yesorno.attvals "NUMBER"> + +<![IGNORE[ +<!ENTITY % yes.attval "1"> <!-- never actually used --> +]]> + +<!ENTITY % no.attval "0"> + +<!-- ...................................................................... --> +<!-- Entities for module inclusions ....................................... --> + +<!ENTITY % dbpool.redecl.module "IGNORE"> + +<!-- ...................................................................... --> +<!-- Entities for element classes and mixtures ............................ --> + +<!-- Object-level classes ................................................. --> + +<!ENTITY % local.list.class ""> +<!ENTITY % list.class + "CalloutList|GlossList|ItemizedList|OrderedList|SegmentedList + |SimpleList|VariableList %local.list.class;"> + +<!ENTITY % local.admon.class ""> +<!ENTITY % admon.class + "Caution|Important|Note|Tip|Warning %local.admon.class;"> + +<!ENTITY % local.linespecific.class ""> +<!ENTITY % linespecific.class + "LiteralLayout|ProgramListing|ProgramListingCO|Screen + |ScreenCO|ScreenShot %local.linespecific.class;"> + +<!ENTITY % local.method.synop.class ""> +<!ENTITY % method.synop.class + "ConstructorSynopsis + |DestructorSynopsis + |MethodSynopsis %local.method.synop.class;"> + +<!ENTITY % local.synop.class ""> +<!ENTITY % synop.class + "Synopsis|CmdSynopsis|FuncSynopsis + |ClassSynopsis|FieldSynopsis + |%method.synop.class; %local.synop.class;"> + +<!ENTITY % local.para.class ""> +<!ENTITY % para.class + "FormalPara|Para|SimPara %local.para.class;"> + +<!ENTITY % local.informal.class ""> +<!ENTITY % informal.class + "Address|BlockQuote + |Graphic|GraphicCO|MediaObject|MediaObjectCO + |InformalEquation + |InformalExample + |InformalFigure + |InformalTable %local.informal.class;"> + +<!ENTITY % local.formal.class ""> +<!ENTITY % formal.class + "Equation|Example|Figure|Table %local.formal.class;"> + +<!-- The DocBook TC may produce an official EBNF module for DocBook. --> +<!-- This PE provides the hook by which it can be inserted into the DTD. --> +<!ENTITY % ebnf.block.hook ""> + +<!ENTITY % local.compound.class ""> +<!ENTITY % compound.class + "MsgSet|Procedure|Sidebar|QandASet + %ebnf.block.hook; + %local.compound.class;"> + +<!ENTITY % local.genobj.class ""> +<!ENTITY % genobj.class + "Anchor|BridgeHead|Remark|Highlights + %local.genobj.class;"> + +<!ENTITY % local.descobj.class ""> +<!ENTITY % descobj.class + "Abstract|AuthorBlurb|Epigraph + %local.descobj.class;"> + +<!-- Character-level classes .............................................. --> + +<!ENTITY % local.ndxterm.class ""> +<!ENTITY % ndxterm.class + "IndexTerm %local.ndxterm.class;"> + +<!ENTITY % local.xref.char.class ""> +<!ENTITY % xref.char.class + "FootnoteRef|XRef %local.xref.char.class;"> + +<!ENTITY % local.gen.char.class ""> +<!ENTITY % gen.char.class + "Abbrev|Acronym|Citation|CiteRefEntry|CiteTitle|Emphasis + |FirstTerm|ForeignPhrase|GlossTerm|Footnote|Phrase + |Quote|Trademark|WordAsWord %local.gen.char.class;"> + +<!ENTITY % local.link.char.class ""> +<!ENTITY % link.char.class + "Link|OLink|ULink %local.link.char.class;"> + +<!-- The DocBook TC may produce an official EBNF module for DocBook. --> +<!-- This PE provides the hook by which it can be inserted into the DTD. --> +<!ENTITY % ebnf.inline.hook ""> + +<!ENTITY % local.tech.char.class ""> +<!ENTITY % tech.char.class + "Action|Application + |ClassName|MethodName|InterfaceName|ExceptionName + |OOClass|OOInterface|OOException + |Command|ComputerOutput + |Database|Email|EnVar|ErrorCode|ErrorName|ErrorType|Filename + |Function|GUIButton|GUIIcon|GUILabel|GUIMenu|GUIMenuItem + |GUISubmenu|Hardware|Interface|KeyCap + |KeyCode|KeyCombo|KeySym|Literal|Constant|Markup|MediaLabel + |MenuChoice|MouseButton|Option|Optional|Parameter + |Prompt|Property|Replaceable|ReturnValue|SGMLTag|StructField + |StructName|Symbol|SystemItem|Token|Type|UserInput|VarName + %ebnf.inline.hook; + %local.tech.char.class;"> + +<!ENTITY % local.base.char.class ""> +<!ENTITY % base.char.class + "Anchor %local.base.char.class;"> + +<!ENTITY % local.docinfo.char.class ""> +<!ENTITY % docinfo.char.class + "Author|AuthorInitials|CorpAuthor|ModeSpec|OtherCredit + |ProductName|ProductNumber|RevHistory + %local.docinfo.char.class;"> + +<!ENTITY % local.other.char.class ""> +<!ENTITY % other.char.class + "Remark|Subscript|Superscript %local.other.char.class;"> + +<!ENTITY % local.inlineobj.char.class ""> +<!ENTITY % inlineobj.char.class + "InlineGraphic|InlineMediaObject|InlineEquation %local.inlineobj.char.class;"> + +<!-- Redeclaration placeholder ............................................ --> + +<!-- For redeclaring entities that are declared after this point while + retaining their references to the entities that are declared before + this point --> + +<![ %dbpool.redecl.module; [ +%rdbpool; +<!--end of dbpool.redecl.module-->]]> + +<!-- Object-level mixtures ................................................ --> + +<!-- + list admn line synp para infm form cmpd gen desc +Component mixture X X X X X X X X X X +Sidebar mixture X X X X X X X a X +Footnote mixture X X X X X +Example mixture X X X X X +Highlights mixture X X X +Paragraph mixture X X X X +Admonition mixture X X X X X X b c +Figure mixture X X X +Table entry mixture X X X X d +Glossary def mixture X X X X X e +Legal notice mixture X X X X f + +a. Just Procedure; not Sidebar itself or MsgSet. +b. No MsgSet. +c. No Highlights. +d. Just Graphic; no other informal objects. +e. No Anchor, BridgeHead, or Highlights. +f. Just BlockQuote; no other informal objects. +--> + +<!ENTITY % local.component.mix ""> +<!ENTITY % component.mix + "%list.class; |%admon.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |%compound.class; + |%genobj.class; |%descobj.class; + |%ndxterm.class; + %local.component.mix;"> + +<!ENTITY % local.sidebar.mix ""> +<!ENTITY % sidebar.mix + "%list.class; |%admon.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |Procedure + |%genobj.class; + |%ndxterm.class; + %local.sidebar.mix;"> + +<!ENTITY % local.qandaset.mix ""> +<!ENTITY % qandaset.mix + "%list.class; |%admon.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |Procedure + |%genobj.class; + |%ndxterm.class; + %local.qandaset.mix;"> + +<!ENTITY % local.revdescription.mix ""> +<!ENTITY % revdescription.mix + "%list.class; |%admon.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |Procedure + |%genobj.class; + |%ndxterm.class; + %local.revdescription.mix;"> + +<!ENTITY % local.footnote.mix ""> +<!ENTITY % footnote.mix + "%list.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + %local.footnote.mix;"> + +<!ENTITY % local.example.mix ""> +<!ENTITY % example.mix + "%list.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%ndxterm.class; + %local.example.mix;"> + +<!ENTITY % local.highlights.mix ""> +<!ENTITY % highlights.mix + "%list.class; |%admon.class; + |%para.class; + |%ndxterm.class; + %local.highlights.mix;"> + +<!-- %formal.class; is explicitly excluded from many contexts in which + paragraphs are used --> + +<!ENTITY % local.para.mix ""> +<!ENTITY % para.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%informal.class; + |%formal.class; + %local.para.mix;"> + +<!ENTITY % local.admon.mix ""> +<!ENTITY % admon.mix + "%list.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; |Procedure|Sidebar + |Anchor|BridgeHead|Remark + |%ndxterm.class; + %local.admon.mix;"> + +<!ENTITY % local.figure.mix ""> +<!ENTITY % figure.mix + "%linespecific.class; |%synop.class; + |%informal.class; + |%ndxterm.class; + %local.figure.mix;"> + +<!ENTITY % local.tabentry.mix ""> +<!ENTITY % tabentry.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |Graphic|MediaObject + %local.tabentry.mix;"> + +<!ENTITY % local.glossdef.mix ""> +<!ENTITY % glossdef.mix + "%list.class; + |%linespecific.class; |%synop.class; + |%para.class; |%informal.class; + |%formal.class; + |Remark + |%ndxterm.class; + %local.glossdef.mix;"> + +<!ENTITY % local.legalnotice.mix ""> +<!ENTITY % legalnotice.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |BlockQuote + |%ndxterm.class; + %local.legalnotice.mix;"> + +<!ENTITY % local.textobject.mix ""> +<!ENTITY % textobject.mix + "%list.class; |%admon.class; + |%linespecific.class; + |%para.class; |BlockQuote + %local.textobject.mix;"> + +<!ENTITY % local.mediaobject.mix ""> +<!ENTITY % mediaobject.mix + "VideoObject|AudioObject|ImageObject %local.mediaobject.mix"> + +<!-- Character-level mixtures ............................................. --> + +<!ENTITY % local.ubiq.mix ""> +<!ENTITY % ubiq.mix + "%ndxterm.class;|BeginPage %local.ubiq.mix;"> + +<!ENTITY % ubiq.exclusion "-(%ubiq.mix)"> +<!ENTITY % ubiq.inclusion "+(%ubiq.mix)"> + +<!ENTITY % footnote.exclusion "-(Footnote|%formal.class;)"> +<!ENTITY % highlights.exclusion "-(%ubiq.mix;|%formal.class;)"> +<!ENTITY % admon.exclusion "-(%admon.class;)"> +<!ENTITY % formal.exclusion "-(%formal.class;)"> +<!ENTITY % acronym.exclusion "-(Acronym)"> +<!ENTITY % beginpage.exclusion "-(BeginPage)"> +<!ENTITY % ndxterm.exclusion "-(%ndxterm.class;)"> +<!ENTITY % blockquote.exclusion "-(Epigraph)"> +<!ENTITY % remark.exclusion "-(Remark|%ubiq.mix;)"> +<!ENTITY % glossterm.exclusion "-(GlossTerm)"> +<!ENTITY % links.exclusion "-(Link|OLink|ULink|XRef)"> + +<!-- + #PCD xref word link cptr base dnfo othr inob (synop) +para.char.mix X X X X X X X X X +title.char.mix X X X X X X X X X +ndxterm.char.mix X X X X X X X X a +cptr.char.mix X X X X X a +smallcptr.char.mix X b a +word.char.mix X c X X X a +docinfo.char.mix X d X b X a + +a. Just InlineGraphic; no InlineEquation. +b. Just Replaceable; no other computer terms. +c. Just Emphasis and Trademark; no other word elements. +d. Just Acronym, Emphasis, and Trademark; no other word elements. +--> + +<!-- The DocBook TC may produce an official forms module for DocBook. --> +<!-- This PE provides the hook by which it can be inserted into the DTD. --> +<!ENTITY % forminlines.hook ""> + +<!ENTITY % local.para.char.mix ""> +<!ENTITY % para.char.mix + "#PCDATA + |%xref.char.class; |%gen.char.class; + |%link.char.class; |%tech.char.class; + |%base.char.class; |%docinfo.char.class; + |%other.char.class; |%inlineobj.char.class; + |%synop.class; + |%ndxterm.class; + %forminlines.hook; + %local.para.char.mix;"> + +<!ENTITY % local.title.char.mix ""> +<!ENTITY % title.char.mix + "#PCDATA + |%xref.char.class; |%gen.char.class; + |%link.char.class; |%tech.char.class; + |%base.char.class; |%docinfo.char.class; + |%other.char.class; |%inlineobj.char.class; + |%ndxterm.class; + %local.title.char.mix;"> + +<!ENTITY % local.ndxterm.char.mix ""> +<!ENTITY % ndxterm.char.mix + "#PCDATA + |%xref.char.class; |%gen.char.class; + |%link.char.class; |%tech.char.class; + |%base.char.class; |%docinfo.char.class; + |%other.char.class; |InlineGraphic|InlineMediaObject + %local.ndxterm.char.mix;"> + +<!ENTITY % local.cptr.char.mix ""> +<!ENTITY % cptr.char.mix + "#PCDATA + |%link.char.class; |%tech.char.class; + |%base.char.class; + |%other.char.class; |InlineGraphic|InlineMediaObject + |%ndxterm.class; + %local.cptr.char.mix;"> + +<!ENTITY % local.smallcptr.char.mix ""> +<!ENTITY % smallcptr.char.mix + "#PCDATA + |Replaceable + |InlineGraphic|InlineMediaObject + |%ndxterm.class; + %local.smallcptr.char.mix;"> + +<!ENTITY % local.word.char.mix ""> +<!ENTITY % word.char.mix + "#PCDATA + |Acronym|Emphasis|Trademark + |%link.char.class; + |%base.char.class; + |%other.char.class; |InlineGraphic|InlineMediaObject + |%ndxterm.class; + %local.word.char.mix;"> + +<!ENTITY % local.docinfo.char.mix ""> +<!ENTITY % docinfo.char.mix + "#PCDATA + |%link.char.class; + |Emphasis|Trademark + |Replaceable + |%other.char.class; |InlineGraphic|InlineMediaObject + |%ndxterm.class; + %local.docinfo.char.mix;"> +<!--ENTITY % bibliocomponent.mix (see Bibliographic section, below)--> +<!--ENTITY % person.ident.mix (see Bibliographic section, below)--> + +<!-- ...................................................................... --> +<!-- Entities for content models .......................................... --> + +<!ENTITY % formalobject.title.content "Title, TitleAbbrev?"> + +<!-- ...................................................................... --> +<!-- Entities for attributes and attribute components ..................... --> + +<!-- Effectivity attributes ............................................... --> + +<!ENTITY % arch.attrib + --Arch: Computer or chip architecture to which element applies; no + default-- + "Arch CDATA #IMPLIED"> + +<!ENTITY % condition.attrib + --Condition: General-purpose effectivity attribute-- + "Condition CDATA #IMPLIED"> + +<!ENTITY % conformance.attrib + --Conformance: Standards conformance characteristics-- + "Conformance NMTOKENS #IMPLIED"> + +<!ENTITY % os.attrib + --OS: Operating system to which element applies; no default-- + "OS CDATA #IMPLIED"> + +<!ENTITY % revision.attrib + --Revision: Editorial revision to which element belongs; no default-- + "Revision CDATA #IMPLIED"> + +<!ENTITY % security.attrib + --Security: Security classification; no default-- + "Security CDATA #IMPLIED"> + +<!ENTITY % userlevel.attrib + --UserLevel: Level of user experience to which element applies; no + default-- + "UserLevel CDATA #IMPLIED"> + +<!ENTITY % vendor.attrib + --Vendor: Computer vendor to which element applies; no default-- + "Vendor CDATA #IMPLIED"> + +<!ENTITY % local.effectivity.attrib ""> +<!ENTITY % effectivity.attrib + "%arch.attrib; + %condition.attrib; + %conformance.attrib; + %os.attrib; + %revision.attrib; + %security.attrib; + %userlevel.attrib; + %vendor.attrib; + %local.effectivity.attrib;" +> + +<!-- Common attributes .................................................... --> + +<!ENTITY % id.attrib + --Id: Unique identifier of element; no default-- + "Id ID #IMPLIED"> + +<!ENTITY % idreq.attrib + --Id: Unique identifier of element; a value must be supplied; no + default-- + "Id ID #REQUIRED"> + +<!ENTITY % lang.attrib + --Lang: Indicator of language in which element is written, for + translation, character set management, etc.; no default-- + "Lang CDATA #IMPLIED"> + +<!ENTITY % remap.attrib + --Remap: Previous role of element before conversion; no default-- + "Remap CDATA #IMPLIED"> + +<!ENTITY % role.attrib + --Role: New role of element in local environment; no default-- + "Role CDATA #IMPLIED"> + +<!ENTITY % xreflabel.attrib + --XRefLabel: Alternate labeling string for XRef text generation; + default is usually title or other appropriate label text already + contained in element-- + "XRefLabel CDATA #IMPLIED"> + +<!ENTITY % revisionflag.attrib + --RevisionFlag: Revision status of element; default is that element + wasn't revised-- + "RevisionFlag (Changed + |Added + |Deleted + |Off) #IMPLIED"> + +<!ENTITY % local.common.attrib ""> +<!ENTITY % common.attrib + "%id.attrib; + %lang.attrib; + %remap.attrib; + --Role is included explicitly on each element-- + %xreflabel.attrib; + %revisionflag.attrib; + %effectivity.attrib; + %local.common.attrib;" +> + +<!ENTITY % idreq.common.attrib + "%idreq.attrib; + %lang.attrib; + %remap.attrib; + --Role is included explicitly on each element-- + %xreflabel.attrib; + %revisionflag.attrib; + %effectivity.attrib; + %local.common.attrib;" +> + +<!-- Semi-common attributes and other attribute entities .................. --> + +<!ENTITY % local.graphics.attrib ""> +<!ENTITY % graphics.attrib + " + --EntityRef: Name of an external entity containing the content + of the graphic-- + EntityRef ENTITY #IMPLIED + + --FileRef: Filename, qualified by a pathname if desired, + designating the file containing the content of the graphic-- + FileRef CDATA #IMPLIED + + --Format: Notation of the element content, if any-- + Format (%notation.class;) + #IMPLIED + + --SrcCredit: Information about the source of the Graphic-- + SrcCredit CDATA #IMPLIED + + --Width: Same as CALS reprowid (desired width)-- + Width NUTOKEN #IMPLIED + + --Depth: Same as CALS reprodep (desired depth)-- + Depth NUTOKEN #IMPLIED + + --Align: Same as CALS hplace with 'none' removed; #IMPLIED means + application-specific-- + Align (Left + |Right + |Center) #IMPLIED + + --Scale: Conflation of CALS hscale and vscale-- + Scale NUMBER #IMPLIED + + --Scalefit: Same as CALS scalefit-- + Scalefit %yesorno.attvals; + #IMPLIED + %local.graphics.attrib;" +> + +<!ENTITY % local.keyaction.attrib ""> +<!ENTITY % keyaction.attrib + " + --Action: Key combination type; default is unspecified if one + child element, Simul if there is more than one; if value is + Other, the OtherAction attribute must have a nonempty value-- + Action (Click + |Double-Click + |Press + |Seq + |Simul + |Other) #IMPLIED + + --OtherAction: User-defined key combination type-- + OtherAction CDATA #IMPLIED + %local.keyaction.attrib;" +> + +<!ENTITY % label.attrib + --Label: Identifying number or string; default is usually the + appropriate number or string autogenerated by a formatter-- + "Label CDATA #IMPLIED"> + +<!ENTITY % linespecific.attrib + --Format: whether element is assumed to contain significant white + space-- + "Format NOTATION + (linespecific) linespecific + LineNumbering (Numbered|Unnumbered) #IMPLIED"> + +<!ENTITY % linkend.attrib + --Linkend: link to related information; no default-- + "Linkend IDREF #IMPLIED"> + +<!ENTITY % linkendreq.attrib + --Linkend: required link to related information-- + "Linkend IDREF #REQUIRED"> + +<!ENTITY % linkends.attrib + --Linkends: link to one or more sets of related information; no + default-- + "Linkends IDREFS #IMPLIED"> + +<![IGNORE[ +<!-- Declared for completeness, but never used --> +<!ENTITY % linkendsreq.attrib + --Linkends: required link to one or more sets of related information-- + "Linkends IDREFS #REQUIRED"> +]]> + +<!ENTITY % local.mark.attrib ""> +<!ENTITY % mark.attrib + "Mark CDATA #IMPLIED + %local.mark.attrib;" +> + +<!ENTITY % moreinfo.attrib + --MoreInfo: whether element's content has an associated RefEntry-- + "MoreInfo (RefEntry|None) None"> + +<!ENTITY % pagenum.attrib + --Pagenum: number of page on which element appears; no default-- + "Pagenum CDATA #IMPLIED"> + +<!ENTITY % local.status.attrib ""> +<!ENTITY % status.attrib + --Status: Editorial or publication status of the element + it applies to, such as "in review" or "approved for distribution"-- + "Status CDATA #IMPLIED + %local.status.attrib;" +> + +<!ENTITY % width.attrib + --Width: width of the longest line in the element to which it + pertains, in number of characters-- + "Width NUMBER #IMPLIED"> + +<!-- ...................................................................... --> +<!-- Title elements ....................................................... --> + +<!ENTITY % title.module "INCLUDE"> +<![ %title.module; [ +<!ENTITY % local.title.attrib ""> +<!ENTITY % title.role.attrib "%role.attrib;"> + +<!ENTITY % title.element "INCLUDE"> +<![ %title.element; [ +<!ELEMENT Title - O ((%title.char.mix;)+)> +<!--end of title.element-->]]> + +<!ENTITY % title.attlist "INCLUDE"> +<![ %title.attlist; [ +<!ATTLIST Title + %pagenum.attrib; + %common.attrib; + %title.role.attrib; + %local.title.attrib; +> +<!--end of title.attlist-->]]> +<!--end of title.module-->]]> + +<!ENTITY % titleabbrev.module "INCLUDE"> +<![ %titleabbrev.module; [ +<!ENTITY % local.titleabbrev.attrib ""> +<!ENTITY % titleabbrev.role.attrib "%role.attrib;"> + +<!ENTITY % titleabbrev.element "INCLUDE"> +<![ %titleabbrev.element; [ +<!ELEMENT TitleAbbrev - O ((%title.char.mix;)+)> +<!--end of titleabbrev.element-->]]> + +<!ENTITY % titleabbrev.attlist "INCLUDE"> +<![ %titleabbrev.attlist; [ +<!ATTLIST TitleAbbrev + %common.attrib; + %titleabbrev.role.attrib; + %local.titleabbrev.attrib; +> +<!--end of titleabbrev.attlist-->]]> +<!--end of titleabbrev.module-->]]> + +<!ENTITY % subtitle.module "INCLUDE"> +<![ %subtitle.module; [ +<!ENTITY % local.subtitle.attrib ""> +<!ENTITY % subtitle.role.attrib "%role.attrib;"> + +<!ENTITY % subtitle.element "INCLUDE"> +<![ %subtitle.element; [ +<!ELEMENT Subtitle - O ((%title.char.mix;)+)> +<!--end of subtitle.element-->]]> + +<!ENTITY % subtitle.attlist "INCLUDE"> +<![ %subtitle.attlist; [ +<!ATTLIST Subtitle + %common.attrib; + %subtitle.role.attrib; + %local.subtitle.attrib; +> +<!--end of subtitle.attlist-->]]> +<!--end of subtitle.module-->]]> + +<!-- ...................................................................... --> +<!-- Bibliographic entities and elements .................................. --> + +<!-- The bibliographic elements are typically used in the document + hierarchy. They do not appear in content models of information + pool elements. See also the document information elements, + below. --> + +<!ENTITY % local.person.ident.mix ""> +<!ENTITY % person.ident.mix + "Honorific|FirstName|Surname|Lineage|OtherName|Affiliation + |AuthorBlurb|Contrib %local.person.ident.mix;"> + +<!ENTITY % local.bibliocomponent.mix ""> +<!ENTITY % bibliocomponent.mix + "Abbrev|Abstract|Address|ArtPageNums|Author + |AuthorGroup|AuthorInitials|BiblioMisc|BiblioSet + |Collab|ConfGroup|ContractNum|ContractSponsor + |Copyright|CorpAuthor|CorpName|Date|Edition + |Editor|InvPartNumber|ISBN|ISSN|IssueNum|OrgName + |OtherCredit|PageNums|PrintHistory|ProductName + |ProductNumber|PubDate|Publisher|PublisherName + |PubsNumber|ReleaseInfo|RevHistory|SeriesVolNums + |Subtitle|Title|TitleAbbrev|VolumeNum|CiteTitle + |%person.ident.mix; + |%ndxterm.class; + %local.bibliocomponent.mix;"> + +<!ENTITY % biblioentry.module "INCLUDE"> +<![ %biblioentry.module; [ +<!ENTITY % local.biblioentry.attrib ""> + +<!ENTITY % biblioentry.role.attrib "%role.attrib;"> + +<!ENTITY % biblioentry.element "INCLUDE"> +<![ %biblioentry.element; [ +<!--FUTURE USE (V5.0): +...................... +ArticleInfo will be droped from BiblioEntry +...................... +--> +<!ELEMENT BiblioEntry - O ((ArticleInfo + | (%bibliocomponent.mix;))+) + %ubiq.exclusion;> +<!--end of biblioentry.element-->]]> + +<!ENTITY % biblioentry.attlist "INCLUDE"> +<![ %biblioentry.attlist; [ +<!ATTLIST BiblioEntry + %common.attrib; + %biblioentry.role.attrib; + %local.biblioentry.attrib; +> +<!--end of biblioentry.attlist-->]]> +<!--end of biblioentry.module-->]]> + +<!ENTITY % bibliomixed.module "INCLUDE"> +<![ %bibliomixed.module; [ +<!ENTITY % local.bibliomixed.attrib ""> +<!ENTITY % bibliomixed.role.attrib "%role.attrib;"> + +<!ENTITY % bibliomixed.element "INCLUDE"> +<![ %bibliomixed.element; [ +<!ELEMENT BiblioMixed - O ((%bibliocomponent.mix; | BiblioMSet | #PCDATA)+) + %ubiq.exclusion;> +<!--end of bibliomixed.element-->]]> + +<!ENTITY % bibliomixed.attlist "INCLUDE"> +<![ %bibliomixed.attlist; [ +<!ATTLIST BiblioMixed + %common.attrib; + %bibliomixed.role.attrib; + %local.bibliomixed.attrib; +> +<!--end of bibliomixed.attlist-->]]> +<!--end of bibliomixed.module-->]]> + +<!ENTITY % articleinfo.module "INCLUDE"> +<![ %articleinfo.module; [ +<!ENTITY % local.articleinfo.attrib ""> +<!ENTITY % articleinfo.role.attrib "%role.attrib;"> + +<!ENTITY % articleinfo.element "INCLUDE"> +<![ %articleinfo.element; [ +<!ELEMENT ArticleInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + -(BeginPage)> +<!--end of articleinfo.element-->]]> + +<!ENTITY % articleinfo.attlist "INCLUDE"> +<![ %articleinfo.attlist; [ +<!ATTLIST ArticleInfo + %common.attrib; + %articleinfo.role.attrib; + %local.articleinfo.attrib; +> +<!--end of articleinfo.attlist-->]]> +<!--end of articleinfo.module-->]]> + +<!ENTITY % biblioset.module "INCLUDE"> +<![ %biblioset.module; [ +<!ENTITY % local.biblioset.attrib ""> +<!ENTITY % biblioset.role.attrib "%role.attrib;"> + +<!ENTITY % biblioset.element "INCLUDE"> +<![ %biblioset.element; [ +<!ELEMENT BiblioSet - - ((%bibliocomponent.mix;)+) %ubiq.exclusion;> +<!--end of biblioset.element-->]]> + +<!ENTITY % biblioset.attlist "INCLUDE"> +<![ %biblioset.attlist; [ +<!ATTLIST BiblioSet + -- + Relation: Relationship of elements contained within BiblioSet + -- + Relation CDATA #IMPLIED + %common.attrib; + %biblioset.role.attrib; + %local.biblioset.attrib; +> +<!--end of biblioset.attlist-->]]> +<!--end of biblioset.module-->]]> + +<!ENTITY % bibliomset.module "INCLUDE"> +<![ %bibliomset.module; [ +<!ENTITY % bibliomset.role.attrib "%role.attrib;"> +<!ENTITY % local.bibliomset.attrib ""> + +<!ENTITY % bibliomset.element "INCLUDE"> +<![ %bibliomset.element; [ +<!ELEMENT BiblioMSet - - ((%bibliocomponent.mix; | BiblioMSet | #PCDATA)+) + %ubiq.exclusion;> +<!--end of bibliomset.element-->]]> + +<!ENTITY % bibliomset.attlist "INCLUDE"> +<![ %bibliomset.attlist; [ +<!ATTLIST BiblioMSet + -- + Relation: Relationship of elements contained within BiblioMSet + -- + Relation CDATA #IMPLIED + %bibliomset.role.attrib; + %common.attrib; + %local.bibliomset.attrib; +> +<!--end of bibliomset.attlist-->]]> +<!--end of bibliomset.module-->]]> + +<!ENTITY % bibliomisc.module "INCLUDE"> +<![ %bibliomisc.module; [ +<!ENTITY % local.bibliomisc.attrib ""> +<!ENTITY % bibliomisc.role.attrib "%role.attrib;"> + +<!ENTITY % bibliomisc.element "INCLUDE"> +<![ %bibliomisc.element; [ +<!ELEMENT BiblioMisc - - ((%para.char.mix;)+)> +<!--end of bibliomisc.element-->]]> + +<!ENTITY % bibliomisc.attlist "INCLUDE"> +<![ %bibliomisc.attlist; [ +<!ATTLIST BiblioMisc + %common.attrib; + %bibliomisc.role.attrib; + %local.bibliomisc.attrib; +> +<!--end of bibliomisc.attlist-->]]> +<!--end of bibliomisc.module-->]]> + +<!-- ...................................................................... --> +<!-- Subject, Keyword, and ITermSet elements .............................. --> + +<!ENTITY % subjectset.content.module "INCLUDE"> +<![ %subjectset.content.module; [ +<!ENTITY % subjectset.module "INCLUDE"> +<![ %subjectset.module; [ +<!ENTITY % local.subjectset.attrib ""> +<!ENTITY % subjectset.role.attrib "%role.attrib;"> + +<!ENTITY % subjectset.element "INCLUDE"> +<![ %subjectset.element; [ +<!ELEMENT SubjectSet - - (Subject+)> +<!--end of subjectset.element-->]]> + +<!ENTITY % subjectset.attlist "INCLUDE"> +<![ %subjectset.attlist; [ +<!ATTLIST SubjectSet + -- + Scheme: Controlled vocabulary employed in SubjectTerms + -- + Scheme NAME #IMPLIED + %common.attrib; + %subjectset.role.attrib; + %local.subjectset.attrib; +> +<!--end of subjectset.attlist-->]]> +<!--end of subjectset.module-->]]> + +<!ENTITY % subject.module "INCLUDE"> +<![ %subject.module; [ +<!ENTITY % local.subject.attrib ""> +<!ENTITY % subject.role.attrib "%role.attrib;"> + +<!ENTITY % subject.element "INCLUDE"> +<![ %subject.element; [ +<!ELEMENT Subject - - (SubjectTerm+)> +<!--end of subject.element-->]]> + +<!ENTITY % subject.attlist "INCLUDE"> +<![ %subject.attlist; [ +<!ATTLIST Subject + -- + Weight: Ranking of this group of SubjectTerms relative + to others, 0 is low, no highest value specified + -- + Weight NUMBER #IMPLIED + %common.attrib; + %subject.role.attrib; + %local.subject.attrib; +> +<!--end of subject.attlist-->]]> +<!--end of subject.module-->]]> + +<!ENTITY % subjectterm.module "INCLUDE"> +<![ %subjectterm.module; [ +<!ENTITY % local.subjectterm.attrib ""> +<!ENTITY % subjectterm.role.attrib "%role.attrib;"> + +<!ENTITY % subjectterm.element "INCLUDE"> +<![ %subjectterm.element; [ +<!ELEMENT SubjectTerm - - (#PCDATA)> +<!--end of subjectterm.element-->]]> + +<!ENTITY % subjectterm.attlist "INCLUDE"> +<![ %subjectterm.attlist; [ +<!ATTLIST SubjectTerm + %common.attrib; + %subjectterm.role.attrib; + %local.subjectterm.attrib; +> +<!--end of subjectterm.attlist-->]]> +<!--end of subjectterm.module-->]]> +<!--end of subjectset.content.module-->]]> + +<!ENTITY % keywordset.content.module "INCLUDE"> +<![ %keywordset.content.module; [ +<!ENTITY % local.keywordset.attrib ""> +<!ENTITY % keywordset.module "INCLUDE"> +<![ %keywordset.module; [ +<!ENTITY % local.keywordset.attrib ""> +<!ENTITY % keywordset.role.attrib "%role.attrib;"> + +<!ENTITY % keywordset.element "INCLUDE"> +<![ %keywordset.element; [ +<!ELEMENT KeywordSet - - (Keyword+)> +<!--end of keywordset.element-->]]> + +<!ENTITY % keywordset.attlist "INCLUDE"> +<![ %keywordset.attlist; [ +<!ATTLIST KeywordSet + %common.attrib; + %keywordset.role.attrib; + %local.keywordset.attrib; +> +<!--end of keywordset.attlist-->]]> +<!--end of keywordset.module-->]]> + +<!ENTITY % keyword.module "INCLUDE"> +<![ %keyword.module; [ +<!ENTITY % local.keyword.attrib ""> +<!ENTITY % keyword.role.attrib "%role.attrib;"> + +<!ENTITY % keyword.element "INCLUDE"> +<![ %keyword.element; [ +<!ELEMENT Keyword - - (#PCDATA)> +<!--end of keyword.element-->]]> + +<!ENTITY % keyword.attlist "INCLUDE"> +<![ %keyword.attlist; [ +<!ATTLIST Keyword + %common.attrib; + %keyword.role.attrib; + %local.keyword.attrib; +> +<!--end of keyword.attlist-->]]> +<!--end of keyword.module-->]]> +<!--end of keywordset.content.module-->]]> + +<!ENTITY % itermset.module "INCLUDE"> +<![ %itermset.module; [ +<!ENTITY % local.itermset.attrib ""> +<!ENTITY % itermset.role.attrib "%role.attrib;"> + +<!ENTITY % itermset.element "INCLUDE"> +<![ %itermset.element; [ +<!ELEMENT ITermSet - - (IndexTerm+)> +<!--end of itermset.element-->]]> + +<!ENTITY % itermset.attlist "INCLUDE"> +<![ %itermset.attlist; [ +<!ATTLIST ITermSet + %common.attrib; + %itermset.role.attrib; + %local.itermset.attrib; +> +<!--end of itermset.attlist-->]]> +<!--end of itermset.module-->]]> + +<!-- ...................................................................... --> +<!-- Compound (section-ish) elements ...................................... --> + +<!-- Message set ...................... --> + +<!ENTITY % msgset.content.module "INCLUDE"> +<![ %msgset.content.module; [ +<!ENTITY % msgset.module "INCLUDE"> +<![ %msgset.module; [ +<!ENTITY % local.msgset.attrib ""> +<!ENTITY % msgset.role.attrib "%role.attrib;"> + +<!ENTITY % msgset.element "INCLUDE"> +<![ %msgset.element; [ +<!ELEMENT MsgSet - - ((%formalobject.title.content;)?, (MsgEntry+|SimpleMsgEntry+))> +<!--end of msgset.element-->]]> + +<!ENTITY % msgset.attlist "INCLUDE"> +<![ %msgset.attlist; [ +<!ATTLIST MsgSet + %common.attrib; + %msgset.role.attrib; + %local.msgset.attrib; +> +<!--end of msgset.attlist-->]]> +<!--end of msgset.module-->]]> + +<!ENTITY % msgentry.module "INCLUDE"> +<![ %msgentry.module; [ +<!ENTITY % local.msgentry.attrib ""> +<!ENTITY % msgentry.role.attrib "%role.attrib;"> + +<!ENTITY % msgentry.element "INCLUDE"> +<![ %msgentry.element; [ +<!ELEMENT MsgEntry - O (Msg+, MsgInfo?, MsgExplan*)> +<!--end of msgentry.element-->]]> + +<!ENTITY % msgentry.attlist "INCLUDE"> +<![ %msgentry.attlist; [ +<!ATTLIST MsgEntry + %common.attrib; + %msgentry.role.attrib; + %local.msgentry.attrib; +> +<!--end of msgentry.attlist-->]]> +<!--end of msgentry.module-->]]> + +<!ENTITY % simplemsgentry.module "INCLUDE"> +<![ %simplemsgentry.module; [ +<!ENTITY % local.simplemsgentry.attrib ""> +<!ENTITY % simplemsgentry.role.attrib "%role.attrib;"> + +<!ENTITY % simplemsgentry.element "INCLUDE"> +<![ %simplemsgentry.element; [ +<!ELEMENT SimpleMsgEntry - O (MsgText, MsgExplan)> +<!--end of simplemsgentry.element-->]]> + +<!ENTITY % simplemsgentry.attlist "INCLUDE"> +<![ %simplemsgentry.attlist; [ +<!ATTLIST SimpleMsgEntry + %common.attrib; + %simplemsgentry.role.attrib; + %local.simplemsgentry.attrib; + Audience CDATA #IMPLIED + Level CDATA #IMPLIED + Origin CDATA #IMPLIED +> +<!--end of simplemsgentry.attlist-->]]> +<!--end of simplemsgentry.module-->]]> + +<!ENTITY % msg.module "INCLUDE"> +<![ %msg.module; [ +<!ENTITY % local.msg.attrib ""> +<!ENTITY % msg.role.attrib "%role.attrib;"> + +<!ENTITY % msg.element "INCLUDE"> +<![ %msg.element; [ +<!ELEMENT Msg - O (Title?, MsgMain, (MsgSub | MsgRel)*)> +<!--end of msg.element-->]]> + +<!ENTITY % msg.attlist "INCLUDE"> +<![ %msg.attlist; [ +<!ATTLIST Msg + %common.attrib; + %msg.role.attrib; + %local.msg.attrib; +> +<!--end of msg.attlist-->]]> +<!--end of msg.module-->]]> + +<!ENTITY % msgmain.module "INCLUDE"> +<![ %msgmain.module; [ +<!ENTITY % local.msgmain.attrib ""> +<!ENTITY % msgmain.role.attrib "%role.attrib;"> + +<!ENTITY % msgmain.element "INCLUDE"> +<![ %msgmain.element; [ +<!ELEMENT MsgMain - - (Title?, MsgText)> +<!--end of msgmain.element-->]]> + +<!ENTITY % msgmain.attlist "INCLUDE"> +<![ %msgmain.attlist; [ +<!ATTLIST MsgMain + %common.attrib; + %msgmain.role.attrib; + %local.msgmain.attrib; +> +<!--end of msgmain.attlist-->]]> +<!--end of msgmain.module-->]]> + +<!ENTITY % msgsub.module "INCLUDE"> +<![ %msgsub.module; [ +<!ENTITY % local.msgsub.attrib ""> +<!ENTITY % msgsub.role.attrib "%role.attrib;"> + +<!ENTITY % msgsub.element "INCLUDE"> +<![ %msgsub.element; [ +<!ELEMENT MsgSub - - (Title?, MsgText)> +<!--end of msgsub.element-->]]> + +<!ENTITY % msgsub.attlist "INCLUDE"> +<![ %msgsub.attlist; [ +<!ATTLIST MsgSub + %common.attrib; + %msgsub.role.attrib; + %local.msgsub.attrib; +> +<!--end of msgsub.attlist-->]]> +<!--end of msgsub.module-->]]> + +<!ENTITY % msgrel.module "INCLUDE"> +<![ %msgrel.module; [ +<!ENTITY % local.msgrel.attrib ""> +<!ENTITY % msgrel.role.attrib "%role.attrib;"> + +<!ENTITY % msgrel.element "INCLUDE"> +<![ %msgrel.element; [ +<!ELEMENT MsgRel - - (Title?, MsgText)> +<!--end of msgrel.element-->]]> + +<!ENTITY % msgrel.attlist "INCLUDE"> +<![ %msgrel.attlist; [ +<!ATTLIST MsgRel + %common.attrib; + %msgrel.role.attrib; + %local.msgrel.attrib; +> +<!--end of msgrel.attlist-->]]> +<!--end of msgrel.module-->]]> + +<!-- MsgText (defined in the Inlines section, below)--> + +<!ENTITY % msginfo.module "INCLUDE"> +<![ %msginfo.module; [ +<!ENTITY % local.msginfo.attrib ""> +<!ENTITY % msginfo.role.attrib "%role.attrib;"> + +<!ENTITY % msginfo.element "INCLUDE"> +<![ %msginfo.element; [ +<!ELEMENT MsgInfo - - ((MsgLevel | MsgOrig | MsgAud)*)> +<!--end of msginfo.element-->]]> + +<!ENTITY % msginfo.attlist "INCLUDE"> +<![ %msginfo.attlist; [ +<!ATTLIST MsgInfo + %common.attrib; + %msginfo.role.attrib; + %local.msginfo.attrib; +> +<!--end of msginfo.attlist-->]]> +<!--end of msginfo.module-->]]> + +<!ENTITY % msglevel.module "INCLUDE"> +<![ %msglevel.module; [ +<!ENTITY % local.msglevel.attrib ""> +<!ENTITY % msglevel.role.attrib "%role.attrib;"> + +<!ENTITY % msglevel.element "INCLUDE"> +<![ %msglevel.element; [ +<!ELEMENT MsgLevel - - ((%smallcptr.char.mix;)+)> +<!--end of msglevel.element-->]]> + +<!ENTITY % msglevel.attlist "INCLUDE"> +<![ %msglevel.attlist; [ +<!ATTLIST MsgLevel + %common.attrib; + %msglevel.role.attrib; + %local.msglevel.attrib; +> +<!--end of msglevel.attlist-->]]> +<!--end of msglevel.module-->]]> + +<!ENTITY % msgorig.module "INCLUDE"> +<![ %msgorig.module; [ +<!ENTITY % local.msgorig.attrib ""> +<!ENTITY % msgorig.role.attrib "%role.attrib;"> + +<!ENTITY % msgorig.element "INCLUDE"> +<![ %msgorig.element; [ +<!ELEMENT MsgOrig - - ((%smallcptr.char.mix;)+)> +<!--end of msgorig.element-->]]> + +<!ENTITY % msgorig.attlist "INCLUDE"> +<![ %msgorig.attlist; [ +<!ATTLIST MsgOrig + %common.attrib; + %msgorig.role.attrib; + %local.msgorig.attrib; +> +<!--end of msgorig.attlist-->]]> +<!--end of msgorig.module-->]]> + +<!ENTITY % msgaud.module "INCLUDE"> +<![ %msgaud.module; [ +<!ENTITY % local.msgaud.attrib ""> +<!ENTITY % msgaud.role.attrib "%role.attrib;"> + +<!ENTITY % msgaud.element "INCLUDE"> +<![ %msgaud.element; [ +<!ELEMENT MsgAud - - ((%para.char.mix;)+)> +<!--end of msgaud.element-->]]> + +<!ENTITY % msgaud.attlist "INCLUDE"> +<![ %msgaud.attlist; [ +<!ATTLIST MsgAud + %common.attrib; + %msgaud.role.attrib; + %local.msgaud.attrib; +> +<!--end of msgaud.attlist-->]]> +<!--end of msgaud.module-->]]> + +<!ENTITY % msgexplan.module "INCLUDE"> +<![ %msgexplan.module; [ +<!ENTITY % local.msgexplan.attrib ""> +<!ENTITY % msgexplan.role.attrib "%role.attrib;"> + +<!ENTITY % msgexplan.element "INCLUDE"> +<![ %msgexplan.element; [ +<!ELEMENT MsgExplan - - (Title?, (%component.mix;)+)> +<!--end of msgexplan.element-->]]> + +<!ENTITY % msgexplan.attlist "INCLUDE"> +<![ %msgexplan.attlist; [ +<!ATTLIST MsgExplan + %common.attrib; + %msgexplan.role.attrib; + %local.msgexplan.attrib; +> +<!--end of msgexplan.attlist-->]]> +<!--end of msgexplan.module-->]]> +<!--end of msgset.content.module-->]]> + +<!-- QandASet ........................ --> +<!ENTITY % qandset.content.module "INCLUDE"> +<![ %qandset.content.module; [ +<!ENTITY % qandset.module "INCLUDE"> +<![ %qandset.module; [ +<!ENTITY % local.qandset.attrib ""> +<!ENTITY % qandset.role.attrib "%role.attrib;"> + +<!ENTITY % qandset.element "INCLUDE"> +<![ %qandset.element; [ +<!ELEMENT QandASet - - ((%formalobject.title.content;)?, + (%qandaset.mix;)*, + (QandADiv+|QandAEntry+))> +<!--end of qandset.element-->]]> + +<!ENTITY % qandset.attlist "INCLUDE"> +<![ %qandset.attlist; [ +<!ATTLIST QandASet + DefaultLabel (qanda|number|none) #IMPLIED + %common.attrib; + %qandset.role.attrib; + %local.qandset.attrib;> +<!--end of qandset.attlist-->]]> +<!--end of qandset.module-->]]> + +<!ENTITY % qandadiv.module "INCLUDE"> +<![ %qandadiv.module; [ +<!ENTITY % local.qandadiv.attrib ""> +<!ENTITY % qandadiv.role.attrib "%role.attrib;"> + +<!ENTITY % qandadiv.element "INCLUDE"> +<![ %qandadiv.element; [ +<!ELEMENT QandADiv - - ((%formalobject.title.content;)?, + (%qandaset.mix;)*, + (QandADiv+|QandAEntry+))> +<!--end of qandadiv.element-->]]> + +<!ENTITY % qandadiv.attlist "INCLUDE"> +<![ %qandadiv.attlist; [ +<!ATTLIST QandADiv + %common.attrib; + %qandadiv.role.attrib; + %local.qandadiv.attrib;> +<!--end of qandadiv.attlist-->]]> +<!--end of qandadiv.module-->]]> + +<!ENTITY % qandaentry.module "INCLUDE"> +<![ %qandaentry.module; [ +<!ENTITY % local.qandaentry.attrib ""> +<!ENTITY % qandaentry.role.attrib "%role.attrib;"> + +<!ENTITY % qandaentry.element "INCLUDE"> +<![ %qandaentry.element; [ +<!ELEMENT QandAEntry - - (RevHistory?, Question, Answer*)> +<!--end of qandaentry.element-->]]> + +<!ENTITY % qandaentry.attlist "INCLUDE"> +<![ %qandaentry.attlist; [ +<!ATTLIST QandAEntry + %common.attrib; + %qandaentry.role.attrib; + %local.qandaentry.attrib;> +<!--end of qandaentry.attlist-->]]> +<!--end of qandaentry.module-->]]> + +<!ENTITY % question.module "INCLUDE"> +<![ %question.module; [ +<!ENTITY % local.question.attrib ""> +<!ENTITY % question.role.attrib "%role.attrib;"> + +<!ENTITY % question.element "INCLUDE"> +<![ %question.element; [ +<!ELEMENT Question - - (Label?, (%qandaset.mix;)+)> +<!--end of question.element-->]]> + +<!ENTITY % question.attlist "INCLUDE"> +<![ %question.attlist; [ +<!ATTLIST Question + %common.attrib; + %question.role.attrib; + %local.question.attrib; +> +<!--end of question.attlist-->]]> +<!--end of question.module-->]]> + +<!ENTITY % answer.module "INCLUDE"> +<![ %answer.module; [ +<!ENTITY % local.answer.attrib ""> +<!ENTITY % answer.role.attrib "%role.attrib;"> + +<!ENTITY % answer.element "INCLUDE"> +<![ %answer.element; [ +<!ELEMENT Answer - - (Label?, (%qandaset.mix;)*, QandAEntry*)> +<!--end of answer.element-->]]> + +<!ENTITY % answer.attlist "INCLUDE"> +<![ %answer.attlist; [ +<!ATTLIST Answer + %common.attrib; + %answer.role.attrib; + %local.answer.attrib; +> +<!--end of answer.attlist-->]]> +<!--end of answer.module-->]]> + +<!ENTITY % label.module "INCLUDE"> +<![ %label.module; [ +<!ENTITY % local.label.attrib ""> +<!ENTITY % label.role.attrib "%role.attrib;"> + +<!ENTITY % label.element "INCLUDE"> +<![ %label.element; [ +<!ELEMENT Label - - (%word.char.mix;)*> +<!--end of label.element-->]]> + +<!ENTITY % label.attlist "INCLUDE"> +<![ %label.attlist; [ +<!ATTLIST Label + %common.attrib; + %label.role.attrib; + %local.label.attrib; +> +<!--end of label.attlist-->]]> +<!--end of label.module-->]]> +<!--end of qandset.content.module-->]]> + +<!-- Procedure ........................ --> + +<!ENTITY % procedure.content.module "INCLUDE"> +<![ %procedure.content.module; [ +<!ENTITY % procedure.module "INCLUDE"> +<![ %procedure.module; [ +<!ENTITY % local.procedure.attrib ""> +<!ENTITY % procedure.role.attrib "%role.attrib;"> + +<!ENTITY % procedure.element "INCLUDE"> +<![ %procedure.element; [ +<!ELEMENT Procedure - - ((%formalobject.title.content;)?, + (%component.mix;)*, Step+)> +<!--end of procedure.element-->]]> + +<!ENTITY % procedure.attlist "INCLUDE"> +<![ %procedure.attlist; [ +<!ATTLIST Procedure + %common.attrib; + %procedure.role.attrib; + %local.procedure.attrib; +> +<!--end of procedure.attlist-->]]> +<!--end of procedure.module-->]]> + +<!ENTITY % step.module "INCLUDE"> +<![ %step.module; [ +<!ENTITY % local.step.attrib ""> +<!ENTITY % step.role.attrib "%role.attrib;"> + +<!ENTITY % step.element "INCLUDE"> +<![ %step.element; [ +<!ELEMENT Step - O (Title?, (((%component.mix;)+, (SubSteps, + (%component.mix;)*)?) | (SubSteps, (%component.mix;)*)))> +<!--end of step.element-->]]> + +<!ENTITY % step.attlist "INCLUDE"> +<![ %step.attlist; [ +<!ATTLIST Step + -- + Performance: Whether the Step must be performed + -- + Performance (Optional + |Required) Required -- not #REQUIRED! -- + %common.attrib; + %step.role.attrib; + %local.step.attrib; +> +<!--end of step.attlist-->]]> +<!--end of step.module-->]]> + +<!ENTITY % substeps.module "INCLUDE"> +<![ %substeps.module; [ +<!ENTITY % local.substeps.attrib ""> +<!ENTITY % substeps.role.attrib "%role.attrib;"> + +<!ENTITY % substeps.element "INCLUDE"> +<![ %substeps.element; [ +<!ELEMENT SubSteps - - (Step+)> +<!--end of substeps.element-->]]> + +<!ENTITY % substeps.attlist "INCLUDE"> +<![ %substeps.attlist; [ +<!ATTLIST SubSteps + -- + Performance: whether entire set of substeps must be performed + -- + Performance (Optional + |Required) Required -- not #REQUIRED! -- + %common.attrib; + %substeps.role.attrib; + %local.substeps.attrib; +> +<!--end of substeps.attlist-->]]> +<!--end of substeps.module-->]]> +<!--end of procedure.content.module-->]]> + +<!-- Sidebar .......................... --> + +<!ENTITY % sidebar.content.model "INCLUDE"> +<![ %sidebar.content.model; [ + +<!ENTITY % sidebarinfo.module "INCLUDE"> +<![ %sidebarinfo.module; [ +<!ENTITY % local.sidebarinfo.attrib ""> +<!ENTITY % sidebarinfo.role.attrib "%role.attrib;"> + +<!ENTITY % sidebarinfo.element "INCLUDE"> +<![ %sidebarinfo.element; [ +<!ELEMENT SidebarInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + -(BeginPage)> +<!--end of sidebarinfo.element-->]]> + +<!ENTITY % sidebarinfo.attlist "INCLUDE"> +<![ %sidebarinfo.attlist; [ +<!ATTLIST SidebarInfo + %common.attrib; + %sidebarinfo.role.attrib; + %local.sidebarinfo.attrib; +> +<!--end of sidebarinfo.attlist-->]]> +<!--end of sidebarinfo.module-->]]> + +<!ENTITY % sidebar.module "INCLUDE"> +<![ %sidebar.module; [ +<!ENTITY % local.sidebar.attrib ""> +<!ENTITY % sidebar.role.attrib "%role.attrib;"> + +<!ENTITY % sidebar.element "INCLUDE"> +<![ %sidebar.element; [ +<!ELEMENT Sidebar - - (SidebarInfo?, + (%formalobject.title.content;)?, (%sidebar.mix;)+)> +<!--end of sidebar.element-->]]> + +<!ENTITY % sidebar.attlist "INCLUDE"> +<![ %sidebar.attlist; [ +<!ATTLIST Sidebar + %common.attrib; + %sidebar.role.attrib; + %local.sidebar.attrib; +> +<!--end of sidebar.attlist-->]]> +<!--end of sidebar.module-->]]> +<!--end of sidebar.content.model-->]]> + +<!-- ...................................................................... --> +<!-- Paragraph-related elements ........................................... --> + +<!ENTITY % abstract.module "INCLUDE"> +<![ %abstract.module; [ +<!ENTITY % local.abstract.attrib ""> +<!ENTITY % abstract.role.attrib "%role.attrib;"> + +<!ENTITY % abstract.element "INCLUDE"> +<![ %abstract.element; [ +<!ELEMENT Abstract - - (Title?, (%para.class;)+)> +<!--end of abstract.element-->]]> + +<!ENTITY % abstract.attlist "INCLUDE"> +<![ %abstract.attlist; [ +<!ATTLIST Abstract + %common.attrib; + %abstract.role.attrib; + %local.abstract.attrib; +> +<!--end of abstract.attlist-->]]> +<!--end of abstract.module-->]]> + +<!ENTITY % authorblurb.module "INCLUDE"> +<![ %authorblurb.module; [ +<!ENTITY % local.authorblurb.attrib ""> +<!ENTITY % authorblurb.role.attrib "%role.attrib;"> + +<!ENTITY % authorblurb.element "INCLUDE"> +<![ %authorblurb.element; [ +<!ELEMENT AuthorBlurb - - (Title?, (%para.class;)+)> +<!--end of authorblurb.element-->]]> + +<!ENTITY % authorblurb.attlist "INCLUDE"> +<![ %authorblurb.attlist; [ +<!ATTLIST AuthorBlurb + %common.attrib; + %authorblurb.role.attrib; + %local.authorblurb.attrib; +> +<!--end of authorblurb.attlist-->]]> +<!--end of authorblurb.module-->]]> + +<!ENTITY % blockquote.module "INCLUDE"> +<![ %blockquote.module; [ +<!ENTITY % local.blockquote.attrib ""> +<!ENTITY % blockquote.role.attrib "%role.attrib;"> + +<!ENTITY % blockquote.element "INCLUDE"> +<![ %blockquote.element; [ +<!ELEMENT BlockQuote - - (Title?, Attribution?, (%component.mix;)+) + %blockquote.exclusion;> +<!--end of blockquote.element-->]]> + +<!ENTITY % blockquote.attlist "INCLUDE"> +<![ %blockquote.attlist; [ +<!ATTLIST BlockQuote + %common.attrib; + %blockquote.role.attrib; + %local.blockquote.attrib; +> +<!--end of blockquote.attlist-->]]> +<!--end of blockquote.module-->]]> + +<!ENTITY % attribution.module "INCLUDE"> +<![ %attribution.module; [ +<!ENTITY % local.attribution.attrib ""> +<!ENTITY % attribution.role.attrib "%role.attrib;"> + +<!ENTITY % attribution.element "INCLUDE"> +<![ %attribution.element; [ +<!ELEMENT Attribution - O ((%para.char.mix;)+)> +<!--end of attribution.element-->]]> + +<!ENTITY % attribution.attlist "INCLUDE"> +<![ %attribution.attlist; [ +<!ATTLIST Attribution + %common.attrib; + %attribution.role.attrib; + %local.attribution.attrib; +> +<!--end of attribution.attlist-->]]> +<!--end of attribution.module-->]]> + +<!ENTITY % bridgehead.module "INCLUDE"> +<![ %bridgehead.module; [ +<!ENTITY % local.bridgehead.attrib ""> +<!ENTITY % bridgehead.role.attrib "%role.attrib;"> + +<!ENTITY % bridgehead.element "INCLUDE"> +<![ %bridgehead.element; [ +<!ELEMENT BridgeHead - - ((%title.char.mix;)+)> +<!--end of bridgehead.element-->]]> + +<!ENTITY % bridgehead.attlist "INCLUDE"> +<![ %bridgehead.attlist; [ +<!ATTLIST BridgeHead + -- + Renderas: Indicates the format in which the BridgeHead + should appear + -- + Renderas (Other + |Sect1 + |Sect2 + |Sect3 + |Sect4 + |Sect5) #IMPLIED + %common.attrib; + %bridgehead.role.attrib; + %local.bridgehead.attrib; +> +<!--end of bridgehead.attlist-->]]> +<!--end of bridgehead.module-->]]> + +<!ENTITY % remark.module "INCLUDE"> +<![ %remark.module; [ +<!ENTITY % local.remark.attrib ""> +<!ENTITY % remark.role.attrib "%role.attrib;"> + +<!ENTITY % remark.element "INCLUDE"> +<![ %remark.element; [ +<!ELEMENT Remark - - ((%para.char.mix;)+) %remark.exclusion;> +<!--end of remark.element-->]]> + +<!ENTITY % remark.attlist "INCLUDE"> +<![ %remark.attlist; [ +<!ATTLIST Remark + %common.attrib; + %remark.role.attrib; + %local.remark.attrib; +> +<!--end of remark.attlist-->]]> +<!--end of remark.module-->]]> + +<!ENTITY % epigraph.module "INCLUDE"> +<![ %epigraph.module; [ +<!ENTITY % local.epigraph.attrib ""> +<!ENTITY % epigraph.role.attrib "%role.attrib;"> + +<!ENTITY % epigraph.element "INCLUDE"> +<![ %epigraph.element; [ +<!ELEMENT Epigraph - - (Attribution?, (%para.class;)+)> +<!--end of epigraph.element-->]]> + +<!ENTITY % epigraph.attlist "INCLUDE"> +<![ %epigraph.attlist; [ +<!ATTLIST Epigraph + %common.attrib; + %epigraph.role.attrib; + %local.epigraph.attrib; +> +<!--end of epigraph.attlist-->]]> +<!-- Attribution (defined above)--> +<!--end of epigraph.module-->]]> + +<!ENTITY % footnote.module "INCLUDE"> +<![ %footnote.module; [ +<!ENTITY % local.footnote.attrib ""> +<!ENTITY % footnote.role.attrib "%role.attrib;"> + +<!ENTITY % footnote.element "INCLUDE"> +<![ %footnote.element; [ +<!ELEMENT Footnote - - ((%footnote.mix;)+) %footnote.exclusion;> +<!--end of footnote.element-->]]> + +<!ENTITY % footnote.attlist "INCLUDE"> +<![ %footnote.attlist; [ +<!ATTLIST Footnote + %label.attrib; + %common.attrib; + %footnote.role.attrib; + %local.footnote.attrib; +> +<!--end of footnote.attlist-->]]> +<!--end of footnote.module-->]]> + +<!ENTITY % highlights.module "INCLUDE"> +<![ %highlights.module; [ +<!ENTITY % local.highlights.attrib ""> +<!ENTITY % highlights.role.attrib "%role.attrib;"> + +<!ENTITY % highlights.element "INCLUDE"> +<![ %highlights.element; [ +<!ELEMENT Highlights - - ((%highlights.mix;)+) %highlights.exclusion;> +<!--end of highlights.element-->]]> + +<!ENTITY % highlights.attlist "INCLUDE"> +<![ %highlights.attlist; [ +<!ATTLIST Highlights + %common.attrib; + %highlights.role.attrib; + %local.highlights.attrib; +> +<!--end of highlights.attlist-->]]> +<!--end of highlights.module-->]]> + +<!ENTITY % formalpara.module "INCLUDE"> +<![ %formalpara.module; [ +<!ENTITY % local.formalpara.attrib ""> +<!ENTITY % formalpara.role.attrib "%role.attrib;"> + +<!ENTITY % formalpara.element "INCLUDE"> +<![ %formalpara.element; [ +<!ELEMENT FormalPara - O (Title, (%ndxterm.class;)*, Para)> +<!--end of formalpara.element-->]]> + +<!ENTITY % formalpara.attlist "INCLUDE"> +<![ %formalpara.attlist; [ +<!ATTLIST FormalPara + %common.attrib; + %formalpara.role.attrib; + %local.formalpara.attrib; +> +<!--end of formalpara.attlist-->]]> +<!--end of formalpara.module-->]]> + +<!ENTITY % para.module "INCLUDE"> +<![ %para.module; [ +<!ENTITY % local.para.attrib ""> +<!ENTITY % para.role.attrib "%role.attrib;"> + +<!ENTITY % para.element "INCLUDE"> +<![ %para.element; [ +<!ELEMENT Para - O ((%para.char.mix; | %para.mix;)+)> +<!--end of para.element-->]]> + +<!ENTITY % para.attlist "INCLUDE"> +<![ %para.attlist; [ +<!ATTLIST Para + %common.attrib; + %para.role.attrib; + %local.para.attrib; +> +<!--end of para.attlist-->]]> +<!--end of para.module-->]]> + +<!ENTITY % simpara.module "INCLUDE"> +<![ %simpara.module; [ +<!ENTITY % local.simpara.attrib ""> +<!ENTITY % simpara.role.attrib "%role.attrib;"> + +<!ENTITY % simpara.element "INCLUDE"> +<![ %simpara.element; [ +<!ELEMENT SimPara - O ((%para.char.mix;)+)> +<!--end of simpara.element-->]]> + +<!ENTITY % simpara.attlist "INCLUDE"> +<![ %simpara.attlist; [ +<!ATTLIST SimPara + %common.attrib; + %simpara.role.attrib; + %local.simpara.attrib; +> +<!--end of simpara.attlist-->]]> +<!--end of simpara.module-->]]> + +<!ENTITY % admon.module "INCLUDE"> +<![ %admon.module; [ +<!ENTITY % local.admon.attrib ""> +<!ENTITY % admon.role.attrib "%role.attrib;"> + +<!ENTITY % admon.elements "INCLUDE"> +<![ %admon.elements; [ +<!ELEMENT (%admon.class;) - - (Title?, (%admon.mix;)+) %admon.exclusion;> +<!--end of admon.elements-->]]> + +<!ENTITY % admon.attlists "INCLUDE"> +<![ %admon.attlists; [ +<!ATTLIST (%admon.class;) + %common.attrib; + %admon.role.attrib; + %local.admon.attrib; +> +<!--end of admon.attlists-->]]> +<!--end of admon.module-->]]> + +<!-- ...................................................................... --> +<!-- Lists ................................................................ --> + +<!-- GlossList ........................ --> + +<!ENTITY % glosslist.module "INCLUDE"> +<![ %glosslist.module; [ +<!ENTITY % local.glosslist.attrib ""> +<!ENTITY % glosslist.role.attrib "%role.attrib;"> + +<!ENTITY % glosslist.element "INCLUDE"> +<![ %glosslist.element; [ +<!ELEMENT GlossList - - (GlossEntry+)> +<!--end of glosslist.element-->]]> + +<!ENTITY % glosslist.attlist "INCLUDE"> +<![ %glosslist.attlist; [ +<!ATTLIST GlossList + %common.attrib; + %glosslist.role.attrib; + %local.glosslist.attrib; +> +<!--end of glosslist.attlist-->]]> +<!--end of glosslist.module-->]]> + +<!ENTITY % glossentry.content.module "INCLUDE"> +<![ %glossentry.content.module; [ +<!ENTITY % glossentry.module "INCLUDE"> +<![ %glossentry.module; [ +<!ENTITY % local.glossentry.attrib ""> +<!ENTITY % glossentry.role.attrib "%role.attrib;"> + +<!ENTITY % glossentry.element "INCLUDE"> +<![ %glossentry.element; [ +<!ELEMENT GlossEntry - O (GlossTerm, Acronym?, Abbrev?, + (%ndxterm.class;)*, + RevHistory?, (GlossSee|GlossDef+))> +<!--end of glossentry.element-->]]> + +<!ENTITY % glossentry.attlist "INCLUDE"> +<![ %glossentry.attlist; [ +<!ATTLIST GlossEntry + -- + SortAs: String by which the GlossEntry is to be sorted + (alphabetized) in lieu of its proper content + -- + SortAs CDATA #IMPLIED + %common.attrib; + %glossentry.role.attrib; + %local.glossentry.attrib; +> +<!--end of glossentry.attlist-->]]> +<!--end of glossentry.module-->]]> + +<!-- GlossTerm (defined in the Inlines section, below)--> +<!ENTITY % glossdef.module "INCLUDE"> +<![ %glossdef.module; [ +<!ENTITY % local.glossdef.attrib ""> +<!ENTITY % glossdef.role.attrib "%role.attrib;"> + +<!ENTITY % glossdef.element "INCLUDE"> +<![ %glossdef.element; [ +<!ELEMENT GlossDef - O ((%glossdef.mix;)+, GlossSeeAlso*)> +<!--end of glossdef.element-->]]> + +<!ENTITY % glossdef.attlist "INCLUDE"> +<![ %glossdef.attlist; [ +<!ATTLIST GlossDef + -- + Subject: List of subjects; keywords for the definition + -- + Subject CDATA #IMPLIED + %common.attrib; + %glossdef.role.attrib; + %local.glossdef.attrib; +> +<!--end of glossdef.attlist-->]]> +<!--end of glossdef.module-->]]> + +<!ENTITY % glosssee.module "INCLUDE"> +<![ %glosssee.module; [ +<!ENTITY % local.glosssee.attrib ""> +<!ENTITY % glosssee.role.attrib "%role.attrib;"> + +<!ENTITY % glosssee.element "INCLUDE"> +<![ %glosssee.element; [ +<!ELEMENT GlossSee - O ((%para.char.mix;)+)> +<!--end of glosssee.element-->]]> + +<!ENTITY % glosssee.attlist "INCLUDE"> +<![ %glosssee.attlist; [ +<!ATTLIST GlossSee + -- + OtherTerm: Reference to the GlossEntry whose GlossTerm + should be displayed at the point of the GlossSee + -- + OtherTerm IDREF #CONREF + %common.attrib; + %glosssee.role.attrib; + %local.glosssee.attrib; +> +<!--end of glosssee.attlist-->]]> +<!--end of glosssee.module-->]]> + +<!ENTITY % glossseealso.module "INCLUDE"> +<![ %glossseealso.module; [ +<!ENTITY % local.glossseealso.attrib ""> +<!ENTITY % glossseealso.role.attrib "%role.attrib;"> + +<!ENTITY % glossseealso.element "INCLUDE"> +<![ %glossseealso.element; [ +<!ELEMENT GlossSeeAlso - O ((%para.char.mix;)+)> +<!--end of glossseealso.element-->]]> + +<!ENTITY % glossseealso.attlist "INCLUDE"> +<![ %glossseealso.attlist; [ +<!ATTLIST GlossSeeAlso + -- + OtherTerm: Reference to the GlossEntry whose GlossTerm + should be displayed at the point of the GlossSeeAlso + -- + OtherTerm IDREF #CONREF + %common.attrib; + %glossseealso.role.attrib; + %local.glossseealso.attrib; +> +<!--end of glossseealso.attlist-->]]> +<!--end of glossseealso.module-->]]> +<!--end of glossentry.content.module-->]]> + +<!-- ItemizedList and OrderedList ..... --> + +<!ENTITY % itemizedlist.module "INCLUDE"> +<![ %itemizedlist.module; [ +<!ENTITY % local.itemizedlist.attrib ""> +<!ENTITY % itemizedlist.role.attrib "%role.attrib;"> + +<!ENTITY % itemizedlist.element "INCLUDE"> +<![ %itemizedlist.element; [ +<!ELEMENT ItemizedList - - ((%formalobject.title.content;)?, ListItem+)> +<!--end of itemizedlist.element-->]]> + +<!ENTITY % itemizedlist.attlist "INCLUDE"> +<![ %itemizedlist.attlist; [ +<!ATTLIST ItemizedList + -- + Spacing: Whether the vertical space in the list should be + compressed + -- + Spacing (Normal + |Compact) #IMPLIED + -- + Mark: Keyword, e.g., bullet, dash, checkbox, none; + list of keywords and defaults are implementation specific + -- + %mark.attrib; + %common.attrib; + %itemizedlist.role.attrib; + %local.itemizedlist.attrib; +> +<!--end of itemizedlist.attlist-->]]> +<!--end of itemizedlist.module-->]]> + +<!ENTITY % orderedlist.module "INCLUDE"> +<![ %orderedlist.module; [ +<!ENTITY % local.orderedlist.attrib ""> +<!ENTITY % orderedlist.role.attrib "%role.attrib;"> + +<!ENTITY % orderedlist.element "INCLUDE"> +<![ %orderedlist.element; [ +<!ELEMENT OrderedList - - ((%formalobject.title.content;)?, ListItem+)> +<!--end of orderedlist.element-->]]> + +<!ENTITY % orderedlist.attlist "INCLUDE"> +<![ %orderedlist.attlist; [ +<!ATTLIST OrderedList + -- + Numeration: Style of ListItem numbered; default is expected + to be Arabic + -- + Numeration (Arabic + |Upperalpha + |Loweralpha + |Upperroman + |Lowerroman) #IMPLIED + -- + InheritNum: Specifies for a nested list that the numbering + of ListItems should include the number of the item + within which they are nested (e.g., 1a and 1b within 1, + rather than a and b)-- + InheritNum (Inherit + |Ignore) Ignore + -- + Continuation: Where list numbering begins afresh (Restarts, + the default) or continues that of the immediately preceding + list (Continues) + -- + Continuation (Continues + |Restarts) Restarts + -- + Spacing: Whether the vertical space in the list should be + compressed + -- + Spacing (Normal + |Compact) #IMPLIED + %common.attrib; + %orderedlist.role.attrib; + %local.orderedlist.attrib; +> +<!--end of orderedlist.attlist-->]]> +<!--end of orderedlist.module-->]]> + +<!ENTITY % listitem.module "INCLUDE"> +<![ %listitem.module; [ +<!ENTITY % local.listitem.attrib ""> +<!ENTITY % listitem.role.attrib "%role.attrib;"> + +<!ENTITY % listitem.element "INCLUDE"> +<![ %listitem.element; [ +<!ELEMENT ListItem - O ((%component.mix;)+)> +<!--end of listitem.element-->]]> + +<!ENTITY % listitem.attlist "INCLUDE"> +<![ %listitem.attlist; [ +<!ATTLIST ListItem + -- + Override: Indicates the mark to be used for this ListItem + instead of the default mark or the mark specified by + the Mark attribute on the enclosing ItemizedList + -- + Override CDATA #IMPLIED + %common.attrib; + %listitem.role.attrib; + %local.listitem.attrib; +> +<!--end of listitem.attlist-->]]> +<!--end of listitem.module-->]]> + +<!-- SegmentedList .................... --> +<!ENTITY % segmentedlist.content.module "INCLUDE"> +<![ %segmentedlist.content.module; [ +<!ENTITY % segmentedlist.module "INCLUDE"> +<![ %segmentedlist.module; [ +<!ENTITY % local.segmentedlist.attrib ""> +<!ENTITY % segmentedlist.role.attrib "%role.attrib;"> + +<!ENTITY % segmentedlist.element "INCLUDE"> +<![ %segmentedlist.element; [ +<!ELEMENT SegmentedList - - ((%formalobject.title.content;)?, + SegTitle, SegTitle+, + SegListItem+)> +<!--end of segmentedlist.element-->]]> + +<!ENTITY % segmentedlist.attlist "INCLUDE"> +<![ %segmentedlist.attlist; [ +<!ATTLIST SegmentedList + %common.attrib; + %segmentedlist.role.attrib; + %local.segmentedlist.attrib; +> +<!--end of segmentedlist.attlist-->]]> +<!--end of segmentedlist.module-->]]> + +<!ENTITY % segtitle.module "INCLUDE"> +<![ %segtitle.module; [ +<!ENTITY % local.segtitle.attrib ""> +<!ENTITY % segtitle.role.attrib "%role.attrib;"> + +<!ENTITY % segtitle.element "INCLUDE"> +<![ %segtitle.element; [ +<!ELEMENT SegTitle - O ((%title.char.mix;)+)> +<!--end of segtitle.element-->]]> + +<!ENTITY % segtitle.attlist "INCLUDE"> +<![ %segtitle.attlist; [ +<!ATTLIST SegTitle + %common.attrib; + %segtitle.role.attrib; + %local.segtitle.attrib; +> +<!--end of segtitle.attlist-->]]> +<!--end of segtitle.module-->]]> + +<!ENTITY % seglistitem.module "INCLUDE"> +<![ %seglistitem.module; [ +<!ENTITY % local.seglistitem.attrib ""> +<!ENTITY % seglistitem.role.attrib "%role.attrib;"> + +<!ENTITY % seglistitem.element "INCLUDE"> +<![ %seglistitem.element; [ +<!ELEMENT SegListItem - O (Seg, Seg+)> +<!--end of seglistitem.element-->]]> + +<!ENTITY % seglistitem.attlist "INCLUDE"> +<![ %seglistitem.attlist; [ +<!ATTLIST SegListItem + %common.attrib; + %seglistitem.role.attrib; + %local.seglistitem.attrib; +> +<!--end of seglistitem.attlist-->]]> +<!--end of seglistitem.module-->]]> + +<!ENTITY % seg.module "INCLUDE"> +<![ %seg.module; [ +<!ENTITY % local.seg.attrib ""> +<!ENTITY % seg.role.attrib "%role.attrib;"> + +<!ENTITY % seg.element "INCLUDE"> +<![ %seg.element; [ +<!ELEMENT Seg - O ((%para.char.mix;)+)> +<!--end of seg.element-->]]> + +<!ENTITY % seg.attlist "INCLUDE"> +<![ %seg.attlist; [ +<!ATTLIST Seg + %common.attrib; + %seg.role.attrib; + %local.seg.attrib; +> +<!--end of seg.attlist-->]]> +<!--end of seg.module-->]]> +<!--end of segmentedlist.content.module-->]]> + +<!-- SimpleList ....................... --> + +<!ENTITY % simplelist.content.module "INCLUDE"> +<![ %simplelist.content.module; [ +<!ENTITY % simplelist.module "INCLUDE"> +<![ %simplelist.module; [ +<!ENTITY % local.simplelist.attrib ""> +<!ENTITY % simplelist.role.attrib "%role.attrib;"> + +<!ENTITY % simplelist.element "INCLUDE"> +<![ %simplelist.element; [ +<!ELEMENT SimpleList - - (Member+)> +<!--end of simplelist.element-->]]> + +<!ENTITY % simplelist.attlist "INCLUDE"> +<![ %simplelist.attlist; [ +<!ATTLIST SimpleList + -- + Columns: The number of columns the array should contain + -- + Columns NUMBER #IMPLIED + -- + Type: How the Members of the SimpleList should be + formatted: Inline (members separated with commas etc. + inline), Vert (top to bottom in n Columns), or Horiz (in + the direction of text flow) in n Columns. If Column + is 1 or implied, Type=Vert and Type=Horiz give the same + results. + -- + Type (Inline + |Vert + |Horiz) Vert + %common.attrib; + %simplelist.role.attrib; + %local.simplelist.attrib; +> +<!--end of simplelist.attlist-->]]> +<!--end of simplelist.module-->]]> + +<!ENTITY % member.module "INCLUDE"> +<![ %member.module; [ +<!ENTITY % local.member.attrib ""> +<!ENTITY % member.role.attrib "%role.attrib;"> + +<!ENTITY % member.element "INCLUDE"> +<![ %member.element; [ +<!ELEMENT Member - O ((%para.char.mix;)+)> +<!--end of member.element-->]]> + +<!ENTITY % member.attlist "INCLUDE"> +<![ %member.attlist; [ +<!ATTLIST Member + %common.attrib; + %member.role.attrib; + %local.member.attrib; +> +<!--end of member.attlist-->]]> +<!--end of member.module-->]]> +<!--end of simplelist.content.module-->]]> + +<!-- VariableList ..................... --> + +<!ENTITY % variablelist.content.module "INCLUDE"> +<![ %variablelist.content.module; [ +<!ENTITY % variablelist.module "INCLUDE"> +<![ %variablelist.module; [ +<!ENTITY % local.variablelist.attrib ""> +<!ENTITY % variablelist.role.attrib "%role.attrib;"> + +<!ENTITY % variablelist.element "INCLUDE"> +<![ %variablelist.element; [ +<!ELEMENT VariableList - - ((%formalobject.title.content;)?, VarListEntry+)> +<!--end of variablelist.element-->]]> + +<!ENTITY % variablelist.attlist "INCLUDE"> +<![ %variablelist.attlist; [ +<!ATTLIST VariableList + -- + TermLength: Length beyond which the presentation engine + may consider the Term too long and select an alternate + presentation of the Term and, or, its associated ListItem. + -- + TermLength CDATA #IMPLIED + %common.attrib; + %variablelist.role.attrib; + %local.variablelist.attrib; +> +<!--end of variablelist.attlist-->]]> +<!--end of variablelist.module-->]]> + +<!ENTITY % varlistentry.module "INCLUDE"> +<![ %varlistentry.module; [ +<!ENTITY % local.varlistentry.attrib ""> +<!ENTITY % varlistentry.role.attrib "%role.attrib;"> + +<!ENTITY % varlistentry.element "INCLUDE"> +<![ %varlistentry.element; [ +<!ELEMENT VarListEntry - O (Term+, ListItem)> +<!--end of varlistentry.element-->]]> + +<!ENTITY % varlistentry.attlist "INCLUDE"> +<![ %varlistentry.attlist; [ +<!ATTLIST VarListEntry + %common.attrib; + %varlistentry.role.attrib; + %local.varlistentry.attrib; +> +<!--end of varlistentry.attlist-->]]> +<!--end of varlistentry.module-->]]> + +<!ENTITY % term.module "INCLUDE"> +<![ %term.module; [ +<!ENTITY % local.term.attrib ""> +<!ENTITY % term.role.attrib "%role.attrib;"> + +<!ENTITY % term.element "INCLUDE"> +<![ %term.element; [ +<!ELEMENT Term - O ((%para.char.mix;)+)> +<!--end of term.element-->]]> + +<!ENTITY % term.attlist "INCLUDE"> +<![ %term.attlist; [ +<!ATTLIST Term + %common.attrib; + %term.role.attrib; + %local.term.attrib; +> +<!--end of term.attlist-->]]> +<!--end of term.module-->]]> + +<!-- ListItem (defined above)--> +<!--end of variablelist.content.module-->]]> + +<!-- CalloutList ...................... --> + +<!ENTITY % calloutlist.content.module "INCLUDE"> +<![ %calloutlist.content.module; [ +<!ENTITY % calloutlist.module "INCLUDE"> +<![ %calloutlist.module; [ +<!ENTITY % local.calloutlist.attrib ""> +<!ENTITY % calloutlist.role.attrib "%role.attrib;"> + +<!ENTITY % calloutlist.element "INCLUDE"> +<![ %calloutlist.element; [ +<!ELEMENT CalloutList - - ((%formalobject.title.content;)?, Callout+)> +<!--end of calloutlist.element-->]]> + +<!ENTITY % calloutlist.attlist "INCLUDE"> +<![ %calloutlist.attlist; [ +<!ATTLIST CalloutList + %common.attrib; + %calloutlist.role.attrib; + %local.calloutlist.attrib; +> +<!--end of calloutlist.attlist-->]]> +<!--end of calloutlist.module-->]]> + +<!ENTITY % callout.module "INCLUDE"> +<![ %callout.module; [ +<!ENTITY % local.callout.attrib ""> +<!ENTITY % callout.role.attrib "%role.attrib;"> + +<!ENTITY % callout.element "INCLUDE"> +<![ %callout.element; [ +<!ELEMENT Callout - O ((%component.mix;)+)> +<!--end of callout.element-->]]> + +<!ENTITY % callout.attlist "INCLUDE"> +<![ %callout.attlist; [ +<!ATTLIST Callout + -- + AreaRefs: IDs of one or more Areas or AreaSets described + by this Callout + -- + AreaRefs IDREFS #REQUIRED + %common.attrib; + %callout.role.attrib; + %local.callout.attrib; +> +<!--end of callout.attlist-->]]> +<!--end of callout.module-->]]> +<!--end of calloutlist.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Objects .............................................................. --> + +<!-- Examples etc. .................... --> + +<!ENTITY % example.module "INCLUDE"> +<![ %example.module; [ +<!ENTITY % local.example.attrib ""> +<!ENTITY % example.role.attrib "%role.attrib;"> + +<!ENTITY % example.element "INCLUDE"> +<![ %example.element; [ +<!ELEMENT Example - - ((%formalobject.title.content;), (%example.mix;)+) + %formal.exclusion;> +<!--end of example.element-->]]> + +<!ENTITY % example.attlist "INCLUDE"> +<![ %example.attlist; [ +<!ATTLIST Example + %label.attrib; + %width.attrib; + %common.attrib; + %example.role.attrib; + %local.example.attrib; +> +<!--end of example.attlist-->]]> +<!--end of example.module-->]]> + +<!ENTITY % informalexample.module "INCLUDE"> +<![ %informalexample.module; [ +<!ENTITY % local.informalexample.attrib ""> +<!ENTITY % informalexample.role.attrib "%role.attrib;"> + +<!ENTITY % informalexample.element "INCLUDE"> +<![ %informalexample.element; [ +<!ELEMENT InformalExample - - ((%example.mix;)+)> +<!--end of informalexample.element-->]]> + +<!ENTITY % informalexample.attlist "INCLUDE"> +<![ %informalexample.attlist; [ +<!ATTLIST InformalExample + %width.attrib; + %common.attrib; + %informalexample.role.attrib; + %local.informalexample.attrib; +> +<!--end of informalexample.attlist-->]]> +<!--end of informalexample.module-->]]> + +<!ENTITY % programlistingco.module "INCLUDE"> +<![ %programlistingco.module; [ +<!ENTITY % local.programlistingco.attrib ""> +<!ENTITY % programlistingco.role.attrib "%role.attrib;"> + +<!ENTITY % programlistingco.element "INCLUDE"> +<![ %programlistingco.element; [ +<!ELEMENT ProgramListingCO - - (AreaSpec, ProgramListing, CalloutList*)> +<!--end of programlistingco.element-->]]> + +<!ENTITY % programlistingco.attlist "INCLUDE"> +<![ %programlistingco.attlist; [ +<!ATTLIST ProgramListingCO + %common.attrib; + %programlistingco.role.attrib; + %local.programlistingco.attrib; +> +<!--end of programlistingco.attlist-->]]> +<!-- CalloutList (defined above in Lists)--> +<!--end of programlistingco.module-->]]> + +<!ENTITY % areaspec.content.module "INCLUDE"> +<![ %areaspec.content.module; [ +<!ENTITY % areaspec.module "INCLUDE"> +<![ %areaspec.module; [ +<!ENTITY % local.areaspec.attrib ""> +<!ENTITY % areaspec.role.attrib "%role.attrib;"> + +<!ENTITY % areaspec.element "INCLUDE"> +<![ %areaspec.element; [ +<!ELEMENT AreaSpec - - ((Area|AreaSet)+)> +<!--end of areaspec.element-->]]> + +<!ENTITY % areaspec.attlist "INCLUDE"> +<![ %areaspec.attlist; [ +<!ATTLIST AreaSpec + -- + Units: global unit of measure in which coordinates in + this spec are expressed: + + - CALSPair "x1,y1 x2,y2": lower-left and upper-right + coordinates in a rectangle describing repro area in which + graphic is placed, where X and Y dimensions are each some + number 0..10000 (taken from CALS graphic attributes) + + - LineColumn "line column": line number and column number + at which to start callout text in "linespecific" content + + - LineRange "startline endline": whole lines from startline + to endline in "linespecific" content + + - LineColumnPair "line1 col1 line2 col2": starting and ending + points of area in "linespecific" content that starts at + first position and ends at second position (including the + beginnings of any intervening lines) + + - Other: directive to look at value of OtherUnits attribute + to get implementation-specific keyword + + The default is implementation-specific; usually dependent on + the parent element (GraphicCO gets CALSPair, ProgramListingCO + and ScreenCO get LineColumn) + -- + Units (CALSPair + |LineColumn + |LineRange + |LineColumnPair + |Other) #IMPLIED + -- + OtherUnits: User-defined units + -- + OtherUnits NAME #IMPLIED + %common.attrib; + %areaspec.role.attrib; + %local.areaspec.attrib; +> +<!--end of areaspec.attlist-->]]> +<!--end of areaspec.module-->]]> + +<!ENTITY % area.module "INCLUDE"> +<![ %area.module; [ +<!ENTITY % local.area.attrib ""> +<!ENTITY % area.role.attrib "%role.attrib;"> + +<!ENTITY % area.element "INCLUDE"> +<![ %area.element; [ +<!ELEMENT Area - O EMPTY> +<!--end of area.element-->]]> + +<!ENTITY % area.attlist "INCLUDE"> +<![ %area.attlist; [ +<!ATTLIST Area + %label.attrib; --bug number/symbol override or initialization-- + %linkends.attrib; --to any related information-- + -- + Units: unit of measure in which coordinates in this + area are expressed; inherits from AreaSet and AreaSpec + -- + Units (CALSPair + |LineColumn + |LineRange + |LineColumnPair + |Other) #IMPLIED + -- + OtherUnits: User-defined units + -- + OtherUnits NAME #IMPLIED + Coords CDATA #REQUIRED + %idreq.common.attrib; + %area.role.attrib; + %local.area.attrib; +> +<!--end of area.attlist-->]]> +<!--end of area.module-->]]> + +<!ENTITY % areaset.module "INCLUDE"> +<![ %areaset.module; [ +<!ENTITY % local.areaset.attrib ""> +<!ENTITY % areaset.role.attrib "%role.attrib;"> + +<!ENTITY % areaset.element "INCLUDE"> +<![ %areaset.element; [ +<!ELEMENT AreaSet - - (Area+)> +<!--end of areaset.element-->]]> + +<!ENTITY % areaset.attlist "INCLUDE"> +<![ %areaset.attlist; [ +<!--FUTURE USE (V5.0): +...................... +Coord attribute will be removed from AreaSet +...................... +--> +<!ATTLIST AreaSet + %label.attrib; --bug number/symbol override or initialization-- + + -- + Units: unit of measure in which coordinates in this + area are expressed; inherits from AreaSpec + -- + Units (CALSPair + |LineColumn + |LineRange + |LineColumnPair + |Other) #IMPLIED + OtherUnits NAME #IMPLIED + Coords CDATA #REQUIRED + %idreq.common.attrib; + %areaset.role.attrib; + %local.areaset.attrib; +> +<!--end of areaset.attlist-->]]> +<!--end of areaset.module-->]]> +<!--end of areaspec.content.module-->]]> + +<!ENTITY % programlisting.module "INCLUDE"> +<![ %programlisting.module; [ +<!ENTITY % local.programlisting.attrib ""> +<!ENTITY % programlisting.role.attrib "%role.attrib;"> + +<!ENTITY % programlisting.element "INCLUDE"> +<![ %programlisting.element; [ +<!ELEMENT ProgramListing - - ((CO | LineAnnotation | %para.char.mix;)+)> +<!--end of programlisting.element-->]]> + +<!ENTITY % programlisting.attlist "INCLUDE"> +<![ %programlisting.attlist; [ +<!ATTLIST ProgramListing + %width.attrib; + %linespecific.attrib; + %common.attrib; + %programlisting.role.attrib; + %local.programlisting.attrib; +> +<!--end of programlisting.attlist-->]]> +<!--end of programlisting.module-->]]> + +<!ENTITY % literallayout.module "INCLUDE"> +<![ %literallayout.module; [ +<!ENTITY % local.literallayout.attrib ""> +<!ENTITY % literallayout.role.attrib "%role.attrib;"> + +<!ENTITY % literallayout.element "INCLUDE"> +<![ %literallayout.element; [ +<!ELEMENT LiteralLayout - - ((CO | LineAnnotation | %para.char.mix;)+)> +<!--end of literallayout.element-->]]> + +<!ENTITY % literallayout.attlist "INCLUDE"> +<![ %literallayout.attlist; [ +<!ATTLIST LiteralLayout + %width.attrib; + %linespecific.attrib; + Class (Monospaced|Normal) "Normal" + %common.attrib; + %literallayout.role.attrib; + %local.literallayout.attrib; +> +<!--end of literallayout.attlist-->]]> +<!-- LineAnnotation (defined in the Inlines section, below)--> +<!--end of literallayout.module-->]]> + +<!ENTITY % screenco.module "INCLUDE"> +<![ %screenco.module; [ +<!ENTITY % local.screenco.attrib ""> +<!ENTITY % screenco.role.attrib "%role.attrib;"> + +<!ENTITY % screenco.element "INCLUDE"> +<![ %screenco.element; [ +<!ELEMENT ScreenCO - - (AreaSpec, Screen, CalloutList*)> +<!--end of screenco.element-->]]> + +<!ENTITY % screenco.attlist "INCLUDE"> +<![ %screenco.attlist; [ +<!ATTLIST ScreenCO + %common.attrib; + %screenco.role.attrib; + %local.screenco.attrib; +> +<!--end of screenco.attlist-->]]> +<!-- AreaSpec (defined above)--> +<!-- CalloutList (defined above in Lists)--> +<!--end of screenco.module-->]]> + +<!ENTITY % screen.module "INCLUDE"> +<![ %screen.module; [ +<!ENTITY % local.screen.attrib ""> +<!ENTITY % screen.role.attrib "%role.attrib;"> + +<!ENTITY % screen.element "INCLUDE"> +<![ %screen.element; [ +<!ELEMENT Screen - - ((CO | LineAnnotation | %para.char.mix;)+)> +<!--end of screen.element-->]]> + +<!ENTITY % screen.attlist "INCLUDE"> +<![ %screen.attlist; [ +<!ATTLIST Screen + %width.attrib; + %linespecific.attrib; + %common.attrib; + %screen.role.attrib; + %local.screen.attrib; +> +<!--end of screen.attlist-->]]> +<!--end of screen.module-->]]> + +<!ENTITY % screenshot.content.module "INCLUDE"> +<![ %screenshot.content.module; [ +<!ENTITY % screenshot.module "INCLUDE"> +<![ %screenshot.module; [ +<!ENTITY % local.screenshot.attrib ""> +<!ENTITY % screenshot.role.attrib "%role.attrib;"> + +<!ENTITY % screenshot.element "INCLUDE"> +<![ %screenshot.element; [ +<!ELEMENT ScreenShot - - (ScreenInfo?, + (Graphic|GraphicCO + |MediaObject|MediaObjectCO))> +<!--end of screenshot.element-->]]> + +<!ENTITY % screenshot.attlist "INCLUDE"> +<![ %screenshot.attlist; [ +<!ATTLIST ScreenShot + %common.attrib; + %screenshot.role.attrib; + %local.screenshot.attrib; +> +<!--end of screenshot.attlist-->]]> +<!--end of screenshot.module-->]]> + +<!ENTITY % screeninfo.module "INCLUDE"> +<![ %screeninfo.module; [ +<!ENTITY % local.screeninfo.attrib ""> +<!ENTITY % screeninfo.role.attrib "%role.attrib;"> + +<!ENTITY % screeninfo.element "INCLUDE"> +<![ %screeninfo.element; [ +<!ELEMENT ScreenInfo - O ((%para.char.mix;)+) %ubiq.exclusion;> +<!--end of screeninfo.element-->]]> + +<!ENTITY % screeninfo.attlist "INCLUDE"> +<![ %screeninfo.attlist; [ +<!ATTLIST ScreenInfo + %common.attrib; + %screeninfo.role.attrib; + %local.screeninfo.attrib; +> +<!--end of screeninfo.attlist-->]]> +<!--end of screeninfo.module-->]]> +<!--end of screenshot.content.module-->]]> + +<!-- Figures etc. ..................... --> + +<!ENTITY % figure.module "INCLUDE"> +<![ %figure.module; [ +<!ENTITY % local.figure.attrib ""> +<!ENTITY % figure.role.attrib "%role.attrib;"> + +<!ENTITY % figure.element "INCLUDE"> +<![ %figure.element; [ +<!ELEMENT Figure - - ((%formalobject.title.content;), (%figure.mix; | + %link.char.class;)+)> +<!--end of figure.element-->]]> + +<!ENTITY % figure.attlist "INCLUDE"> +<![ %figure.attlist; [ +<!ATTLIST Figure + -- + Float: Whether the Figure is supposed to be rendered + where convenient (yes (1) value) or at the place it occurs + in the text (no (0) value, the default) + -- + Float %yesorno.attvals; %no.attval; + PgWide %yesorno.attvals; #IMPLIED + %label.attrib; + %common.attrib; + %figure.role.attrib; + %local.figure.attrib; +> +<!--end of figure.attlist-->]]> +<!--end of figure.module-->]]> + +<!ENTITY % informalfigure.module "INCLUDE"> +<![ %informalfigure.module; [ +<!ENTITY % local.informalfigure.attrib ""> +<!ENTITY % informalfigure.role.attrib "%role.attrib;"> + +<!ENTITY % informalfigure.element "INCLUDE"> +<![ %informalfigure.element; [ +<!ELEMENT InformalFigure - - ((%figure.mix; | %link.char.class;)+)> +<!--end of informalfigure.element-->]]> + +<!ENTITY % informalfigure.attlist "INCLUDE"> +<![ %informalfigure.attlist; [ +<!ATTLIST InformalFigure + -- + Float: Whether the Figure is supposed to be rendered + where convenient (yes (1) value) or at the place it occurs + in the text (no (0) value, the default) + -- + Float %yesorno.attvals; %no.attval; + PgWide %yesorno.attvals; #IMPLIED + %label.attrib; + %common.attrib; + %informalfigure.role.attrib; + %local.informalfigure.attrib; +> +<!--end of informalfigure.attlist-->]]> +<!--end of informalfigure.module-->]]> + +<!ENTITY % graphicco.module "INCLUDE"> +<![ %graphicco.module; [ +<!ENTITY % local.graphicco.attrib ""> +<!ENTITY % graphicco.role.attrib "%role.attrib;"> + +<!ENTITY % graphicco.element "INCLUDE"> +<![ %graphicco.element; [ +<!ELEMENT GraphicCO - - (AreaSpec, Graphic, CalloutList*)> +<!--end of graphicco.element-->]]> + +<!ENTITY % graphicco.attlist "INCLUDE"> +<![ %graphicco.attlist; [ +<!ATTLIST GraphicCO + %common.attrib; + %graphicco.role.attrib; + %local.graphicco.attrib; +> +<!--end of graphicco.attlist-->]]> +<!-- AreaSpec (defined above in Examples)--> +<!-- CalloutList (defined above in Lists)--> +<!--end of graphicco.module-->]]> + +<!-- Graphical data can be the content of Graphic, or you can reference + an external file either as an entity (Entitref) or a filename + (Fileref). --> + +<!ENTITY % graphic.module "INCLUDE"> +<![ %graphic.module; [ +<!ENTITY % local.graphic.attrib ""> +<!ENTITY % graphic.role.attrib "%role.attrib;"> + +<!ENTITY % graphic.element "INCLUDE"> +<![ %graphic.element; [ +<!ELEMENT Graphic - O EMPTY> +<!--end of graphic.element-->]]> + +<!ENTITY % graphic.attlist "INCLUDE"> +<![ %graphic.attlist; [ +<!ATTLIST Graphic + %graphics.attrib; + %common.attrib; + %graphic.role.attrib; + %local.graphic.attrib; +> +<!--end of graphic.attlist-->]]> +<!--end of graphic.module-->]]> + +<!ENTITY % inlinegraphic.module "INCLUDE"> +<![ %inlinegraphic.module; [ +<!ENTITY % local.inlinegraphic.attrib ""> +<!ENTITY % inlinegraphic.role.attrib "%role.attrib;"> + +<!ENTITY % inlinegraphic.element "INCLUDE"> +<![ %inlinegraphic.element; [ +<!ELEMENT InlineGraphic - O EMPTY> +<!--end of inlinegraphic.element-->]]> + +<!ENTITY % inlinegraphic.attlist "INCLUDE"> +<![ %inlinegraphic.attlist; [ +<!ATTLIST InlineGraphic + %graphics.attrib; + %common.attrib; + %inlinegraphic.role.attrib; + %local.inlinegraphic.attrib; +> +<!--end of inlinegraphic.attlist-->]]> +<!--end of inlinegraphic.module-->]]> + +<!ENTITY % mediaobject.content.module "INCLUDE"> +<![ %mediaobject.content.module; [ + +<!ENTITY % mediaobject.module "INCLUDE"> +<![ %mediaobject.module; [ +<!ENTITY % local.mediaobject.attrib ""> +<!ENTITY % mediaobject.role.attrib "%role.attrib;"> + +<!ENTITY % mediaobject.element "INCLUDE"> +<![ %mediaobject.element; [ +<!ELEMENT MediaObject - - (ObjectInfo?, + (%mediaobject.mix;), + (%mediaobject.mix;|TextObject)*, + Caption?)> +<!--end of mediaobject.element-->]]> + +<!ENTITY % mediaobject.attlist "INCLUDE"> +<![ %mediaobject.attlist; [ +<!ATTLIST MediaObject + %common.attrib; + %mediaobject.role.attrib; + %local.mediaobject.attrib; +> +<!--end of mediaobject.attlist-->]]> +<!--end of mediaobject.module-->]]> + +<!ENTITY % inlinemediaobject.module "INCLUDE"> +<![ %inlinemediaobject.module; [ +<!ENTITY % local.inlinemediaobject.attrib ""> +<!ENTITY % inlinemediaobject.role.attrib "%role.attrib;"> + +<!ENTITY % inlinemediaobject.element "INCLUDE"> +<![ %inlinemediaobject.element; [ +<!ELEMENT InlineMediaObject - - (ObjectInfo?, + (%mediaobject.mix;), + (%mediaobject.mix;|TextObject)*)> +<!--end of inlinemediaobject.element-->]]> + +<!ENTITY % inlinemediaobject.attlist "INCLUDE"> +<![ %inlinemediaobject.attlist; [ +<!ATTLIST InlineMediaObject + %common.attrib; + %inlinemediaobject.role.attrib; + %local.inlinemediaobject.attrib; +> +<!--end of inlinemediaobject.attlist-->]]> +<!--end of inlinemediaobject.module-->]]> + +<!ENTITY % videoobject.module "INCLUDE"> +<![ %videoobject.module; [ +<!ENTITY % local.videoobject.attrib ""> +<!ENTITY % videoobject.role.attrib "%role.attrib;"> + +<!ENTITY % videoobject.element "INCLUDE"> +<![ %videoobject.element; [ +<!ELEMENT VideoObject - - (ObjectInfo?, VideoData)> +<!--end of videoobject.element-->]]> + +<!ENTITY % videoobject.attlist "INCLUDE"> +<![ %videoobject.attlist; [ +<!ATTLIST VideoObject + %common.attrib; + %videoobject.role.attrib; + %local.videoobject.attrib; +> +<!--end of videoobject.attlist-->]]> +<!--end of videoobject.module-->]]> + +<!ENTITY % audioobject.module "INCLUDE"> +<![ %audioobject.module; [ +<!ENTITY % local.audioobject.attrib ""> +<!ENTITY % audioobject.role.attrib "%role.attrib;"> + +<!ENTITY % audioobject.element "INCLUDE"> +<![ %audioobject.element; [ +<!ELEMENT AudioObject - - (ObjectInfo?, AudioData)> +<!--end of audioobject.element-->]]> + +<!ENTITY % audioobject.attlist "INCLUDE"> +<![ %audioobject.attlist; [ +<!ATTLIST AudioObject + %common.attrib; + %audioobject.role.attrib; + %local.audioobject.attrib; +> +<!--end of audioobject.attlist-->]]> +<!--end of audioobject.module-->]]> + +<!ENTITY % imageobject.module "INCLUDE"> +<![ %imageobject.module; [ +<!ENTITY % local.imageobject.attrib ""> +<!ENTITY % imageobject.role.attrib "%role.attrib;"> + +<!ENTITY % imageobject.element "INCLUDE"> +<![ %imageobject.element; [ +<!ELEMENT ImageObject - - (ObjectInfo?, ImageData)> +<!--end of imageobject.element-->]]> + +<!ENTITY % imageobject.attlist "INCLUDE"> +<![ %imageobject.attlist; [ +<!ATTLIST ImageObject + %common.attrib; + %imageobject.role.attrib; + %local.imageobject.attrib; +> +<!--end of imageobject.attlist-->]]> +<!--end of imageobject.module-->]]> + +<!ENTITY % textobject.module "INCLUDE"> +<![ %textobject.module; [ +<!ENTITY % local.textobject.attrib ""> +<!ENTITY % textobject.role.attrib "%role.attrib;"> + +<!ENTITY % textobject.element "INCLUDE"> +<![ %textobject.element; [ +<!ELEMENT TextObject - - (ObjectInfo?, (Phrase|(%textobject.mix;)+))> +<!--end of textobject.element-->]]> + +<!ENTITY % textobject.attlist "INCLUDE"> +<![ %textobject.attlist; [ +<!ATTLIST TextObject + %common.attrib; + %textobject.role.attrib; + %local.textobject.attrib; +> +<!--end of textobject.attlist-->]]> +<!--end of textobject.module-->]]> + +<!ENTITY % objectinfo.module "INCLUDE"> +<![ %objectinfo.module; [ +<!ENTITY % local.objectinfo.attrib ""> +<!ENTITY % objectinfo.role.attrib "%role.attrib;"> + +<!ENTITY % objectinfo.element "INCLUDE"> +<![ %objectinfo.element; [ +<!ELEMENT ObjectInfo - - ((Graphic | MediaObject | LegalNotice | ModeSpec + | SubjectSet | KeywordSet | ITermSet | %bibliocomponent.mix;)+) + -(BeginPage)> +<!--end of objectinfo.element-->]]> + +<!ENTITY % objectinfo.attlist "INCLUDE"> +<![ %objectinfo.attlist; [ +<!ATTLIST ObjectInfo + %common.attrib; + %objectinfo.role.attrib; + %local.objectinfo.attrib; +> +<!--end of objectinfo.attlist-->]]> +<!--end of objectinfo.module-->]]> + +<!ENTITY % local.objectdata.attrib ""> +<!ENTITY % objectdata.attrib + " + --EntityRef: Name of an external entity containing the content + of the object data-- + EntityRef ENTITY #IMPLIED + + --FileRef: Filename, qualified by a pathname if desired, + designating the file containing the content of the object data-- + FileRef CDATA #IMPLIED + + --Format: Notation of the element content, if any-- + Format (%notation.class;) + #IMPLIED + + --SrcCredit: Information about the source of the image-- + SrcCredit CDATA #IMPLIED + + %local.objectdata.attrib;" +> + +<!ENTITY % videodata.module "INCLUDE"> +<![ %videodata.module; [ +<!ENTITY % local.videodata.attrib ""> +<!ENTITY % videodata.role.attrib "%role.attrib;"> + +<!ENTITY % videodata.element "INCLUDE"> +<![ %videodata.element; [ +<!ELEMENT VideoData - O EMPTY> +<!--end of videodata.element-->]]> + +<!ENTITY % videodata.attlist "INCLUDE"> +<![ %videodata.attlist; [ +<!ATTLIST VideoData + %common.attrib; + %objectdata.attrib; + + --Width: Same as CALS reprowid (desired width)-- + Width NUTOKEN #IMPLIED + + --Depth: Same as CALS reprodep (desired depth)-- + Depth NUTOKEN #IMPLIED + + --Align: Same as CALS hplace with 'none' removed; #IMPLIED means + application-specific-- + Align (Left + |Right + |Center) #IMPLIED + + --Scale: Conflation of CALS hscale and vscale-- + Scale NUMBER #IMPLIED + + --Scalefit: Same as CALS scalefit-- + Scalefit %yesorno.attvals; + #IMPLIED + + %videodata.role.attrib; + %local.videodata.attrib; +> +<!--end of videodata.attlist-->]]> +<!--end of videodata.module-->]]> + +<!ENTITY % audiodata.module "INCLUDE"> +<![ %audiodata.module; [ +<!ENTITY % local.audiodata.attrib ""> +<!ENTITY % audiodata.role.attrib "%role.attrib;"> + +<!ENTITY % audiodata.element "INCLUDE"> +<![ %audiodata.element; [ +<!ELEMENT AudioData - O EMPTY> +<!--end of audiodata.element-->]]> + +<!ENTITY % audiodata.attlist "INCLUDE"> +<![ %audiodata.attlist; [ +<!ATTLIST AudioData + %common.attrib; + %objectdata.attrib; + %local.audiodata.attrib; + %audiodata.role.attrib; +> +<!--end of audiodata.attlist-->]]> +<!--end of audiodata.module-->]]> + +<!ENTITY % imagedata.module "INCLUDE"> +<![ %imagedata.module; [ +<!ENTITY % local.imagedata.attrib ""> +<!ENTITY % imagedata.role.attrib "%role.attrib;"> + +<!ENTITY % imagedata.element "INCLUDE"> +<![ %imagedata.element; [ +<!ELEMENT ImageData - O EMPTY> +<!--end of imagedata.element-->]]> + +<!ENTITY % imagedata.attlist "INCLUDE"> +<![ %imagedata.attlist; [ +<!ATTLIST ImageData + %common.attrib; + %objectdata.attrib; + + --Width: Same as CALS reprowid (desired width)-- + Width NUTOKEN #IMPLIED + + --Depth: Same as CALS reprodep (desired depth)-- + Depth NUTOKEN #IMPLIED + + --Align: Same as CALS hplace with 'none' removed; #IMPLIED means + application-specific-- + Align (Left + |Right + |Center) #IMPLIED + + --Scale: Conflation of CALS hscale and vscale-- + Scale NUMBER #IMPLIED + + --Scalefit: Same as CALS scalefit-- + Scalefit %yesorno.attvals; + #IMPLIED + + %local.imagedata.attrib; + %imagedata.role.attrib; +> +<!--end of imagedata.attlist-->]]> +<!--end of imagedata.module-->]]> + +<!ENTITY % caption.module "INCLUDE"> +<![ %caption.module; [ +<!ENTITY % local.caption.attrib ""> +<!ENTITY % caption.role.attrib "%role.attrib;"> + +<!ENTITY % caption.element "INCLUDE"> +<![ %caption.element; [ +<!ELEMENT Caption - - (%textobject.mix;)*> +<!--end of caption.element-->]]> + +<!ENTITY % caption.attlist "INCLUDE"> +<![ %caption.attlist; [ +<!ATTLIST Caption + %common.attrib; + %local.caption.attrib; + %caption.role.attrib; +> +<!--end of caption.attlist-->]]> +<!--end of caption.module-->]]> + +<!ENTITY % mediaobjectco.module "INCLUDE"> +<![ %mediaobjectco.module; [ +<!ENTITY % local.mediaobjectco.attrib ""> +<!ENTITY % mediaobjectco.role.attrib "%role.attrib;"> + +<!ENTITY % mediaobjectco.element "INCLUDE"> +<![ %mediaobjectco.element; [ +<!ELEMENT MediaObjectCO - - (ObjectInfo?, ImageObjectCO, + (ImageObjectCO|TextObject)*)> +<!--end of mediaobjectco.element-->]]> + +<!ENTITY % mediaobjectco.attlist "INCLUDE"> +<![ %mediaobjectco.attlist; [ +<!ATTLIST MediaObjectCO + %common.attrib; + %mediaobjectco.role.attrib; + %local.mediaobjectco.attrib; +> +<!--end of mediaobjectco.attlist-->]]> +<!--end of mediaobjectco.module-->]]> + +<!ENTITY % imageobjectco.module "INCLUDE"> +<![ %imageobjectco.module; [ +<!ENTITY % local.imageobjectco.attrib ""> +<!ENTITY % imageobjectco.role.attrib "%role.attrib;"> + +<!ENTITY % imageobjectco.element "INCLUDE"> +<![ %imageobjectco.element; [ +<!ELEMENT ImageObjectCO - - (AreaSpec, ImageObject, CalloutList*)> +<!--end of imageobjectco.element-->]]> + +<!ENTITY % imageobjectco.attlist "INCLUDE"> +<![ %imageobjectco.attlist; [ +<!ATTLIST ImageObjectCO + %common.attrib; + %imageobjectco.role.attrib; + %local.imageobjectco.attrib; +> +<!--end of imageobjectco.attlist-->]]> +<!--end of imageobjectco.module-->]]> +<!--end of mediaobject.content.module-->]]> + +<!-- Equations ........................ --> + +<!-- This PE provides a mechanism for replacing equation content, --> +<!-- perhaps adding a new or different model (e.g., MathML) --> +<!ENTITY % equation.content "(Alt?, (Graphic+|MediaObject+))"> +<!ENTITY % inlineequation.content "(Alt?, (Graphic+|InlineMediaObject+))"> + +<!ENTITY % equation.module "INCLUDE"> +<![ %equation.module; [ +<!ENTITY % local.equation.attrib ""> +<!ENTITY % equation.role.attrib "%role.attrib;"> + +<!ENTITY % equation.element "INCLUDE"> +<![ %equation.element; [ +<!ELEMENT Equation - - ((%formalobject.title.content;)?, (InformalEquation | + %equation.content;))> +<!--end of equation.element-->]]> + +<!ENTITY % equation.attlist "INCLUDE"> +<![ %equation.attlist; [ +<!ATTLIST Equation + %label.attrib; + %common.attrib; + %equation.role.attrib; + %local.equation.attrib; +> +<!--end of equation.attlist-->]]> +<!--end of equation.module-->]]> + +<!ENTITY % informalequation.module "INCLUDE"> +<![ %informalequation.module; [ +<!ENTITY % local.informalequation.attrib ""> +<!ENTITY % informalequation.role.attrib "%role.attrib;"> + +<!ENTITY % informalequation.element "INCLUDE"> +<![ %informalequation.element; [ +<!ELEMENT InformalEquation - - (%equation.content;)> +<!--end of informalequation.element-->]]> + +<!ENTITY % informalequation.attlist "INCLUDE"> +<![ %informalequation.attlist; [ +<!ATTLIST InformalEquation + %common.attrib; + %informalequation.role.attrib; + %local.informalequation.attrib; +> +<!--end of informalequation.attlist-->]]> +<!--end of informalequation.module-->]]> + +<!ENTITY % inlineequation.module "INCLUDE"> +<![ %inlineequation.module; [ +<!ENTITY % local.inlineequation.attrib ""> +<!ENTITY % inlineequation.role.attrib "%role.attrib;"> + +<!ENTITY % inlineequation.element "INCLUDE"> +<![ %inlineequation.element; [ +<!ELEMENT InlineEquation - - (%inlineequation.content;)> +<!--end of inlineequation.element-->]]> + +<!ENTITY % inlineequation.attlist "INCLUDE"> +<![ %inlineequation.attlist; [ +<!ATTLIST InlineEquation + %common.attrib; + %inlineequation.role.attrib; + %local.inlineequation.attrib; +> +<!--end of inlineequation.attlist-->]]> +<!--end of inlineequation.module-->]]> + +<!ENTITY % alt.module "INCLUDE"> +<![ %alt.module; [ +<!ENTITY % local.alt.attrib ""> +<!ENTITY % alt.role.attrib "%role.attrib;"> + +<!ENTITY % alt.element "INCLUDE"> +<![ %alt.element; [ +<!ELEMENT Alt - - (#PCDATA)> +<!--end of alt.element-->]]> + +<!ENTITY % alt.attlist "INCLUDE"> +<![ %alt.attlist; [ +<!ATTLIST Alt + %common.attrib; + %alt.role.attrib; + %local.alt.attrib; +> +<!--end of alt.attlist-->]]> +<!--end of alt.module-->]]> + +<!-- Tables ........................... --> + +<!ENTITY % table.module "INCLUDE"> +<![ %table.module; [ + +<!ENTITY % tables.role.attrib "%role.attrib;"> + +<!-- Add Label attribute to Table element (and InformalTable element). --> +<!ENTITY % bodyatt "%label.attrib;"> + +<!-- Add common attributes to Table, TGroup, TBody, THead, TFoot, Row, + EntryTbl, and Entry (and InformalTable element). --> +<!ENTITY % secur + "%common.attrib; + %tables.role.attrib;"> + +<!-- Remove Chart. --> +<!ENTITY % tbl.table.name "Table"> + +<!-- Content model for Table. --> +<!ENTITY % tbl.table.mdl + "((%formalobject.title.content;), + (%ndxterm.class;)*, + (Graphic+|MediaObject+|tgroup+))"> + +<!-- Exclude all DocBook tables and formal objects. --> +<!ENTITY % tbl.table.excep "-(InformalTable|%formal.class;)"> + +<!-- Remove pgbrk exception on Row. --> +<!ENTITY % tbl.row.excep ""> + +<!-- Allow either objects or inlines; beware of REs between elements. --> +<!ENTITY % tbl.entry.mdl "((%tabentry.mix;)+ | (%para.char.mix;)+)"> + +<!-- Remove pgbrk exception on Entry. --> +<!ENTITY % tbl.entry.excep ""> + +<!-- Remove pgbrk exception on EntryTbl, but leave exclusion of itself. --> +<!ENTITY % tbl.entrytbl.excep "-(entrytbl)"> + +<!-- Reference CALS table module. --> +<!ENTITY % calstbls PUBLIC "-//USA-DOD//DTD Table Model 951010//EN"> +%calstbls; +<!--end of table.module-->]]> + +<!ENTITY % informaltable.module "INCLUDE"> +<![ %informaltable.module; [ + +<!-- Note that InformalTable is dependent on some of the entity + declarations that customize Table. --> + +<!ENTITY % local.informaltable.attrib ""> + +<!ENTITY % informaltable.element "INCLUDE"> +<![ %informaltable.element; [ +<!ELEMENT InformalTable - - (Graphic+|MediaObject+|tgroup+) %tbl.table.excep;> +<!--end of informaltable.element-->]]> + +<!ENTITY % informaltable.attlist "INCLUDE"> +<![ %informaltable.attlist; [ +<!ATTLIST InformalTable + -- + Frame, Colsep, and Rowsep must be repeated because + they are not in entities in the table module. + -- + Frame (Top + |Bottom + |Topbot + |All + |Sides + |None) #IMPLIED + Colsep %yesorno.attvals; #IMPLIED + Rowsep %yesorno.attvals; #IMPLIED + %tbl.table.att; -- includes TabStyle, ToCentry, ShortEntry, + Orient, PgWide -- + %bodyatt; -- includes Label -- + %secur; -- includes common attributes -- + %local.informaltable.attrib; +> +<!--end of informaltable.attlist-->]]> +<!--end of informaltable.module-->]]> + +<!-- ...................................................................... --> +<!-- Synopses ............................................................. --> + +<!-- Synopsis ......................... --> + +<!ENTITY % synopsis.module "INCLUDE"> +<![ %synopsis.module; [ +<!ENTITY % local.synopsis.attrib ""> +<!ENTITY % synopsis.role.attrib "%role.attrib;"> + +<!ENTITY % synopsis.element "INCLUDE"> +<![ %synopsis.element; [ +<!ELEMENT Synopsis - - ((CO | LineAnnotation | %para.char.mix; + | Graphic | MediaObject)+)> +<!--end of synopsis.element-->]]> + +<!ENTITY % synopsis.attlist "INCLUDE"> +<![ %synopsis.attlist; [ +<!ATTLIST Synopsis + %label.attrib; + %linespecific.attrib; + %common.attrib; + %synopsis.role.attrib; + %local.synopsis.attrib; +> +<!--end of synopsis.attlist-->]]> + +<!-- LineAnnotation (defined in the Inlines section, below)--> +<!--end of synopsis.module-->]]> + +<!-- CmdSynopsis ...................... --> + +<!ENTITY % cmdsynopsis.content.module "INCLUDE"> +<![ %cmdsynopsis.content.module; [ +<!ENTITY % cmdsynopsis.module "INCLUDE"> +<![ %cmdsynopsis.module; [ +<!ENTITY % local.cmdsynopsis.attrib ""> +<!ENTITY % cmdsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % cmdsynopsis.element "INCLUDE"> +<![ %cmdsynopsis.element; [ +<!ELEMENT CmdSynopsis - - ((Command | Arg | Group | SBR)+, SynopFragment*)> +<!--end of cmdsynopsis.element-->]]> + +<!ENTITY % cmdsynopsis.attlist "INCLUDE"> +<![ %cmdsynopsis.attlist; [ +<!ATTLIST CmdSynopsis + %label.attrib; + -- + Sepchar: Character that should separate command and all + top-level arguments; alternate value might be e.g., Δ + -- + Sepchar CDATA " " + -- + CmdLength: Length beyond which the presentation engine + may consider a Command too long and select an alternate + presentation of the Command and, or, its associated + arguments. + -- + CmdLength CDATA #IMPLIED + %common.attrib; + %cmdsynopsis.role.attrib; + %local.cmdsynopsis.attrib; +> +<!--end of cmdsynopsis.attlist-->]]> +<!--end of cmdsynopsis.module-->]]> + +<!ENTITY % arg.module "INCLUDE"> +<![ %arg.module; [ +<!ENTITY % local.arg.attrib ""> +<!ENTITY % arg.role.attrib "%role.attrib;"> + +<!ENTITY % arg.element "INCLUDE"> +<![ %arg.element; [ +<!ELEMENT Arg - - ((#PCDATA + | Arg + | Group + | Option + | SynopFragmentRef + | Replaceable + | SBR)+)> +<!--end of arg.element-->]]> + +<!ENTITY % arg.attlist "INCLUDE"> +<![ %arg.attlist; [ +<!ATTLIST Arg + -- + Choice: Whether Arg must be supplied: Opt (optional to + supply, e.g. [arg]; the default), Req (required to supply, + e.g. {arg}), or Plain (required to supply, e.g. arg) + -- + Choice (Opt + |Req + |Plain) Opt + -- + Rep: whether Arg is repeatable: Norepeat (e.g. arg without + ellipsis; the default), or Repeat (e.g. arg...) + -- + Rep (Norepeat + |Repeat) Norepeat + %common.attrib; + %arg.role.attrib; + %local.arg.attrib; +> +<!--end of arg.attlist-->]]> +<!--end of arg.module-->]]> + +<!ENTITY % group.module "INCLUDE"> +<![ %group.module; [ + +<!ENTITY % local.group.attrib ""> +<!ENTITY % group.role.attrib "%role.attrib;"> + +<!ENTITY % group.element "INCLUDE"> +<![ %group.element; [ +<!ELEMENT Group - - ((Arg | Group | Option | SynopFragmentRef + | Replaceable | SBR)+)> +<!--end of group.element-->]]> + +<!ENTITY % group.attlist "INCLUDE"> +<![ %group.attlist; [ +<!ATTLIST Group + -- + Choice: Whether Group must be supplied: Opt (optional to + supply, e.g. [g1|g2|g3]; the default), Req (required to + supply, e.g. {g1|g2|g3}), Plain (required to supply, + e.g. g1|g2|g3), OptMult (can supply zero or more, e.g. + [[g1|g2|g3]]), or ReqMult (must supply one or more, e.g. + {{g1|g2|g3}}) + -- + Choice (Opt + |Req + |Plain) Opt + -- + Rep: whether Group is repeatable: Norepeat (e.g. group + without ellipsis; the default), or Repeat (e.g. group...) + -- + Rep (Norepeat + |Repeat) Norepeat + %common.attrib; + %group.role.attrib; + %local.group.attrib; +> +<!--end of group.attlist-->]]> +<!--end of group.module-->]]> + +<!ENTITY % sbr.module "INCLUDE"> +<![ %sbr.module; [ +<!ENTITY % local.sbr.attrib ""> +<!-- Synopsis break --> +<!ENTITY % sbr.role.attrib "%role.attrib;"> + +<!ENTITY % sbr.element "INCLUDE"> +<![ %sbr.element; [ +<!ELEMENT SBR - O EMPTY> +<!--end of sbr.element-->]]> + +<!ENTITY % sbr.attlist "INCLUDE"> +<![ %sbr.attlist; [ +<!ATTLIST SBR + %common.attrib; + %sbr.role.attrib; + %local.sbr.attrib; +> +<!--end of sbr.attlist-->]]> +<!--end of sbr.module-->]]> + +<!ENTITY % synopfragmentref.module "INCLUDE"> +<![ %synopfragmentref.module; [ +<!ENTITY % local.synopfragmentref.attrib ""> +<!ENTITY % synopfragmentref.role.attrib "%role.attrib;"> + +<!ENTITY % synopfragmentref.element "INCLUDE"> +<![ %synopfragmentref.element; [ +<!ELEMENT SynopFragmentRef - - RCDATA > +<!--end of synopfragmentref.element-->]]> + +<!ENTITY % synopfragmentref.attlist "INCLUDE"> +<![ %synopfragmentref.attlist; [ +<!ATTLIST SynopFragmentRef + %linkendreq.attrib; --to SynopFragment of complex synopsis + material for separate referencing-- + %common.attrib; + %synopfragmentref.role.attrib; + %local.synopfragmentref.attrib; +> +<!--end of synopfragmentref.attlist-->]]> +<!--end of synopfragmentref.module-->]]> + +<!ENTITY % synopfragment.module "INCLUDE"> +<![ %synopfragment.module; [ +<!ENTITY % local.synopfragment.attrib ""> +<!ENTITY % synopfragment.role.attrib "%role.attrib;"> + +<!ENTITY % synopfragment.element "INCLUDE"> +<![ %synopfragment.element; [ +<!ELEMENT SynopFragment - - ((Arg | Group)+)> +<!--end of synopfragment.element-->]]> + +<!ENTITY % synopfragment.attlist "INCLUDE"> +<![ %synopfragment.attlist; [ +<!ATTLIST SynopFragment + %idreq.common.attrib; + %synopfragment.role.attrib; + %local.synopfragment.attrib; +> +<!--end of synopfragment.attlist-->]]> +<!--end of synopfragment.module-->]]> + +<!-- Command (defined in the Inlines section, below)--> +<!-- Option (defined in the Inlines section, below)--> +<!-- Replaceable (defined in the Inlines section, below)--> +<!--end of cmdsynopsis.content.module-->]]> + +<!-- FuncSynopsis ..................... --> + +<!ENTITY % funcsynopsis.content.module "INCLUDE"> +<![ %funcsynopsis.content.module; [ +<!ENTITY % funcsynopsis.module "INCLUDE"> +<![ %funcsynopsis.module; [ + +<!ENTITY % local.funcsynopsis.attrib ""> +<!ENTITY % funcsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % funcsynopsis.element "INCLUDE"> +<![ %funcsynopsis.element; [ +<!ELEMENT FuncSynopsis - - (FuncSynopsisInfo|FuncPrototype)+> +<!--end of funcsynopsis.element-->]]> + +<!ENTITY % funcsynopsis.attlist "INCLUDE"> +<![ %funcsynopsis.attlist; [ +<!ATTLIST FuncSynopsis + %label.attrib; + %common.attrib; + %funcsynopsis.role.attrib; + %local.funcsynopsis.attrib; +> +<!--end of funcsynopsis.attlist-->]]> +<!--end of funcsynopsis.module-->]]> + +<!ENTITY % funcsynopsisinfo.module "INCLUDE"> +<![ %funcsynopsisinfo.module; [ +<!ENTITY % local.funcsynopsisinfo.attrib ""> +<!ENTITY % funcsynopsisinfo.role.attrib "%role.attrib;"> + +<!ENTITY % funcsynopsisinfo.element "INCLUDE"> +<![ %funcsynopsisinfo.element; [ +<!ELEMENT FuncSynopsisInfo - O ((LineAnnotation | %cptr.char.mix;)* )> +<!--end of funcsynopsisinfo.element-->]]> + +<!ENTITY % funcsynopsisinfo.attlist "INCLUDE"> +<![ %funcsynopsisinfo.attlist; [ +<!ATTLIST FuncSynopsisInfo + %linespecific.attrib; + %common.attrib; + %funcsynopsisinfo.role.attrib; + %local.funcsynopsisinfo.attrib; +> +<!--end of funcsynopsisinfo.attlist-->]]> +<!--end of funcsynopsisinfo.module-->]]> + +<!ENTITY % funcprototype.module "INCLUDE"> +<![ %funcprototype.module; [ +<!ENTITY % local.funcprototype.attrib ""> +<!ENTITY % funcprototype.role.attrib "%role.attrib;"> + +<!ENTITY % funcprototype.element "INCLUDE"> +<![ %funcprototype.element; [ +<!ELEMENT FuncPrototype - O (FuncDef, (Void | VarArgs | ParamDef+))> +<!--end of funcprototype.element-->]]> + +<!ENTITY % funcprototype.attlist "INCLUDE"> +<![ %funcprototype.attlist; [ +<!ATTLIST FuncPrototype + %common.attrib; + %funcprototype.role.attrib; + %local.funcprototype.attrib; +> +<!--end of funcprototype.attlist-->]]> +<!--end of funcprototype.module-->]]> + +<!ENTITY % funcdef.module "INCLUDE"> +<![ %funcdef.module; [ +<!ENTITY % local.funcdef.attrib ""> +<!ENTITY % funcdef.role.attrib "%role.attrib;"> + +<!ENTITY % funcdef.element "INCLUDE"> +<![ %funcdef.element; [ +<!ELEMENT FuncDef - - ((#PCDATA + | Replaceable + | Function)*)> +<!--end of funcdef.element-->]]> + +<!ENTITY % funcdef.attlist "INCLUDE"> +<![ %funcdef.attlist; [ +<!ATTLIST FuncDef + %common.attrib; + %funcdef.role.attrib; + %local.funcdef.attrib; +> +<!--end of funcdef.attlist-->]]> +<!--end of funcdef.module-->]]> + +<!ENTITY % void.module "INCLUDE"> +<![ %void.module; [ +<!ENTITY % local.void.attrib ""> +<!ENTITY % void.role.attrib "%role.attrib;"> + +<!ENTITY % void.element "INCLUDE"> +<![ %void.element; [ +<!ELEMENT Void - O EMPTY> +<!--end of void.element-->]]> + +<!ENTITY % void.attlist "INCLUDE"> +<![ %void.attlist; [ +<!ATTLIST Void + %common.attrib; + %void.role.attrib; + %local.void.attrib; +> +<!--end of void.attlist-->]]> +<!--end of void.module-->]]> + +<!ENTITY % varargs.module "INCLUDE"> +<![ %varargs.module; [ +<!ENTITY % local.varargs.attrib ""> +<!ENTITY % varargs.role.attrib "%role.attrib;"> + +<!ENTITY % varargs.element "INCLUDE"> +<![ %varargs.element; [ +<!ELEMENT VarArgs - O EMPTY> +<!--end of varargs.element-->]]> + +<!ENTITY % varargs.attlist "INCLUDE"> +<![ %varargs.attlist; [ +<!ATTLIST VarArgs + %common.attrib; + %varargs.role.attrib; + %local.varargs.attrib; +> +<!--end of varargs.attlist-->]]> +<!--end of varargs.module-->]]> + +<!-- Processing assumes that only one Parameter will appear in a + ParamDef, and that FuncParams will be used at most once, for + providing information on the "inner parameters" for parameters that + are pointers to functions. --> + +<!ENTITY % paramdef.module "INCLUDE"> +<![ %paramdef.module; [ +<!ENTITY % local.paramdef.attrib ""> +<!ENTITY % paramdef.role.attrib "%role.attrib;"> + +<!ENTITY % paramdef.element "INCLUDE"> +<![ %paramdef.element; [ +<!ELEMENT ParamDef - - ((#PCDATA + | Replaceable + | Parameter + | FuncParams)*)> +<!--end of paramdef.element-->]]> + +<!ENTITY % paramdef.attlist "INCLUDE"> +<![ %paramdef.attlist; [ +<!ATTLIST ParamDef + %common.attrib; + %paramdef.role.attrib; + %local.paramdef.attrib; +> +<!--end of paramdef.attlist-->]]> +<!--end of paramdef.module-->]]> + +<!ENTITY % funcparams.module "INCLUDE"> +<![ %funcparams.module; [ +<!ENTITY % local.funcparams.attrib ""> +<!ENTITY % funcparams.role.attrib "%role.attrib;"> + +<!ENTITY % funcparams.element "INCLUDE"> +<![ %funcparams.element; [ +<!ELEMENT FuncParams - - ((%cptr.char.mix;)*)> +<!--end of funcparams.element-->]]> + +<!ENTITY % funcparams.attlist "INCLUDE"> +<![ %funcparams.attlist; [ +<!ATTLIST FuncParams + %common.attrib; + %funcparams.role.attrib; + %local.funcparams.attrib; +> +<!--end of funcparams.attlist-->]]> +<!--end of funcparams.module-->]]> + +<!-- LineAnnotation (defined in the Inlines section, below)--> +<!-- Replaceable (defined in the Inlines section, below)--> +<!-- Function (defined in the Inlines section, below)--> +<!-- Parameter (defined in the Inlines section, below)--> +<!--end of funcsynopsis.content.module-->]]> + +<!-- ClassSynopsis ..................... --> + +<!ENTITY % classsynopsis.content.module "INCLUDE"> +<![%classsynopsis.content.module;[ + +<!ENTITY % classsynopsis.module "INCLUDE"> +<![%classsynopsis.module;[ +<!ENTITY % local.classsynopsis.attrib ""> +<!ENTITY % classsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % classsynopsis.element "INCLUDE"> +<![%classsynopsis.element;[ +<!ELEMENT ClassSynopsis - - ((OOClass|OOInterface|OOException)+, + (ClassSynopsisInfo + |FieldSynopsis|%method.synop.class;)*)> +<!--end of classsynopsis.element-->]]> + +<!ENTITY % classsynopsis.attlist "INCLUDE"> +<![%classsynopsis.attlist;[ +<!ATTLIST ClassSynopsis + %common.attrib; + %classsynopsis.role.attrib; + %local.classsynopsis.attrib; + Language CDATA #IMPLIED + Class (Class|Interface) "Class" +> +<!--end of classsynopsis.attlist-->]]> +<!--end of classsynopsis.module-->]]> + +<!ENTITY % classsynopsisinfo.module "INCLUDE"> +<![ %classsynopsisinfo.module; [ +<!ENTITY % local.classsynopsisinfo.attrib ""> +<!ENTITY % classsynopsisinfo.role.attrib "%role.attrib;"> + +<!ENTITY % classsynopsisinfo.element "INCLUDE"> +<![ %classsynopsisinfo.element; [ +<!ELEMENT ClassSynopsisInfo - O ((LineAnnotation | %cptr.char.mix;)* )> +<!--end of classsynopsisinfo.element-->]]> + +<!ENTITY % classsynopsisinfo.attlist "INCLUDE"> +<![ %classsynopsisinfo.attlist; [ +<!ATTLIST ClassSynopsisInfo + %linespecific.attrib; + %common.attrib; + %classsynopsisinfo.role.attrib; + %local.classsynopsisinfo.attrib; +> +<!--end of classsynopsisinfo.attlist-->]]> +<!--end of classsynopsisinfo.module-->]]> + +<!ENTITY % ooclass.module "INCLUDE"> +<![%ooclass.module;[ +<!ENTITY % local.ooclass.attrib ""> +<!ENTITY % ooclass.role.attrib "%role.attrib;"> + +<!ENTITY % ooclass.element "INCLUDE"> +<![%ooclass.element;[ +<!ELEMENT OOClass - - (Modifier*, ClassName)> +<!--end of ooclass.element-->]]> + +<!ENTITY % ooclass.attlist "INCLUDE"> +<![%ooclass.attlist;[ +<!ATTLIST OOClass + %common.attrib; + %ooclass.role.attrib; + %local.ooclass.attrib; +> +<!--end of ooclass.attlist-->]]> +<!--end of ooclass.module-->]]> + +<!ENTITY % oointerface.module "INCLUDE"> +<![%oointerface.module;[ +<!ENTITY % local.oointerface.attrib ""> +<!ENTITY % oointerface.role.attrib "%role.attrib;"> + +<!ENTITY % oointerface.element "INCLUDE"> +<![%oointerface.element;[ +<!ELEMENT OOInterface - - (Modifier*, InterfaceName)> +<!--end of oointerface.element-->]]> + +<!ENTITY % oointerface.attlist "INCLUDE"> +<![%oointerface.attlist;[ +<!ATTLIST OOInterface + %common.attrib; + %oointerface.role.attrib; + %local.oointerface.attrib; +> +<!--end of oointerface.attlist-->]]> +<!--end of oointerface.module-->]]> + +<!ENTITY % ooexception.module "INCLUDE"> +<![%ooexception.module;[ +<!ENTITY % local.ooexception.attrib ""> +<!ENTITY % ooexception.role.attrib "%role.attrib;"> + +<!ENTITY % ooexception.element "INCLUDE"> +<![%ooexception.element;[ +<!ELEMENT OOException - - (Modifier*, ExceptionName)> +<!--end of ooexception.element-->]]> + +<!ENTITY % ooexception.attlist "INCLUDE"> +<![%ooexception.attlist;[ +<!ATTLIST OOException + %common.attrib; + %ooexception.role.attrib; + %local.ooexception.attrib; +> +<!--end of ooexception.attlist-->]]> +<!--end of ooexception.module-->]]> + +<!ENTITY % modifier.module "INCLUDE"> +<![%modifier.module;[ +<!ENTITY % local.modifier.attrib ""> +<!ENTITY % modifier.role.attrib "%role.attrib;"> + +<!ENTITY % modifier.element "INCLUDE"> +<![%modifier.element;[ +<!ELEMENT Modifier - - (%smallcptr.char.mix;)*> +<!--end of modifier.element-->]]> + +<!ENTITY % modifier.attlist "INCLUDE"> +<![%modifier.attlist;[ +<!ATTLIST Modifier + %common.attrib; + %modifier.role.attrib; + %local.modifier.attrib; +> +<!--end of modifier.attlist-->]]> +<!--end of modifier.module-->]]> + +<!ENTITY % interfacename.module "INCLUDE"> +<![%interfacename.module;[ +<!ENTITY % local.interfacename.attrib ""> +<!ENTITY % interfacename.role.attrib "%role.attrib;"> + +<!ENTITY % interfacename.element "INCLUDE"> +<![%interfacename.element;[ +<!ELEMENT InterfaceName - - (%smallcptr.char.mix;)*> +<!--end of interfacename.element-->]]> + +<!ENTITY % interfacename.attlist "INCLUDE"> +<![%interfacename.attlist;[ +<!ATTLIST InterfaceName + %common.attrib; + %interfacename.role.attrib; + %local.interfacename.attrib; +> +<!--end of interfacename.attlist-->]]> +<!--end of interfacename.module-->]]> + +<!ENTITY % exceptionname.module "INCLUDE"> +<![%exceptionname.module;[ +<!ENTITY % local.exceptionname.attrib ""> +<!ENTITY % exceptionname.role.attrib "%role.attrib;"> + +<!ENTITY % exceptionname.element "INCLUDE"> +<![%exceptionname.element;[ +<!ELEMENT ExceptionName - - (%smallcptr.char.mix;)*> +<!--end of exceptionname.element-->]]> + +<!ENTITY % exceptionname.attlist "INCLUDE"> +<![%exceptionname.attlist;[ +<!ATTLIST ExceptionName + %common.attrib; + %exceptionname.role.attrib; + %local.exceptionname.attrib; +> +<!--end of exceptionname.attlist-->]]> +<!--end of exceptionname.module-->]]> + +<!ENTITY % fieldsynopsis.module "INCLUDE"> +<![%fieldsynopsis.module;[ +<!ENTITY % local.fieldsynopsis.attrib ""> +<!ENTITY % fieldsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % fieldsynopsis.element "INCLUDE"> +<![%fieldsynopsis.element;[ +<!ELEMENT FieldSynopsis - - (Modifier*, Type?, VarName, Initializer?)> +<!--end of fieldsynopsis.element-->]]> + +<!ENTITY % fieldsynopsis.attlist "INCLUDE"> +<![%fieldsynopsis.attlist;[ +<!ATTLIST FieldSynopsis + %common.attrib; + %fieldsynopsis.role.attrib; + %local.fieldsynopsis.attrib; +> +<!--end of fieldsynopsis.attlist-->]]> +<!--end of fieldsynopsis.module-->]]> + +<!ENTITY % initializer.module "INCLUDE"> +<![%initializer.module;[ +<!ENTITY % local.initializer.attrib ""> +<!ENTITY % initializer.role.attrib "%role.attrib;"> + +<!ENTITY % initializer.element "INCLUDE"> +<![%initializer.element;[ +<!ELEMENT Initializer - - (%smallcptr.char.mix;)*> +<!--end of initializer.element-->]]> + +<!ENTITY % initializer.attlist "INCLUDE"> +<![%initializer.attlist;[ +<!ATTLIST Initializer + %common.attrib; + %initializer.role.attrib; + %local.initializer.attrib; +> +<!--end of initializer.attlist-->]]> +<!--end of initializer.module-->]]> + +<!ENTITY % constructorsynopsis.module "INCLUDE"> +<![%constructorsynopsis.module;[ +<!ENTITY % local.constructorsynopsis.attrib ""> +<!ENTITY % constructorsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % constructorsynopsis.element "INCLUDE"> +<![%constructorsynopsis.element;[ +<!ELEMENT ConstructorSynopsis - - (Modifier*, + MethodName?, + (MethodParam+|Void), + ExceptionName*)> +<!--end of constructorsynopsis.element-->]]> + +<!ENTITY % constructorsynopsis.attlist "INCLUDE"> +<![%constructorsynopsis.attlist;[ +<!ATTLIST ConstructorSynopsis + %common.attrib; + %constructorsynopsis.role.attrib; + %local.constructorsynopsis.attrib; +> +<!--end of constructorsynopsis.attlist-->]]> +<!--end of constructorsynopsis.module-->]]> + +<!ENTITY % destructorsynopsis.module "INCLUDE"> +<![%destructorsynopsis.module;[ +<!ENTITY % local.destructorsynopsis.attrib ""> +<!ENTITY % destructorsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % destructorsynopsis.element "INCLUDE"> +<![%destructorsynopsis.element;[ +<!ELEMENT DestructorSynopsis - - (Modifier*, + MethodName?, + (MethodParam+|Void), + ExceptionName*)> +<!--end of destructorsynopsis.element-->]]> + +<!ENTITY % destructorsynopsis.attlist "INCLUDE"> +<![%destructorsynopsis.attlist;[ +<!ATTLIST DestructorSynopsis + %common.attrib; + %destructorsynopsis.role.attrib; + %local.destructorsynopsis.attrib; +> +<!--end of destructorsynopsis.attlist-->]]> +<!--end of destructorsynopsis.module-->]]> + +<!ENTITY % methodsynopsis.module "INCLUDE"> +<![%methodsynopsis.module;[ +<!ENTITY % local.methodsynopsis.attrib ""> +<!ENTITY % methodsynopsis.role.attrib "%role.attrib;"> + +<!ENTITY % methodsynopsis.element "INCLUDE"> +<![%methodsynopsis.element;[ +<!ELEMENT MethodSynopsis - - (Modifier*, + (Type|Void)?, + MethodName, + (MethodParam+|Void), + ExceptionName*, + Modifier*)> +<!--end of methodsynopsis.element-->]]> + +<!ENTITY % methodsynopsis.attlist "INCLUDE"> +<![%methodsynopsis.attlist;[ +<!ATTLIST MethodSynopsis + %common.attrib; + %methodsynopsis.role.attrib; + %local.methodsynopsis.attrib; +> +<!--end of methodsynopsis.attlist-->]]> +<!--end of methodsynopsis.module-->]]> + +<!ENTITY % methodname.module "INCLUDE"> +<![%methodname.module;[ +<!ENTITY % local.methodname.attrib ""> +<!ENTITY % methodname.role.attrib "%role.attrib;"> + +<!ENTITY % methodname.element "INCLUDE"> +<![%methodname.element;[ +<!ELEMENT MethodName - - (%smallcptr.char.mix;)*> +<!--end of methodname.element-->]]> + +<!ENTITY % methodname.attlist "INCLUDE"> +<![%methodname.attlist;[ +<!ATTLIST MethodName + %common.attrib; + %methodname.role.attrib; + %local.methodname.attrib; +> +<!--end of methodname.attlist-->]]> +<!--end of methodname.module-->]]> + +<!ENTITY % methodparam.module "INCLUDE"> +<![%methodparam.module;[ +<!ENTITY % local.methodparam.attrib ""> +<!ENTITY % methodparam.role.attrib "%role.attrib;"> + +<!ENTITY % methodparam.element "INCLUDE"> +<![%methodparam.element;[ +<!ELEMENT MethodParam - - (Modifier*, + Type?, ((Parameter,Initializer?)|FuncParams), + Modifier*)> +<!--end of methodparam.element-->]]> + +<!ENTITY % methodparam.attlist "INCLUDE"> +<![%methodparam.attlist;[ +<!ATTLIST MethodParam + %common.attrib; + %methodparam.role.attrib; + %local.methodparam.attrib; + Choice (Opt + |Req + |Plain) "Req" + Rep (Norepeat + |Repeat) "Norepeat" +> +<!--end of methodparam.attlist-->]]> +<!--end of methodparam.module-->]]> +<!--end of classsynopsis.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Document information entities and elements ........................... --> + +<!-- The document information elements include some elements that are + currently used only in the document hierarchy module. They are + defined here so that they will be available for use in customized + document hierarchies. --> + +<!-- .................................. --> + +<!ENTITY % docinfo.content.module "INCLUDE"> +<![ %docinfo.content.module; [ + +<!-- Ackno ............................ --> + +<!ENTITY % ackno.module "INCLUDE"> +<![ %ackno.module; [ +<!ENTITY % local.ackno.attrib ""> +<!ENTITY % ackno.role.attrib "%role.attrib;"> + +<!ENTITY % ackno.element "INCLUDE"> +<![ %ackno.element; [ +<!ELEMENT Ackno - - ((%docinfo.char.mix;)+)> +<!--end of ackno.element-->]]> + +<!ENTITY % ackno.attlist "INCLUDE"> +<![ %ackno.attlist; [ +<!ATTLIST Ackno + %common.attrib; + %ackno.role.attrib; + %local.ackno.attrib; +> +<!--end of ackno.attlist-->]]> +<!--end of ackno.module-->]]> + +<!-- Address .......................... --> + +<!ENTITY % address.content.module "INCLUDE"> +<![ %address.content.module; [ +<!ENTITY % address.module "INCLUDE"> +<![ %address.module; [ +<!ENTITY % local.address.attrib ""> +<!ENTITY % address.role.attrib "%role.attrib;"> + +<!ENTITY % address.element "INCLUDE"> +<![ %address.element; [ +<!ELEMENT Address - - (#PCDATA|%person.ident.mix; + |Street|POB|Postcode|City|State|Country|Phone + |Fax|Email|OtherAddr)*> +<!--end of address.element-->]]> + +<!ENTITY % address.attlist "INCLUDE"> +<![ %address.attlist; [ +<!ATTLIST Address + %linespecific.attrib; + %common.attrib; + %address.role.attrib; + %local.address.attrib; +> +<!--end of address.attlist-->]]> +<!--end of address.module-->]]> + + <!ENTITY % street.module "INCLUDE"> + <![ %street.module; [ + <!ENTITY % local.street.attrib ""> + <!ENTITY % street.role.attrib "%role.attrib;"> + +<!ENTITY % street.element "INCLUDE"> +<![ %street.element; [ +<!ELEMENT Street - - ((%docinfo.char.mix;)+)> +<!--end of street.element-->]]> + +<!ENTITY % street.attlist "INCLUDE"> +<![ %street.attlist; [ +<!ATTLIST Street + %common.attrib; + %street.role.attrib; + %local.street.attrib; +> +<!--end of street.attlist-->]]> + <!--end of street.module-->]]> + + <!ENTITY % pob.module "INCLUDE"> + <![ %pob.module; [ + <!ENTITY % local.pob.attrib ""> + <!ENTITY % pob.role.attrib "%role.attrib;"> + +<!ENTITY % pob.element "INCLUDE"> +<![ %pob.element; [ +<!ELEMENT POB - - ((%docinfo.char.mix;)+)> +<!--end of pob.element-->]]> + +<!ENTITY % pob.attlist "INCLUDE"> +<![ %pob.attlist; [ +<!ATTLIST POB + %common.attrib; + %pob.role.attrib; + %local.pob.attrib; +> +<!--end of pob.attlist-->]]> + <!--end of pob.module-->]]> + + <!ENTITY % postcode.module "INCLUDE"> + <![ %postcode.module; [ + <!ENTITY % local.postcode.attrib ""> + <!ENTITY % postcode.role.attrib "%role.attrib;"> + +<!ENTITY % postcode.element "INCLUDE"> +<![ %postcode.element; [ +<!ELEMENT Postcode - - ((%docinfo.char.mix;)+)> +<!--end of postcode.element-->]]> + +<!ENTITY % postcode.attlist "INCLUDE"> +<![ %postcode.attlist; [ +<!ATTLIST Postcode + %common.attrib; + %postcode.role.attrib; + %local.postcode.attrib; +> +<!--end of postcode.attlist-->]]> + <!--end of postcode.module-->]]> + + <!ENTITY % city.module "INCLUDE"> + <![ %city.module; [ + <!ENTITY % local.city.attrib ""> + <!ENTITY % city.role.attrib "%role.attrib;"> + +<!ENTITY % city.element "INCLUDE"> +<![ %city.element; [ +<!ELEMENT City - - ((%docinfo.char.mix;)+)> +<!--end of city.element-->]]> + +<!ENTITY % city.attlist "INCLUDE"> +<![ %city.attlist; [ +<!ATTLIST City + %common.attrib; + %city.role.attrib; + %local.city.attrib; +> +<!--end of city.attlist-->]]> + <!--end of city.module-->]]> + + <!ENTITY % state.module "INCLUDE"> + <![ %state.module; [ + <!ENTITY % local.state.attrib ""> + <!ENTITY % state.role.attrib "%role.attrib;"> + +<!ENTITY % state.element "INCLUDE"> +<![ %state.element; [ +<!ELEMENT State - - ((%docinfo.char.mix;)+)> +<!--end of state.element-->]]> + +<!ENTITY % state.attlist "INCLUDE"> +<![ %state.attlist; [ +<!ATTLIST State + %common.attrib; + %state.role.attrib; + %local.state.attrib; +> +<!--end of state.attlist-->]]> + <!--end of state.module-->]]> + + <!ENTITY % country.module "INCLUDE"> + <![ %country.module; [ + <!ENTITY % local.country.attrib ""> + <!ENTITY % country.role.attrib "%role.attrib;"> + +<!ENTITY % country.element "INCLUDE"> +<![ %country.element; [ +<!ELEMENT Country - - ((%docinfo.char.mix;)+)> +<!--end of country.element-->]]> + +<!ENTITY % country.attlist "INCLUDE"> +<![ %country.attlist; [ +<!ATTLIST Country + %common.attrib; + %country.role.attrib; + %local.country.attrib; +> +<!--end of country.attlist-->]]> + <!--end of country.module-->]]> + + <!ENTITY % phone.module "INCLUDE"> + <![ %phone.module; [ + <!ENTITY % local.phone.attrib ""> + <!ENTITY % phone.role.attrib "%role.attrib;"> + +<!ENTITY % phone.element "INCLUDE"> +<![ %phone.element; [ +<!ELEMENT Phone - - ((%docinfo.char.mix;)+)> +<!--end of phone.element-->]]> + +<!ENTITY % phone.attlist "INCLUDE"> +<![ %phone.attlist; [ +<!ATTLIST Phone + %common.attrib; + %phone.role.attrib; + %local.phone.attrib; +> +<!--end of phone.attlist-->]]> + <!--end of phone.module-->]]> + + <!ENTITY % fax.module "INCLUDE"> + <![ %fax.module; [ + <!ENTITY % local.fax.attrib ""> + <!ENTITY % fax.role.attrib "%role.attrib;"> + +<!ENTITY % fax.element "INCLUDE"> +<![ %fax.element; [ +<!ELEMENT Fax - - ((%docinfo.char.mix;)+)> +<!--end of fax.element-->]]> + +<!ENTITY % fax.attlist "INCLUDE"> +<![ %fax.attlist; [ +<!ATTLIST Fax + %common.attrib; + %fax.role.attrib; + %local.fax.attrib; +> +<!--end of fax.attlist-->]]> + <!--end of fax.module-->]]> + + <!-- Email (defined in the Inlines section, below)--> + + <!ENTITY % otheraddr.module "INCLUDE"> + <![ %otheraddr.module; [ + <!ENTITY % local.otheraddr.attrib ""> + <!ENTITY % otheraddr.role.attrib "%role.attrib;"> + +<!ENTITY % otheraddr.element "INCLUDE"> +<![ %otheraddr.element; [ +<!ELEMENT OtherAddr - - ((%docinfo.char.mix;)+)> +<!--end of otheraddr.element-->]]> + +<!ENTITY % otheraddr.attlist "INCLUDE"> +<![ %otheraddr.attlist; [ +<!ATTLIST OtherAddr + %common.attrib; + %otheraddr.role.attrib; + %local.otheraddr.attrib; +> +<!--end of otheraddr.attlist-->]]> + <!--end of otheraddr.module-->]]> +<!--end of address.content.module-->]]> + +<!-- Affiliation ...................... --> + +<!ENTITY % affiliation.content.module "INCLUDE"> +<![ %affiliation.content.module; [ +<!ENTITY % affiliation.module "INCLUDE"> +<![ %affiliation.module; [ +<!ENTITY % local.affiliation.attrib ""> +<!ENTITY % affiliation.role.attrib "%role.attrib;"> + +<!ENTITY % affiliation.element "INCLUDE"> +<![ %affiliation.element; [ +<!ELEMENT Affiliation - - (ShortAffil?, JobTitle*, OrgName?, OrgDiv*, + Address*)> +<!--end of affiliation.element-->]]> + +<!ENTITY % affiliation.attlist "INCLUDE"> +<![ %affiliation.attlist; [ +<!ATTLIST Affiliation + %common.attrib; + %affiliation.role.attrib; + %local.affiliation.attrib; +> +<!--end of affiliation.attlist-->]]> +<!--end of affiliation.module-->]]> + + <!ENTITY % shortaffil.module "INCLUDE"> + <![ %shortaffil.module; [ + <!ENTITY % local.shortaffil.attrib ""> + <!ENTITY % shortaffil.role.attrib "%role.attrib;"> + +<!ENTITY % shortaffil.element "INCLUDE"> +<![ %shortaffil.element; [ +<!ELEMENT ShortAffil - - ((%docinfo.char.mix;)+)> +<!--end of shortaffil.element-->]]> + +<!ENTITY % shortaffil.attlist "INCLUDE"> +<![ %shortaffil.attlist; [ +<!ATTLIST ShortAffil + %common.attrib; + %shortaffil.role.attrib; + %local.shortaffil.attrib; +> +<!--end of shortaffil.attlist-->]]> + <!--end of shortaffil.module-->]]> + + <!ENTITY % jobtitle.module "INCLUDE"> + <![ %jobtitle.module; [ + <!ENTITY % local.jobtitle.attrib ""> + <!ENTITY % jobtitle.role.attrib "%role.attrib;"> + +<!ENTITY % jobtitle.element "INCLUDE"> +<![ %jobtitle.element; [ +<!ELEMENT JobTitle - - ((%docinfo.char.mix;)+)> +<!--end of jobtitle.element-->]]> + +<!ENTITY % jobtitle.attlist "INCLUDE"> +<![ %jobtitle.attlist; [ +<!ATTLIST JobTitle + %common.attrib; + %jobtitle.role.attrib; + %local.jobtitle.attrib; +> +<!--end of jobtitle.attlist-->]]> + <!--end of jobtitle.module-->]]> + + <!-- OrgName (defined elsewhere in this section)--> + + <!ENTITY % orgdiv.module "INCLUDE"> + <![ %orgdiv.module; [ + <!ENTITY % local.orgdiv.attrib ""> + <!ENTITY % orgdiv.role.attrib "%role.attrib;"> + +<!ENTITY % orgdiv.element "INCLUDE"> +<![ %orgdiv.element; [ +<!ELEMENT OrgDiv - - ((%docinfo.char.mix;)+)> +<!--end of orgdiv.element-->]]> + +<!ENTITY % orgdiv.attlist "INCLUDE"> +<![ %orgdiv.attlist; [ +<!ATTLIST OrgDiv + %common.attrib; + %orgdiv.role.attrib; + %local.orgdiv.attrib; +> +<!--end of orgdiv.attlist-->]]> + <!--end of orgdiv.module-->]]> + + <!-- Address (defined elsewhere in this section)--> +<!--end of affiliation.content.module-->]]> + +<!-- ArtPageNums ...................... --> + +<!ENTITY % artpagenums.module "INCLUDE"> +<![ %artpagenums.module; [ +<!ENTITY % local.artpagenums.attrib ""> +<!ENTITY % argpagenums.role.attrib "%role.attrib;"> + +<!ENTITY % artpagenums.element "INCLUDE"> +<![ %artpagenums.element; [ +<!ELEMENT ArtPageNums - - ((%docinfo.char.mix;)+)> +<!--end of artpagenums.element-->]]> + +<!ENTITY % artpagenums.attlist "INCLUDE"> +<![ %artpagenums.attlist; [ +<!ATTLIST ArtPageNums + %common.attrib; + %argpagenums.role.attrib; + %local.artpagenums.attrib; +> +<!--end of artpagenums.attlist-->]]> +<!--end of artpagenums.module-->]]> + +<!-- Author ........................... --> + +<!ENTITY % author.module "INCLUDE"> +<![ %author.module; [ +<!ENTITY % local.author.attrib ""> +<!ENTITY % author.role.attrib "%role.attrib;"> + +<!ENTITY % author.element "INCLUDE"> +<![ %author.element; [ +<!ELEMENT Author - - ((%person.ident.mix;)+)> +<!--end of author.element-->]]> + +<!ENTITY % author.attlist "INCLUDE"> +<![ %author.attlist; [ +<!ATTLIST Author + %common.attrib; + %author.role.attrib; + %local.author.attrib; +> +<!--end of author.attlist-->]]> +<!--(see "Personal identity elements" for %person.ident.mix;)--> +<!--end of author.module-->]]> + +<!-- AuthorGroup ...................... --> + +<!ENTITY % authorgroup.content.module "INCLUDE"> +<![ %authorgroup.content.module; [ +<!ENTITY % authorgroup.module "INCLUDE"> +<![ %authorgroup.module; [ +<!ENTITY % local.authorgroup.attrib ""> +<!ENTITY % authorgroup.role.attrib "%role.attrib;"> + +<!ENTITY % authorgroup.element "INCLUDE"> +<![ %authorgroup.element; [ +<!ELEMENT AuthorGroup - - ((Author|Editor|Collab|CorpAuthor|OtherCredit)+)> +<!--end of authorgroup.element-->]]> + +<!ENTITY % authorgroup.attlist "INCLUDE"> +<![ %authorgroup.attlist; [ +<!ATTLIST AuthorGroup + %common.attrib; + %authorgroup.role.attrib; + %local.authorgroup.attrib; +> +<!--end of authorgroup.attlist-->]]> +<!--end of authorgroup.module-->]]> + + <!-- Author (defined elsewhere in this section)--> + <!-- Editor (defined elsewhere in this section)--> + + <!ENTITY % collab.content.module "INCLUDE"> + <![ %collab.content.module; [ + <!ENTITY % collab.module "INCLUDE"> + <![ %collab.module; [ + <!ENTITY % local.collab.attrib ""> + <!ENTITY % collab.role.attrib "%role.attrib;"> + +<!ENTITY % collab.element "INCLUDE"> +<![ %collab.element; [ +<!ELEMENT Collab - - (CollabName, Affiliation*)> +<!--end of collab.element-->]]> + +<!ENTITY % collab.attlist "INCLUDE"> +<![ %collab.attlist; [ +<!ATTLIST Collab + %common.attrib; + %collab.role.attrib; + %local.collab.attrib; +> +<!--end of collab.attlist-->]]> + <!--end of collab.module-->]]> + + <!ENTITY % collabname.module "INCLUDE"> + <![ %collabname.module; [ + <!ENTITY % local.collabname.attrib ""> + <!ENTITY % collabname.role.attrib "%role.attrib;"> + +<!ENTITY % collabname.element "INCLUDE"> +<![ %collabname.element; [ +<!ELEMENT CollabName - - ((%docinfo.char.mix;)+)> +<!--end of collabname.element-->]]> + +<!ENTITY % collabname.attlist "INCLUDE"> +<![ %collabname.attlist; [ +<!ATTLIST CollabName + %common.attrib; + %collabname.role.attrib; + %local.collabname.attrib; +> +<!--end of collabname.attlist-->]]> + <!--end of collabname.module-->]]> + + <!-- Affiliation (defined elsewhere in this section)--> + <!--end of collab.content.module-->]]> + + <!-- CorpAuthor (defined elsewhere in this section)--> + <!-- OtherCredit (defined elsewhere in this section)--> + +<!--end of authorgroup.content.module-->]]> + +<!-- AuthorInitials ................... --> + +<!ENTITY % authorinitials.module "INCLUDE"> +<![ %authorinitials.module; [ +<!ENTITY % local.authorinitials.attrib ""> +<!ENTITY % authorinitials.role.attrib "%role.attrib;"> + +<!ENTITY % authorinitials.element "INCLUDE"> +<![ %authorinitials.element; [ +<!ELEMENT AuthorInitials - - ((%docinfo.char.mix;)+)> +<!--end of authorinitials.element-->]]> + +<!ENTITY % authorinitials.attlist "INCLUDE"> +<![ %authorinitials.attlist; [ +<!ATTLIST AuthorInitials + %common.attrib; + %authorinitials.role.attrib; + %local.authorinitials.attrib; +> +<!--end of authorinitials.attlist-->]]> +<!--end of authorinitials.module-->]]> + +<!-- ConfGroup ........................ --> + +<!ENTITY % confgroup.content.module "INCLUDE"> +<![ %confgroup.content.module; [ +<!ENTITY % confgroup.module "INCLUDE"> +<![ %confgroup.module; [ +<!ENTITY % local.confgroup.attrib ""> +<!ENTITY % confgroup.role.attrib "%role.attrib;"> + +<!ENTITY % confgroup.element "INCLUDE"> +<![ %confgroup.element; [ +<!ELEMENT ConfGroup - - ((ConfDates|ConfTitle|ConfNum|Address|ConfSponsor)*)> +<!--end of confgroup.element-->]]> + +<!ENTITY % confgroup.attlist "INCLUDE"> +<![ %confgroup.attlist; [ +<!ATTLIST ConfGroup + %common.attrib; + %confgroup.role.attrib; + %local.confgroup.attrib; +> +<!--end of confgroup.attlist-->]]> +<!--end of confgroup.module-->]]> + + <!ENTITY % confdates.module "INCLUDE"> + <![ %confdates.module; [ + <!ENTITY % local.confdates.attrib ""> + <!ENTITY % confdates.role.attrib "%role.attrib;"> + +<!ENTITY % confdates.element "INCLUDE"> +<![ %confdates.element; [ +<!ELEMENT ConfDates - - ((%docinfo.char.mix;)+)> +<!--end of confdates.element-->]]> + +<!ENTITY % confdates.attlist "INCLUDE"> +<![ %confdates.attlist; [ +<!ATTLIST ConfDates + %common.attrib; + %confdates.role.attrib; + %local.confdates.attrib; +> +<!--end of confdates.attlist-->]]> + <!--end of confdates.module-->]]> + + <!ENTITY % conftitle.module "INCLUDE"> + <![ %conftitle.module; [ + <!ENTITY % local.conftitle.attrib ""> + <!ENTITY % conftitle.role.attrib "%role.attrib;"> + +<!ENTITY % conftitle.element "INCLUDE"> +<![ %conftitle.element; [ +<!ELEMENT ConfTitle - - ((%docinfo.char.mix;)+)> +<!--end of conftitle.element-->]]> + +<!ENTITY % conftitle.attlist "INCLUDE"> +<![ %conftitle.attlist; [ +<!ATTLIST ConfTitle + %common.attrib; + %conftitle.role.attrib; + %local.conftitle.attrib; +> +<!--end of conftitle.attlist-->]]> + <!--end of conftitle.module-->]]> + + <!ENTITY % confnum.module "INCLUDE"> + <![ %confnum.module; [ + <!ENTITY % local.confnum.attrib ""> + <!ENTITY % confnum.role.attrib "%role.attrib;"> + +<!ENTITY % confnum.element "INCLUDE"> +<![ %confnum.element; [ +<!ELEMENT ConfNum - - ((%docinfo.char.mix;)+)> +<!--end of confnum.element-->]]> + +<!ENTITY % confnum.attlist "INCLUDE"> +<![ %confnum.attlist; [ +<!ATTLIST ConfNum + %common.attrib; + %confnum.role.attrib; + %local.confnum.attrib; +> +<!--end of confnum.attlist-->]]> + <!--end of confnum.module-->]]> + + <!-- Address (defined elsewhere in this section)--> + + <!ENTITY % confsponsor.module "INCLUDE"> + <![ %confsponsor.module; [ + <!ENTITY % local.confsponsor.attrib ""> + <!ENTITY % confsponsor.role.attrib "%role.attrib;"> + +<!ENTITY % confsponsor.element "INCLUDE"> +<![ %confsponsor.element; [ +<!ELEMENT ConfSponsor - - ((%docinfo.char.mix;)+)> +<!--end of confsponsor.element-->]]> + +<!ENTITY % confsponsor.attlist "INCLUDE"> +<![ %confsponsor.attlist; [ +<!ATTLIST ConfSponsor + %common.attrib; + %confsponsor.role.attrib; + %local.confsponsor.attrib; +> +<!--end of confsponsor.attlist-->]]> + <!--end of confsponsor.module-->]]> +<!--end of confgroup.content.module-->]]> + +<!-- ContractNum ...................... --> + +<!ENTITY % contractnum.module "INCLUDE"> +<![ %contractnum.module; [ +<!ENTITY % local.contractnum.attrib ""> +<!ENTITY % contractnum.role.attrib "%role.attrib;"> + +<!ENTITY % contractnum.element "INCLUDE"> +<![ %contractnum.element; [ +<!ELEMENT ContractNum - - ((%docinfo.char.mix;)+)> +<!--end of contractnum.element-->]]> + +<!ENTITY % contractnum.attlist "INCLUDE"> +<![ %contractnum.attlist; [ +<!ATTLIST ContractNum + %common.attrib; + %contractnum.role.attrib; + %local.contractnum.attrib; +> +<!--end of contractnum.attlist-->]]> +<!--end of contractnum.module-->]]> + +<!-- ContractSponsor .................. --> + +<!ENTITY % contractsponsor.module "INCLUDE"> +<![ %contractsponsor.module; [ +<!ENTITY % local.contractsponsor.attrib ""> +<!ENTITY % contractsponsor.role.attrib "%role.attrib;"> + +<!ENTITY % contractsponsor.element "INCLUDE"> +<![ %contractsponsor.element; [ +<!ELEMENT ContractSponsor - - ((%docinfo.char.mix;)+)> +<!--end of contractsponsor.element-->]]> + +<!ENTITY % contractsponsor.attlist "INCLUDE"> +<![ %contractsponsor.attlist; [ +<!ATTLIST ContractSponsor + %common.attrib; + %contractsponsor.role.attrib; + %local.contractsponsor.attrib; +> +<!--end of contractsponsor.attlist-->]]> +<!--end of contractsponsor.module-->]]> + +<!-- Copyright ........................ --> + +<!ENTITY % copyright.content.module "INCLUDE"> +<![ %copyright.content.module; [ +<!ENTITY % copyright.module "INCLUDE"> +<![ %copyright.module; [ +<!ENTITY % local.copyright.attrib ""> +<!ENTITY % copyright.role.attrib "%role.attrib;"> + +<!ENTITY % copyright.element "INCLUDE"> +<![ %copyright.element; [ +<!ELEMENT Copyright - - (Year+, Holder*)> +<!--end of copyright.element-->]]> + +<!ENTITY % copyright.attlist "INCLUDE"> +<![ %copyright.attlist; [ +<!ATTLIST Copyright + %common.attrib; + %copyright.role.attrib; + %local.copyright.attrib; +> +<!--end of copyright.attlist-->]]> +<!--end of copyright.module-->]]> + + <!ENTITY % year.module "INCLUDE"> + <![ %year.module; [ + <!ENTITY % local.year.attrib ""> + <!ENTITY % year.role.attrib "%role.attrib;"> + +<!ENTITY % year.element "INCLUDE"> +<![ %year.element; [ +<!ELEMENT Year - - ((%docinfo.char.mix;)+)> +<!--end of year.element-->]]> + +<!ENTITY % year.attlist "INCLUDE"> +<![ %year.attlist; [ +<!ATTLIST Year + %common.attrib; + %year.role.attrib; + %local.year.attrib; +> +<!--end of year.attlist-->]]> + <!--end of year.module-->]]> + + <!ENTITY % holder.module "INCLUDE"> + <![ %holder.module; [ + <!ENTITY % local.holder.attrib ""> + <!ENTITY % holder.role.attrib "%role.attrib;"> + +<!ENTITY % holder.element "INCLUDE"> +<![ %holder.element; [ +<!ELEMENT Holder - - ((%docinfo.char.mix;)+)> +<!--end of holder.element-->]]> + +<!ENTITY % holder.attlist "INCLUDE"> +<![ %holder.attlist; [ +<!ATTLIST Holder + %common.attrib; + %holder.role.attrib; + %local.holder.attrib; +> +<!--end of holder.attlist-->]]> + <!--end of holder.module-->]]> +<!--end of copyright.content.module-->]]> + +<!-- CorpAuthor ....................... --> + +<!ENTITY % corpauthor.module "INCLUDE"> +<![ %corpauthor.module; [ +<!ENTITY % local.corpauthor.attrib ""> +<!ENTITY % corpauthor.role.attrib "%role.attrib;"> + +<!ENTITY % corpauthor.element "INCLUDE"> +<![ %corpauthor.element; [ +<!ELEMENT CorpAuthor - - ((%docinfo.char.mix;)+)> +<!--end of corpauthor.element-->]]> + +<!ENTITY % corpauthor.attlist "INCLUDE"> +<![ %corpauthor.attlist; [ +<!ATTLIST CorpAuthor + %common.attrib; + %corpauthor.role.attrib; + %local.corpauthor.attrib; +> +<!--end of corpauthor.attlist-->]]> +<!--end of corpauthor.module-->]]> + +<!-- CorpName ......................... --> + +<!ENTITY % corpname.module "INCLUDE"> +<![ %corpname.module; [ +<!ENTITY % local.corpname.attrib ""> + +<!ENTITY % corpname.element "INCLUDE"> +<![ %corpname.element; [ +<!ELEMENT CorpName - - ((%docinfo.char.mix;)+)> +<!--end of corpname.element-->]]> +<!ENTITY % corpname.role.attrib "%role.attrib;"> + +<!ENTITY % corpname.attlist "INCLUDE"> +<![ %corpname.attlist; [ +<!ATTLIST CorpName + %common.attrib; + %corpname.role.attrib; + %local.corpname.attrib; +> +<!--end of corpname.attlist-->]]> +<!--end of corpname.module-->]]> + +<!-- Date ............................. --> + +<!ENTITY % date.module "INCLUDE"> +<![ %date.module; [ +<!ENTITY % local.date.attrib ""> +<!ENTITY % date.role.attrib "%role.attrib;"> + +<!ENTITY % date.element "INCLUDE"> +<![ %date.element; [ +<!ELEMENT Date - - ((%docinfo.char.mix;)+)> +<!--end of date.element-->]]> + +<!ENTITY % date.attlist "INCLUDE"> +<![ %date.attlist; [ +<!ATTLIST Date + %common.attrib; + %date.role.attrib; + %local.date.attrib; +> +<!--end of date.attlist-->]]> +<!--end of date.module-->]]> + +<!-- Edition .......................... --> + +<!ENTITY % edition.module "INCLUDE"> +<![ %edition.module; [ +<!ENTITY % local.edition.attrib ""> +<!ENTITY % edition.role.attrib "%role.attrib;"> + +<!ENTITY % edition.element "INCLUDE"> +<![ %edition.element; [ +<!ELEMENT Edition - - ((%docinfo.char.mix;)+)> +<!--end of edition.element-->]]> + +<!ENTITY % edition.attlist "INCLUDE"> +<![ %edition.attlist; [ +<!ATTLIST Edition + %common.attrib; + %edition.role.attrib; + %local.edition.attrib; +> +<!--end of edition.attlist-->]]> +<!--end of edition.module-->]]> + +<!-- Editor ........................... --> + +<!ENTITY % editor.module "INCLUDE"> +<![ %editor.module; [ +<!ENTITY % local.editor.attrib ""> +<!ENTITY % editor.role.attrib "%role.attrib;"> + +<!ENTITY % editor.element "INCLUDE"> +<![ %editor.element; [ +<!ELEMENT Editor - - ((%person.ident.mix;)+)> +<!--end of editor.element-->]]> + +<!ENTITY % editor.attlist "INCLUDE"> +<![ %editor.attlist; [ +<!ATTLIST Editor + %common.attrib; + %editor.role.attrib; + %local.editor.attrib; +> +<!--end of editor.attlist-->]]> + <!--(see "Personal identity elements" for %person.ident.mix;)--> +<!--end of editor.module-->]]> + +<!-- ISBN ............................. --> + +<!ENTITY % isbn.module "INCLUDE"> +<![ %isbn.module; [ +<!ENTITY % local.isbn.attrib ""> +<!ENTITY % isbn.role.attrib "%role.attrib;"> + +<!ENTITY % isbn.element "INCLUDE"> +<![ %isbn.element; [ +<!ELEMENT ISBN - - ((%docinfo.char.mix;)+)> +<!--end of isbn.element-->]]> + +<!ENTITY % isbn.attlist "INCLUDE"> +<![ %isbn.attlist; [ +<!ATTLIST ISBN + %common.attrib; + %isbn.role.attrib; + %local.isbn.attrib; +> +<!--end of isbn.attlist-->]]> +<!--end of isbn.module-->]]> + +<!-- ISSN ............................. --> + +<!ENTITY % issn.module "INCLUDE"> +<![ %issn.module; [ +<!ENTITY % local.issn.attrib ""> +<!ENTITY % issn.role.attrib "%role.attrib;"> + +<!ENTITY % issn.element "INCLUDE"> +<![ %issn.element; [ +<!ELEMENT ISSN - - ((%docinfo.char.mix;)+)> +<!--end of issn.element-->]]> + +<!ENTITY % issn.attlist "INCLUDE"> +<![ %issn.attlist; [ +<!ATTLIST ISSN + %common.attrib; + %issn.role.attrib; + %local.issn.attrib; +> +<!--end of issn.attlist-->]]> +<!--end of issn.module-->]]> + +<!-- InvPartNumber .................... --> + +<!ENTITY % invpartnumber.module "INCLUDE"> +<![ %invpartnumber.module; [ +<!ENTITY % local.invpartnumber.attrib ""> +<!ENTITY % invpartnumber.role.attrib "%role.attrib;"> + +<!ENTITY % invpartnumber.element "INCLUDE"> +<![ %invpartnumber.element; [ +<!ELEMENT InvPartNumber - - ((%docinfo.char.mix;)+)> +<!--end of invpartnumber.element-->]]> + +<!ENTITY % invpartnumber.attlist "INCLUDE"> +<![ %invpartnumber.attlist; [ +<!ATTLIST InvPartNumber + %common.attrib; + %invpartnumber.role.attrib; + %local.invpartnumber.attrib; +> +<!--end of invpartnumber.attlist-->]]> +<!--end of invpartnumber.module-->]]> + +<!-- IssueNum ......................... --> + +<!ENTITY % issuenum.module "INCLUDE"> +<![ %issuenum.module; [ +<!ENTITY % local.issuenum.attrib ""> +<!ENTITY % issuenum.role.attrib "%role.attrib;"> + +<!ENTITY % issuenum.element "INCLUDE"> +<![ %issuenum.element; [ +<!ELEMENT IssueNum - - ((%docinfo.char.mix;)+)> +<!--end of issuenum.element-->]]> + +<!ENTITY % issuenum.attlist "INCLUDE"> +<![ %issuenum.attlist; [ +<!ATTLIST IssueNum + %common.attrib; + %issuenum.role.attrib; + %local.issuenum.attrib; +> +<!--end of issuenum.attlist-->]]> +<!--end of issuenum.module-->]]> + +<!-- LegalNotice ...................... --> + +<!ENTITY % legalnotice.module "INCLUDE"> +<![ %legalnotice.module; [ +<!ENTITY % local.legalnotice.attrib ""> +<!ENTITY % legalnotice.role.attrib "%role.attrib;"> + +<!ENTITY % legalnotice.element "INCLUDE"> +<![ %legalnotice.element; [ +<!ELEMENT LegalNotice - - (Title?, (%legalnotice.mix;)+) %formal.exclusion;> +<!--end of legalnotice.element-->]]> + +<!ENTITY % legalnotice.attlist "INCLUDE"> +<![ %legalnotice.attlist; [ +<!ATTLIST LegalNotice + %common.attrib; + %legalnotice.role.attrib; + %local.legalnotice.attrib; +> +<!--end of legalnotice.attlist-->]]> +<!--end of legalnotice.module-->]]> + +<!-- ModeSpec ......................... --> + +<!ENTITY % modespec.module "INCLUDE"> +<![ %modespec.module; [ +<!ENTITY % local.modespec.attrib ""> +<!ENTITY % modespec.role.attrib "%role.attrib;"> + +<!ENTITY % modespec.element "INCLUDE"> +<![ %modespec.element; [ +<!ELEMENT ModeSpec - - ((%docinfo.char.mix;)+) %ubiq.exclusion;> +<!--end of modespec.element-->]]> + +<!ENTITY % modespec.attlist "INCLUDE"> +<![ %modespec.attlist; [ +<!ATTLIST ModeSpec + -- + Application: Type of action required for completion + of the links to which the ModeSpec is relevant (e.g., + retrieval query) + -- + Application NOTATION + (%notation.class;) #IMPLIED + %common.attrib; + %modespec.role.attrib; + %local.modespec.attrib; +> +<!--end of modespec.attlist-->]]> +<!--end of modespec.module-->]]> + +<!-- OrgName .......................... --> + +<!ENTITY % orgname.module "INCLUDE"> +<![ %orgname.module; [ +<!ENTITY % local.orgname.attrib ""> +<!ENTITY % orgname.role.attrib "%role.attrib;"> + +<!ENTITY % orgname.element "INCLUDE"> +<![ %orgname.element; [ +<!ELEMENT OrgName - - ((%docinfo.char.mix;)+)> +<!--end of orgname.element-->]]> + +<!ENTITY % orgname.attlist "INCLUDE"> +<![ %orgname.attlist; [ +<!ATTLIST OrgName + %common.attrib; + %orgname.role.attrib; + %local.orgname.attrib; +> +<!--end of orgname.attlist-->]]> +<!--end of orgname.module-->]]> + +<!-- OtherCredit ...................... --> + +<!ENTITY % othercredit.module "INCLUDE"> +<![ %othercredit.module; [ +<!ENTITY % local.othercredit.attrib ""> +<!ENTITY % othercredit.role.attrib "%role.attrib;"> + +<!ENTITY % othercredit.element "INCLUDE"> +<![ %othercredit.element; [ +<!ELEMENT OtherCredit - - ((%person.ident.mix;)+)> +<!--end of othercredit.element-->]]> + +<!ENTITY % othercredit.attlist "INCLUDE"> +<![ %othercredit.attlist; [ +<!ATTLIST OtherCredit + %common.attrib; + %othercredit.role.attrib; + %local.othercredit.attrib; +> +<!--end of othercredit.attlist-->]]> + <!--(see "Personal identity elements" for %person.ident.mix;)--> +<!--end of othercredit.module-->]]> + +<!-- PageNums ......................... --> + +<!ENTITY % pagenums.module "INCLUDE"> +<![ %pagenums.module; [ +<!ENTITY % local.pagenums.attrib ""> +<!ENTITY % pagenums.role.attrib "%role.attrib;"> + +<!ENTITY % pagenums.element "INCLUDE"> +<![ %pagenums.element; [ +<!ELEMENT PageNums - - ((%docinfo.char.mix;)+)> +<!--end of pagenums.element-->]]> + +<!ENTITY % pagenums.attlist "INCLUDE"> +<![ %pagenums.attlist; [ +<!ATTLIST PageNums + %common.attrib; + %pagenums.role.attrib; + %local.pagenums.attrib; +> +<!--end of pagenums.attlist-->]]> +<!--end of pagenums.module-->]]> + +<!-- Personal identity elements ....... --> + +<!-- These elements are used only within Author, Editor, and +OtherCredit. --> + +<!ENTITY % person.ident.module "INCLUDE"> +<![ %person.ident.module; [ + <!ENTITY % contrib.module "INCLUDE"> + <![ %contrib.module; [ + <!ENTITY % local.contrib.attrib ""> + <!ENTITY % contrib.role.attrib "%role.attrib;"> + +<!ENTITY % contrib.element "INCLUDE"> +<![ %contrib.element; [ +<!ELEMENT Contrib - - ((%docinfo.char.mix;)+)> +<!--end of contrib.element-->]]> + +<!ENTITY % contrib.attlist "INCLUDE"> +<![ %contrib.attlist; [ +<!ATTLIST Contrib + %common.attrib; + %contrib.role.attrib; + %local.contrib.attrib; +> +<!--end of contrib.attlist-->]]> + <!--end of contrib.module-->]]> + + <!ENTITY % firstname.module "INCLUDE"> + <![ %firstname.module; [ + <!ENTITY % local.firstname.attrib ""> + <!ENTITY % firstname.role.attrib "%role.attrib;"> + +<!ENTITY % firstname.element "INCLUDE"> +<![ %firstname.element; [ +<!ELEMENT FirstName - - ((%docinfo.char.mix;)+)> +<!--end of firstname.element-->]]> + +<!ENTITY % firstname.attlist "INCLUDE"> +<![ %firstname.attlist; [ +<!ATTLIST FirstName + %common.attrib; + %firstname.role.attrib; + %local.firstname.attrib; +> +<!--end of firstname.attlist-->]]> + <!--end of firstname.module-->]]> + + <!ENTITY % honorific.module "INCLUDE"> + <![ %honorific.module; [ + <!ENTITY % local.honorific.attrib ""> + <!ENTITY % honorific.role.attrib "%role.attrib;"> + +<!ENTITY % honorific.element "INCLUDE"> +<![ %honorific.element; [ +<!ELEMENT Honorific - - ((%docinfo.char.mix;)+)> +<!--end of honorific.element-->]]> + +<!ENTITY % honorific.attlist "INCLUDE"> +<![ %honorific.attlist; [ +<!ATTLIST Honorific + %common.attrib; + %honorific.role.attrib; + %local.honorific.attrib; +> +<!--end of honorific.attlist-->]]> + <!--end of honorific.module-->]]> + + <!ENTITY % lineage.module "INCLUDE"> + <![ %lineage.module; [ + <!ENTITY % local.lineage.attrib ""> + <!ENTITY % lineage.role.attrib "%role.attrib;"> + +<!ENTITY % lineage.element "INCLUDE"> +<![ %lineage.element; [ +<!ELEMENT Lineage - - ((%docinfo.char.mix;)+)> +<!--end of lineage.element-->]]> + +<!ENTITY % lineage.attlist "INCLUDE"> +<![ %lineage.attlist; [ +<!ATTLIST Lineage + %common.attrib; + %lineage.role.attrib; + %local.lineage.attrib; +> +<!--end of lineage.attlist-->]]> + <!--end of lineage.module-->]]> + + <!ENTITY % othername.module "INCLUDE"> + <![ %othername.module; [ + <!ENTITY % local.othername.attrib ""> + <!ENTITY % othername.role.attrib "%role.attrib;"> + +<!ENTITY % othername.element "INCLUDE"> +<![ %othername.element; [ +<!ELEMENT OtherName - - ((%docinfo.char.mix;)+)> +<!--end of othername.element-->]]> + +<!ENTITY % othername.attlist "INCLUDE"> +<![ %othername.attlist; [ +<!ATTLIST OtherName + %common.attrib; + %othername.role.attrib; + %local.othername.attrib; +> +<!--end of othername.attlist-->]]> + <!--end of othername.module-->]]> + + <!ENTITY % surname.module "INCLUDE"> + <![ %surname.module; [ + <!ENTITY % local.surname.attrib ""> + <!ENTITY % surname.role.attrib "%role.attrib;"> + +<!ENTITY % surname.element "INCLUDE"> +<![ %surname.element; [ +<!ELEMENT Surname - - ((%docinfo.char.mix;)+)> +<!--end of surname.element-->]]> + +<!ENTITY % surname.attlist "INCLUDE"> +<![ %surname.attlist; [ +<!ATTLIST Surname + %common.attrib; + %surname.role.attrib; + %local.surname.attrib; +> +<!--end of surname.attlist-->]]> + <!--end of surname.module-->]]> +<!--end of person.ident.module-->]]> + +<!-- PrintHistory ..................... --> + +<!ENTITY % printhistory.module "INCLUDE"> +<![ %printhistory.module; [ +<!ENTITY % local.printhistory.attrib ""> +<!ENTITY % printhistory.role.attrib "%role.attrib;"> + +<!ENTITY % printhistory.element "INCLUDE"> +<![ %printhistory.element; [ +<!ELEMENT PrintHistory - - ((%para.class;)+)> +<!--end of printhistory.element-->]]> + +<!ENTITY % printhistory.attlist "INCLUDE"> +<![ %printhistory.attlist; [ +<!ATTLIST PrintHistory + %common.attrib; + %printhistory.role.attrib; + %local.printhistory.attrib; +> +<!--end of printhistory.attlist-->]]> +<!--end of printhistory.module-->]]> + +<!-- ProductName ...................... --> + +<!ENTITY % productname.module "INCLUDE"> +<![ %productname.module; [ +<!ENTITY % local.productname.attrib ""> +<!ENTITY % productname.role.attrib "%role.attrib;"> + +<!ENTITY % productname.element "INCLUDE"> +<![ %productname.element; [ +<!ELEMENT ProductName - - ((%para.char.mix;)+)> +<!--end of productname.element-->]]> + +<!ENTITY % productname.attlist "INCLUDE"> +<![ %productname.attlist; [ +<!ATTLIST ProductName + -- + Class: More precisely identifies the item the element names + -- + Class (Service + |Trade + |Registered + |Copyright) Trade + %common.attrib; + %productname.role.attrib; + %local.productname.attrib; +> +<!--end of productname.attlist-->]]> +<!--end of productname.module-->]]> + +<!-- ProductNumber .................... --> + +<!ENTITY % productnumber.module "INCLUDE"> +<![ %productnumber.module; [ +<!ENTITY % local.productnumber.attrib ""> +<!ENTITY % productnumber.role.attrib "%role.attrib;"> + +<!ENTITY % productnumber.element "INCLUDE"> +<![ %productnumber.element; [ +<!ELEMENT ProductNumber - - ((%docinfo.char.mix;)+)> +<!--end of productnumber.element-->]]> + +<!ENTITY % productnumber.attlist "INCLUDE"> +<![ %productnumber.attlist; [ +<!ATTLIST ProductNumber + %common.attrib; + %productnumber.role.attrib; + %local.productnumber.attrib; +> +<!--end of productnumber.attlist-->]]> +<!--end of productnumber.module-->]]> + +<!-- PubDate .......................... --> + +<!ENTITY % pubdate.module "INCLUDE"> +<![ %pubdate.module; [ +<!ENTITY % local.pubdate.attrib ""> +<!ENTITY % pubdate.role.attrib "%role.attrib;"> + +<!ENTITY % pubdate.element "INCLUDE"> +<![ %pubdate.element; [ +<!ELEMENT PubDate - - ((%docinfo.char.mix;)+)> +<!--end of pubdate.element-->]]> + +<!ENTITY % pubdate.attlist "INCLUDE"> +<![ %pubdate.attlist; [ +<!ATTLIST PubDate + %common.attrib; + %pubdate.role.attrib; + %local.pubdate.attrib; +> +<!--end of pubdate.attlist-->]]> +<!--end of pubdate.module-->]]> + +<!-- Publisher ........................ --> + +<!ENTITY % publisher.content.module "INCLUDE"> +<![ %publisher.content.module; [ +<!ENTITY % publisher.module "INCLUDE"> +<![ %publisher.module; [ +<!ENTITY % local.publisher.attrib ""> +<!ENTITY % publisher.role.attrib "%role.attrib;"> + +<!ENTITY % publisher.element "INCLUDE"> +<![ %publisher.element; [ +<!ELEMENT Publisher - - (PublisherName, Address*)> +<!--end of publisher.element-->]]> + +<!ENTITY % publisher.attlist "INCLUDE"> +<![ %publisher.attlist; [ +<!ATTLIST Publisher + %common.attrib; + %publisher.role.attrib; + %local.publisher.attrib; +> +<!--end of publisher.attlist-->]]> +<!--end of publisher.module-->]]> + + <!ENTITY % publishername.module "INCLUDE"> + <![ %publishername.module; [ + <!ENTITY % local.publishername.attrib ""> + <!ENTITY % publishername.role.attrib "%role.attrib;"> + +<!ENTITY % publishername.element "INCLUDE"> +<![ %publishername.element; [ +<!ELEMENT PublisherName - - ((%docinfo.char.mix;)+)> +<!--end of publishername.element-->]]> + +<!ENTITY % publishername.attlist "INCLUDE"> +<![ %publishername.attlist; [ +<!ATTLIST PublisherName + %common.attrib; + %publishername.role.attrib; + %local.publishername.attrib; +> +<!--end of publishername.attlist-->]]> + <!--end of publishername.module-->]]> + + <!-- Address (defined elsewhere in this section)--> +<!--end of publisher.content.module-->]]> + +<!-- PubsNumber ....................... --> + +<!ENTITY % pubsnumber.module "INCLUDE"> +<![ %pubsnumber.module; [ +<!ENTITY % local.pubsnumber.attrib ""> +<!ENTITY % pubsnumber.role.attrib "%role.attrib;"> + +<!ENTITY % pubsnumber.element "INCLUDE"> +<![ %pubsnumber.element; [ +<!ELEMENT PubsNumber - - ((%docinfo.char.mix;)+)> +<!--end of pubsnumber.element-->]]> + +<!ENTITY % pubsnumber.attlist "INCLUDE"> +<![ %pubsnumber.attlist; [ +<!ATTLIST PubsNumber + %common.attrib; + %pubsnumber.role.attrib; + %local.pubsnumber.attrib; +> +<!--end of pubsnumber.attlist-->]]> +<!--end of pubsnumber.module-->]]> + +<!-- ReleaseInfo ...................... --> + +<!ENTITY % releaseinfo.module "INCLUDE"> +<![ %releaseinfo.module; [ +<!ENTITY % local.releaseinfo.attrib ""> +<!ENTITY % releaseinfo.role.attrib "%role.attrib;"> + +<!ENTITY % releaseinfo.element "INCLUDE"> +<![ %releaseinfo.element; [ +<!ELEMENT ReleaseInfo - - ((%docinfo.char.mix;)+)> +<!--end of releaseinfo.element-->]]> + +<!ENTITY % releaseinfo.attlist "INCLUDE"> +<![ %releaseinfo.attlist; [ +<!ATTLIST ReleaseInfo + %common.attrib; + %releaseinfo.role.attrib; + %local.releaseinfo.attrib; +> +<!--end of releaseinfo.attlist-->]]> +<!--end of releaseinfo.module-->]]> + +<!-- RevHistory ....................... --> + +<!ENTITY % revhistory.content.module "INCLUDE"> +<![ %revhistory.content.module; [ +<!ENTITY % revhistory.module "INCLUDE"> +<![ %revhistory.module; [ +<!ENTITY % local.revhistory.attrib ""> +<!ENTITY % revhistory.role.attrib "%role.attrib;"> + +<!ENTITY % revhistory.element "INCLUDE"> +<![ %revhistory.element; [ +<!ELEMENT RevHistory - - (Revision+)> +<!--end of revhistory.element-->]]> + +<!ENTITY % revhistory.attlist "INCLUDE"> +<![ %revhistory.attlist; [ +<!ATTLIST RevHistory + %common.attrib; + %revhistory.role.attrib; + %local.revhistory.attrib; +> +<!--end of revhistory.attlist-->]]> +<!--end of revhistory.module-->]]> + + <!ENTITY % revision.module "INCLUDE"> + <![ %revision.module; [ + <!ENTITY % local.revision.attrib ""> + <!ENTITY % revision.role.attrib "%role.attrib;"> + +<!ENTITY % revision.element "INCLUDE"> +<![ %revision.element; [ +<!ELEMENT Revision - - (RevNumber, Date, AuthorInitials*, (RevRemark|RevDescription)?)> +<!--end of revision.element-->]]> + +<!ENTITY % revision.attlist "INCLUDE"> +<![ %revision.attlist; [ +<!ATTLIST Revision + %common.attrib; + %revision.role.attrib; + %local.revision.attrib; +> +<!--end of revision.attlist-->]]> + <!--end of revision.module-->]]> + + <!ENTITY % revnumber.module "INCLUDE"> + <![ %revnumber.module; [ + <!ENTITY % local.revnumber.attrib ""> + <!ENTITY % revnumber.role.attrib "%role.attrib;"> + +<!ENTITY % revnumber.element "INCLUDE"> +<![ %revnumber.element; [ +<!ELEMENT RevNumber - - ((%docinfo.char.mix;)+)> +<!--end of revnumber.element-->]]> + +<!ENTITY % revnumber.attlist "INCLUDE"> +<![ %revnumber.attlist; [ +<!ATTLIST RevNumber + %common.attrib; + %revnumber.role.attrib; + %local.revnumber.attrib; +> +<!--end of revnumber.attlist-->]]> +<!--end of revnumber.module-->]]> + +<!-- Date (defined elsewhere in this section)--> +<!-- AuthorInitials (defined elsewhere in this section)--> + +<!ENTITY % revremark.module "INCLUDE"> +<![ %revremark.module; [ +<!ENTITY % local.revremark.attrib ""> +<!ENTITY % revremark.role.attrib "%role.attrib;"> + +<!ENTITY % revremark.element "INCLUDE"> +<![ %revremark.element; [ +<!ELEMENT RevRemark - - ((%docinfo.char.mix;)+)> +<!--end of revremark.element-->]]> + +<!ENTITY % revremark.attlist "INCLUDE"> +<![ %revremark.attlist; [ +<!ATTLIST RevRemark + %common.attrib; + %revremark.role.attrib; + %local.revremark.attrib; +> +<!--end of revremark.attlist-->]]> +<!--end of revremark.module-->]]> + +<!ENTITY % revdescription.module "INCLUDE"> +<![ %revdescription.module; [ +<!ENTITY % local.revdescription.attrib ""> +<!ENTITY % revdescription.role.attrib "%role.attrib;"> + +<!ENTITY % revdescription.element "INCLUDE"> +<![ %revdescription.element; [ +<!ELEMENT RevDescription - - ((%revdescription.mix;)+)> +<!--end of revdescription.element-->]]> + +<!ENTITY % revdescription.attlist "INCLUDE"> +<![ %revdescription.attlist; [ +<!ATTLIST RevDescription + %common.attrib; + %revdescription.role.attrib; + %local.revdescription.attrib; +> +<!--end of revdescription.attlist-->]]> +<!--end of revdescription.module-->]]> +<!--end of revhistory.content.module-->]]> + +<!-- SeriesVolNums .................... --> + +<!ENTITY % seriesvolnums.module "INCLUDE"> +<![ %seriesvolnums.module; [ +<!ENTITY % local.seriesvolnums.attrib ""> +<!ENTITY % seriesvolnums.role.attrib "%role.attrib;"> + +<!ENTITY % seriesvolnums.element "INCLUDE"> +<![ %seriesvolnums.element; [ +<!ELEMENT SeriesVolNums - - ((%docinfo.char.mix;)+)> +<!--end of seriesvolnums.element-->]]> + +<!ENTITY % seriesvolnums.attlist "INCLUDE"> +<![ %seriesvolnums.attlist; [ +<!ATTLIST SeriesVolNums + %common.attrib; + %seriesvolnums.role.attrib; + %local.seriesvolnums.attrib; +> +<!--end of seriesvolnums.attlist-->]]> +<!--end of seriesvolnums.module-->]]> + +<!-- VolumeNum ........................ --> + +<!ENTITY % volumenum.module "INCLUDE"> +<![ %volumenum.module; [ +<!ENTITY % local.volumenum.attrib ""> +<!ENTITY % volumenum.role.attrib "%role.attrib;"> + +<!ENTITY % volumenum.element "INCLUDE"> +<![ %volumenum.element; [ +<!ELEMENT VolumeNum - - ((%docinfo.char.mix;)+)> +<!--end of volumenum.element-->]]> + +<!ENTITY % volumenum.attlist "INCLUDE"> +<![ %volumenum.attlist; [ +<!ATTLIST VolumeNum + %common.attrib; + %volumenum.role.attrib; + %local.volumenum.attrib; +> +<!--end of volumenum.attlist-->]]> +<!--end of volumenum.module-->]]> + +<!-- .................................. --> + +<!--end of docinfo.content.module-->]]> + +<!-- ...................................................................... --> +<!-- Inline, link, and ubiquitous elements ................................ --> + +<!-- Technical and computer terms ......................................... --> + +<!ENTITY % accel.module "INCLUDE"> +<![ %accel.module; [ +<!ENTITY % local.accel.attrib ""> +<!ENTITY % accel.role.attrib "%role.attrib;"> + +<!ENTITY % accel.element "INCLUDE"> +<![ %accel.element; [ +<!ELEMENT Accel - - ((%smallcptr.char.mix;)+)> +<!--end of accel.element-->]]> + +<!ENTITY % accel.attlist "INCLUDE"> +<![ %accel.attlist; [ +<!ATTLIST Accel + %common.attrib; + %accel.role.attrib; + %local.accel.attrib; +> +<!--end of accel.attlist-->]]> +<!--end of accel.module-->]]> + +<!ENTITY % action.module "INCLUDE"> +<![ %action.module; [ +<!ENTITY % local.action.attrib ""> +<!ENTITY % action.role.attrib "%role.attrib;"> + +<!ENTITY % action.element "INCLUDE"> +<![ %action.element; [ +<!ELEMENT Action - - ((%smallcptr.char.mix;)+)> +<!--end of action.element-->]]> + +<!ENTITY % action.attlist "INCLUDE"> +<![ %action.attlist; [ +<!ATTLIST Action + %moreinfo.attrib; + %common.attrib; + %action.role.attrib; + %local.action.attrib; +> +<!--end of action.attlist-->]]> +<!--end of action.module-->]]> + +<!ENTITY % application.module "INCLUDE"> +<![ %application.module; [ +<!ENTITY % local.application.attrib ""> +<!ENTITY % application.role.attrib "%role.attrib;"> + +<!ENTITY % application.element "INCLUDE"> +<![ %application.element; [ +<!ELEMENT Application - - ((%para.char.mix;)+)> +<!--end of application.element-->]]> + +<!ENTITY % application.attlist "INCLUDE"> +<![ %application.attlist; [ +<!ATTLIST Application + Class (Hardware + |Software) #IMPLIED + %moreinfo.attrib; + %common.attrib; + %application.role.attrib; + %local.application.attrib; +> +<!--end of application.attlist-->]]> +<!--end of application.module-->]]> + +<!ENTITY % classname.module "INCLUDE"> +<![ %classname.module; [ +<!ENTITY % local.classname.attrib ""> +<!ENTITY % classname.role.attrib "%role.attrib;"> + +<!ENTITY % classname.element "INCLUDE"> +<![ %classname.element; [ +<!ELEMENT ClassName - - ((%smallcptr.char.mix;)+)> +<!--end of classname.element-->]]> + +<!ENTITY % classname.attlist "INCLUDE"> +<![ %classname.attlist; [ +<!ATTLIST ClassName + %common.attrib; + %classname.role.attrib; + %local.classname.attrib; +> +<!--end of classname.attlist-->]]> +<!--end of classname.module-->]]> + +<!ENTITY % co.module "INCLUDE"> +<![ %co.module; [ +<!ENTITY % local.co.attrib ""> +<!-- CO is a callout area of the LineColumn unit type (a single character + position); the position is directly indicated by the location of CO. --> +<!ENTITY % co.role.attrib "%role.attrib;"> + +<!ENTITY % co.element "INCLUDE"> +<![ %co.element; [ +<!ELEMENT CO - O EMPTY> +<!--end of co.element-->]]> + +<!ENTITY % co.attlist "INCLUDE"> +<![ %co.attlist; [ +<!ATTLIST CO + %label.attrib; --bug number/symbol override or initialization-- + %linkends.attrib; --to any related information-- + %idreq.common.attrib; + %co.role.attrib; + %local.co.attrib; +> +<!--end of co.attlist-->]]> +<!--end of co.module-->]]> + +<!ENTITY % command.module "INCLUDE"> +<![ %command.module; [ +<!ENTITY % local.command.attrib ""> +<!ENTITY % command.role.attrib "%role.attrib;"> + +<!ENTITY % command.element "INCLUDE"> +<![ %command.element; [ +<!ELEMENT Command - - ((%cptr.char.mix;)+)> +<!--end of command.element-->]]> + +<!ENTITY % command.attlist "INCLUDE"> +<![ %command.attlist; [ +<!ATTLIST Command + %moreinfo.attrib; + %common.attrib; + %command.role.attrib; + %local.command.attrib; +> +<!--end of command.attlist-->]]> +<!--end of command.module-->]]> + +<!ENTITY % computeroutput.module "INCLUDE"> +<![ %computeroutput.module; [ +<!ENTITY % local.computeroutput.attrib ""> +<!ENTITY % computeroutput.role.attrib "%role.attrib;"> + +<!ENTITY % computeroutput.element "INCLUDE"> +<![ %computeroutput.element; [ +<!ELEMENT ComputerOutput - - ((%cptr.char.mix;)+)> +<!--end of computeroutput.element-->]]> + +<!ENTITY % computeroutput.attlist "INCLUDE"> +<![ %computeroutput.attlist; [ +<!ATTLIST ComputerOutput + %moreinfo.attrib; + %common.attrib; + %computeroutput.role.attrib; + %local.computeroutput.attrib; +> +<!--end of computeroutput.attlist-->]]> +<!--end of computeroutput.module-->]]> + +<!ENTITY % database.module "INCLUDE"> +<![ %database.module; [ +<!ENTITY % local.database.attrib ""> +<!ENTITY % database.role.attrib "%role.attrib;"> + +<!ENTITY % database.element "INCLUDE"> +<![ %database.element; [ +<!ELEMENT Database - - ((%smallcptr.char.mix;)+)> +<!--end of database.element-->]]> + +<!ENTITY % database.attlist "INCLUDE"> +<![ %database.attlist; [ +<!ATTLIST Database + -- + Class: Type of database the element names; no default + -- + Class (Name + |Table + |Field + |Key1 + |Key2 + |Record) #IMPLIED + %moreinfo.attrib; + %common.attrib; + %database.role.attrib; + %local.database.attrib; +> +<!--end of database.attlist-->]]> +<!--end of database.module-->]]> + +<!ENTITY % email.module "INCLUDE"> +<![ %email.module; [ +<!ENTITY % local.email.attrib ""> +<!ENTITY % email.role.attrib "%role.attrib;"> + +<!ENTITY % email.element "INCLUDE"> +<![ %email.element; [ +<!ELEMENT Email - - ((%docinfo.char.mix;)+)> +<!--end of email.element-->]]> + +<!ENTITY % email.attlist "INCLUDE"> +<![ %email.attlist; [ +<!ATTLIST Email + %common.attrib; + %email.role.attrib; + %local.email.attrib; +> +<!--end of email.attlist-->]]> +<!--end of email.module-->]]> + +<!ENTITY % envar.module "INCLUDE"> +<![ %envar.module; [ +<!ENTITY % local.envar.attrib ""> +<!ENTITY % envar.role.attrib "%role.attrib;"> + +<!ENTITY % envar.element "INCLUDE"> +<![ %envar.element; [ +<!ELEMENT EnVar - - ((%smallcptr.char.mix;)+)> +<!--end of envar.element-->]]> + +<!ENTITY % envar.attlist "INCLUDE"> +<![ %envar.attlist; [ +<!ATTLIST EnVar + %common.attrib; + %envar.role.attrib; + %local.envar.attrib; +> +<!--end of envar.attlist-->]]> +<!--end of envar.module-->]]> + + +<!ENTITY % errorcode.module "INCLUDE"> +<![ %errorcode.module; [ +<!ENTITY % local.errorcode.attrib ""> +<!ENTITY % errorcode.role.attrib "%role.attrib;"> + +<!ENTITY % errorcode.element "INCLUDE"> +<![ %errorcode.element; [ +<!ELEMENT ErrorCode - - ((%smallcptr.char.mix;)+)> +<!--end of errorcode.element-->]]> + +<!ENTITY % errorcode.attlist "INCLUDE"> +<![ %errorcode.attlist; [ +<!ATTLIST ErrorCode + %moreinfo.attrib; + %common.attrib; + %errorcode.role.attrib; + %local.errorcode.attrib; +> +<!--end of errorcode.attlist-->]]> +<!--end of errorcode.module-->]]> + +<!ENTITY % errorname.module "INCLUDE"> +<![ %errorname.module; [ +<!ENTITY % local.errorname.attrib ""> +<!ENTITY % errorname.role.attrib "%role.attrib;"> + +<!ENTITY % errorname.element "INCLUDE"> +<![ %errorname.element; [ +<!ELEMENT ErrorName - - ((%smallcptr.char.mix;)+)> +<!--end of errorname.element-->]]> + +<!ENTITY % errorname.attlist "INCLUDE"> +<![ %errorname.attlist; [ +<!ATTLIST ErrorName + %common.attrib; + %errorname.role.attrib; + %local.errorname.attrib; +> +<!--end of errorname.attlist-->]]> +<!--end of errorname.module-->]]> + +<!ENTITY % errortype.module "INCLUDE"> +<![ %errortype.module; [ +<!ENTITY % local.errortype.attrib ""> +<!ENTITY % errortype.role.attrib "%role.attrib;"> + +<!ENTITY % errortype.element "INCLUDE"> +<![ %errortype.element; [ +<!ELEMENT ErrorType - - ((%smallcptr.char.mix;)+)> +<!--end of errortype.element-->]]> + +<!ENTITY % errortype.attlist "INCLUDE"> +<![ %errortype.attlist; [ +<!ATTLIST ErrorType + %common.attrib; + %errortype.role.attrib; + %local.errortype.attrib; +> +<!--end of errortype.attlist-->]]> +<!--end of errortype.module-->]]> + +<!ENTITY % filename.module "INCLUDE"> +<![ %filename.module; [ +<!ENTITY % local.filename.attrib ""> +<!ENTITY % filename.role.attrib "%role.attrib;"> + +<!ENTITY % filename.element "INCLUDE"> +<![ %filename.element; [ +<!ELEMENT Filename - - ((%smallcptr.char.mix;)+)> +<!--end of filename.element-->]]> + +<!ENTITY % filename.attlist "INCLUDE"> +<![ %filename.attlist; [ +<!ATTLIST Filename + -- + Class: Type of filename the element names; no default + -- + Class (HeaderFile + |DeviceFile + |Directory + |LibraryFile + |SymLink) #IMPLIED + -- + Path: Search path (possibly system-specific) in which + file can be found + -- + Path CDATA #IMPLIED + %moreinfo.attrib; + %common.attrib; + %filename.role.attrib; + %local.filename.attrib; +> +<!--end of filename.attlist-->]]> +<!--end of filename.module-->]]> + +<!ENTITY % function.module "INCLUDE"> +<![ %function.module; [ +<!ENTITY % local.function.attrib ""> +<!ENTITY % function.role.attrib "%role.attrib;"> + +<!ENTITY % function.element "INCLUDE"> +<![ %function.element; [ +<!ELEMENT Function - - ((%cptr.char.mix;)+)> +<!--end of function.element-->]]> + +<!ENTITY % function.attlist "INCLUDE"> +<![ %function.attlist; [ +<!ATTLIST Function + %moreinfo.attrib; + %common.attrib; + %function.role.attrib; + %local.function.attrib; +> +<!--end of function.attlist-->]]> +<!--end of function.module-->]]> + +<!ENTITY % guibutton.module "INCLUDE"> +<![ %guibutton.module; [ +<!ENTITY % local.guibutton.attrib ""> +<!ENTITY % guibutton.role.attrib "%role.attrib;"> + +<!ENTITY % guibutton.element "INCLUDE"> +<![ %guibutton.element; [ +<!ELEMENT GUIButton - - ((%smallcptr.char.mix;|Accel)+)> +<!--end of guibutton.element-->]]> + +<!ENTITY % guibutton.attlist "INCLUDE"> +<![ %guibutton.attlist; [ +<!ATTLIST GUIButton + %moreinfo.attrib; + %common.attrib; + %guibutton.role.attrib; + %local.guibutton.attrib; +> +<!--end of guibutton.attlist-->]]> +<!--end of guibutton.module-->]]> + +<!ENTITY % guiicon.module "INCLUDE"> +<![ %guiicon.module; [ +<!ENTITY % local.guiicon.attrib ""> +<!ENTITY % guiicon.role.attrib "%role.attrib;"> + +<!ENTITY % guiicon.element "INCLUDE"> +<![ %guiicon.element; [ +<!ELEMENT GUIIcon - - ((%smallcptr.char.mix;|Accel)+)> +<!--end of guiicon.element-->]]> + +<!ENTITY % guiicon.attlist "INCLUDE"> +<![ %guiicon.attlist; [ +<!ATTLIST GUIIcon + %moreinfo.attrib; + %common.attrib; + %guiicon.role.attrib; + %local.guiicon.attrib; +> +<!--end of guiicon.attlist-->]]> +<!--end of guiicon.module-->]]> + +<!ENTITY % guilabel.module "INCLUDE"> +<![ %guilabel.module; [ +<!ENTITY % local.guilabel.attrib ""> +<!ENTITY % guilabel.role.attrib "%role.attrib;"> + +<!ENTITY % guilabel.element "INCLUDE"> +<![ %guilabel.element; [ +<!ELEMENT GUILabel - - ((%smallcptr.char.mix;|Accel)+)> +<!--end of guilabel.element-->]]> + +<!ENTITY % guilabel.attlist "INCLUDE"> +<![ %guilabel.attlist; [ +<!ATTLIST GUILabel + %moreinfo.attrib; + %common.attrib; + %guilabel.role.attrib; + %local.guilabel.attrib; +> +<!--end of guilabel.attlist-->]]> +<!--end of guilabel.module-->]]> + +<!ENTITY % guimenu.module "INCLUDE"> +<![ %guimenu.module; [ +<!ENTITY % local.guimenu.attrib ""> +<!ENTITY % guimenu.role.attrib "%role.attrib;"> + +<!ENTITY % guimenu.element "INCLUDE"> +<![ %guimenu.element; [ +<!ELEMENT GUIMenu - - ((%smallcptr.char.mix;|Accel)+)> +<!--end of guimenu.element-->]]> + +<!ENTITY % guimenu.attlist "INCLUDE"> +<![ %guimenu.attlist; [ +<!ATTLIST GUIMenu + %moreinfo.attrib; + %common.attrib; + %guimenu.role.attrib; + %local.guimenu.attrib; +> +<!--end of guimenu.attlist-->]]> +<!--end of guimenu.module-->]]> + +<!ENTITY % guimenuitem.module "INCLUDE"> +<![ %guimenuitem.module; [ +<!ENTITY % local.guimenuitem.attrib ""> +<!ENTITY % guimenuitem.role.attrib "%role.attrib;"> + +<!ENTITY % guimenuitem.element "INCLUDE"> +<![ %guimenuitem.element; [ +<!ELEMENT GUIMenuItem - - ((%smallcptr.char.mix;|Accel)+)> +<!--end of guimenuitem.element-->]]> + +<!ENTITY % guimenuitem.attlist "INCLUDE"> +<![ %guimenuitem.attlist; [ +<!ATTLIST GUIMenuItem + %moreinfo.attrib; + %common.attrib; + %guimenuitem.role.attrib; + %local.guimenuitem.attrib; +> +<!--end of guimenuitem.attlist-->]]> +<!--end of guimenuitem.module-->]]> + +<!ENTITY % guisubmenu.module "INCLUDE"> +<![ %guisubmenu.module; [ +<!ENTITY % local.guisubmenu.attrib ""> +<!ENTITY % guisubmenu.role.attrib "%role.attrib;"> + +<!ENTITY % guisubmenu.element "INCLUDE"> +<![ %guisubmenu.element; [ +<!ELEMENT GUISubmenu - - ((%smallcptr.char.mix;|Accel)+)> +<!--end of guisubmenu.element-->]]> + +<!ENTITY % guisubmenu.attlist "INCLUDE"> +<![ %guisubmenu.attlist; [ +<!ATTLIST GUISubmenu + %moreinfo.attrib; + %common.attrib; + %guisubmenu.role.attrib; + %local.guisubmenu.attrib; +> +<!--end of guisubmenu.attlist-->]]> +<!--end of guisubmenu.module-->]]> + +<!ENTITY % hardware.module "INCLUDE"> +<![ %hardware.module; [ +<!ENTITY % local.hardware.attrib ""> +<!ENTITY % hardware.role.attrib "%role.attrib;"> + +<!ENTITY % hardware.element "INCLUDE"> +<![ %hardware.element; [ +<!ELEMENT Hardware - - ((%smallcptr.char.mix;)+)> +<!--end of hardware.element-->]]> + +<!ENTITY % hardware.attlist "INCLUDE"> +<![ %hardware.attlist; [ +<!ATTLIST Hardware + %moreinfo.attrib; + %common.attrib; + %hardware.role.attrib; + %local.hardware.attrib; +> +<!--end of hardware.attlist-->]]> +<!--end of hardware.module-->]]> + +<!ENTITY % interface.module "INCLUDE"> +<![ %interface.module; [ +<!ENTITY % local.interface.attrib ""> +<!ENTITY % interface.role.attrib "%role.attrib;"> + +<!ENTITY % interface.element "INCLUDE"> +<![ %interface.element; [ +<!ELEMENT Interface - - (%smallcptr.char.mix;|Accel)*> +<!--end of interface.element-->]]> + +<!ENTITY % interface.attlist "INCLUDE"> +<![ %interface.attlist; [ +<!ATTLIST Interface + %moreinfo.attrib; + %common.attrib; + %interface.role.attrib; + %local.interface.attrib; +> +<!--end of interface.attlist-->]]> +<!--end of interface.module-->]]> + +<!ENTITY % keycap.module "INCLUDE"> +<![ %keycap.module; [ +<!ENTITY % local.keycap.attrib ""> +<!ENTITY % keycap.role.attrib "%role.attrib;"> + +<!ENTITY % keycap.element "INCLUDE"> +<![ %keycap.element; [ +<!ELEMENT KeyCap - - (%smallcptr.char.mix;)*> +<!--end of keycap.element-->]]> + +<!ENTITY % keycap.attlist "INCLUDE"> +<![ %keycap.attlist; [ +<!ATTLIST KeyCap + %moreinfo.attrib; + %common.attrib; + %keycap.role.attrib; + %local.keycap.attrib; +> +<!--end of keycap.attlist-->]]> +<!--end of keycap.module-->]]> + +<!ENTITY % keycode.module "INCLUDE"> +<![ %keycode.module; [ +<!ENTITY % local.keycode.attrib ""> +<!ENTITY % keycode.role.attrib "%role.attrib;"> + +<!ENTITY % keycode.element "INCLUDE"> +<![ %keycode.element; [ +<!ELEMENT KeyCode - - ((%smallcptr.char.mix;)+)> +<!--end of keycode.element-->]]> + +<!ENTITY % keycode.attlist "INCLUDE"> +<![ %keycode.attlist; [ +<!ATTLIST KeyCode + %common.attrib; + %keycode.role.attrib; + %local.keycode.attrib; +> +<!--end of keycode.attlist-->]]> +<!--end of keycode.module-->]]> + +<!ENTITY % keycombo.module "INCLUDE"> +<![ %keycombo.module; [ +<!ENTITY % local.keycombo.attrib ""> +<!ENTITY % keycombo.role.attrib "%role.attrib;"> + +<!ENTITY % keycombo.element "INCLUDE"> +<![ %keycombo.element; [ +<!ELEMENT KeyCombo - - ((KeyCap|KeyCombo|KeySym|MouseButton)+)> +<!--end of keycombo.element-->]]> + +<!ENTITY % keycombo.attlist "INCLUDE"> +<![ %keycombo.attlist; [ +<!ATTLIST KeyCombo + %keyaction.attrib; + %moreinfo.attrib; + %common.attrib; + %keycombo.role.attrib; + %local.keycombo.attrib; +> +<!--end of keycombo.attlist-->]]> +<!--end of keycombo.module-->]]> + +<!ENTITY % keysym.module "INCLUDE"> +<![ %keysym.module; [ +<!ENTITY % local.keysym.attrib ""> +<!ENTITY % keysysm.role.attrib "%role.attrib;"> + +<!ENTITY % keysym.element "INCLUDE"> +<![ %keysym.element; [ +<!ELEMENT KeySym - - ((%smallcptr.char.mix;)+)> +<!--end of keysym.element-->]]> + +<!ENTITY % keysym.attlist "INCLUDE"> +<![ %keysym.attlist; [ +<!ATTLIST KeySym + %common.attrib; + %keysysm.role.attrib; + %local.keysym.attrib; +> +<!--end of keysym.attlist-->]]> +<!--end of keysym.module-->]]> + +<!ENTITY % lineannotation.module "INCLUDE"> +<![ %lineannotation.module; [ +<!ENTITY % local.lineannotation.attrib ""> +<!ENTITY % lineannotation.role.attrib "%role.attrib;"> + +<!ENTITY % lineannotation.element "INCLUDE"> +<![ %lineannotation.element; [ +<!ELEMENT LineAnnotation - - ((%para.char.mix;)+)> +<!--end of lineannotation.element-->]]> + +<!ENTITY % lineannotation.attlist "INCLUDE"> +<![ %lineannotation.attlist; [ +<!ATTLIST LineAnnotation + %common.attrib; + %lineannotation.role.attrib; + %local.lineannotation.attrib; +> +<!--end of lineannotation.attlist-->]]> +<!--end of lineannotation.module-->]]> + +<!ENTITY % literal.module "INCLUDE"> +<![ %literal.module; [ +<!ENTITY % local.literal.attrib ""> +<!ENTITY % literal.role.attrib "%role.attrib;"> + +<!ENTITY % literal.element "INCLUDE"> +<![ %literal.element; [ +<!ELEMENT Literal - - (%cptr.char.mix;)*> +<!--end of literal.element-->]]> + +<!ENTITY % literal.attlist "INCLUDE"> +<![ %literal.attlist; [ +<!ATTLIST Literal + %moreinfo.attrib; + %common.attrib; + %literal.role.attrib; + %local.literal.attrib; +> +<!--end of literal.attlist-->]]> +<!--end of literal.module-->]]> + +<!ENTITY % constant.module "INCLUDE"> +<![ %constant.module; [ +<!ENTITY % local.constant.attrib ""> +<!ENTITY % constant.role.attrib "%role.attrib;"> + +<!ENTITY % constant.element "INCLUDE"> +<![ %constant.element; [ +<!ELEMENT Constant - - (%smallcptr.char.mix;)*> +<!--end of constant.element-->]]> + +<!ENTITY % constant.attlist "INCLUDE"> +<![ %constant.attlist; [ +<!ATTLIST Constant + %common.attrib; + %constant.role.attrib; + %local.constant.attrib; + Class (Limit) #IMPLIED +> +<!--end of constant.attlist-->]]> +<!--end of constant.module-->]]> + +<!ENTITY % varname.module "INCLUDE"> +<![ %varname.module; [ +<!ENTITY % local.varname.attrib ""> +<!ENTITY % varname.role.attrib "%role.attrib;"> + +<!ENTITY % varname.element "INCLUDE"> +<![ %varname.element; [ +<!ELEMENT VarName - - (%smallcptr.char.mix;)*> +<!--end of varname.element-->]]> + +<!ENTITY % varname.attlist "INCLUDE"> +<![ %varname.attlist; [ +<!ATTLIST VarName + %common.attrib; + %varname.role.attrib; + %local.varname.attrib; +> +<!--end of varname.attlist-->]]> +<!--end of varname.module-->]]> + +<!ENTITY % markup.module "INCLUDE"> +<![ %markup.module; [ +<!ENTITY % local.markup.attrib ""> +<!ENTITY % markup.role.attrib "%role.attrib;"> + +<!ENTITY % markup.element "INCLUDE"> +<![ %markup.element; [ +<!ELEMENT Markup - - ((%smallcptr.char.mix;)+)> +<!--end of markup.element-->]]> + +<!ENTITY % markup.attlist "INCLUDE"> +<![ %markup.attlist; [ +<!ATTLIST Markup + %common.attrib; + %markup.role.attrib; + %local.markup.attrib; +> +<!--end of markup.attlist-->]]> +<!--end of markup.module-->]]> + +<!ENTITY % medialabel.module "INCLUDE"> +<![ %medialabel.module; [ +<!ENTITY % local.medialabel.attrib ""> +<!ENTITY % medialabel.role.attrib "%role.attrib;"> + +<!ENTITY % medialabel.element "INCLUDE"> +<![ %medialabel.element; [ +<!ELEMENT MediaLabel - - ((%smallcptr.char.mix;)+)> +<!--end of medialabel.element-->]]> + +<!ENTITY % medialabel.attlist "INCLUDE"> +<![ %medialabel.attlist; [ +<!ATTLIST MediaLabel + -- + Class: Type of medium named by the element; no default + -- + Class (Cartridge + |CDRom + |Disk + |Tape) #IMPLIED + %common.attrib; + %medialabel.role.attrib; + %local.medialabel.attrib; +> +<!--end of medialabel.attlist-->]]> +<!--end of medialabel.module-->]]> + +<!ENTITY % menuchoice.content.module "INCLUDE"> +<![ %menuchoice.content.module; [ +<!ENTITY % menuchoice.module "INCLUDE"> +<![ %menuchoice.module; [ +<!ENTITY % local.menuchoice.attrib ""> +<!ENTITY % menuchoice.role.attrib "%role.attrib;"> + +<!ENTITY % menuchoice.element "INCLUDE"> +<![ %menuchoice.element; [ +<!ELEMENT MenuChoice - - (Shortcut?, (GUIButton|GUIIcon|GUILabel + |GUIMenu|GUIMenuItem|GUISubmenu|Interface)+)> +<!--end of menuchoice.element-->]]> + +<!ENTITY % menuchoice.attlist "INCLUDE"> +<![ %menuchoice.attlist; [ +<!ATTLIST MenuChoice + %moreinfo.attrib; + %common.attrib; + %menuchoice.role.attrib; + %local.menuchoice.attrib; +> +<!--end of menuchoice.attlist-->]]> +<!--end of menuchoice.module-->]]> + +<!ENTITY % shortcut.module "INCLUDE"> +<![ %shortcut.module; [ +<!-- See also KeyCombo --> +<!ENTITY % local.shortcut.attrib ""> +<!ENTITY % shortcut.role.attrib "%role.attrib;"> + +<!ENTITY % shortcut.element "INCLUDE"> +<![ %shortcut.element; [ +<!ELEMENT Shortcut - - ((KeyCap|KeyCombo|KeySym|MouseButton)+)> +<!--end of shortcut.element-->]]> + +<!ENTITY % shortcut.attlist "INCLUDE"> +<![ %shortcut.attlist; [ +<!ATTLIST Shortcut + %keyaction.attrib; + %moreinfo.attrib; + %common.attrib; + %shortcut.role.attrib; + %local.shortcut.attrib; +> +<!--end of shortcut.attlist-->]]> +<!--end of shortcut.module-->]]> +<!--end of menuchoice.content.module-->]]> + +<!ENTITY % mousebutton.module "INCLUDE"> +<![ %mousebutton.module; [ +<!ENTITY % local.mousebutton.attrib ""> +<!ENTITY % mousebutton.role.attrib "%role.attrib;"> + +<!ENTITY % mousebutton.element "INCLUDE"> +<![ %mousebutton.element; [ +<!ELEMENT MouseButton - - ((%smallcptr.char.mix;)+)> +<!--end of mousebutton.element-->]]> + +<!ENTITY % mousebutton.attlist "INCLUDE"> +<![ %mousebutton.attlist; [ +<!ATTLIST MouseButton + %moreinfo.attrib; + %common.attrib; + %mousebutton.role.attrib; + %local.mousebutton.attrib; +> +<!--end of mousebutton.attlist-->]]> +<!--end of mousebutton.module-->]]> + +<!ENTITY % msgtext.module "INCLUDE"> +<![ %msgtext.module; [ +<!ENTITY % local.msgtext.attrib ""> +<!ENTITY % msgtext.role.attrib "%role.attrib;"> + +<!ENTITY % msgtext.element "INCLUDE"> +<![ %msgtext.element; [ +<!--FUTURE USE (V5.0): +...................... +The content model of MsgText will be reduced. It will be made +the same as %example.mix; although it may not use that PE. +...................... +--> +<!ELEMENT MsgText - - ((%component.mix;)+)> +<!--end of msgtext.element-->]]> + +<!ENTITY % msgtext.attlist "INCLUDE"> +<![ %msgtext.attlist; [ +<!ATTLIST MsgText + %common.attrib; + %msgtext.role.attrib; + %local.msgtext.attrib; +> +<!--end of msgtext.attlist-->]]> +<!--end of msgtext.module-->]]> + +<!ENTITY % option.module "INCLUDE"> +<![ %option.module; [ +<!ENTITY % local.option.attrib ""> +<!ENTITY % option.role.attrib "%role.attrib;"> + +<!ENTITY % option.element "INCLUDE"> +<![ %option.element; [ +<!ELEMENT Option - - (%smallcptr.char.mix;)*> +<!--end of option.element-->]]> + +<!ENTITY % option.attlist "INCLUDE"> +<![ %option.attlist; [ +<!ATTLIST Option + %common.attrib; + %option.role.attrib; + %local.option.attrib; +> +<!--end of option.attlist-->]]> +<!--end of option.module-->]]> + +<!ENTITY % optional.module "INCLUDE"> +<![ %optional.module; [ +<!ENTITY % local.optional.attrib ""> +<!ENTITY % optional.role.attrib "%role.attrib;"> + +<!ENTITY % optional.element "INCLUDE"> +<![ %optional.element; [ +<!ELEMENT Optional - - ((%cptr.char.mix;)+)> +<!--end of optional.element-->]]> + +<!ENTITY % optional.attlist "INCLUDE"> +<![ %optional.attlist; [ +<!ATTLIST Optional + %common.attrib; + %optional.role.attrib; + %local.optional.attrib; +> +<!--end of optional.attlist-->]]> +<!--end of optional.module-->]]> + +<!ENTITY % parameter.module "INCLUDE"> +<![ %parameter.module; [ +<!ENTITY % local.parameter.attrib ""> +<!ENTITY % parameter.role.attrib "%role.attrib;"> + +<!ENTITY % parameter.element "INCLUDE"> +<![ %parameter.element; [ +<!ELEMENT Parameter - - (%smallcptr.char.mix;)*> +<!--end of parameter.element-->]]> + +<!ENTITY % parameter.attlist "INCLUDE"> +<![ %parameter.attlist; [ +<!ATTLIST Parameter + -- + Class: Type of the Parameter; no default + -- + Class (Command + |Function + |Option) #IMPLIED + %moreinfo.attrib; + %common.attrib; + %parameter.role.attrib; + %local.parameter.attrib; +> +<!--end of parameter.attlist-->]]> +<!--end of parameter.module-->]]> + +<!ENTITY % prompt.module "INCLUDE"> +<![ %prompt.module; [ +<!ENTITY % local.prompt.attrib ""> +<!ENTITY % prompt.role.attrib "%role.attrib;"> + +<!ENTITY % prompt.element "INCLUDE"> +<![ %prompt.element; [ +<!ELEMENT Prompt - - ((%smallcptr.char.mix;)+)> +<!--end of prompt.element-->]]> + +<!ENTITY % prompt.attlist "INCLUDE"> +<![ %prompt.attlist; [ +<!ATTLIST Prompt + %moreinfo.attrib; + %common.attrib; + %prompt.role.attrib; + %local.prompt.attrib; +> +<!--end of prompt.attlist-->]]> +<!--end of prompt.module-->]]> + +<!ENTITY % property.module "INCLUDE"> +<![ %property.module; [ +<!ENTITY % local.property.attrib ""> +<!ENTITY % property.role.attrib "%role.attrib;"> + +<!ENTITY % property.element "INCLUDE"> +<![ %property.element; [ +<!ELEMENT Property - - (%smallcptr.char.mix;)*> +<!--end of property.element-->]]> + +<!ENTITY % property.attlist "INCLUDE"> +<![ %property.attlist; [ +<!ATTLIST Property + %moreinfo.attrib; + %common.attrib; + %property.role.attrib; + %local.property.attrib; +> +<!--end of property.attlist-->]]> +<!--end of property.module-->]]> + +<!ENTITY % replaceable.module "INCLUDE"> +<![ %replaceable.module; [ +<!ENTITY % local.replaceable.attrib ""> +<!ENTITY % replaceable.role.attrib "%role.attrib;"> + +<!ENTITY % replaceable.element "INCLUDE"> +<![ %replaceable.element; [ +<!ELEMENT Replaceable - - ((#PCDATA + | %link.char.class; + | Optional + | %base.char.class; + | %other.char.class; + | InlineGraphic + | InlineMediaObject)+)> +<!--end of replaceable.element-->]]> + +<!ENTITY % replaceable.attlist "INCLUDE"> +<![ %replaceable.attlist; [ +<!ATTLIST Replaceable + -- + Class: Type of information the element represents; no + default + -- + Class (Command + |Function + |Option + |Parameter) #IMPLIED + %common.attrib; + %replaceable.role.attrib; + %local.replaceable.attrib; +> +<!--end of replaceable.attlist-->]]> +<!--end of replaceable.module-->]]> + +<!ENTITY % returnvalue.module "INCLUDE"> +<![ %returnvalue.module; [ +<!ENTITY % local.returnvalue.attrib ""> +<!ENTITY % returnvalue.role.attrib "%role.attrib;"> + +<!ENTITY % returnvalue.element "INCLUDE"> +<![ %returnvalue.element; [ +<!ELEMENT ReturnValue - - ((%smallcptr.char.mix;)+)> +<!--end of returnvalue.element-->]]> + +<!ENTITY % returnvalue.attlist "INCLUDE"> +<![ %returnvalue.attlist; [ +<!ATTLIST ReturnValue + %common.attrib; + %returnvalue.role.attrib; + %local.returnvalue.attrib; +> +<!--end of returnvalue.attlist-->]]> +<!--end of returnvalue.module-->]]> + +<!ENTITY % sgmltag.module "INCLUDE"> +<![ %sgmltag.module; [ +<!ENTITY % local.sgmltag.attrib ""> +<!ENTITY % sgmltag.role.attrib "%role.attrib;"> + +<!ENTITY % sgmltag.element "INCLUDE"> +<![ %sgmltag.element; [ +<!ELEMENT SGMLTag - - ((%smallcptr.char.mix;)+)> +<!--end of sgmltag.element-->]]> + +<!ENTITY % sgmltag.attlist "INCLUDE"> +<![ %sgmltag.attlist; [ +<!ATTLIST SGMLTag + -- + Class: Type of SGML construct the element names; no default + -- + Class (Attribute + |AttValue + |Element + |EndTag + |EmptyTag + |GenEntity + |NumCharRef + |ParamEntity + |PI + |XMLPI + |StartTag + |SGMLComment) #IMPLIED + %common.attrib; + %sgmltag.role.attrib; + %local.sgmltag.attrib; +> +<!--end of sgmltag.attlist-->]]> +<!--end of sgmltag.module-->]]> + +<!ENTITY % structfield.module "INCLUDE"> +<![ %structfield.module; [ +<!ENTITY % local.structfield.attrib ""> +<!ENTITY % structfield.role.attrib "%role.attrib;"> + +<!ENTITY % structfield.element "INCLUDE"> +<![ %structfield.element; [ +<!ELEMENT StructField - - ((%smallcptr.char.mix;)+)> +<!--end of structfield.element-->]]> + +<!ENTITY % structfield.attlist "INCLUDE"> +<![ %structfield.attlist; [ +<!ATTLIST StructField + %common.attrib; + %structfield.role.attrib; + %local.structfield.attrib; +> +<!--end of structfield.attlist-->]]> +<!--end of structfield.module-->]]> + +<!ENTITY % structname.module "INCLUDE"> +<![ %structname.module; [ +<!ENTITY % local.structname.attrib ""> +<!ENTITY % structname.role.attrib "%role.attrib;"> + +<!ENTITY % structname.element "INCLUDE"> +<![ %structname.element; [ +<!ELEMENT StructName - - ((%smallcptr.char.mix;)+)> +<!--end of structname.element-->]]> + +<!ENTITY % structname.attlist "INCLUDE"> +<![ %structname.attlist; [ +<!ATTLIST StructName + %common.attrib; + %structname.role.attrib; + %local.structname.attrib; +> +<!--end of structname.attlist-->]]> +<!--end of structname.module-->]]> + +<!ENTITY % symbol.module "INCLUDE"> +<![ %symbol.module; [ +<!ENTITY % local.symbol.attrib ""> +<!ENTITY % symbol.role.attrib "%role.attrib;"> + +<!ENTITY % symbol.element "INCLUDE"> +<![ %symbol.element; [ +<!ELEMENT Symbol - - ((%smallcptr.char.mix;)+)> +<!--end of symbol.element-->]]> + +<!ENTITY % symbol.attlist "INCLUDE"> +<![ %symbol.attlist; [ +<!ATTLIST Symbol + -- + Class: Type of symbol; no default + -- + Class (Limit) #IMPLIED + %common.attrib; + %symbol.role.attrib; + %local.symbol.attrib; +> +<!--end of symbol.attlist-->]]> +<!--end of symbol.module-->]]> + +<!ENTITY % systemitem.module "INCLUDE"> +<![ %systemitem.module; [ +<!ENTITY % local.systemitem.attrib ""> +<!ENTITY % systemitem.role.attrib "%role.attrib;"> + +<!ENTITY % systemitem.element "INCLUDE"> +<![ %systemitem.element; [ +<!ELEMENT SystemItem - - ((%smallcptr.char.mix; | Acronym)*)> +<!--end of systemitem.element-->]]> + +<!ENTITY % systemitem.attlist "INCLUDE"> +<![ %systemitem.attlist; [ +<!ATTLIST SystemItem + -- + Class: Type of system item the element names; no default + -- + Class (Constant + |GroupName + |Library + |Macro + |OSname + |Resource + |SystemName + |UserName) #IMPLIED + %moreinfo.attrib; + %common.attrib; + %systemitem.role.attrib; + %local.systemitem.attrib; +> +<!--end of systemitem.attlist-->]]> +<!--end of systemitem.module-->]]> + + +<!ENTITY % token.module "INCLUDE"> +<![ %token.module; [ +<!ENTITY % local.token.attrib ""> +<!ENTITY % token.role.attrib "%role.attrib;"> + +<!ENTITY % token.element "INCLUDE"> +<![ %token.element; [ +<!ELEMENT Token - - ((%smallcptr.char.mix;)+)> +<!--end of token.element-->]]> + +<!ENTITY % token.attlist "INCLUDE"> +<![ %token.attlist; [ +<!ATTLIST Token + %common.attrib; + %token.role.attrib; + %local.token.attrib; +> +<!--end of token.attlist-->]]> +<!--end of token.module-->]]> + +<!ENTITY % type.module "INCLUDE"> +<![ %type.module; [ +<!ENTITY % local.type.attrib ""> +<!ENTITY % type.role.attrib "%role.attrib;"> + +<!ENTITY % type.element "INCLUDE"> +<![ %type.element; [ +<!ELEMENT Type - - ((%smallcptr.char.mix;)+)> +<!--end of type.element-->]]> + +<!ENTITY % type.attlist "INCLUDE"> +<![ %type.attlist; [ +<!ATTLIST Type + %common.attrib; + %type.role.attrib; + %local.type.attrib; +> +<!--end of type.attlist-->]]> +<!--end of type.module-->]]> + +<!ENTITY % userinput.module "INCLUDE"> +<![ %userinput.module; [ +<!ENTITY % local.userinput.attrib ""> +<!ENTITY % userinput.role.attrib "%role.attrib;"> + +<!ENTITY % userinput.element "INCLUDE"> +<![ %userinput.element; [ +<!ELEMENT UserInput - - ((%cptr.char.mix;)+)> +<!--end of userinput.element-->]]> + +<!ENTITY % userinput.attlist "INCLUDE"> +<![ %userinput.attlist; [ +<!ATTLIST UserInput + %moreinfo.attrib; + %common.attrib; + %userinput.role.attrib; + %local.userinput.attrib; +> +<!--end of userinput.attlist-->]]> +<!--end of userinput.module-->]]> + +<!-- General words and phrases ............................................ --> + +<!ENTITY % abbrev.module "INCLUDE"> +<![ %abbrev.module; [ +<!ENTITY % local.abbrev.attrib ""> +<!ENTITY % abbrev.role.attrib "%role.attrib;"> + +<!ENTITY % abbrev.element "INCLUDE"> +<![ %abbrev.element; [ +<!ELEMENT Abbrev - - ((%word.char.mix;)+)> +<!--end of abbrev.element-->]]> + +<!ENTITY % abbrev.attlist "INCLUDE"> +<![ %abbrev.attlist; [ +<!ATTLIST Abbrev + %common.attrib; + %abbrev.role.attrib; + %local.abbrev.attrib; +> +<!--end of abbrev.attlist-->]]> +<!--end of abbrev.module-->]]> + +<!ENTITY % acronym.module "INCLUDE"> +<![ %acronym.module; [ +<!ENTITY % local.acronym.attrib ""> +<!ENTITY % acronym.role.attrib "%role.attrib;"> + +<!ENTITY % acronym.element "INCLUDE"> +<![ %acronym.element; [ +<!ELEMENT Acronym - - ((%word.char.mix;)+) %acronym.exclusion;> +<!--end of acronym.element-->]]> + +<!ENTITY % acronym.attlist "INCLUDE"> +<![ %acronym.attlist; [ +<!ATTLIST Acronym + %common.attrib; + %acronym.role.attrib; + %local.acronym.attrib; +> +<!--end of acronym.attlist-->]]> +<!--end of acronym.module-->]]> + +<!ENTITY % citation.module "INCLUDE"> +<![ %citation.module; [ +<!ENTITY % local.citation.attrib ""> +<!ENTITY % citation.role.attrib "%role.attrib;"> + +<!ENTITY % citation.element "INCLUDE"> +<![ %citation.element; [ +<!ELEMENT Citation - - ((%para.char.mix;)+)> +<!--end of citation.element-->]]> + +<!ENTITY % citation.attlist "INCLUDE"> +<![ %citation.attlist; [ +<!ATTLIST Citation + %common.attrib; + %citation.role.attrib; + %local.citation.attrib; +> +<!--end of citation.attlist-->]]> +<!--end of citation.module-->]]> + +<!ENTITY % citerefentry.module "INCLUDE"> +<![ %citerefentry.module; [ +<!ENTITY % local.citerefentry.attrib ""> +<!ENTITY % citerefentry.role.attrib "%role.attrib;"> + +<!ENTITY % citerefentry.element "INCLUDE"> +<![ %citerefentry.element; [ +<!ELEMENT CiteRefEntry - - (RefEntryTitle, ManVolNum?)> +<!--end of citerefentry.element-->]]> + +<!ENTITY % citerefentry.attlist "INCLUDE"> +<![ %citerefentry.attlist; [ +<!ATTLIST CiteRefEntry + %common.attrib; + %citerefentry.role.attrib; + %local.citerefentry.attrib; +> +<!--end of citerefentry.attlist-->]]> +<!--end of citerefentry.module-->]]> + +<!ENTITY % refentrytitle.module "INCLUDE"> +<![ %refentrytitle.module; [ +<!ENTITY % local.refentrytitle.attrib ""> +<!ENTITY % refentrytitle.role.attrib "%role.attrib;"> + +<!ENTITY % refentrytitle.element "INCLUDE"> +<![ %refentrytitle.element; [ +<!ELEMENT RefEntryTitle - O ((%para.char.mix;)+)> +<!--end of refentrytitle.element-->]]> + +<!ENTITY % refentrytitle.attlist "INCLUDE"> +<![ %refentrytitle.attlist; [ +<!ATTLIST RefEntryTitle + %common.attrib; + %refentrytitle.role.attrib; + %local.refentrytitle.attrib; +> +<!--end of refentrytitle.attlist-->]]> +<!--end of refentrytitle.module-->]]> + +<!ENTITY % manvolnum.module "INCLUDE"> +<![ %manvolnum.module; [ +<!ENTITY % local.manvolnum.attrib ""> +<!ENTITY % namvolnum.role.attrib "%role.attrib;"> + +<!ENTITY % manvolnum.element "INCLUDE"> +<![ %manvolnum.element; [ +<!ELEMENT ManVolNum - O ((%word.char.mix;)+)> +<!--end of manvolnum.element-->]]> + +<!ENTITY % manvolnum.attlist "INCLUDE"> +<![ %manvolnum.attlist; [ +<!ATTLIST ManVolNum + %common.attrib; + %namvolnum.role.attrib; + %local.manvolnum.attrib; +> +<!--end of manvolnum.attlist-->]]> +<!--end of manvolnum.module-->]]> + +<!ENTITY % citetitle.module "INCLUDE"> +<![ %citetitle.module; [ +<!ENTITY % local.citetitle.attrib ""> +<!ENTITY % citetitle.role.attrib "%role.attrib;"> + +<!ENTITY % citetitle.element "INCLUDE"> +<![ %citetitle.element; [ +<!ELEMENT CiteTitle - - ((%para.char.mix;)+)> +<!--end of citetitle.element-->]]> + +<!ENTITY % citetitle.attlist "INCLUDE"> +<![ %citetitle.attlist; [ +<!ATTLIST CiteTitle + -- + Pubwork: Genre of published work cited; no default + -- + Pubwork (Article + |Book + |Chapter + |Part + |RefEntry + |Section + |Journal + |Series + |Set + |Manuscript) #IMPLIED + %common.attrib; + %citetitle.role.attrib; + %local.citetitle.attrib; +> +<!--end of citetitle.attlist-->]]> +<!--end of citetitle.module-->]]> + +<!ENTITY % emphasis.module "INCLUDE"> +<![ %emphasis.module; [ +<!ENTITY % local.emphasis.attrib ""> +<!ENTITY % emphasis.role.attrib "%role.attrib;"> + +<!ENTITY % emphasis.element "INCLUDE"> +<![ %emphasis.element; [ +<!ELEMENT Emphasis - - ((%para.char.mix;)+)> +<!--end of emphasis.element-->]]> + +<!ENTITY % emphasis.attlist "INCLUDE"> +<![ %emphasis.attlist; [ +<!ATTLIST Emphasis + %common.attrib; + %emphasis.role.attrib; + %local.emphasis.attrib; +> +<!--end of emphasis.attlist-->]]> +<!--end of emphasis.module-->]]> + +<!ENTITY % firstterm.module "INCLUDE"> +<![ %firstterm.module; [ +<!ENTITY % local.firstterm.attrib ""> +<!ENTITY % firstterm.role.attrib "%role.attrib;"> + +<!ENTITY % firstterm.element "INCLUDE"> +<![ %firstterm.element; [ +<!ELEMENT FirstTerm - - ((%word.char.mix;)+)> +<!--end of firstterm.element-->]]> + +<!ENTITY % firstterm.attlist "INCLUDE"> +<![ %firstterm.attlist; [ +<!ATTLIST FirstTerm + %linkend.attrib; --to GlossEntry or other explanation-- + %common.attrib; + %firstterm.role.attrib; + %local.firstterm.attrib; +> +<!--end of firstterm.attlist-->]]> +<!--end of firstterm.module-->]]> + +<!ENTITY % foreignphrase.module "INCLUDE"> +<![ %foreignphrase.module; [ +<!ENTITY % local.foreignphrase.attrib ""> +<!ENTITY % foreignphrase.role.attrib "%role.attrib;"> + +<!ENTITY % foreignphrase.element "INCLUDE"> +<![ %foreignphrase.element; [ +<!ELEMENT ForeignPhrase - - ((%para.char.mix;)+)> +<!--end of foreignphrase.element-->]]> + +<!ENTITY % foreignphrase.attlist "INCLUDE"> +<![ %foreignphrase.attlist; [ +<!ATTLIST ForeignPhrase + %common.attrib; + %foreignphrase.role.attrib; + %local.foreignphrase.attrib; +> +<!--end of foreignphrase.attlist-->]]> +<!--end of foreignphrase.module-->]]> + +<!ENTITY % glossterm.module "INCLUDE"> +<![ %glossterm.module; [ +<!ENTITY % local.glossterm.attrib ""> +<!ENTITY % glossterm.role.attrib "%role.attrib;"> + +<!ENTITY % glossterm.element "INCLUDE"> +<![ %glossterm.element; [ +<!ELEMENT GlossTerm - O ((%para.char.mix;)+) %glossterm.exclusion;> +<!--end of glossterm.element-->]]> + +<!ENTITY % glossterm.attlist "INCLUDE"> +<![ %glossterm.attlist; [ +<!ATTLIST GlossTerm + %linkend.attrib; --to GlossEntry if Glossterm used in text-- + -- + BaseForm: Provides the form of GlossTerm to be used + for indexing + -- + BaseForm CDATA #IMPLIED + %common.attrib; + %glossterm.role.attrib; + %local.glossterm.attrib; +> +<!--end of glossterm.attlist-->]]> +<!--end of glossterm.module-->]]> + +<!ENTITY % phrase.module "INCLUDE"> +<![ %phrase.module; [ +<!ENTITY % local.phrase.attrib ""> +<!ENTITY % phrase.role.attrib "%role.attrib;"> + +<!ENTITY % phrase.element "INCLUDE"> +<![ %phrase.element; [ +<!ELEMENT Phrase - - ((%para.char.mix;)+)> +<!--end of phrase.element-->]]> + +<!ENTITY % phrase.attlist "INCLUDE"> +<![ %phrase.attlist; [ +<!ATTLIST Phrase + %common.attrib; + %phrase.role.attrib; + %local.phrase.attrib; +> +<!--end of phrase.attlist-->]]> +<!--end of phrase.module-->]]> + +<!ENTITY % quote.module "INCLUDE"> +<![ %quote.module; [ +<!ENTITY % local.quote.attrib ""> +<!ENTITY % quote.role.attrib "%role.attrib;"> + +<!ENTITY % quote.element "INCLUDE"> +<![ %quote.element; [ +<!ELEMENT Quote - - ((%para.char.mix;)+)> +<!--end of quote.element-->]]> + +<!ENTITY % quote.attlist "INCLUDE"> +<![ %quote.attlist; [ +<!ATTLIST Quote + %common.attrib; + %quote.role.attrib; + %local.quote.attrib; +> +<!--end of quote.attlist-->]]> +<!--end of quote.module-->]]> + +<!ENTITY % ssscript.module "INCLUDE"> +<![ %ssscript.module; [ +<!ENTITY % local.ssscript.attrib ""> +<!ENTITY % ssscript.role.attrib "%role.attrib;"> + +<!ENTITY % ssscript.elements "INCLUDE"> +<![ %ssscript.elements [ +<!ELEMENT (Subscript | Superscript) - - ((#PCDATA + | %link.char.class; + | Emphasis + | Replaceable + | Symbol + | InlineGraphic + | InlineMediaObject + | %base.char.class; + | %other.char.class;)+) + %ubiq.exclusion;> +<!--end of ssscript.elements-->]]> + +<!ENTITY % ssscript.attlists "INCLUDE"> +<![ %ssscript.attlists; [ +<!ATTLIST (Subscript | Superscript) + %common.attrib; + %ssscript.role.attrib; + %local.ssscript.attrib; +> +<!--end of ssscript.attlists-->]]> +<!--end of ssscript.module-->]]> + +<!ENTITY % trademark.module "INCLUDE"> +<![ %trademark.module; [ +<!ENTITY % local.trademark.attrib ""> +<!ENTITY % trademark.role.attrib "%role.attrib;"> + +<!ENTITY % trademark.element "INCLUDE"> +<![ %trademark.element; [ +<!ELEMENT Trademark - - ((#PCDATA + | %link.char.class; + | %tech.char.class; + | %base.char.class; + | %other.char.class; + | InlineGraphic + | InlineMediaObject + | Emphasis)+)> +<!--end of trademark.element-->]]> + +<!ENTITY % trademark.attlist "INCLUDE"> +<![ %trademark.attlist; [ +<!ATTLIST Trademark + -- + Class: More precisely identifies the item the element names + -- + Class (Service + |Trade + |Registered + |Copyright) Trade + %common.attrib; + %trademark.role.attrib; + %local.trademark.attrib; +> +<!--end of trademark.attlist-->]]> +<!--end of trademark.module-->]]> + +<!ENTITY % wordasword.module "INCLUDE"> +<![ %wordasword.module; [ +<!ENTITY % local.wordasword.attrib ""> +<!ENTITY % wordasword.role.attrib "%role.attrib;"> + +<!ENTITY % wordasword.element "INCLUDE"> +<![ %wordasword.element; [ +<!ELEMENT WordAsWord - - ((%word.char.mix;)+)> +<!--end of wordasword.element-->]]> + +<!ENTITY % wordasword.attlist "INCLUDE"> +<![ %wordasword.attlist; [ +<!ATTLIST WordAsWord + %common.attrib; + %wordasword.role.attrib; + %local.wordasword.attrib; +> +<!--end of wordasword.attlist-->]]> +<!--end of wordasword.module-->]]> + +<!-- Links and cross-references ........................................... --> + +<!ENTITY % link.module "INCLUDE"> +<![ %link.module; [ +<!ENTITY % local.link.attrib ""> +<!ENTITY % link.role.attrib "%role.attrib;"> + +<!ENTITY % link.element "INCLUDE"> +<![ %link.element; [ +<!ELEMENT Link - - ((%para.char.mix;)+) %links.exclusion;> +<!--end of link.element-->]]> + +<!ENTITY % link.attlist "INCLUDE"> +<![ %link.attlist; [ +<!ATTLIST Link + -- + Endterm: ID of element containing text that is to be + fetched from elsewhere in the document to appear as + the content of this element + -- + Endterm IDREF #IMPLIED + %linkendreq.attrib; --to linked-to object-- + -- + Type: Freely assignable parameter + -- + Type CDATA #IMPLIED + %common.attrib; + %link.role.attrib; + %local.link.attrib; +> +<!--end of link.attlist-->]]> +<!--end of link.module-->]]> + +<!ENTITY % olink.module "INCLUDE"> +<![ %olink.module; [ +<!ENTITY % local.olink.attrib ""> +<!ENTITY % olink.role.attrib "%role.attrib;"> + +<!ENTITY % olink.element "INCLUDE"> +<![ %olink.element; [ +<!ELEMENT OLink - - ((%para.char.mix;)+) %links.exclusion;> +<!--end of olink.element-->]]> + +<!ENTITY % olink.attlist "INCLUDE"> +<![ %olink.attlist; [ +<!ATTLIST OLink + -- + TargetDocEnt: Name of an entity to be the target of the link + -- + TargetDocEnt ENTITY #IMPLIED + -- + LinkMode: ID of a ModeSpec containing instructions for + operating on the entity named by TargetDocEnt + -- + LinkMode IDREF #IMPLIED + -- + LocalInfo: Information that may be passed to ModeSpec + -- + LocalInfo CDATA #IMPLIED + -- + Type: Freely assignable parameter + -- + Type CDATA #IMPLIED + %common.attrib; + %olink.role.attrib; + %local.olink.attrib; +> +<!--end of olink.attlist-->]]> +<!--end of olink.module-->]]> + +<!ENTITY % ulink.module "INCLUDE"> +<![ %ulink.module; [ +<!ENTITY % local.ulink.attrib ""> +<!ENTITY % ulink.role.attrib "%role.attrib;"> + +<!ENTITY % ulink.element "INCLUDE"> +<![ %ulink.element; [ +<!ELEMENT ULink - - ((%para.char.mix;)+) %links.exclusion;> +<!--end of ulink.element-->]]> + +<!ENTITY % ulink.attlist "INCLUDE"> +<![ %ulink.attlist; [ +<!ATTLIST ULink + -- + URL: uniform resource locator; the target of the ULink + -- + URL CDATA #REQUIRED + -- + Type: Freely assignable parameter + -- + Type CDATA #IMPLIED + %common.attrib; + %ulink.role.attrib; + %local.ulink.attrib; +> +<!--end of ulink.attlist-->]]> +<!--end of ulink.module-->]]> + +<!ENTITY % footnoteref.module "INCLUDE"> +<![ %footnoteref.module; [ +<!ENTITY % local.footnoteref.attrib ""> +<!ENTITY % footnoteref.role.attrib "%role.attrib;"> + +<!ENTITY % footnoteref.element "INCLUDE"> +<![ %footnoteref.element; [ +<!ELEMENT FootnoteRef - O EMPTY> +<!--end of footnoteref.element-->]]> + +<!ENTITY % footnoteref.attlist "INCLUDE"> +<![ %footnoteref.attlist; [ +<!ATTLIST FootnoteRef + %linkendreq.attrib; --to footnote content supplied elsewhere-- + %label.attrib; + %common.attrib; + %footnoteref.role.attrib; + %local.footnoteref.attrib; +> +<!--end of footnoteref.attlist-->]]> +<!--end of footnoteref.module-->]]> + +<!ENTITY % xref.module "INCLUDE"> +<![ %xref.module; [ +<!ENTITY % local.xref.attrib ""> +<!ENTITY % xref.role.attrib "%role.attrib;"> + +<!ENTITY % xref.element "INCLUDE"> +<![ %xref.element; [ +<!ELEMENT XRef - O EMPTY> +<!--end of xref.element-->]]> + +<!ENTITY % xref.attlist "INCLUDE"> +<![ %xref.attlist; [ +<!ATTLIST XRef + -- + Endterm: ID of element containing text that is to be + fetched from elsewhere in the document to appear as + the content of this element + -- + Endterm IDREF #IMPLIED + %linkendreq.attrib; --to linked-to object-- + %common.attrib; + %xref.role.attrib; + %local.xref.attrib; +> +<!--end of xref.attlist-->]]> +<!--end of xref.module-->]]> + +<!-- Ubiquitous elements .................................................. --> + +<!ENTITY % anchor.module "INCLUDE"> +<![ %anchor.module; [ +<!ENTITY % local.anchor.attrib ""> +<!ENTITY % anchor.role.attrib "%role.attrib;"> + +<!ENTITY % anchor.element "INCLUDE"> +<![ %anchor.element; [ +<!ELEMENT Anchor - O EMPTY> +<!--end of anchor.element-->]]> + +<!ENTITY % anchor.attlist "INCLUDE"> +<![ %anchor.attlist; [ +<!ATTLIST Anchor + %idreq.attrib; -- required -- + %pagenum.attrib; --replaces Lang -- + %remap.attrib; + %xreflabel.attrib; + %revisionflag.attrib; + %effectivity.attrib; + %anchor.role.attrib; + %local.anchor.attrib; +> +<!--end of anchor.attlist-->]]> +<!--end of anchor.module-->]]> + +<!ENTITY % beginpage.module "INCLUDE"> +<![ %beginpage.module; [ +<!ENTITY % local.beginpage.attrib ""> +<!ENTITY % beginpage.role.attrib "%role.attrib;"> + +<!ENTITY % beginpage.element "INCLUDE"> +<![ %beginpage.element; [ +<!ELEMENT BeginPage - O EMPTY> +<!--end of beginpage.element-->]]> + +<!ENTITY % beginpage.attlist "INCLUDE"> +<![ %beginpage.attlist; [ +<!ATTLIST BeginPage + -- + PageNum: Number of page that begins at this point + -- + %pagenum.attrib; + %common.attrib; + %beginpage.role.attrib; + %local.beginpage.attrib; +> +<!--end of beginpage.attlist-->]]> +<!--end of beginpage.module-->]]> + +<!-- IndexTerms appear in the text flow for generating or linking an + index. --> + +<!ENTITY % indexterm.content.module "INCLUDE"> +<![ %indexterm.content.module; [ +<!ENTITY % indexterm.module "INCLUDE"> +<![ %indexterm.module; [ +<!ENTITY % local.indexterm.attrib ""> +<!ENTITY % indexterm.role.attrib "%role.attrib;"> + +<!ENTITY % indexterm.element "INCLUDE"> +<![ %indexterm.element; [ +<!ELEMENT IndexTerm - O (Primary, ((Secondary, ((Tertiary, (See|SeeAlso+)?) + | See | SeeAlso+)?) | See | SeeAlso+)?) %ubiq.exclusion;> +<!--end of indexterm.element-->]]> + +<!ENTITY % indexterm.attlist "INCLUDE"> +<![ %indexterm.attlist; [ +<!ATTLIST IndexTerm + %pagenum.attrib; + -- + Scope: Indicates which generated indices the IndexTerm + should appear in: Global (whole document set), Local (this + document only), or All (both) + -- + Scope (All + |Global + |Local) #IMPLIED + -- + Significance: Whether this IndexTerm is the most pertinent + of its series (Preferred) or not (Normal, the default) + -- + Significance (Preferred + |Normal) Normal + -- + Class: Indicates type of IndexTerm; default is Singular, + or EndOfRange if StartRef is supplied; StartOfRange value + must be supplied explicitly on starts of ranges + -- + Class (Singular + |StartOfRange + |EndOfRange) #IMPLIED + -- + StartRef: ID of the IndexTerm that starts the indexing + range ended by this IndexTerm + -- + StartRef IDREF #CONREF + -- + Zone: IDs of the elements to which the IndexTerm applies, + and indicates that the IndexTerm applies to those entire + elements rather than the point at which the IndexTerm + occurs + -- + Zone IDREFS #IMPLIED + %common.attrib; + %indexterm.role.attrib; + %local.indexterm.attrib; +> +<!--end of indexterm.attlist-->]]> +<!--end of indexterm.module-->]]> + +<!ENTITY % primsecter.module "INCLUDE"> +<![ %primsecter.module; [ +<!ENTITY % local.primsecter.attrib ""> +<!ENTITY % primsecter.role.attrib "%role.attrib;"> + +<!ENTITY % primsecter.elements "INCLUDE"> +<![ %primsecter.elements; [ +<!ELEMENT (Primary | Secondary | Tertiary) - O ((%ndxterm.char.mix;)+)> +<!--end of primsecter.elements-->]]> + +<!ENTITY % primsecter.attlists "INCLUDE"> +<![ %primsecter.attlists; [ +<!ENTITY % containing.attlist "INCLUDE"> +<![ %containing.attlist; [ +<!ATTLIST (Primary | Secondary | Tertiary) + -- + SortAs: Alternate sort string for index sorting, e.g., + "fourteen" for an element containing "14" + -- + SortAs CDATA #IMPLIED + %common.attrib; + %primsecter.role.attrib; + %local.primsecter.attrib; +> +<!--end of containing.attlist-->]]> +<!--end of primsecter.attlist-->]]> +<!--end of primsecter.module-->]]> + +<!ENTITY % seeseealso.module "INCLUDE"> +<![ %seeseealso.module; [ +<!ENTITY % local.seeseealso.attrib ""> +<!ENTITY % seeseealso.role.attrib "%role.attrib;"> + +<!ENTITY % seeseealso.elements "INCLUDE"> +<![ %seeseealso.elements [ +<!ELEMENT (See | SeeAlso) - O ((%ndxterm.char.mix;)+)> +<!--end of seeseealso.elements-->]]> + +<!ENTITY % seeseealso.attlists "INCLUDE"> +<![ %seeseealso.attlists [ +<!ATTLIST (See | SeeAlso) + %common.attrib; + %seeseealso.role.attrib; + %local.seeseealso.attrib; +> +<!--end of seeseealso.attlists-->]]> +<!--end of seeseealso.module-->]]> +<!--end of indexterm.content.module-->]]> + +<!-- End of DocBook information pool module V4.1 .......................... --> +<!-- ...................................................................... --> diff --git a/docs/docbook/dbsgml/docbook.cat b/docs/docbook/dbsgml/docbook.cat new file mode 100644 index 0000000000..0f285d0d75 --- /dev/null +++ b/docs/docbook/dbsgml/docbook.cat @@ -0,0 +1,63 @@ + -- ...................................................................... -- + -- Catalog data for DocBook V4.1 ........................................ -- + -- File docbook.cat ..................................................... -- + + -- Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/. + -- + + -- This is the catalog data file for DocBook V4.1. It is provided as + a convenience in building your own catalog files. You need not use + the filenames listed here, and need not use the filename method of + identifying storage objects at all. See the documentation for + detailed information on the files associated with the DocBook DTD. + See SGML Open Technical Resolution 9401 for detailed information + on supplying and using catalog data. + -- + + -- ...................................................................... -- + -- SGML declaration associated with DocBook ............................. -- + +DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl" + + -- ...................................................................... -- + -- DocBook driver file .................................................. -- + +PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd" + + -- ...................................................................... -- + -- DocBook modules ...................................................... -- + +PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd" +PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod" +PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod" + + -- ...................................................................... -- + -- ISO entity sets ...................................................... -- + +PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ISOdia" +PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ISOnum" +PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ISOpub" +PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ISOtech" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ISOlat1" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ISOlat2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ISOgrk1" +PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ISOgrk2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ISOgrk3" +PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ISOgrk4" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ISOamsa" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ISOamsb" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ISOamsc" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ISOamsn" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ISOamso" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ISOamsr" +PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ISObox" +PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ISOcyr1" +PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ISOcyr2" + + -- End of catalog data for DocBook V4.1 ................................. -- + -- ...................................................................... -- diff --git a/docs/docbook/dbsgml/docbook.dcl b/docs/docbook/dbsgml/docbook.dcl new file mode 100644 index 0000000000..c76de206cf --- /dev/null +++ b/docs/docbook/dbsgml/docbook.dcl @@ -0,0 +1,106 @@ +<!SGML "ISO 8879:1986" + -- ...................................................................... -- + -- DocBook SGML declaration V4.1 ........................................ -- + -- file docbook.dcl ..................................................... -- + +CHARSET + + BASESET + "ISO 646:1983//CHARSET International Reference Version (IRV)//ESC 2/5 4/0" + DESCSET + 0 9 UNUSED + 9 2 9 + 11 2 UNUSED + 13 1 13 + 14 18 UNUSED + 32 95 32 + 127 1 UNUSED + + BASESET + "ISO Registration Number 100//CHARSET ECMA-94 Right Part of Latin Alphabet Nr. 1//ESC 2/13 4/1" + DESCSET + 128 32 UNUSED + 160 96 32 + +CAPACITY SGMLREF + + TOTALCAP 99000000 + ATTCAP 1000000 + ATTCHCAP 1000000 + AVGRPCAP 1000000 + ELEMCAP 1000000 + ENTCAP 1000000 + ENTCHCAP 1000000 + GRPCAP 1000000 + IDCAP 32000000 + IDREFCAP 32000000 + +SCOPE DOCUMENT + +SYNTAX + + SHUNCHAR CONTROLS 0 1 2 3 4 5 6 7 8 9 + 10 11 12 13 14 15 16 17 18 19 + 20 21 22 23 24 25 26 27 28 29 + 30 31 127 128 129 + 130 131 132 133 134 135 136 137 138 139 + 140 141 142 143 144 145 146 147 148 149 + 150 151 152 153 154 155 156 157 158 159 + + BASESET + "ISO 646:1983//CHARSET International Reference Version (IRV)//ESC 2/5 4/0" + DESCSET + 0 128 0 + + FUNCTION + RE 13 + RS 10 + SPACE 32 + TAB SEPCHAR 9 + + NAMING + LCNMSTRT "" + UCNMSTRT "" + LCNMCHAR ".-_" + UCNMCHAR ".-_" + NAMECASE + GENERAL YES + ENTITY NO + + DELIM + GENERAL SGMLREF + SHORTREF SGMLREF + + NAMES SGMLREF + + QUANTITY SGMLREF + ATTCNT 256 + GRPCNT 253 + GRPGTCNT 253 + LITLEN 8092 + NAMELEN 44 + TAGLVL 100 + +FEATURES + + MINIMIZE + DATATAG NO + OMITTAG NO + RANK NO + SHORTTAG YES + + LINK + SIMPLE NO + IMPLICIT NO + EXPLICIT NO + + OTHER + CONCUR NO + SUBDOC NO + FORMAL YES + +APPINFO NONE + + -- End of DocBook SGML declaration V4.1 ................................. -- + -- ...................................................................... -- +> diff --git a/docs/docbook/dbsgml/docbook.dtd b/docs/docbook/dbsgml/docbook.dtd new file mode 100755 index 0000000000..4d784cc43f --- /dev/null +++ b/docs/docbook/dbsgml/docbook.dtd @@ -0,0 +1,117 @@ +<!-- ...................................................................... --> +<!-- DocBook DTD V4.1 ..................................................... --> +<!-- File docbook.dtd ..................................................... --> + +<!-- Copyright 1992-2000 HaL Computer Systems, Inc., + O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software + Corporation, and the Organization for the Advancement of + Structured Information Standards (OASIS). + + $Id: docbook.dtd,v 1.3 2001/12/06 07:37:56 jerry Exp $ + + Permission to use, copy, modify and distribute the DocBook DTD and + its accompanying documentation for any purpose and without fee is + hereby granted in perpetuity, provided that the above copyright + notice and this paragraph appear in all copies. The copyright + holders make no representation about the suitability of the DTD for + any purpose. It is provided "as is" without expressed or implied + warranty. + + If you modify the DocBook DTD in any way, except for declaring and + referencing additional sets of general entities and declaring + additional notations, label your DTD as a variant of DocBook. See + the maintenance documentation for more information. + + Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/docbook/. +--> + +<!-- ...................................................................... --> + +<!-- This is the driver file for V4.1 of the DocBook DTD. + Please use the following formal public identifier to identify it: + + "-//OASIS//DTD DocBook V4.1//EN" + + For example, if your document's top-level element is Book, and + you are using DocBook directly, use the FPI in the DOCTYPE + declaration: + + <!DOCTYPE Book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [...]> + + Or, if you have a higher-level driver file that customizes DocBook, + use the FPI in the parameter entity declaration: + + <!ENTITY % DocBookDTD PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> + %DocBookDTD; + + The DocBook DTD is accompanied by an SGML declaration. + + See the documentation for detailed information on the parameter + entity and module scheme used in DocBook, customizing DocBook and + planning for interchange, and changes made since the last release + of DocBook. +--> + +<!-- ...................................................................... --> +<!-- Notation declarations ................................................ --> + +<!ENTITY % dbnotn.module "INCLUDE"> +<![ %dbnotn.module; [ +<!ENTITY % dbnotn PUBLIC +"-//OASIS//ENTITIES DocBook Notations V4.1//EN"> +%dbnotn; +<!--end of dbnotn.module-->]]> + +<!-- ...................................................................... --> +<!-- ISO character entity sets ............................................ --> + +<!ENTITY % dbcent.module "INCLUDE"> +<![ %dbcent.module; [ +<!ENTITY euro SDATA "[euro ]"><!-- euro sign, U+20AC NEW --> +<!ENTITY % dbcent PUBLIC +"-//OASIS//ENTITIES DocBook Character Entities V4.1//EN"> +%dbcent; +<!--end of dbcent.module-->]]> + +<!-- ...................................................................... --> +<!-- DTD modules .......................................................... --> + +<!-- Information pool .............. --> + +<!ENTITY % dbpool.module "INCLUDE"> +<![ %dbpool.module; [ +<!ENTITY % dbpool PUBLIC +"-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN"> +%dbpool; +<!--end of dbpool.module-->]]> + +<!-- Redeclaration placeholder ..... --> + +<!ENTITY % intermod.redecl.module "IGNORE"> +<![ %intermod.redecl.module; [ +%rdbmods; +<!--end of intermod.redecl.module-->]]> + +<!-- Document hierarchy ............ --> + +<!ENTITY % dbhier.module "INCLUDE"> +<![ %dbhier.module; [ +<!ENTITY % dbhier PUBLIC +"-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN"> +%dbhier; +<!--end of dbhier.module-->]]> + +<!-- ...................................................................... --> +<!-- Other general entities ............................................... --> + +<!ENTITY % dbgenent.module "INCLUDE"> +<![ %dbgenent.module; [ +<!ENTITY % dbgenent PUBLIC +"-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN"> +%dbgenent; +<!--end of dbgenent.module-->]]> + +<!-- End of DocBook DTD V4.1 .............................................. --> +<!-- ...................................................................... --> diff --git a/docs/docbook/dbsgml/ent/ISOamsa b/docs/docbook/dbsgml/ent/ISOamsa new file mode 100644 index 0000000000..b77154cb02 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsa @@ -0,0 +1,66 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOamsa PUBLIC + "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN"> + %ISOamsa; +--> +<!ENTITY cularr SDATA "[cularr]"--/curvearrowleft A: left curved arrow --> +<!ENTITY curarr SDATA "[curarr]"--/curvearrowright A: rt curved arrow --> +<!ENTITY dArr SDATA "[dArr ]"--/Downarrow A: down dbl arrow --> +<!ENTITY darr2 SDATA "[darr2 ]"--/downdownarrows A: two down arrows --> +<!ENTITY dharl SDATA "[dharl ]"--/downleftharpoon A: dn harpoon-left --> +<!ENTITY dharr SDATA "[dharr ]"--/downrightharpoon A: down harpoon-rt --> +<!ENTITY lAarr SDATA "[lAarr ]"--/Lleftarrow A: left triple arrow --> +<!ENTITY Larr SDATA "[Larr ]"--/twoheadleftarrow A:--> +<!ENTITY larr2 SDATA "[larr2 ]"--/leftleftarrows A: two left arrows --> +<!ENTITY larrhk SDATA "[larrhk]"--/hookleftarrow A: left arrow-hooked --> +<!ENTITY larrlp SDATA "[larrlp]"--/looparrowleft A: left arrow-looped --> +<!ENTITY larrtl SDATA "[larrtl]"--/leftarrowtail A: left arrow-tailed --> +<!ENTITY lhard SDATA "[lhard ]"--/leftharpoondown A: l harpoon-down --> +<!ENTITY lharu SDATA "[lharu ]"--/leftharpoonup A: left harpoon-up --> +<!ENTITY hArr SDATA "[hArr ]"--/Leftrightarrow A: l&r dbl arrow --> +<!ENTITY harr SDATA "[harr ]"--/leftrightarrow A: l&r arrow --> +<!ENTITY lrarr2 SDATA "[lrarr2]"--/leftrightarrows A: l arr over r arr --> +<!ENTITY rlarr2 SDATA "[rlarr2]"--/rightleftarrows A: r arr over l arr --> +<!ENTITY harrw SDATA "[harrw ]"--/leftrightsquigarrow A: l&r arr-wavy --> +<!ENTITY rlhar2 SDATA "[rlhar2]"--/rightleftharpoons A: r harp over l --> +<!ENTITY lrhar2 SDATA "[lrhar2]"--/leftrightharpoons A: l harp over r --> +<!ENTITY lsh SDATA "[lsh ]"--/Lsh A:--> +<!ENTITY map SDATA "[map ]"--/mapsto A:--> +<!ENTITY mumap SDATA "[mumap ]"--/multimap A:--> +<!ENTITY nearr SDATA "[nearr ]"--/nearrow A: NE pointing arrow --> +<!ENTITY nlArr SDATA "[nlArr ]"--/nLeftarrow A: not implied by --> +<!ENTITY nlarr SDATA "[nlarr ]"--/nleftarrow A: not left arrow --> +<!ENTITY nhArr SDATA "[nhArr ]"--/nLeftrightarrow A: not l&r dbl arr --> +<!ENTITY nharr SDATA "[nharr ]"--/nleftrightarrow A: not l&r arrow --> +<!ENTITY nrarr SDATA "[nrarr ]"--/nrightarrow A: not right arrow --> +<!ENTITY nrArr SDATA "[nrArr ]"--/nRightarrow A: not implies --> +<!ENTITY nwarr SDATA "[nwarr ]"--/nwarrow A: NW pointing arrow --> +<!ENTITY olarr SDATA "[olarr ]"--/circlearrowleft A: l arr in circle --> +<!ENTITY orarr SDATA "[orarr ]"--/circlearrowright A: r arr in circle --> +<!ENTITY rAarr SDATA "[rAarr ]"--/Rrightarrow A: right triple arrow --> +<!ENTITY Rarr SDATA "[Rarr ]"--/twoheadrightarrow A:--> +<!ENTITY rarr2 SDATA "[rarr2 ]"--/rightrightarrows A: two rt arrows --> +<!ENTITY rarrhk SDATA "[rarrhk]"--/hookrightarrow A: rt arrow-hooked --> +<!ENTITY rarrlp SDATA "[rarrlp]"--/looparrowright A: rt arrow-looped --> +<!ENTITY rarrtl SDATA "[rarrtl]"--/rightarrowtail A: rt arrow-tailed --> +<!ENTITY rarrw SDATA "[rarrw ]"--/squigarrowright A: rt arrow-wavy --> +<!ENTITY rhard SDATA "[rhard ]"--/rightharpoondown A: rt harpoon-down --> +<!ENTITY rharu SDATA "[rharu ]"--/rightharpoonup A: rt harpoon-up --> +<!ENTITY rsh SDATA "[rsh ]"--/Rsh A:--> +<!ENTITY drarr SDATA "[drarr ]"--/searrow A: downward rt arrow --> +<!ENTITY dlarr SDATA "[dlarr ]"--/swarrow A: downward l arrow --> +<!ENTITY uArr SDATA "[uArr ]"--/Uparrow A: up dbl arrow --> +<!ENTITY uarr2 SDATA "[uarr2 ]"--/upuparrows A: two up arrows --> +<!ENTITY vArr SDATA "[vArr ]"--/Updownarrow A: up&down dbl arrow --> +<!ENTITY varr SDATA "[varr ]"--/updownarrow A: up&down arrow --> +<!ENTITY uharl SDATA "[uharl ]"--/upleftharpoon A: up harpoon-left --> +<!ENTITY uharr SDATA "[uharr ]"--/uprightharpoon A: up harp-r--> +<!ENTITY xlArr SDATA "[xlArr ]"--/Longleftarrow A: long l dbl arrow --> +<!ENTITY xhArr SDATA "[xhArr ]"--/Longleftrightarrow A: long l&r dbl arr--> +<!ENTITY xharr SDATA "[xharr ]"--/longleftrightarrow A: long l&r arr --> +<!ENTITY xrArr SDATA "[xrArr ]"--/Longrightarrow A: long rt dbl arr --> diff --git a/docs/docbook/dbsgml/ent/ISOamsb b/docs/docbook/dbsgml/ent/ISOamsb new file mode 100644 index 0000000000..43944a732f --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsb @@ -0,0 +1,52 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOamsb PUBLIC + "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN"> + %ISOamsb; +--> +<!ENTITY amalg SDATA "[amalg ]"--/amalg B: amalgamation or coproduct--> +<!ENTITY Barwed SDATA "[Barwed]"--/doublebarwedge B: log and, dbl bar--> +<!ENTITY barwed SDATA "[barwed]"--/barwedge B: logical and, bar above--> +<!ENTITY Cap SDATA "[Cap ]"--/Cap /doublecap B: dbl intersection--> +<!ENTITY Cup SDATA "[Cup ]"--/Cup /doublecup B: dbl union--> +<!ENTITY cuvee SDATA "[cuvee ]"--/curlyvee B: curly logical or--> +<!ENTITY cuwed SDATA "[cuwed ]"--/curlywedge B: curly logical and--> +<!ENTITY diam SDATA "[diam ]"--/diamond B: open diamond--> +<!ENTITY divonx SDATA "[divonx]"--/divideontimes B: division on times--> +<!ENTITY intcal SDATA "[intcal]"--/intercal B: intercal--> +<!ENTITY lthree SDATA "[lthree]"--/leftthreetimes B:--> +<!ENTITY ltimes SDATA "[ltimes]"--/ltimes B: times sign, left closed--> +<!ENTITY minusb SDATA "[minusb]"--/boxminus B: minus sign in box--> +<!ENTITY oast SDATA "[oast ]"--/circledast B: asterisk in circle--> +<!ENTITY ocir SDATA "[ocir ]"--/circledcirc B: open dot in circle--> +<!ENTITY odash SDATA "[odash ]"--/circleddash B: hyphen in circle--> +<!ENTITY odot SDATA "[odot ]"--/odot B: middle dot in circle--> +<!ENTITY ominus SDATA "[ominus]"--/ominus B: minus sign in circle--> +<!ENTITY oplus SDATA "[oplus ]"--/oplus B: plus sign in circle--> +<!ENTITY osol SDATA "[osol ]"--/oslash B: solidus in circle--> +<!ENTITY otimes SDATA "[otimes]"--/otimes B: multiply sign in circle--> +<!ENTITY plusb SDATA "[plusb ]"--/boxplus B: plus sign in box--> +<!ENTITY plusdo SDATA "[plusdo]"--/dotplus B: plus sign, dot above--> +<!ENTITY rthree SDATA "[rthree]"--/rightthreetimes B:--> +<!ENTITY rtimes SDATA "[rtimes]"--/rtimes B: times sign, right closed--> +<!ENTITY sdot SDATA "[sdot ]"--/cdot B: small middle dot--> +<!ENTITY sdotb SDATA "[sdotb ]"--/dotsquare /boxdot B: small dot in box--> +<!ENTITY setmn SDATA "[setmn ]"--/setminus B: reverse solidus--> +<!ENTITY sqcap SDATA "[sqcap ]"--/sqcap B: square intersection--> +<!ENTITY sqcup SDATA "[sqcup ]"--/sqcup B: square union--> +<!ENTITY ssetmn SDATA "[ssetmn]"--/smallsetminus B: sm reverse solidus--> +<!ENTITY sstarf SDATA "[sstarf]"--/star B: small star, filled--> +<!ENTITY timesb SDATA "[timesb]"--/boxtimes B: multiply sign in box--> +<!ENTITY top SDATA "[top ]"--/top B: inverted perpendicular--> +<!ENTITY uplus SDATA "[uplus ]"--/uplus B: plus sign in union--> +<!ENTITY wreath SDATA "[wreath]"--/wr B: wreath product--> +<!ENTITY xcirc SDATA "[xcirc ]"--/bigcirc B: large circle--> +<!ENTITY xdtri SDATA "[xdtri ]"--/bigtriangledown B: big dn tri, open--> +<!ENTITY xutri SDATA "[xutri ]"--/bigtriangleup B: big up tri, open--> +<!ENTITY coprod SDATA "[coprod]"--/coprod L: coproduct operator--> +<!ENTITY prod SDATA "[prod ]"--/prod L: product operator--> +<!ENTITY sum SDATA "[sum ]"--/sum L: summation operator--> diff --git a/docs/docbook/dbsgml/ent/ISOamsc b/docs/docbook/dbsgml/ent/ISOamsc new file mode 100644 index 0000000000..06222d58cf --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsc @@ -0,0 +1,20 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOamsc PUBLIC + "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN"> + %ISOamsc; +--> +<!ENTITY rceil SDATA "[rceil ]"--/rceil C: right ceiling--> +<!ENTITY rfloor SDATA "[rfloor]"--/rfloor C: right floor--> +<!ENTITY rpargt SDATA "[rpargt]"--/rightparengtr C: right paren, gt--> +<!ENTITY urcorn SDATA "[urcorn]"--/urcorner C: upper right corner--> +<!ENTITY drcorn SDATA "[drcorn]"--/lrcorner C: downward right corner--> +<!ENTITY lceil SDATA "[lceil ]"--/lceil O: left ceiling--> +<!ENTITY lfloor SDATA "[lfloor]"--/lfloor O: left floor--> +<!ENTITY lpargt SDATA "[lpargt]"--/leftparengtr O: left parenthesis, gt--> +<!ENTITY ulcorn SDATA "[ulcorn]"--/ulcorner O: upper left corner--> +<!ENTITY dlcorn SDATA "[dlcorn]"--/llcorner O: downward left corner--> diff --git a/docs/docbook/dbsgml/ent/ISOamsn b/docs/docbook/dbsgml/ent/ISOamsn new file mode 100644 index 0000000000..0c8327a326 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsn @@ -0,0 +1,70 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOamsn PUBLIC + "ISO 8879:1986//ENTITIES + Added Math Symbols: Negated Relations//EN"> + %ISOamsn; +--> +<!ENTITY gnap SDATA "[gnap ]"--/gnapprox N: greater, not approximate--> +<!ENTITY gne SDATA "[gne ]"--/gneq N: greater, not equals--> +<!ENTITY gnE SDATA "[gnE ]"--/gneqq N: greater, not dbl equals--> +<!ENTITY gnsim SDATA "[gnsim ]"--/gnsim N: greater, not similar--> +<!ENTITY gvnE SDATA "[gvnE ]"--/gvertneqq N: gt, vert, not dbl eq--> +<!ENTITY lnap SDATA "[lnap ]"--/lnapprox N: less, not approximate--> +<!ENTITY lnE SDATA "[lnE ]"--/lneqq N: less, not double equals--> +<!ENTITY lne SDATA "[lne ]"--/lneq N: less, not equals--> +<!ENTITY lnsim SDATA "[lnsim ]"--/lnsim N: less, not similar--> +<!ENTITY lvnE SDATA "[lvnE ]"--/lvertneqq N: less, vert, not dbl eq--> +<!ENTITY nap SDATA "[nap ]"--/napprox N: not approximate--> +<!ENTITY ncong SDATA "[ncong ]"--/ncong N: not congruent with--> +<!ENTITY nequiv SDATA "[nequiv]"--/nequiv N: not identical with--> +<!ENTITY ngE SDATA "[ngE ]"--/ngeqq N: not greater, dbl equals--> +<!ENTITY nge SDATA "[nge ]"--/ngeq N: not greater-than-or-equal--> +<!ENTITY nges SDATA "[nges ]"--/ngeqslant N: not gt-or-eq, slanted--> +<!ENTITY ngt SDATA "[ngt ]"--/ngtr N: not greater-than--> +<!ENTITY nle SDATA "[nle ]"--/nleq N: not less-than-or-equal--> +<!ENTITY nlE SDATA "[nlE ]"--/nleqq N: not less, dbl equals--> +<!ENTITY nles SDATA "[nles ]"--/nleqslant N: not less-or-eq, slant--> +<!ENTITY nlt SDATA "[nlt ]"--/nless N: not less-than--> +<!ENTITY nltri SDATA "[nltri ]"--/ntriangleleft N: not left triangle--> +<!ENTITY nltrie SDATA "[nltrie]"--/ntrianglelefteq N: not l tri, eq--> +<!ENTITY nmid SDATA "[nmid ]"--/nmid--> +<!ENTITY npar SDATA "[npar ]"--/nparallel N: not parallel--> +<!ENTITY npr SDATA "[npr ]"--/nprec N: not precedes--> +<!ENTITY npre SDATA "[npre ]"--/npreceq N: not precedes, equals--> +<!ENTITY nrtri SDATA "[nrtri ]"--/ntriangleright N: not rt triangle--> +<!ENTITY nrtrie SDATA "[nrtrie]"--/ntrianglerighteq N: not r tri, eq--> +<!ENTITY nsc SDATA "[nsc ]"--/nsucc N: not succeeds--> +<!ENTITY nsce SDATA "[nsce ]"--/nsucceq N: not succeeds, equals--> +<!ENTITY nsim SDATA "[nsim ]"--/nsim N: not similar--> +<!ENTITY nsime SDATA "[nsime ]"--/nsimeq N: not similar, equals--> +<!ENTITY nsmid SDATA "[nsmid ]"--/nshortmid--> +<!ENTITY nspar SDATA "[nspar ]"--/nshortparallel N: not short par--> +<!ENTITY nsub SDATA "[nsub ]"--/nsubset N: not subset--> +<!ENTITY nsube SDATA "[nsube ]"--/nsubseteq N: not subset, equals--> +<!ENTITY nsubE SDATA "[nsubE ]"--/nsubseteqq N: not subset, dbl eq--> +<!ENTITY nsup SDATA "[nsup ]"--/nsupset N: not superset--> +<!ENTITY nsupE SDATA "[nsupE ]"--/nsupseteqq N: not superset, dbl eq--> +<!ENTITY nsupe SDATA "[nsupe ]"--/nsupseteq N: not superset, equals--> +<!ENTITY nvdash SDATA "[nvdash]"--/nvdash N: not vertical, dash--> +<!ENTITY nvDash SDATA "[nvDash]"--/nvDash N: not vertical, dbl dash--> +<!ENTITY nVDash SDATA "[nVDash]"--/nVDash N: not dbl vert, dbl dash--> +<!ENTITY nVdash SDATA "[nVdash]"--/nVdash N: not dbl vertical, dash--> +<!ENTITY prnap SDATA "[prnap ]"--/precnapprox N: precedes, not approx--> +<!ENTITY prnE SDATA "[prnE ]"--/precneqq N: precedes, not dbl eq--> +<!ENTITY prnsim SDATA "[prnsim]"--/precnsim N: precedes, not similar--> +<!ENTITY scnap SDATA "[scnap ]"--/succnapprox N: succeeds, not approx--> +<!ENTITY scnE SDATA "[scnE ]"--/succneqq N: succeeds, not dbl eq--> +<!ENTITY scnsim SDATA "[scnsim]"--/succnsim N: succeeds, not similar--> +<!ENTITY subne SDATA "[subne ]"--/subsetneq N: subset, not equals--> +<!ENTITY subnE SDATA "[subnE ]"--/subsetneqq N: subset, not dbl eq--> +<!ENTITY supne SDATA "[supne ]"--/supsetneq N: superset, not equals--> +<!ENTITY supnE SDATA "[supnE ]"--/supsetneqq N: superset, not dbl eq--> +<!ENTITY vsubnE SDATA "[vsubnE]"--/subsetneqq N: subset not dbl eq, var--> +<!ENTITY vsubne SDATA "[vsubne]"--/subsetneq N: subset, not eq, var--> +<!ENTITY vsupne SDATA "[vsupne]"--/supsetneq N: superset, not eq, var--> +<!ENTITY vsupnE SDATA "[vsupnE]"--/supsetneqq N: super not dbl eq, var--> diff --git a/docs/docbook/dbsgml/ent/ISOamso b/docs/docbook/dbsgml/ent/ISOamso new file mode 100644 index 0000000000..ad9b329e54 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamso @@ -0,0 +1,29 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOamso PUBLIC + "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN"> + %ISOamso; +--> +<!ENTITY ang SDATA "[ang ]"--/angle - angle--> +<!ENTITY angmsd SDATA "[angmsd]"--/measuredangle - angle-measured--> +<!ENTITY beth SDATA "[beth ]"--/beth - beth, Hebrew--> +<!ENTITY bprime SDATA "[bprime]"--/backprime - reverse prime--> +<!ENTITY comp SDATA "[comp ]"--/complement - complement sign--> +<!ENTITY daleth SDATA "[daleth]"--/daleth - daleth, Hebrew--> +<!ENTITY ell SDATA "[ell ]"--/ell - cursive small l--> +<!ENTITY empty SDATA "[empty ]"--/emptyset /varnothing =small o, slash--> +<!ENTITY gimel SDATA "[gimel ]"--/gimel - gimel, Hebrew--> +<!ENTITY image SDATA "[image ]"--/Im - imaginary--> +<!ENTITY inodot SDATA "[inodot]"--/imath =small i, no dot--> +<!ENTITY jnodot SDATA "[jnodot]"--/jmath - small j, no dot--> +<!ENTITY nexist SDATA "[nexist]"--/nexists - negated exists--> +<!ENTITY oS SDATA "[oS ]"--/circledS - capital S in circle--> +<!ENTITY planck SDATA "[planck]"--/hbar /hslash - Planck's over 2pi--> +<!ENTITY real SDATA "[real ]"--/Re - real--> +<!ENTITY sbsol SDATA "[sbsol ]"--/sbs - short reverse solidus--> +<!ENTITY vprime SDATA "[vprime]"--/varprime - prime, variant--> +<!ENTITY weierp SDATA "[weierp]"--/wp - Weierstrass p--> diff --git a/docs/docbook/dbsgml/ent/ISOamsr b/docs/docbook/dbsgml/ent/ISOamsr new file mode 100644 index 0000000000..3f26c345c0 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsr @@ -0,0 +1,94 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOamsr PUBLIC + "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN"> + %ISOamsr; +--> +<!ENTITY ape SDATA "[ape ]"--/approxeq R: approximate, equals--> +<!ENTITY asymp SDATA "[asymp ]"--/asymp R: asymptotically equal to--> +<!ENTITY bcong SDATA "[bcong ]"--/backcong R: reverse congruent--> +<!ENTITY bepsi SDATA "[bepsi ]"--/backepsilon R: such that--> +<!ENTITY bowtie SDATA "[bowtie]"--/bowtie R:--> +<!ENTITY bsim SDATA "[bsim ]"--/backsim R: reverse similar--> +<!ENTITY bsime SDATA "[bsime ]"--/backsimeq R: reverse similar, eq--> +<!ENTITY bump SDATA "[bump ]"--/Bumpeq R: bumpy equals--> +<!ENTITY bumpe SDATA "[bumpe ]"--/bumpeq R: bumpy equals, equals--> +<!ENTITY cire SDATA "[cire ]"--/circeq R: circle, equals--> +<!ENTITY colone SDATA "[colone]"--/coloneq R: colon, equals--> +<!ENTITY cuepr SDATA "[cuepr ]"--/curlyeqprec R: curly eq, precedes--> +<!ENTITY cuesc SDATA "[cuesc ]"--/curlyeqsucc R: curly eq, succeeds--> +<!ENTITY cupre SDATA "[cupre ]"--/curlypreceq R: curly precedes, eq--> +<!ENTITY dashv SDATA "[dashv ]"--/dashv R: dash, vertical--> +<!ENTITY ecir SDATA "[ecir ]"--/eqcirc R: circle on equals sign--> +<!ENTITY ecolon SDATA "[ecolon]"--/eqcolon R: equals, colon--> +<!ENTITY eDot SDATA "[eDot ]"--/doteqdot /Doteq R: eq, even dots--> +<!ENTITY esdot SDATA "[esdot ]"--/doteq R: equals, single dot above--> +<!ENTITY efDot SDATA "[efDot ]"--/fallingdotseq R: eq, falling dots--> +<!ENTITY egs SDATA "[egs ]"--/eqslantgtr R: equal-or-gtr, slanted--> +<!ENTITY els SDATA "[els ]"--/eqslantless R: eq-or-less, slanted--> +<!ENTITY erDot SDATA "[erDot ]"--/risingdotseq R: eq, rising dots--> +<!ENTITY fork SDATA "[fork ]"--/pitchfork R: pitchfork--> +<!ENTITY frown SDATA "[frown ]"--/frown R: down curve--> +<!ENTITY gap SDATA "[gap ]"--/gtrapprox R: greater, approximate--> +<!ENTITY gsdot SDATA "[gsdot ]"--/gtrdot R: greater than, single dot--> +<!ENTITY gE SDATA "[gE ]"--/geqq R: greater, double equals--> +<!ENTITY gel SDATA "[gel ]"--/gtreqless R: greater, equals, less--> +<!ENTITY gEl SDATA "[gEl ]"--/gtreqqless R: gt, dbl equals, less--> +<!ENTITY ges SDATA "[ges ]"--/geqslant R: gt-or-equal, slanted--> +<!ENTITY Gg SDATA "[Gg ]"--/ggg /Gg /gggtr R: triple gtr-than--> +<!ENTITY gl SDATA "[gl ]"--/gtrless R: greater, less--> +<!ENTITY gsim SDATA "[gsim ]"--/gtrsim R: greater, similar--> +<!ENTITY Gt SDATA "[Gt ]"--/gg R: dbl greater-than sign--> +<!ENTITY lap SDATA "[lap ]"--/lessapprox R: less, approximate--> +<!ENTITY ldot SDATA "[ldot ]"--/lessdot R: less than, with dot--> +<!ENTITY lE SDATA "[lE ]"--/leqq R: less, double equals--> +<!ENTITY lEg SDATA "[lEg ]"--/lesseqqgtr R: less, dbl eq, greater--> +<!ENTITY leg SDATA "[leg ]"--/lesseqgtr R: less, eq, greater--> +<!ENTITY les SDATA "[les ]"--/leqslant R: less-than-or-eq, slant--> +<!ENTITY lg SDATA "[lg ]"--/lessgtr R: less, greater--> +<!ENTITY Ll SDATA "[Ll ]"--/Ll /lll /llless R: triple less-than--> +<!ENTITY lsim SDATA "[lsim ]"--/lesssim R: less, similar--> +<!ENTITY Lt SDATA "[Lt ]"--/ll R: double less-than sign--> +<!ENTITY ltrie SDATA "[ltrie ]"--/trianglelefteq R: left triangle, eq--> +<!ENTITY mid SDATA "[mid ]"--/mid R:--> +<!ENTITY models SDATA "[models]"--/models R:--> +<!ENTITY pr SDATA "[pr ]"--/prec R: precedes--> +<!ENTITY prap SDATA "[prap ]"--/precapprox R: precedes, approximate--> +<!ENTITY pre SDATA "[pre ]"--/preceq R: precedes, equals--> +<!ENTITY prsim SDATA "[prsim ]"--/precsim R: precedes, similar--> +<!ENTITY rtrie SDATA "[rtrie ]"--/trianglerighteq R: right tri, eq--> +<!ENTITY samalg SDATA "[samalg]"--/smallamalg R: small amalg--> +<!ENTITY sc SDATA "[sc ]"--/succ R: succeeds--> +<!ENTITY scap SDATA "[scap ]"--/succapprox R: succeeds, approximate--> +<!ENTITY sccue SDATA "[sccue ]"--/succcurlyeq R: succeeds, curly eq--> +<!ENTITY sce SDATA "[sce ]"--/succeq R: succeeds, equals--> +<!ENTITY scsim SDATA "[scsim ]"--/succsim R: succeeds, similar--> +<!ENTITY sfrown SDATA "[sfrown]"--/smallfrown R: small down curve--> +<!ENTITY smid SDATA "[smid ]"--/shortmid R:--> +<!ENTITY smile SDATA "[smile ]"--/smile R: up curve--> +<!ENTITY spar SDATA "[spar ]"--/shortparallel R: short parallel--> +<!ENTITY sqsub SDATA "[sqsub ]"--/sqsubset R: square subset--> +<!ENTITY sqsube SDATA "[sqsube]"--/sqsubseteq R: square subset, equals--> +<!ENTITY sqsup SDATA "[sqsup ]"--/sqsupset R: square superset--> +<!ENTITY sqsupe SDATA "[sqsupe]"--/sqsupseteq R: square superset, eq--> +<!ENTITY ssmile SDATA "[ssmile]"--/smallsmile R: small up curve--> +<!ENTITY Sub SDATA "[Sub ]"--/Subset R: double subset--> +<!ENTITY subE SDATA "[subE ]"--/subseteqq R: subset, dbl equals--> +<!ENTITY Sup SDATA "[Sup ]"--/Supset R: dbl superset--> +<!ENTITY supE SDATA "[supE ]"--/supseteqq R: superset, dbl equals--> +<!ENTITY thkap SDATA "[thkap ]"--/thickapprox R: thick approximate--> +<!ENTITY thksim SDATA "[thksim]"--/thicksim R: thick similar--> +<!ENTITY trie SDATA "[trie ]"--/triangleq R: triangle, equals--> +<!ENTITY twixt SDATA "[twixt ]"--/between R: between--> +<!ENTITY vdash SDATA "[vdash ]"--/vdash R: vertical, dash--> +<!ENTITY Vdash SDATA "[Vdash ]"--/Vdash R: dbl vertical, dash--> +<!ENTITY vDash SDATA "[vDash ]"--/vDash R: vertical, dbl dash--> +<!ENTITY veebar SDATA "[veebar]"--/veebar R: logical or, bar below--> +<!ENTITY vltri SDATA "[vltri ]"--/vartriangleleft R: l tri, open, var--> +<!ENTITY vprop SDATA "[vprop ]"--/varpropto R: proportional, variant--> +<!ENTITY vrtri SDATA "[vrtri ]"--/vartriangleright R: r tri, open, var--> +<!ENTITY Vvdash SDATA "[Vvdash]"--/Vvdash R: triple vertical, dash--> diff --git a/docs/docbook/dbsgml/ent/ISObox b/docs/docbook/dbsgml/ent/ISObox new file mode 100644 index 0000000000..643e926eda --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISObox @@ -0,0 +1,62 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISObox PUBLIC + "ISO 8879:1986//ENTITIES Box and Line Drawing//EN"> + %ISObox; +--> +<!-- All names are in the form: box1234, where: + box = constants that identify a box drawing entity. + 1&2 = v, V, u, U, d, D, Ud, or uD, as follows: + v = vertical line for full height. + u = upper half of vertical line. + d = downward (lower) half of vertical line. + 3&4 = h, H, l, L, r, R, Lr, or lR, as follows: + h = horizontal line for full width. + l = left half of horizontal line. + r = right half of horizontal line. + In all cases, an upper-case letter means a double or heavy line. +--> +<!ENTITY boxh SDATA "[boxh ]"--horizontal line --> +<!ENTITY boxv SDATA "[boxv ]"--vertical line--> +<!ENTITY boxur SDATA "[boxur ]"--upper right quadrant--> +<!ENTITY boxul SDATA "[boxul ]"--upper left quadrant--> +<!ENTITY boxdl SDATA "[boxdl ]"--lower left quadrant--> +<!ENTITY boxdr SDATA "[boxdr ]"--lower right quadrant--> +<!ENTITY boxvr SDATA "[boxvr ]"--upper and lower right quadrants--> +<!ENTITY boxhu SDATA "[boxhu ]"--upper left and right quadrants--> +<!ENTITY boxvl SDATA "[boxvl ]"--upper and lower left quadrants--> +<!ENTITY boxhd SDATA "[boxhd ]"--lower left and right quadrants--> +<!ENTITY boxvh SDATA "[boxvh ]"--all four quadrants--> +<!ENTITY boxvR SDATA "[boxvR ]"--upper and lower right quadrants--> +<!ENTITY boxhU SDATA "[boxhU ]"--upper left and right quadrants--> +<!ENTITY boxvL SDATA "[boxvL ]"--upper and lower left quadrants--> +<!ENTITY boxhD SDATA "[boxhD ]"--lower left and right quadrants--> +<!ENTITY boxvH SDATA "[boxvH ]"--all four quadrants--> +<!ENTITY boxH SDATA "[boxH ]"--horizontal line--> +<!ENTITY boxV SDATA "[boxV ]"--vertical line--> +<!ENTITY boxUR SDATA "[boxUR ]"--upper right quadrant--> +<!ENTITY boxUL SDATA "[boxUL ]"--upper left quadrant--> +<!ENTITY boxDL SDATA "[boxDL ]"--lower left quadrant--> +<!ENTITY boxDR SDATA "[boxDR ]"--lower right quadrant--> +<!ENTITY boxVR SDATA "[boxVR ]"--upper and lower right quadrants--> +<!ENTITY boxHU SDATA "[boxHU ]"--upper left and right quadrants--> +<!ENTITY boxVL SDATA "[boxVL ]"--upper and lower left quadrants--> +<!ENTITY boxHD SDATA "[boxHD ]"--lower left and right quadrants--> +<!ENTITY boxVH SDATA "[boxVH ]"--all four quadrants--> +<!ENTITY boxVr SDATA "[boxVr ]"--upper and lower right quadrants--> +<!ENTITY boxHu SDATA "[boxHu ]"--upper left and right quadrants--> +<!ENTITY boxVl SDATA "[boxVl ]"--upper and lower left quadrants--> +<!ENTITY boxHd SDATA "[boxHd ]"--lower left and right quadrants--> +<!ENTITY boxVh SDATA "[boxVh ]"--all four quadrants--> +<!ENTITY boxuR SDATA "[boxuR ]"--upper right quadrant--> +<!ENTITY boxUl SDATA "[boxUl ]"--upper left quadrant--> +<!ENTITY boxdL SDATA "[boxdL ]"--lower left quadrant--> +<!ENTITY boxDr SDATA "[boxDr ]"--lower right quadrant--> +<!ENTITY boxUr SDATA "[boxUr ]"--upper right quadrant--> +<!ENTITY boxuL SDATA "[boxuL ]"--upper left quadrant--> +<!ENTITY boxDl SDATA "[boxDl ]"--lower left quadrant--> +<!ENTITY boxdR SDATA "[boxdR ]"--lower right quadrant--> diff --git a/docs/docbook/dbsgml/ent/ISOcyr1 b/docs/docbook/dbsgml/ent/ISOcyr1 new file mode 100644 index 0000000000..97b961b1f0 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOcyr1 @@ -0,0 +1,77 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOcyr1 PUBLIC + "ISO 8879:1986//ENTITIES Russian Cyrillic//EN"> + %ISOcyr1; +--> +<!ENTITY acy SDATA "[acy ]"--=small a, Cyrillic--> +<!ENTITY Acy SDATA "[Acy ]"--=capital A, Cyrillic--> +<!ENTITY bcy SDATA "[bcy ]"--=small be, Cyrillic--> +<!ENTITY Bcy SDATA "[Bcy ]"--=capital BE, Cyrillic--> +<!ENTITY vcy SDATA "[vcy ]"--=small ve, Cyrillic--> +<!ENTITY Vcy SDATA "[Vcy ]"--=capital VE, Cyrillic--> +<!ENTITY gcy SDATA "[gcy ]"--=small ghe, Cyrillic--> +<!ENTITY Gcy SDATA "[Gcy ]"--=capital GHE, Cyrillic--> +<!ENTITY dcy SDATA "[dcy ]"--=small de, Cyrillic--> +<!ENTITY Dcy SDATA "[Dcy ]"--=capital DE, Cyrillic--> +<!ENTITY iecy SDATA "[iecy ]"--=small ie, Cyrillic--> +<!ENTITY IEcy SDATA "[IEcy ]"--=capital IE, Cyrillic--> +<!ENTITY iocy SDATA "[iocy ]"--=small io, Russian--> +<!ENTITY IOcy SDATA "[IOcy ]"--=capital IO, Russian--> +<!ENTITY zhcy SDATA "[zhcy ]"--=small zhe, Cyrillic--> +<!ENTITY ZHcy SDATA "[ZHcy ]"--=capital ZHE, Cyrillic--> +<!ENTITY zcy SDATA "[zcy ]"--=small ze, Cyrillic--> +<!ENTITY Zcy SDATA "[Zcy ]"--=capital ZE, Cyrillic--> +<!ENTITY icy SDATA "[icy ]"--=small i, Cyrillic--> +<!ENTITY Icy SDATA "[Icy ]"--=capital I, Cyrillic--> +<!ENTITY jcy SDATA "[jcy ]"--=small short i, Cyrillic--> +<!ENTITY Jcy SDATA "[Jcy ]"--=capital short I, Cyrillic--> +<!ENTITY kcy SDATA "[kcy ]"--=small ka, Cyrillic--> +<!ENTITY Kcy SDATA "[Kcy ]"--=capital KA, Cyrillic--> +<!ENTITY lcy SDATA "[lcy ]"--=small el, Cyrillic--> +<!ENTITY Lcy SDATA "[Lcy ]"--=capital EL, Cyrillic--> +<!ENTITY mcy SDATA "[mcy ]"--=small em, Cyrillic--> +<!ENTITY Mcy SDATA "[Mcy ]"--=capital EM, Cyrillic--> +<!ENTITY ncy SDATA "[ncy ]"--=small en, Cyrillic--> +<!ENTITY Ncy SDATA "[Ncy ]"--=capital EN, Cyrillic--> +<!ENTITY ocy SDATA "[ocy ]"--=small o, Cyrillic--> +<!ENTITY Ocy SDATA "[Ocy ]"--=capital O, Cyrillic--> +<!ENTITY pcy SDATA "[pcy ]"--=small pe, Cyrillic--> +<!ENTITY Pcy SDATA "[Pcy ]"--=capital PE, Cyrillic--> +<!ENTITY rcy SDATA "[rcy ]"--=small er, Cyrillic--> +<!ENTITY Rcy SDATA "[Rcy ]"--=capital ER, Cyrillic--> +<!ENTITY scy SDATA "[scy ]"--=small es, Cyrillic--> +<!ENTITY Scy SDATA "[Scy ]"--=capital ES, Cyrillic--> +<!ENTITY tcy SDATA "[tcy ]"--=small te, Cyrillic--> +<!ENTITY Tcy SDATA "[Tcy ]"--=capital TE, Cyrillic--> +<!ENTITY ucy SDATA "[ucy ]"--=small u, Cyrillic--> +<!ENTITY Ucy SDATA "[Ucy ]"--=capital U, Cyrillic--> +<!ENTITY fcy SDATA "[fcy ]"--=small ef, Cyrillic--> +<!ENTITY Fcy SDATA "[Fcy ]"--=capital EF, Cyrillic--> +<!ENTITY khcy SDATA "[khcy ]"--=small ha, Cyrillic--> +<!ENTITY KHcy SDATA "[KHcy ]"--=capital HA, Cyrillic--> +<!ENTITY tscy SDATA "[tscy ]"--=small tse, Cyrillic--> +<!ENTITY TScy SDATA "[TScy ]"--=capital TSE, Cyrillic--> +<!ENTITY chcy SDATA "[chcy ]"--=small che, Cyrillic--> +<!ENTITY CHcy SDATA "[CHcy ]"--=capital CHE, Cyrillic--> +<!ENTITY shcy SDATA "[shcy ]"--=small sha, Cyrillic--> +<!ENTITY SHcy SDATA "[SHcy ]"--=capital SHA, Cyrillic--> +<!ENTITY shchcy SDATA "[shchcy]"--=small shcha, Cyrillic--> +<!ENTITY SHCHcy SDATA "[SHCHcy]"--=capital SHCHA, Cyrillic--> +<!ENTITY hardcy SDATA "[hardcy]"--=small hard sign, Cyrillic--> +<!ENTITY HARDcy SDATA "[HARDcy]"--=capital HARD sign, Cyrillic--> +<!ENTITY ycy SDATA "[ycy ]"--=small yeru, Cyrillic--> +<!ENTITY Ycy SDATA "[Ycy ]"--=capital YERU, Cyrillic--> +<!ENTITY softcy SDATA "[softcy]"--=small soft sign, Cyrillic--> +<!ENTITY SOFTcy SDATA "[SOFTcy]"--=capital SOFT sign, Cyrillic--> +<!ENTITY ecy SDATA "[ecy ]"--=small e, Cyrillic--> +<!ENTITY Ecy SDATA "[Ecy ]"--=capital E, Cyrillic--> +<!ENTITY yucy SDATA "[yucy ]"--=small yu, Cyrillic--> +<!ENTITY YUcy SDATA "[YUcy ]"--=capital YU, Cyrillic--> +<!ENTITY yacy SDATA "[yacy ]"--=small ya, Cyrillic--> +<!ENTITY YAcy SDATA "[YAcy ]"--=capital YA, Cyrillic--> +<!ENTITY numero SDATA "[numero]"--=numero sign--> diff --git a/docs/docbook/dbsgml/ent/ISOcyr2 b/docs/docbook/dbsgml/ent/ISOcyr2 new file mode 100644 index 0000000000..480b01c1df --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOcyr2 @@ -0,0 +1,36 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOcyr2 PUBLIC + "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN"> + %ISOcyr2; +--> +<!ENTITY djcy SDATA "[djcy ]"--=small dje, Serbian--> +<!ENTITY DJcy SDATA "[DJcy ]"--=capital DJE, Serbian--> +<!ENTITY gjcy SDATA "[gjcy ]"--=small gje, Macedonian--> +<!ENTITY GJcy SDATA "[GJcy ]"--=capital GJE Macedonian--> +<!ENTITY jukcy SDATA "[jukcy ]"--=small je, Ukrainian--> +<!ENTITY Jukcy SDATA "[Jukcy ]"--=capital JE, Ukrainian--> +<!ENTITY dscy SDATA "[dscy ]"--=small dse, Macedonian--> +<!ENTITY DScy SDATA "[DScy ]"--=capital DSE, Macedonian--> +<!ENTITY iukcy SDATA "[iukcy ]"--=small i, Ukrainian--> +<!ENTITY Iukcy SDATA "[Iukcy ]"--=capital I, Ukrainian--> +<!ENTITY yicy SDATA "[yicy ]"--=small yi, Ukrainian--> +<!ENTITY YIcy SDATA "[YIcy ]"--=capital YI, Ukrainian--> +<!ENTITY jsercy SDATA "[jsercy]"--=small je, Serbian--> +<!ENTITY Jsercy SDATA "[Jsercy]"--=capital JE, Serbian--> +<!ENTITY ljcy SDATA "[ljcy ]"--=small lje, Serbian--> +<!ENTITY LJcy SDATA "[LJcy ]"--=capital LJE, Serbian--> +<!ENTITY njcy SDATA "[njcy ]"--=small nje, Serbian--> +<!ENTITY NJcy SDATA "[NJcy ]"--=capital NJE, Serbian--> +<!ENTITY tshcy SDATA "[tshcy ]"--=small tshe, Serbian--> +<!ENTITY TSHcy SDATA "[TSHcy ]"--=capital TSHE, Serbian--> +<!ENTITY kjcy SDATA "[kjcy ]"--=small kje Macedonian--> +<!ENTITY KJcy SDATA "[KJcy ]"--=capital KJE, Macedonian--> +<!ENTITY ubrcy SDATA "[ubrcy ]"--=small u, Byelorussian--> +<!ENTITY Ubrcy SDATA "[Ubrcy ]"--=capital U, Byelorussian--> +<!ENTITY dzcy SDATA "[dzcy ]"--=small dze, Serbian--> +<!ENTITY DZcy SDATA "[DZcy ]"--=capital dze, Serbian--> diff --git a/docs/docbook/dbsgml/ent/ISOdia b/docs/docbook/dbsgml/ent/ISOdia new file mode 100644 index 0000000000..3b6f98d6ba --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOdia @@ -0,0 +1,24 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOdia PUBLIC + "ISO 8879:1986//ENTITIES Diacritical Marks//EN"> + %ISOdia; +--> +<!ENTITY acute SDATA "[acute ]"--=acute accent--> +<!ENTITY breve SDATA "[breve ]"--=breve--> +<!ENTITY caron SDATA "[caron ]"--=caron--> +<!ENTITY cedil SDATA "[cedil ]"--=cedilla--> +<!ENTITY circ SDATA "[circ ]"--=circumflex accent--> +<!ENTITY dblac SDATA "[dblac ]"--=double acute accent--> +<!ENTITY die SDATA "[die ]"--=dieresis--> +<!ENTITY dot SDATA "[dot ]"--=dot above--> +<!ENTITY grave SDATA "[grave ]"--=grave accent--> +<!ENTITY macr SDATA "[macr ]"--=macron--> +<!ENTITY ogon SDATA "[ogon ]"--=ogonek--> +<!ENTITY ring SDATA "[ring ]"--=ring--> +<!ENTITY tilde SDATA "[tilde ]"--=tilde--> +<!ENTITY uml SDATA "[uml ]"--=umlaut mark--> diff --git a/docs/docbook/dbsgml/ent/ISOgrk1 b/docs/docbook/dbsgml/ent/ISOgrk1 new file mode 100644 index 0000000000..dea16bf8ef --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk1 @@ -0,0 +1,59 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOgrk1 PUBLIC + "ISO 8879:1986//ENTITIES Greek Letters//EN"> + %ISOgrk1; +--> +<!ENTITY agr SDATA "[agr ]"--=small alpha, Greek--> +<!ENTITY Agr SDATA "[Agr ]"--=capital Alpha, Greek--> +<!ENTITY bgr SDATA "[bgr ]"--=small beta, Greek--> +<!ENTITY Bgr SDATA "[Bgr ]"--=capital Beta, Greek--> +<!ENTITY ggr SDATA "[ggr ]"--=small gamma, Greek--> +<!ENTITY Ggr SDATA "[Ggr ]"--=capital Gamma, Greek--> +<!ENTITY dgr SDATA "[dgr ]"--=small delta, Greek--> +<!ENTITY Dgr SDATA "[Dgr ]"--=capital Delta, Greek--> +<!ENTITY egr SDATA "[egr ]"--=small epsilon, Greek--> +<!ENTITY Egr SDATA "[Egr ]"--=capital Epsilon, Greek--> +<!ENTITY zgr SDATA "[zgr ]"--=small zeta, Greek--> +<!ENTITY Zgr SDATA "[Zgr ]"--=capital Zeta, Greek--> +<!ENTITY eegr SDATA "[eegr ]"--=small eta, Greek--> +<!ENTITY EEgr SDATA "[EEgr ]"--=capital Eta, Greek--> +<!ENTITY thgr SDATA "[thgr ]"--=small theta, Greek--> +<!ENTITY THgr SDATA "[THgr ]"--=capital Theta, Greek--> +<!ENTITY igr SDATA "[igr ]"--=small iota, Greek--> +<!ENTITY Igr SDATA "[Igr ]"--=capital Iota, Greek--> +<!ENTITY kgr SDATA "[kgr ]"--=small kappa, Greek--> +<!ENTITY Kgr SDATA "[Kgr ]"--=capital Kappa, Greek--> +<!ENTITY lgr SDATA "[lgr ]"--=small lambda, Greek--> +<!ENTITY Lgr SDATA "[Lgr ]"--=capital Lambda, Greek--> +<!ENTITY mgr SDATA "[mgr ]"--=small mu, Greek--> +<!ENTITY Mgr SDATA "[Mgr ]"--=capital Mu, Greek--> +<!ENTITY ngr SDATA "[ngr ]"--=small nu, Greek--> +<!ENTITY Ngr SDATA "[Ngr ]"--=capital Nu, Greek--> +<!ENTITY xgr SDATA "[xgr ]"--=small xi, Greek--> +<!ENTITY Xgr SDATA "[Xgr ]"--=capital Xi, Greek--> +<!ENTITY ogr SDATA "[ogr ]"--=small omicron, Greek--> +<!ENTITY Ogr SDATA "[Ogr ]"--=capital Omicron, Greek--> +<!ENTITY pgr SDATA "[pgr ]"--=small pi, Greek--> +<!ENTITY Pgr SDATA "[Pgr ]"--=capital Pi, Greek--> +<!ENTITY rgr SDATA "[rgr ]"--=small rho, Greek--> +<!ENTITY Rgr SDATA "[Rgr ]"--=capital Rho, Greek--> +<!ENTITY sgr SDATA "[sgr ]"--=small sigma, Greek--> +<!ENTITY Sgr SDATA "[Sgr ]"--=capital Sigma, Greek--> +<!ENTITY sfgr SDATA "[sfgr ]"--=final small sigma, Greek--> +<!ENTITY tgr SDATA "[tgr ]"--=small tau, Greek--> +<!ENTITY Tgr SDATA "[Tgr ]"--=capital Tau, Greek--> +<!ENTITY ugr SDATA "[ugr ]"--=small upsilon, Greek--> +<!ENTITY Ugr SDATA "[Ugr ]"--=capital Upsilon, Greek--> +<!ENTITY phgr SDATA "[phgr ]"--=small phi, Greek--> +<!ENTITY PHgr SDATA "[PHgr ]"--=capital Phi, Greek--> +<!ENTITY khgr SDATA "[khgr ]"--=small chi, Greek--> +<!ENTITY KHgr SDATA "[KHgr ]"--=capital Chi, Greek--> +<!ENTITY psgr SDATA "[psgr ]"--=small psi, Greek--> +<!ENTITY PSgr SDATA "[PSgr ]"--=capital Psi, Greek--> +<!ENTITY ohgr SDATA "[ohgr ]"--=small omega, Greek--> +<!ENTITY OHgr SDATA "[OHgr ]"--=capital Omega, Greek--> diff --git a/docs/docbook/dbsgml/ent/ISOgrk2 b/docs/docbook/dbsgml/ent/ISOgrk2 new file mode 100644 index 0000000000..657bb99935 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk2 @@ -0,0 +1,30 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOgrk2 PUBLIC + "ISO 8879:1986//ENTITIES Monotoniko Greek//EN"> + %ISOgrk2; +--> +<!ENTITY aacgr SDATA "[aacgr ]"--=small alpha, accent, Greek--> +<!ENTITY Aacgr SDATA "[Aacgr ]"--=capital Alpha, accent, Greek--> +<!ENTITY eacgr SDATA "[eacgr ]"--=small epsilon, accent, Greek--> +<!ENTITY Eacgr SDATA "[Eacgr ]"--=capital Epsilon, accent, Greek--> +<!ENTITY eeacgr SDATA "[eeacgr]"--=small eta, accent, Greek--> +<!ENTITY EEacgr SDATA "[EEacgr]"--=capital Eta, accent, Greek--> +<!ENTITY idigr SDATA "[idigr ]"--=small iota, dieresis, Greek--> +<!ENTITY Idigr SDATA "[Idigr ]"--=capital Iota, dieresis, Greek--> +<!ENTITY iacgr SDATA "[iacgr ]"--=small iota, accent, Greek--> +<!ENTITY Iacgr SDATA "[Iacgr ]"--=capital Iota, accent, Greek--> +<!ENTITY idiagr SDATA "[idiagr]"--=small iota, dieresis, accent, Greek--> +<!ENTITY oacgr SDATA "[oacgr ]"--=small omicron, accent, Greek--> +<!ENTITY Oacgr SDATA "[Oacgr ]"--=capital Omicron, accent, Greek--> +<!ENTITY udigr SDATA "[udigr ]"--=small upsilon, dieresis, Greek--> +<!ENTITY Udigr SDATA "[Udigr ]"--=capital Upsilon, dieresis, Greek--> +<!ENTITY uacgr SDATA "[uacgr ]"--=small upsilon, accent, Greek--> +<!ENTITY Uacgr SDATA "[Uacgr ]"--=capital Upsilon, accent, Greek--> +<!ENTITY udiagr SDATA "[udiagr]"--=small upsilon, dieresis, accent, Greek--> +<!ENTITY ohacgr SDATA "[ohacgr]"--=small omega, accent, Greek--> +<!ENTITY OHacgr SDATA "[OHacgr]"--=capital Omega, accent, Greek--> diff --git a/docs/docbook/dbsgml/ent/ISOgrk3 b/docs/docbook/dbsgml/ent/ISOgrk3 new file mode 100644 index 0000000000..f76c3a084f --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk3 @@ -0,0 +1,53 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOgrk3 PUBLIC + "ISO 8879:1986//ENTITIES Greek Symbols//EN"> + %ISOgrk3; +--> +<!ENTITY alpha SDATA "[alpha ]"--=small alpha, Greek--> +<!ENTITY beta SDATA "[beta ]"--=small beta, Greek--> +<!ENTITY gamma SDATA "[gamma ]"--=small gamma, Greek--> +<!ENTITY Gamma SDATA "[Gamma ]"--=capital Gamma, Greek--> +<!ENTITY gammad SDATA "[gammad]"--/digamma--> +<!ENTITY delta SDATA "[delta ]"--=small delta, Greek--> +<!ENTITY Delta SDATA "[Delta ]"--=capital Delta, Greek--> +<!ENTITY epsi SDATA "[epsi ]"--=small epsilon, Greek--> +<!ENTITY epsiv SDATA "[epsiv ]"--/varepsilon--> +<!ENTITY epsis SDATA "[epsis ]"--/straightepsilon--> +<!ENTITY zeta SDATA "[zeta ]"--=small zeta, Greek--> +<!ENTITY eta SDATA "[eta ]"--=small eta, Greek--> +<!ENTITY thetas SDATA "[thetas]"--straight theta--> +<!ENTITY Theta SDATA "[Theta ]"--=capital Theta, Greek--> +<!ENTITY thetav SDATA "[thetav]"--/vartheta - curly or open theta--> +<!ENTITY iota SDATA "[iota ]"--=small iota, Greek--> +<!ENTITY kappa SDATA "[kappa ]"--=small kappa, Greek--> +<!ENTITY kappav SDATA "[kappav]"--/varkappa--> +<!ENTITY lambda SDATA "[lambda]"--=small lambda, Greek--> +<!ENTITY Lambda SDATA "[Lambda]"--=capital Lambda, Greek--> +<!ENTITY mu SDATA "[mu ]"--=small mu, Greek--> +<!ENTITY nu SDATA "[nu ]"--=small nu, Greek--> +<!ENTITY xi SDATA "[xi ]"--=small xi, Greek--> +<!ENTITY Xi SDATA "[Xi ]"--=capital Xi, Greek--> +<!ENTITY pi SDATA "[pi ]"--=small pi, Greek--> +<!ENTITY piv SDATA "[piv ]"--/varpi--> +<!ENTITY Pi SDATA "[Pi ]"--=capital Pi, Greek--> +<!ENTITY rho SDATA "[rho ]"--=small rho, Greek--> +<!ENTITY rhov SDATA "[rhov ]"--/varrho--> +<!ENTITY sigma SDATA "[sigma ]"--=small sigma, Greek--> +<!ENTITY Sigma SDATA "[Sigma ]"--=capital Sigma, Greek--> +<!ENTITY sigmav SDATA "[sigmav]"--/varsigma--> +<!ENTITY tau SDATA "[tau ]"--=small tau, Greek--> +<!ENTITY upsi SDATA "[upsi ]"--=small upsilon, Greek--> +<!ENTITY Upsi SDATA "[Upsi ]"--=capital Upsilon, Greek--> +<!ENTITY phis SDATA "[phis ]"--/straightphi - straight phi--> +<!ENTITY Phi SDATA "[Phi ]"--=capital Phi, Greek--> +<!ENTITY phiv SDATA "[phiv ]"--/varphi - curly or open phi--> +<!ENTITY chi SDATA "[chi ]"--=small chi, Greek--> +<!ENTITY psi SDATA "[psi ]"--=small psi, Greek--> +<!ENTITY Psi SDATA "[Psi ]"--=capital Psi, Greek--> +<!ENTITY omega SDATA "[omega ]"--=small omega, Greek--> +<!ENTITY Omega SDATA "[Omega ]"--=capital Omega, Greek--> diff --git a/docs/docbook/dbsgml/ent/ISOgrk4 b/docs/docbook/dbsgml/ent/ISOgrk4 new file mode 100644 index 0000000000..e4427a0cb5 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk4 @@ -0,0 +1,53 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOgrk4 PUBLIC + "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN"> + %ISOgrk4; +--> +<!ENTITY b.alpha SDATA "[b.alpha ]"--=small alpha, Greek--> +<!ENTITY b.beta SDATA "[b.beta ]"--=small beta, Greek--> +<!ENTITY b.gamma SDATA "[b.gamma ]"--=small gamma, Greek--> +<!ENTITY b.Gamma SDATA "[b.Gamma ]"--=capital Gamma, Greek--> +<!ENTITY b.gammad SDATA "[b.gammad]"--/digamma--> +<!ENTITY b.delta SDATA "[b.delta ]"--=small delta, Greek--> +<!ENTITY b.Delta SDATA "[b.Delta ]"--=capital Delta, Greek--> +<!ENTITY b.epsi SDATA "[b.epsi ]"--=small epsilon, Greek--> +<!ENTITY b.epsiv SDATA "[b.epsiv ]"--/varepsilon--> +<!ENTITY b.epsis SDATA "[b.epsis ]"--/straightepsilon--> +<!ENTITY b.zeta SDATA "[b.zeta ]"--=small zeta, Greek--> +<!ENTITY b.eta SDATA "[b.eta ]"--=small eta, Greek--> +<!ENTITY b.thetas SDATA "[b.thetas]"--straight theta--> +<!ENTITY b.Theta SDATA "[b.Theta ]"--=capital Theta, Greek--> +<!ENTITY b.thetav SDATA "[b.thetav]"--/vartheta - curly or open theta--> +<!ENTITY b.iota SDATA "[b.iota ]"--=small iota, Greek--> +<!ENTITY b.kappa SDATA "[b.kappa ]"--=small kappa, Greek--> +<!ENTITY b.kappav SDATA "[b.kappav]"--/varkappa--> +<!ENTITY b.lambda SDATA "[b.lambda]"--=small lambda, Greek--> +<!ENTITY b.Lambda SDATA "[b.Lambda]"--=capital Lambda, Greek--> +<!ENTITY b.mu SDATA "[b.mu ]"--=small mu, Greek--> +<!ENTITY b.nu SDATA "[b.nu ]"--=small nu, Greek--> +<!ENTITY b.xi SDATA "[b.xi ]"--=small xi, Greek--> +<!ENTITY b.Xi SDATA "[b.Xi ]"--=capital Xi, Greek--> +<!ENTITY b.pi SDATA "[b.pi ]"--=small pi, Greek--> +<!ENTITY b.Pi SDATA "[b.Pi ]"--=capital Pi, Greek--> +<!ENTITY b.piv SDATA "[b.piv ]"--/varpi--> +<!ENTITY b.rho SDATA "[b.rho ]"--=small rho, Greek--> +<!ENTITY b.rhov SDATA "[b.rhov ]"--/varrho--> +<!ENTITY b.sigma SDATA "[b.sigma ]"--=small sigma, Greek--> +<!ENTITY b.Sigma SDATA "[b.Sigma ]"--=capital Sigma, Greek--> +<!ENTITY b.sigmav SDATA "[b.sigmav]"--/varsigma--> +<!ENTITY b.tau SDATA "[b.tau ]"--=small tau, Greek--> +<!ENTITY b.upsi SDATA "[b.upsi ]"--=small upsilon, Greek--> +<!ENTITY b.Upsi SDATA "[b.Upsi ]"--=capital Upsilon, Greek--> +<!ENTITY b.phis SDATA "[b.phis ]"--/straightphi - straight phi--> +<!ENTITY b.Phi SDATA "[b.Phi ]"--=capital Phi, Greek--> +<!ENTITY b.phiv SDATA "[b.phiv ]"--/varphi - curly or open phi--> +<!ENTITY b.chi SDATA "[b.chi ]"--=small chi, Greek--> +<!ENTITY b.psi SDATA "[b.psi ]"--=small psi, Greek--> +<!ENTITY b.Psi SDATA "[b.Psi ]"--=capital Psi, Greek--> +<!ENTITY b.omega SDATA "[b.omega ]"--=small omega, Greek--> +<!ENTITY b.Omega SDATA "[b.Omega ]"--=capital Omega, Greek--> diff --git a/docs/docbook/dbsgml/ent/ISOlat1 b/docs/docbook/dbsgml/ent/ISOlat1 new file mode 100644 index 0000000000..0d7d0a7d93 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOlat1 @@ -0,0 +1,72 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOlat1 PUBLIC + "ISO 8879:1986//ENTITIES Added Latin 1//EN"> + %ISOlat1; +--> +<!ENTITY aacute SDATA "[aacute]"--=small a, acute accent--> +<!ENTITY Aacute SDATA "[Aacute]"--=capital A, acute accent--> +<!ENTITY acirc SDATA "[acirc ]"--=small a, circumflex accent--> +<!ENTITY Acirc SDATA "[Acirc ]"--=capital A, circumflex accent--> +<!ENTITY agrave SDATA "[agrave]"--=small a, grave accent--> +<!ENTITY Agrave SDATA "[Agrave]"--=capital A, grave accent--> +<!ENTITY aring SDATA "[aring ]"--=small a, ring--> +<!ENTITY Aring SDATA "[Aring ]"--=capital A, ring--> +<!ENTITY atilde SDATA "[atilde]"--=small a, tilde--> +<!ENTITY Atilde SDATA "[Atilde]"--=capital A, tilde--> +<!ENTITY auml SDATA "[auml ]"--=small a, dieresis or umlaut mark--> +<!ENTITY Auml SDATA "[Auml ]"--=capital A, dieresis or umlaut mark--> +<!ENTITY aelig SDATA "[aelig ]"--=small ae diphthong (ligature)--> +<!ENTITY AElig SDATA "[AElig ]"--=capital AE diphthong (ligature)--> +<!ENTITY ccedil SDATA "[ccedil]"--=small c, cedilla--> +<!ENTITY Ccedil SDATA "[Ccedil]"--=capital C, cedilla--> +<!ENTITY eth SDATA "[eth ]"--=small eth, Icelandic--> +<!ENTITY ETH SDATA "[ETH ]"--=capital Eth, Icelandic--> +<!ENTITY eacute SDATA "[eacute]"--=small e, acute accent--> +<!ENTITY Eacute SDATA "[Eacute]"--=capital E, acute accent--> +<!ENTITY ecirc SDATA "[ecirc ]"--=small e, circumflex accent--> +<!ENTITY Ecirc SDATA "[Ecirc ]"--=capital E, circumflex accent--> +<!ENTITY egrave SDATA "[egrave]"--=small e, grave accent--> +<!ENTITY Egrave SDATA "[Egrave]"--=capital E, grave accent--> +<!ENTITY euml SDATA "[euml ]"--=small e, dieresis or umlaut mark--> +<!ENTITY Euml SDATA "[Euml ]"--=capital E, dieresis or umlaut mark--> +<!ENTITY iacute SDATA "[iacute]"--=small i, acute accent--> +<!ENTITY Iacute SDATA "[Iacute]"--=capital I, acute accent--> +<!ENTITY icirc SDATA "[icirc ]"--=small i, circumflex accent--> +<!ENTITY Icirc SDATA "[Icirc ]"--=capital I, circumflex accent--> +<!ENTITY igrave SDATA "[igrave]"--=small i, grave accent--> +<!ENTITY Igrave SDATA "[Igrave]"--=capital I, grave accent--> +<!ENTITY iuml SDATA "[iuml ]"--=small i, dieresis or umlaut mark--> +<!ENTITY Iuml SDATA "[Iuml ]"--=capital I, dieresis or umlaut mark--> +<!ENTITY ntilde SDATA "[ntilde]"--=small n, tilde--> +<!ENTITY Ntilde SDATA "[Ntilde]"--=capital N, tilde--> +<!ENTITY oacute SDATA "[oacute]"--=small o, acute accent--> +<!ENTITY Oacute SDATA "[Oacute]"--=capital O, acute accent--> +<!ENTITY ocirc SDATA "[ocirc ]"--=small o, circumflex accent--> +<!ENTITY Ocirc SDATA "[Ocirc ]"--=capital O, circumflex accent--> +<!ENTITY ograve SDATA "[ograve]"--=small o, grave accent--> +<!ENTITY Ograve SDATA "[Ograve]"--=capital O, grave accent--> +<!ENTITY oslash SDATA "[oslash]"--=small o, slash--> +<!ENTITY Oslash SDATA "[Oslash]"--=capital O, slash--> +<!ENTITY otilde SDATA "[otilde]"--=small o, tilde--> +<!ENTITY Otilde SDATA "[Otilde]"--=capital O, tilde--> +<!ENTITY ouml SDATA "[ouml ]"--=small o, dieresis or umlaut mark--> +<!ENTITY Ouml SDATA "[Ouml ]"--=capital O, dieresis or umlaut mark--> +<!ENTITY szlig SDATA "[szlig ]"--=small sharp s, German (sz ligature)--> +<!ENTITY thorn SDATA "[thorn ]"--=small thorn, Icelandic--> +<!ENTITY THORN SDATA "[THORN ]"--=capital THORN, Icelandic--> +<!ENTITY uacute SDATA "[uacute]"--=small u, acute accent--> +<!ENTITY Uacute SDATA "[Uacute]"--=capital U, acute accent--> +<!ENTITY ucirc SDATA "[ucirc ]"--=small u, circumflex accent--> +<!ENTITY Ucirc SDATA "[Ucirc ]"--=capital U, circumflex accent--> +<!ENTITY ugrave SDATA "[ugrave]"--=small u, grave accent--> +<!ENTITY Ugrave SDATA "[Ugrave]"--=capital U, grave accent--> +<!ENTITY uuml SDATA "[uuml ]"--=small u, dieresis or umlaut mark--> +<!ENTITY Uuml SDATA "[Uuml ]"--=capital U, dieresis or umlaut mark--> +<!ENTITY yacute SDATA "[yacute]"--=small y, acute accent--> +<!ENTITY Yacute SDATA "[Yacute]"--=capital Y, acute accent--> +<!ENTITY yuml SDATA "[yuml ]"--=small y, dieresis or umlaut mark--> diff --git a/docs/docbook/dbsgml/ent/ISOlat2 b/docs/docbook/dbsgml/ent/ISOlat2 new file mode 100644 index 0000000000..4bcb337832 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOlat2 @@ -0,0 +1,131 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOlat2 PUBLIC + "ISO 8879:1986//ENTITIES Added Latin 2//EN"> + %ISOlat2; +--> +<!ENTITY abreve SDATA "[abreve]"--=small a, breve--> +<!ENTITY Abreve SDATA "[Abreve]"--=capital A, breve--> +<!ENTITY amacr SDATA "[amacr ]"--=small a, macron--> +<!ENTITY Amacr SDATA "[Amacr ]"--=capital A, macron--> +<!ENTITY aogon SDATA "[aogon ]"--=small a, ogonek--> +<!ENTITY Aogon SDATA "[Aogon ]"--=capital A, ogonek--> +<!ENTITY cacute SDATA "[cacute]"--=small c, acute accent--> +<!ENTITY Cacute SDATA "[Cacute]"--=capital C, acute accent--> +<!ENTITY ccaron SDATA "[ccaron]"--=small c, caron--> +<!ENTITY Ccaron SDATA "[Ccaron]"--=capital C, caron--> +<!ENTITY ccirc SDATA "[ccirc ]"--=small c, circumflex accent--> +<!ENTITY Ccirc SDATA "[Ccirc ]"--=capital C, circumflex accent--> +<!ENTITY cdot SDATA "[cdot ]"--=small c, dot above--> +<!ENTITY Cdot SDATA "[Cdot ]"--=capital C, dot above--> +<!ENTITY dcaron SDATA "[dcaron]"--=small d, caron--> +<!ENTITY Dcaron SDATA "[Dcaron]"--=capital D, caron--> +<!ENTITY dstrok SDATA "[dstrok]"--=small d, stroke--> +<!ENTITY Dstrok SDATA "[Dstrok]"--=capital D, stroke--> +<!ENTITY ecaron SDATA "[ecaron]"--=small e, caron--> +<!ENTITY Ecaron SDATA "[Ecaron]"--=capital E, caron--> +<!ENTITY edot SDATA "[edot ]"--=small e, dot above--> +<!ENTITY Edot SDATA "[Edot ]"--=capital E, dot above--> +<!ENTITY emacr SDATA "[emacr ]"--=small e, macron--> +<!ENTITY Emacr SDATA "[Emacr ]"--=capital E, macron--> +<!ENTITY eogon SDATA "[eogon ]"--=small e, ogonek--> +<!ENTITY Eogon SDATA "[Eogon ]"--=capital E, ogonek--> +<!ENTITY gacute SDATA "[gacute]"--=small g, acute accent--> +<!ENTITY gbreve SDATA "[gbreve]"--=small g, breve--> +<!ENTITY Gbreve SDATA "[Gbreve]"--=capital G, breve--> +<!ENTITY Gcedil SDATA "[Gcedil]"--=capital G, cedilla--> +<!ENTITY gcirc SDATA "[gcirc ]"--=small g, circumflex accent--> +<!ENTITY Gcirc SDATA "[Gcirc ]"--=capital G, circumflex accent--> +<!ENTITY gdot SDATA "[gdot ]"--=small g, dot above--> +<!ENTITY Gdot SDATA "[Gdot ]"--=capital G, dot above--> +<!ENTITY hcirc SDATA "[hcirc ]"--=small h, circumflex accent--> +<!ENTITY Hcirc SDATA "[Hcirc ]"--=capital H, circumflex accent--> +<!ENTITY hstrok SDATA "[hstrok]"--=small h, stroke--> +<!ENTITY Hstrok SDATA "[Hstrok]"--=capital H, stroke--> +<!ENTITY Idot SDATA "[Idot ]"--=capital I, dot above--> +<!ENTITY Imacr SDATA "[Imacr ]"--=capital I, macron--> +<!ENTITY imacr SDATA "[imacr ]"--=small i, macron--> +<!ENTITY ijlig SDATA "[ijlig ]"--=small ij ligature--> +<!ENTITY IJlig SDATA "[IJlig ]"--=capital IJ ligature--> +<!ENTITY inodot SDATA "[inodot]"--=small i without dot--> +<!ENTITY iogon SDATA "[iogon ]"--=small i, ogonek--> +<!ENTITY Iogon SDATA "[Iogon ]"--=capital I, ogonek--> +<!ENTITY itilde SDATA "[itilde]"--=small i, tilde--> +<!ENTITY Itilde SDATA "[Itilde]"--=capital I, tilde--> +<!ENTITY jcirc SDATA "[jcirc ]"--=small j, circumflex accent--> +<!ENTITY Jcirc SDATA "[Jcirc ]"--=capital J, circumflex accent--> +<!ENTITY kcedil SDATA "[kcedil]"--=small k, cedilla--> +<!ENTITY Kcedil SDATA "[Kcedil]"--=capital K, cedilla--> +<!ENTITY kgreen SDATA "[kgreen]"--=small k, Greenlandic--> +<!ENTITY lacute SDATA "[lacute]"--=small l, acute accent--> +<!ENTITY Lacute SDATA "[Lacute]"--=capital L, acute accent--> +<!ENTITY lcaron SDATA "[lcaron]"--=small l, caron--> +<!ENTITY Lcaron SDATA "[Lcaron]"--=capital L, caron--> +<!ENTITY lcedil SDATA "[lcedil]"--=small l, cedilla--> +<!ENTITY Lcedil SDATA "[Lcedil]"--=capital L, cedilla--> +<!ENTITY lmidot SDATA "[lmidot]"--=small l, middle dot--> +<!ENTITY Lmidot SDATA "[Lmidot]"--=capital L, middle dot--> +<!ENTITY lstrok SDATA "[lstrok]"--=small l, stroke--> +<!ENTITY Lstrok SDATA "[Lstrok]"--=capital L, stroke--> +<!ENTITY nacute SDATA "[nacute]"--=small n, acute accent--> +<!ENTITY Nacute SDATA "[Nacute]"--=capital N, acute accent--> +<!ENTITY eng SDATA "[eng ]"--=small eng, Lapp--> +<!ENTITY ENG SDATA "[ENG ]"--=capital ENG, Lapp--> +<!ENTITY napos SDATA "[napos ]"--=small n, apostrophe--> +<!ENTITY ncaron SDATA "[ncaron]"--=small n, caron--> +<!ENTITY Ncaron SDATA "[Ncaron]"--=capital N, caron--> +<!ENTITY ncedil SDATA "[ncedil]"--=small n, cedilla--> +<!ENTITY Ncedil SDATA "[Ncedil]"--=capital N, cedilla--> +<!ENTITY odblac SDATA "[odblac]"--=small o, double acute accent--> +<!ENTITY Odblac SDATA "[Odblac]"--=capital O, double acute accent--> +<!ENTITY Omacr SDATA "[Omacr ]"--=capital O, macron--> +<!ENTITY omacr SDATA "[omacr ]"--=small o, macron--> +<!ENTITY oelig SDATA "[oelig ]"--=small oe ligature--> +<!ENTITY OElig SDATA "[OElig ]"--=capital OE ligature--> +<!ENTITY racute SDATA "[racute]"--=small r, acute accent--> +<!ENTITY Racute SDATA "[Racute]"--=capital R, acute accent--> +<!ENTITY rcaron SDATA "[rcaron]"--=small r, caron--> +<!ENTITY Rcaron SDATA "[Rcaron]"--=capital R, caron--> +<!ENTITY rcedil SDATA "[rcedil]"--=small r, cedilla--> +<!ENTITY Rcedil SDATA "[Rcedil]"--=capital R, cedilla--> +<!ENTITY sacute SDATA "[sacute]"--=small s, acute accent--> +<!ENTITY Sacute SDATA "[Sacute]"--=capital S, acute accent--> +<!ENTITY scaron SDATA "[scaron]"--=small s, caron--> +<!ENTITY Scaron SDATA "[Scaron]"--=capital S, caron--> +<!ENTITY scedil SDATA "[scedil]"--=small s, cedilla--> +<!ENTITY Scedil SDATA "[Scedil]"--=capital S, cedilla--> +<!ENTITY scirc SDATA "[scirc ]"--=small s, circumflex accent--> +<!ENTITY Scirc SDATA "[Scirc ]"--=capital S, circumflex accent--> +<!ENTITY tcaron SDATA "[tcaron]"--=small t, caron--> +<!ENTITY Tcaron SDATA "[Tcaron]"--=capital T, caron--> +<!ENTITY tcedil SDATA "[tcedil]"--=small t, cedilla--> +<!ENTITY Tcedil SDATA "[Tcedil]"--=capital T, cedilla--> +<!ENTITY tstrok SDATA "[tstrok]"--=small t, stroke--> +<!ENTITY Tstrok SDATA "[Tstrok]"--=capital T, stroke--> +<!ENTITY ubreve SDATA "[ubreve]"--=small u, breve--> +<!ENTITY Ubreve SDATA "[Ubreve]"--=capital U, breve--> +<!ENTITY udblac SDATA "[udblac]"--=small u, double acute accent--> +<!ENTITY Udblac SDATA "[Udblac]"--=capital U, double acute accent--> +<!ENTITY umacr SDATA "[umacr ]"--=small u, macron--> +<!ENTITY Umacr SDATA "[Umacr ]"--=capital U, macron--> +<!ENTITY uogon SDATA "[uogon ]"--=small u, ogonek--> +<!ENTITY Uogon SDATA "[Uogon ]"--=capital U, ogonek--> +<!ENTITY uring SDATA "[uring ]"--=small u, ring--> +<!ENTITY Uring SDATA "[Uring ]"--=capital U, ring--> +<!ENTITY utilde SDATA "[utilde]"--=small u, tilde--> +<!ENTITY Utilde SDATA "[Utilde]"--=capital U, tilde--> +<!ENTITY wcirc SDATA "[wcirc ]"--=small w, circumflex accent--> +<!ENTITY Wcirc SDATA "[Wcirc ]"--=capital W, circumflex accent--> +<!ENTITY ycirc SDATA "[ycirc ]"--=small y, circumflex accent--> +<!ENTITY Ycirc SDATA "[Ycirc ]"--=capital Y, circumflex accent--> +<!ENTITY Yuml SDATA "[Yuml ]"--=capital Y, dieresis or umlaut mark--> +<!ENTITY zacute SDATA "[zacute]"--=small z, acute accent--> +<!ENTITY Zacute SDATA "[Zacute]"--=capital Z, acute accent--> +<!ENTITY zcaron SDATA "[zcaron]"--=small z, caron--> +<!ENTITY Zcaron SDATA "[Zcaron]"--=capital Z, caron--> +<!ENTITY zdot SDATA "[zdot ]"--=small z, dot above--> +<!ENTITY Zdot SDATA "[Zdot ]"--=capital Z, dot above--> diff --git a/docs/docbook/dbsgml/ent/ISOnum b/docs/docbook/dbsgml/ent/ISOnum new file mode 100644 index 0000000000..d7b41c33ae --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOnum @@ -0,0 +1,91 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOnum PUBLIC + "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN"> + %ISOnum; +--> +<!ENTITY half SDATA "[half ]"--=fraction one-half--> +<!ENTITY frac12 SDATA "[frac12]"--=fraction one-half--> +<!ENTITY frac14 SDATA "[frac14]"--=fraction one-quarter--> +<!ENTITY frac34 SDATA "[frac34]"--=fraction three-quarters--> +<!ENTITY frac18 SDATA "[frac18]"--=fraction one-eighth--> +<!ENTITY frac38 SDATA "[frac38]"--=fraction three-eighths--> +<!ENTITY frac58 SDATA "[frac58]"--=fraction five-eighths--> +<!ENTITY frac78 SDATA "[frac78]"--=fraction seven-eighths--> + +<!ENTITY sup1 SDATA "[sup1 ]"--=superscript one--> +<!ENTITY sup2 SDATA "[sup2 ]"--=superscript two--> +<!ENTITY sup3 SDATA "[sup3 ]"--=superscript three--> + +<!ENTITY plus SDATA "[plus ]"--=plus sign B:-- > +<!ENTITY plusmn SDATA "[plusmn]"--/pm B: =plus-or-minus sign--> +<!ENTITY lt SDATA "[lt ]"--=less-than sign R:--> +<!ENTITY equals SDATA "[equals]"--=equals sign R:--> +<!ENTITY gt SDATA "[gt ]"--=greater-than sign R:--> +<!ENTITY divide SDATA "[divide]"--/div B: =divide sign--> +<!ENTITY times SDATA "[times ]"--/times B: =multiply sign--> + +<!ENTITY curren SDATA "[curren]"--=general currency sign--> +<!ENTITY pound SDATA "[pound ]"--=pound sign--> +<!ENTITY dollar SDATA "[dollar]"--=dollar sign--> +<!ENTITY cent SDATA "[cent ]"--=cent sign--> +<!ENTITY yen SDATA "[yen ]"--/yen =yen sign--> + +<!ENTITY num SDATA "[num ]"--=number sign--> +<!ENTITY percnt SDATA "[percnt]"--=percent sign--> +<!ENTITY amp SDATA "[amp ]"--=ampersand--> +<!ENTITY ast SDATA "[ast ]"--/ast B: =asterisk--> +<!ENTITY commat SDATA "[commat]"--=commercial at--> +<!ENTITY lsqb SDATA "[lsqb ]"--/lbrack O: =left square bracket--> +<!ENTITY bsol SDATA "[bsol ]"--/backslash =reverse solidus--> +<!ENTITY rsqb SDATA "[rsqb ]"--/rbrack C: =right square bracket--> +<!ENTITY lcub SDATA "[lcub ]"--/lbrace O: =left curly bracket--> +<!ENTITY horbar SDATA "[horbar]"--=horizontal bar--> +<!ENTITY verbar SDATA "[verbar]"--/vert =vertical bar--> +<!ENTITY rcub SDATA "[rcub ]"--/rbrace C: =right curly bracket--> +<!ENTITY micro SDATA "[micro ]"--=micro sign--> +<!ENTITY ohm SDATA "[ohm ]"--=ohm sign--> +<!ENTITY deg SDATA "[deg ]"--=degree sign--> +<!ENTITY ordm SDATA "[ordm ]"--=ordinal indicator, masculine--> +<!ENTITY ordf SDATA "[ordf ]"--=ordinal indicator, feminine--> +<!ENTITY sect SDATA "[sect ]"--=section sign--> +<!ENTITY para SDATA "[para ]"--=pilcrow (paragraph sign)--> +<!ENTITY middot SDATA "[middot]"--/centerdot B: =middle dot--> +<!ENTITY larr SDATA "[larr ]"--/leftarrow /gets A: =leftward arrow--> +<!ENTITY rarr SDATA "[rarr ]"--/rightarrow /to A: =rightward arrow--> +<!ENTITY uarr SDATA "[uarr ]"--/uparrow A: =upward arrow--> +<!ENTITY darr SDATA "[darr ]"--/downarrow A: =downward arrow--> +<!ENTITY copy SDATA "[copy ]"--=copyright sign--> +<!ENTITY reg SDATA "[reg ]"--/circledR =registered sign--> +<!ENTITY trade SDATA "[trade ]"--=trade mark sign--> +<!ENTITY brvbar SDATA "[brvbar]"--=broken (vertical) bar--> +<!ENTITY not SDATA "[not ]"--/neg /lnot =not sign--> +<!ENTITY sung SDATA "[sung ]"--=music note (sung text sign)--> + +<!ENTITY excl SDATA "[excl ]"--=exclamation mark--> +<!ENTITY iexcl SDATA "[iexcl ]"--=inverted exclamation mark--> +<!ENTITY quot SDATA "[quot ]"--=quotation mark--> +<!ENTITY apos SDATA "[apos ]"--=apostrophe--> +<!ENTITY lpar SDATA "[lpar ]"--O: =left parenthesis--> +<!ENTITY rpar SDATA "[rpar ]"--C: =right parenthesis--> +<!ENTITY comma SDATA "[comma ]"--P: =comma--> +<!ENTITY lowbar SDATA "[lowbar]"--=low line--> +<!ENTITY hyphen SDATA "[hyphen]"--=hyphen--> +<!ENTITY period SDATA "[period]"--=full stop, period--> +<!ENTITY sol SDATA "[sol ]"--=solidus--> +<!ENTITY colon SDATA "[colon ]"--/colon P:--> +<!ENTITY semi SDATA "[semi ]"--=semicolon P:--> +<!ENTITY quest SDATA "[quest ]"--=question mark--> +<!ENTITY iquest SDATA "[iquest]"--=inverted question mark--> +<!ENTITY laquo SDATA "[laquo ]"--=angle quotation mark, left--> +<!ENTITY raquo SDATA "[raquo ]"--=angle quotation mark, right--> +<!ENTITY lsquo SDATA "[lsquo ]"--=single quotation mark, left--> +<!ENTITY rsquo SDATA "[rsquo ]"--=single quotation mark, right--> +<!ENTITY ldquo SDATA "[ldquo ]"--=double quotation mark, left--> +<!ENTITY rdquo SDATA "[rdquo ]"--=double quotation mark, right--> +<!ENTITY nbsp SDATA "[nbsp ]"--=no break (required) space--> +<!ENTITY shy SDATA "[shy ]"--=soft hyphen--> diff --git a/docs/docbook/dbsgml/ent/ISOpub b/docs/docbook/dbsgml/ent/ISOpub new file mode 100644 index 0000000000..c184973cfd --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOpub @@ -0,0 +1,100 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOpub PUBLIC + "ISO 8879:1986//ENTITIES Publishing//EN"> + %ISOpub; +--> +<!ENTITY emsp SDATA "[emsp ]"--=em space--> +<!ENTITY ensp SDATA "[ensp ]"--=en space (1/2-em)--> +<!ENTITY emsp13 SDATA "[emsp3 ]"--=1/3-em space--> +<!ENTITY emsp14 SDATA "[emsp4 ]"--=1/4-em space--> +<!ENTITY numsp SDATA "[numsp ]"--=digit space (width of a number)--> +<!ENTITY puncsp SDATA "[puncsp]"--=punctuation space (width of comma)--> +<!ENTITY thinsp SDATA "[thinsp]"--=thin space (1/6-em)--> +<!ENTITY hairsp SDATA "[hairsp]"--=hair space--> +<!ENTITY mdash SDATA "[mdash ]"--=em dash--> +<!ENTITY ndash SDATA "[ndash ]"--=en dash--> +<!ENTITY dash SDATA "[dash ]"--=hyphen (true graphic)--> +<!ENTITY blank SDATA "[blank ]"--=significant blank symbol--> +<!ENTITY hellip SDATA "[hellip]"--=ellipsis (horizontal)--> +<!ENTITY nldr SDATA "[nldr ]"--=double baseline dot (en leader)--> +<!ENTITY frac13 SDATA "[frac13]"--=fraction one-third--> +<!ENTITY frac23 SDATA "[frac23]"--=fraction two-thirds--> +<!ENTITY frac15 SDATA "[frac15]"--=fraction one-fifth--> +<!ENTITY frac25 SDATA "[frac25]"--=fraction two-fifths--> +<!ENTITY frac35 SDATA "[frac35]"--=fraction three-fifths--> +<!ENTITY frac45 SDATA "[frac45]"--=fraction four-fifths--> +<!ENTITY frac16 SDATA "[frac16]"--=fraction one-sixth--> +<!ENTITY frac56 SDATA "[frac56]"--=fraction five-sixths--> +<!ENTITY incare SDATA "[incare]"--=in-care-of symbol--> +<!ENTITY block SDATA "[block ]"--=full block--> +<!ENTITY uhblk SDATA "[uhblk ]"--=upper half block--> +<!ENTITY lhblk SDATA "[lhblk ]"--=lower half block--> +<!ENTITY blk14 SDATA "[blk14 ]"--=25% shaded block--> +<!ENTITY blk12 SDATA "[blk12 ]"--=50% shaded block--> +<!ENTITY blk34 SDATA "[blk34 ]"--=75% shaded block--> +<!ENTITY marker SDATA "[marker]"--=histogram marker--> +<!ENTITY cir SDATA "[cir ]"--/circ B: =circle, open--> +<!ENTITY squ SDATA "[squ ]"--=square, open--> +<!ENTITY rect SDATA "[rect ]"--=rectangle, open--> +<!ENTITY utri SDATA "[utri ]"--/triangle =up triangle, open--> +<!ENTITY dtri SDATA "[dtri ]"--/triangledown =down triangle, open--> +<!ENTITY star SDATA "[star ]"--=star, open--> +<!ENTITY bull SDATA "[bull ]"--/bullet B: =round bullet, filled--> +<!ENTITY squf SDATA "[squf ]"--/blacksquare =sq bullet, filled--> +<!ENTITY utrif SDATA "[utrif ]"--/blacktriangle =up tri, filled--> +<!ENTITY dtrif SDATA "[dtrif ]"--/blacktriangledown =dn tri, filled--> +<!ENTITY ltrif SDATA "[ltrif ]"--/blacktriangleleft R: =l tri, filled--> +<!ENTITY rtrif SDATA "[rtrif ]"--/blacktriangleright R: =r tri, filled--> +<!ENTITY clubs SDATA "[clubs ]"--/clubsuit =club suit symbol--> +<!ENTITY diams SDATA "[diams ]"--/diamondsuit =diamond suit symbol--> +<!ENTITY hearts SDATA "[hearts]"--/heartsuit =heart suit symbol--> +<!ENTITY spades SDATA "[spades]"--/spadesuit =spades suit symbol--> +<!ENTITY malt SDATA "[malt ]"--/maltese =maltese cross--> +<!ENTITY dagger SDATA "[dagger]"--/dagger B: =dagger--> +<!ENTITY Dagger SDATA "[Dagger]"--/ddagger B: =double dagger--> +<!ENTITY check SDATA "[check ]"--/checkmark =tick, check mark--> +<!ENTITY cross SDATA "[ballot]"--=ballot cross--> +<!ENTITY sharp SDATA "[sharp ]"--/sharp =musical sharp--> +<!ENTITY flat SDATA "[flat ]"--/flat =musical flat--> +<!ENTITY male SDATA "[male ]"--=male symbol--> +<!ENTITY female SDATA "[female]"--=female symbol--> +<!ENTITY phone SDATA "[phone ]"--=telephone symbol--> +<!ENTITY telrec SDATA "[telrec]"--=telephone recorder symbol--> +<!ENTITY copysr SDATA "[copysr]"--=sound recording copyright sign--> +<!ENTITY caret SDATA "[caret ]"--=caret (insertion mark)--> +<!ENTITY lsquor SDATA "[lsquor]"--=rising single quote, left (low)--> +<!ENTITY ldquor SDATA "[ldquor]"--=rising dbl quote, left (low)--> + +<!ENTITY fflig SDATA "[fflig ]"--small ff ligature--> +<!ENTITY filig SDATA "[filig ]"--small fi ligature--> +<!ENTITY fjlig SDATA "[fjlig ]"--small fj ligature--> +<!ENTITY ffilig SDATA "[ffilig]"--small ffi ligature--> +<!ENTITY ffllig SDATA "[ffllig]"--small ffl ligature--> +<!ENTITY fllig SDATA "[fllig ]"--small fl ligature--> + +<!ENTITY mldr SDATA "[mldr ]"--em leader--> +<!ENTITY rdquor SDATA "[rdquor]"--rising dbl quote, right (high)--> +<!ENTITY rsquor SDATA "[rsquor]"--rising single quote, right (high)--> +<!ENTITY vellip SDATA "[vellip]"--vertical ellipsis--> + +<!ENTITY hybull SDATA "[hybull]"--rectangle, filled (hyphen bullet)--> +<!ENTITY loz SDATA "[loz ]"--/lozenge - lozenge or total mark--> +<!ENTITY lozf SDATA "[lozf ]"--/blacklozenge - lozenge, filled--> +<!ENTITY ltri SDATA "[ltri ]"--/triangleleft B: l triangle, open--> +<!ENTITY rtri SDATA "[rtri ]"--/triangleright B: r triangle, open--> +<!ENTITY starf SDATA "[starf ]"--/bigstar - star, filled--> + +<!ENTITY natur SDATA "[natur ]"--/natural - music natural--> +<!ENTITY rx SDATA "[rx ]"--pharmaceutical prescription (Rx)--> +<!ENTITY sext SDATA "[sext ]"--sextile (6-pointed star)--> + +<!ENTITY target SDATA "[target]"--register mark or target--> +<!ENTITY dlcrop SDATA "[dlcrop]"--downward left crop mark --> +<!ENTITY drcrop SDATA "[drcrop]"--downward right crop mark --> +<!ENTITY ulcrop SDATA "[ulcrop]"--upward left crop mark --> +<!ENTITY urcrop SDATA "[urcrop]"--upward right crop mark --> diff --git a/docs/docbook/dbsgml/ent/ISOtech b/docs/docbook/dbsgml/ent/ISOtech new file mode 100644 index 0000000000..cbda344869 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOtech @@ -0,0 +1,73 @@ +<!-- (C) International Organization for Standardization 1986 + Permission to copy in any form is granted for use with + conforming SGML systems and applications as defined in + ISO 8879, provided this notice is included in all copies. +--> +<!-- Character entity set. Typical invocation: + <!ENTITY % ISOtech PUBLIC + "ISO 8879:1986//ENTITIES General Technical//EN"> + %ISOtech; +--> +<!ENTITY aleph SDATA "[aleph ]"--/aleph =aleph, Hebrew--> +<!ENTITY and SDATA "[and ]"--/wedge /land B: =logical and--> +<!ENTITY ang90 SDATA "[ang90 ]"--=right (90 degree) angle--> +<!ENTITY angsph SDATA "[angsph]"--/sphericalangle =angle-spherical--> +<!ENTITY ap SDATA "[ap ]"--/approx R: =approximate--> +<!ENTITY becaus SDATA "[becaus]"--/because R: =because--> +<!ENTITY bottom SDATA "[bottom]"--/bot B: =perpendicular--> +<!ENTITY cap SDATA "[cap ]"--/cap B: =intersection--> +<!ENTITY cong SDATA "[cong ]"--/cong R: =congruent with--> +<!ENTITY conint SDATA "[conint]"--/oint L: =contour integral operator--> +<!ENTITY cup SDATA "[cup ]"--/cup B: =union or logical sum--> +<!ENTITY equiv SDATA "[equiv ]"--/equiv R: =identical with--> +<!ENTITY exist SDATA "[exist ]"--/exists =at least one exists--> +<!ENTITY forall SDATA "[forall]"--/forall =for all--> +<!ENTITY fnof SDATA "[fnof ]"--=function of (italic small f)--> +<!ENTITY ge SDATA "[ge ]"--/geq /ge R: =greater-than-or-equal--> +<!ENTITY iff SDATA "[iff ]"--/iff =if and only if--> +<!ENTITY infin SDATA "[infin ]"--/infty =infinity--> +<!ENTITY int SDATA "[int ]"--/int L: =integral operator--> +<!ENTITY isin SDATA "[isin ]"--/in R: =set membership--> +<!ENTITY lang SDATA "[lang ]"--/langle O: =left angle bracket--> +<!ENTITY lArr SDATA "[lArr ]"--/Leftarrow A: =is implied by--> +<!ENTITY le SDATA "[le ]"--/leq /le R: =less-than-or-equal--> +<!ENTITY minus SDATA "[minus ]"--B: =minus sign--> +<!ENTITY mnplus SDATA "[mnplus]"--/mp B: =minus-or-plus sign--> +<!ENTITY nabla SDATA "[nabla ]"--/nabla =del, Hamilton operator--> +<!ENTITY ne SDATA "[ne ]"--/ne /neq R: =not equal--> +<!ENTITY ni SDATA "[ni ]"--/ni /owns R: =contains--> +<!ENTITY or SDATA "[or ]"--/vee /lor B: =logical or--> +<!ENTITY par SDATA "[par ]"--/parallel R: =parallel--> +<!ENTITY part SDATA "[part ]"--/partial =partial differential--> +<!ENTITY permil SDATA "[permil]"--=per thousand--> +<!ENTITY perp SDATA "[perp ]"--/perp R: =perpendicular--> +<!ENTITY prime SDATA "[prime ]"--/prime =prime or minute--> +<!ENTITY Prime SDATA "[Prime ]"--=double prime or second--> +<!ENTITY prop SDATA "[prop ]"--/propto R: =is proportional to--> +<!ENTITY radic SDATA "[radic ]"--/surd =radical--> +<!ENTITY rang SDATA "[rang ]"--/rangle C: =right angle bracket--> +<!ENTITY rArr SDATA "[rArr ]"--/Rightarrow A: =implies--> +<!ENTITY sim SDATA "[sim ]"--/sim R: =similar--> +<!ENTITY sime SDATA "[sime ]"--/simeq R: =similar, equals--> +<!ENTITY square SDATA "[square]"--/square B: =square--> +<!ENTITY sub SDATA "[sub ]"--/subset R: =subset or is implied by--> +<!ENTITY sube SDATA "[sube ]"--/subseteq R: =subset, equals--> +<!ENTITY sup SDATA "[sup ]"--/supset R: =superset or implies--> +<!ENTITY supe SDATA "[supe ]"--/supseteq R: =superset, equals--> +<!ENTITY there4 SDATA "[there4]"--/therefore R: =therefore--> +<!ENTITY Verbar SDATA "[Verbar]"--/Vert =dbl vertical bar--> + +<!ENTITY angst SDATA "[angst ]"--Angstrom =capital A, ring--> +<!ENTITY bernou SDATA "[bernou]"--Bernoulli function (script capital B)--> +<!ENTITY compfn SDATA "[compfn]"--B: composite function (small circle)--> +<!ENTITY Dot SDATA "[Dot ]"--=dieresis or umlaut mark--> +<!ENTITY DotDot SDATA "[DotDot]"--four dots above--> +<!ENTITY hamilt SDATA "[hamilt]"--Hamiltonian (script capital H)--> +<!ENTITY lagran SDATA "[lagran]"--Lagrangian (script capital L)--> +<!ENTITY lowast SDATA "[lowast]"--low asterisk--> +<!ENTITY notin SDATA "[notin ]"--N: negated set membership--> +<!ENTITY order SDATA "[order ]"--order of (script small o)--> +<!ENTITY phmmat SDATA "[phmmat]"--physics M-matrix (script capital M)--> +<!ENTITY tdot SDATA "[tdot ]"--three dots above--> +<!ENTITY tprime SDATA "[tprime]"--triple prime--> +<!ENTITY wedgeq SDATA "[wedgeq]"--R: corresponds to (wedge, equals)--> diff --git a/docs/docbook/dbsgml/readme.txt b/docs/docbook/dbsgml/readme.txt new file mode 100644 index 0000000000..52d3f9f4aa --- /dev/null +++ b/docs/docbook/dbsgml/readme.txt @@ -0,0 +1,12 @@ +README for DocBook V4.1 + +This is DocBook V4.1, released 19 June 2000. + +See 40chg.txt for information about what has changed since DocBook 3.1. + +For more information about DocBook, please see + + http://www.oasis-open.org/docbook/ + +Please send all questions, comments, concerns, and bug reports to the +DocBook mailing list: docbook@lists.oasis-open.org diff --git a/docs/docbook/docbook.txt b/docs/docbook/docbook.txt new file mode 100644 index 0000000000..388cd5cf9b --- /dev/null +++ b/docs/docbook/docbook.txt @@ -0,0 +1,136 @@ +!== +!== docbook.txt for Samba 2.2.0 release +!== +!== Author: David Bannon, D.Bannon@latrobe.edu.au November, 2000 +!== Updates: Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001 + +What are DocBook documents doing in the Samba Distribution ? +----------------------------------------------------------- + +We are planning to convert all of the samba docs to SGML/DocBook V4.1 +in order to make them easier to maintain and produce a nicer looking +product. + +This short note (strange isn't it how it always starts out as a short note +and becomes a long one ?) will explain very briefly how and why we are +doing this. + + +The format +---------- + +If you are new to sgml, regard an sgml file as 'source code'. You don't +read it directly, use it to create other formats (like the txt and html +included in ../txt and ../html). + +Docbook is a particular SGML style, particularly suited to producing +technical manuals. In the two documents I have produced so far I have used +DocBook 4.1, it seems that products like RedHat Linux is still include only +version 3.1, the differences are minor. The Linux Documentation Project is +using a modified version of 3.1 but are really geared up to make multi +paged documents, something we want to avoid for logistic reasons. + +For more information on DocBook tags and format, see "DocBook: The +Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing. +This book covers DocBook V3.1 and is available on-line +at http://www.docbook.org/ + +The Output +---------- + +The current Samba CVS tree contains the SGML/DocBook source files as well +as the following autogenerated formats + + * man pages + * HTML + * ASCII text (where appropriate) + + +The Tools +--------- + +[ + addendum: For a good general overview of installing the tools + needed for generating files from SGML/DocBook source, refer + to the DocBook-Install mini HOWTO at + http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DocBook-Install + + While the above link is to a Linux HOWTO, the tools can be installed + on almost any UNIX platform. + + David's original notes follow below: +] + +Any sgml document needs to be referred to a suitable style sheet +(describing syntax) and other sheets that tell the translating programmes +how to do the translations. The list of necessary 'included files is a +bit messy but once installed is pretty easy. + +On one of my RedHat 6.2 systems I installed the following: +* sgml-common (as an rpm) +* docbook (as an rpm) +* stylesheets (as an rpm) +* jade (as an rpm) +* Docbook 4.1 from http://docbook.org +* DSSSL 157 from http://nwalsh.com/docbook/dsssl/ + +There are several downloadable descriptions of the DocBook syntax at the +web sites mentioned above. Note that a lot of the docs only talk about +version 3.1 with 4.1 as an add-on. + +In either case you will need to include in the html/docbook.dsl and most +likely a couple of defines to achieve a suitable output. I made a +local dsl file that I called html.dsl that looks like this : + +<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [ +<!ENTITY dbstyle SYSTEM "/usr/lib/sgml/dsssl-157/docbook/html/docbook.dsl" +CDATA DSSSL> +]> + +<style-sheet> +<style-specification use="docbook"> +<style-specification-body> + +(define nochunks #t) ;; Dont make multiple pages +(define rootchunk #t) ;; Do make a 'root' page +(define %use-id-as-filename% #t) ;; Use book id as filename +(define %html-ext% ".html") ;; give it a proper html extension + +</style-specification-body> +</style-specification> +<external-specification id="docbook" document="dbstyle"> +</style-sheet> + +Note the top block that refers to where the dsssl-157 style sheets are +installed, if you don’t put them there make sure you edit the file. + +To use this stylesheet, have it in your working directory along with your +sgml files. Jade does the actual conversion to html, call it like this : + +jade -t sgml -d html.dsl stuff.sgml + +To create the text version run the html through lynx : + +Lynx -dump -nolist stuff.html > stuff.txt + +These instructions are crude by might help someone get going. Please feel +free to contact me if you have any questions or if you can correct any one +of the many mistakes I must have made above. + +David + +========================================================================== + +This directory now contains a ./configure script and Makefile to +support the automated building of man pages (including HTML versions). +The DocBook V4.1 DTD and ISO entity files have also been included in CVS +to make sure we are all working from the same plate. + +The SGML_CATALOG_FILES environment variable should be set as follows +(this assumes you have a working local installation of jade and +Norman's Walsh's DSSSL stylesheets): + + export SGML_CATALOG_FILES=$SGML_CATALOG_FILES:./dbsgml/catalog + + +--jerry diff --git a/docs/docbook/faq/README.NOW b/docs/docbook/faq/README.NOW new file mode 100644 index 0000000000..77f1659a89 --- /dev/null +++ b/docs/docbook/faq/README.NOW @@ -0,0 +1,2 @@ +The files previously in this directory have been incorporated +into the Samba-HOWTO-Collection diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent new file mode 100644 index 0000000000..91286de98b --- /dev/null +++ b/docs/docbook/global.ent @@ -0,0 +1,33 @@ +<!-- Global Entities File --> + + +<!-- Email Address' --> +<!ENTITY email.dbannon 'D.Bannon@latrobe.edu.au'> +<!ENTITY email.jmoore 'jmoore@php.net'> +<!ENTITY email.jerry 'jerry@samba.org'> +<!ENTITY email.patches 'samba-patches@samba.org'> + +<!-- URL's --> +<!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'> +<!ENTITY url.pdc-howto.local 'samba-pdc-howto.html'> +<!ENTITY url.samba-tng 'http://www.samba-tng.org'> +<!ENTITY url.samba.doc 'http://bioserve.latrobe.edu.au/samba/'> +<!ENTITY url.ultraedit 'http://www.ultraedit.com'> +<!ENTITY url.vi-windows 'http://home.snafu.de/ramo/WinViEn.htm'> +<!ENTITY url.pfe 'http://www.lancs.ac.uk/people/cpaap/pfe/'> +<!ENTITY url.server-tools.win95 'ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE'> +<!ENTITY url.server-tools.winnt 'ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE'> +<!ENTITY url.tcpdump 'http://www.tcpdump.org/'> +<!ENTITY url.samba 'http://samba.org'> +<!ENTITY url.samba-ldap-howto 'http://www.unav.es/cti/ldap-smb-howto.html'> +<!ENTITY url.samba-tng.home 'http://www.kneschke.de/projekte/samba_tng/'> +<!ENTITY url.samba.mailinglist.ntdom 'http://lists.samba.org/mailman/roster/samba-ntdom'> +<!ENTITY url.samba.cifs 'http://samba.org/cifs/'> +<!ENTITY url.ntdomains-for-unix 'http://mailhost.cb1.com/~lkcl/ntdom/'> +<!ENTITY url.samba.specs.old 'ftp://ftp.microsoft.com/developr/drg/CIFS/'> +<!ENTITY url.rfc.1001 'http://ds.internic.net/rfc/rfc1001.txt'> +<!ENTITY url.rfc.1002 'http://ds.internic.net/rfc/rfc1002.txt'> + +<!-- Misc --> +<!ENTITY samba.pub.cvshost 'pserver.samba.org'> + diff --git a/docs/docbook/howto/README.NOW b/docs/docbook/howto/README.NOW new file mode 100644 index 0000000000..77f1659a89 --- /dev/null +++ b/docs/docbook/howto/README.NOW @@ -0,0 +1,2 @@ +The files previously in this directory have been incorporated +into the Samba-HOWTO-Collection diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml new file mode 100644 index 0000000000..d8f436c4a1 --- /dev/null +++ b/docs/docbook/manpages/findsmb.1.sgml @@ -0,0 +1,131 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="findsmb"> + +<refmeta> + <refentrytitle>findsmb</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>findsmb</refname> + <refpurpose>list info about machines that respond to SMB + name queries on a subnet</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>findsmb</command> + <arg choice="opt">subnet broadcast address</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This perl script is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>findsmb</command> is a perl script that + prints out several pieces of information about machines + on a subnet that respond to SMB name query requests. + It uses <ulink url="nmblookup.1.html"><command> + nmblookup(1)</command></ulink> and <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink> to obtain this information. + </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>subnet broadcast address</term> + <listitem><para>Without this option, <command>findsmb + </command> will probe the subnet of the machine where + <command>findsmb</command> is run. This value is passed + to <command>nmblookup</command> as part of the + <constant>-B</constant> option</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>The output of <command>findsmb</command> lists the following + information for all machines that respond to the initial + <command>nmblookup</command> for any name: IP address, NetBIOS name, + Workgroup name, operating system, and SMB server version.</para> + + <para>There will be a '+' in front of the workgroup name for + machines that are local master browsers for that workgroup. There + will be an '*' in front of the workgroup name for + machines that are the domain master browser for that workgroup. + Machines that are running Windows, Windows 95 or Windows 98 will + not show any information about the operating system or server + version.</para> + + <para>The command must be run on a system without <ulink + url="nmbd.8.html"><command>nmbd</command></ulink> running. + If <command>nmbd</command> is running on the system, you will + only get the IP address and the DNS name of the machine. To + get proper responses from Windows 95 and Windows 98 machines, + the command must be run as root. </para> + + <para>For example running <command>findsmb</command> on a machine + without <command>nmbd</command> running would yield output similar + to the following</para> + + <screen><computeroutput> +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +192.168.35.10 MINESET-TEST1 [DMVENGR] +192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6] +192.168.35.56 HERBNT2 [HERB-NT] +192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX] +192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10] +192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX] +192.168.35.78 HERBDHCP1 +[HERB] +192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] +192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] +192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] + </computeroutput></screen> + +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, and <ulink url="nmblookup.1.html"> + <command>nmblookup(1)</command></ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.sgml new file mode 100644 index 0000000000..7934c18e8e --- /dev/null +++ b/docs/docbook/manpages/lmhosts.5.sgml @@ -0,0 +1,114 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="lmhosts"> + +<refmeta> + <refentrytitle>lmhosts</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>lmhosts</refname> + <refpurpose>The Samba NetBIOS hosts file</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <para><filename>lmhosts</filename> is the <ulink url="samba.7.html"> + Samba</ulink> NetBIOS name to IP address mapping file.</para> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This file is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><filename>lmhosts</filename> is the <emphasis>Samba + </emphasis> NetBIOS name to IP address mapping file. It + is very similar to the <filename>/etc/hosts</filename> file + format, except that the hostname component must correspond + to the NetBIOS naming format.</para> +</refsect1> + +<refsect1> + <title>FILE FORMAT</title> + <para>It is an ASCII file containing one line for NetBIOS name. + The two fields on each line are separated from each other by + white space. Any entry beginning with '#' is ignored. Each line + in the lmhosts file contains the following information :</para> + + <itemizedlist> + <listitem><para>IP Address - in dotted decimal format.</para> + </listitem> + + <listitem><para>NetBIOS Name - This name format is a + maximum fifteen character host name, with an optional + trailing '#' character followed by the NetBIOS name type + as two hexadecimal digits.</para> + + <para>If the trailing '#' is omitted then the given IP + address will be returned for all names that match the given + name, whatever the NetBIOS name type in the lookup.</para> + </listitem> + </itemizedlist> + + <para>An example follows :</para> + + <para><programlisting> +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + </programlisting></para> + + <para>Contains three IP to NetBIOS name mappings. The first + and third will be returned for any queries for the names "TESTPC" + and "SAMBASERVER" respectively, whatever the type component of + the NetBIOS name requested.</para> + + <para>The second mapping will be returned only when the "0x20" name + type for a name "NTSERVER" is queried. Any other name type will not + be resolved.</para> + + <para>The default location of the <filename>lmhosts</filename> file + is in the same directory as the <ulink url="smb.conf.5.html"> + smb.conf(5)></ulink> file.</para> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="smb.conf.5.html#NAMERESOLVEORDER"> + smb.conf(5)</ulink>, and <ulink url="smbpasswd.8.html"><command> + smbpasswd(8)</command></ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml new file mode 100644 index 0000000000..a36f9b968c --- /dev/null +++ b/docs/docbook/manpages/make_smbcodepage.1.sgml @@ -0,0 +1,197 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="make-smbcodepage"> + +<refmeta> + <refentrytitle>make_smbcodepage</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>make_smbcodepage</refname> + <refpurpose>construct a codepage file for Samba</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>make_smbcodepage</command> + <arg choice="req">c|d</arg> + <arg choice="req">codepage</arg> + <arg choice="req">inputfile</arg> + <arg choice="req">outputfile</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>make_smbcodepage</command> compiles or de-compiles + codepage files for use with the internationalization features + of Samba 2.2</para> +</refsect1> + + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>c|d</term> + <listitem><para>This tells <command>make_smbcodepage</command> + if it is compiling (<parameter>c</parameter>) a text format code + page file to binary, or (<parameter>d</parameter>) de-compiling + a binary codepage file to text. </para></listitem> + </varlistentry> + + <varlistentry> + <term>codepage</term> + <listitem><para>This is the codepage we are processing (a + number, e.g. 850). </para></listitem> + </varlistentry> + + + <varlistentry> + <term>inputfile</term> + <listitem><para>This is the input file to process. In + the <parameter>c</parameter> case this will be a text + codepage definition file such as the ones found in the Samba + <filename>source/codepages</filename> directory. In + the <parameter>d</parameter> case this will be the + binary format codepage definition file normally found in + the <filename>lib/codepages</filename> directory in the + Samba install directory path.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>outputfile</term> + <listitem><para>This is the output file to produce.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>Samba Codepage Files</title> + + <para>A text Samba codepage definition file is a description + that tells Samba how to map from upper to lower case for + characters greater than ascii 127 in the specified DOS code page. + Note that for certain DOS codepages (437 for example) mapping + from lower to upper case may be non-symmetrical. For example, in + code page 437 lower case a acute maps to a plain upper case A + when going from lower to upper case, but plain upper case A maps + to plain lower case a when lower casing a character. </para> + + <para>A binary Samba codepage definition file is a binary + representation of the same information, including a value that + specifies what codepage this file is describing. </para> + + <para>As Samba does not yet use UNICODE (current for Samba version 2.2) + you must specify the client code page that your DOS and Windows + clients are using if you wish to have case insensitivity done + correctly for your particular language. The default codepage Samba + uses is 850 (Western European). Text codepage definition sample files + are provided in the Samba distribution for codepages 437 (USA), 737 (Greek), + 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic), + 932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional + Chinese). Users are encouraged to write text codepage definition files for + their own code pages and donate them to samba@samba.org. All codepage files + in the Samba <filename>source/codepages</filename> directory are + compiled and installed when a <command>'make install'</command> + command is issued there. </para> + + <para>The client codepage used by the <command>smbd</command> server + is configured using the <command>client code page</command> parameter + in the <command>smb.conf</command> file. </para> +</refsect1> + + +<refsect1> + <title>Files</title> + + <para><command>codepage_def.<codepage></command></para> + + <para>These are the input (text) codepage files provided in the + Samba <filename>source/codepages</filename> directory.</para> + + <para>A text codepage definition file consists of multiple lines + containing four fields. These fields are:</para> + + <itemizedlist> + <listitem><para><command>lower</command>: which is the + (hex) lower case character mapped on this line.</para> + </listitem> + + <listitem><para><command>upper</command>: which is the (hex) + upper case character that the lower case character will map to. + </para></listitem> + + <listitem><para><command>map upper to lower</command> which + is a boolean value (put either True or False here) which tells + Samba if it is to map the given upper case character to the + given lower case character when lower casing a filename. + </para></listitem> + + <listitem><para><command>map lower to upper</command> which + is a boolean value (put either True or False here) which tells + Samba if it is to map the given lower case character to the + given upper case character when upper casing a filename. + </para></listitem> + </itemizedlist> + + + <para><command>codepage.<codepage></command> - These are the + output (binary) codepage files produced and placed in the Samba + destination <filename>lib/codepage</filename> directory. </para> +</refsect1> + +<refsect1> + <title>Installation</title> + + <para>The location of the server and its support files is a + matter for individual system administrators. The following are + thus suggestions only. </para> + + <para>It is recommended that the <command>make_smbcodepage + </command> program be installed under the <filename>/usr/local/samba + </filename> hierarchy, in a directory readable by all, writeable + only by root. The program itself should be executable by all. The + program should NOT be setuid or setgid! </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/make_unicodemap.1.sgml b/docs/docbook/manpages/make_unicodemap.1.sgml new file mode 100644 index 0000000000..5e7292341b --- /dev/null +++ b/docs/docbook/manpages/make_unicodemap.1.sgml @@ -0,0 +1,172 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="make-unicodemap"> + +<refmeta> + <refentrytitle>make_unicodemap</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>make_unicodemap</refname> + <refpurpose>construct a unicode map file for Samba</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>make_unicodemap</command> + <arg choice="req">codepage</arg> + <arg choice="req">inputfile</arg> + <arg choice="req">outputfile</arg> + </cmdsynopsis> +</refsynopsisdiv> + + + +<refsect1> + <title>DESCRIPTION</title> + + <para> + This tool is part of the <ulink url="samba.7.html">Samba</ulink> + suite. + </para> + + <para> + <command>make_unicodemap</command> compiles text unicode map + files into binary unicode map files for use with the + internationalization features of Samba 2.2. + </para> +</refsect1> + + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>codepage</term> + <listitem><para>This is the codepage or UNIX character + set we are processing (a number, e.g. 850). + </para></listitem> + </varlistentry> + + <varlistentry> + <term>inputfile</term> + <listitem><para>This is the input file to process. This is a + text unicode map file such as the ones found in the Samba + <filename>source/codepages</filename> directory. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>outputfile</term> + <listitem><para>This is the binary output file to produce. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>Samba Unicode Map Files</title> + + <para> + A text Samba unicode map file is a description that tells Samba + how to map characters from a specified DOS code page or UNIX character + set to 16 bit unicode. + </para> + + <para>A binary Samba unicode map file is a binary representation + of the same information, including a value that specifies what + codepage or UNIX character set this file is describing. + </para> +</refsect1> + +<refsect1> + <title>Files</title> + + <para><filename>CP<codepage>.TXT</filename></para> + + <para> + These are the input (text) unicode map files provided + in the Samba <filename>source/codepages</filename> + directory. + </para> + + <para> + A text unicode map file consists of multiple lines + containing two fields. These fields are : + </para> + + <itemizedlist> + <listitem><para><parameter>character</parameter> - which is + the (hex) character mapped on this line. + </para></listitem> + + <listitem><para><parameter>unicode</parameter> - which + is the (hex) 16 bit unicode character that the character + will map to. + </para></listitem> + </itemizedlist> + + <para> + <filename>unicode_map.<codepage></filename> - These are + the output (binary) unicode map files produced and placed in + the Samba destination <filename>lib/codepage</filename> + directory. + </para> +</refsect1> + + +<refsect1> + <title>Installation</title> + + <para> + The location of the server and its support files is a matter + for individual system administrators. The following are thus + suggestions only. + </para> + + <para> + It is recommended that the <command>make_unicodemap</command> + program be installed under the + <filename>$prefix/samba</filename> hierarchy, + in a directory readable by all, writeable only by root. The + program itself should be executable by all. The program + should NOT be setuid or setgid! + </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml new file mode 100644 index 0000000000..5b822ccfe6 --- /dev/null +++ b/docs/docbook/manpages/net.8.sgml @@ -0,0 +1,69 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="net"> + +<refmeta> + <refentrytitle>net</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>net</refname> + <refpurpose>Tool for administration of Samba and remote + CIFS servers.</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>net</command> + <arg choice="req"><ads|rap|rpc></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para></para> + +</refsect1> + + +<refsect1> + <title>COMMANDS</title> + + + <para></para> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is incomplete for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The current set of manpages and documentation is maintained + by the Samba Team in the same fashion as the Samba source code.</para> + +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml new file mode 100644 index 0000000000..46f36834df --- /dev/null +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -0,0 +1,356 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="nmbd"> + +<refmeta> + <refentrytitle>nmbd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>nmbd</refname> + <refpurpose>NetBIOS name server to provide NetBIOS + over IP naming services to clients</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>nmbd</command> + <arg choice="opt">-D</arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-o</arg> + <arg choice="opt">-P</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-V</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-H <lmhosts file></arg> + <arg choice="opt">-l <log directory></arg> + <arg choice="opt">-n <primary netbios name></arg> + <arg choice="opt">-p <port number></arg> + <arg choice="opt">-s <configuration file></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + <para>This program is part of the Samba suite.</para> + + <para><command>nmbd</command> is a server that understands + and can reply to NetBIOS over IP name service requests, like + those produced by SMB/CIFS clients such as Windows 95/98/ME, + Windows NT, Windows 2000, and LanManager clients. It also + participates in the browsing protocols which make up the + Windows "Network Neighborhood" view.</para> + + <para>SMB/CIFS clients, when they start up, may wish to + locate an SMB/CIFS server. That is, they wish to know what + IP number a specified host is using.</para> + + <para>Amongst other services, <command>nmbd</command> will + listen for such requests, and if its own NetBIOS name is + specified it will respond with the IP number of the host it + is running on. Its "own NetBIOS name" is by + default the primary DNS name of the host it is running on, + but this can be overridden with the <emphasis>-n</emphasis> + option (see OPTIONS below). Thus <command>nmbd</command> will + reply to broadcast queries for its own name(s). Additional + names for <command>nmbd</command> to respond on can be set + via parameters in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> configuration file.</para> + + <para><command>nmbd</command> can also be used as a WINS + (Windows Internet Name Server) server. What this basically means + is that it will act as a WINS database server, creating a + database from name registration requests that it receives and + replying to queries from clients for these names.</para> + + <para>In addition, <command>nmbd</command> can act as a WINS + proxy, relaying broadcast queries from clients that do + not understand how to talk the WINS protocol to a WIN + server.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-D</term> + <listitem><para>If specified, this parameter causes + <command>nmbd</command> to operate as a daemon. That is, + it detaches itself and runs in the background, fielding + requests on the appropriate port. By default, <command>nmbd</command> + will operate as a daemon if launched from a command shell. + nmbd can also be operated from the <command>inetd</command> + meta-daemon, although this is not recommended. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-a</term> + <listitem><para>If this parameter is specified, each new + connection will append log messages to the log file. + This is the default.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem><para>If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-o</term> + <listitem><para>If this parameter is specified, the + log files will be overwritten when opened. By default, + <command>smbd</command> will append entries to the log + files.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem><para>Prints the help information (usage) + for <command>nmbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-H <filename></term> + <listitem><para>NetBIOS lmhosts file. The lmhosts + file is a list of NetBIOS names to IP addresses that + is loaded by the nmbd server and used via the name + resolution mechanism <ulink url="smb.conf.5.html#nameresolveorder"> + name resolve order</ulink> described in <ulink + url="smb.conf.5.html"> <filename>smb.conf(5)</filename></ulink> + to resolve any NetBIOS name queries needed by the server. Note + that the contents of this file are <emphasis>NOT</emphasis> + used by <command>nmbd</command> to answer any name queries. + Adding a line to this file affects name NetBIOS resolution + from this host <emphasis>ONLY</emphasis>.</para> + + <para>The default path to this file is compiled into + Samba as part of the build process. Common defaults + are <filename>/usr/local/samba/lib/lmhosts</filename>, + <filename>/usr/samba/lib/lmhosts</filename> or + <filename>/etc/lmhosts</filename>. See the <ulink url="lmhosts.5.html"> + <filename>lmhosts(5)</filename></ulink> man page for details on the + contents of this file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-V</term> + <listitem><para>Prints the version number for + <command>nmbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-d <debug level></term> + <listitem><para>debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.</para> + + <para>The higher this value, the more detail will + be logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.</para> + + <para>Levels above 1 will generate considerable amounts + of log data, and should only be used when investigating + a problem. Levels above 3 are designed for use only by developers + and generate HUGE amounts of log data, most of which is extremely + cryptic.</para> + + <para>Note that specifying this parameter here will override + the <ulink url="smb.conf.5.html#loglevel">log level</ulink> + parameter in the <ulink url="smb.conf.5.html"><filename> + smb.conf</filename></ulink> file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-l <log directory></term> + <listitem><para>The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running + <command>nmbd</command> server.</para> + + <para>The default log directory is compiled into Samba + as part of the build process. Common defaults are <filename> + /usr/local/samba/var/log.nmb</filename>, <filename> + /usr/samba/var/log.nmb</filename> or + <filename>/var/log/log.nmb</filename>.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-n <primary NetBIOS name></term> + <listitem><para>This option allows you to override + the NetBIOS name that Samba uses for itself. This is identical + to setting the <ulink url="smb.conf.5.html#netbiosname"> + NetBIOS name</ulink> parameter in the <ulink url="smb.conf.5.html"> + <filename>smb.conf</filename></ulink> file. However, a command + line setting will take precedence over settings in + <filename>smb.conf</filename>.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-p <UDP port number></term> + <listitem><para>UDP port number is a positive integer value. + This option changes the default UDP port number (normally 137) + that <command>nmbd</command> responds to name queries on. Don't + use this option unless you are an expert, in which case you + won't need help!</para></listitem> + </varlistentry> + + <varlistentry> + <term>-s <configuration file></term> + <listitem><para>The default configuration file name + is set at build time, typically as <filename> + /usr/local/samba/lib/smb.conf</filename>, but + this may be changed when Samba is autoconfigured.</para> + + <para>The file specified contains the configuration details + required by the server. See <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> for more information. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/inetd.conf</filename></term> + <listitem><para>If the server is to be run by the + <command>inetd</command> meta-daemon, this file + must contain suitable startup information for the + meta-daemon. See the <ulink + url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document + for details. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/rc</filename></term> + <listitem><para>or whatever initialization script your + system uses).</para> + + <para>If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. See the <ulink + url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document + for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>If running the server via the + meta-daemon <command>inetd</command>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> + document for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of the + <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> + server configuration file. Other common places that systems + install this file are <filename>/usr/samba/lib/smb.conf</filename> + and <filename>/etc/smb.conf</filename>.</para> + + <para>When run as a WINS server (see the + <ulink url="smb.conf.5.html#WINSSUPPORT">wins support</ulink> + parameter in the <filename>smb.conf(5)</filename> man page), + <command>nmbd</command> + will store the WINS database in the file <filename>wins.dat</filename> + in the <filename>var/locks</filename> directory configured under + wherever Samba was configured to install itself.</para> + + <para>If <command>nmbd</command> is acting as a <emphasis> + browse master</emphasis> (see the <ulink + url="smb.conf.5.html#LOCALMASTER">local master</ulink> + parameter in the <filename>smb.conf(5)</filename> man page, + <command>nmbd</command> + will store the browsing database in the file <filename>browse.dat + </filename> in the <filename>var/locks</filename> directory + configured under wherever Samba was configured to install itself. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>SIGNALS</title> + + <para>To shut down an <command>nmbd</command> process it is recommended + that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate <command>nmbd</command> is to send it + a SIGTERM (-15) signal and wait for it to die on its own.</para> + + <para><command>nmbd</command> will accept SIGHUP, which will cause + it to dump out its namelists into the file <filename>namelist.debug + </filename> in the <filename>/usr/local/samba/var/locks</filename> + directory (or the <filename>var/locks</filename> directory configured + under wherever Samba was configured to install itself). This will also + cause <command>nmbd</command> to dump out its server database in + the <filename>log.nmb</filename> file.</para> + + <para>The debug log level of nmbd may be raised or lowered using + <ulink url="smbcontrol.1.html"><command>smbcontrol(1)</command> + </ulink> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + to allow transient problems to be diagnosed, whilst still running + at a normally low log level.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><command>inetd(8)</command>, <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink>, <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="testparm.1.html"><command> + testparm(1)</command></ulink>, <ulink url="testprns.1.html"> + <command>testprns(1)</command></ulink>, and the Internet RFC's + <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page <ulink url="http://samba.org/cifs/"> + http://samba.org/cifs/</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml new file mode 100644 index 0000000000..67efac5634 --- /dev/null +++ b/docs/docbook/manpages/nmblookup.1.sgml @@ -0,0 +1,249 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="nmblookup"> + +<refmeta> + <refentrytitle>nmblookup</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>nmblookup</refname> + <refpurpose>NetBIOS over TCP/IP client used to lookup NetBIOS + names</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>nmblookup</command> + <arg choice="opt">-M</arg> + <arg choice="opt">-R</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-A</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-B <broadcast address></arg> + <arg choice="opt">-U <unicast address></arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-i <NetBIOS scope></arg> + <arg choice="opt">-T</arg> + <arg choice="req">name</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>nmblookup</command> is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-M</term> + <listitem><para>Searches for a master browser by looking + up the NetBIOS name <replaceable>name</replaceable> with a + type of <constant>0x1d</constant>. If <replaceable> + name</replaceable> is "-" then it does a lookup on the special name + <constant>__MSBROWSE__</constant>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-R</term> + <listitem><para>Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See rfc1001, rfc1002 for details. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-S</term> + <listitem><para>Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-r</term> + <listitem><para>Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the <ulink url="nmbd.8.html">nmbd(8)</ulink> + daemon is running on this machine it also binds to this port. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A</term> + <listitem><para>Interpret <replaceable>name</replaceable> as + an IP Address and do a node status query on this address.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-h</term> + <listitem><para>Print a help (usage) message.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-B <broadcast address></term> + <listitem><para>Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the <ulink + url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter> + </ulink> parameter of the <filename>smb.conf (5)</filename> file. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-U <unicast address></term> + <listitem><para>Do a unicast query to the specified address or + host <replaceable>unicast address</replaceable>. This option + (along with the <parameter>-R</parameter> option) is needed to + query a WINS server.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-d <debuglevel></term> + <listitem><para>debuglevel is an integer from 0 to 10.</para> + + <para>The default value if this parameter is not specified + is zero.</para> + + <para>The higher this value, the more detail will be logged + about the activities of <command>nmblookup</command>. At level + 0, only critical errors and serious warnings will be logged.</para> + + <para>Levels above 1 will generate considerable amounts of + log data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of data, most of which is extremely cryptic.</para> + + <para>Note that specifying this parameter here will override + the <ulink url="smb.conf.5.html#LOGLEVEL"><parameter> + log level</parameter></ulink> parameter in the <filename> + smb.conf(5)</filename> file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-s <smb.conf></term> + <listitem><para>This parameter specifies the pathname to + the Samba configuration file, <ulink url="smb.conf.5.html"> + smb.conf(5)</ulink>. This file controls all aspects of + the Samba setup on the machine.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i <scope></term> + <listitem><para>This specifies a NetBIOS scope that + <command>nmblookup</command> will use to communicate with when + generating NetBIOS names. For details on the use of NetBIOS + scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are + <emphasis>very</emphasis> rarely used, only set this parameter + if you are the system administrator in charge of all the + NetBIOS systems you communicate with.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-T</term> + <listitem><para>This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each</para> + + <para><emphasis>IP address .... NetBIOS name</emphasis></para> + + <para> pair that is the normal output.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>name</term> + <listitem><para>This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>EXAMPLES</title> + + <para><command>nmblookup</command> can be used to query + a WINS server (in the same way <command>nslookup</command> is + used to query DNS servers). To query a WINS server, + <command>nmblookup</command> must be called like this:</para> + + <para><command>nmblookup -U server -R 'name'</command></para> + + <para>For example, running :</para> + + <para><command>nmblookup -U samba.org -R 'IRIX#1B'</command></para> + + <para>would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="samba.7.html">samba(7)</ulink>, and <ulink + url="smb.conf.5.html">smb.conf(5)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml new file mode 100644 index 0000000000..eeb1fb0d2c --- /dev/null +++ b/docs/docbook/manpages/pdbedit.8.sgml @@ -0,0 +1,290 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="pdbedit"> + +<refmeta> + <refentrytitle>pdbedit</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>pdbedit</refname> + <refpurpose>manage the SAM database</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>pdbedit</command> + <arg choice="opt">-l</arg> + <arg choice="opt">-v</arg> + <arg choice="opt">-w</arg> + <arg choice="opt">-u username</arg> + <arg choice="opt">-f fullname</arg> + <arg choice="opt">-h homedir</arg> + <arg choice="opt">-d drive</arg> + <arg choice="opt">-s script</arg> + <arg choice="opt">-p profile</arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-m</arg> + <arg choice="opt">-x</arg> + <arg choice="opt">-i file</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para>The pdbedit program is used to manage the users accounts + stored in the sam database and can be run only by root.</para> + + <para>The pdbedit tool use the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be addedd + without changing the tool).</para> + + <para>There are five main ways to use pdbedit: adding a user account, + removing a user account, modifing a user account, listing user + accounts, importing users accounts.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>-l</term> + <listitem><para>This option list all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character.</para> + + <para>Example: <command>pdbedit -l</command></para> + <para><programlisting> + sorce:500:Simo Sorce + samba:45:Test User + </programlisting></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-v</term> + <listitem><para>This option sets the verbose listing format. + It will make pdbedit list the users in the database printing + out the account fields in a descriptive format.</para> + + <para>Example: <command>pdbedit -l -v</command></para> + <para><programlisting> + --------------- + username: sorce + user ID/Group: 500/500 + user RID/GRID: 2000/2001 + Full Name: Simo Sorce + Home Directory: \\BERSERKER\sorce + HomeDir Drive: H: + Logon Script: \\BERSERKER\netlogon\sorce.bat + Profile Path: \\BERSERKER\profile + --------------- + username: samba + user ID/Group: 45/45 + user RID/GRID: 1090/1091 + Full Name: Test User + Home Directory: \\BERSERKER\samba + HomeDir Drive: + Logon Script: + Profile Path: \\BERSERKER\profile + </programlisting></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-w</term> + <listitem><para>This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database printing + out the account fields in a format compatible with the + <filename>smbpasswd</filename> file format. (see the <ulink + url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para> + + <para>Example: <command>pdbedit -l -w</command></para> + <para><programlisting> + sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: + samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: + </programlisting></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-u username</term> + <listitem><para>This option specifies that the username to be + used for the operation requested (listing, adding, removing) + It is <emphasis>required</emphasis> in add, remove and modify + operations and <emphasis>optional</emphasis> in list + operations.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-f fullname</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's full + name. </para> + + <para>Example: <command>-f "Simo Sorce"</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-h homedir</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's home + directory network path.</para> + + <para>Example: <command>-h "\\\\BERSERKER\\sorce"</command> + </para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-d drive</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the windows drive + letter to be used to map the home directory.</para> + + <para>Example: <command>-d "H:"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-s script</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's logon + script path.</para> + + <para>Example: <command>-s "\\\\BERSERKER\\netlogon\\sorce.bat"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-p profile</term> + <listitem><para>This option can be used while adding or + modifing a user account. It will specify the user's profile + directory.</para> + + <para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-a</term> + <listitem><para>This option is used to add a user into the + database. This command need the user name be specified with + the -u switch. When adding a new user pdbedit will also + ask for the password to be used</para> + + <para>Example: <command>pdbedit -a -u sorce</command> + <programlisting>new password: + retype new password</programlisting> + </para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-m</term> + <listitem><para>This option may only be used in conjunction + with the <parameter>-a</parameter> option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name).</para> + + <para>Example: <command>pdbedit -a -m -u w2k-wks</command> + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-x</term> + <listitem><para>This option causes pdbedit to delete an account + from the database. It need the username be specified with the + -u switch.</para> + + <para>Example: <command>pdbedit -x -u bob</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-i file</term> + <listitem><para>This command is used to import a smbpasswd + file into the database.</para> + + <para>This option will ease migration from the plain smbpasswd + file database to more powerful backend databases like tdb and + ldap.</para> + + <para>Example: <command>pdbedit -i /etc/smbpasswd.old</command> + </para> + </listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>This command may be used only by root.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbpasswd.8.html">smbpasswd(8)</ulink>, + <ulink url="samba.7.html">samba(7)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml new file mode 100644 index 0000000000..f2a44d69d9 --- /dev/null +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -0,0 +1,421 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="rpcclient"> + +<refmeta> + <refentrytitle>rpcclient</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>rpcclient</refname> + <refpurpose>tool for executing client side + MS-RPC functions</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>rpcclient</command> + <arg choice="req">server</arg> + <arg choice="opt">-A authfile</arg> + <arg choice="opt">-c <command string></arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-l logfile</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-U username[%password]</arg> + <arg choice="opt">-W workgroup</arg> + <arg choice="opt">-N</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>rpcclient</command> is a utility initially developed + to test MS-RPC functionality in Samba itself. It has undergone + several stages of development and stability. Many system administrators + have now written scripts around it to manage Windows NT clients from + their UNIX workstation. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>server</term> + <listitem><para>NetBIOS name of Server to which to connect. + The server can be any SMB/CIFS server. The name is + resolved using the <ulink url="smb.conf.5.html#NAMERESOLVEORDER"> + <parameter>name resolve order</parameter></ulink> line from + <filename>smb.conf(5)</filename>.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A|--authfile=filename</term> + <listitem><para>This option allows + you to specify a file from which to read the username and + password used in the connection. The format of the file is + </para> + + <para><programlisting> + username = <value> + password = <value> + domain = <value> + </programlisting></para> + + <para>Make certain that the permissions on the file restrict + access from unwanted users. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-c|--command='command string'</term> + <listitem><para>execute semicolon separated commands (listed + below)) </para></listitem> + </varlistentry> + + + + + <varlistentry> + <term>-d|--debug=debuglevel</term> + <listitem><para>set the debuglevel. Debug level 0 is the lowest + and 100 being the highest. This should be set to 100 if you are + planning on submitting a bug report to the Samba team (see <filename>BUGS.txt</filename>). + </para></listitem> + </varlistentry> + + + + + <varlistentry> + <term>-h|--help</term> + <listitem><para>Print a summary of command line options. + </para></listitem> + </varlistentry> + + + + + <varlistentry> + <term>-l|--logfile=logbasename</term> + <listitem><para>File name for log/debug files. The extension + <constant>'.client'</constant> will be appended. The log file is never removed + by the client. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-N|--nopass</term> + <listitem><para>instruct <command>rpcclient</command> not to ask + for a password. By default, <command>rpcclient</command> will prompt + for a password. See also the <parameter>-U</parameter> option.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-s|--conf=smb.conf</term> + <listitem><para>Specifies the location of the all important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-U|--user=username[%password]</term> + <listitem><para>Sets the SMB username or username and password. </para> + + <para>If %password is not specified, the user will be prompted. The + client will first check the <envar>USER</envar> environment variable, then the + <envar>LOGNAME</envar> variable and if either exists, the + string is uppercased. If these environmental variables are not + found, the username <constant>GUEST</constant> is used. </para> + + <para>A third option is to use a credentials file which + contains the plaintext of the username and password. This + option is mainly provided for scripts where the admin doesn't + desire to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + <parameter>-A</parameter> for more details. </para> + + <para>Be cautious about including passwords in scripts. Also, on + many systems the command line of a running process may be seen + via the <command>ps</command> command. To be safe always allow + <command>rpcclient</command> to prompt for a password and type + it in directly. </para></listitem> + </varlistentry> + + + + + <varlistentry> + <term>-W|--workgroup=domain</term> + <listitem><para>Set the SMB domain of the username. This + overrides the default domain which is the domain defined in + smb.conf. If the domain specified is the same as the server's NetBIOS name, + it causes the client to log on using the server's local SAM (as + opposed to the Domain SAM). </para></listitem> + </varlistentry> + + + </variablelist> +</refsect1> + + +<refsect1> + <title>COMMANDS</title> + + <para><emphasis>LSARPC</emphasis></para> + <itemizedlist> + <listitem><para><command>lsaquery</command></para></listitem> + + <listitem><para><command>lookupsids</command> - Resolve a list + of SIDs to usernames. + </para></listitem> + + <listitem><para><command>lookupnames</command> - Resolve s list + of usernames to SIDs. + </para></listitem> + + <listitem><para><command>enumtrusts</command></para></listitem> + </itemizedlist> + <para> </para> + + + + <para><emphasis>SAMR</emphasis></para> + <itemizedlist> + <listitem><para><command>queryuser</command></para></listitem> + <listitem><para><command>querygroup</command></para></listitem> + <listitem><para><command>queryusergroups</command></para></listitem> + <listitem><para><command>querygroupmem</command></para></listitem> + <listitem><para><command>queryaliasmem</command></para></listitem> + <listitem><para><command>querydispinfo</command></para></listitem> + <listitem><para><command>querydominfo</command></para></listitem> + <listitem><para><command>enumdomgroups</command></para></listitem> + </itemizedlist> + <para> </para> + + + + <para><emphasis>SPOOLSS</emphasis></para> + + <itemizedlist> + <listitem><para><command>adddriver <arch> <config></command> + - Execute an AddPrinterDriver() RPC to install the printer driver + information on the server. Note that the driver files should + already exist in the directory returned by + <command>getdriverdir</command>. Possible values for + <parameter>arch</parameter> are the same as those for + the <command>getdriverdir</command> command. + The <parameter>config</parameter> parameter is defined as + follows: </para> + + <para><programlisting> + Long Printer Name:\ + Driver File Name:\ + Data File Name:\ + Config File Name:\ + Help File Name:\ + Language Monitor Name:\ + Default Data Type:\ + Comma Separated list of Files + </programlisting></para> + + <para>Any empty fields should be enter as the string "NULL". </para> + + <para>Samba does not need to support the concept of Print Monitors + since these only apply to local printers whose driver can make + use of a bi-directional link for communication. This field should + be "NULL". On a remote NT print server, the Print Monitor for a + driver must already be installed prior to adding the driver or + else the RPC will fail. </para></listitem> + + + + + <listitem><para><command>addprinter <printername> + <sharename> <drivername> <port></command> + - Add a printer on the remote server. This printer + will be automatically shared. Be aware that the printer driver + must already be installed on the server (see <command>adddriver</command>) + and the <parameter>port</parameter>must be a valid port name (see + <command>enumports</command>.</para> + </listitem> + + + <listitem><para><command>deldriver</command> - Delete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. + </para></listitem> + + <listitem><para><command>enumdata</command> - Enumerate all + printer setting data stored on the server. On Windows NT clients, + these values are stored in the registry, while Samba servers + store them in the printers TDB. This command corresponds + to the MS Platform SDK GetPrinterData() function (* This + command is currently unimplemented).</para></listitem> + + + + <listitem><para><command>enumjobs <printer></command> + - List the jobs and status of a given printer. + This command corresponds to the MS Platform SDK EnumJobs() + function (* This command is currently unimplemented).</para></listitem> + + + + + <listitem><para><command>enumports [level]</command> + - Executes an EnumPorts() call using the specified + info level. Currently only info levels 1 and 2 are supported. + </para></listitem> + + + + <listitem><para><command>enumdrivers [level]</command> + - Execute an EnumPrinterDrivers() call. This lists the various installed + printer drivers for all architectures. Refer to the MS Platform SDK + documentation for more details of the various flags and calling + options. Currently supported info levels are 1, 2, and 3.</para></listitem> + + + + <listitem><para><command>enumprinters [level]</command> + - Execute an EnumPrinters() call. This lists the various installed + and share printers. Refer to the MS Platform SDK documentation for + more details of the various flags and calling options. Currently + supported info levels are 0, 1, and 2.</para></listitem> + + + + + <listitem><para><command>getdata <printername></command> + - Retrieve the data for a given printer setting. See + the <command>enumdata</command> command for more information. + This command corresponds to the GetPrinterData() MS Platform + SDK function (* This command is currently unimplemented). </para></listitem> + + + + <listitem><para><command>getdriver <printername></command> + - Retrieve the printer driver information (such as driver file, + config file, dependent files, etc...) for + the given printer. This command corresponds to the GetPrinterDriver() + MS Platform SDK function. Currently info level 1, 2, and 3 are supported. + </para></listitem> + + + <listitem><para><command>getdriverdir <arch></command> + - Execute a GetPrinterDriverDirectory() + RPC to retreive the SMB share name and subdirectory for + storing printer driver files for a given architecture. Possible + values for <parameter>arch</parameter> are "Windows 4.0" + (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows + Alpha_AXP", and "Windows NT R4000". </para></listitem> + + + + <listitem><para><command>getprinter <printername></command> + - Retrieve the current printer information. This command + corresponds to the GetPrinter() MS Platform SDK function. + </para></listitem> + + + + <listitem><para><command>openprinter <printername></command> + - Execute an OpenPrinterEx() and ClosePrinter() RPC + against a given printer. </para></listitem> + + + <listitem><para><command>setdriver <printername> <drivername></command> + - Execute a SetPrinter() command to update the printer driver associated + with an installed printer. The printer driver must already be correctly + installed on the print server. </para> + + <para>See also the <command>enumprinters</command> and + <command>enumdrivers</command> commands for obtaining a list of + of installed printers and drivers.</para></listitem> + + </itemizedlist> + + + <para><emphasis>GENERAL OPTIONS</emphasis></para> + + <itemizedlist> + <listitem><para><command>debuglevel</command> - Set the current debug level + used to log information.</para></listitem> + + <listitem><para><command>help (?)</command> - Print a listing of all + known commands or extended help on a particular command. + </para></listitem> + + <listitem><para><command>quit (exit)</command> - Exit <command>rpcclient + </command>.</para></listitem> + </itemizedlist> + + +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para><command>rpcclient</command> is designed as a developer testing tool + and may not be robust in certain areas (such as command line parsing). + It has been known to generate a core dump upon failures when invalid + parameters where passed to the interpreter. </para> + + <para>From Luke Leighton's original rpcclient man page:</para> + + <para><emphasis>"WARNING!</emphasis> The MSRPC over SMB code has + been developed from examining Network traces. No documentation is + available from the original creators (Microsoft) on how MSRPC over + SMB works, or how the individual MSRPC services work. Microsoft's + implementation of these services has been demonstrated (and reported) + to be... a bit flaky in places. </para> + + <para>The development of Samba's implementation is also a bit rough, + and as more of the services are understood, it can even result in + versions of <command>smbd(8)</command> and <command>rpcclient(1)</command> + that are incompatible for some commands or services. Additionally, + the developers are sending reports to Microsoft, and problems found + or reported to Microsoft are fixed in Service Packs, which may + result in incompatibilities." </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of the Samba + suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original rpcclient man page was written by Matthew + Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. + The conversion to DocBook for Samba 2.2 was done by Gerald + Carter.</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml new file mode 100644 index 0000000000..5d81d9d446 --- /dev/null +++ b/docs/docbook/manpages/samba.7.sgml @@ -0,0 +1,213 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="samba"> + +<refmeta> + <refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum> +</refmeta> + + +<refnamediv> + <refname>SAMBA</refname> + <refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis><command>Samba</command></cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems. This protocol is sometimes + also referred to as the Common Internet File System (CIFS), + LanManager or NetBIOS protocol.</para> + + <variablelist> + <varlistentry> + <term><command>smbd</command></term> + <listitem><para>The <command>smbd </command> + daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file + for this daemon is described in <filename>smb.conf</filename> + </para></listitem> + </varlistentry> + + <varlistentry> + <term><command>nmbd</command></term> + <listitem><para>The <command>nmbd</command> + daemon provides NetBIOS nameserving and browsing + support. The configuration file for this daemon + is described in <filename>smb.conf</filename></para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>smbclient</command></term> + <listitem><para>The <command>smbclient</command> + program implements a simple ftp-like client. This + is useful for accessing SMB shares on other compatible + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to + any SMB server (such as a PC running Windows NT).</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>testparm</command></term> + <listitem><para>The <command>testparm</command> + utility is a simple syntax checker for Samba's + <filename>smb.conf</filename>configuration file.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>testprns</command></term> + <listitem><para>The <command>testprns</command> + utility supports testing printer names defined + in your <filename>printcap></filename> file used + by Samba.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>smbstatus</command></term> + <listitem><para>The <command>smbstatus</command> + tool provides access to information about the + current connections to <command>smbd</command>.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>nmblookup</command></term> + <listitem><para>The <command>nmblookup</command> + tools allows NetBIOS name queries to be made + from a UNIX host.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>make_smbcodepage</command></term> + <listitem><para>The <command>make_smbcodepage</command> + utility provides a means of creating SMB code page + definition files for your <command>smbd</command> server.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>smbpasswd</command></term> + <listitem><para>The <command>smbpasswd</command> + command is a tool for changing LanMan and Windows NT + password hashes on Samba and Windows NT servers.</para> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>COMPONENTS</title> + + <para>The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the + manual pages aren't clear enough then please send a patch or + bug report to <ulink url="mailto:samba@samba.org"> + samba@samba.org</ulink></para> + + + +</refsect1> + +<refsect1> + <title>AVAILABILITY</title> + + <para>The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but + please obey the terms of this license.</para> + + <para>The latest version of the Samba suite can be + obtained via anonymous ftp from samba.org in the + directory pub/samba/. It is also available on several + mirror sites worldwide.</para> + + <para>You may also find useful information about Samba + on the newsgroup <ulink url="news:comp.protocols.smb"> + comp.protocol.smb</ulink> and the Samba mailing + list. Details on how to join the mailing list are given in + the README file that comes with Samba.</para> + + <para>If you have access to a WWW viewer (such as Netscape + or Mosaic) then you will also find lots of useful information, + including back issues of the Samba mailing list, at + <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of the + Samba suite. </para> +</refsect1> + +<refsect1> + <title>CONTRIBUTIONS</title> + + <para>If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at + <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>. + </para> + + <para>If you have patches to submit or bugs to report + then you may mail them directly to samba-patches@samba.org. + Note, however, that due to the enormous popularity of this + package the Samba Team may take some time to respond to mail. We + prefer patches in <command>diff -u</command> format.</para> +</refsect1> + +<refsect1> + <title>CONTRIBUTORS</title> + + <para>Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba + users. To see a full list, look at <ulink + url="ftp://samba.org/pub/samba/alpha/change-log"> + ftp://samba.org/pub/samba/alpha/change-log</ulink> + for the pre-CVS changes and at <ulink + url="ftp://samba.org/pub/samba/alpha/cvs.log"> + ftp://samba.org/pub/samba/alpha/cvs.log</ulink> + for the contributors to Samba post-CVS. CVS is the Open Source + source code control system used by the Samba Team to develop + Samba. The project would have been unmanageable without it.</para> + + <para>In addition, several commercial organizations now help + fund the Samba Team with money and equipment. For details see + the Samba Web pages at <ulink + url="http://samba.org/samba/samba-thanks.html"> + http://samba.org/samba/samba-thanks.html</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml new file mode 100644 index 0000000000..1567087d9e --- /dev/null +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -0,0 +1,8411 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smb.conf"> + +<refmeta> + <refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smb.conf</refname> + <refpurpose>The configuration file for the Samba suite</refpurpose> +</refnamediv> + +<refsect1> + <title>SYNOPSIS</title> + + <para>The <filename>smb.conf</filename> file is a configuration + file for the Samba suite. <filename>smb.conf</filename> contains + runtime configuration information for the Samba programs. The + <filename>smb.conf</filename> file is designed to be configured and + administered by the <ulink url="swat.8.html"><command>swat(8)</command> + </ulink> program. The complete description of the file format and + possible parameters held within are here for reference purposes.</para> +</refsect1> + +<refsect1> + <title id="FILEFORMATSECT">FILE FORMAT</title> + + <para>The file consists of sections and parameters. A section + begins with the name of the section in square brackets and continues + until the next section begins. Sections contain parameters of the + form</para> + + <para><replaceable>name</replaceable> = <replaceable>value + </replaceable></para> + + <para>The file is line-based - that is, each newline-terminated + line represents either a comment, a section name or a parameter.</para> + + <para>Section and parameter names are not case sensitive.</para> + + <para>Only the first equals sign in a parameter is significant. + Whitespace before or after the first equals sign is discarded. + Leading, trailing and internal whitespace in section and parameter + names is irrelevant. Leading and trailing whitespace in a parameter + value is discarded. Internal whitespace within a parameter value + is retained verbatim.</para> + + <para>Any line beginning with a semicolon (';') or a hash ('#') + character is ignored, as are lines containing only whitespace.</para> + + <para>Any line ending in a '\' is continued + on the next line in the customary UNIX fashion.</para> + + <para>The values following the equals sign in parameters are all + either a string (no quotes needed) or a boolean, which may be given + as yes/no, 0/1 or true/false. Case is not significant in boolean + values, but is preserved in string values. Some items such as + create modes are numeric.</para> +</refsect1> + +<refsect1> + <title>SECTION DESCRIPTIONS</title> + + <para>Each section in the configuration file (except for the + [global] section) describes a shared resource (known + as a "share"). The section name is the name of the + shared resource and the parameters within the section define + the shares attributes.</para> + + <para>There are three special sections, [global], + [homes] and [printers], which are + described under <emphasis>special sections</emphasis>. The + following notes apply to ordinary section descriptions.</para> + + <para>A share consists of a directory to which access is being + given plus a description of the access rights which are granted + to the user of the service. Some housekeeping options are + also specifiable.</para> + + <para>Sections are either file share services (used by the + client as an extension of their native file systems) or + printable services (used by the client to access print services + on the host running the server).</para> + + <para>Sections may be designated <emphasis>guest</emphasis> services, + in which case no password is required to access them. A specified + UNIX <emphasis>guest account</emphasis> is used to define access + privileges in this case.</para> + + <para>Sections other than guest services will require a password + to access them. The client provides the username. As older clients + only provide passwords and not usernames, you may specify a list + of usernames to check against the password using the "user =" + option in the share definition. For modern clients such as + Windows 95/98/ME/NT/2000, this should not be necessary.</para> + + <para>Note that the access rights granted by the server are + masked by the access rights granted to the specified or guest + UNIX user by the host system. The server does not grant more + access than the host system grants.</para> + + <para>The following sample section defines a file space share. + The user has write access to the path <filename>/home/bar</filename>. + The share is accessed via the share name "foo":</para> + + <screen> + <computeroutput> + [foo] + path = /home/bar + writeable = true + </computeroutput> + </screen> + + <para>The following sample section defines a printable share. + The share is readonly, but printable. That is, the only write + access permitted is via calls to open, write to and close a + spool file. The <emphasis>guest ok</emphasis> parameter means + access will be permitted as the default guest user (specified + elsewhere):</para> + + <screen> + <computeroutput> + [aprinter] + path = /usr/spool/public + writeable = false + printable = true + guest ok = true + </computeroutput> + </screen> +</refsect1> + +<refsect1> + <title>SPECIAL SECTIONS</title> + + <refsect2> + <title>The [global] section</title> + + <para>parameters in this section apply to the server + as a whole, or are defaults for sections which do not + specifically define certain items. See the notes + under PARAMETERS for more information.</para> + </refsect2> + + <refsect2> + <title id="HOMESECT">The [homes] section</title> + + <para>If a section called homes is included in the + configuration file, services connecting clients to their + home directories can be created on the fly by the server.</para> + + <para>When the connection request is made, the existing + sections are scanned. If a match is found, it is used. If no + match is found, the requested section name is treated as a + user name and looked up in the local password file. If the + name exists and the correct password has been given, a share is + created by cloning the [homes] section.</para> + + <para>Some modifications are then made to the newly + created share:</para> + + <itemizedlist> + <listitem><para>The share name is changed from homes to + the located username.</para></listitem> + + <listitem><para>If no path was given, the path is set to + the user's home directory.</para></listitem> + </itemizedlist> + + <para>If you decide to use a <emphasis>path =</emphasis> line + in your [homes] section then you may find it useful + to use the %S macro. For example :</para> + + <para><userinput>path = /data/pchome/%S</userinput></para> + + <para>would be useful if you have different home directories + for your PCs than for UNIX access.</para> + + <para>This is a fast and simple way to give a large number + of clients access to their home directories with a minimum + of fuss.</para> + + <para>A similar process occurs if the requested section + name is "homes", except that the share name is not + changed to that of the requesting user. This method of using + the [homes] section works well if different users share + a client PC.</para> + + <para>The [homes] section can specify all the parameters + a normal service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] + section:</para> + + <screen> + <computeroutput> + [homes] + writeable = yes + </computeroutput> + </screen> + + <para>An important point is that if guest access is specified + in the [homes] section, all home directories will be + visible to all clients <emphasis>without a password</emphasis>. + In the very unlikely event that this is actually desirable, it + would be wise to also specify <emphasis>read only + access</emphasis>.</para> + + <para>Note that the <emphasis>browseable</emphasis> flag for + auto home directories will be inherited from the global browseable + flag, not the [homes] browseable flag. This is useful as + it means setting <emphasis>browseable = no</emphasis> in + the [homes] section will hide the [homes] share but make + any auto home directories visible.</para> + </refsect2> + + <refsect2> + <title id="PRINTERSSECT">The [printers] section</title> + + <para>This section works like [homes], + but for printers.</para> + + <para>If a [printers] section occurs in the + configuration file, users are able to connect to any printer + specified in the local host's printcap file.</para> + + <para>When a connection request is made, the existing sections + are scanned. If a match is found, it is used. If no match is found, + but a [homes] section exists, it is used as described + above. Otherwise, the requested section name is treated as a + printer name and the appropriate printcap file is scanned to see + if the requested section name is a valid printer share name. If + a match is found, a new printer share is created by cloning + the [printers] section.</para> + + <para>A few modifications are then made to the newly created + share:</para> + + <itemizedlist> + <listitem><para>The share name is set to the located printer + name</para></listitem> + + <listitem><para>If no printer name was given, the printer name + is set to the located printer name</para></listitem> + + <listitem><para>If the share does not permit guest access and + no username was given, the username is set to the located + printer name.</para></listitem> + </itemizedlist> + + <para>Note that the [printers] service MUST be + printable - if you specify otherwise, the server will refuse + to load the configuration file.</para> + + <para>Typically the path specified would be that of a + world-writeable spool directory with the sticky bit set on + it. A typical [printers] entry would look like + this:</para> + + <screen><computeroutput> + [printers] + path = /usr/spool/public + guest ok = yes + printable = yes + </computeroutput></screen> + + <para>All aliases given for a printer in the printcap file + are legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will have + to set up a pseudo-printcap. This is a file consisting of one or + more lines like this:</para> + + <screen> + <computeroutput> + alias|alias|alias|alias... + </computeroutput> + </screen> + + <para>Each alias should be an acceptable printer name for + your printing subsystem. In the [global] section, specify + the new file as your printcap. The server will then only recognize + names found in your pseudo-printcap, which of course can contain + whatever aliases you like. The same technique could be used + simply to limit access to a subset of your local printers.</para> + + <para>An alias, by the way, is defined as any component of the + first entry of a printcap record. Records are separated by newlines, + components (if there are more than one) are separated by vertical + bar symbols ('|').</para> + + <para>NOTE: On SYSV systems which use lpstat to determine what + printers are defined on the system you may be able to use + "printcap name = lpstat" to automatically obtain a list + of printers. See the "printcap name" option + for more details.</para> + </refsect2> +</refsect1> + +<refsect1> + <title>PARAMETERS</title> + + <para>parameters define the specific attributes of sections.</para> + + <para>Some parameters are specific to the [global] section + (e.g., <emphasis>security</emphasis>). Some parameters are usable + in all sections (e.g., <emphasis>create mode</emphasis>). All others + are permissible only in normal sections. For the purposes of the + following descriptions the [homes] and [printers] + sections will be considered normal. The letter <emphasis>G</emphasis> + in parentheses indicates that a parameter is specific to the + [global] section. The letter <emphasis>S</emphasis> + indicates that a parameter can be specified in a service specific + section. Note that all <emphasis>S</emphasis> parameters can also be specified in + the [global] section - in which case they will define + the default behavior for all services.</para> + + <para>parameters are arranged here in alphabetical order - this may + not create best bedfellows, but at least you can find them! Where + there are synonyms, the preferred synonym is described, others refer + to the preferred synonym.</para> +</refsect1> + +<refsect1> + <title>VARIABLE SUBSTITUTIONS</title> + + <para>Many of the strings that are settable in the config file + can take substitutions. For example the option "path = + /tmp/%u" would be interpreted as "path = + /tmp/john" if the user connected with the username john.</para> + + <para>These substitutions are mostly noted in the descriptions below, + but there are some general substitutions which apply whenever they + might be relevant. These are:</para> + + <variablelist> + <varlistentry> + <term>%S</term> + <listitem><para>the name of the current service, if any.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%P</term> + <listitem><para>the root directory of the current service, + if any.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%u</term> + <listitem><para>user name of the current service, if any.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%g</term> + <listitem><para>primary group name of %u.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%U</term> + <listitem><para>session user name (the user name that the client + wanted, not necessarily the same as the one they got).</para></listitem> + </varlistentry> + + <varlistentry> + <term>%G</term> + <listitem><para>primary group name of %U.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%H</term> + <listitem><para>the home directory of the user given + by %u.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%v</term> + <listitem><para>the Samba version.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%h</term> + <listitem><para>the Internet hostname that Samba is running + on.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%m</term> + <listitem><para>the NetBIOS name of the client machine + (very useful).</para></listitem> + </varlistentry> + + <varlistentry> + <term>%L</term> + <listitem><para>the NetBIOS name of the server. This allows you + to change your config based on what the client calls you. Your + server can have a "dual personality".</para> + + <para>Note that this paramater is not available when Samba listens + on port 445, as clients no longer send this information </para> + </listitem> + + </varlistentry> + + <varlistentry> + <term>%M</term> + <listitem><para>the Internet name of the client machine. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>%N</term> + <listitem><para>the name of your NIS home directory server. + This is obtained from your NIS auto.map entry. If you have + not compiled Samba with the <emphasis>--with-automount</emphasis> + option then this value will be the same as %L.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%p</term> + <listitem><para>the path of the service's home directory, + obtained from your NIS auto.map entry. The NIS auto.map entry + is split up as "%N:%p".</para></listitem> + </varlistentry> + + <varlistentry> + <term>%R</term> + <listitem><para>the selected protocol level after + protocol negotiation. It can be one of CORE, COREPLUS, + LANMAN1, LANMAN2 or NT1.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%d</term> + <listitem><para>The process id of the current server + process.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%a</term> + <listitem><para>the architecture of the remote + machine. Only some are recognized, and those may not be + 100% reliable. It currently recognizes Samba, WfWg, Win95, + WinNT and Win2k. Anything else will be known as + "UNKNOWN". If it gets it wrong then sending a level + 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org + </ulink> should allow it to be fixed.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%I</term> + <listitem><para>The IP address of the client machine.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>%T</term> + <listitem><para>the current date and time.</para></listitem> + </varlistentry> + + <varlistentry> + <term>%$(<replaceable>envvar</replaceable>)</term> + <listitem><para>The value of the environment variable + <replaceable>envar</replaceable>.</para></listitem> + </varlistentry> + </variablelist> + + <para>There are some quite creative things that can be done + with these substitutions and other smb.conf options.</para +</refsect1> + +<refsect1> + <title id="NAMEMANGLINGSECT">NAME MANGLING</title> + + <para>Samba supports "name mangling" so that DOS and + Windows clients can use files that don't conform to the 8.3 format. + It can also be set to adjust the case of 8.3 format filenames.</para> + + <para>There are several options that control the way mangling is + performed, and they are grouped here rather than listed separately. + For the defaults look at the output of the testparm program. </para> + + <para>All of these options can be set separately for each service + (or globally, of course). </para> + + <para>The options are: </para> + + <variablelist> + + <varlistentry> + <term>mangle case = yes/no</term> + <listitem><para> controls if names that have characters that + aren't of the "default" case are mangled. For example, + if this is yes then a name like "Mail" would be mangled. + Default <emphasis>no</emphasis>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>case sensitive = yes/no</term> + <listitem><para>controls whether filenames are case sensitive. If + they aren't then Samba must do a filename search and match on passed + names. Default <emphasis>no</emphasis>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>default case = upper/lower</term> + <listitem><para>controls what the default case is for new + filenames. Default <emphasis>lower</emphasis>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>preserve case = yes/no</term> + <listitem><para>controls if new files are created with the + case that the client passes, or if they are forced to be the + "default" case. Default <emphasis>yes</emphasis>. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>short preserve case = yes/no</term> + <listitem><para>controls if new files which conform to 8.3 syntax, + that is all in upper case and of suitable length, are created + upper case, or if they are forced to be the "default" + case. This option can be use with "preserve case = yes" + to permit long filenames to retain their case, while short names + are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> + </varlistentry> + </variablelist> + + <para>By default, Samba 2.2 has the same semantics as a Windows + NT server, in that it is case insensitive but case preserving.</para> + +</refsect1> + +<refsect1> + <title id="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> + + <para>There are a number of ways in which a user can connect + to a service. The server uses the following steps in determining + if it will allow a connection to a specified service. If all the + steps fail, then the connection request is rejected. However, if one of the + steps succeeds, then the following steps are not checked.</para> + + <para>If the service is marked "guest only = yes" then + steps 1 to 5 are skipped.</para> + + <orderedlist numeration="Arabic"> + <listitem><para>If the client has passed a username/password + pair and that username/password pair is validated by the UNIX + system's password programs then the connection is made as that + username. Note that this includes the + \\server\service%<replaceable>username</replaceable> method of passing + a username.</para></listitem> + + <listitem><para>If the client has previously registered a username + with the system and now supplies a correct password for that + username then the connection is allowed.</para></listitem> + + <listitem><para>The client's NetBIOS name and any previously + used user names are checked against the supplied password, if + they match then the connection is allowed as the corresponding + user.</para></listitem> + + <listitem><para>If the client has previously validated a + username/password pair with the server and the client has passed + the validation token then that username is used. </para></listitem> + + <listitem><para>If a "user = " field is given in the + <filename>smb.conf</filename> file for the service and the client + has supplied a password, and that password matches (according to + the UNIX system's password checking) with one of the usernames + from the "user =" field then the connection is made as + the username in the "user =" line. If one + of the username in the "user =" list begins with a + '@' then that name expands to a list of names in + the group of the same name.</para></listitem> + + <listitem><para>If the service is a guest service then a + connection is made as the username given in the "guest + account =" for the service, irrespective of the + supplied password.</para></listitem> + </orderedlist> + +</refsect1> + +<refsect1> + <title>COMPLETE LIST OF GLOBAL PARAMETERS</title> + + <para>Here is a list of all global parameters. See the section of + each parameter for details. Note that some are synonyms.</para> + + <itemizedlist> + <listitem><para><link linkend="ABORTSHUTDOWNSCRIPT"><parameter>abort shutdown script</parameter></link></para></listitem> + <listitem><para><link linkend="ADDPRINTERCOMMAND"><parameter>add printer command</parameter></link></para></listitem> + <listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem> + <listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem> + <listitem><para><link linkend="ADDMACHINESCRIPT"><parameter>add machine script</parameter></link></para></listitem> + <listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem> + <listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem> + <listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem> + <listitem><para><link linkend="AUTHMETHODS"><parameter>auth methods</parameter></link></para></listitem> + <listitem><para><link linkend="AUTOSERVICES"><parameter>auto services</parameter></link></para></listitem> + <listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem> + <listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem> + <listitem><para><link linkend="CHANGENOTIFYTIMEOUT"><parameter>change notify timeout</parameter></link></para></listitem> + <listitem><para><link linkend="CHANGESHARECOMMAND"><parameter>change share command</parameter></link></para></listitem> + <listitem><para><link linkend="CONFIGFILE"><parameter>config file</parameter></link></para></listitem> + <listitem><para><link linkend="DEADTIME"><parameter>deadtime</parameter></link></para></listitem> + <listitem><para><link linkend="DEBUGHIRESTIMESTAMP"><parameter>debug hires timestamp</parameter></link></para></listitem> + <listitem><para><link linkend="DEBUGPID"><parameter>debug pid</parameter></link></para></listitem> + <listitem><para><link linkend="DEBUGTIMESTAMP"><parameter>debug timestamp</parameter></link></para></listitem> + <listitem><para><link linkend="DEBUGUID"><parameter>debug uid</parameter></link></para></listitem> + <listitem><para><link linkend="DEBUGLEVEL"><parameter>debuglevel</parameter></link></para></listitem> + <listitem><para><link linkend="DEFAULT"><parameter>default</parameter></link></para></listitem> + <listitem><para><link linkend="DEFAULTSERVICE"><parameter>default service</parameter></link></para></listitem> + <listitem><para><link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer command</parameter></link></para></listitem> + <listitem><para><link linkend="DELETESHARECOMMAND"><parameter>delete share command</parameter></link></para></listitem> + <listitem><para><link linkend="DELETEUSERSCRIPT"><parameter>delete user script</parameter></link></para></listitem> + <listitem><para><link linkend="DFREECOMMAND"><parameter>dfree command</parameter></link></para></listitem> + <listitem><para><link linkend="DISABLESPOOLSS"><parameter>disable spoolss</parameter></link></para></listitem> + <listitem><para><link linkend="DNSPROXY"><parameter>dns proxy</parameter></link></para></listitem> + <listitem><para><link linkend="DOMAINADMINGROUP"><parameter>domain admin group</parameter></link></para></listitem> + <listitem><para><link linkend="DOMAINGUESTGROUP"><parameter>domain guest group</parameter></link></para></listitem> + <listitem><para><link linkend="DOMAINLOGONS"><parameter>domain logons</parameter></link></para></listitem> + <listitem><para><link linkend="DOMAINMASTER"><parameter>domain master</parameter></link></para></listitem> + <listitem><para><link linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter></link></para></listitem> + <listitem><para><link linkend="ENHANCEDBROWSING"><parameter>enhanced browsing</parameter></link></para></listitem> + <listitem><para><link linkend="ENUMPORTSCOMMAND"><parameter>enumports command</parameter></link></para></listitem> + <listitem><para><link linkend="GETWDCACHE"><parameter>getwd cache</parameter></link></para></listitem> + <listitem><para><link linkend="HIDELOCALUSERS"><parameter>hide local users</parameter></link></para></listitem> + <listitem><para><link linkend="HIDEUNREADABLE"><parameter>hide unreadable</parameter></link></para></listitem> + <listitem><para><link linkend="HOMEDIRMAP"><parameter>homedir map</parameter></link></para></listitem> + <listitem><para><link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link></para></listitem> + <listitem><para><link linkend="HOSTSEQUIV"><parameter>hosts equiv</parameter></link></para></listitem> + <listitem><para><link linkend="INTERFACES"><parameter>interfaces</parameter></link></para></listitem> + <listitem><para><link linkend="KEEPALIVE"><parameter>keepalive</parameter></link></para></listitem> + <listitem><para><link linkend="KERNELOPLOCKS"><parameter>kernel oplocks</parameter></link></para></listitem> + <listitem><para><link linkend="LANMANAUTH"><parameter>lanman auth</parameter></link></para></listitem> + <listitem><para><link linkend="LARGEREADWRITE"><parameter>large readwrite</parameter></link></para></listitem> + + <listitem><para><link linkend="LDAPADMINDN"><parameter>ldap admin dn</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPPORT"><parameter>ldap port</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSERVER"><parameter>ldap server</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem> + + <listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem> + <listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem> + <listitem><para><link linkend="LOADPRINTERS"><parameter>load printers</parameter></link></para></listitem> + <listitem><para><link linkend="LOCALMASTER"><parameter>local master</parameter></link></para></listitem> + <listitem><para><link linkend="LOCKDIR"><parameter>lock dir</parameter></link></para></listitem> + <listitem><para><link linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link></para></listitem> + <listitem><para><link linkend="LOGFILE"><parameter>log file</parameter></link></para></listitem> + <listitem><para><link linkend="LOGLEVEL"><parameter>log level</parameter></link></para></listitem> + <listitem><para><link linkend="LOGONDRIVE"><parameter>logon drive</parameter></link></para></listitem> + <listitem><para><link linkend="LOGONHOME"><parameter>logon home</parameter></link></para></listitem> + <listitem><para><link linkend="LOGONPATH"><parameter>logon path</parameter></link></para></listitem> + <listitem><para><link linkend="LOGONSCRIPT"><parameter>logon script</parameter></link></para></listitem> + <listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem> + <listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem> + <listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem> + <listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem> + <listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem> + <listitem><para><link linkend="MAXLOGSIZE"><parameter>max log size</parameter></link></para></listitem> + <listitem><para><link linkend="MAXMUX"><parameter>max mux</parameter></link></para></listitem> + <listitem><para><link linkend="MAXOPENFILES"><parameter>max open files</parameter></link></para></listitem> + <listitem><para><link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link></para></listitem> + <listitem><para><link linkend="MAXSMBDPROCESSES"><parameter>max smbd processes</parameter></link></para></listitem> + <listitem><para><link linkend="MAXTTL"><parameter>max ttl</parameter></link></para></listitem> + <listitem><para><link linkend="MAXWINSTTL"><parameter>max wins ttl</parameter></link></para></listitem> + <listitem><para><link linkend="MAXXMIT"><parameter>max xmit</parameter></link></para></listitem> + <listitem><para><link linkend="MESSAGECOMMAND"><parameter>message command</parameter></link></para></listitem> + <listitem><para><link linkend="MINPASSWDLENGTH"><parameter>min passwd length</parameter></link></para></listitem> + <listitem><para><link linkend="MINPASSWORDLENGTH"><parameter>min password length</parameter></link></para></listitem> + <listitem><para><link linkend="MINPROTOCOL"><parameter>min protocol</parameter></link></para></listitem> + <listitem><para><link linkend="MINWINSTTL"><parameter>min wins ttl</parameter></link></para></listitem> + <listitem><para><link linkend="NAMERESOLVEORDER"><parameter>name resolve order</parameter></link></para></listitem> + <listitem><para><link linkend="NETBIOSALIASES"><parameter>netbios aliases</parameter></link></para></listitem> + <listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem> + <listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem> + <listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem> + <listitem><para><link linkend="NONUNIXACCOUNTRANGE"><parameter>non unix account range</parameter></link></para></listitem> + <listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem> + <listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem> + <listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem> + <listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem> + <listitem><para><link linkend="OSLEVEL"><parameter>os level</parameter></link></para></listitem> + <listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem> + <listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem> + <listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem> + <listitem><para><link linkend="PASSDBBACKEND"><parameter>passdb backend</parameter></link></para></listitem> + <listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem> + <listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem> + <listitem><para><link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link></para></listitem> + <listitem><para><link linkend="PASSWORDLEVEL"><parameter>password level</parameter></link></para></listitem> + <listitem><para><link linkend="PASSWORDSERVER"><parameter>password server</parameter></link></para></listitem> + <listitem><para><link linkend="PREFEREDMASTER"><parameter>prefered master</parameter></link></para></listitem> + <listitem><para><link linkend="PREFERREDMASTER"><parameter>preferred master</parameter></link></para></listitem> + <listitem><para><link linkend="PRELOAD"><parameter>preload</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVERFILE"><parameter>printer driver file</parameter></link></para></listitem> + <listitem><para><link linkend="PRIVATEDIR"><parameter>private dir</parameter></link></para></listitem> + <listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem> + <listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem> + <listitem><para><link linkend="READRAW"><parameter>read raw</parameter></link></para></listitem> + <listitem><para><link linkend="READSIZE"><parameter>read size</parameter></link></para></listitem> + <listitem><para><link linkend="REMOTEANNOUNCE"><parameter>remote announce</parameter></link></para></listitem> + <listitem><para><link linkend="REMOTEBROWSESYNC"><parameter>remote browse sync</parameter></link></para></listitem> + <listitem><para><link linkend="RESTRICTANONYMOUS"><parameter>restrict anonymous</parameter></link></para></listitem> + <listitem><para><link linkend="ROOT"><parameter>root</parameter></link></para></listitem> + <listitem><para><link linkend="ROOTDIR"><parameter>root dir</parameter></link></para></listitem> + <listitem><para><link linkend="ROOTDIRECTORY"><parameter>root directory</parameter></link></para></listitem> + <listitem><para><link linkend="SECURITY"><parameter>security</parameter></link></para></listitem> + <listitem><para><link linkend="SERVERSTRING"><parameter>server string</parameter></link></para></listitem> + <listitem><para><link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para></listitem> + <listitem><para><link linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link></para></listitem> + <listitem><para><link linkend="SMBPASSWDFILE"><parameter>smb passwd file</parameter></link></para></listitem> + <listitem><para><link linkend="SOCKETADDRESS"><parameter>socket address</parameter></link></para></listitem> + <listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem> + <listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem> + + <listitem><para><link linkend="SSL"><parameter>ssl</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCACERTFILE"><parameter>ssl CA certFile</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCIPHERS"><parameter>ssl ciphers</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCLIENTCERT"><parameter>ssl client cert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCLIENTKEY"><parameter>ssl client key</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCOMPATIBILITY"><parameter>ssl compatibility</parameter></link></para></listitem> + <listitem><para><link linkend="SSLEGDSOCKET"><parameter>ssl egd socket</parameter></link></para></listitem> + <listitem><para><link linkend="SSLENTROPYBYTES"><parameter>ssl entropy bytes</parameter></link></para></listitem> + <listitem><para><link linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link></para></listitem> + <listitem><para><link linkend="SSLHOSTS"><parameter>ssl hosts</parameter></link></para></listitem> + <listitem><para><link linkend="SSLHOSTSRESIGN"><parameter>ssl hosts resign</parameter></link></para></listitem> + <listitem><para><link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require clientcert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLREQUIRESERVERCERT"><parameter>ssl require servercert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLSERVERCERT"><parameter>ssl server cert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLSERVERKEY"><parameter>ssl server key</parameter></link></para></listitem> + <listitem><para><link linkend="SSLVERSION"><parameter>ssl version</parameter></link></para></listitem> + + <listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem> + <listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem> + <listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem> + <listitem><para><link linkend="SYSLOG"><parameter>syslog</parameter></link></para></listitem> + <listitem><para><link linkend="SYSLOGONLY"><parameter>syslog only</parameter></link></para></listitem> + <listitem><para><link linkend="TEMPLATEHOMEDIR"><parameter>template homedir</parameter></link></para></listitem> + <listitem><para><link linkend="TEMPLATESHELL"><parameter>template shell</parameter></link></para></listitem> + <listitem><para><link linkend="TIMEOFFSET"><parameter>time offset</parameter></link></para></listitem> + <listitem><para><link linkend="TIMESERVER"><parameter>time server</parameter></link></para></listitem> + <listitem><para><link linkend="TIMESTAMPLOGS"><parameter>timestamp logs</parameter></link></para></listitem> + <listitem><para><link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link></para></listitem> + <listitem><para><link linkend="UNIXEXTENSIONS"><parameter>unix extensions</parameter></link></para></listitem> + <listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem> + <listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem> + <listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem> + <listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem> + <listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem> + <listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem> + <listitem><para><link linkend="UTMP"><parameter>utmp</parameter></link></para></listitem> + <listitem><para><link linkend="UTMPDIRECTORY"><parameter>utmp directory</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDCACHETIME"><parameter>winbind cache time</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDENUMUSERS"><parameter>winbind enum users</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDENUMGROUPS"><parameter>winbind enum groups</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDGID"><parameter>winbind gid</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDSEPARATOR"><parameter>winbind separator</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDUID"><parameter>winbind uid</parameter></link></para></listitem> + <listitem><para><link linkend="WINBINDUSEDEFAULTDOMAIN"><parameter>winbind use default domain</parameter></link></para></listitem> + <listitem><para><link linkend="WINSHOOK"><parameter>wins hook</parameter></link></para></listitem> + <listitem><para><link linkend="WINSPROXY"><parameter>wins proxy</parameter></link></para></listitem> + <listitem><para><link linkend="WINSSERVER"><parameter>wins server</parameter></link></para></listitem> + <listitem><para><link linkend="WINSSUPPORT"><parameter>wins support</parameter></link></para></listitem> + <listitem><para><link linkend="WORKGROUP"><parameter>workgroup</parameter></link></para></listitem> + <listitem><para><link linkend="WRITERAW"><parameter>write raw</parameter></link></para></listitem> + </itemizedlist> + +</refsect1> + +<refsect1> + <title>COMPLETE LIST OF SERVICE PARAMETERS</title> + + <para>Here is a list of all service parameters. See the section on + each parameter for details. Note that some are synonyms.</para> + + <itemizedlist> + <listitem><para><link linkend="ADMINUSERS"><parameter>admin users</parameter></link></para></listitem> + <listitem><para><link linkend="ALLOWHOSTS"><parameter>allow hosts</parameter></link></para></listitem> + <listitem><para><link linkend="AVAILABLE"><parameter>available</parameter></link></para></listitem> + <listitem><para><link linkend="BLOCKINGLOCKS"><parameter>blocking locks</parameter></link></para></listitem> + <listitem><para><link linkend="BROWSABLE"><parameter>browsable</parameter></link></para></listitem> + <listitem><para><link linkend="BROWSEABLE"><parameter>browseable</parameter></link></para></listitem> + <listitem><para><link linkend="CASESENSITIVE"><parameter>case sensitive</parameter></link></para></listitem> + <listitem><para><link linkend="CASESIGNAMES"><parameter>casesignames</parameter></link></para></listitem> + <listitem><para><link linkend="COMMENT"><parameter>comment</parameter></link></para></listitem> + <listitem><para><link linkend="COPY"><parameter>copy</parameter></link></para></listitem> + <listitem><para><link linkend="CREATEMASK"><parameter>create mask</parameter></link></para></listitem> + <listitem><para><link linkend="CREATEMODE"><parameter>create mode</parameter></link></para></listitem> + <listitem><para><link linkend="DEFAULTCASE"><parameter>default case</parameter></link></para></listitem> + <listitem><para><link linkend="DEFAULTDEVMODE"><parameter>default devmode</parameter></link></para></listitem> + <listitem><para><link linkend="DELETEREADONLY"><parameter>delete readonly</parameter></link></para></listitem> + <listitem><para><link linkend="DELETEVETOFILES"><parameter>delete veto files</parameter></link></para></listitem> + <listitem><para><link linkend="DENYHOSTS"><parameter>deny hosts</parameter></link></para></listitem> + <listitem><para><link linkend="DIRECTORY"><parameter>directory</parameter></link></para></listitem> + <listitem><para><link linkend="DIRECTORYMASK"><parameter>directory mask</parameter></link></para></listitem> + <listitem><para><link linkend="DIRECTORYMODE"><parameter>directory mode</parameter></link></para></listitem> + <listitem><para><link linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link></para></listitem> + <listitem><para><link linkend="DONTDESCEND"><parameter>dont descend</parameter></link></para></listitem> + <listitem><para><link linkend="DOSFILEMODE"><parameter>dos filemode</parameter></link></para></listitem> + <listitem><para><link linkend="DOSFILETIMERESOLUTION"><parameter>dos filetime resolution</parameter></link></para></listitem> + <listitem><para><link linkend="DOSFILETIMES"><parameter>dos filetimes</parameter></link></para></listitem> + <listitem><para><link linkend="EXEC"><parameter>exec</parameter></link></para></listitem> + <listitem><para><link linkend="FAKEDIRECTORYCREATETIMES"><parameter>fake directory create times</parameter></link></para></listitem> + <listitem><para><link linkend="FAKEOPLOCKS"><parameter>fake oplocks</parameter></link></para></listitem> + <listitem><para><link linkend="FOLLOWSYMLINKS"><parameter>follow symlinks</parameter></link></para></listitem> + <listitem><para><link linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link></para></listitem> + <listitem><para><link linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter></link></para></listitem> + <listitem><para><link linkend="FORCEDIRECTORYSECURITYMODE"><parameter>force directory security mode</parameter></link></para></listitem> + <listitem><para><link linkend="FORCEGROUP"><parameter>force group</parameter></link></para></listitem> + <listitem><para><link linkend="FORCESECURITYMODE"><parameter>force security mode</parameter></link></para></listitem> + <listitem><para><link linkend="FORCEUSER"><parameter>force user</parameter></link></para></listitem> + <listitem><para><link linkend="FSTYPE"><parameter>fstype</parameter></link></para></listitem> + <listitem><para><link linkend="GROUP"><parameter>group</parameter></link></para></listitem> + <listitem><para><link linkend="GUESTACCOUNT"><parameter>guest account</parameter></link></para></listitem> + <listitem><para><link linkend="GUESTOK"><parameter>guest ok</parameter></link></para></listitem> + <listitem><para><link linkend="GUESTONLY"><parameter>guest only</parameter></link></para></listitem> + <listitem><para><link linkend="HIDEDOTFILES"><parameter>hide dot files</parameter></link></para></listitem> + <listitem><para><link linkend="HIDEFILES"><parameter>hide files</parameter></link></para></listitem> + <listitem><para><link linkend="HOSTSALLOW"><parameter>hosts allow</parameter></link></para></listitem> + <listitem><para><link linkend="HOSTSDENY"><parameter>hosts deny</parameter></link></para></listitem> + <listitem><para><link linkend="INCLUDE"><parameter>include</parameter></link></para></listitem> + <listitem><para><link linkend="INHERITPERMISSIONS"><parameter>inherit permissions</parameter></link></para></listitem> + <listitem><para><link linkend="INVALIDUSERS"><parameter>invalid users</parameter></link></para></listitem> + <listitem><para><link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks</parameter></link></para></listitem> + <listitem><para><link linkend="LOCKING"><parameter>locking</parameter></link></para></listitem> + <listitem><para><link linkend="LPPAUSECOMMAND"><parameter>lppause command</parameter></link></para></listitem> + <listitem><para><link linkend="LPQCOMMAND"><parameter>lpq command</parameter></link></para></listitem> + <listitem><para><link linkend="LPRESUMECOMMAND"><parameter>lpresume command</parameter></link></para></listitem> + <listitem><para><link linkend="LPRMCOMMAND"><parameter>lprm command</parameter></link></para></listitem> + <listitem><para><link linkend="MAGICOUTPUT"><parameter>magic output</parameter></link></para></listitem> + <listitem><para><link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link></para></listitem> + <listitem><para><link linkend="MANGLECASE"><parameter>mangle case</parameter></link></para></listitem> + <listitem><para><link linkend="MANGLEDMAP"><parameter>mangled map</parameter></link></para></listitem> + <listitem><para><link linkend="MANGLEDNAMES"><parameter>mangled names</parameter></link></para></listitem> + <listitem><para><link linkend="MANGLINGCHAR"><parameter>mangling char</parameter></link></para></listitem> + <listitem><para><link linkend="MAPARCHIVE"><parameter>map archive</parameter></link></para></listitem> + <listitem><para><link linkend="MAPHIDDEN"><parameter>map hidden</parameter></link></para></listitem> + <listitem><para><link linkend="MAPSYSTEM"><parameter>map system</parameter></link></para></listitem> + <listitem><para><link linkend="MAXCONNECTIONS"><parameter>max connections</parameter></link></para></listitem> + <listitem><para><link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link></para></listitem> + <listitem><para><link linkend="MINPRINTSPACE"><parameter>min print space</parameter></link></para></listitem> + <listitem><para><link linkend="MSDFSROOT"><parameter>msdfs root</parameter></link></para></listitem> + <listitem><para><link linkend="NTACLSUPPORT"><parameter>nt acl support</parameter></link></para></listitem> + <listitem><para><link linkend="ONLYGUEST"><parameter>only guest</parameter></link></para></listitem> + <listitem><para><link linkend="ONLYUSER"><parameter>only user</parameter></link></para></listitem> + <listitem><para><link linkend="OPLOCKCONTENTIONLIMIT"><parameter>oplock contention limit</parameter></link></para></listitem> + <listitem><para><link linkend="OPLOCKS"><parameter>oplocks</parameter></link></para></listitem> + <listitem><para><link linkend="PATH"><parameter>path</parameter></link></para></listitem> + <listitem><para><link linkend="POSIXLOCKING"><parameter>posix locking</parameter></link></para></listitem> + <listitem><para><link linkend="POSTEXEC"><parameter>postexec</parameter></link></para></listitem> + <listitem><para><link linkend="POSTSCRIPT"><parameter>postscript</parameter></link></para></listitem> + <listitem><para><link linkend="PREEXEC"><parameter>preexec</parameter></link></para></listitem> + <listitem><para><link linkend="PREEXECCLOSE"><parameter>preexec close</parameter></link></para></listitem> + <listitem><para><link linkend="PRESERVECASE"><parameter>preserve case</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTCOMMAND"><parameter>print command</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTOK"><parameter>print ok</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTABLE"><parameter>printable</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTER"><parameter>printer</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVER"><parameter>printer driver</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVERLOCATION"><parameter>printer driver location</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERNAME"><parameter>printer name</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTING"><parameter>printing</parameter></link></para></listitem> + <listitem><para><link linkend="PUBLIC"><parameter>public</parameter></link></para></listitem> + <listitem><para><link linkend="QUEUEPAUSECOMMAND"><parameter>queuepause command</parameter></link></para></listitem> + <listitem><para><link linkend="QUEUERESUMECOMMAND"><parameter>queueresume command</parameter></link></para></listitem> + <listitem><para><link linkend="READLIST"><parameter>read list</parameter></link></para></listitem> + <listitem><para><link linkend="READONLY"><parameter>read only</parameter></link></para></listitem> + <listitem><para><link linkend="ROOTPOSTEXEC"><parameter>root postexec</parameter></link></para></listitem> + <listitem><para><link linkend="ROOTPREEXEC"><parameter>root preexec</parameter></link></para></listitem> + <listitem><para><link linkend="ROOTPREEXECCLOSE"><parameter>root preexec close</parameter></link></para></listitem> + <listitem><para><link linkend="SECURITYMASK"><parameter>security mask</parameter></link></para></listitem> + <listitem><para><link linkend="SETDIRECTORY"><parameter>set directory</parameter></link></para></listitem> + <listitem><para><link linkend="SHORTPRESERVECASE"><parameter>short preserve case</parameter></link></para></listitem> + <listitem><para><link linkend="STATUS"><parameter>status</parameter></link></para></listitem> + <listitem><para><link linkend="STRICTALLOCATE"><parameter>strict allocate</parameter></link></para></listitem> + <listitem><para><link linkend="STRICTLOCKING"><parameter>strict locking</parameter></link></para></listitem> + <listitem><para><link linkend="STRICTSYNC"><parameter>strict sync</parameter></link></para></listitem> + <listitem><para><link linkend="SYNCALWAYS"><parameter>sync always</parameter></link></para></listitem> + <listitem><para><link linkend="USECLIENTDRIVER"><parameter>use client driver</parameter></link></para></listitem> + <listitem><para><link linkend="USER"><parameter>user</parameter></link></para></listitem> + <listitem><para><link linkend="USERNAME"><parameter>username</parameter></link></para></listitem> + <listitem><para><link linkend="USERS"><parameter>users</parameter></link></para></listitem> + <listitem><para><link linkend="VALIDUSERS"><parameter>valid users</parameter></link></para></listitem> + <listitem><para><link linkend="VETOFILES"><parameter>veto files</parameter></link></para></listitem> + <listitem><para><link linkend="VETOOPLOCKFILES"><parameter>veto oplock files</parameter></link></para></listitem> + <listitem><para><link linkend="VFSOBJECT"><parameter>vfs object</parameter></link></para></listitem> + <listitem><para><link linkend="VFSOPTIONS"><parameter>vfs options</parameter></link></para></listitem> + <listitem><para><link linkend="VOLUME"><parameter>volume</parameter></link></para></listitem> + <listitem><para><link linkend="WIDELINKS"><parameter>wide links</parameter></link></para></listitem> + <listitem><para><link linkend="WRITABLE"><parameter>writable</parameter></link></para></listitem> + <listitem><para><link linkend="WRITECACHESIZE"><parameter>write cache size</parameter></link></para></listitem> + <listitem><para><link linkend="WRITELIST"><parameter>write list</parameter></link></para></listitem> + <listitem><para><link linkend="WRITEOK"><parameter>write ok</parameter></link></para></listitem> + <listitem><para><link linkend="WRITEABLE"><parameter>writeable</parameter></link></para></listitem> + </itemizedlist> + +</refsect1> + +<refsect1> + <title>EXPLANATION OF EACH PARAMETER</title> + + <variablelist> + + <varlistentry> + <term><anchor id="ABORTSHUTDOWNSCRIPT">abort shutdown script (G)</term> + <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that + should stop a shutdown procedure issued by the <link + linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link>.</para> + + <para>This command will be run as user.</para> + + <para>Default: <emphasis>None</emphasis>.</para> + <para>Example: <command>abort shutdown script = /sbin/shutdown -c</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="ADDPRINTERCOMMAND">add printer command (G)</term> + <listitem><para>With the introduction of MS-RPC based printing + support for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or Windows + NT/2000 print server.</para> + + <para>For a Samba host this means that the printer must be + physically added to the underlying printing system. The <parameter>add + printer command</parameter> defines a script to be run which + will perform the necessary operations for adding the printer + to the print system and to add the appropriate service definition + to the <filename>smb.conf</filename> file in order that it can be + shared by <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> + + <para>The <parameter>add printer command</parameter> is + automatically invoked with the following parameter (in + order:</para> + + <itemizedlist> + <listitem><para><parameter>printer name</parameter></para></listitem> + <listitem><para><parameter>share name</parameter></para></listitem> + <listitem><para><parameter>port name</parameter></para></listitem> + <listitem><para><parameter>driver name</parameter></para></listitem> + <listitem><para><parameter>location</parameter></para></listitem> + <listitem><para><parameter>Windows 9x driver location</parameter> + </para></listitem> + </itemizedlist> + + <para>All parameters are filled in from the PRINTER_INFO_2 structure sent + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility + only. The remaining fields in the structure are generated from answers + to the APW questions.</para> + + <para>Once the <parameter>add printer command</parameter> has + been executed, <command>smbd</command> will reparse the <filename> + smb.conf</filename> to determine if the share defined by the APW + exists. If the sharename is still invalid, then <command>smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter> + delete printer command</parameter></link>, <link + linkend="printing"><parameter>printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>addprinter command = /usr/bin/addprinter + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ADDSHARECOMMAND">add share command (G)</term> + <listitem><para>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <parameter>add share command</parameter> is used to define an + external program or script which will add a new service definition + to <filename>smb.conf</filename>. In order to successfully + execute the <parameter>add share command</parameter>, <command>smbd</command> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </para> + + <para> + When executed, <command>smbd</command> will automatically invoke the + <parameter>add share command</parameter> with four parameters. + </para> + + <itemizedlist> + <listitem><para><parameter>configFile</parameter> - the location + of the global <filename>smb.conf</filename> file. + </para></listitem> + + <listitem><para><parameter>shareName</parameter> - the name of the new + share. + </para></listitem> + + <listitem><para><parameter>pathName</parameter> - path to an **existing** + directory on disk. + </para></listitem> + + <listitem><para><parameter>comment</parameter> - comment string to associate + with the new share. + </para></listitem> + </itemizedlist> + + <para> + This parameter is only used for add file shares. To add printer shares, + see the <link linkend="ADDPRINTERCOMMAND"><parameter>add printer + command</parameter></link>. + </para> + + <para> + See also <link linkend="CHANGESHARECOMMAND"><parameter>change share + command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete share + command</parameter></link>. + </para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>add share command = /usr/local/bin/addshare</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ADDMACHINESCRIPT">add machine script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run by <ulink url="smbd.8.html">smbd(8)</ulink> when a machine is added + to it's domain using the administrator username and password method. </para> + + <para>This option is only required when using sam back-ends tied to the + Unix uid method of RID calculation such as smbpasswd. This option is only + available in Samba 3.0.</para> + + <para>Default: <command>add machine script = <empty string> + </command></para> + + <para>Example: <command>add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="ADDUSERSCRIPT">add user script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8) + </ulink> under special circumstances described below.</para> + + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <ulink + url="smbd.8.html">smbd</ulink> to create the required UNIX users + <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> + + <para>In order to use this option, <ulink url="smbd.8.html">smbd</ulink> + must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter> + and <parameter>add user script</parameter> + must be set to a full pathname for a script that will create a UNIX + user given one argument of <parameter>%u</parameter>, which expands into + the UNIX user name to create.</para> + + <para>When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, <ulink url="smbd.8.html"> + smbd</ulink> contacts the <parameter>password server</parameter> and + attempts to authenticate the given user with the given password. If the + authentication succeeds then <command>smbd</command> + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and <parameter>add user script + </parameter> is set then <command>smbd</command> will + call the specified script <emphasis>AS ROOT</emphasis>, expanding + any <parameter>%u</parameter> argument to be the user name to create.</para> + + <para>If this script successfully creates the user then <command>smbd + </command> will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.</para> + + <para>See also <link linkend="SECURITY"><parameter> + security</parameter></link>, <link linkend="PASSWORDSERVER"> + <parameter>password server</parameter></link>, + <link linkend="DELETEUSERSCRIPT"><parameter>delete user + script</parameter></link>.</para> + + <para>Default: <command>add user script = <empty string> + </command></para> + + <para>Example: <command>add user script = /usr/local/samba/bin/add_user + %u</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ADMINUSERS">admin users (S)</term> + <listitem><para>This is a list of users who will be granted + administrative privileges on the share. This means that they + will do all file operations as the super-user (root).</para> + + <para>You should use this option very carefully, as any user in + this list will be able to do anything they like on the share, + irrespective of file permissions.</para> + + <para>Default: <emphasis>no admin users</emphasis></para> + + <para>Example: <command>admin users = jason</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ALLOWHOSTS">allow hosts (S)</term> + <listitem><para>Synonym for <link linkend="HOSTSALLOW"> + <parameter>hosts allow</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term> + <listitem><para>This option only takes effect when the <link + linkend="SECURITY"><parameter>security</parameter></link> option is set to + <constant>server</constant> or <constant>domain</constant>. + If it is set to no, then attempts to connect to a resource from + a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running + in will fail, even if that domain is trusted by the remote server + doing the authentication.</para> + + <para>This is useful if you only want your Samba server to + serve resources to users in the domain it is a member of. As + an example, suppose that there are two domains DOMA and DOMB. DOMB + is trusted by DOMA, which contains the Samba server. Under normal + circumstances, a user with an account in DOMB can then access the + resources of a UNIX account with the same account name on the + Samba server even if they do not have an account in DOMA. This + can make implementing a security boundary difficult.</para> + + <para>Default: <command>allow trusted domains = yes</command></para> + + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ANNOUNCEAS">announce as (G)</term> + <listitem><para>This specifies what type of server + <ulink url="nmbd.8.html"><command>nmbd</command></ulink> + will announce itself as, to a network neighborhood browse + list. By default this is set to Windows NT. The valid options + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, + Windows NT Workstation, Windows 95 and Windows for Workgroups + respectively. Do not change this parameter unless you have a + specific need to stop Samba appearing as an NT server as this + may prevent Samba servers from participating as browser servers + correctly.</para> + + <para>Default: <command>announce as = NT Server</command></para> + + <para>Example: <command>announce as = Win95</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ANNOUNCEVERSION">announce version (G)</term> + <listitem><para>This specifies the major and minor version numbers + that nmbd will use when announcing itself as a server. The default + is 4.2. Do not change this parameter unless you have a specific + need to set a Samba server to be a downlevel server.</para> + + <para>Default: <command>announce version = 4.5</command></para> + + <para>Example: <command>announce version = 2.0</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="AUTOSERVICES">auto services (G)</term> + <listitem><para>This is a synonym for the <link linkend="PRELOAD"> + <parameter>preload</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="AUTHMETHODS">auth methods (G)</term> + <listitem><para>This option allows the administrator to chose what + authentication methods <command>smbd</command> will use when authenticating + a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter> + security</parameter></link>. + + Each entry in the list attempts to authenticate the user in turn, until + the user authenticates. In practice only one method will ever actually + be able to complete the authentication. + </para> + + <para>Default: <command>auth methods = <empty string></command></para> + <para>Example: <command>auth methods = guest sam ntdomain</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="AVAILABLE">available (S)</term> + <listitem><para>This parameter lets you "turn off" a service. If + <parameter>available = no</parameter>, then <emphasis>ALL</emphasis> + attempts to connect to the service will fail. Such failures are + logged.</para> + + <para>Default: <command>available = yes</command></para> + + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="BINDINTERFACESONLY">bind interfaces only (G)</term> + <listitem><para>This global parameter allows the Samba admin + to limit what interfaces on a machine will serve SMB requests. If + affects file service <ulink url="smbd.8.html">smbd(8)</ulink> and + name service <ulink url="nmbd.8.html">nmbd(8)</ulink> in slightly + different ways.</para> + + <para>For name service it causes <command>nmbd</command> to bind + to ports 137 and 138 on the interfaces listed in the <link + linkend="INTERFACES">interfaces</link> parameter. <command>nmbd + </command> also binds to the "all addresses" interface (0.0.0.0) + on ports 137 and 138 for the purposes of reading broadcast messages. + If this option is not set then <command>nmbd</command> will service + name requests on all of these sockets. If <parameter>bind interfaces + only</parameter> is set then <command>nmbd</command> will check the + source address of any packets coming in on the broadcast sockets + and discard any that don't match the broadcast addresses of the + interfaces in the <parameter>interfaces</parameter> parameter list. + As unicast packets are received on the other sockets it allows + <command>nmbd</command> to refuse to serve names to machines that + send packets that arrive through any interfaces not listed in the + <parameter>interfaces</parameter> list. IP Source address spoofing + does defeat this simple check, however so it must not be used + seriously as a security feature for <command>nmbd</command>.</para> + + <para>For file service it causes <ulink url="smbd.8.html">smbd(8)</ulink> + to bind only to the interface list given in the <link linkend="INTERFACES"> + interfaces</link> parameter. This restricts the networks that + <command>smbd</command> will serve to packets coming in those + interfaces. Note that you should not use this parameter for machines + that are serving PPP or other intermittent or non-broadcast network + interfaces as it will not cope with non-permanent interfaces.</para> + + <para>If <parameter>bind interfaces only</parameter> is set then + unless the network address <emphasis>127.0.0.1</emphasis> is added + to the <parameter>interfaces</parameter> parameter list <ulink + url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> + and <ulink url="swat.8.html"><command>swat(8)</command></ulink> may + not work as expected due to the reasons covered below.</para> + + <para>To change a users SMB password, the <command>smbpasswd</command> + by default connects to the <emphasis>localhost - 127.0.0.1</emphasis> + address as an SMB client to issue the password change request. If + <parameter>bind interfaces only</parameter> is set then unless the + network address <emphasis>127.0.0.1</emphasis> is added to the + <parameter>interfaces</parameter> parameter list then <command> + smbpasswd</command> will fail to connect in it's default mode. + <command>smbpasswd</command> can be forced to use the primary IP interface + of the local host by using its <ulink url="smbpasswd.8.html#minusr"> + <parameter>-r <replaceable>remote machine</replaceable></parameter> + </ulink> parameter, with <replaceable>remote machine</replaceable> set + to the IP name of the primary interface of the local host.</para> + + <para>The <command>swat</command> status page tries to connect with + <command>smbd</command> and <command>nmbd</command> at the address + <emphasis>127.0.0.1</emphasis> to determine if they are running. + Not adding <emphasis>127.0.0.1</emphasis> will cause <command> + smbd</command> and <command>nmbd</command> to always show + "not running" even if they really are. This can prevent <command> + swat</command> from starting/stopping/restarting <command>smbd</command> + and <command>nmbd</command>.</para> + + <para>Default: <command>bind interfaces only = no</command></para> + + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="BLOCKINGLOCKS">blocking locks (S)</term> + <listitem><para>This parameter controls the behavior of <ulink + url="smbd.8.html">smbd(8)</ulink> when given a request by a client + to obtain a byte range lock on a region of an open file, and the + request has a time limit associated with it.</para> + + <para>If this parameter is set and the lock range requested + cannot be immediately satisfied, Samba 2.2 will internally + queue the lock request, and periodically attempt to obtain + the lock until the timeout period expires.</para> + + <para>If this parameter is set to <constant>false</constant>, then + Samba 2.2 will behave as previous versions of Samba would and + will fail the lock request immediately if the lock range + cannot be obtained.</para> + + <para>Default: <command>blocking locks = yes</command></para> + + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="BROWSABLE">browsable (S)</term> + <listitem><para>See the <link linkend="BROWSEABLE"><parameter> + browseable</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="BROWSELIST">browse list (G)</term> + <listitem><para>This controls whether <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> will serve a browse list to + a client doing a <command>NetServerEnum</command> call. Normally + set to <constant>true</constant>. You should never need to change + this.</para> + + <para>Default: <command>browse list = yes</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="BROWSEABLE">browseable (S)</term> + <listitem><para>This controls whether this share is seen in + the list of available shares in a net view and in the browse list.</para> + + <para>Default: <command>browseable = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CASESENSITIVE">case sensitive (S)</term> + <listitem><para>See the discussion in the section <link + linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> + + <para>Default: <command>case sensitive = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CASESIGNAMES">casesignames (S)</term> + <listitem><para>Synonym for <link linkend="CASESENSITIVE">case + sensitive</link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CHANGENOTIFYTIMEOUT">change notify timeout (G)</term> + <listitem><para>This SMB allows a client to tell a server to + "watch" a particular directory for any changes and only reply to + the SMB request when a change has occurred. Such constant scanning of + a directory is expensive under UNIX, hence an <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> daemon only performs such a scan + on each requested directory once every <parameter>change notify + timeout</parameter> seconds.</para> + + <para>Default: <command>change notify timeout = 60</command></para> + <para>Example: <command>change notify timeout = 300</command></para> + + <para>Would change the scan time to every 5 minutes.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CHANGESHARECOMMAND">change share command (G)</term> + <listitem><para>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <parameter>change share command</parameter> is used to define an + external program or script which will modify an existing service definition + in <filename>smb.conf</filename>. In order to successfully + execute the <parameter>change share command</parameter>, <command>smbd</command> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </para> + + <para> + When executed, <command>smbd</command> will automatically invoke the + <parameter>change share command</parameter> with four parameters. + </para> + + <itemizedlist> + <listitem><para><parameter>configFile</parameter> - the location + of the global <filename>smb.conf</filename> file. + </para></listitem> + + <listitem><para><parameter>shareName</parameter> - the name of the new + share. + </para></listitem> + + <listitem><para><parameter>pathName</parameter> - path to an **existing** + directory on disk. + </para></listitem> + + <listitem><para><parameter>comment</parameter> - comment string to associate + with the new share. + </para></listitem> + </itemizedlist> + + <para> + This parameter is only used modify existing file shares definitions. To modify + printer shares, use the "Printers..." folder as seen when browsing the Samba host. + </para> + + <para> + See also <link linkend="ADDSHARECOMMAND"><parameter>add share + command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter>delete + share command</parameter></link>. + </para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>change share command = /usr/local/bin/addshare</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="COMMENT">comment (S)</term> + <listitem><para>This is a text field that is seen next to a share + when a client does a queries the server, either via the network + neighborhood or via <command>net view</command> to list what shares + are available.</para> + + <para>If you want to set the string that is displayed next to the + machine name then see the <link linkend="SERVERSTRING"><parameter> + server string</parameter></link> parameter.</para> + + <para>Default: <emphasis>No comment string</emphasis></para> + <para>Example: <command>comment = Fred's Files</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CONFIGFILE">config file (G)</term> + <listitem><para>This allows you to override the config file + to use, instead of the default (usually <filename>smb.conf</filename>). + There is a chicken and egg problem here as this option is set + in the config file!</para> + + <para>For this reason, if the name of the config file has changed + when the parameters are loaded then it will reload them from + the new config file.</para> + + <para>This option takes the usual substitutions, which can + be very useful.</para> + + <para>If the config file doesn't exist then it won't be loaded + (allowing you to special case the config files of just a few + clients).</para> + + <para>Example: <command>config file = /usr/local/samba/lib/smb.conf.%m + </command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="COPY">copy (S)</term> + <listitem><para>This parameter allows you to "clone" service + entries. The specified service is simply duplicated under the + current service's name. Any parameters specified in the current + section will override those in the section being copied.</para> + + <para>This feature lets you set up a 'template' service and + create similar services easily. Note that the service being + copied must occur earlier in the configuration file than the + service doing the copying.</para> + + <para>Default: <emphasis>no value</emphasis></para> + <para>Example: <command>copy = otherservice</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CREATEMASK">create mask (S)</term> + <listitem><para>A synonym for this parameter is + <link linkend="CREATEMODE"><parameter>create mode</parameter> + </link>.</para> + + <para>When a file is created, the necessary permissions are + calculated according to the mapping from DOS modes to UNIX + permissions, and the resulting UNIX mode is then bit-wise 'AND'ed + with this parameter. This parameter may be thought of as a bit-wise + MASK for the UNIX modes of a file. Any bit <emphasis>not</emphasis> + set here will be removed from the modes set on a file when it is + created.</para> + + <para>The default value of this parameter removes the + 'group' and 'other' write and execute bits from the UNIX modes.</para> + + <para>Following this Samba will bit-wise 'OR' the UNIX mode created + from this parameter with the value of the <link + linkend="FORCECREATEMODE"><parameter>force create mode</parameter></link> + parameter which is set to 000 by default.</para> + + <para>This parameter does not affect directory modes. See the + parameter <link linkend="DIRECTORYMODE"><parameter>directory mode + </parameter></link> for details.</para> + + <para>See also the <link linkend="FORCECREATEMODE"><parameter>force + create mode</parameter></link> parameter for forcing particular mode + bits to be set on created files. See also the <link linkend="DIRECTORYMODE"> + <parameter>directory mode</parameter></link> parameter for masking + mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS"> + <parameter>inherit permissions</parameter></link> parameter.</para> + + <para>Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the <link + linkend="SECURITYMASK"><parameter>security mask</parameter></link>.</para> + + <para>Default: <command>create mask = 0744</command></para> + <para>Example: <command>create mask = 0775</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="CREATEMODE">create mode (S)</term> + <listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter> + create mask</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEADTIME">deadtime (G)</term> + <listitem><para>The value of the parameter (a decimal integer) + represents the number of minutes of inactivity before a connection + is considered dead, and it is disconnected. The deadtime only takes + effect if the number of open files is zero.</para> + + <para>This is useful to stop a server's resources being + exhausted by a large number of inactive connections.</para> + + <para>Most clients have an auto-reconnect feature when a + connection is broken so in most cases this parameter should be + transparent to users.</para> + + <para>Using this parameter with a timeout of a few minutes + is recommended for most systems.</para> + + <para>A deadtime of zero indicates that no auto-disconnection + should be performed.</para> + + <para>Default: <command>deadtime = 0</command></para> + <para>Example: <command>deadtime = 15</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEBUGHIRESTIMESTAMP">debug hires timestamp (G)</term> + <listitem><para>Sometimes the timestamps in the log messages + are needed with a resolution of higher that seconds, this + boolean parameter adds microsecond resolution to the timestamp + message header when turned on.</para> + + <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter> + debug timestamp</parameter></link> must be on for this to have an + effect.</para> + + <para>Default: <command>debug hires timestamp = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEBUGPID">debug pid (G)</term> + <listitem><para>When using only one log file for more then one + forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process + outputs which message. This boolean parameter is adds the process-id + to the timestamp message headers in the logfile when turned on.</para> + + <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter> + debug timestamp</parameter></link> must be on for this to have an + effect.</para> + + <para>Default: <command>debug pid = no</command></para></listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="DEBUGTIMESTAMP">debug timestamp (G)</term> + <listitem><para>Samba 2.2 debug log messages are timestamped + by default. If you are running at a high <link linkend="DEBUGLEVEL"> + <parameter>debug level</parameter></link> these timestamps + can be distracting. This boolean parameter allows timestamping + to be turned off.</para> + + <para>Default: <command>debug timestamp = yes</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEBUGUID">debug uid (G)</term> + <listitem><para>Samba is sometimes run as root and sometime + run as the connected user, this boolean parameter inserts the + current euid, egid, uid and gid to the timestamp message headers + in the log file if turned on.</para> + + <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter> + debug timestamp</parameter></link> must be on for this to have an + effect.</para> + + <para>Default: <command>debug uid = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEBUGLEVEL">debuglevel (G)</term> + <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter> + log level</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEFAULT">default (G)</term> + <listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter> + default service</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEFAULTCASE">default case (S)</term> + <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> + NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> + <parameter>short preserve case</parameter></link> parameter.</para> + + <para>Default: <command>default case = lower</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEFAULTDEVMODE">default devmode (S)</term> + <listitem><para>This parameter is only applicable to <link + linkend="PRINTOK">printable</link> services. When smbd is serving + Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as paper size and + orientation and duplex settings. The device mode can only correctly be + generated by the printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the driver code + to generate the device mode, the default behavior is to set this field + to NULL. + </para> + + <para>Most problems with serving printer drivers to Windows NT/2k/XP clients + can be traced to a problem with the generated device mode. Certain drivers + will do things such as crashing the client's Explorer.exe with a NULL devmode. + However, other printer drivers can cause the client's spooler service + (spoolsv.exe) to die if the devmode was not created by the driver itself + (i.e. smbd generates a default devmode). + </para> + + <para>This parameter should be used with care and tested with the printer + driver in question. It is better to leave the device mode to NULL + and let the Windows client set the correct values. Because drivers do not + do this all the time, setting <command>default devmode = yes</command> + will instruct smbd to generate a default one. + </para> + + <para>For more information on Windows NT/2k printing and Device Modes, + see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. + </para> + + <para>Default: <command>default devmode = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DEFAULTSERVICE">default service (G)</term> + <listitem><para>This parameter specifies the name of a service + which will be connected to if the service actually requested cannot + be found. Note that the square brackets are <emphasis>NOT</emphasis> + given in the parameter value (see example below).</para> + + <para>There is no default value for this parameter. If this + parameter is not given, attempting to connect to a nonexistent + service results in an error.</para> + + <para>Typically the default service would be a <link linkend="GUESTOK"> + <parameter>guest ok</parameter></link>, <link linkend="READONLY"> + <parameter>read-only</parameter></link> service.</para> + + <para>Also note that the apparent service name will be changed + to equal that of the requested service, this is very useful as it + allows you to use macros like <parameter>%S</parameter> to make + a wildcard service.</para> + + <para>Note also that any "_" characters in the name of the service + used in the default service will get mapped to a "/". This allows for + interesting things.</para> + + + <para>Example:</para> + + <para><programlisting> +[global] + default service = pub + +[pub] + path = /%S + </programlisting></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DELETEPRINTERCOMMAND">delete printer command (G)</term> + <listitem><para>With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call.</para> + + <para>For a Samba host this means that the printer must be + physically deleted from underlying printing system. The <parameter> + deleteprinter command</parameter> defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from <filename>smb.conf</filename>. + </para> + + <para>The <parameter>delete printer command</parameter> is + automatically called with only one parameter: <parameter> + "printer name"</parameter>.</para> + + + <para>Once the <parameter>delete printer command</parameter> has + been executed, <command>smbd</command> will reparse the <filename> + smb.conf</filename> to associated printer no longer exists. + If the sharename is still valid, then <command>smbd + </command> will return an ACCESS_DENIED error to the client.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter> + add printer command</parameter></link>, <link + linkend="printing"><parameter>printing</parameter></link>, + <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add + printer wizard</parameter></link></para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>deleteprinter command = /usr/bin/removeprinter + </command></para> + </listitem> + </varlistentry> + + + + + + + <varlistentry> + <term><anchor id="DELETEREADONLY">delete readonly (S)</term> + <listitem><para>This parameter allows readonly files to be deleted. + This is not normal DOS semantics, but is allowed by UNIX.</para> + + <para>This option may be useful for running applications such + as rcs, where UNIX file ownership prevents changing file + permissions, and DOS semantics prevent deletion of a read only file.</para> + + <para>Default: <command>delete readonly = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DELETESHARECOMMAND">delete share command (G)</term> + <listitem><para>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <parameter>delete share command</parameter> is used to define an + external program or script which will remove an existing service + definition from <filename>smb.conf</filename>. In order to successfully + execute the <parameter>delete share command</parameter>, <command>smbd</command> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </para> + + <para> + When executed, <command>smbd</command> will automatically invoke the + <parameter>delete share command</parameter> with two parameters. + </para> + + <itemizedlist> + <listitem><para><parameter>configFile</parameter> - the location + of the global <filename>smb.conf</filename> file. + </para></listitem> + + <listitem><para><parameter>shareName</parameter> - the name of + the existing service. + </para></listitem> + </itemizedlist> + + <para> + This parameter is only used to remove file shares. To delete printer shares, + see the <link linkend="DELETEPRINTERCOMMAND"><parameter>delete printer + command</parameter></link>. + </para> + + <para> + See also <link linkend="ADDSHARECOMMAND"><parameter>add share + command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter>change + share command</parameter></link>. + </para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>delete share command = /usr/local/bin/delshare</command></para> + + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term> + <listitem><para>This is the full pathname to a script that will + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> under special circumstances + described below.</para> + + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <command> + smbd</command> to delete the required UNIX users <emphasis>ON + DEMAND</emphasis> when a user accesses the Samba server and the + Windows NT user no longer exists.</para> + + <para>In order to use this option, <command>smbd</command> must be + set to <parameter>security = domain</parameter> or <parameter>security = + user</parameter> and <parameter>delete user script</parameter> + must be set to a full pathname for a script + that will delete a UNIX user given one argument of <parameter>%u</parameter>, + which expands into the UNIX user name to delete.</para> + + <para>When the Windows user attempts to access the Samba server, + at <emphasis>login</emphasis> (session setup in the SMB protocol) + time, <command>smbd</command> contacts the <link linkend="PASSWORDSERVER"> + <parameter>password server</parameter></link> and attempts to authenticate + the given user with the given password. If the authentication fails + with the specific Domain error code meaning that the user no longer + exists then <command>smbd</command> attempts to find a UNIX user in + the UNIX password database that matches the Windows user account. If + this lookup succeeds, and <parameter>delete user script</parameter> is + set then <command>smbd</command> will all the specified script + <emphasis>AS ROOT</emphasis>, expanding any <parameter>%u</parameter> + argument to be the user name to delete.</para> + + <para>This script should delete the given UNIX username. In this way, + UNIX users are dynamically deleted to match existing Windows NT + accounts.</para> + + <para>See also <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>, + <link linkend="PASSWORDSERVER"><parameter>password server</parameter> + </link>, <link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter> + </link>.</para> + + <para>Default: <command>delete user script = <empty string> + </command></para> + <para>Example: <command>delete user script = /usr/local/samba/bin/del_user + %u</command></para></listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="DELETEVETOFILES">delete veto files (S)</term> + <listitem><para>This option is used when Samba is attempting to + delete a directory that contains one or more vetoed directories + (see the <link linkend="VETOFILES"><parameter>veto files</parameter></link> + option). If this option is set to <constant>false</constant> (the default) then if a vetoed + directory contains any non-vetoed files or directories then the + directory delete will fail. This is usually what you want.</para> + + <para>If this option is set to <constant>true</constant>, then Samba + will attempt to recursively delete any files and directories within + the vetoed directory. This can be useful for integration with file + serving systems such as NetAtalk which create meta-files within + directories you might normally veto DOS/Windows users from seeing + (e.g. <filename>.AppleDouble</filename>)</para> + + <para>Setting <command>delete veto files = yes</command> allows these + directories to be transparently deleted when the parent directory + is deleted (so long as the user has permissions to do so).</para> + + <para>See also the <link linkend="VETOFILES"><parameter>veto + files</parameter></link> parameter.</para> + + <para>Default: <command>delete veto files = no</command></para></listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="DENYHOSTS">deny hosts (S)</term> + <listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter>hosts + deny</parameter></link>.</para></listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="DFREECOMMAND">dfree command (G)</term> + <listitem><para>The <parameter>dfree command</parameter> setting should + only be used on systems where a problem occurs with the internal + disk space calculations. This has been known to happen with Ultrix, + but may occur with other operating systems. The symptom that was + seen was an error of "Abort Retry Ignore" at the end of each + directory listing.</para> + + <para>This setting allows the replacement of the internal routines to + calculate the total disk space and amount available with an external + routine. The example below gives a possible script that might fulfill + this function.</para> + + <para>The external program will be passed a single parameter indicating + a directory in the filesystem being queried. This will typically consist + of the string <filename>./</filename>. The script should return two + integers in ASCII. The first should be the total disk space in blocks, + and the second should be the number of available blocks. An optional + third return value can give the block size in bytes. The default + blocksize is 1024 bytes.</para> + + <para>Note: Your script should <emphasis>NOT</emphasis> be setuid or + setgid and should be owned by (and writeable only by) root!</para> + + <para>Default: <emphasis>By default internal routines for + determining the disk capacity and remaining space will be used. + </emphasis></para> + + <para>Example: <command>dfree command = /usr/local/samba/bin/dfree + </command></para> + + <para>Where the script dfree (which must be made executable) could be:</para> + + <para><programlisting> + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' + </programlisting></para> + + <para>or perhaps (on Sys V based systems):</para> + + <para><programlisting> + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + </programlisting></para> + + <para>Note that you may have to replace the command names + with full path names on some systems.</para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="DIRECTORY">directory (S)</term> + <listitem><para>Synonym for <link linkend="PATH"><parameter>path + </parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DIRECTORYMASK">directory mask (S)</term> + <listitem><para>This parameter is the octal modes which are + used when converting DOS modes to UNIX modes when creating UNIX + directories.</para> + + <para>When a directory is created, the necessary permissions are + calculated according to the mapping from DOS modes to UNIX permissions, + and the resulting UNIX mode is then bit-wise 'AND'ed with this + parameter. This parameter may be thought of as a bit-wise MASK for + the UNIX modes of a directory. Any bit <emphasis>not</emphasis> set + here will be removed from the modes set on a directory when it is + created.</para> + + <para>The default value of this parameter removes the 'group' + and 'other' write bits from the UNIX mode, allowing only the + user who owns the directory to modify it.</para> + + <para>Following this Samba will bit-wise 'OR' the UNIX mode + created from this parameter with the value of the <link + linkend="FORCEDIRECTORYMODE"><parameter>force directory mode + </parameter></link> parameter. This parameter is set to 000 by + default (i.e. no extra mode bits are added).</para> + + <para>Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the <link + linkend="DIRECTORYSECURITYMASK"><parameter>directory security mask</parameter></link>.</para> + + <para>See the <link linkend="FORCEDIRECTORYMODE"><parameter>force + directory mode</parameter></link> parameter to cause particular mode + bits to always be set on created directories.</para> + + <para>See also the <link linkend="CREATEMODE"><parameter>create mode + </parameter></link> parameter for masking mode bits on created files, + and the <link linkend="DIRECTORYSECURITYMASK"><parameter>directory + security mask</parameter></link> parameter.</para> + + <para>Also refer to the <link linkend="INHERITPERMISSIONS"><parameter> + inherit permissions</parameter></link> parameter.</para> + + <para>Default: <command>directory mask = 0755</command></para> + <para>Example: <command>directory mask = 0775</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DIRECTORYMODE">directory mode (S)</term> + <listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter> + directory mask</parameter></link></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DIRECTORYSECURITYMASK">directory security mask (S)</term> + <listitem><para>This parameter controls what UNIX permission bits + can be modified when a Windows NT client is manipulating the UNIX + permission on a directory using the native NT security dialog + box.</para> + + <para>This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change.</para> + + <para>If not set explicitly this parameter is set to 0777 + meaning a user is allowed to modify all the user/group/world + permissions on a directory.</para> + + <para><emphasis>Note</emphasis> that users who can access the + Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + it as the default of <constant>0777</constant>.</para> + + <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter> + force directory security mode</parameter></link>, <link + linkend="SECURITYMASK"><parameter>security mask</parameter></link>, + <link linkend="FORCESECURITYMODE"><parameter>force security mode + </parameter></link> parameters.</para> + + <para>Default: <command>directory security mask = 0777</command></para> + <para>Example: <command>directory security mask = 0700</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DISABLESPOOLSS">disable spoolss (G)</term> + <listitem><para>Enabling this parameter will disables Samba's support + for the SPOOLSS set of MS-RPC's and will yield identical behavior + as Samba 2.0.x. Windows NT/2000 clients will downgrade to using + Lanman style printing commands. Windows 9x/ME will be uneffected by + the parameter. However, this will also disable the ability to upload + printer drivers to a Samba server via the Windows NT Add Printer + Wizard or by using the NT printer properties dialog window. It will + also disable the capability of Windows NT/2000 clients to download + print drivers from the Samba host upon demand. + <emphasis>Be very careful about enabling this parameter.</emphasis> + </para> + + <para>See also <link linkend="USECLIENTDRIVER">use client driver</link> + </para> + + <para>Default : <command>disable spoolss = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DNSPROXY">dns proxy (G)</term> + <listitem><para>Specifies that <ulink url="nmbd.8.html">nmbd(8)</ulink> + when acting as a WINS server and finding that a NetBIOS name has not + been registered, should treat the NetBIOS name word-for-word as a DNS + name and do a lookup with the DNS server for that name on behalf of + the name-querying client.</para> + + <para>Note that the maximum length for a NetBIOS name is 15 + characters, so the DNS name (or DNS alias) can likewise only be + 15 characters, maximum.</para> + + <para><command>nmbd</command> spawns a second copy of itself to do the + DNS name lookup requests, as doing a name lookup is a blocking + action.</para> + + <para>See also the parameter <link linkend="WINSSUPPORT"><parameter> + wins support</parameter></link>.</para> + + <para>Default: <command>dns proxy = yes</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DOMAINADMINGROUP">domain admin group (G)</term> + <listitem><para>This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Admins" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + <filename>smb.conf</filename> notation. + </para> + + <para>See also <link linkend="DOMAINGUESTGROUP"><parameter>domain + guest group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain + logons</parameter></link> + </para> + + <para>Default: <emphasis>no domain administrators</emphasis></para> + <para>Example: <command>domain admin group = root @wheel</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="DOMAINGUESTGROUP">domain guest group (G)</term> + <listitem><para>This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Guests" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + <filename>smb.conf</filename> notation. + </para> + + <para>See also <link linkend="DOMAINADMINGROUP"><parameter>domain + admin group</parameter></link>, <link linkend="DOMAINLOGONS"><parameter>domain + logons</parameter></link> + </para> + + <para>Default: <emphasis>no domain guests</emphasis></para> + <para>Example: <command>domain guest group = nobody @guest</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="DOMAINLOGONS">domain logons (G)</term> + <listitem><para>If set to <constant>true</constant>, the Samba server will serve + Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> + <parameter>workgroup</parameter></link> it is in. Samba 2.2 also + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the Samba-PDC-HOWTO included in the <filename>htmldocs/</filename> + directory shipped with the source code.</para> + + <para>Default: <command>domain logons = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DOMAINMASTER">domain master (G)</term> + <listitem><para>Tell <ulink url="nmbd.8.html"><command> + nmbd(8)</command></ulink> to enable WAN-wide browse list + collation. Setting this option causes <command>nmbd</command> to + claim a special domain specific NetBIOS name that identifies + it as a domain master browser for its given <link linkend="WORKGROUP"> + <parameter>workgroup</parameter></link>. Local master browsers + in the same <parameter>workgroup</parameter> on broadcast-isolated + subnets will give this <command>nmbd</command> their local browse lists, + and then ask <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + for a complete copy of the browse list for the whole wide area + network. Browser clients will then contact their local master browser, + and will receive the domain-wide browse list, instead of just the list + for their broadcast-isolated subnet.</para> + + <para>Note that Windows NT Primary Domain Controllers expect to be + able to claim this <parameter>workgroup</parameter> specific special + NetBIOS name that identifies them as domain master browsers for + that <parameter>workgroup</parameter> by default (i.e. there is no + way to prevent a Windows NT PDC from attempting to do this). This + means that if this parameter is set and <command>nmbd</command> claims + the special name for a <parameter>workgroup</parameter> before a Windows + NT PDC is able to do so then cross subnet browsing will behave + strangely and may fail.</para> + + <para>If <link linkend="DOMAINLOGONS"><command>domain logons = yes</command> + </link>, then the default behavior is to enable the <parameter>domain + master</parameter> parameter. If <parameter>domain logons</parameter> is + not enabled (the default setting), then neither will <parameter>domain + master</parameter> be enabled by default.</para> + + <para>Default: <command>domain master = auto</command></para></listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="DONTDESCEND">dont descend (S)</term> + <listitem><para>There are certain directories on some systems + (e.g., the <filename>/proc</filename> tree under Linux) that are either not + of interest to clients or are infinitely deep (recursive). This + parameter allows you to specify a comma-delimited list of directories + that the server should always show as empty.</para> + + <para>Note that Samba can be very fussy about the exact format + of the "dont descend" entries. For example you may need <filename> + ./proc</filename> instead of just <filename>/proc</filename>. + Experimentation is the best policy :-) </para> + + <para>Default: <emphasis>none (i.e., all directories are OK + to descend)</emphasis></para> + <para>Example: <command>dont descend = /proc,/dev</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DOSFILEMODE">dos filemode (S)</term> + <listitem><para> The default behavior in Samba is to provide + UNIX-like behavior where only the owner of a file/directory is + able to change the permissions on it. However, this behavior + is often confusing to DOS/Windows users. Enabling this parameter + allows a user who has write access to the file (by whatever + means) to modify the permissions on it. Note that a user + belonging to the group owning the file will not be allowed to + change permissions if the group is only granted read access. + Ownership of the file/directory is not changed, only the permissions + are modified.</para> + + <para>Default: <command>dos filemode = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DOSFILETIMERESOLUTION">dos filetime resolution (S)</term> + <listitem><para>Under the DOS and Windows FAT filesystem, the finest + granularity on time resolution is two seconds. Setting this parameter + for a share causes Samba to round the reported time down to the + nearest two second boundary when a query call that requires one second + resolution is made to <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> + + <para>This option is mainly used as a compatibility option for Visual + C++ when used against Samba shares. If oplocks are enabled on a + share, Visual C++ uses two different time reading calls to check if a + file has changed since it was last read. One of these calls uses a + one-second granularity, the other uses a two second granularity. As + the two second call rounds any odd second down, then if the file has a + timestamp of an odd number of seconds then the two timestamps will not + match and Visual C++ will keep reporting the file has changed. Setting + this option causes the two timestamps to match, and Visual C++ is + happy.</para> + + <para>Default: <command>dos filetime resolution = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="DOSFILETIMES">dos filetimes (S)</term> + <listitem><para>Under DOS and Windows, if a user can write to a + file they can change the timestamp on it. Under POSIX semantics, + only the owner of the file or root may change the timestamp. By + default, Samba runs with POSIX semantics and refuses to change the + timestamp on a file if the user <command>smbd</command> is acting + on behalf of is not the file owner. Setting this option to <constant> + true</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file + timestamp as DOS requires.</para> + + <para>Default: <command>dos filetimes = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ENCRYPTPASSWORDS">encrypt passwords (G)</term> + <listitem><para>This boolean controls whether encrypted passwords + will be negotiated with the client. Note that Windows NT 4.0 SP3 and + above and also Windows 98 will by default expect encrypted passwords + unless a registry entry is changed. To use encrypted passwords in + Samba see the file ENCRYPTION.txt in the Samba documentation + directory <filename>docs/</filename> shipped with the source code.</para> + + <para>In order for encrypted passwords to work correctly + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> must either + have access to a local <ulink url="smbpasswd.5.html"><filename>smbpasswd(5) + </filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command> + smbpasswd(8)</command></ulink> program for information on how to set up + and maintain this file), or set the <link + linkend="SECURITY">security = [server|domain|ads]</link> parameter which + causes <command>smbd</command> to authenticate against another + server.</para> + + <para>Default: <command>encrypt passwords = yes</command></para></listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="ENHANCEDBROWSING">enhanced browsing (G)</term> + <listitem><para>This option enables a couple of enhancements to + cross-subnet browse propagation that have been added in Samba + but which are not standard in Microsoft implementations. + </para> + + <para>The first enhancement to browse propagation consists of a regular + wildcard query to a Samba WINS server for all Domain Master Browsers, + followed by a browse synchronization with each of the returned + DMBs. The second enhancement consists of a regular randomised browse + synchronization with all currently known DMBs.</para> + + <para>You may wish to disable this option if you have a problem with empty + workgroups not disappearing from browse lists. Due to the restrictions + of the browse protocols these enhancements can cause a empty workgroup + to stay around forever which can be annoying.</para> + + <para>In general you should leave this option enabled as it makes + cross-subnet browse propagation much more reliable.</para> + + <para>Default: <command>enhanced browsing = yes</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="ENUMPORTSCOMMAND">enumports command (G)</term> + <listitem><para>The concept of a "port" is fairly foreign + to UNIX hosts. Under Windows NT/2000 print servers, a port + is associated with a port monitor and generally takes the form of + a local port (i.e. LPT1:, COM1:, FILE:) or a remote port + (i.e. LPD Port Monitor, etc...). By default, Samba has only one + port defined--<constant>"Samba Printer Port"</constant>. Under + Windows NT/2000, all printers must have a valid port name. + If you wish to have a list of ports displayed (<command>smbd + </command> does not use a port name for anything) other than + the default <constant>"Samba Printer Port"</constant>, you + can define <parameter>enumports command</parameter> to point to + a program which should generate a list of ports, one per line, + to standard output. This listing will then be used in response + to the level 1 and 2 EnumPorts() RPC.</para> + + <para>Default: <emphasis>no enumports command</emphasis></para> + <para>Example: <command>enumports command = /usr/bin/listports + </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term><anchor id="EXEC">exec (S)</term> + <listitem><para>This is a synonym for <link linkend="PREEXEC"> + <parameter>preexec</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FAKEDIRECTORYCREATETIMES">fake directory create times (S)</term> + <listitem><para>NTFS and Windows VFAT file systems keep a create + time for all files and directories. This is not the same as the + ctime - status change time - that Unix keeps, so Samba by default + reports the earliest of the various times Unix does keep. Setting + this parameter for a share causes Samba to always report midnight + 1-1-1980 as the create time for directories.</para> + + <para>This option is mainly used as a compatibility option for + Visual C++ when used against Samba shares. Visual C++ generated + makefiles have the object directory as a dependency for each object + file, and a make rule to create the directory. Also, when NMAKE + compares timestamps it uses the creation time when examining a + directory. Thus the object directory will be created if it does not + exist, but once it does exist it will always have an earlier + timestamp than the object files it contains.</para> + + <para>However, Unix time semantics mean that the create time + reported by Samba will be updated whenever a file is created or + or deleted in the directory. NMAKE finds all object files in + the object directory. The timestamp of the last one built is then + compared to the timestamp of the object directory. If the + directory's timestamp if newer, then all object files + will be rebuilt. Enabling this option + ensures directories always predate their contents and an NMAKE build + will proceed as expected.</para> + + <para>Default: <command>fake directory create times = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FAKEOPLOCKS">fake oplocks (S)</term> + <listitem><para>Oplocks are the way that SMB clients get permission + from a server to locally cache file operations. If a server grants + an oplock (opportunistic lock) then the client is free to assume + that it is the only one accessing the file and it will aggressively + cache file data. With some oplock types the client may even cache + file open/close operations. This can give enormous performance benefits. + </para> + + <para>When you set <command>fake oplocks = yes</command>, <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink> will + always grant oplock requests no matter how many clients are using + the file.</para> + + <para>It is generally much better to use the real <link + linkend="OPLOCKS"><parameter>oplocks</parameter></link> support rather + than this parameter.</para> + + <para>If you enable this option on all read-only shares or + shares that you know will only be accessed from one client at a + time such as physically read-only media like CDROMs, you will see + a big performance improvement on many operations. If you enable + this option on shares where multiple clients may be accessing the + files read-write at the same time you can get data corruption. Use + this option carefully!</para> + + <para>Default: <command>fake oplocks = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FOLLOWSYMLINKS">follow symlinks (S)</term> + <listitem><para>This parameter allows the Samba administrator + to stop <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + from following symbolic links in a particular share. Setting this + parameter to <constant>no</constant> prevents any file or directory + that is a symbolic link from being followed (the user will get an + error). This option is very useful to stop users from adding a + symbolic link to <filename>/etc/passwd</filename> in their home + directory for instance. However it will slow filename lookups + down slightly.</para> + + <para>This option is enabled (i.e. <command>smbd</command> will + follow symbolic links) by default.</para> + + <para>Default: <command>follow symlinks = yes</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FORCECREATEMODE">force create mode (S)</term> + <listitem><para>This parameter specifies a set of UNIX mode bit + permissions that will <emphasis>always</emphasis> be set on a + file created by Samba. This is done by bitwise 'OR'ing these bits onto + the mode bits of a file that is being created or having its + permissions changed. The default for this parameter is (in octal) + 000. The modes in this parameter are bitwise 'OR'ed onto the file + mode after the mask set in the <parameter>create mask</parameter> + parameter is applied.</para> + + <para>See also the parameter <link linkend="CREATEMASK"><parameter>create + mask</parameter></link> for details on masking mode bits on files.</para> + + <para>See also the <link linkend="INHERITPERMISSIONS"><parameter>inherit + permissions</parameter></link> parameter.</para> + + <para>Default: <command>force create mode = 000</command></para> + <para>Example: <command>force create mode = 0755</command></para> + + <para>would force all created files to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FORCEDIRECTORYMODE">force directory mode (S)</term> + <listitem><para>This parameter specifies a set of UNIX mode bit + permissions that will <emphasis>always</emphasis> be set on a directory + created by Samba. This is done by bitwise 'OR'ing these bits onto the + mode bits of a directory that is being created. The default for this + parameter is (in octal) 0000 which will not add any extra permission + bits to a created directory. This operation is done after the mode + mask in the parameter <parameter>directory mask</parameter> is + applied.</para> + + <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter> + directory mask</parameter></link> for details on masking mode bits + on created directories.</para> + + <para>See also the <link linkend="INHERITPERMISSIONS"><parameter> + inherit permissions</parameter></link> parameter.</para> + + <para>Default: <command>force directory mode = 000</command></para> + <para>Example: <command>force directory mode = 0755</command></para> + + <para>would force all created directories to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FORCEDIRECTORYSECURITYMODE">force directory + security mode (S)</term> + <listitem><para>This parameter controls what UNIX permission bits + can be modified when a Windows NT client is manipulating the UNIX + permission on a directory using the native NT security dialog box.</para> + + <para>This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a directory, the user has always set to be 'on'.</para> + + <para>If not set explicitly this parameter is 000, which + allows a user to modify all the user/group/world permissions on a + directory without restrictions.</para> + + <para><emphasis>Note</emphasis> that users who can access the + Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + it set as 0000.</para> + + <para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter> + directory security mask</parameter></link>, <link linkend="SECURITYMASK"> + <parameter>security mask</parameter></link>, + <link linkend="FORCESECURITYMODE"><parameter>force security mode + </parameter></link> parameters.</para> + + <para>Default: <command>force directory security mode = 0</command></para> + <para>Example: <command>force directory security mode = 700</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="FORCEGROUP">force group (S)</term> + <listitem><para>This specifies a UNIX group name that will be + assigned as the default primary group for all users connecting + to this service. This is useful for sharing files by ensuring + that all access to files on service will use the named group for + their permissions checking. Thus, by assigning permissions for this + group to the files and directories within this service the Samba + administrator can restrict or allow sharing of these files.</para> + + <para>In Samba 2.0.5 and above this parameter has extended + functionality in the following way. If the group name listed here + has a '+' character prepended to it then the current user accessing + the share only has the primary group default assigned to this group + if they are already assigned as a member of that group. This allows + an administrator to decide that only users who are already in a + particular group will create files with group ownership set to that + group. This gives a finer granularity of ownership assignment. For + example, the setting <filename>force group = +sys</filename> means + that only users who are already in group sys will have their default + primary group assigned to sys when accessing this Samba share. All + other users will retain their ordinary primary group.</para> + + <para>If the <link linkend="FORCEUSER"><parameter>force user + </parameter></link> parameter is also set the group specified in + <parameter>force group</parameter> will override the primary group + set in <parameter>force user</parameter>.</para> + + <para>See also <link linkend="FORCEUSER"><parameter>force + user</parameter></link>.</para> + + <para>Default: <emphasis>no forced group</emphasis></para> + <para>Example: <command>force group = agroup</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FORCESECURITYMODE">force security mode (S)</term> + <listitem><para>This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security dialog + box.</para> + + <para>This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a file, the user has always set to be 'on'.</para> + + <para>If not set explicitly this parameter is set to 0, + and allows a user to modify all the user/group/world permissions on a file, + with no restrictions.</para> + + <para><emphasis>Note</emphasis> that users who can access + the Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + this set to 0000.</para> + + <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter> + force directory security mode</parameter></link>, + <link linkend="DIRECTORYSECURITYMASK"><parameter>directory security + mask</parameter></link>, <link linkend="SECURITYMASK"><parameter> + security mask</parameter></link> parameters.</para> + + <para>Default: <command>force security mode = 0</command></para> + <para>Example: <command>force security mode = 700</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FORCEUSER">force user (S)</term> + <listitem><para>This specifies a UNIX user name that will be + assigned as the default user for all users connecting to this service. + This is useful for sharing files. You should also use it carefully + as using it incorrectly can cause security problems.</para> + + <para>This user name only gets used once a connection is established. + Thus clients still need to connect as a valid user and supply a + valid password. Once connected, all file operations will be performed + as the "forced user", no matter what username the client connected + as. This can be very useful.</para> + + <para>In Samba 2.0.5 and above this parameter also causes the + primary group of the forced user to be used as the primary group + for all file activity. Prior to 2.0.5 the primary group was left + as the primary group of the connecting user (this was a bug).</para> + + <para>See also <link linkend="FORCEGROUP"><parameter>force group + </parameter></link></para> + + <para>Default: <emphasis>no forced user</emphasis></para> + <para>Example: <command>force user = auser</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="FSTYPE">fstype (S)</term> + <listitem><para>This parameter allows the administrator to + configure the string that specifies the type of filesystem a share + is using that is reported by <ulink url="smbd.8.html"><command>smbd(8) + </command></ulink> when a client queries the filesystem type + for a share. The default type is <constant>NTFS</constant> for + compatibility with Windows NT but this can be changed to other + strings such as <constant>Samba</constant> or <constant>FAT + </constant> if required.</para> + + <para>Default: <command>fstype = NTFS</command></para> + <para>Example: <command>fstype = Samba</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="GETWDCACHE">getwd cache (G)</term> + <listitem><para>This is a tuning option. When this is enabled a + caching algorithm will be used to reduce the time taken for getwd() + calls. This can have a significant impact on performance, especially + when the <link linkend="WIDELINKS"><parameter>wide links</parameter> + </link>parameter is set to <constant>false</constant>.</para> + + <para>Default: <command>getwd cache = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="GROUP">group (S)</term> + <listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter>force + group</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="GUESTACCOUNT">guest account (S)</term> + <listitem><para>This is a username which will be used for access + to services which are specified as <link linkend="GUESTOK"><parameter> + guest ok</parameter></link> (see below). Whatever privileges this + user has will be available to any client connecting to the guest service. + Typically this user will exist in the password file, but will not + have a valid login. The user account "ftp" is often a good choice + for this parameter. If a username is specified in a given service, + the specified username overrides this one.</para> + + <para>One some systems the default guest account "nobody" may not + be able to print. Use another account in this case. You should test + this by trying to log in as your guest user (perhaps by using the + <command>su -</command> command) and trying to print using the + system print command such as <command>lpr(1)</command> or <command> + lp(1)</command>.</para> + + <para>Default: <emphasis>specified at compile time, usually + "nobody"</emphasis></para> + + <para>Example: <command>guest account = ftp</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="GUESTOK">guest ok (S)</term> + <listitem><para>If this parameter is <constant>yes</constant> for + a service, then no password is required to connect to the service. + Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter> + guest account</parameter></link>.</para> + + <para>See the section below on <link linkend="SECURITY"><parameter> + security</parameter></link> for more information about this option. + </para> + + <para>Default: <command>guest ok = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="GUESTONLY">guest only (S)</term> + <listitem><para>If this parameter is <constant>yes</constant> for + a service, then only guest connections to the service are permitted. + This parameter will have no effect if <link linkend="GUESTOK"> + <parameter>guest ok</parameter></link> is not set for the service.</para> + + <para>See the section below on <link linkend="SECURITY"><parameter> + security</parameter></link> for more information about this option. + </para> + + <para>Default: <command>guest only = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HIDEDOTFILES">hide dot files (S)</term> + <listitem><para>This is a boolean parameter that controls whether + files starting with a dot appear as hidden files.</para> + + <para>Default: <command>hide dot files = yes</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HIDEFILES">hide files(S)</term> + <listitem><para>This is a list of files or directories that are not + visible but are accessible. The DOS 'hidden' attribute is applied + to any files or directories that match.</para> + + <para>Each entry in the list must be separated by a '/', + which allows spaces to be included in the entry. '*' + and '?' can be used to specify multiple files or directories + as in DOS wildcards.</para> + + <para>Each entry must be a Unix path, not a DOS path and must + not include the Unix directory separator '/'.</para> + + <para>Note that the case sensitivity option is applicable + in hiding files.</para> + + <para>Setting this parameter will affect the performance of Samba, + as it will be forced to check all files and directories for a match + as they are scanned.</para> + + <para>See also <link linkend="HIDEDOTFILES"><parameter>hide + dot files</parameter></link>, <link linkend="VETOFILES"><parameter> + veto files</parameter></link> and <link linkend="CASESENSITIVE"> + <parameter>case sensitive</parameter></link>.</para> + + <para>Default: <emphasis>no file are hidden</emphasis></para> + <para>Example: <command>hide files = + /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para> + + <para>The above example is based on files that the Macintosh + SMB client (DAVE) available from <ulink url="http://www.thursby.com"> + Thursby</ulink> creates for internal use, and also still hides + all files beginning with a dot.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HIDELOCALUSERS">hide local users(G)</term> + <listitem><para>This parameter toggles the hiding of local UNIX + users (root, wheel, floppy, etc) from remote clients.</para> + + <para>Default: <command>hide local users = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HIDEUNREADABLE">hide unreadable (S)</term> + <listitem><para>This parameter prevents clients from seeing the + existance of files that cannot be read. Defaults to off.</para> + + <para>Default: <command>hide unreadable = no</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HOMEDIRMAP">homedir map (G)</term> + <listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir + </parameter></link> is <constant>true</constant>, and <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink> is also acting + as a Win95/98 <parameter>logon server</parameter> then this parameter + specifies the NIS (or YP) map from which the server for the user's + home directory should be extracted. At present, only the Sun + auto.home map format is understood. The form of the map is:</para> + + <para><command>username server:/some/file/system</command></para> + + <para>and the program will extract the servername from before + the first ':'. There should probably be a better parsing system + that copes with different map formats and also Amd (another + automounter) maps.</para> + + <para><emphasis>NOTE :</emphasis>A working NIS client is required on + the system for this option to work.</para> + + <para>See also <link linkend="NISHOMEDIR"><parameter>nis homedir</parameter> + </link>, <link linkend="DOMAINLOGONS"><parameter>domain logons</parameter> + </link>.</para> + + <para>Default: <command>homedir map = <empty string></command></para> + <para>Example: <command>homedir map = amd.homedir</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="HOSTMSDFS">host msdfs (G)</term> + <listitem><para>This boolean parameter is only available + if Samba has been configured and compiled with the <command> + --with-msdfs</command> option. If set to <constant>yes</constant>, + Samba will act as a Dfs server, and allow Dfs-aware clients + to browse Dfs trees hosted on the server.</para> + + <para>See also the <link linkend="MSDFSROOT"><parameter> + msdfs root</parameter></link> share level parameter. For + more information on setting up a Dfs tree on Samba, + refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. + </para> + + <para>Default: <command>host msdfs = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="HOSTSALLOW">hosts allow (S)</term> + <listitem><para>A synonym for this parameter is <parameter>allow + hosts</parameter>.</para> + + <para>This parameter is a comma, space, or tab delimited + set of hosts which are permitted to access a service.</para> + + <para>If specified in the [global] section then it will + apply to all services, regardless of whether the individual + service has a different setting.</para> + + <para>You can specify the hosts by name or IP number. For + example, you could restrict access to only the hosts on a + Class C subnet with something like <command>allow hosts = 150.203.5. + </command>. The full syntax of the list is described in the man + page <filename>hosts_access(5)</filename>. Note that this man + page may not be present on your system, so a brief description will + be given here also.</para> + + <para>Note that the localhost address 127.0.0.1 will always + be allowed access unless specifically denied by a <link + linkend="HOSTSDENY"><parameter>hosts deny</parameter></link> option.</para> + + <para>You can also specify hosts by network/netmask pairs and + by netgroup names if your system supports netgroups. The + <emphasis>EXCEPT</emphasis> keyword can also be used to limit a + wildcard list. The following examples may provide some help:</para> + + <para>Example 1: allow all IPs in 150.203.*.*; except one</para> + + <para><command>hosts allow = 150.203. EXCEPT 150.203.6.66</command></para> + + <para>Example 2: allow hosts that match the given network/netmask</para> + + <para><command>hosts allow = 150.203.15.0/255.255.255.0</command></para> + + <para>Example 3: allow a couple of hosts</para> + + <para><command>hosts allow = lapland, arvidsjaur</command></para> + + <para>Example 4: allow only hosts in NIS netgroup "foonet", but + deny access from one particular host</para> + + <para><command>hosts allow = @foonet</command></para> + + <para><command>hosts deny = pirate</command></para> + + <para>Note that access still requires suitable user-level passwords.</para> + + <para>See <ulink url="testparm.1.html"><command>testparm(1)</command> + </ulink> for a way of testing your host access to see if it does + what you expect.</para> + + <para>Default: <emphasis>none (i.e., all hosts permitted access) + </emphasis></para> + + <para>Example: <command>allow hosts = 150.203.5. myhost.mynet.edu.au + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HOSTSDENY">hosts deny (S)</term> + <listitem><para>The opposite of <parameter>hosts allow</parameter> + - hosts listed here are <emphasis>NOT</emphasis> permitted access to + services unless the specific services have their own lists to override + this one. Where the lists conflict, the <parameter>allow</parameter> + list takes precedence.</para> + + <para>Default: <emphasis>none (i.e., no hosts specifically excluded) + </emphasis></para> + + <para>Example: <command>hosts deny = 150.203.4. badhost.mynet.edu.au + </command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="HOSTSEQUIV">hosts equiv (G)</term> + <listitem><para>If this global parameter is a non-null string, + it specifies the name of a file to read for the names of hosts + and users who will be allowed access without specifying a password. + </para> + + <para>This is not be confused with <link linkend="HOSTSALLOW"> + <parameter>hosts allow</parameter></link> which is about hosts + access to services and is more useful for guest services. <parameter> + hosts equiv</parameter> may be useful for NT clients which will + not supply passwords to Samba.</para> + + <para><emphasis>NOTE :</emphasis> The use of <parameter>hosts equiv + </parameter> can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the + <parameter>hosts equiv</parameter> option be only used if you really + know what you are doing, or perhaps on a home network where you trust + your spouse and kids. And only if you <emphasis>really</emphasis> trust + them :-).</para> + + <para>Default: <emphasis>no host equivalences</emphasis></para> + <para>Example: <command>hosts equiv = /etc/hosts.equiv</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="INCLUDE">include (G)</term> + <listitem><para>This allows you to include one config file + inside another. The file is included literally, as though typed + in place.</para> + + <para>It takes the standard substitutions, except <parameter>%u + </parameter>, <parameter>%P</parameter> and <parameter>%S</parameter>. + </para> + + <para>Default: <emphasis>no file included</emphasis></para> + <para>Example: <command>include = /usr/local/samba/lib/admin_smb.conf + </command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="INHERITPERMISSIONS">inherit permissions (S)</term> + <listitem><para>The permissions on new files and directories + are normally governed by <link linkend="CREATEMASK"><parameter> + create mask</parameter></link>, <link linkend="DIRECTORYMASK"> + <parameter>directory mask</parameter></link>, <link + linkend="FORCECREATEMODE"><parameter>force create mode</parameter> + </link> and <link linkend="FORCEDIRECTORYMODE"><parameter>force + directory mode</parameter></link> but the boolean inherit + permissions parameter overrides this.</para> + + <para>New directories inherit the mode of the parent directory, + including bits such as setgid.</para> + + <para>New files inherit their read/write bits from the parent + directory. Their execute bits continue to be determined by + <link linkend="MAPARCHIVE"><parameter>map archive</parameter> + </link>, <link linkend="MAPHIDDEN"><parameter>map hidden</parameter> + </link> and <link linkend="MAPSYSTEM"><parameter>map system</parameter> + </link> as usual.</para> + + <para>Note that the setuid bit is <emphasis>never</emphasis> set via + inheritance (the code explicitly prohibits this).</para> + + <para>This can be particularly useful on large systems with + many users, perhaps several thousand, to allow a single [homes] + share to be used flexibly by each user.</para> + + <para>See also <link linkend="CREATEMASK"><parameter>create mask + </parameter></link>, <link linkend="DIRECTORYMASK"><parameter> + directory mask</parameter></link>, <link linkend="FORCECREATEMODE"> + <parameter>force create mode</parameter></link> and <link + linkend="FORCEDIRECTORYMODE"><parameter>force directory mode</parameter> + </link>.</para> + + <para>Default: <command>inherit permissions = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="INTERFACES">interfaces (G)</term> + <listitem><para>This option allows you to override the default + network interfaces list that Samba will use for browsing, name + registration and other NBT traffic. By default Samba will query + the kernel for the list of all active interfaces and use any + interfaces except 127.0.0.1 that are broadcast capable.</para> + + <para>The option takes a list of interface strings. Each string + can be in any of the following forms:</para> + + <itemizedlist> + <listitem><para>a network interface name (such as eth0). + This may include shell-like wildcards so eth* will match + any interface starting with the substring "eth"</para></listitem> + + <listitem><para>an IP address. In this case the netmask is + determined from the list of interfaces obtained from the + kernel</para></listitem> + + <listitem><para>an IP/mask pair. </para></listitem> + + <listitem><para>a broadcast/mask pair.</para></listitem> + </itemizedlist> + + <para>The "mask" parameters can either be a bit length (such + as 24 for a C class network) or a full netmask in dotted + decimal form.</para> + + <para>The "IP" parameters above can either be a full dotted + decimal IP address or a hostname which will be looked up via + the OS's normal hostname resolution mechanisms.</para> + + <para>For example, the following line:</para> + + <para><command>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 + </command></para> + + <para>would configure three network interfaces corresponding + to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. + The netmasks of the latter two interfaces would be set to 255.255.255.0.</para> + + <para>See also <link linkend="BINDINTERFACESONLY"><parameter>bind + interfaces only</parameter></link>.</para> + + <para>Default: <emphasis>all active interfaces except 127.0.0.1 + that are broadcast capable</emphasis></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="INVALIDUSERS">invalid users (S)</term> + <listitem><para>This is a list of users that should not be allowed + to login to this service. This is really a <emphasis>paranoid</emphasis> + check to absolutely ensure an improper setting does not breach + your security.</para> + + <para>A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then as a UNIX + group if the name was not found in the NIS netgroup database.</para> + + <para>A name starting with '+' is interpreted only + by looking in the UNIX group database. A name starting with + '&' is interpreted only by looking in the NIS netgroup database + (this requires NIS to be working on your system). The characters + '+' and '&' may be used at the start of the name in either order + so the value <parameter>+&group</parameter> means check the + UNIX group database, followed by the NIS netgroup database, and + the value <parameter>&+group</parameter> means check the NIS + netgroup database, followed by the UNIX group database (the + same as the '@' prefix).</para> + + <para>The current servicename is substituted for <parameter>%S</parameter>. + This is useful in the [homes] section.</para> + + <para>See also <link linkend="VALIDUSERS"><parameter>valid users + </parameter></link>.</para> + + <para>Default: <emphasis>no invalid users</emphasis></para> + <para>Example: <command>invalid users = root fred admin @wheel + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="KEEPALIVE">keepalive (G)</term> + <listitem><para>The value of the parameter (an integer) represents + the number of seconds between <parameter>keepalive</parameter> + packets. If this parameter is zero, no keepalive packets will be + sent. Keepalive packets, if sent, allow the server to tell whether + a client is still present and responding.</para> + + <para>Keepalives should, in general, not be needed if the socket + being used has the SO_KEEPALIVE attribute set on it (see <link + linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link>). + Basically you should only use this option if you strike difficulties.</para> + + <para>Default: <command>keepalive = 300</command></para> + <para>Example: <command>keepalive = 600</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="KERNELOPLOCKS">kernel oplocks (G)</term> + <listitem><para>For UNIXes that support kernel based <link + linkend="OPLOCKS"><parameter>oplocks</parameter></link> + (currently only IRIX and the Linux 2.4 kernel), this parameter + allows the use of them to be turned on or off.</para> + + <para>Kernel oplocks support allows Samba <parameter>oplocks + </parameter> to be broken whenever a local UNIX process or NFS operation + accesses a file that <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink> has oplocked. This allows complete data consistency between + SMB/CIFS, NFS and local file access (and is a <emphasis>very</emphasis> + cool feature :-).</para> + + <para>This parameter defaults to <constant>on</constant>, but is translated + to a no-op on systems that no not have the necessary kernel support. + You should never need to touch this parameter.</para> + + <para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter> + </link> and <link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks + </parameter></link> parameters.</para> + + <para>Default: <command>kernel oplocks = yes</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LANMANAUTH">lanman auth (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will + attempt to authenticate users using the LANMAN password hash. + If disabled, only clients which support NT password hashes (e.g. Windows + NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS + network client) will be able to connect to the Samba host.</para> + + <para>Default : <command>lanman auth = yes</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="LARGEREADWRITE">large readwrite (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> + supports the new 64k streaming read and write varient SMB requests introduced + with Windows 2000. Note that due to Windows 2000 client redirector bugs + this requires Samba to be running on a 64-bit capable operating system such + as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with + Windows 2000 clients. Defaults to on. Not as tested as some other Samba + code paths. + </para> + + <para>Default : <command>large readwrite = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LDAPADMINDN">ldap admin dn (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + The <parameter>ldap admin dn</parameter> defines the Distinguished + Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap + server</link> when retreiving user account information. The <parameter>ldap + admin dn</parameter> is used in conjunction with the admin dn password + stored in the <filename>private/secrets.tdb</filename> file. See the + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man + page for more information on how to accmplish this. + </para> + + + <para>Default : <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPFILTER">ldap filter (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the <constant>uid</constant> + attribute for all entries matching the <constant>sambaAccount</constant> + objectclass. Note that this filter should only return one entry. + </para> + + + <para>Default : <command>ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPPORT">ldap port (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This option is used to control the tcp port number used to contact + the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>. + The default is to use the stand LDAPS port 636. + </para> + + <para>See Also: <link linkend="LDAPSSL">ldap ssl</link> + </para> + + <para>Default : <command>ldap port = 636</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPSERVER">ldap server (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This parameter should contains the FQDN of the ldap directory + server which should be queried to locate user account information. + </para> + + + + <para>Default : <command>ldap server = localhost</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPSSL">ldap ssl (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This option is used to define whether or not Samba should + use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap + server</parameter></link>. This is <emphasis>NOT</emphasis> related to + Samba SSL support which is enabled by specifying the + <command>--with-ssl</command> option to the <filename>configure</filename> + script (see <link linkend="SSL"><parameter>ssl</parameter></link>). + </para> + + <para> + The <parameter>ldap ssl</parameter> can be set to one of three values: + (a) <constant>on</constant> - Always use SSL when contacting the + <parameter>ldap server</parameter>, (b) <constant>off</constant> - + Never use SSL when querying the directory, or (c) <constant>start_tls</constant> + - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. + </para> + + + <para>Default : <command>ldap ssl = on</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LDAPSUFFIX">ldap suffix (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + + + <para>Default : <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + + + + + + <varlistentry> + <term><anchor id="LEVEL2OPLOCKS">level2 oplocks (S)</term> + <listitem><para>This parameter controls whether Samba supports + level2 (read-only) oplocks on a share.</para> + + <para>Level2, or read-only oplocks allow Windows NT clients + that have an oplock on a file to downgrade from a read-write oplock + to a read-only oplock once a second client opens the file (instead + of releasing all oplocks on a second open, as in traditional, + exclusive oplocks). This allows all openers of the file that + support level2 oplocks to cache the file for read-ahead only (ie. + they may not cache writes or lock requests) and increases performance + for many accesses of files that are not commonly written (such as + application .EXE files).</para> + + <para>Once one of the clients which have a read-only oplock + writes to the file all clients are notified (no reply is needed + or waited for) and told to break their oplocks to "none" and + delete any read-ahead caches.</para> + + <para>It is recommended that this parameter be turned on + to speed access to shared executables.</para> + + <para>For more discussions on level2 oplocks see the CIFS spec.</para> + + <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter>kernel + oplocks</parameter></link> are supported then level2 oplocks are + not granted (even if this parameter is set to <constant>yes</constant>). + Note also, the <link linkend="OPLOCKS"><parameter>oplocks</parameter> + </link> parameter must be set to <constant>true</constant> on this share in order for + this parameter to have any effect.</para> + + <para>See also the <link linkend="OPLOCKS"><parameter>oplocks</parameter> + </link> and <link linkend="OPLOCKS"><parameter>kernel oplocks</parameter> + </link> parameters.</para> + + <para>Default: <command>level2 oplocks = yes</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="LMANNOUNCE">lm announce (G)</term> + <listitem><para>This parameter determines if <ulink url="nmbd.8.html"> + <command>nmbd(8)</command></ulink> will produce Lanman announce + broadcasts that are needed by OS/2 clients in order for them to see + the Samba server in their browse list. This parameter can have three + values, <constant>true</constant>, <constant>false</constant>, or + <constant>auto</constant>. The default is <constant>auto</constant>. + If set to <constant>false</constant> Samba will never produce these + broadcasts. If set to <constant>true</constant> Samba will produce + Lanman announce broadcasts at a frequency set by the parameter + <parameter>lm interval</parameter>. If set to <constant>auto</constant> + Samba will not send Lanman announce broadcasts by default but will + listen for them. If it hears such a broadcast on the wire it will + then start sending them at a frequency set by the parameter + <parameter>lm interval</parameter>.</para> + + <para>See also <link linkend="LMINTERVAL"><parameter>lm interval + </parameter></link>.</para> + + <para>Default: <command>lm announce = auto</command></para> + <para>Example: <command>lm announce = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LMINTERVAL">lm interval (G)</term> + <listitem><para>If Samba is set to produce Lanman announce + broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> + <parameter>lm announce</parameter></link> parameter) then this + parameter defines the frequency in seconds with which they will be + made. If this is set to zero then no Lanman announcements will be + made despite the setting of the <parameter>lm announce</parameter> + parameter.</para> + + <para>See also <link linkend="LMANNOUNCE"><parameter>lm + announce</parameter></link>.</para> + + <para>Default: <command>lm interval = 60</command></para> + <para>Example: <command>lm interval = 120</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOADPRINTERS">load printers (G)</term> + <listitem><para>A boolean variable that controls whether all + printers in the printcap will be loaded for browsing by default. + See the <link linkend="PRINTERSSECT">printers</link> section for + more details.</para> + + <para>Default: <command>load printers = yes</command></para></listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="LOCALMASTER">local master (G)</term> + <listitem><para>This option allows <ulink url="nmbd.8.html"><command> + nmbd(8)</command></ulink> to try and become a local master browser + on a subnet. If set to <constant>false</constant> then <command> + nmbd</command> will not attempt to become a local master browser + on a subnet and will also lose in all browsing elections. By + default this value is set to <constant>true</constant>. Setting this value to <constant>true</constant> doesn't + mean that Samba will <emphasis>become</emphasis> the local master + browser on a subnet, just that <command>nmbd</command> will <emphasis> + participate</emphasis> in elections for local master browser.</para> + + <para>Setting this value to <constant>false</constant> will cause <command>nmbd</command> + <emphasis>never</emphasis> to become a local master browser.</para> + + <para>Default: <command>local master = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOCKDIR">lock dir (G)</term> + <listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter> + lock directory</parameter></link>.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOCKDIRECTORY">lock directory (G)</term> + <listitem><para>This option specifies the directory where lock + files will be placed. The lock files are used to implement the + <link linkend="MAXCONNECTIONS"><parameter>max connections</parameter> + </link> option.</para> + + <para>Default: <command>lock directory = ${prefix}/var/locks</command></para> + <para>Example: <command>lock directory = /var/run/samba/locks</command> + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOCKING">locking (S)</term> + <listitem><para>This controls whether or not locking will be + performed by the server in response to lock requests from the + client.</para> + + <para>If <command>locking = no</command>, all lock and unlock + requests will appear to succeed and all lock queries will report + that the file in question is available for locking.</para> + + <para>If <command>locking = yes</command>, real locking will be performed + by the server.</para> + + <para>This option <emphasis>may</emphasis> be useful for read-only + filesystems which <emphasis>may</emphasis> not need locking (such as + CDROM drives), although setting this parameter of <constant>no</constant> + is not really recommended even in this case.</para> + + <para>Be careful about disabling locking either globally or in a + specific service, as lack of locking may result in data corruption. + You should never need to set this parameter.</para> + + <para>Default: <command>locking = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOGFILE">log file (G)</term> + <listitem><para>This option allows you to override the name + of the Samba log file (also known as the debug file).</para> + + <para>This option takes the standard substitutions, allowing + you to have separate log files for each user or machine.</para> + + <para>Example: <command>log file = /usr/local/samba/var/log.%m + </command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOGLEVEL">log level (G)</term> + <listitem><para>The value of the parameter (an integer) allows + the debug level (logging level) to be specified in the + <filename>smb.conf</filename> file. This is to give greater + flexibility in the configuration of the system.</para> + + <para>The default will be the log level specified on + the command line or level zero if none was specified.</para> + + <para>Example: <command>log level = 3</command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOGONDRIVE">logon drive (G)</term> + <listitem><para>This parameter specifies the local path to + which the home directory will be connected (see <link + linkend="LOGONHOME"><parameter>logon home</parameter></link>) + and is only used by NT Workstations. </para> + + <para>Note that this option is only useful if Samba is set up as a + logon server.</para> + + <para>Default: <command>logon drive = z:</command></para> + <para>Example: <command>logon drive = h:</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOGONHOME">logon home (G)</term> + <listitem><para>This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do </para> + + <para><prompt>C:\> </prompt><userinput>NET USE H: /HOME</userinput> + </para> + + <para>from a command prompt, for example.</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way:</para> + + <para><command>logon home = \\%N\%U\profile</command></para> + + <para>This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does <command>net use /home</command> + but use the whole string when dealing with profiles.</para> + + <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> + <parameter>logon path</parameter></link> was returned rather than + <parameter>logon home</parameter>. This broke <command>net use + /home</command> but allowed profiles outside the home directory. + The current implementation is correct, and can be used for + profiles if you use the above trick.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <command>logon home = "\\%N\%U"</command></para> + <para>Example: <command>logon home = "\\remote_smb_server\%U"</command> + </para></listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="LOGONPATH">logon path (G)</term> + <listitem><para>This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> + <parameter>logon home</parameter></link> parameter.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (<filename>desktop</filename>, <filename>start menu</filename>, + <filename>network neighborhood</filename>, <filename>programs</filename> + and other folders, and their contents, are loaded and displayed on + your Windows NT client.</para> + + <para>The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories.</para> + + <para>Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a <emphasis>MAN</emphasis>datory + profile). </para> + + <para>Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems).</para> + + <para>This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.</para> + + <para>Note that this option is only useful if Samba is set up + as a logon server.</para> + + <para>Default: <command>logon path = \\%N\%U\profile</command></para> + <para>Example: <command>logon path = \\PROFILESERVER\PROFILE\%U</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LOGONSCRIPT">logon script (G)</term> + <listitem><para>This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended.</para> + + <para>The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a <link linkend="PATH"> + <parameter>path</parameter></link> of <filename>/usr/local/samba/netlogon + </filename>, and <command>logon script = STARTUP.BAT</command>, then + the file that will be downloaded is:</para> + + <para><filename>/usr/local/samba/netlogon/STARTUP.BAT</filename></para> + + <para>The contents of the batch file are entirely your choice. A + suggested command would be to add <command>NET TIME \\SERVER /SET + /YES</command>, to force every machine to synchronize clocks with + the same time server. Another use would be to add <command>NET USE + U: \\SERVER\UTILS</command> for commonly used utilities, or <command> + NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> + + <para>Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached.</para> + + <para>This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine.</para> + + <para>This option is only useful if Samba is set up as a logon + server.</para> + + <para>Default: <emphasis>no logon script defined</emphasis></para> + <para>Example: <command>logon script = scripts\%U.bat</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LPPAUSECOMMAND">lppause command (S)</term> + <listitem><para>This parameter specifies the command to be + executed on the server host in order to stop printing or spooling + a specific print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number to pause the print job. One way + of implementing this is by using job priorities, where jobs + having a too low priority won't be sent to the printer.</para> + + <para>If a <parameter>%p</parameter> is given then the printer name + is put in its place. A <parameter>%j</parameter> is replaced with + the job number (an integer). On HPUX (see <parameter>printing=hpux + </parameter>), if the <parameter>-p%p</parameter> option is added + to the lpq command, the job will show up with the correct status, i.e. + if the job priority is lower than the set fence priority it will + have the PAUSED status, whereas if the priority is equal or higher it + will have the SPOOLED or PRINTING status.</para> + + <para>Note that it is good practice to include the absolute path + in the lppause command as the PATH may not be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter>printing + </parameter></link> parameter.</para> + + <para>Default: Currently no default value is given to + this string, unless the value of the <parameter>printing</parameter> + parameter is <constant>SYSV</constant>, in which case the default is :</para> + + <para><command>lp -i %p-%j -H hold</command></para> + + <para>or if the value of the <parameter>printing</parameter> parameter + is <constant>SOFTQ</constant>, then the default is:</para> + + <para><command>qstat -s -j%j -h</command></para> + + <para>Example for HPUX: <command>lppause command = /usr/bin/lpalt + %p-%j -p0</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LPQCACHETIME">lpq cache time (G)</term> + <listitem><para>This controls how long lpq info will be cached + for to prevent the <command>lpq</command> command being called too + often. A separate cache is kept for each variation of the <command> + lpq</command> command used by the system, so if you use different + <command>lpq</command> commands for different users then they won't + share cache information.</para> + + <para>The cache files are stored in <filename>/tmp/lpq.xxxx</filename> + where xxxx is a hash of the <command>lpq</command> command in use.</para> + + <para>The default is 10 seconds, meaning that the cached results + of a previous identical <command>lpq</command> command will be used + if the cached data is less than 10 seconds old. A large value may + be advisable if your <command>lpq</command> command is very slow.</para> + + <para>A value of 0 will disable caching completely.</para> + + <para>See also the <link linkend="PRINTING"><parameter>printing + </parameter></link> parameter.</para> + + <para>Default: <command>lpq cache time = 10</command></para> + <para>Example: <command>lpq cache time = 30</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LPQCOMMAND">lpq command (S)</term> + <listitem><para>This parameter specifies the command to be + executed on the server host in order to obtain <command>lpq + </command>-style printer status information.</para> + + <para>This command should be a program or script which + takes a printer name as its only parameter and outputs printer + status information.</para> + + <para>Currently eight styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. + This covers most UNIX systems. You control which type is expected + using the <parameter>printing =</parameter> option.</para> + + <para>Some clients (notably Windows for Workgroups) may not + correctly send the connection number for the printer they are + requesting status information about. To get around this, the + server reports on the first printer service connected to by the + client. This only happens if the connection number sent is invalid.</para> + + <para>If a <parameter>%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command.</para> + + <para>Note that it is good practice to include the absolute path + in the <parameter>lpq command</parameter> as the <envar>$PATH + </envar> may not be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter>printing + </parameter></link> parameter.</para> + + <para>Default: <emphasis>depends on the setting of <parameter> + printing</parameter></emphasis></para> + + <para>Example: <command>lpq command = /usr/bin/lpq -P%p</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LPRESUMECOMMAND">lpresume command (S)</term> + <listitem><para>This parameter specifies the command to be + executed on the server host in order to restart or continue + printing or spooling a specific print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number to resume the print job. See + also the <link linkend="LPPAUSECOMMAND"><parameter>lppause command + </parameter></link> parameter.</para> + + <para>If a <parameter>%p</parameter> is given then the printer name + is put in its place. A <parameter>%j</parameter> is replaced with + the job number (an integer).</para> + + <para>Note that it is good practice to include the absolute path + in the <parameter>lpresume command</parameter> as the PATH may not + be available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter>printing + </parameter></link> parameter.</para> + + <para>Default: Currently no default value is given + to this string, unless the value of the <parameter>printing</parameter> + parameter is <constant>SYSV</constant>, in which case the default is :</para> + + <para><command>lp -i %p-%j -H resume</command></para> + + <para>or if the value of the <parameter>printing</parameter> parameter + is <constant>SOFTQ</constant>, then the default is:</para> + + <para><command>qstat -s -j%j -r</command></para> + + <para>Example for HPUX: <command>lpresume command = /usr/bin/lpalt + %p-%j -p2</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LPRMCOMMAND">lprm command (S)</term> + <listitem><para>This parameter specifies the command to be + executed on the server host in order to delete a print job.</para> + + <para>This command should be a program or script which takes + a printer name and job number, and deletes the print job.</para> + + <para>If a <parameter>%p</parameter> is given then the printer name + is put in its place. A <parameter>%j</parameter> is replaced with + the job number (an integer).</para> + + <para>Note that it is good practice to include the absolute + path in the <parameter>lprm command</parameter> as the PATH may not be + available to the server.</para> + + <para>See also the <link linkend="PRINTING"><parameter>printing + </parameter></link> parameter.</para> + + <para>Default: <emphasis>depends on the setting of <parameter>printing + </parameter></emphasis></para> + + <para>Example 1: <command>lprm command = /usr/bin/lprm -P%p %j + </command></para> + <para>Example 2: <command>lprm command = /usr/bin/cancel %p-%j + </command></para></listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MACHINEPASSWORDTIMEOUT">machine password timeout (G)</term> + <listitem><para>If a Samba server is a member of a Windows + NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) + parameter) then periodically a running <ulink url="smbd.8.html"> + smbd(8)</ulink> process will try and change the MACHINE ACCOUNT + PASSWORD stored in the TDB called <filename>private/secrets.tdb + </filename>. This parameter specifies how often this password + will be changed, in seconds. The default is one week (expressed in + seconds), the same as a Windows NT Domain member server.</para> + + <para>See also <ulink url="smbpasswd.8.html"><command>smbpasswd(8) + </command></ulink>, and the <link linkend="SECURITYEQUALSDOMAIN"> + security = domain</link>) parameter.</para> + + <para>Default: <command>machine password timeout = 604800</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="MAGICOUTPUT">magic output (S)</term> + <listitem><para>This parameter specifies the name of a file + which will contain output created by a magic script (see the + <link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link> + parameter below).</para> + + <para>Warning: If two clients use the same <parameter>magic script + </parameter> in the same directory the output file content + is undefined.</para> + + <para>Default: <command>magic output = <magic script name>.out + </command></para> + + <para>Example: <command>magic output = myfile.txt</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAGICSCRIPT">magic script (S)</term> + <listitem><para>This parameter specifies the name of a file which, + if opened, will be executed by the server when the file is closed. + This allows a UNIX script to be sent to the Samba host and + executed on behalf of the connected user.</para> + + <para>Scripts executed in this way will be deleted upon + completion assuming that the user has the appropriate level + of privilege and the file permissions allow the deletion.</para> + + <para>If the script generates output, output will be sent to + the file specified by the <link linkend="MAGICOUTPUT"><parameter> + magic output</parameter></link> parameter (see above).</para> + + <para>Note that some shells are unable to interpret scripts + containing CR/LF instead of CR as + the end-of-line marker. Magic scripts must be executable + <emphasis>as is</emphasis> on the host, which for some hosts and + some shells will require filtering at the DOS end.</para> + + <para>Magic scripts are <emphasis>EXPERIMENTAL</emphasis> and + should <emphasis>NOT</emphasis> be relied upon.</para> + + <para>Default: <emphasis>None. Magic scripts disabled.</emphasis></para> + <para>Example: <command>magic script = user.csh</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MANGLECASE">mangle case (S)</term> + <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> + NAME MANGLING</link></para> + + <para>Default: <command>mangle case = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="MANGLEDMAP">mangled map (S)</term> + <listitem><para>This is for those who want to directly map UNIX + file names which cannot be represented on Windows/DOS. The mangling + of names is not always what is needed. In particular you may have + documents with file extensions that differ between DOS and UNIX. + For example, under UNIX it is common to use <filename>.html</filename> + for HTML files, whereas under Windows/DOS <filename>.htm</filename> + is more commonly used.</para> + + <para>So to map <filename>html</filename> to <filename>htm</filename> + you would use:</para> + + <para><command>mangled map = (*.html *.htm)</command></para> + + <para>One very useful case is to remove the annoying <filename>;1 + </filename> off the ends of filenames on some CDROMs (only visible + under some UNIXes). To do this use a map of (*;1 *;).</para> + + <para>Default: <emphasis>no mangled map</emphasis></para> + <para>Example: <command>mangled map = (*;1 *;)</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="MANGLEDNAMES">mangled names (S)</term> + <listitem><para>This controls whether non-DOS names under UNIX + should be mapped to DOS-compatible names ("mangled") and made visible, + or whether non-DOS names should simply be ignored.</para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT"> + NAME MANGLING</link> for details on how to control the mangling process.</para> + + <para>If mangling is used then the mangling algorithm is as follows:</para> + + <itemizedlist> + <listitem><para>The first (up to) five alphanumeric characters + before the rightmost dot of the filename are preserved, forced + to upper case, and appear as the first (up to) five characters + of the mangled name.</para></listitem> + + <listitem><para>A tilde "~" is appended to the first part of the mangled + name, followed by a two-character unique sequence, based on the + original root name (i.e., the original filename minus its final + extension). The final extension is included in the hash calculation + only if it contains any upper case characters or is longer than three + characters.</para> + + <para>Note that the character to use may be specified using + the <link linkend="MANGLINGCHAR"><parameter>mangling char</parameter> + </link> option, if you don't like '~'.</para></listitem> + + <listitem><para>The first three alphanumeric characters of the final + extension are preserved, forced to upper case and appear as the + extension of the mangled name. The final extension is defined as that + part of the original filename after the rightmost dot. If there are no + dots in the filename, the mangled name will have no extension (except + in the case of "hidden files" - see below).</para></listitem> + + <listitem><para>Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will be created as + for other filenames, but with the leading dot removed and "___" as + its extension regardless of actual original extension (that's three + underscores).</para></listitem> + </itemizedlist> + + <para>The two-digit hash value consists of upper case + alphanumeric characters.</para> + + <para>This algorithm can cause name collisions only if files + in a directory share the same first five alphanumeric characters. + The probability of such a clash is 1/1300.</para> + + <para>The name mangling (if enabled) allows a file to be + copied between UNIX directories from Windows/DOS while retaining + the long UNIX filename. UNIX files can be renamed to a new extension + from Windows/DOS and will retain the same basename. Mangled names + do not change between sessions.</para> + + <para>Default: <command>mangled names = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MANGLEDSTACK">mangled stack (G)</term> + <listitem><para>This parameter controls the number of mangled names + that should be cached in the Samba server <ulink url="smbd.8.html"> + smbd(8)</ulink>.</para> + + <para>This stack is a list of recently mangled base names + (extensions are only maintained if they are longer than 3 characters + or contains upper case characters).</para> + + <para>The larger this value, the more likely it is that mangled + names can be successfully converted to correct long UNIX names. + However, large stack sizes will slow most directory accesses. Smaller + stacks save memory in the server (each stack element costs 256 bytes). + </para> + + <para>It is not possible to absolutely guarantee correct long + filenames, so be prepared for some surprises!</para> + + <para>Default: <command>mangled stack = 50</command></para> + <para>Example: <command>mangled stack = 100</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="MANGLINGCHAR">mangling char (S)</term> + <listitem><para>This controls what character is used as + the <emphasis>magic</emphasis> character in <link + linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~' + but this may interfere with some software. Use this option to set + it to whatever you prefer.</para> + + <para>Default: <command>mangling char = ~</command></para> + <para>Example: <command>mangling char = ^</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="MAPARCHIVE">map archive (S)</term> + <listitem><para>This controls whether the DOS archive attribute + should be mapped to the UNIX owner execute bit. The DOS archive bit + is set when a file has been modified since its last backup. One + motivation for this option it to keep Samba/your PC from making + any file it touches from becoming executable under UNIX. This can + be quite annoying for shared source code, documents, etc...</para> + + <para>Note that this requires the <parameter>create mask</parameter> + parameter to be set such that owner execute bit is not masked out + (i.e. it must include 100). See the parameter <link linkend="CREATEMASK"> + <parameter>create mask</parameter></link> for details.</para> + + <para>Default: <command>map archive = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAPHIDDEN">map hidden (S)</term> + <listitem><para>This controls whether DOS style hidden files + should be mapped to the UNIX world execute bit.</para> + + <para>Note that this requires the <parameter>create mask</parameter> + to be set such that the world execute bit is not masked out (i.e. + it must include 001). See the parameter <link linkend="CREATEMASK"> + <parameter>create mask</parameter></link> for details.</para> + + <para>Default: <command>map hidden = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="MAPSYSTEM">map system (S)</term> + <listitem><para>This controls whether DOS style system files + should be mapped to the UNIX group execute bit.</para> + + <para>Note that this requires the <parameter>create mask</parameter> + to be set such that the group execute bit is not masked out (i.e. + it must include 010). See the parameter <link linkend="CREATEMASK"> + <parameter>create mask</parameter></link> for details.</para> + + <para>Default: <command>map system = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="MAPTOGUEST">map to guest (G)</term> + <listitem><para>This parameter is only useful in <link linkend="SECURITY"> + security</link> modes other than <parameter>security = share</parameter> + - i.e. <constant>user</constant>, <constant>server</constant>, + and <constant>domain</constant>.</para> + + <para>This parameter can take three different values, which tell + <ulink url="smbd.8.html">smbd(8)</ulink> what to do with user + login requests that don't match a valid UNIX user in some way.</para> + + <para>The three settings are :</para> + + <itemizedlist> + <listitem><para><constant>Never</constant> - Means user login + requests with an invalid password are rejected. This is the + default.</para></listitem> + + <listitem><para><constant>Bad User</constant> - Means user + logins with an invalid password are rejected, unless the username + does not exist, in which case it is treated as a guest login and + mapped into the <link linkend="GUESTACCOUNT"><parameter> + guest account</parameter></link>.</para></listitem> + + <listitem><para><constant>Bad Password</constant> - Means user logins + with an invalid password are treated as a guest login and mapped + into the <link linkend="GUESTACCOUNT">guest account</link>. Note that + this can cause problems as it means that any user incorrectly typing + their password will be silently logged on as "guest" - and + will not know the reason they cannot access files they think + they should - there will have been no message given to them + that they got their password wrong. Helpdesk services will + <emphasis>hate</emphasis> you if you set the <parameter>map to + guest</parameter> parameter this way :-).</para></listitem> + </itemizedlist> + + <para>Note that this parameter is needed to set up "Guest" + share services when using <parameter>security</parameter> modes other than + share. This is because in these modes the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client so the server + cannot make authentication decisions at the correct time (connection + to the share) for "Guest" shares.</para> + + <para>For people familiar with the older Samba releases, this + parameter maps to the old compile-time setting of the <constant> + GUEST_SESSSETUP</constant> value in local.h.</para> + + <para>Default: <command>map to guest = Never</command></para> + <para>Example: <command>map to guest = Bad User</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXCONNECTIONS">max connections (S)</term> + <listitem><para>This option allows the number of simultaneous + connections to a service to be limited. If <parameter>max connections + </parameter> is greater than 0 then connections will be refused if + this number of connections to the service are already open. A value + of zero mean an unlimited number of connections may be made.</para> + + <para>Record lock files are used to implement this feature. The + lock files will be stored in the directory specified by the <link + linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link> + option.</para> + + <para>Default: <command>max connections = 0</command></para> + <para>Example: <command>max connections = 10</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXDISKSIZE">max disk size (G)</term> + <listitem><para>This option allows you to put an upper limit + on the apparent size of disks. If you set this option to 100 + then all shares will appear to be not larger than 100 MB in + size.</para> + + <para>Note that this option does not limit the amount of + data you can put on the disk. In the above case you could still + store much more than 100 MB on the disk, but if a client ever asks + for the amount of free disk space or the total disk size then the + result will be bounded by the amount specified in <parameter>max + disk size</parameter>.</para> + + <para>This option is primarily useful to work around bugs + in some pieces of software that can't handle very large disks, + particularly disks over 1GB in size.</para> + + <para>A <parameter>max disk size</parameter> of 0 means no limit.</para> + + <para>Default: <command>max disk size = 0</command></para> + <para>Example: <command>max disk size = 1000</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXLOGSIZE">max log size (G)</term> + <listitem><para>This option (an integer in kilobytes) specifies + the max size the log file should grow to. Samba periodically checks + the size and if it is exceeded it will rename the file, adding + a <filename>.old</filename> extension.</para> + + <para>A size of 0 means no limit.</para> + + <para>Default: <command>max log size = 5000</command></para> + <para>Example: <command>max log size = 1000</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXMUX">max mux (G)</term> + <listitem><para>This option controls the maximum number of + outstanding simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this parameter.</para> + + <para>Default: <command>max mux = 50</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXOPENFILES">max open files (G)</term> + <listitem><para>This parameter limits the maximum number of + open files that one <ulink url="smbd.8.html">smbd(8)</ulink> file + serving process may have open for a client at any one time. The + default for this parameter is set very high (10,000) as Samba uses + only one bit per unopened file.</para> + + <para>The limit of the number of open files is usually set + by the UNIX per-process file descriptor limit rather than + this parameter so you should never need to touch this parameter.</para> + + <para>Default: <command>max open files = 10000</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXPRINTJOBS">max print jobs (S)</term> + <listitem><para>This parameter limits the maximum number of + jobs allowable in a Samba printer queue at any given moment. + If this number is exceeded, <ulink url="smbd.8.html"><command> + smbd(8)</command></ulink> will remote "Out of Space" to the client. + See all <link linkend="TOTALPRINTJOBS"><parameter>total + print jobs</parameter></link>. + </para> + + <para>Default: <command>max print jobs = 1000</command></para> + <para>Example: <command>max print jobs = 5000</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="MAXPROTOCOL">max protocol (G)</term> + <listitem><para>The value of the parameter (a string) is the highest + protocol level that will be supported by the server.</para> + + <para>Possible values are :</para> + <itemizedlist> + <listitem><para><constant>CORE</constant>: Earliest version. No + concept of user names.</para></listitem> + + <listitem><para><constant>COREPLUS</constant>: Slight improvements on + CORE for efficiency.</para></listitem> + + <listitem><para><constant>LANMAN1</constant>: First <emphasis> + modern</emphasis> version of the protocol. Long filename + support.</para></listitem> + + <listitem><para><constant>LANMAN2</constant>: Updates to Lanman1 protocol. + </para></listitem> + + <listitem><para><constant>NT1</constant>: Current up to date version of + the protocol. Used by Windows NT. Known as CIFS.</para></listitem> + </itemizedlist> + + <para>Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.</para> + + <para>See also <link linkend="MINPROTOCOL"><parameter>min + protocol</parameter></link></para> + + <para>Default: <command>max protocol = NT1</command></para> + <para>Example: <command>max protocol = LANMAN1</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXSMBDPROCESSES">max smbd processes (G)</term> + <listitem><para>This parameter limits the maximum number of + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + processes concurrently running on a system and is intended + as a stopgap to prevent degrading service to clients in the event + that the server has insufficient resources to handle more than this + number of connections. Remember that under normal operating + conditions, each user will have an <ulink url="smbd.8.html">smbd</ulink> associated with him or her + to handle connections to all shares from a given host. + </para> + + <para>Default: <command>max smbd processes = 0</command> ## no limit</para> + <para>Example: <command>max smbd processes = 1000</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="MAXTTL">max ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink> + what the default 'time to live' of NetBIOS names should be (in seconds) + when <command>nmbd</command> is requesting a name using either a + broadcast packet or from a WINS server. You should never need to + change this parameter. The default is 3 days.</para> + + <para>Default: <command>max ttl = 259200</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXWINSTTL">max wins ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8) + </ulink> when acting as a WINS server (<link linkend="WINSSUPPORT"> + <parameter>wins support = yes</parameter></link>) what the maximum + 'time to live' of NetBIOS names that <command>nmbd</command> + will grant will be (in seconds). You should never need to change this + parameter. The default is 6 days (518400 seconds).</para> + + <para>See also the <link linkend="MINWINSTTL"><parameter>min + wins ttl</parameter></link> parameter.</para> + + <para>Default: <command>max wins ttl = 518400</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MAXXMIT">max xmit (G)</term> + <listitem><para>This option controls the maximum packet size + that will be negotiated by Samba. The default is 65535, which + is the maximum. In some cases you may find you get better performance + with a smaller value. A value below 2048 is likely to cause problems. + </para> + + <para>Default: <command>max xmit = 65535</command></para> + <para>Example: <command>max xmit = 8192</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MESSAGECOMMAND">message command (G)</term> + <listitem><para>This specifies what command to run when the + server receives a WinPopup style message.</para> + + <para>This would normally be a command that would + deliver the message somehow. How this is to be done is + up to your imagination.</para> + + <para>An example is:</para> + + <para><command>message command = csh -c 'xedit %s;rm %s' &</command> + </para> + + <para>This delivers the message using <command>xedit</command>, then + removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT + THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I + have the '&' on the end. If it doesn't return immediately then + your PCs may freeze when sending messages (they should recover + after 30 seconds, hopefully).</para> + + <para>All messages are delivered as the global guest user. + The command takes the standard substitutions, although <parameter> + %u</parameter> won't work (<parameter>%U</parameter> may be better + in this case).</para> + + <para>Apart from the standard substitutions, some additional + ones apply. In particular:</para> + + <itemizedlist> + <listitem><para><parameter>%s</parameter> = the filename containing + the message.</para></listitem> + + <listitem><para><parameter>%t</parameter> = the destination that + the message was sent to (probably the server name).</para></listitem> + + <listitem><para><parameter>%f</parameter> = who the message + is from.</para></listitem> + </itemizedlist> + + <para>You could make this command send mail, or whatever else + takes your fancy. Please let us know of any really interesting + ideas you have.</para> + + + <para>Here's a way of sending the messages as mail to root:</para> + + <para><command>message command = /bin/mail -s 'message from %f on + %m' root < %s; rm %s</command></para> + + <para>If you don't have a message command then the message + won't be delivered and Samba will tell the sender there was + an error. Unfortunately WfWg totally ignores the error code + and carries on regardless, saying that the message was delivered. + </para> + + <para>If you want to silently delete it then try:</para> + + <para><command>message command = rm %s</command></para> + + <para>Default: <emphasis>no message command</emphasis></para> + <para>Example: <command>message command = csh -c 'xedit %s; + rm %s' &</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="MINPASSWDLENGTH">min passwd length (G)</term> + <listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH"> + <parameter>min password length</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MINPASSWORDLENGTH">min password length (G)</term> + <listitem><para>This option sets the minimum length in characters + of a plaintext password that <command>smbd</command> will accept when performing + UNIX password changing.</para> + + <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix + password sync</parameter></link>, <link linkend="PASSWDPROGRAM"> + <parameter>passwd program</parameter></link> and <link + linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter> + </link>.</para> + + <para>Default: <command>min password length = 5</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="MINPRINTSPACE">min print space (S)</term> + <listitem><para>This sets the minimum amount of free disk + space that must be available before a user will be able to spool + a print job. It is specified in kilobytes. The default is 0, which + means a user can always spool a print job.</para> + + <para>See also the <link linkend="PRINTING"><parameter>printing + </parameter></link> parameter.</para> + + <para>Default: <command>min print space = 0</command></para> + <para>Example: <command>min print space = 2000</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="MINPROTOCOL">min protocol (G)</term> + <listitem><para>The value of the parameter (a string) is the + lowest SMB protocol dialect than Samba will support. Please refer + to the <link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link> + parameter for a list of valid protocol names and a brief description + of each. You may also wish to refer to the C source code in + <filename>source/smbd/negprot.c</filename> for a listing of known protocol + dialects supported by clients.</para> + + <para>If you are viewing this parameter as a security measure, you should + also refer to the <link linkend="LANMANAUTH"><parameter>lanman + auth</parameter></link> parameter. Otherwise, you should never need + to change this parameter.</para> + + <para>Default : <command>min protocol = CORE</command></para> + <para>Example : <command>min protocol = NT1</command> # disable DOS + clients</para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="MINWINSTTL">min wins ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink> + when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter> + wins support = yes</parameter></link>) what the minimum 'time to live' + of NetBIOS names that <command>nmbd</command> will grant will be (in + seconds). You should never need to change this parameter. The default + is 6 hours (21600 seconds).</para> + + <para>Default: <command>min wins ttl = 21600</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="MSDFSROOT">msdfs root (S)</term> + <listitem><para>This boolean parameter is only available if + Samba is configured and compiled with the <command> + --with-msdfs</command> option. If set to <constant>yes</constant>, + Samba treats the share as a Dfs root and allows clients to browse + the distributed file system tree rooted at the share directory. + Dfs links are specified in the share directory by symbolic + links of the form <filename>msdfs:serverA\shareA,serverB\shareB + </filename> and so on. For more information on setting up a Dfs tree + on Samba, refer to <ulink url="msdfs_setup.html">msdfs_setup.html + </ulink>.</para> + + <para>See also <link linkend="HOSTMSDFS"><parameter>host msdfs + </parameter></link></para> + + <para>Default: <command>msdfs root = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="NAMERESOLVEORDER">name resolve order (G)</term> + <listitem><para>This option is used by the programs in the Samba + suite to determine what naming services to use and in what order + to resolve host names to IP addresses. The option takes a space + separated string of name resolution options.</para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows :</para> + + <itemizedlist> + <listitem><para><constant>lmhosts</constant> : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + any name type matches for lookup.</para></listitem> + + <listitem><para><constant>host</constant> : Do a standard host + name to IP address resolution, using the system <filename>/etc/hosts + </filename>, NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf</filename> + file. Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.</para></listitem> + + <listitem><para><constant>wins</constant> : Query a name with + the IP address listed in the <link linkend="WINSSERVER"><parameter> + wins server</parameter></link> parameter. If no WINS server has + been specified this method will be ignored.</para></listitem> + + <listitem><para><constant>bcast</constant> : Do a broadcast on + each of the known local interfaces listed in the <link + linkend="INTERFACES"><parameter>interfaces</parameter></link> + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.</para></listitem> + </itemizedlist> + + <para>Default: <command>name resolve order = lmhosts host wins bcast + </command></para> + <para>Example: <command>name resolve order = lmhosts bcast host + </command></para> + + <para>This will cause the local lmhosts file to be examined + first, followed by a broadcast attempt, followed by a normal + system hostname lookup.</para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="NETBIOSALIASES">netbios aliases (G)</term> + <listitem><para>This is a list of NetBIOS names that <ulink + url="nmbd.8.html">nmbd(8)</ulink> will advertise as additional + names by which the Samba server is known. This allows one machine + to appear in browse lists under multiple names. If a machine is + acting as a browse server or logon server none + of these names will be advertised as either browse server or logon + servers, only the primary name of the machine will be advertised + with these capabilities.</para> + + <para>See also <link linkend="NETBIOSNAME"><parameter>netbios + name</parameter></link>.</para> + + <para>Default: <emphasis>empty string (no additional names)</emphasis></para> + <para>Example: <command>netbios aliases = TEST TEST1 TEST2</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="NETBIOSNAME">netbios name (G)</term> + <listitem><para>This sets the NetBIOS name by which a Samba + server is known. By default it is the same as the first component + of the host's DNS name. If a machine is a browse server or + logon server this name (or the first component + of the hosts DNS name) will be the name that these services are + advertised under.</para> + + <para>See also <link linkend="NETBIOSALIASES"><parameter>netbios + aliases</parameter></link>.</para> + + <para>Default: <emphasis>machine DNS name</emphasis></para> + <para>Example: <command>netbios name = MYNAME</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="NETBIOSSCOPE">netbios scope (G)</term> + <listitem><para>This sets the NetBIOS scope that Samba will + operate under. This should not be set unless every machine + on your LAN also sets this value.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="NISHOMEDIR">nis homedir (G)</term> + <listitem><para>Get the home share server from a NIS map. For + UNIX systems that use an automounter, the user's home directory + will often be mounted on a workstation on demand from a remote + server. </para> + + <para>When the Samba logon server is not the actual home directory + server, but is mounting the home directories via NFS then two + network hops would be required to access the users home directory + if the logon server told the client to use itself as the SMB server + for home directories (one over SMB and one over NFS). This can + be very slow.</para> + + <para>This option allows Samba to return the home share as + being on a different server to the logon server and as + long as a Samba daemon is running on the home directory server, + it will be mounted on the Samba client directly from the directory + server. When Samba is returning the home share to the client, it + will consult the NIS map specified in <link linkend="HOMEDIRMAP"> + <parameter>homedir map</parameter></link> and return the server + listed there.</para> + + <para>Note that for this option to work there must be a working + NIS system and the Samba server with this option must also + be a logon server.</para> + + <para>Default: <command>nis homedir = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="NONUNIXACCOUNTRANGE">non unix account range (G)</term> + <listitem><para>The non unix account range parameter specifies + the range of 'user ids' that are allocated by the various 'non unix + account' passdb backends. These backends allow + the storage of passwords for users who don't exist in /etc/passwd. + This is most often used for machine account creation. + This range of ids should have no existing local or NIS users within + it as strange conflicts can occur otherwise.</para> + + <para>NOTE: These userids never appear on the system and Samba will never + 'become' these users. They are used only to ensure that the algorithmic + RID mapping does not conflict with normal users. + </para> + + <para>Default: <command>non unix account range = <empty string> + </command></para> + + <para>Example: <command>non unix account range = 10000-20000</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="NTACLSUPPORT">nt acl support (S)</term> + <listitem><para>This boolean parameter controls whether + <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map + UNIX permissions into Windows NT access control lists. + This parameter was formally a global parameter in releases + prior to 2.2.2.</para> + + <para>Default: <command>nt acl support = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="NTPIPESUPPORT">nt pipe support (G)</term> + <listitem><para>This boolean parameter controls whether + <ulink url="smbd.8.html">smbd(8)</ulink> will allow Windows NT + clients to connect to the NT SMB specific <constant>IPC$</constant> + pipes. This is a developer debugging option and can be left + alone.</para> + + <para>Default: <command>nt pipe support = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="NULLPASSWORDS">null passwords (G)</term> + <listitem><para>Allow or disallow client access to accounts + that have null passwords. </para> + + <para>See also <ulink url="smbpasswd.5.html">smbpasswd (5)</ulink>.</para> + + <para>Default: <command>null passwords = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="OBEYPAMRESTRICTIONS">obey pam restrictions (G)</term> + <listitem><para>When Samba 2.2 is configured to enable PAM support + (i.e. --with-pam), this parameter will control whether or not Samba + should obey PAM's account and session management directives. The + default behavior is to use PAM for clear text authentication only + and to ignore any account or session management. Note that Samba + always ignores PAM for authentication in the case of <link + linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords = yes</parameter> + </link>. The reason is that PAM modules cannot support the challenge/response + authentication mechanism needed in the presence of SMB password encryption. + </para> + + <para>Default: <command>obey pam restrictions = no</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="ONLYUSER">only user (S)</term> + <listitem><para>This is a boolean option that controls whether + connections with usernames not in the <parameter>user</parameter> + list will be allowed. By default this option is disabled so that a + client can supply a username to be used by the server. Enabling + this parameter will force the server to only user the login + names from the <parameter>user</parameter> list and is only really + useful in <link linkend="SECURITYEQUALSSHARE">shave level</link> + security.</para> + + <para>Note that this also means Samba won't try to deduce + usernames from the service name. This can be annoying for + the [homes] section. To get around this you could use <command>user = + %S</command> which means your <parameter>user</parameter> list + will be just the service name, which for home directories is the + name of the user.</para> + + <para>See also the <link linkend="USER"><parameter>user</parameter> + </link> parameter.</para> + + <para>Default: <command>only user = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="ONLYGUEST">only guest (S)</term> + <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter> + guest only</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="OPLOCKBREAKWAITTIME">oplock break wait time (G)</term> + <listitem><para>This is a tuning parameter added due to bugs in + both Windows 9x and WinNT. If Samba responds to a client too + quickly when that client issues an SMB that can cause an oplock + break request, then the network client can fail and not respond + to the break request. This tuning parameter (which is set in milliseconds) + is the amount of time Samba will wait before sending an oplock break + request to such (broken) clients.</para> + + <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> + + <para>Default: <command>oplock break wait time = 0</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="OPLOCKCONTENTIONLIMIT">oplock contention limit (S)</term> + <listitem><para>This is a <emphasis>very</emphasis> advanced + <ulink url="smbd.8.html">smbd(8)</ulink> tuning option to + improve the efficiency of the granting of oplocks under multiple + client contention for the same file.</para> + + <para>In brief it specifies a number, which causes <ulink url="smbd.8.html">smbd</ulink> not to + grant an oplock even when requested if the approximate number of + clients contending for an oplock on the same file goes over this + limit. This causes <command>smbd</command> to behave in a similar + way to Windows NT.</para> + + <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> + + <para>Default: <command>oplock contention limit = 2</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="OPLOCKS">oplocks (S)</term> + <listitem><para>This boolean option tells <command>smbd</command> whether to + issue oplocks (opportunistic locks) to file open requests on this + share. The oplock code can dramatically (approx. 30% or more) improve + the speed of access to files on Samba servers. It allows the clients + to aggressively cache files locally and you may want to disable this + option for unreliable network environments (it is turned on by + default in Windows NT Servers). For more information see the file + <filename>Speed.txt</filename> in the Samba <filename>docs/</filename> + directory.</para> + + <para>Oplocks may be selectively turned off on certain files with a + share. See the <link linkend="VETOOPLOCKFILES"><parameter> + veto oplock files</parameter></link> parameter. On some systems + oplocks are recognized by the underlying operating system. This + allows data synchronization between all access to oplocked files, + whether it be via Samba or NFS or a local UNIX process. See the + <parameter>kernel oplocks</parameter> parameter for details.</para> + + <para>See also the <link linkend="KERNELOPLOCKS"><parameter>kernel + oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter> + level2 oplocks</parameter></link> parameters.</para> + + <para>Default: <command>oplocks = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="OSLEVEL">os level (G)</term> + <listitem><para>This integer value controls what level Samba + advertises itself as for browse elections. The value of this + parameter determines whether <ulink url="nmbd.8.html">nmbd(8)</ulink> + has a chance of becoming a local master browser for the <parameter> + WORKGROUP</parameter> in the local broadcast area.</para> + + <para><emphasis>Note :</emphasis>By default, Samba will win + a local master browsing election over all Microsoft operating + systems except a Windows NT 4.0/2000 Domain Controller. This + means that a misconfigured Samba host can effectively isolate + a subnet for browsing purposes. See <filename>BROWSING.txt + </filename> in the Samba <filename>docs/</filename> directory + for details.</para> + + <para>Default: <command>os level = 20</command></para> + <para>Example: <command>os level = 65 </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="OS2DRIVERMAP">os2 driver map (G)</term> + <listitem><para>The parameter is used to define the absolute + path to a file containing a mapping of Windows NT printer driver + names to OS/2 printer driver names. The format is:</para> + + <para><nt driver name> = <os2 driver + name>.<device name></para> + + <para>For example, a valid entry using the HP LaserJet 5 + printer driver would appear as <command>HP LaserJet 5L = LASERJET.HP + LaserJet 5L</command>.</para> + + <para>The need for the file is due to the printer driver namespace + problem described in the <ulink url="printer_driver2.html">Samba + Printing HOWTO</ulink>. For more details on OS/2 clients, please + refer to the <ulink url="OS2-Client-HOWTO.html">OS2-Client-HOWTO + </ulink> containing in the Samba documentation.</para> + + <para>Default: <command>os2 driver map = <empty string> + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PAMPASSWORDCHANGE">pam password change (G)</term> + <listitem><para>With the addition of better PAM support in Samba 2.2, + this parameter, it is possible to use PAM's password change control + flag for Samba. If enabled, then PAM will be used for password + changes when requested by an SMB client instead of the program listed in + <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link>. + It should be possible to enable this without changing your + <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link> + parameter for most setups. + </para> + + <para>Default: <command>pam password change = no</command></para> + + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PANICACTION">panic action (G)</term> + <listitem><para>This is a Samba developer option that allows a + system command to be called when either <ulink url="smbd.8.html"> + smbd(8)</ulink> or <ulink url="nmbd.8.html">nmbd(8)</ulink> + crashes. This is usually used to draw attention to the fact that + a problem occurred.</para> + + <para>Default: <command>panic action = <empty string></command></para> + <para>Example: <command>panic action = "/bin/sleep 90000"</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PASSDBBACKEND">passdb backend (G)</term> + <listitem><para>This option allows the administrator to chose what + backend in which to store passwords. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. Only one can + be used at a time however, and experimental backends must still be selected + (eg --with-tdbsam) at configure time. + </para> + + <para>This paramater is in two parts, the backend's name, and a 'location' + string that has meaning only to that particular backed. These are separated + by a : character.</para> + + <para>Available backends can include: + <itemizedlist> + <listitem><para><command>smbpasswd</command> - The default smbpasswd + backend. Takes a path to the smbpasswd file as an optional argument.</para></listitem> + + <listitem><para><command>smbpasswd_nua</command> - The smbpasswd + backend, but with support for 'not unix accounts'. + Takes a path to the smbpasswd file as an optional argument.</para> + <para>See also <link linkend="NONUNIXACCOUNTRANGE"> + <parameter>non unix account range</parameter></link></para></listitem> + + <listitem><para><command>tdbsam</command> - The TDB based password storage + backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb + in the <link linkend="PRIVATEDIR"> + <parameter>private dir</parameter></link> directory.</para></listitem> + + <listitem><para><command>tdbsam_nua</command> - The TDB based password storage + backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb + in the <link linkend="PRIVATEDIR"> + <parameter>private dir</parameter></link> directory.</para> + <para>See also <link linkend="NONUNIXACCOUNTRANGE"> + <parameter>non unix account range</parameter></link></para></listitem> + + <listitem><para><command>ldapsam</command> - The LDAP based passdb + backend. Takes an LDAP URL as an optional argument (defaults to + <command>ldap://localhost</command>)</para></listitem> + + <listitem><para><command>ldapsam_nua</command> - The LDAP based passdb + backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to + <command>ldap://localhost</command>)</para> + <para>See also <link linkend="NONUNIXACCOUNTRANGE"> + <parameter>non unix account range</parameter></link></para></listitem> + + <listitem><para><command>plugin</command> - Allows Samba to load an + arbitary passdb backend from the .so specified as a compulsary argument. + </para> + + <para>Any characters after the (optional) second : are passed to the plugin + for its own processing</para> + </listitem> + + </itemizedlist> + </para> + + <para>Default: <command>passdb backend = smbpasswd</command></para> + <para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb</command></para> + <para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com</command></para> + <para>Example: <command>passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PASSWDCHAT">passwd chat (G)</term> + <listitem><para>This string controls the <emphasis>"chat"</emphasis> + conversation that takes places between <ulink + url="smbd.8.html">smbd</ulink> and the local password changing + program to change the user's password. The string describes a + sequence of response-receive pairs that <ulink url="smbd.8.html"> + smbd(8)</ulink> uses to determine what to send to the + <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter> + </link> and what to expect back. If the expected output is not + received then the password is not changed.</para> + + <para>This chat sequence is often quite site specific, depending + on what local methods are used for password control (such as NIS + etc).</para> + <para>Note that this parameter only is only used if the <link + linkend="UNIXPASSWORDSYNC"><parameter>unix + password sync</parameter></link> parameter is set to <constant>yes</constant>. This + sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password + in the smbpasswd file is being changed, without access to the old + password cleartext. This means that root must be able to reset the user's password + without knowing the text of the previous password. In the presence of NIS/YP, + this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be + executed on the NIS master. + </para> + + + <para>The string can contain the macro <parameter>%n</parameter> which is substituted + for the new password. The chat sequence can also contain the standard + macros <constant>\n</constant>, <constant>\r</constant>, <constant> + \t</constant> and <constant>\s</constant> to give line-feed, + carriage-return, tab and space. The chat sequence string can also contain + a '*' which matches any sequence of characters. + Double quotes can be used to collect strings with spaces + in them into a single string.</para> + + <para>If the send string in any part of the chat sequence + is a full stop ".", then no string is sent. Similarly, + if the expect string is a full stop then no string is expected.</para> + + <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter>pam + password change</parameter></link> parameter is set to true, the chat pairs + may be matched in any order, and success is determined by the PAM result, + not any particular output. The \n macro is ignored for PAM conversions. + </para> + + <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix password + sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter> + passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG"> + <parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> + <parameter>pam password change</parameter></link>.</para> + + <para>Default: <command>passwd chat = *new*password* %n\n + *new*password* %n\n *changed*</command></para> + <para>Example: <command>passwd chat = "*Enter OLD password*" %o\n + "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password + changed*"</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PASSWDCHATDEBUG">passwd chat debug (G)</term> + <listitem><para>This boolean specifies if the passwd chat script + parameter is run in <emphasis>debug</emphasis> mode. In this mode the + strings passed to and received from the passwd chat are printed + in the <ulink url="smbd.8.html">smbd(8)</ulink> log with a + <link linkend="DEBUGLEVEL"><parameter>debug level</parameter></link> + of 100. This is a dangerous option as it will allow plaintext passwords + to be seen in the <command>smbd</command> log. It is available to help + Samba admins debug their <parameter>passwd chat</parameter> scripts + when calling the <parameter>passwd program</parameter> and should + be turned off after this has been done. This option has no effect if the + <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link> + paramter is set. This parameter is off by default.</para> + + + <para>See also <link linkend="PASSWDCHAT"><parameter>passwd chat</parameter> + </link>, <link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter> + </link>, <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter> + </link>.</para> + + <para>Default: <command>passwd chat debug = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PASSWDPROGRAM">passwd program (G)</term> + <listitem><para>The name of a program that can be used to set + UNIX user passwords. Any occurrences of <parameter>%u</parameter> + will be replaced with the user name. The user name is checked for + existence before calling the password changing program.</para> + + <para>Also note that many passwd programs insist in <emphasis>reasonable + </emphasis> passwords, such as a minimum length, or the inclusion + of mixed case chars and digits. This can pose a problem as some clients + (such as Windows for Workgroups) uppercase the password before sending + it.</para> + + <para><emphasis>Note</emphasis> that if the <parameter>unix + password sync</parameter> parameter is set to <constant>true + </constant> then this program is called <emphasis>AS ROOT</emphasis> + before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5) + </ulink> file is changed. If this UNIX password change fails, then + <command>smbd</command> will fail to change the SMB password also + (this is by design).</para> + + <para>If the <parameter>unix password sync</parameter> parameter + is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> + for <emphasis>ALL</emphasis> programs called, and must be examined + for security implications. Note that by default <parameter>unix + password sync</parameter> is set to <constant>false</constant>.</para> + + <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter>unix + password sync</parameter></link>.</para> + + <para>Default: <command>passwd program = /bin/passwd</command></para> + <para>Example: <command>passwd program = /sbin/npasswd %u</command> + </para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PASSWORDLEVEL">password level (G)</term> + <listitem><para>Some client/server combinations have difficulty + with mixed-case passwords. One offending client is Windows for + Workgroups, which for some reason forces passwords to upper + case when using the LANMAN1 protocol, but leaves them alone when + using COREPLUS! Another problem child is the Windows 95/98 + family of operating systems. These clients upper case clear + text passwords even when NT LM 0.12 selected by the protocol + negotiation request/response.</para> + + <para>This parameter defines the maximum number of characters + that may be upper case in passwords.</para> + + <para>For example, say the password given was "FRED". If <parameter> + password level</parameter> is set to 1, the following combinations + would be tried if "FRED" failed:</para> + + <para>"Fred", "fred", "fRed", "frEd","freD"</para> + + <para>If <parameter>password level</parameter> was set to 2, + the following combinations would also be tried: </para> + + <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para> + + <para>And so on.</para> + + <para>The higher value this parameter is set to the more likely + it is that a mixed case password will be matched against a single + case password. However, you should be aware that use of this + parameter reduces security and increases the time taken to + process a new connection.</para> + + <para>A value of zero will cause only two attempts to be + made - the password as is and the password in all-lower case.</para> + + <para>Default: <command>password level = 0</command></para> + <para>Example: <command>password level = 4</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PASSWORDSERVER">password server (G)</term> + <listitem><para>By specifying the name of another SMB server (such + as a WinNT box) with this option, and using <command>security = domain + </command> or <command>security = server</command> you can get Samba + to do all its username/password validation via a remote server.</para> + + <para>This option sets the name of the password server to use. + It must be a NetBIOS name, so if the machine's NetBIOS name is + different from its Internet name then you may have to add its NetBIOS + name to the lmhosts file which is stored in the same directory + as the <filename>smb.conf</filename> file.</para> + + <para>The name of the password server is looked up using the + parameter <link linkend="NAMERESOLVEORDER"><parameter>name + resolve order</parameter></link> and so may resolved + by any method and order described in that parameter.</para> + + <para>The password server much be a machine capable of using + the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in + user level security mode.</para> + + <para><emphasis>NOTE:</emphasis> Using a password server + means your UNIX box (running Samba) is only as secure as your + password server. <emphasis>DO NOT CHOOSE A PASSWORD SERVER THAT + YOU DON'T COMPLETELY TRUST</emphasis>.</para> + + <para>Never point a Samba server at itself for password + serving. This will cause a loop and could lock up your Samba + server!</para> + + <para>The name of the password server takes the standard + substitutions, but probably the only useful one is <parameter>%m + </parameter>, which means the Samba server will use the incoming + client as the password server. If you use this then you better + trust your clients, and you had better restrict them with hosts allow!</para> + + <para>If the <parameter>security</parameter> parameter is set to + <constant>domain</constant>, then the list of machines in this + option must be a list of Primary or Backup Domain controllers for the + Domain or the character '*', as the Samba server is effectively + in that domain, and will use cryptographically authenticated RPC calls + to authenticate the user logging on. The advantage of using <command> + security = domain</command> is that if you list several hosts in the + <parameter>password server</parameter> option then <command>smbd + </command> will try each in turn till it finds one that responds. This + is useful in case your primary server goes down.</para> + + <para>If the <parameter>password server</parameter> option is set + to the character '*', then Samba will attempt to auto-locate the + Primary or Backup Domain controllers to authenticate against by + doing a query for the name <constant>WORKGROUP<1C></constant> + and then contacting each server returned in the list of IP + addresses from the name resolution source. </para> + + <para>If the <parameter>security</parameter> parameter is + set to <constant>server</constant>, then there are different + restrictions that <command>security = domain</command> doesn't + suffer from:</para> + + <itemizedlist> + <listitem><para>You may list several password servers in + the <parameter>password server</parameter> parameter, however if an + <command>smbd</command> makes a connection to a password server, + and then the password server fails, no more users will be able + to be authenticated from this <command>smbd</command>. This is a + restriction of the SMB/CIFS protocol when in <command>security = server + </command> mode and cannot be fixed in Samba.</para></listitem> + + <listitem><para>If you are using a Windows NT server as your + password server then you will have to ensure that your users + are able to login from the Samba server, as when in <command> + security = server</command> mode the network logon will appear to + come from there rather than from the users workstation.</para></listitem> + </itemizedlist> + + <para>See also the <link linkend="SECURITY"><parameter>security + </parameter></link> parameter.</para> + + <para>Default: <command>password server = <empty string></command> + </para> + <para>Example: <command>password server = NT-PDC, NT-BDC1, NT-BDC2 + </command></para> + <para>Example: <command>password server = *</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PATH">path (S)</term> + <listitem><para>This parameter specifies a directory to which + the user of the service is to be given access. In the case of + printable services, this is where print data will spool prior to + being submitted to the host for printing.</para> + + <para>For a printable service offering guest access, the service + should be readonly and the path should be world-writeable and + have the sticky bit set. This is not mandatory of course, but + you probably won't get the results you expect if you do + otherwise.</para> + + <para>Any occurrences of <parameter>%u</parameter> in the path + will be replaced with the UNIX username that the client is using + on this connection. Any occurrences of <parameter>%m</parameter> + will be replaced by the NetBIOS name of the machine they are + connecting from. These replacements are very useful for setting + up pseudo home directories for users.</para> + + <para>Note that this path will be based on <link linkend="ROOTDIR"> + <parameter>root dir</parameter></link> if one was specified.</para> + + <para>Default: <emphasis>none</emphasis></para> + <para>Example: <command>path = /home/fred</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="POSIXLOCKING">posix locking (S)</term> + <listitem><para>The <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + daemon maintains an database of file locks obtained by SMB clients. + The default behavior is to map this internal database to POSIX + locks. This means that file locks obtained by SMB clients are + consistent with those seen by POSIX compliant applications accessing + the files via a non-SMB method (e.g. NFS or local file access). + You should never need to disable this parameter.</para> + + <para>Default: <command>posix locking = yes</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="POSTEXEC">postexec (S)</term> + <listitem><para>This option specifies a command to be run + whenever the service is disconnected. It takes the usual + substitutions. The command may be run as the root on some + systems.</para> + + <para>An interesting example may be to unmount server + resources:</para> + + <para><command>postexec = /etc/umount /cdrom</command></para> + + <para>See also <link linkend="PREEXEC"><parameter>preexec</parameter> + </link>.</para> + + <para>Default: <emphasis>none (no command executed)</emphasis> + </para> + + <para>Example: <command>postexec = echo \"%u disconnected from %S + from %m (%I)\" >> /tmp/log</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="POSTSCRIPT">postscript (S)</term> + <listitem><para>This parameter forces a printer to interpret + the print files as PostScript. This is done by adding a <constant>%! + </constant> to the start of print output.</para> + + <para>This is most useful when you have lots of PCs that persist + in putting a control-D at the start of print jobs, which then + confuses your printer.</para> + + <para>Default: <command>postscript = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PREEXEC">preexec (S)</term> + <listitem><para>This option specifies a command to be run whenever + the service is connected to. It takes the usual substitutions.</para> + + <para>An interesting example is to send the users a welcome + message every time they log in. Maybe a message of the day? Here + is an example:</para> + + <para><command>preexec = csh -c 'echo \"Welcome to %S!\" | + /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> + + <para>Of course, this could get annoying after a while :-)</para> + + <para>See also <link linkend="PREEXECCLOSE"><parameter>preexec close + </parameter</link> and <link linkend="POSTEXEC"><parameter>postexec + </parameter></link>.</para> + + <para>Default: <emphasis>none (no command executed)</emphasis></para> + <para>Example: <command>preexec = echo \"%u connected to %S from %m + (%I)\" >> /tmp/log</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PREEXECCLOSE">preexec close (S)</term> + <listitem><para>This boolean option controls whether a non-zero + return code from <link linkend="PREEXEC"><parameter>preexec + </parameter></link> should close the service being connected to.</para> + + <para>Default: <command>preexec close = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PREFERREDMASTER">preferred master (G)</term> + <listitem><para>This boolean parameter controls if <ulink + url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser + for its workgroup.</para> + + <para>If this is set to <constant>true</constant>, on startup, <command>nmbd</command> + will force an election, and it will have a slight advantage in + winning the election. It is recommended that this parameter is + used in conjunction with <command><link linkend="DOMAINMASTER"><parameter> + domain master</parameter></link> = yes</command>, so that <command> + nmbd</command> can guarantee becoming a domain master.</para> + + <para>Use this option with caution, because if there are several + hosts (whether Samba servers, Windows 95 or NT) that are preferred + master browsers on the same subnet, they will each periodically + and continuously attempt to become the local master browser. + This will result in unnecessary broadcast traffic and reduced browsing + capabilities.</para> + + <para>See also <link linkend="OSLEVEL"><parameter>os level</parameter> + </link>.</para> + + <para>Default: <command>preferred master = auto</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PREFEREDMASTER">prefered master (G)</term> + <listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter> + preferred master</parameter></link> for people who cannot spell :-).</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRELOAD">preload</term> + <listitem><para>This is a list of services that you want to be + automatically added to the browse lists. This is most useful + for homes and printers services that would otherwise not be + visible.</para> + + <para>Note that if you just want all printers in your + printcap file loaded then the <link linkend="LOADPRINTERS"> + <parameter>load printers</parameter></link> option is easier.</para> + + <para>Default: <emphasis>no preloaded services</emphasis></para> + + <para>Example: <command>preload = fred lp colorlp</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PRESERVECASE">preserve case (S)</term> + <listitem><para> This controls if new filenames are created + with the case that the client passes, or if they are forced to + be the <link linkend="DEFAULTCASE"><parameter>default case + </parameter></link>.</para> + + <para>Default: <command>preserve case = yes</command></para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME + MANGLING</link> for a fuller discussion.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTCOMMAND">print command (S)</term> + <listitem><para>After a print job has finished spooling to + a service, this command will be used via a <command>system()</command> + call to process the spool file. Typically the command specified will + submit the spool file to the host's printing subsystem, but there + is no requirement that this be the case. The server will not remove + the spool file, so whatever command you specify should remove the + spool file when it has been processed, otherwise you will need to + manually remove old spool files.</para> + + <para>The print command is simply a text string. It will be used + verbatim, with two exceptions: All occurrences of <parameter>%s + </parameter> and <parameter>%f</parameter> will be replaced by the + appropriate spool file name, and all occurrences of <parameter>%p + </parameter> will be replaced by the appropriate printer name. The + spool file name is generated automatically by the server. The + <parameter>%J</parameter> macro can be used to access the job + name as transmitted by the client.</para> + + <para>The print command <emphasis>MUST</emphasis> contain at least + one occurrence of <parameter>%s</parameter> or <parameter>%f + </parameter> - the <parameter>%p</parameter> is optional. At the time + a job is submitted, if no printer name is supplied the <parameter>%p + </parameter> will be silently removed from the printer command.</para> + + <para>If specified in the [global] section, the print command given + will be used for any printable service that does not have its own + print command specified.</para> + + <para>If there is neither a specified print command for a + printable service nor a global print command, spool files will + be created but not processed and (most importantly) not removed.</para> + + <para>Note that printing may fail on some UNIXes from the + <constant>nobody</constant> account. If this happens then create + an alternative guest account that can print and set the <link + linkend="GUESTACCOUNT"><parameter>guest account</parameter></link> + in the [global] section.</para> + + <para>You can form quite complex print commands by realizing + that they are just passed to a shell. For example the following + will log a print job, print the file, then remove it. Note that + ';' is the usual separator for command in shell scripts.</para> + + <para><command>print command = echo Printing %s >> + /tmp/print.log; lpr -P %p %s; rm %s</command></para> + + <para>You may have to vary this command considerably depending + on how you normally print files on your system. The default for + the parameter varies depending on the setting of the <link linkend="PRINTING"> + <parameter>printing</parameter></link> parameter.</para> + + <para>Default: For <command>printing = BSD, AIX, QNX, LPRNG + or PLP :</command></para> + <para><command>print command = lpr -r -P%p %s</command></para> + + <para>For <command>printing = SYSV or HPUX :</command></para> + <para><command>print command = lp -c -d%p %s; rm %s</command></para> + + <para>For <command>printing = SOFTQ :</command></para> + <para><command>print command = lp -d%p -s %s; rm %s</command></para> + + <para>Example: <command>print command = /usr/local/samba/bin/myprintscript + %p %s</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTOK">print ok (S)</term> + <listitem><para>Synonym for <link linkend="PRINTABLE"> + <parameter>printable</parameter></link>.</para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PRINTABLE">printable (S)</term> + <listitem><para>If this parameter is <constant>yes</constant>, then + clients may open, write to and submit spool files on the directory + specified for the service. </para> + + <para>Note that a printable service will ALWAYS allow writing + to the service path (user privileges permitting) via the spooling + of print data. The <link linkend="WRITEABLE"><parameter>writeable + </parameter></link> parameter controls only non-printing access to + the resource.</para> + + <para>Default: <command>printable = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTCAP">printcap (G)</term> + <listitem><para>Synonym for <link linkend="PRINTCAPNAME"><parameter> + printcap name</parameter></link>.</para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PRINTCAPNAME">printcap name (G)</term> + <listitem><para>This parameter may be used to override the + compiled-in default printcap name used by the server (usually <filename> + /etc/printcap</filename>). See the discussion of the <link + linkend="PRINTERSSECT">[printers]</link> section above for reasons + why you might want to do this.</para> + + <para>On System V systems that use <command>lpstat</command> to + list available printers you can use <command>printcap name = lpstat + </command> to automatically obtain lists of available printers. This + is the default for systems that define SYSV at configure time in + Samba (this includes most System V based systems). If <parameter> + printcap name</parameter> is set to <command>lpstat</command> on + these systems then Samba will launch <command>lpstat -v</command> and + attempt to parse the output to obtain a printer list.</para> + + <para>A minimal printcap file would look something like this:</para> + + <para><programlisting> + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + </programlisting></para> + + <para>where the '|' separates aliases of a printer. The fact + that the second alias has a space in it gives a hint to Samba + that it's a comment.</para> + + <para><emphasis>NOTE</emphasis>: Under AIX the default printcap + name is <filename>/etc/qconfig</filename>. Samba will assume the + file is in AIX <filename>qconfig</filename> format if the string + <filename>qconfig</filename> appears in the printcap filename.</para> + + <para>Default: <command>printcap name = /etc/printcap</command></para> + <para>Example: <command>printcap name = /etc/myprintcap</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="PRINTERADMIN">printer admin (S)</term> + <listitem><para>This is a list of users that can do anything to + printers via the remote administration interfaces offered by MS-RPC + (usually using a NT workstation). Note that the root user always + has admin rights.</para> + + <para>Default: <command>printer admin = <empty string></command> + </para> + <para>Example: <command>printer admin = admin, @staff</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="PRINTERDRIVER">printer driver (S)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This option allows you to control the string + that clients receive when they ask the server for the printer driver + associated with a printer. If you are using Windows95 or Windows NT + then you can use this to automate the setup of printers on your + system.</para> + + <para>You need to set this parameter to the exact string (case + sensitive) that describes the appropriate printer driver for your + system. If you don't know the exact string to use then you should + first try with no <link linkend="PRINTERDRIVER"><parameter> + printer driver</parameter></link> option set and the client will + give you a list of printer drivers. The appropriate strings are + shown in a scroll box after you have chosen the printer manufacturer.</para> + + <para>See also <link linkend="PRINTERDRIVERFILE"><parameter>printer + driver file</parameter></link>.</para> + + <para>Example: <command>printer driver = HP LaserJet 4L</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTERDRIVERFILE">printer driver file (G)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This parameter tells Samba where the printer driver + definition file, used when serving drivers to Windows 95 clients, is + to be found. If this is not set, the default is :</para> + + <para><filename><replaceable>SAMBA_INSTALL_DIRECTORY</replaceable> + /lib/printers.def</filename></para> + + <para>This file is created from Windows 95 <filename>msprint.inf + </filename> files found on the Windows 95 client system. For more + details on setting up serving of printer drivers to Windows 95 + clients, see the outdated documentation file in the <filename>docs/</filename> + directory, <filename>PRINTER_DRIVER.txt</filename>.</para> + + <para>See also <link linkend="PRINTERDRIVERLOCATION"><parameter> + printer driver location</parameter></link>.</para> + + <para>Default: <emphasis>None (set in compile).</emphasis></para> + + <para>Example: <command>printer driver file = + /usr/local/samba/printers/drivers.def</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PRINTERDRIVERLOCATION">printer driver location (S)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This parameter tells clients of a particular printer + share where to find the printer driver files for the automatic + installation of drivers for Windows 95 machines. If Samba is set up + to serve printer drivers to Windows 95 machines, this should be set to</para> + + <para><command>\\MACHINE\PRINTER$</command></para> + + <para>Where MACHINE is the NetBIOS name of your Samba server, + and PRINTER$ is a share you set up for serving printer driver + files. For more details on setting this up see the outdated documentation + file in the <filename>docs/</filename> directory, <filename> + PRINTER_DRIVER.txt</filename>.</para> + + <para>See also <link linkend="PRINTERDRIVERFILE"><parameter> + printer driver file</parameter></link>.</para> + + <para>Default: <command>none</command></para> + <para>Example: <command>printer driver location = \\MACHINE\PRINTER$ + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTERNAME">printer name (S)</term> + <listitem><para>This parameter specifies the name of the printer + to which print jobs spooled through a printable service will be sent.</para> + + <para>If specified in the [global] section, the printer + name given will be used for any printable service that does + not have its own printer name specified.</para> + + <para>Default: <emphasis>none (but may be <constant>lp</constant> + on many systems)</emphasis></para> + + <para>Example: <command>printer name = laserwriter</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="PRINTER">printer (S)</term> + <listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter> + printer name</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTING">printing (S)</term> + <listitem><para>This parameters controls how printer status + information is interpreted on your system. It also affects the + default values for the <parameter>print command</parameter>, + <parameter>lpq command</parameter>, <parameter>lppause command + </parameter>, <parameter>lpresume command</parameter>, and + <parameter>lprm command</parameter> if specified in the + [global] section.</para> + + <para>Currently nine printing styles are supported. They are + <constant>BSD</constant>, <constant>AIX</constant>, + <constant>LPRNG</constant>, <constant>PLP</constant>, + <constant>SYSV</constant>, <constant>HPUX</constant>, + <constant>QNX</constant>, <constant>SOFTQ</constant>, + and <constant>CUPS</constant>.</para> + + <para>To see what the defaults are for the other print + commands when using the various options use the <ulink + url="testparm.1.html">testparm(1)</ulink> program.</para> + + <para>This option can be set on a per printer basis</para> + + <para>See also the discussion in the <link linkend="PRINTERSSECT"> + [printers]</link> section.</para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PRIVATEDIR">private dir (G)</term> + <listitem><para>This parameters defines the directory + smbd will use for storing such files as <filename>smbpasswd</filename> + and <filename>secrets.tdb</filename>. + </para> + + <para>Default :<command>private dir = ${prefix}/private</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PROTOCOL">protocol (G)</term> + <listitem><para>Synonym for <link linkend="MAXPROTOCOL"> + <parameter>max protocol</parameter></link>.</para></listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PUBLIC">public (S)</term> + <listitem><para>Synonym for <link linkend="GUESTOK"><parameter>guest + ok</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="QUEUEPAUSECOMMAND">queuepause command (S)</term> + <listitem><para>This parameter specifies the command to be + executed on the server host in order to pause the printer queue.</para> + + <para>This command should be a program or script which takes + a printer name as its only parameter and stops the printer queue, + such that no longer jobs are submitted to the printer.</para> + + <para>This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.</para> + + <para>If a <parameter>%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the command. + </para> + + <para>Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.</para> + + <para>Default: <emphasis>depends on the setting of <parameter>printing + </parameter></emphasis></para> + <para>Example: <command>queuepause command = disable %p</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="QUEUERESUMECOMMAND">queueresume command (S)</term> + <listitem><para>This parameter specifies the command to be + executed on the server host in order to resume the printer queue. It + is the command to undo the behavior that is caused by the + previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter> + queuepause command</parameter></link>).</para> + + <para>This command should be a program or script which takes + a printer name as its only parameter and resumes the printer queue, + such that queued jobs are resubmitted to the printer.</para> + + <para>This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.</para> + + <para>If a <parameter>%p</parameter> is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command.</para> + + <para>Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.</para> + + <para>Default: <emphasis>depends on the setting of <link + linkend="PRINTING"><parameter>printing</parameter></link></emphasis> + </para> + + <para>Example: <command>queuepause command = enable %p + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="READBMPX">read bmpx (G)</term> + <listitem><para>This boolean parameter controls whether <ulink + url="smbd.8.html">smbd(8)</ulink> will support the "Read + Block Multiplex" SMB. This is now rarely used and defaults to + <constant>no</constant>. You should never need to set this + parameter.</para> + + <para>Default: <command>read bmpx = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="READLIST">read list (S)</term> + <listitem><para>This is a list of users that are given read-only + access to a service. If the connecting user is in this list then + they will not be given write access, no matter what the <link + linkend="WRITEABLE"><parameter>writeable</parameter></link> + option is set to. The list can include group names using the + syntax described in the <link linkend="INVALIDUSERS"><parameter> + invalid users</parameter></link> parameter.</para> + + <para>See also the <link linkend="WRITELIST"><parameter> + write list</parameter></link> parameter and the <link + linkend="INVALIDUSERS"><parameter>invalid users</parameter> + </link> parameter.</para> + + <para>Default: <command>read list = <empty string></command></para> + <para>Example: <command>read list = mary, @students</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="READONLY">read only (S)</term> + <listitem><para>Note that this is an inverted synonym for <link + linkend="WRITEABLE"><parameter>writeable</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="READRAW">read raw (G)</term> + <listitem><para>This parameter controls whether or not the server + will support the raw read SMB requests when transferring data + to clients.</para> + + <para>If enabled, raw reads allow reads of 65535 bytes in + one packet. This typically provides a major performance benefit. + </para> + + <para>However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw reads.</para> + + <para>In general this parameter should be viewed as a system tuning + tool and left severely alone. See also <link linkend="WRITERAW"> + <parameter>write raw</parameter></link>.</para> + + <para>Default: <command>read raw = yes</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="READSIZE">read size (G)</term> + <listitem><para>The option <parameter>read size</parameter> + affects the overlap of disk reads/writes with network reads/writes. + If the amount of data being transferred in several of the SMB + commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger + than this value then the server begins writing the data before it + has received the whole packet from the network, or in the case of + SMBreadbraw, it begins writing to the network before all the data + has been read from disk.</para> + + <para>This overlapping works best when the speeds of disk and + network access are similar, having very little effect when the + speed of one is much greater than the other.</para> + + <para>The default value is 16384, but very little experimentation + has been done yet to determine the optimal value, and it is likely + that the best value will vary greatly between systems anyway. + A value over 65536 is pointless and will cause you to allocate + memory unnecessarily.</para> + + <para>Default: <command>read size = 16384</command></para> + <para>Example: <command>read size = 8192</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="REMOTEANNOUNCE">remote announce (G)</term> + <listitem><para>This option allows you to setup <ulink + url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself + to arbitrary IP addresses with an arbitrary workgroup name.</para> + + <para>This is useful if you want your Samba server to appear + in a remote workgroup for which the normal browse propagation + rules don't work. The remote workgroup can be anywhere that you + can send IP packets to.</para> + + <para>For example:</para> + + <para><command>remote announce = 192.168.2.255/SERVERS + 192.168.4.255/STAFF</command></para> + + <para>the above line would cause <command>nmbd</command> to announce itself + to the two given IP addresses using the given workgroup names. + If you leave out the workgroup name then the one given in + the <link linkend="WORKGROUP"><parameter>workgroup</parameter></link> + parameter is used instead.</para> + + <para>The IP addresses you choose would normally be the broadcast + addresses of the remote networks, but can also be the IP addresses + of known browse masters if your network config is that stable.</para> + + <para>See the documentation file <filename>BROWSING.txt</filename> + in the <filename>docs/</filename> directory.</para> + + <para>Default: <command>remote announce = <empty string> + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="REMOTEBROWSESYNC">remote browse sync (G)</term> + <listitem><para>This option allows you to setup <ulink + url="nmbd.8.html">nmbd(8)</ulink> to periodically request + synchronization of browse lists with the master browser of a Samba + server that is on a remote segment. This option will allow you to + gain browse lists for multiple workgroups across routed networks. This + is done in a manner that does not work with any non-Samba servers.</para> + + <para>This is useful if you want your Samba server and all local + clients to appear in a remote workgroup for which the normal browse + propagation rules don't work. The remote workgroup can be anywhere + that you can send IP packets to.</para> + + <para>For example:</para> + + <para><command>remote browse sync = 192.168.2.255 192.168.4.255 + </command></para> + + <para>the above line would cause <command>nmbd</command> to request + the master browser on the specified subnets or addresses to + synchronize their browse lists with the local server.</para> + + <para>The IP addresses you choose would normally be the broadcast + addresses of the remote networks, but can also be the IP addresses + of known browse masters if your network config is that stable. If + a machine IP address is given Samba makes NO attempt to validate + that the remote machine is available, is listening, nor that it + is in fact the browse master on its segment.</para> + + <para>Default: <command>remote browse sync = <empty string> + </command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> + <listitem><para>This is a boolean parameter. If it is <constant>true</constant>, then + anonymous access to the server will be restricted, namely in the + case where the server is expecting the client to send a username, + but it doesn't. Setting it to <constant>true</constant> will force these anonymous + connections to be denied, and the client will be required to always + supply a username and password when connecting. Use of this parameter + is only recommended for homogeneous NT client environments.</para> + + <para>This parameter makes the use of macro expansions that rely + on the username (%U, %G, etc) consistent. NT 4.0 + likes to use anonymous connections when refreshing the share list, + and this is a way to work around that.</para> + + <para>When restrict anonymous is <constant>true</constant>, all anonymous connections + are denied no matter what they are for. This can effect the ability + of a machine to access the Samba Primary Domain Controller to revalidate + its machine account after someone else has logged on the client + interactively. The NT client will display a message saying that + the machine's account in the domain doesn't exist or the password is + bad. The best way to deal with this is to reboot NT client machines + between interactive logons, using "Shutdown and Restart", rather + than "Close all programs and logon as a different user".</para> + + <para>Default: <command>restrict anonymous = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ROOT">root (G)</term> + <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> + <parameter>root directory"</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ROOTDIR">root dir (G)</term> + <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> + <parameter>root directory"</parameter></link>.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="ROOTDIRECTORY">root directory (G)</term> + <listitem><para>The server will <command>chroot()</command> (i.e. + Change its root directory) to this directory on startup. This is + not strictly necessary for secure operation. Even without it the + server will deny access to files not in one of the service entries. + It may also check for, and deny access to, soft links to other + parts of the filesystem, or attempts to use ".." in file names + to access other directories (depending on the setting of the <link + linkend="WIDELINKS"><parameter>wide links</parameter></link> + parameter).</para> + + <para>Adding a <parameter>root directory</parameter> entry other + than "/" adds an extra level of security, but at a price. It + absolutely ensures that no access is given to files not in the + sub-tree specified in the <parameter>root directory</parameter> + option, <emphasis>including</emphasis> some files needed for + complete operation of the server. To maintain full operability + of the server you will need to mirror some system files + into the <parameter>root directory</parameter> tree. In particular + you will need to mirror <filename>/etc/passwd</filename> (or a + subset of it), and any binaries or configuration files needed for + printing (if required). The set of files that must be mirrored is + operating system dependent.</para> + + <para>Default: <command>root directory = /</command></para> + <para>Example: <command>root directory = /homes/smb</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ROOTPOSTEXEC">root postexec (S)</term> + <listitem><para>This is the same as the <parameter>postexec</parameter> + parameter except that the command is run as root. This + is useful for unmounting filesystems + (such as CDROMs) after a connection is closed.</para> + + <para>See also <link linkend="POSTEXEC"><parameter> + postexec</parameter></link>.</para> + + <para>Default: <command>root postexec = <empty string> + </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term><anchor id="ROOTPREEXEC">root preexec (S)</term> + <listitem><para>This is the same as the <parameter>preexec</parameter> + parameter except that the command is run as root. This + is useful for mounting filesystems (such as CDROMs) when a + connection is opened.</para> + + <para>See also <link linkend="PREEXEC"><parameter> + preexec</parameter></link> and <link linkend="PREEXECCLOSE"> + <parameter>preexec close</parameter></link>.</para> + + <para>Default: <command>root preexec = <empty string> + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="ROOTPREEXECCLOSE">root preexec close (S)</term> + <listitem><para>This is the same as the <parameter>preexec close + </parameter> parameter except that the command is run as root.</para> + + <para>See also <link linkend="PREEXEC"><parameter> + preexec</parameter></link> and <link linkend="PREEXECCLOSE"> + <parameter>preexec close</parameter></link>.</para> + + <para>Default: <command>root preexec close = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SECURITY">security (G)</term> + <listitem><para>This option affects how clients respond to + Samba and is one of the most important settings in the <filename> + smb.conf</filename> file.</para> + + <para>The option sets the "security mode bit" in replies to + protocol negotiations with <ulink url="smbd.8.html">smbd(8) + </ulink> to turn share level security on or off. Clients decide + based on this bit whether (and how) to transfer user and password + information to the server.</para> + + + <para>The default is <command>security = user</command>, as this is + the most common setting needed when talking to Windows 98 and + Windows NT.</para> + + <para>The alternatives are <command>security = share</command>, + <command>security = server</command> or <command>security = domain + </command>.</para> + + <para>In versions of Samba prior to 2.0.0, the default was + <command>security = share</command> mainly because that was + the only option at one stage.</para> + + <para>There is a bug in WfWg that has relevance to this + setting. When in user or server level security a WfWg client + will totally ignore the password you type in the "connect + drive" dialog box. This makes it very difficult (if not impossible) + to connect to a Samba service as anyone except the user that + you are logged into WfWg as.</para> + + <para>If your PCs use usernames that are the same as their + usernames on the UNIX machine then you will want to use + <command>security = user</command>. If you mostly use usernames + that don't exist on the UNIX box then use <command>security = + share</command>.</para> + + <para>You should also use <command>security = share</command> if you + want to mainly setup shares without a password (guest shares). This + is commonly used for a shared printer server. It is more difficult + to setup guest shares with <command>security = user</command>, see + the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> + </link>parameter for details.</para> + + <para>It is possible to use <command>smbd</command> in a <emphasis> + hybrid mode</emphasis> where it is offers both user and share + level security under different <link linkend="NETBIOSALIASES"> + <parameter>NetBIOS aliases</parameter></link>. </para> + + <para>The different settings will now be explained.</para> + + + <para><anchor id="SECURITYEQUALSSHARE"><emphasis>SECURITY = SHARE + </emphasis></para> + + <para>When clients connect to a share level security server they + need not log onto the server with a valid username and password before + attempting to connect to a shared resource (although modern clients + such as Windows 95/98 and Windows NT will send a logon request with + a username but no password when talking to a <command>security = share + </command> server). Instead, the clients send authentication information + (passwords) on a per-share basis, at the time they attempt to connect + to that share.</para> + + <para>Note that <command>smbd</command> <emphasis>ALWAYS</emphasis> + uses a valid UNIX user to act on behalf of the client, even in + <command>security = share</command> level security.</para> + + <para>As clients are not required to send a username to the server + in share level security, <command>smbd</command> uses several + techniques to determine the correct UNIX user to use on behalf + of the client.</para> + + <para>A list of possible UNIX usernames to match with the given + client password is constructed using the following methods :</para> + + <itemizedlist> + <listitem><para>If the <link linkend="GUESTONLY"><parameter>guest + only</parameter></link> parameter is set, then all the other + stages are missed and only the <link linkend="GUESTACCOUNT"> + <parameter>guest account</parameter></link> username is checked. + </para></listitem> + + <listitem><para>Is a username is sent with the share connection + request, then this username (after mapping - see <link + linkend="USERNAMEMAP"><parameter>username map</parameter></link>), + is added as a potential username.</para></listitem> + + <listitem><para>If the client did a previous <emphasis>logon + </emphasis> request (the SessionSetup SMB call) then the + username sent in this SMB will be added as a potential username. + </para></listitem> + + <listitem><para>The name of the service the client requested is + added as a potential username.</para></listitem> + + <listitem><para>The NetBIOS name of the client is added to + the list as a potential username.</para></listitem> + + <listitem><para>Any users on the <link linkend="USER"><parameter> + user</parameter></link> list are added as potential usernames. + </para></listitem> + </itemizedlist> + + <para>If the <parameter>guest only</parameter> parameter is + not set, then this list is then tried with the supplied password. + The first user for whom the password matches will be used as the + UNIX user.</para> + + <para>If the <parameter>guest only</parameter> parameter is + set, or no username can be determined then if the share is marked + as available to the <parameter>guest account</parameter>, then this + guest user will be used, otherwise access is denied.</para> + + <para>Note that it can be <emphasis>very</emphasis> confusing + in share-level security as to which UNIX username will eventually + be used in granting access.</para> + + <para>See also the section <link linkend="VALIDATIONSECT"> + NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> + + <para><anchor id="SECURITYEQUALSUSER"><emphasis>SECURITY = USER + </emphasis></para> + + <para>This is the default security setting in Samba 2.2. + With user-level security a client must first "log-on" with a + valid username and password (which can be mapped using the <link + linkend="USERNAMEMAP"><parameter>username map</parameter></link> + parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS"> + <parameter>encrypted passwords</parameter></link> parameter) can also + be used in this security mode. Parameters such as <link linkend="USER"> + <parameter>user</parameter></link> and <link linkend="GUESTONLY"> + <parameter>guest only</parameter></link> if set are then applied and + may change the UNIX user to use on this connection, but only after + the user has been successfully authenticated.</para> + + <para><emphasis>Note</emphasis> that the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the <link + linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. + See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> + </link> parameter for details on doing this.</para> + + <para>See also the section <link linkend="VALIDATIONSECT"> + NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> + + <para><anchor id="SECURITYEQUALSSERVER"><emphasis>SECURITY = SERVER + </emphasis></para> + + <para>In this mode Samba will try to validate the username/password + by passing it to another SMB server, such as an NT box. If this + fails it will revert to <command>security = user</command>, but note + that if encrypted passwords have been negotiated then Samba cannot + revert back to checking the UNIX password file, it must have a valid + <filename>smbpasswd</filename> file to check users against. See the + documentation file in the <filename>docs/</filename> directory + <filename>ENCRYPTION.txt</filename> for details on how to set this + up.</para> + + <para><emphasis>Note</emphasis> that from the client's point of + view <command>security = server</command> is the same as <command> + security = user</command>. It only affects how the server deals + with the authentication, it does not in any way affect what the + client sees.</para> + + <para><emphasis>Note</emphasis> that the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the <link + linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. + See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> + </link> parameter for details on doing this.</para> + + <para>See also the section <link linkend="VALIDATIONSECT"> + NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> + + <para>See also the <link linkend="PASSWORDSERVER"><parameter>password + server</parameter></link> parameter and the <link + linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> + </link> parameter.</para> + + <para><anchor id="SECURITYEQUALSDOMAIN"><emphasis>SECURITY = DOMAIN + </emphasis></para> + + <para>This mode will only work correctly if <ulink + url="smbpasswd.8.html">smbpasswd(8)</ulink> has been used to add this + machine into a Windows NT Domain. It expects the <link + linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> + </link> parameter to be set to <constant>true</constant>. In this + mode Samba will try to validate the username/password by passing + it to a Windows NT Primary or Backup Domain Controller, in exactly + the same way that a Windows NT Server would do.</para> + + <para><emphasis>Note</emphasis> that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to.</para> + + <para><emphasis>Note</emphasis> that from the client's point + of view <command>security = domain</command> is the same as <command>security = user + </command>. It only affects how the server deals with the authentication, + it does not in any way affect what the client sees.</para> + + <para><emphasis>Note</emphasis> that the name of the resource being + requested is <emphasis>not</emphasis> sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the <link + linkend="GUESTACCOUNT"><parameter>guest account</parameter></link>. + See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> + </link> parameter for details on doing this.</para> + + <para><emphasis>BUG:</emphasis> There is currently a bug in the + implementation of <command>security = domain</command> with respect + to multi-byte character set usernames. The communication with a + Domain Controller must be done in UNICODE and Samba currently + does not widen multi-byte user names to UNICODE correctly, thus + a multi-byte username will not be recognized correctly at the + Domain Controller. This issue will be addressed in a future release.</para> + + <para>See also the section <link linkend="VALIDATIONSECT"> + NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> + + <para>See also the <link linkend="PASSWORDSERVER"><parameter>password + server</parameter></link> parameter and the <link + linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> + </link> parameter.</para> + + <para>Default: <command>security = USER</command></para> + <para>Example: <command>security = DOMAIN</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SECURITYMASK">security mask (S)</term> + <listitem><para>This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security + dialog box.</para> + + <para>This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change.</para> + + <para>If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions on a file. + </para> + + <para><emphasis>Note</emphasis> that users who can access the + Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone + "appliance" systems. Administrators of most normal systems will + probably want to leave it set to <constant>0777</constant>.</para> + + <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"> + <parameter>force directory security mode</parameter></link>, + <link linkend="DIRECTORYSECURITYMASK"><parameter>directory + security mask</parameter></link>, <link linkend="FORCESECURITYMODE"> + <parameter>force security mode</parameter></link> parameters.</para> + + <para>Default: <command>security mask = 0777</command></para> + <para>Example: <command>security mask = 0770</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SERVERSTRING">server string (G)</term> + <listitem><para>This controls what string will show up in the + printer comment box in print manager and next to the IPC connection + in <command>net view</command>. It can be any string that you wish + to show to your users.</para> + + <para>It also sets what will appear in browse lists next + to the machine name.</para> + + <para>A <parameter>%v</parameter> will be replaced with the Samba + version number.</para> + + <para>A <parameter>%h</parameter> will be replaced with the + hostname.</para> + + <para>Default: <command>server string = Samba %v</command></para> + + <para>Example: <command>server string = University of GNUs Samba + Server</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SETDIRECTORY">set directory (S)</term> + <listitem><para>If <command>set directory = no</command>, then + users of the service may not use the setdir command to change + directory.</para> + + <para>The <command>setdir</command> command is only implemented + in the Digital Pathworks client. See the Pathworks documentation + for details.</para> + + <para>Default: <command>set directory = no</command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="SHORTPRESERVECASE">short preserve case (S)</term> + <listitem><para>This boolean parameter controls if new files + which conform to 8.3 syntax, that is all in upper case and of + suitable length, are created upper case, or if they are forced + to be the <link linkend="DEFAULTCASE"><parameter>default case + </parameter></link>. This option can be use with <link + linkend="PRESERVECASE"><command>preserve case = yes</command> + </link> to permit long filenames to retain their case, while short + names are lowered. </para> + + <para>See the section on <link linkend="NAMEMANGLINGSECT"> + NAME MANGLING</link>.</para> + + <para>Default: <command>short preserve case = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SHOWADDPRINTERWIZARD">show add printer wizard (G)</term> + <listitem><para>With the introduction of MS-RPC based printing support + for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will + appear on Samba hosts in the share listing. Normally this folder will + contain an icon for the MS Add Printer Wizard (APW). However, it is + possible to disable this feature regardless of the level of privilege + of the connected user.</para> + + <para>Under normal circumstances, the Windows NT/2000 client will + open a handle on the printer server with OpenPrinterEx() asking for + Administrator privileges. If the user does not have administrative + access on the print server (i.e is not root or a member of the + <parameter>printer admin</parameter> group), the OpenPrinterEx() + call fails and the client makes another open call with a request for + a lower privilege level. This should succeed, however the APW + icon will not be displayed.</para> + + <para>Disabling the <parameter>show add printer wizard</parameter> + parameter will always cause the OpenPrinterEx() on the server + to fail. Thus the APW icon will never be displayed. <emphasis> + Note :</emphasis>This does not prevent the same user from having + administrative privilege on an individual printer.</para> + + <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter>addprinter + command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND"> + <parameter>deleteprinter command</parameter></link>, <link + linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para> + + <para>Default :<command>show add printer wizard = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SHUTDOWNSCRIPT">shutdown script (G)</term> + <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> + This a full path name to a script called by + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that + should start a shutdown procedure.</para> + + <para>This command will be run as the user connected to the + server.</para> + + <para>%m %t %r %f parameters are expanded</para> + <para><parameter>%m</parameter> will be substituted with the + shutdown message sent to the server.</para> + <para><parameter>%t</parameter> will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure.</para> + <para><parameter>%r</parameter> will be substituted with the + switch <emphasis>-r</emphasis>. It means reboot after shutdown + for NT. + </para> + <para><parameter>%f</parameter> will be substituted with the + switch <emphasis>-f</emphasis>. It means force the shutdown + even if applications do not respond for NT.</para> + + <para>Default: <emphasis>None</emphasis>.</para> + <para>Example: <command>abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> + <para>Shutdown script example: + <programlisting> + #!/bin/bash + + $time=0 + let "time/60" + let "time++" + + /sbin/shutdown $3 $4 +$time $1 & + </programlisting> + Shutdown does not return so we need to launch it in background. + </para> + + <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"><parameter>abort shutdown script</parameter></link>.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SMBPASSWDFILE">smb passwd file (G)</term> + <listitem><para>This option sets the path to the encrypted + smbpasswd file. By default the path to the smbpasswd file + is compiled into Samba.</para> + + <para>Default: <command>smb passwd file = ${prefix}/private/smbpasswd + </command></para> + + <para>Example: <command>smb passwd file = /etc/samba/smbpasswd + </command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="SOCKETADDRESS">socket address (G)</term> + <listitem><para>This option allows you to control what + address Samba will listen for connections on. This is used to + support multiple virtual interfaces on the one server, each + with a different configuration.</para> + + <para>By default Samba will accept connections on any + address.</para> + + <para>Example: <command>socket address = 192.168.2.20</command> + </para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SOCKETOPTIONS">socket options (G)</term> + <listitem><para>This option allows you to set socket options + to be used when talking with the client.</para> + + <para>Socket options are controls on the networking layer + of the operating systems which allow the connection to be + tuned.</para> + + <para>This option will typically be used to tune your Samba + server for optimal performance for your local network. There is + no way that Samba can know what the optimal parameters are for + your net, so you must experiment and choose them yourself. We + strongly suggest you read the appropriate documentation for your + operating system first (perhaps <command>man setsockopt</command> + will help).</para> + + <para>You may find that on some systems Samba will say + "Unknown socket option" when you supply an option. This means you + either incorrectly typed it or you need to add an include file + to includes.h for your OS. If the latter is the case please + send the patch to <ulink url="mailto:samba@samba.org"> + samba@samba.org</ulink>.</para> + + <para>Any of the supported socket options may be combined + in any way you like, as long as your OS allows it.</para> + + <para>This is the list of socket options currently settable + using this option:</para> + + <itemizedlist> + <listitem><para>SO_KEEPALIVE</para></listitem> + <listitem><para>SO_REUSEADDR</para></listitem> + <listitem><para>SO_BROADCAST</para></listitem> + <listitem><para>TCP_NODELAY</para></listitem> + <listitem><para>IPTOS_LOWDELAY</para></listitem> + <listitem><para>IPTOS_THROUGHPUT</para></listitem> + <listitem><para>SO_SNDBUF *</para></listitem> + <listitem><para>SO_RCVBUF *</para></listitem> + <listitem><para>SO_SNDLOWAT *</para></listitem> + <listitem><para>SO_RCVLOWAT *</para></listitem> + </itemizedlist> + + <para>Those marked with a <emphasis>'*'</emphasis> take an integer + argument. The others can optionally take a 1 or 0 argument to enable + or disable the option, by default they will be enabled if you + don't specify 1 or 0.</para> + + <para>To specify an argument use the syntax SOME_OPTION = VALUE + for example <command>SO_SNDBUF = 8192</command>. Note that you must + not have any spaces before or after the = sign.</para> + + <para>If you are on a local network then a sensible option + might be</para> + <para><command>socket options = IPTOS_LOWDELAY</command></para> + + <para>If you have a local network then you could try:</para> + <para><command>socket options = IPTOS_LOWDELAY TCP_NODELAY</command></para> + + <para>If you are on a wide area network then perhaps try + setting IPTOS_THROUGHPUT. </para> + + <para>Note that several of the options may cause your Samba + server to fail completely. Use these options with caution!</para> + + <para>Default: <command>socket options = TCP_NODELAY</command></para> + <para>Example: <command>socket options = IPTOS_LOWDELAY</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="SOURCEENVIRONMENT">source environment (G)</term> + <listitem><para>This parameter causes Samba to set environment + variables as per the content of the file named.</para> + + <para>If the value of this parameter starts with a "|" character + then Samba will treat that value as a pipe command to open and + will set the environment variables from the output of the pipe.</para> + + <para>The contents of the file or the output of the pipe should + be formatted as the output of the standard Unix <command>env(1) + </command> command. This is of the form :</para> + <para>Example environment entry:</para> + <para><command>SAMBA_NETBIOS_NAME = myhostname</command></para> + + <para>Default: <emphasis>No default value</emphasis></para> + <para>Examples: <command>source environment = |/etc/smb.conf.sh + </command></para> + + <para>Example: <command>source environment = + /usr/local/smb_env_vars</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSL">ssl (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable enables or disables the entire SSL mode. If + it is set to <constant>no</constant>, the SSL-enabled Samba behaves + exactly like the non-SSL Samba. If set to <constant>yes</constant>, + it depends on the variables <link linkend="SSLHOSTS"><parameter> + ssl hosts</parameter></link> and <link linkend="SSLHOSTSRESIGN"> + <parameter>ssl hosts resign</parameter></link> whether an SSL + connection will be required.</para> + + <para>Default: <command>ssl = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCACERTDIR">ssl CA certDir (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable defines where to look up the Certification + Authorities. The given directory should contain one file for + each CA that Samba will trust. The file name must be the hash + value over the "Distinguished Name" of the CA. How this directory + is set up is explained later in this document. All files within the + directory that don't fit into this naming scheme are ignored. You + don't need this variable if you don't verify client certificates.</para> + + <para>Default: <command>ssl CA certDir = /usr/local/ssl/certs + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCACERTFILE">ssl CA certFile (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable is a second way to define the trusted CAs. + The certificates of the trusted CAs are collected in one big + file and this variable points to the file. You will probably + only use one of the two ways to define your CAs. The first choice is + preferable if you have many CAs or want to be flexible, the second + is preferable if you only have one CA and want to keep things + simple (you won't need to create the hashed file names). You + don't need this variable if you don't verify client certificates.</para> + + <para>Default: <command>ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCIPHERS">ssl ciphers (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable defines the ciphers that should be offered + during SSL negotiation. You should not set this variable unless + you know what you are doing.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLCLIENTCERT">ssl client cert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>The certificate in this file is used by <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink> if it exists. It's needed + if the server requires a client certificate.</para> + + <para>Default: <command>ssl client cert = /usr/local/ssl/certs/smbclient.pem + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCLIENTKEY">ssl client key (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This is the private key for <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink>. It's only needed if the + client should have a certificate. </para> + + <para>Default: <command>ssl client key = /usr/local/ssl/private/smbclient.pem + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCOMPATIBILITY">ssl compatibility (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable defines whether OpenSSL should be configured + for bug compatibility with other SSL implementations. This is + probably not desirable because currently no clients with SSL + implementations other than OpenSSL exist.</para> + + <para>Default: <command>ssl compatibility = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLEGDSOCKET">ssl egd socket (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This option is used to define the location of the communiation socket of + an EGD or PRNGD daemon, from which entropy can be retrieved. This option + can be used instead of or together with the <link + linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link> + directive. 255 bytes of entropy will be retrieved from the daemon. + </para> + + <para>Default: <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLENTROPYBYTES">ssl entropy bytes (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This parameter is used to define the number of bytes which should + be read from the <link linkend="SSLENTROPYFILE"><parameter>ssl entropy + file</parameter></link> If a -1 is specified, the entire file will + be read. + </para> + + <para>Default: <command>ssl entropy bytes = 255</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLENTROPYFILE">ssl entropy file (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This parameter is used to specify a file from which processes will + read "random bytes" on startup. In order to seed the internal pseudo + random number generator, entropy must be provided. On system with a + <filename>/dev/urandom</filename> device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. + </para> + + <para>Default: <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLHOSTS">ssl hosts (G)</term> + <listitem><para>See <link linkend="SSLHOSTSRESIGN"><parameter> + ssl hosts resign</parameter></link>.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLHOSTSRESIGN">ssl hosts resign (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>These two variables define whether Samba will go + into SSL mode or not. If none of them is defined, Samba will + allow only SSL connections. If the <link linkend="SSLHOSTS"> + <parameter>ssl hosts</parameter></link> variable lists + hosts (by IP-address, IP-address range, net group or name), + only these hosts will be forced into SSL mode. If the <parameter> + ssl hosts resign</parameter> variable lists hosts, only these + hosts will <emphasis>NOT</emphasis> be forced into SSL mode. The syntax for these two + variables is the same as for the <link linkend="HOSTSALLOW"><parameter> + hosts allow</parameter></link> and <link linkend="HOSTSDENY"> + <parameter>hosts deny</parameter></link> pair of variables, only + that the subject of the decision is different: It's not the access + right but whether SSL is used or not. </para> + + <para>The example below requires SSL connections from all hosts + outside the local net (which is 192.168.*.*).</para> + + <para>Default: <command>ssl hosts = <empty string></command></para> + <para><command>ssl hosts resign = <empty string></command></para> + + <para>Example: <command>ssl hosts resign = 192.168.</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLREQUIRECLIENTCERT">ssl require clientcert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>If this variable is set to <constant>yes</constant>, the + server will not tolerate connections from clients that don't + have a valid certificate. The directory/file given in <link + linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter> + </link> and <link linkend="SSLCACERTFILE"><parameter>ssl CA certFile + </parameter></link> will be used to look up the CAs that issued + the client's certificate. If the certificate can't be verified + positively, the connection will be terminated. If this variable + is set to <constant>no</constant>, clients don't need certificates. + Contrary to web applications you really <emphasis>should</emphasis> + require client certificates. In the web environment the client's + data is sensitive (credit card numbers) and the server must prove + to be trustworthy. In a file server environment the server's data + will be sensitive and the clients must prove to be trustworthy.</para> + + <para>Default: <command>ssl require clientcert = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLREQUIRESERVERCERT">ssl require servercert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>If this variable is set to <constant>yes</constant>, the + <ulink url="smbclient.1.html"><command>smbclient(1)</command> + </ulink> will request a certificate from the server. Same as + <link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require + clientcert</parameter></link> for the server.</para> + + <para>Default: <command>ssl require servercert = no</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><anchor id="SSLSERVERCERT">ssl server cert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This is the file containing the server's certificate. + The server <emphasis>must</emphasis> have a certificate. The + file may also contain the server's private key. See later for + how certificates and private keys are created.</para> + + <para>Default: <command>ssl server cert = <empty string> + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLSERVERKEY">ssl server key (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This file contains the private key of the server. If + this variable is not defined, the key is looked up in the + certificate file (it may be appended to the certificate). + The server <emphasis>must</emphasis> have a private key + and the certificate <emphasis>must</emphasis> + match this private key.</para> + + <para>Default: <command>ssl server key = <empty string> + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLVERSION">ssl version (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This enumeration variable defines the versions of the + SSL protocol that will be used. <constant>ssl2or3</constant> allows + dynamic negotiation of SSL v2 or v3, <constant>ssl2</constant> results + in SSL v2, <constant>ssl3</constant> results in SSL v3 and + <constant>tls1</constant> results in TLS v1. TLS (Transport Layer + Security) is the new standard for SSL.</para> + + <para>Default: <command>ssl version = "ssl2or3"</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="STATCACHE">stat cache (G)</term> + <listitem><para>This parameter determines if <ulink + url="smbd.8.html">smbd(8)</ulink> will use a cache in order to + speed up case insensitive name mappings. You should never need + to change this parameter.</para> + + <para>Default: <command>stat cache = yes</command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term><anchor id="STATCACHESIZE">stat cache size (G)</term> + <listitem><para>This parameter determines the number of + entries in the <parameter>stat cache</parameter>. You should + never need to change this parameter.</para> + + <para>Default: <command>stat cache size = 50</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="STATUS">status (G)</term> + <listitem><para>This enables or disables logging of connections + to a status file that <ulink url="smbstatus.1.html">smbstatus(1)</ulink> + can read.</para> + + <para>With this disabled <command>smbstatus</command> won't be able + to tell you what connections are active. You should never need to + change this parameter.</para> + + <para>Default: <command>status = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="STRICTALLOCATE">strict allocate (S)</term> + <listitem><para>This is a boolean that controls the handling of + disk space allocation in the server. When this is set to <constant>yes</constant> + the server will change from UNIX behaviour of not committing real + disk storage blocks when a file is extended to the Windows behaviour + of actually forcing the disk system to allocate real storage blocks + when a file is created or extended to be a given size. In UNIX + terminology this means that Samba will stop creating sparse files. + This can be slow on some systems.</para> + + <para>When strict allocate is <constant>no</constant> the server does sparse + disk block allocation when a file is extended.</para> + + <para>Setting this to <constant>yes</constant> can help Samba return + out of quota messages on systems that are restricting the disk quota + of users.</para> + + <para>Default: <command>strict allocate = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="STRICTLOCKING">strict locking (S)</term> + <listitem><para>This is a boolean that controls the handling of + file locking in the server. When this is set to <constant>yes</constant> + the server will check every read and write access for file locks, and + deny access if locks exist. This can be slow on some systems.</para> + + <para>When strict locking is <constant>no</constant> the server does file + lock checks only when the client explicitly asks for them.</para> + + <para>Well-behaved clients always ask for lock checks when it + is important, so in the vast majority of cases <command>strict + locking = no</command> is preferable.</para> + + <para>Default: <command>strict locking = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="STRICTSYNC">strict sync (S)</term> + <listitem><para>Many Windows applications (including the Windows + 98 explorer shell) seem to confuse flushing buffer contents to + disk with doing a sync to disk. Under UNIX, a sync call forces + the process to be suspended until the kernel has ensured that + all outstanding data in kernel disk buffers has been safely stored + onto stable storage. This is very slow and should only be done + rarely. Setting this parameter to <constant>no</constant> (the + default) means that <ulink url="smbd.8.html">smbd</ulink> ignores the Windows applications requests for + a sync call. There is only a possibility of losing data if the + operating system itself that Samba is running on crashes, so there is + little danger in this default setting. In addition, this fixes many + performance problems that people have reported with the new Windows98 + explorer shell file copies.</para> + + <para>See also the <link linkend="SYNCALWAYS"><parameter>sync + always></parameter></link> parameter.</para> + + <para>Default: <command>strict sync = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="STRIPDOT">strip dot (G)</term> + <listitem><para>This is a boolean that controls whether to + strip trailing dots off UNIX filenames. This helps with some + CDROMs that have filenames ending in a single dot.</para> + + <para>Default: <command>strip dot = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SYNCALWAYS">sync always (S)</term> + <listitem><para>This is a boolean parameter that controls + whether writes will always be written to stable storage before + the write call returns. If this is <constant>false</constant> then the server will be + guided by the client's request in each write call (clients can + set a bit indicating that a particular write should be synchronous). + If this is <constant>true</constant> then every write will be followed by a <command>fsync() + </command> call to ensure the data is written to disk. Note that + the <parameter>strict sync</parameter> parameter must be set to + <constant>yes</constant> in order for this parameter to have + any affect.</para> + + <para>See also the <link linkend="STRICTSYNC"><parameter>strict + sync</parameter></link> parameter.</para> + + <para>Default: <command>sync always = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SYSLOG">syslog (G)</term> + <listitem><para>This parameter maps how Samba debug messages + are logged onto the system syslog logging levels. Samba debug + level zero maps onto syslog <constant>LOG_ERR</constant>, debug + level one maps onto <constant>LOG_WARNING</constant>, debug level + two maps onto <constant>LOG_NOTICE</constant>, debug level three + maps onto LOG_INFO. All higher levels are mapped to <constant> + LOG_DEBUG</constant>.</para> + + <para>This parameter sets the threshold for sending messages + to syslog. Only messages with debug level less than this value + will be sent to syslog.</para> + + <para>Default: <command>syslog = 1</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SYSLOGONLY">syslog only (G)</term> + <listitem><para>If this parameter is set then Samba debug + messages are logged into the system syslog only, and not to + the debug log files.</para> + + <para>Default: <command>syslog only = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="TEMPLATEHOMEDIR">template homedir (G)</term> + <listitem><para>When filling out the user information for a Windows NT + user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon + uses this parameter to fill in the home directory for that user. + If the string <parameter>%D</parameter> is present it is substituted + with the user's Windows NT domain name. If the string <parameter>%U + </parameter> is present it is substituted with the user's Windows + NT user name.</para> + + <para>Default: <command>template homedir = /home/%D/%U</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="TEMPLATESHELL">template shell (G)</term> + <listitem><para>When filling out the user information for a Windows NT + user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon + uses this parameter to fill in the login shell for that user.</para> + + <para>Default: <command>template shell = /bin/false</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="TIMEOFFSET">time offset (G)</term> + <listitem><para>This parameter is a setting in minutes to add + to the normal GMT to local time conversion. This is useful if + you are serving a lot of PCs that have incorrect daylight + saving time handling.</para> + + <para>Default: <command>time offset = 0</command></para> + <para>Example: <command>time offset = 60</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="TIMESERVER">time server (G)</term> + <listitem><para>This parameter determines if <ulink url="nmbd.8.html"> + nmbd(8)</ulink> advertises itself as a time server to Windows + clients.</para> + + <para>Default: <command>time server = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="TIMESTAMPLOGS">timestamp logs (G)</term> + <listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter> + debug timestamp</parameter></link>.</para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="TOTALPRINTJOBS">total print jobs (G)</term> + <listitem><para>This parameter accepts an integer value which defines + a limit on the maximum number of print jobs that will be accepted + system wide at any given time. If a print job is submitted + by a client which will exceed this number, then <ulink url="smbd.8.html">smbd</ulink> will return an + error indicating that no space is available on the server. The + default value of 0 means that no such limit exists. This parameter + can be used to prevent a server from exceeding its capacity and is + designed as a printing throttle. See also + <link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter</link>. + </para> + + <para>Default: <command>total print jobs = 0</command></para> + <para>Example: <command>total print jobs = 5000</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term> + <listitem><para>This boolean parameter controls whether Samba + implments the CIFS UNIX extensions, as defined by HP. These + extensions enable CIFS to server UNIX clients to UNIX servers + better, and allow such things as symbolic links, hard links etc. + These extensions require a similarly enabled client, and are of + no current use to Windows clients.</para> + + <para>Default: <command>unix extensions = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="UNIXPASSWORDSYNC">unix password sync (G)</term> + <listitem><para>This boolean parameter controls whether Samba + attempts to synchronize the UNIX password with the SMB password + when the encrypted SMB password in the smbpasswd file is changed. + If this is set to <constant>true</constant> the program specified in the <parameter>passwd + program</parameter>parameter is called <emphasis>AS ROOT</emphasis> - + to allow the new UNIX password to be set without access to the + old UNIX password (as the SMB password change code has no + access to the old password cleartext, only the new).</para> + + <para>See also <link linkend="PASSWDPROGRAM"><parameter>passwd + program</parameter></link>, <link linkend="PASSWDCHAT"><parameter> + passwd chat</parameter></link>.</para> + + <para>Default: <command>unix password sync = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="UPDATEENCRYPTED">update encrypted (G)</term> + <listitem><para>This boolean parameter allows a user logging + on with a plaintext password to have their encrypted (hashed) + password in the smbpasswd file to be updated automatically as + they log on. This option allows a site to migrate from plaintext + password authentication (users authenticate with plaintext + password over the wire, and are checked against a UNIX account + database) to encrypted password authentication (the SMB + challenge/response authentication mechanism) without forcing + all users to re-enter their passwords via smbpasswd at the time the + change is made. This is a convenience option to allow the change over + to encrypted passwords to be made over a longer period. Once all users + have encrypted representations of their passwords in the smbpasswd + file this parameter should be set to <constant>no</constant>.</para> + + <para>In order for this parameter to work correctly the <link + linkend="ENCRYPTPASSWORDS"><parameter>encrypt passwords</parameter> + </link> parameter must be set to <constant>no</constant> when + this parameter is set to <constant>yes</constant>.</para> + + <para>Note that even when this parameter is set a user + authenticating to <command>smbd</command> must still enter a valid + password in order to connect correctly, and to update their hashed + (smbpasswd) passwords.</para> + + <para>Default: <command>update encrypted = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="USECLIENTDRIVER">use client driver (S)</term> + <listitem><para>This parameter applies only to Windows NT/2000 + clients. It has no affect on Windows 95/98/ME clients. When + serving a printer to Windows NT/2000 clients without first installing + a valid printer driver on the Samba host, the client will be required + to install a local printer driver. From this point on, the client + will treat the print as a local printer and not a network printer + connection. This is much the same behavior that will occur + when <command>disable spoolss = yes</command>. </para> + + <para>The differentiating + factor is that under normal circumstances, the NT/2000 client will + attempt to open the network printer using MS-RPC. The problem is that + because the client considers the printer to be local, it will attempt + to issue the OpenPrinterEx() call requesting access rights associated + with the logged on user. If the user possesses local administator rights + but not root privilegde on the Samba host (often the case), the OpenPrinterEx() + call will fail. The result is that the client will now display an "Access + Denied; Unable to connect" message in the printer queue window (even though + jobs may successfully be printed). </para> + + <para>If this parameter is enabled for a printer, then any attempt + to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped + to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() + call to succeed. <emphasis>This parameter MUST not be able enabled + on a print share which has valid print driver installed on the Samba + server.</emphasis></para> + + <para>See also <link linkend="DISABLESPOOLSS">disable spoolss</link> + </para> + + <para>Default: <command>use client driver = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USEMMAP">use mmap (G)</term> + <listitem><para>This global parameter determines if the tdb internals of Samba can + depend on mmap working correctly on the running system. Samba requires a coherent + mmap/read-write system memory cache. Currently only HPUX does not have such a + coherent cache, and so this parameter is set to <constant>false</constant> by + default on HPUX. On all other systems this parameter should be left alone. This + parameter is provided to help the Samba developers track down problems with + the tdb internal code. + </para> + + <para>Default: <command>use mmap = yes</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="USERHOSTS">use rhosts (G)</term> + <listitem><para>If this global parameter is <constant>true</constant>, it specifies + that the UNIX user's <filename>.rhosts</filename> file in their home directory + will be read to find the names of hosts and users who will be allowed + access without specifying a password.</para> + + <para><emphasis>NOTE:</emphasis> The use of <parameter>use rhosts + </parameter> can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the <parameter> + use rhosts</parameter> option be only used if you really know what + you are doing.</para> + + <para>Default: <command>use rhosts = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USER">user (S)</term> + <listitem><para>Synonym for <link linkend="USERNAME"><parameter> + username</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USERS">users (S)</term> + <listitem><para>Synonym for <link linkend="USERNAME"><parameter> + username</parameter></link>.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="USERNAME">username (S)</term> + <listitem><para>Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be tested against + each username in turn (left to right).</para> + + <para>The <parameter>username</parameter> line is needed only when + the PC is unable to supply its own username. This is the case + for the COREPLUS protocol or where your users have different WfWg + usernames to UNIX usernames. In both these cases you may also be + better using the \\server\share%user syntax instead.</para> + + <para>The <parameter>username</parameter> line is not a great + solution in many cases as it means Samba will try to validate + the supplied password against each of the usernames in the + <parameter>username</parameter> line in turn. This is slow and + a bad idea for lots of users in case of duplicate passwords. + You may get timeouts or security breaches using this parameter + unwisely.</para> + + <para>Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just offers hints + to the Samba server as to what usernames might correspond to the + supplied password. Users can login as whoever they please and + they will be able to do no more damage than if they started a + telnet session. The daemon runs as the user that they log in as, + so they cannot do anything that user cannot do.</para> + + <para>To restrict a service to a particular set of users you + can use the <link linkend="VALIDUSERS"><parameter>valid users + </parameter></link> parameter.</para> + + <para>If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if Samba + is compiled with netgroup support), followed by a lookup in + the UNIX groups database and will expand to a list of all users + in the group of that name.</para> + + <para>If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and will + expand to a list of all users in the group of that name.</para> + + <para>If any of the usernames begin with a '&'then the name + will be looked up only in the NIS netgroups database (if Samba + is compiled with netgroup support) and will expand to a list + of all users in the netgroup group of that name.</para> + + <para>Note that searching though a groups database can take + quite some time, and some clients may time out during the + search.</para> + + <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT + USERNAME/PASSWORD VALIDATION</link> for more information on how + this parameter determines access to the services.</para> + + <para>Default: <command>The guest account if a guest service, + else <empty string>.</command></para> + + <para>Examples:<command>username = fred, mary, jack, jane, + @users, @pcgroup</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USERNAMELEVEL">username level (G)</term> + <listitem><para>This option helps Samba to try and 'guess' at + the real UNIX username, as many DOS clients send an all-uppercase + username. By default Samba tries all lowercase, followed by the + username with the first letter capitalized, and fails if the + username is not found on the UNIX machine.</para> + + <para>If this parameter is set to non-zero the behavior changes. + This parameter is a number that specifies the number of uppercase + combinations to try while trying to determine the UNIX user name. The + higher the number the more combinations will be tried, but the slower + the discovery of usernames will be. Use this parameter when you have + strange usernames on your UNIX machine, such as <constant>AstrangeUser + </constant>.</para> + + <para>Default: <command>username level = 0</command></para> + <para>Example: <command>username level = 5</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USERNAMEMAP">username map (G)</term> + <listitem><para>This option allows you to specify a file containing + a mapping of usernames from the clients to the server. This can be + used for several purposes. The most common is to map usernames + that users use on DOS or Windows machines to those that the UNIX + box uses. The other is to map multiple users to a single username + so that they can more easily share files.</para> + + <para>The map file is parsed line by line. Each line should + contain a single UNIX username on the left then a '=' followed + by a list of usernames on the right. The list of usernames on the + right may contain names of the form @group in which case they + will match any UNIX username in that group. The special client + name '*' is a wildcard and matches any name. Each line of the + map file may be up to 1023 characters long.</para> + + <para>The file is processed on each line by taking the + supplied username and comparing it with each username on the right + hand side of the '=' signs. If the supplied name matches any of + the names on the right hand side then it is replaced with the name + on the left. Processing then continues with the next line.</para> + + <para>If any line begins with a '#' or a ';' then it is + ignored</para> + + <para>If any line begins with an '!' then the processing + will stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being processed. + Using '!' is most useful when you have a wildcard mapping line + later in the file.</para> + + <para>For example to map from the name <constant>admin</constant> + or <constant>administrator</constant> to the UNIX name <constant> + root</constant> you would use:</para> + + <para><command>root = admin administrator</command></para> + + <para>Or to map anyone in the UNIX group <constant>system</constant> + to the UNIX name <constant>sys</constant> you would use:</para> + + <para><command>sys = @system</command></para> + + <para>You can have as many mappings as you like in a username + map file.</para> + + + <para>If your system supports the NIS NETGROUP option then + the netgroup database is checked before the <filename>/etc/group + </filename> database for matching groups.</para> + + <para>You can map Windows usernames that have spaces in them + by using double quotes around the name. For example:</para> + + <para><command>tridge = "Andrew Tridgell"</command></para> + + <para>would map the windows username "Andrew Tridgell" to the + unix username "tridge".</para> + + <para>The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use of the + '!' to tell Samba to stop processing if it gets a match on + that line.</para> + + <para><programlisting> + !sys = mary fred + guest = * + </programlisting></para> + + <para>Note that the remapping is applied to all occurrences + of usernames. Thus if you connect to \\server\fred and <constant> + fred</constant> is remapped to <constant>mary</constant> then you + will actually be connecting to \\server\mary and will need to + supply a password suitable for <constant>mary</constant> not + <constant>fred</constant>. The only exception to this is the + username passed to the <link linkend="PASSWORDSERVER"><parameter> + password server</parameter></link> (if you have one). The password + server will receive whatever username the client supplies without + modification.</para> + + <para>Also note that no reverse mapping is done. The main effect + this has is with printing. Users who have been mapped may have + trouble deleting print jobs as PrintManager under WfWg will think + they don't own the print job.</para> + + <para>Default: <emphasis>no username map</emphasis></para> + <para>Example: <command>username map = /usr/local/samba/lib/users.map + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="UTMP">utmp (G)</term> + <listitem><para>This boolean parameter is only available if + Samba has been configured and compiled with the option <command> + --with-utmp</command>. If set to <constant>true</constant> then Samba will attempt + to add utmp or utmpx records (depending on the UNIX system) whenever a + connection is made to a Samba server. Sites may use this to record the + user connecting to a Samba share.</para> + + <para>See also the <link linkend="UTMPDIRECTORY"><parameter> + utmp directory</parameter></link> parameter.</para> + + <para>Default: <command>utmp = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="UTMPDIRECTORY">utmp directory(G)</term> + <listitem><para>This parameter is only available if Samba has + been configured and compiled with the option <command> + --with-utmp</command>. It specifies a directory pathname that is + used to store the utmp or utmpx files (depending on the UNIX system) that + record user connections to a Samba server. See also the <link linkend="UTMP"> + <parameter>utmp</parameter></link> parameter. By default this is + not set, meaning the system will use whatever utmp file the + native system is set to use (usually + <filename>/var/run/utmp</filename> on Linux).</para> + + <para>Default: <emphasis>no utmp directory</emphasis></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="VALIDUSERS">valid users (S)</term> + <listitem><para>This is a list of users that should be allowed + to login to this service. Names starting with '@', '+' and '&' + are interpreted using the same rules as described in the + <parameter>invalid users</parameter> parameter.</para> + + <para>If this is empty (the default) then any user can login. + If a username is in both this list and the <parameter>invalid + users</parameter> list then access is denied for that user.</para> + + <para>The current servicename is substituted for <parameter>%S + </parameter>. This is useful in the [homes] section.</para> + + <para>See also <link linkend="INVALIDUSERS"><parameter>invalid users + </parameter></link></para> + + <para>Default: <emphasis>No valid users list (anyone can login) + </emphasis></para> + + <para>Example: <command>valid users = greg, @pcusers</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="VETOFILES">veto files(S)</term> + <listitem><para>This is a list of files and directories that + are neither visible nor accessible. Each entry in the list must + be separated by a '/', which allows spaces to be included + in the entry. '*' and '?' can be used to specify multiple files + or directories as in DOS wildcards.</para> + + <para>Each entry must be a unix path, not a DOS path and + must <emphasis>not</emphasis> include the unix directory + separator '/'.</para> + + <para>Note that the <parameter>case sensitive</parameter> option + is applicable in vetoing files.</para> + + <para>One feature of the veto files parameter that it + is important to be aware of is Samba's behaviour when + trying to delete a directory. If a directory that is + to be deleted contains nothing but veto files this + deletion will <emphasis>fail</emphasis> unless you also set + the <parameter>delete veto files</parameter> parameter to + <parameter>yes</parameter>.</para> + + <para>Setting this parameter will affect the performance + of Samba, as it will be forced to check all files and directories + for a match as they are scanned.</para> + + <para>See also <link linkend="HIDEFILES"><parameter>hide files + </parameter></link> and <link linkend="CASESENSITIVE"><parameter> + case sensitive</parameter></link>.</para> + + <para>Default: <emphasis>No files or directories are vetoed. + </emphasis></para> + +<para>Examples:<programlisting> +; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ + +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ +</programlisting></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="VETOOPLOCKFILES">veto oplock files (S)</term> + <listitem><para>This parameter is only valid when the <link + linkend="OPLOCKS"><parameter>oplocks</parameter></link> + parameter is turned on for a share. It allows the Samba administrator + to selectively turn off the granting of oplocks on selected files that + match a wildcarded list, similar to the wildcarded list used in the + <link linkend="VETOFILES"><parameter>veto files</parameter></link> + parameter.</para> + + <para>Default: <emphasis>No files are vetoed for oplock + grants</emphasis></para> + + <para>You might want to do this on files that you know will + be heavily contended for by clients. A good example of this + is in the NetBench SMB benchmark program, which causes heavy + client contention for files ending in <filename>.SEM</filename>. + To cause Samba not to grant oplocks on these files you would use + the line (either in the [global] section or in the section for + the particular NetBench share :</para> + + <para>Example: <command>veto oplock files = /*.SEM/ + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="VFSOBJECT">vfs object (S)</term> + <listitem><para>This parameter specifies a shared object file that + is used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with a VFS object. The Samba VFS layer is new to Samba 2.2 and + must be enabled at compile time with --with-vfs.</para> + + <para>Default : <emphasis>no value</emphasis></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="VFSOPTIONS">vfs options (S)</term> + <listitem><para>This parameter allows parameters to be passed + to the vfs layer at initialization time. The Samba VFS layer + is new to Samba 2.2 and must be enabled at compile time + with --with-vfs. See also <link linkend="VFSOBJECT"><parameter> + vfs object</parameter></link>.</para> + + <para>Default : <emphasis>no value</emphasis></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="VOLUME">volume (S)</term> + <listitem><para> This allows you to override the volume label + returned for a share. Useful for CDROMs with installation programs + that insist on a particular volume label.</para> + + <para>Default: <emphasis>the name of the share</emphasis></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="WIDELINKS">wide links (S)</term> + <listitem><para>This parameter controls whether or not links + in the UNIX file system may be followed by the server. Links + that point to areas within the directory tree exported by the + server are always allowed; this parameter controls access only + to areas that are outside the directory tree being exported.</para> + + <para>Note that setting this parameter can have a negative + effect on your server performance due to the extra system calls + that Samba has to do in order to perform the link checks.</para> + + <para>Default: <command>wide links = yes</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="WINBINDCACHETIME">winbind cache time</term> + <listitem><para>This parameter specifies the number of seconds the + <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon will cache + user and group information before querying a Windows NT server + again.</para> + + <para>Default: <command>winbind cache type = 15</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="WINBINDENUMUSERS">winbind enum + users</term> <listitem><para>On large installations using + <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be + necessary to suppress the enumeration of users through the + <command> setpwent()</command>, + <command>getpwent()</command> and + <command>endpwent()</command> group of system calls. If + the <parameter>winbind enum users</parameter> parameter is + false, calls to the <command>getpwent</command> system call + will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off user + enumeration may cause some programs to behave oddly. For + example, the finger program relies on having access to the + full user list when searching for matching + usernames. </para> + + <para>Default: <command>winbind enum users = yes </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term><anchor id="WINBINDENUMGROUPS">winbind enum + groups</term> <listitem><para>On large installations using + <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be + necessary to suppress the enumeration of groups through the + <command> setgrent()</command>, + <command>getgrent()</command> and + <command>endgrent()</command> group of system calls. If + the <parameter>winbind enum groups</parameter> parameter is + false, calls to the <command>getgrent()</command> system + call will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off group + enumeration may cause some programs to behave oddly. + </para> + + <para>Default: <command>winbind enum groups = yes </command> + </para></listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="WINBINDGID">winbind gid</term> + <listitem><para>The winbind gid parameter specifies the range of group + ids that are allocated by the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> daemon. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can + occur otherwise.</para> + + <para>Default: <command>winbind gid = <empty string> + </command></para> + + <para>Example: <command>winbind gid = 10000-20000</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="WINBINDSEPARATOR">winbind separator</term> + <listitem><para>This parameter allows an admin to define the character + used when listing a username of the form of <replaceable>DOMAIN + </replaceable>\<replaceable>user</replaceable>. This parameter + is only applicable when using the <filename>pam_winbind.so</filename> + and <filename>nss_winbind.so</filename> modules for UNIX services. + </para> + + <para>Example: <command>winbind separator = \</command></para> + <para>Example: <command>winbind separator = +</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="WINBINDUID">winbind uid</term> + <listitem><para>The winbind gid parameter specifies the range of group + ids that are allocated by the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> daemon. This range of ids should have no + existing local or NIS users within it as strange conflicts can + occur otherwise.</para> + + <para>Default: <command>winbind uid = <empty string> + </command></para> + + <para>Example: <command>winbind uid = 10000-20000</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>winbind use default domain</term> + + <term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain</term> + <listitem><para>This parameter specifies whether the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> + daemon should operate on users without domain component in their username. + Users without a domain component are treated as is part of the winbindd server's + own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail + function in a way much closer to the way they would in a native unix system.</para> + + <para>Default: <command>winbind use default domain = <falseg> + </command></para> + <para>Example: <command>winbind use default domain = true</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="WINSHOOK">wins hook (G)</term> + <listitem><para>When Samba is running as a WINS server this + allows you to call an external program for all changes to the + WINS database. The primary use for this option is to allow the + dynamic update of external name resolution databases such as + dynamic DNS.</para> + + <para>The wins hook parameter specifies the name of a script + or executable that will be called as follows:</para> + + <para><command>wins_hook operation name nametype ttl IP_list + </command></para> + + <itemizedlist> + <listitem><para>The first argument is the operation and is one + of "add", "delete", or "refresh". In most cases the operation can + be ignored as the rest of the parameters provide sufficient + information. Note that "refresh" may sometimes be called when the + name has not previously been added, in that case it should be treated + as an add.</para></listitem> + + <listitem><para>The second argument is the NetBIOS name. If the + name is not a legal name then the wins hook is not called. + Legal names contain only letters, digits, hyphens, underscores + and periods.</para></listitem> + + <listitem><para>The third argument is the NetBIOS name + type as a 2 digit hexadecimal number. </para></listitem> + + <listitem><para>The fourth argument is the TTL (time to live) + for the name in seconds.</para></listitem> + + <listitem><para>The fifth and subsequent arguments are the IP + addresses currently registered for that name. If this list is + empty then the name should be deleted.</para></listitem> + </itemizedlist> + + <para>An example script that calls the BIND dynamic DNS update + program <command>nsupdate</command> is provided in the examples + directory of the Samba source code. </para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="WINSPROXY">wins proxy (G)</term> + <listitem><para>This is a boolean that controls if <ulink + url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name + queries on behalf of other hosts. You may need to set this + to <constant>yes</constant> for some older clients.</para> + + <para>Default: <command>wins proxy = no</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="WINSSERVER">wins server (G)</term> + <listitem><para>This specifies the IP address (or DNS name: IP + address for preference) of the WINS server that <ulink url="nmbd.8.html"> + nmbd(8)</ulink> should register with. If you have a WINS server on + your network then you should set this to the WINS server's IP.</para> + + <para>You should point this at your WINS server if you have a + multi-subnetted network.</para> + + <para><emphasis>NOTE</emphasis>. You need to set up Samba to point + to a WINS server if you have multiple subnets and wish cross-subnet + browsing to work correctly.</para> + + <para>See the documentation file <filename>BROWSING.txt</filename> + in the docs/ directory of your Samba source distribution.</para> + + <para>Default: <emphasis>not enabled</emphasis></para> + <para>Example: <command>wins server = 192.9.200.1</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="WINSSUPPORT">wins support (G)</term> + <listitem><para>This boolean controls if the <ulink url="nmbd.8.html"> + nmbd(8)</ulink> process in Samba will act as a WINS server. You should + not set this to <constant>true</constant> unless you have a multi-subnetted network and + you wish a particular <command>nmbd</command> to be your WINS server. + Note that you should <emphasis>NEVER</emphasis> set this to <constant>true</constant> + on more than one machine in your network.</para> + + <para>Default: <command>wins support = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="WORKGROUP">workgroup (G)</term> + <listitem><para>This controls what workgroup your server will + appear to be in when queried by clients. Note that this parameter + also controls the Domain name used with the <link + linkend="SECURITYEQUALSDOMAIN"><command>security = domain</command></link> + setting.</para> + + <para>Default: <emphasis>set at compile time to WORKGROUP</emphasis></para> + <para>Example: <command>workgroup = MYGROUP</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="WRITABLE">writable (S)</term> + <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter> + writeable</parameter></link> for people who can't spell :-).</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="WRITECACHESIZE">write cache size (S)</term> + <listitem><para>If this integer parameter is set to non-zero value, + Samba will create an in-memory cache for each oplocked file + (it does <emphasis>not</emphasis> do this for + non-oplocked files). All writes that the client does not request + to be flushed directly to disk will be stored in this cache if possible. + The cache is flushed onto disk when a write comes in whose offset + would not fit into the cache or when the file is closed by the client. + Reads for the file are also served from this cache if the data is stored + within it.</para> + + <para>This cache allows Samba to batch client writes into a more + efficient write size for RAID disks (i.e. writes may be tuned to + be the RAID stripe size) and can improve performance on systems + where the disk subsystem is a bottleneck but there is free + memory for userspace programs.</para> + + <para>The integer parameter specifies the size of this cache + (per oplocked file) in bytes.</para> + + <para>Default: <command>write cache size = 0</command></para> + <para>Example: <command>write cache size = 262144</command></para> + + <para>for a 256k cache size per file.</para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="WRITELIST">write list (S)</term> + <listitem><para>This is a list of users that are given read-write + access to a service. If the connecting user is in this list then + they will be given write access, no matter what the <link + linkend="WRITEABLE"><parameter>writeable</parameter></link> + option is set to. The list can include group names using the + @group syntax.</para> + + <para>Note that if a user is in both the read list and the + write list then they will be given write access.</para> + + <para>See also the <link linkend="READLIST"><parameter>read list + </parameter></link> option.</para> + + <para>Default: <command>write list = <empty string> + </command></para> + + <para>Example: <command>write list = admin, root, @staff + </command></para> + </listitem> + </varlistentry> + + + + + + <varlistentry> + <term><anchor id="WRITEOK">write ok (S)</term> + <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter> + writeable</parameter></link>.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="WRITERAW">write raw (G)</term> + <listitem><para>This parameter controls whether or not the server + will support raw write SMB's when transferring data from clients. + You should never need to change this parameter.</para> + + <para>Default: <command>write raw = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="WRITEABLE">writeable (S)</term> + <listitem><para>An inverted synonym is <link linkend="READONLY"> + <parameter>read only</parameter></link>.</para> + + <para>If this parameter is <constant>no</constant>, then users + of a service may not create or modify files in the service's + directory.</para> + + <para>Note that a printable service (<command>printable = yes</command>) + will <emphasis>ALWAYS</emphasis> allow writing to the directory + (user privileges permitting), but only via spooling operations.</para> + + <para>Default: <command>writeable = no</command></para> + </listitem> + </varlistentry> + + + </variablelist> + +</refsect1> + +<refsect1> + <title>WARNINGS</title> + + <para>Although the configuration file permits service names + to contain spaces, your client software may not. Spaces will + be ignored in comparisons anyway, so it shouldn't be a + problem - but be aware of the possibility.</para> + + <para>On a similar note, many clients - especially DOS clients - + limit service names to eight characters. <ulink url="smbd.8.html">smbd(8) + </ulink> has no such limitation, but attempts to connect from such + clients will fail if they truncate the service names. For this reason + you should probably keep your service names down to eight characters + in length.</para> + + <para>Use of the [homes] and [printers] special sections make life + for an administrator easy, but the various combinations of default + attributes can be tricky. Take extreme care when designing these + sections. In particular, ensure that the permissions on spool + directories are correct.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="samba.7.html">samba(7)</ulink>, + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, + <ulink url="swat.8.html"><command>swat(8)</command></ulink>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, + <ulink url="nmblookup.1.html"><command>nmblookup(1)</command></ulink>, + <ulink url="testparm.1.html"><command>testparm(1)</command></ulink>, + <ulink url="testprns.1.html"><command>testprns(1)</command></ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml new file mode 100644 index 0000000000..69aa967492 --- /dev/null +++ b/docs/docbook/manpages/smbcacls.1.sgml @@ -0,0 +1,255 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbcacls"> + +<refmeta> + <refentrytitle>smbcacls</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbcacls</refname> + <refpurpose>Set or get ACLs on an NT file or directory names</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbcacls</command> + <arg choice="req">//server/share</arg> + <arg choice="req">filename</arg> + <arg choice="opt">-U username</arg> + <arg choice="opt">-A acls</arg> + <arg choice="opt">-M acls</arg> + <arg choice="opt">-D acls</arg> + <arg choice="opt">-S acls</arg> + <arg choice="opt">-C name</arg> + <arg choice="opt">-G name</arg> + <arg choice="opt">-n</arg> + <arg choice="opt">-h</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para>The <command>smbcacls</command> program manipulates NT Access Control Lists + (ACLs) on SMB file shares. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para>The following options are available to the <command>smbcacls</command> program. + The format of ACLs is described in the section ACL FORMAT </para> + + + <variablelist> + <varlistentry> + <term>-A acls</term> + <listitem><para>Add the ACLs specified to the ACL list. Existing + access control entries are unchanged. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-M acls</term> + <listitem><para>Modify the mask value (permissions) for the ACLs + specified on the command line. An error will be printed for each + ACL specified that was not already present in the ACL list + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-D acls</term> + <listitem><para>Delete any ACLs specified on the command line. + An error will be printed for each ACL specified that was not + already present in the ACL list. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-S acls</term> + <listitem><para>This command sets the ACLs on the file with + only the ones specified on the command line. All other ACLs are + erased. Note that the ACL specified must contain at least a revision, + type, owner and group for the call to succeed. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-U username</term> + <listitem><para>Specifies a username used to connect to the + specified service. The username may be of the form "username" in + which case the user is prompted to enter in a password and the + workgroup specified in the <filename>smb.conf</filename> file is + used, or "username%password" or "DOMAIN\username%password" and the + password and workgroup names are used as provided. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-C name</term> + <listitem><para>The owner of a file or directory can be changed + to the name given using the <parameter>-C</parameter> option. + The name can be a sid in the form S-1-x-y-z or a name resolved + against the server specified in the first argument. </para> + + <para>This command is a shortcut for -M OWNER:name. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-G name</term> + <listitem><para>The group owner of a file or directory can + be changed to the name given using the <parameter>-G</parameter> + option. The name can be a sid in the form S-1-x-y-z or a name + resolved against the server specified n the first argument. + </para> + + <para>This command is a shortcut for -M GROUP:name.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-n</term> + <listitem><para>This option displays all ACL information in numeric + format. The default is to convert SIDs to names and ACE types + and masks to a readable string format. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-h</term> + <listitem><para>Print usage information on the <command>smbcacls + </command> program.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>ACL FORMAT</title> + + <para>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </para> + + <para><programlisting> +REVISION:<revision number> +OWNER:<sid or name> +GROUP:<sid or name> +ACL:<sid or name>:<type>/<flags>/<mask> + </programlisting></para> + + + <para>The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour. </para> + + <para>The owner and group specify the owner and group sids for the + object. If a SID in the format CWS-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides. </para> + + <para>ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. </para> + + <para>The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: </para> + + <itemizedlist> + <listitem><para>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</para></listitem> + <listitem><para>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</para></listitem> + <listitem><para>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 + </para></listitem> + <listitem><para>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</para> + </listitem> + </itemizedlist> + + <para>At present flags can only be specified as decimal or + hexadecimal values.</para> + + <para>The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name. </para> + + <itemizedlist> + <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem> + <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem> + <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem> + <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem> + <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem> + <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem> + </itemizedlist> + + + <para>The following combined permissions can be specified:</para> + + + <itemizedlist> + <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX' + permissions</para></listitem> + <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions + </para></listitem> + <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO' + permissions</para></listitem> + </itemizedlist> + </refsect1> + +<refsect1> + <title>EXIT STATUS</title> + + <para>The <command>smbcacls</command> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </para> + + <para>If the operation succeeded, smbcacls returns and exit + status of 0. If <command>smbcacls</command> couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>smbcacls</command> was written by Andrew Tridgell + and Tim Potter.</para> + + <para>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml new file mode 100644 index 0000000000..4f36de1576 --- /dev/null +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -0,0 +1,1025 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbclient"> + +<refmeta> + <refentrytitle>smbclient</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbclient</refname> + <refpurpose>ftp-like client to access SMB/CIFS resources + on servers</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbclient</command> + <arg choice="req">servicename</arg> + <arg choice="opt">password</arg> + <arg choice="opt">-b <buffer size></arg> + <arg choice="opt">-d debuglevel</arg> + <arg choice="opt">-D Directory</arg> + <arg choice="opt">-U username</arg> + <arg choice="opt">-W workgroup</arg> + <arg choice="opt">-M <netbios name></arg> + <arg choice="opt">-m maxprotocol</arg> + <arg choice="opt">-A authfile</arg> + <arg choice="opt">-N</arg> + <arg choice="opt">-l logfile</arg> + <arg choice="opt">-L <netbios name></arg> + <arg choice="opt">-I destinationIP</arg> + <arg choice="opt">-E <terminal code></arg> + <arg choice="opt">-c <command string></arg> + <arg choice="opt">-i scope</arg> + <arg choice="opt">-O <socket options></arg> + <arg choice="opt">-p port</arg> + <arg choice="opt">-R <name resolve order></arg> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-T<c|x>IXFqgbNan</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>smbclient</command> is a client that can + 'talk' to an SMB/CIFS server. It offers an interface + similar to that of the ftp program (see <command>ftp(1)</command>). + Operations include things like getting files from the server + to the local machine, putting files from the local machine to + the server, retrieving directory information from the server + and so on. </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>servicename</term> + <listitem><para>servicename is the name of the service + you want to use on the server. A service name takes the form + <filename>//server/service</filename> where <parameter>server + </parameter> is the NetBIOS name of the SMB/CIFS server + offering the desired service and <parameter>service</parameter> + is the name of the service offered. Thus to connect to + the service "printer" on the SMB/CIFS server "smbserver", + you would use the servicename <filename>//smbserver/printer + </filename></para> + + <para>Note that the server name required is NOT necessarily + the IP (DNS) host name of the server ! The name required is + a NetBIOS server name, which may or may not be the + same as the IP hostname of the machine running the server. + </para> + + <para>The server name is looked up according to either + the <parameter>-R</parameter> parameter to <command>smbclient</command> or + using the name resolve order parameter in the <filename>smb.conf</filename> file, + allowing an administrator to change the order and methods + by which server names are looked up. </para></listitem> + </varlistentry> + + <varlistentry> + <term>password</term> + <listitem><para>The password required to access the specified + service on the specified server. If this parameter is + supplied, the <parameter>-N</parameter> option (suppress + password prompt) is assumed. </para> + + <para>There is no default password. If no password is supplied + on the command line (either by using this parameter or adding + a password to the <parameter>-U</parameter> option (see + below)) and the <parameter>-N</parameter> option is not + specified, the client will prompt for a password, even if + the desired service does not require one. (If no password is + required, simply press ENTER to provide a null password.) + </para> + + <para>Note: Some servers (including OS/2 and Windows for + Workgroups) insist on an uppercase password. Lowercase + or mixed case passwords may be rejected by these servers. + </para> + + <para>Be cautious about including passwords in scripts. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-s smb.conf</term> + <listitem><para>Specifies the location of the all important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-O socket options</term> + <listitem><para>TCP socket options to set on the client + socket. See the socket options parameter in the <filename> + smb.conf (5)</filename> manpage for the list of valid + options. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-R <name resolve order></term> + <listitem><para>This option is used by the programs in the Samba + suite to determine what naming services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.</para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows :</para> + + <itemizedlist> + <listitem><para><constant>lmhosts</constant> : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + any name type matches for lookup.</para></listitem> + + <listitem><para><constant>host</constant> : Do a standard host + name to IP address resolution, using the system <filename>/etc/hosts + </filename>, NIS, or DNS lookups. This method of name resolution + is operating system dependent, for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf</filename> + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.</para></listitem> + + <listitem><para><constant>wins</constant> : Query a name with + the IP address listed in the <parameter>wins server</parameter> + parameter. If no WINS server has + been specified this method will be ignored.</para></listitem> + + <listitem><para><constant>bcast</constant> : Do a broadcast on + each of the known local interfaces listed in the + <parameter>interfaces</parameter> + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.</para></listitem> + </itemizedlist> + + <para>If this parameter is not set then the name resolve order + defined in the <filename>smb.conf</filename> file parameter + (name resolve order) will be used. </para> + + <para>The default order is lmhosts, host, wins, bcast and without + this parameter or any entry in the <parameter>name resolve order + </parameter> parameter of the <filename>smb.conf</filename> file the name resolution + methods will be attempted in this order. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-M NetBIOS name</term> + <listitem><para>This options allows you to send messages, using + the "WinPopup" protocol, to another computer. Once a connection is + established you then type your message, pressing ^D (control-D) to + end. </para> + + <para>If the receiving computer is running WinPopup the user will + receive the message and probably a beep. If they are not running + WinPopup the message will be lost, and no error message will + occur. </para> + + <para>The message is also automatically truncated if the message + is over 1600 bytes, as this is the limit of the protocol. + </para> + + <para>One useful trick is to cat the message through + <command>smbclient</command>. For example: <command> + cat mymessage.txt | smbclient -M FRED </command> will + send the message in the file <filename>mymessage.txt</filename> + to the machine FRED. </para> + + <para>You may also find the <parameter>-U</parameter> and + <parameter>-I</parameter> options useful, as they allow you to + control the FROM and TO parts of the message. </para> + + <para>See the message command parameter in the <filename> + smb.conf(5)</filename> for a description of how to handle incoming + WinPopup messages in Samba. </para> + + <para><emphasis>Note</emphasis>: Copy WinPopup into the startup group + on your WfWg PCs if you want them to always be able to receive + messages. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-i scope</term> + <listitem><para>This specifies a NetBIOS scope that smbclient will + use to communicate with when generating NetBIOS names. For details + on the use of NetBIOS scopes, see <filename>rfc1001.txt</filename> + and <filename>rfc1002.txt</filename>. + NetBIOS scopes are <emphasis>very</emphasis> rarely used, only set + this parameter if you are the system administrator in charge of all + the NetBIOS systems you communicate with. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-N</term> + <listitem><para>If specified, this parameter suppresses the normal + password prompt from the client to the user. This is useful when + accessing a service that does not require a password. </para> + + <para>Unless a password is specified on the command line or + this parameter is specified, the client will request a + password.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-n NetBIOS name</term> + <listitem><para>By default, the client will use the local + machine's hostname (in uppercase) as its NetBIOS name. This parameter + allows you to override the host name and use whatever NetBIOS + name you wish. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-d debuglevel</term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer from 0 to 10, or + the letter 'A'. </para> + + <para>The default value if this parameter is not specified + is zero. </para> + + <para>The higher this value, the more detail will be logged to + the log files about the activities of the + client. At level 0, only critical errors and serious warnings will + be logged. Level 1 is a reasonable level for day to day running - + it generates a small amount of information about operations + carried out. </para> + + <para>Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of log data, most of which is extremely + cryptic. If <replaceable>debuglevel</replaceable> is set to the letter 'A', then <emphasis>all + </emphasis> debug messages will be printed. This setting + is for developers only (and people who <emphasis>really</emphasis> want + to know how the code works internally). </para> + + <para>Note that specifying this parameter here will override + the log level parameter in the <filename>smb.conf (5)</filename> + file. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-p port</term> + <listitem><para>This number is the TCP port number that will be used + when making connections to the server. The standard (well-known) + TCP port number for an SMB/CIFS server is 139, which is the + default. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-l logfilename</term> + <listitem><para>If specified, <replaceable>logfilename</replaceable> specifies a base filename + into which operational data from the running client will be + logged. </para> + + <para>The default base name is specified at compile time.</para> + + <para>The base name is used to generate actual log file names. + For example, if the name specified was "log", the debug file + would be <filename>log.client</filename>.</para> + + <para>The log file generated is never removed by the client. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-h</term><listitem> + <para>Print the usage message for the client. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-I IP-address</term> + <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. </para> + + <para>Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the <parameter>name resolve order</parameter> + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. </para> + + <para>There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-E</term> + <listitem><para>This parameter causes the client to write messages + to the standard error stream (stderr) rather than to the standard + output stream. </para> + + <para>By default, the client writes messages to standard output + - typically the user's tty. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-U username[%pass]</term> + <listitem><para>Sets the SMB username or username and password. + If %pass is not specified, The user will be prompted. The client + will first check the <envar>USER</envar> environment variable, then the + <envar>LOGNAME</envar> variable and if either exists, the + string is uppercased. Anything in these variables following a '%' + sign will be treated as the password. If these environment + variables are not found, the username <constant>GUEST</constant> + is used. </para> + + <para>If the password is not included in these environment + variables (using the %pass syntax), <command>smbclient</command> will look for + a <envar>PASSWD</envar> environment variable from which + to read the password. </para> + + <para>A third option is to use a credentials file which + contains the plaintext of the domain name, username and password. This + option is mainly provided for scripts where the admin doesn't + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + <parameter>-A</parameter> for more details. </para> + + <para>Be cautious about including passwords in scripts or in + the <envar>PASSWD</envar> environment variable. Also, on + many systems the command line of a running process may be seen + via the <command>ps</command> command to be safe always allow + <command>smbclient</command> to prompt for a password and type + it in directly. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A filename</term><listitem><para>This option allows + you to specify a file from which to read the username, domain name, and + password used in the connection. The format of the file is + </para> + + <para><programlisting> +username = <value> +password = <value> +domain = <value> + </programlisting></para> + + + <para>If the domain parameter is missing the current workgroup name + is used instead. Make certain that the permissions on the file restrict + access from unwanted users. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-L</term> + <listitem><para>This option allows you to look at what services + are available on a server. You use it as <command>smbclient -L + host</command> and a list should appear. The <parameter>-I + </parameter> option may be useful if your NetBIOS names don't + match your TCP/IP DNS host names or if you are trying to reach a + host on another network. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-t terminal code</term> + <listitem><para>This option tells <command>smbclient</command> how to interpret + filenames coming from the remote server. Usually Asian language + multibyte UNIX implementations use different character sets than + SMB/CIFS servers (<emphasis>EUC</emphasis> instead of <emphasis> + SJIS</emphasis> for example). Setting this parameter will let + <command>smbclient</command> convert between the UNIX filenames and + the SMB filenames correctly. This option has not been seriously tested + and may have some problems. </para> + + <para>The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, + CWjunet, CWhex, CWcap. This is not a complete list, check the Samba + source code for the complete list. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-b buffersize</term> + <listitem><para>This option changes the transmit/send buffer + size when getting or putting a file from/to the server. The default + is 65520 bytes. Setting this value smaller (to 1200 bytes) has been + observed to speed up file transfers to and from a Win9x server. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-W WORKGROUP</term> + <listitem><para>Override the default workgroup specified in the + workgroup parameter of the <filename>smb.conf</filename> file + for this connection. This may be needed to connect to some + servers. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-T tar options</term> + <listitem><para>smbclient may be used to create <command>tar(1) + </command> compatible backups of all the files on an SMB/CIFS + share. The secondary tar flags that can be given to this option + are : </para> + + <itemizedlist> + <listitem><para><parameter>c</parameter> - Create a tar file on UNIX. + Must be followed by the name of a tar file, tape device + or "-" for standard output. If using standard output you must + turn the log level to its lowest value -d0 to avoid corrupting + your tar file. This flag is mutually exclusive with the + <parameter>x</parameter> flag. </para></listitem> + + <listitem><para><parameter>x</parameter> - Extract (restore) a local + tar file back to a share. Unless the -D option is given, the tar + files will be restored from the top level of the share. Must be + followed by the name of the tar file, device or "-" for standard + input. Mutually exclusive with the <parameter>c</parameter> flag. + Restored files have their creation times (mtime) set to the + date saved in the tar file. Directories currently do not get + their creation dates restored properly. </para></listitem> + + <listitem><para><parameter>I</parameter> - Include files and directories. + Is the default behavior when filenames are specified above. Causes + tar files to be included in an extract or create (and therefore + everything else to be excluded). See example below. Filename globbing + works in one of two ways. See r below. </para></listitem> + + <listitem><para><parameter>X</parameter> - Exclude files and directories. + Causes tar files to be excluded from an extract or create. See + example below. Filename globbing works in one of two ways now. + See <parameter>r</parameter> below. </para></listitem> + + <listitem><para><parameter>b</parameter> - Blocksize. Must be followed + by a valid (greater than zero) blocksize. Causes tar file to be + written out in blocksize*TBLOCK (usually 512 byte) blocks. + </para></listitem> + + <listitem><para><parameter>g</parameter> - Incremental. Only back up + files that have the archive bit set. Useful only with the + <parameter>c</parameter> flag. </para></listitem> + + <listitem><para><parameter>q</parameter> - Quiet. Keeps tar from printing + diagnostics as it works. This is the same as tarmode quiet. + </para></listitem> + + <listitem><para><parameter>r</parameter> - Regular expression include + or exclude. Uses regular expression matching for + excluding or excluding files if compiled with HAVE_REGEX_H. + However this mode can be very slow. If not compiled with + HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. + </para></listitem> + + <listitem><para><parameter>N</parameter> - Newer than. Must be followed + by the name of a file whose date is compared against files found + on the share during a create. Only files newer than the file + specified are backed up to the tar file. Useful only with the + <parameter>c</parameter> flag. </para></listitem> + + <listitem><para><parameter>a</parameter> - Set archive bit. Causes the + archive bit to be reset when a file is backed up. Useful with the + <parameter>g</parameter> and <parameter>c</parameter> flags. + </para></listitem> + </itemizedlist> + + <para><emphasis>Tar Long File Names</emphasis></para> + + <para><command>smbclient</command>'s tar option now supports long + file names both on backup and restore. However, the full path + name of the file must be less than 1024 bytes. Also, when + a tar archive is created, <command>smbclient</command>'s tar option places all + files in the archive with relative names, not absolute names. + </para> + + <para><emphasis>Tar Filenames</emphasis></para> + + <para>All file names can be given as DOS path names (with '\' + as the component separator) or as UNIX path names (with '/' as + the component separator). </para> + + <para><emphasis>Examples</emphasis></para> + + <para>Restore from tar file <filename>backup.tar</filename> into myshare on mypc + (no password on share). </para> + + <para><command>smbclient //mypc/yshare "" -N -Tx backup.tar + </command></para> + + <para>Restore everything except <filename>users/docs</filename> + </para> + + <para><command>smbclient //mypc/myshare "" -N -TXx backup.tar + users/docs</command></para> + + <para>Create a tar file of the files beneath <filename> + users/docs</filename>. </para> + + <para><command>smbclient //mypc/myshare "" -N -Tc + backup.tar users/docs </command></para> + + <para>Create the same tar file as above, but now use + a DOS path name. </para> + + <para><command>smbclient //mypc/myshare "" -N -tc backup.tar + users\edocs </command></para> + + <para>Create a tar file of all the files and directories in + the share. </para> + + <para><command>smbclient //mypc/myshare "" -N -Tc backup.tar * + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-D initial directory</term> + <listitem><para>Change to initial directory before starting. Probably + only of any use with the tar -T option. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-c command string</term> + <listitem><para>command string is a semicolon-separated list of + commands to be executed instead of prompting from stdin. <parameter> + -N</parameter> is implied by <parameter>-c</parameter>.</para> + + <para>This is particularly useful in scripts and for printing stdin + to the server, e.g. <command>-c 'print -'</command>. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>OPERATIONS</title> + + <para>Once the client is running, the user is presented with + a prompt : </para> + + <para><prompt>smb:\> </prompt></para> + + <para>The backslash ("\") indicates the current working directory + on the server, and will change if the current working directory + is changed. </para> + + <para>The prompt indicates that the client is ready and waiting to + carry out a user command. Each command is a single word, optionally + followed by parameters specific to that command. Command and parameters + are space-delimited unless these notes specifically + state otherwise. All commands are case-insensitive. Parameters to + commands may or may not be case sensitive, depending on the command. + </para> + + <para>You can specify file names which have spaces in them by quoting + the name with double quotes, for example "a long file name". </para> + + <para>Parameters shown in square brackets (e.g., "[parameter]") are + optional. If not given, the command will use suitable defaults. Parameters + shown in angle brackets (e.g., "<parameter>") are required. + </para> + + + <para>Note that all commands operating on the server are actually + performed by issuing a request to the server. Thus the behavior may + vary from server to server, depending on how the server was implemented. + </para> + + <para>The commands available are given here in alphabetical order. </para> + + <variablelist> + <varlistentry> + <term>? [command]</term> + <listitem><para>If <replaceable>command</replaceable> is specified, the ? command will display + a brief informative message about the specified command. If no + command is specified, a list of available commands will + be displayed. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>! [shell command]</term> + <listitem><para>If <replaceable>shell command</replaceable> is specified, the ! + command will execute a shell locally and run the specified shell + command. If no command is specified, a local shell will be run. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>cd [directory name]</term> + <listitem><para>If "directory name" is specified, the current + working directory on the server will be changed to the directory + specified. This operation will fail if for any reason the specified + directory is inaccessible. </para> + + <para>If no directory name is specified, the current working + directory on the server will be reported. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>del <mask></term> + <listitem><para>The client will request that the server attempt + to delete all files matching <replaceable>mask</replaceable> from the current working + directory on the server. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>dir <mask></term> + <listitem><para>A list of the files matching <replaceable>mask</replaceable> in the current + working directory on the server will be retrieved from the server + and displayed. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>exit</term> + <listitem><para>Terminate the connection with the server and exit + from the program. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>get <remote file name> [local file name]</term> + <listitem><para>Copy the file called <filename>remote file name</filename> from + the server to the machine running the client. If specified, name + the local copy <filename>local file name</filename>. Note that all transfers in + <command>smbclient</command> are binary. See also the + lowercase command. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>help [command]</term> + <listitem><para>See the ? command above. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>lcd [directory name]</term> + <listitem><para>If <replaceable>directory name</replaceable> is specified, the current + working directory on the local machine will be changed to + the directory specified. This operation will fail if for any + reason the specified directory is inaccessible. </para> + + <para>If no directory name is specified, the name of the + current working directory on the local machine will be reported. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>lowercase</term> + <listitem><para>Toggle lowercasing of filenames for the get and + mget commands. </para> + + <para>When lowercasing is toggled ON, local filenames are converted + to lowercase when using the get and mget commands. This is + often useful when copying (say) MSDOS files from a server, because + lowercase filenames are the norm on UNIX systems. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>ls <mask></term> + <listitem><para>See the dir command above. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mask <mask></term> + <listitem><para>This command allows the user to set up a mask + which will be used during recursive operation of the mget and + mput commands. </para> + + <para>The masks specified to the mget and mput commands act as + filters for directories rather than files when recursion is + toggled ON. </para> + + <para>The mask specified with the mask command is necessary + to filter files within those directories. For example, if the + mask specified in an mget command is "source*" and the mask + specified with the mask command is "*.c" and recursion is + toggled ON, the mget command will retrieve all files matching + "*.c" in all directories below and including all directories + matching "source*" in the current working directory. </para> + + <para>Note that the value for mask defaults to blank (equivalent + to "*") and remains so until the mask command is used to change it. + It retains the most recently specified value indefinitely. To + avoid unexpected results it would be wise to change the value of + mask back to "*" after using the mget or mput commands. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>md <directory name></term> + <listitem><para>See the mkdir command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mget <mask></term> + <listitem><para>Copy all files matching <replaceable>mask</replaceable> from the server to + the machine running the client. </para> + + <para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and + mask commands for more information. Note that all transfers in + <command>smbclient</command> are binary. See also the lowercase command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mkdir <directory name></term> + <listitem><para>Create a new directory on the server (user access + privileges permitting) with the specified name. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>mput <mask></term> + <listitem><para>Copy all files matching <replaceable>mask</replaceable> in the current working + directory on the local machine to the current working directory on + the server. </para> + + <para>Note that <replaceable>mask</replaceable> is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and mask + commands for more information. Note that all transfers in <command>smbclient</command> + are binary. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>print <file name></term> + <listitem><para>Print the specified file from the local machine + through a printable service on the server. </para> + + <para>See also the printmode command.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>printmode <graphics or text></term> + <listitem><para>Set the print mode to suit either binary data + (such as graphical information) or text. Subsequent print + commands will use the currently set print mode. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>prompt</term> + <listitem><para>Toggle prompting for filenames during operation + of the mget and mput commands. </para> + + <para>When toggled ON, the user will be prompted to confirm + the transfer of each file during these commands. When toggled + OFF, all specified files will be transferred without prompting. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>put <local file name> [remote file name]</term> + <listitem><para>Copy the file called <filename>local file name</filename> from the + machine running the client to the server. If specified, + name the remote copy <filename>remote file name</filename>. Note that all transfers + in <command>smbclient</command> are binary. See also the lowercase command. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>queue</term> + <listitem><para>Displays the print queue, showing the job id, + name, size and current status. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>quit</term> + <listitem><para>See the exit command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>rd <directory name></term> + <listitem><para>See the rmdir command. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>recurse</term> + <listitem><para>Toggle directory recursion for the commands mget + and mput. </para> + + <para>When toggled ON, these commands will process all directories + in the source directory (i.e., the directory they are copying + from ) and will recurse into any that match the mask specified + to the command. Only files that match the mask specified using + the mask command will be retrieved. See also the mask command. + </para> + + <para>When recursion is toggled OFF, only files from the current + working directory on the source machine that match the mask specified + to the mget or mput commands will be copied, and any mask specified + using the mask command will be ignored. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>rm <mask></term> + <listitem><para>Remove all files matching <replaceable>mask</replaceable> from the current + working directory on the server. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>rmdir <directory name></term> + <listitem><para>Remove the specified directory (user access + privileges permitting) from the server. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>tar <c|x>[IXbgNa]</term> + <listitem><para>Performs a tar operation - see the <parameter>-T + </parameter> command line option above. Behavior may be affected + by the tarmode command (see below). Using g (incremental) and N + (newer) will affect tarmode settings. Note that using the "-" option + with tar x may not work - use the command line option instead. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>blocksize <blocksize></term> + <listitem><para>Blocksize. Must be followed by a valid (greater + than zero) blocksize. Causes tar file to be written out in + <replaceable>blocksize</replaceable>*TBLOCK (usually 512 byte) blocks. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>tarmode <full|inc|reset|noreset></term> + <listitem><para>Changes tar's behavior with regard to archive + bits. In full mode, tar will back up everything regardless of the + archive bit setting (this is the default mode). In incremental mode, + tar will only back up files with the archive bit set. In reset mode, + tar will reset the archive bit on all files it backs up (implies + read/write share). </para></listitem> + </varlistentry> + + + <varlistentry> + <term>setmode <filename> <perm=[+|\-]rsha></term> + <listitem><para>A version of the DOS attrib command to set + file permissions. For example: </para> + + <para><command>setmode myfile +r </command></para> + + <para>would make myfile read only. </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>NOTES</title> + + <para>Some servers are fussy about the case of supplied usernames, + passwords, share names (AKA service names) and machine names. + If you fail to connect try giving all parameters in uppercase. + </para> + + <para>It is often necessary to use the -n option when connecting + to some types of servers. For example OS/2 LanManager insists + on a valid NetBIOS name being used, so you need to supply a valid + name that would be known to the server.</para> + + <para>smbclient supports long file names where the server + supports the LANMAN2 protocol or above. </para> +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para>The variable <envar>USER</envar> may contain the + username of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords.</para> + + + <para>The variable <envar>PASSWD</envar> may contain + the password of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. </para> + + <para>The variable <envar>LIBSMB_PROG</envar> may contain + the path, executed with system(), which the client should connect + to instead of connecting to a server. This functionality is primarily + intended as a development aid, and works best when using a LMHOSTS + file</para> +</refsect1> + + +<refsect1> + <title>INSTALLATION</title> + + <para>The location of the client program is a matter for + individual system administrators. The following are thus + suggestions only. </para> + + <para>It is recommended that the smbclient software be installed + in the <filename>/usr/local/samba/bin/</filename> or <filename> + /usr/samba/bin/</filename> directory, this directory readable + by all, writeable only by root. The client program itself should + be executable by all. The client should <emphasis>NOT</emphasis> be + setuid or setgid! </para> + + <para>The client log files should be put in a directory readable + and writeable only by the user. </para> + + <para>To test the client, you will need to know the name of a + running SMB/CIFS server. It is possible to run <command>smbd(8) + </command> as an ordinary user - running that server as a daemon + on a user-accessible port (typically any port number over 1024) + would provide a suitable test server. </para> +</refsect1> + + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>Most diagnostics issued by the client are logged in a + specified log file. The log file name is specified at compile time, + but may be overridden on the command line. </para> + + <para>The number and nature of diagnostics available depends + on the debug level used by the client. If you have problems, + set the debug level to 3 and peruse the log files. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml new file mode 100644 index 0000000000..05e05f4a6a --- /dev/null +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -0,0 +1,174 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbcontrol"> + +<refmeta> + <refentrytitle>smbcontrol</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbcontrol</refname> + <refpurpose>send messages to smbd or nmbd processes</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbcontrol</command> + <arg>-i</arg> + </cmdsynopsis> + + <cmdsynopsis> + <command>smbcontrol</command> + <arg>destination</arg> + <arg>message-type</arg> + <arg>parameter</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>smbcontrol</command> is a very small program, which + sends messages to an <ulink url="smbd.8.html">smbd(8)</ulink> or + an <ulink url="nmbd.8.html">nmbd(8)</ulink> daemon running on the + system.</para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-i</term> + <listitem><para>Run interactively. Individual commands + of the form destination message-type parameters can be entered + on STDIN. An empty command line or a "q" will quit the + program.</para></listitem> + </varlistentry> + + <varlistentry> + <term>destination</term> + <listitem><para>One of <parameter>nmbd</parameter> + <parameter>smbd</parameter> or a process ID.</para> + + <para>The <parameter>smbd</parameter> destination causes the + message to "broadcast" to all smbd daemons.</para> + + <para>The <parameter>nmbd</parameter> destination causes the + message to be sent to the nmbd daemon specified in the + <filename>nmbd.pid</filename> file.</para> + + <para>If a single process ID is given, the message is sent + to only that process.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>message-type</term> + <listitem><para>One of: <constant>close-share</constant>, + <constant>debug</constant>, + <constant>force-election</constant>, <constant>ping + </constant>, <constant>profile</constant>, <constant> + debuglevel</constant>, <constant>profilelevel</constant>, + or <constant>printer-notify</constant>.</para> + + <para>The <constant>close-share</constant> message-type sends a + message to smbd which will then close the client connections to + the named share. Note that this doesn't affect client connections + to any other shares. This message-type takes an argument of the + share name for which client connections will be close, or the + "*" character which will close all currently open shares. + This message can only be sent to <constant>smbd</constant>.</para> + + <para>The <constant>debug</constant> message-type allows + the debug level to be set to the value specified by the + parameter. This can be sent to any of the destinations.</para> + + <para>The <constant>force-election</constant> message-type can only be + sent to the <constant>nmbd</constant> destination. This message + causes the <command>nmbd</command> daemon to force a new browse + master election.</para> + + <para>The <constant>ping</constant> message-type sends the + number of "ping" messages specified by the parameter and waits + for the same number of reply "pong" messages. This can be sent to + any of the destinations.</para> + + <para>The <constant>profile</constant> message-type sends a + message to an smbd to change the profile settings based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any of the destinations.</para> + + <para>The <constant>debuglevel</constant> message-type sends + a "request debug level" message. The current debug level setting + is returned by a "debuglevel" message. This can be + sent to any of the destinations.</para> + + <para>The <constant>profilelevel</constant> message-type sends + a "request profile level" message. The current profile level + setting is returned by a "profilelevel" message. This can be sent + to any of the destinations.</para> + + <para>The <constant>printer-notify</constant> message-type sends a + message to smbd which in turn sends a printer notify message to + any Windows NT clients connected to a printer. This message-type + takes an argument of the printer name to send notify messages to. + This message can only be sent to <constant>smbd</constant>.</para> + + <para>The <constant>close-share</constant> message-type sends a + message to smbd which forces smbd to close the share that was + specified as an argument. This may be useful if you made changes + to the access controls on the share. </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>parameters</term> + <listitem><para>any parameters required for the message-type</para> + </listitem> + </varlistentry> + </variablelist> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + and <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml new file mode 100644 index 0000000000..824ae20241 --- /dev/null +++ b/docs/docbook/manpages/smbd.8.sgml @@ -0,0 +1,424 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbd"> + +<refmeta> + <refentrytitle>smbd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbd</refname> + <refpurpose>server to provide SMB/CIFS services to clients</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbd</command> + <arg choice="opt">-D</arg> + <arg choice="opt">-a</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-o</arg> + <arg choice="opt">-P</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-V</arg> + <arg choice="opt">-b</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-l <log directory></arg> + <arg choice="opt">-p <port number></arg> + <arg choice="opt">-O <socket option></arg> + <arg choice="opt">-s <configuration file></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + <para>This program is part of the Samba suite.</para> + + <para><command>smbd</command> is the server daemon that + provides filesharing and printing services to Windows clients. + The server provides filespace and printer services to + clients using the SMB (or CIFS) protocol. This is compatible + with the LanManager protocol, and can service LanManager + clients. These include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, + OS/2, DAVE for Macintosh, and smbfs for Linux.</para> + + <para>An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink>. This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server.</para> + + <para>Please note that there are significant security + implications to running this server, and the <ulink + url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> + manpage should be regarded as mandatory reading before + proceeding with installation.</para> + + <para>A session is created whenever a client requests one. + Each client gets a copy of the server for each session. This + copy then services all connections made by the client during + that session. When all connections from its client are closed, + the copy of the server for that client terminates.</para> + + <para>The configuration file, and any files that it includes, + are automatically reloaded every minute, if they change. You + can force a reload by sending a SIGHUP to the server. Reloading + the configuration file will not affect connections to any service + that is already established. Either the user will have to + disconnect from the service, or <command>smbd</command> killed and restarted.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-D</term> + <listitem><para>If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate port. Operating the server as a + daemon is the recommended way of running <command>smbd</command> for + servers that provide more than casual use file and + print services. This switch is assumed if <command>smbd + </command> is executed on the command line of a shell. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-a</term> + <listitem><para>If this parameter is specified, each new + connection will append log messages to the log file. + This is the default.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem><para>If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-o</term> + <listitem><para>If this parameter is specified, the + log files will be overwritten when opened. By default, + <command>smbd</command> will append entries to the log + files.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-P</term> + <listitem><para>Passive option. Causes <command>smbd</command> not to + send any network traffic out. Used for debugging by + the developers only.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem><para>Prints the help information (usage) + for <command>smbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-v</term> + <listitem><para>Prints the version number for + <command>smbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-b</term> + <listitem><para>Prints information about how + Samba was built.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-d <debug level></term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.</para> + + <para>The higher this value, the more detail will be + logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.</para> + + <para>Levels above 1 will generate considerable + amounts of log data, and should only be used when + investigating a problem. Levels above 3 are designed for + use only by developers and generate HUGE amounts of log + data, most of which is extremely cryptic.</para> + + <para>Note that specifying this parameter here will + override the <ulink url="smb.conf.5.html#loglevel">log + level</ulink> parameter in the <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> file.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-l <log directory></term> + <listitem><para>If specified, + <replaceable>log directory</replaceable> + specifies a log directory into which the "log.smbd" log + file will be created for informational and debug + messages from the running server. The log + file generated is never removed by the server although + its size may be controlled by the <ulink + url="smb.conf.5.html#maxlogsize">max log size</ulink> + option in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file. + </para> + + <para>The default log directory is specified at + compile time.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-O <socket options></term> + <listitem><para>See the <ulink + url="smb.conf.5.html#socketoptions">socket options</ulink> + parameter in the <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink> file for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-p <port number></term> + <listitem><para><replaceable>port number</replaceable> is a positive integer + value. The default value if this parameter is not + specified is 139.</para> + + <para>This number is the port number that will be + used when making connections to the server from client + software. The standard (well-known) port number for the + SMB over TCP is 139, hence the default. If you wish to + run the server as an ordinary user rather than + as root, most systems will require you to use a port + number greater than 1024 - ask your system administrator + for help if you are in this situation.</para> + + <para>In order for the server to be useful by most + clients, should you configure it on a port other + than 139, you will require port redirection services + on port 139, details of which are outlined in rfc1002.txt + section 4.3.5.</para> + + <para>This parameter is not normally specified except + in the above situation.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-s <configuration file></term> + <listitem><para>The file specified contains the + configuration details required by the server. The + information in this file includes server-specific + information such as what printcap file to use, as well + as descriptions of all the services that the server is + to provide. See <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> for more information. + The default configuration file name is determined at + compile time.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/inetd.conf</filename></term> + <listitem><para>If the server is to be run by the + <command>inetd</command> meta-daemon, this file + must contain suitable startup information for the + meta-daemon. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> + document for details. + </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/rc</filename></term> + <listitem><para>or whatever initialization script your + system uses).</para> + + <para>If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> + document for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>If running the server via the + meta-daemon <command>inetd</command>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> + document for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of the + <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> + server configuration file. Other common places that systems + install this file are <filename>/usr/samba/lib/smb.conf</filename> + and <filename>/etc/smb.conf</filename>.</para> + + <para>This file describes all the services the server + is to make available to clients. See <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> for more information.</para> + </listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>LIMITATIONS</title> + <para>On some systems <command>smbd</command> cannot change uid back + to root after a setuid() call. Such systems are called + trapdoor uid systems. If you have such a system, + you will be unable to connect from a client (such as a PC) as + two different users at once. Attempts to connect the + second user will result in access denied or + similar.</para> +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <variablelist> + <varlistentry> + <term><envar>PRINTER</envar></term> + <listitem><para>If no printer name is specified to + printable services, most systems will use the value of + this variable (or <constant>lp</constant> if this variable is + not defined) as the name of the printer to use. This + is not specific to the server, however.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>PAM INTERACTION</title> + <para>Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the + <ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS">obey pam restricions</ulink> + smb.conf paramater. When this is set, the following restrictions apply: + </para> + + <itemizedlist> + <listitem><para><emphasis>Account Validation</emphasis>: All acccesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. + </para></listitem> + + <listitem><para><emphasis>Session Management</emphasis>: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. + </para></listitem> + </itemizedlist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line.</para> + + <para>The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files.</para> + + <para>Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing.</para> +</refsect1> + +<refsect1> + <title>SIGNALS</title> + + <para>Sending the <command>smbd</command> a SIGHUP will cause it to + reload its <filename>smb.conf</filename> configuration + file within a short period of time.</para> + + <para>To shut down a user's <command>smbd</command> process it is recommended + that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis> + be used, except as a last resort, as this may leave the shared + memory area in an inconsistent state. The safe way to terminate + an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for + it to die on its own.</para> + + <para>The debug log level of <command>smbd</command> may be raised + or lowered using <ulink url="smbcontrol.1.html"><command>smbcontrol(1) + </command></ulink> program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, + whilst still running at a normally low log level.</para> + + <para>Note that as the signal handlers send a debug write, + they are not re-entrant in <command>smbd</command>. This you should wait until + <command>smbd</command> is in a state of waiting for an incoming SMB before + issuing them. It is possible to make the signal handlers safe + by un-blocking the signals before the select call and re-blocking + them after, however this would affect performance.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para>hosts_access(5), <command>inetd(8)</command>, + <ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink>, <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="testparm.1.html"><command> + testparm(1)</command></ulink>, <ulink url="testprns.1.html"> + <command>testprns(1)</command></ulink>, and the Internet RFC's + <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page <ulink url="http://samba.org/cifs/"> + http://samba.org/cifs/</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml new file mode 100644 index 0000000000..b9607312ff --- /dev/null +++ b/docs/docbook/manpages/smbgroupedit.8.sgml @@ -0,0 +1,267 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbgroupedit"> + +<refmeta> + <refentrytitle>smbgroupedit</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<!-- **************************************************** +** Name and Options ** +**************************************************** --> +<refnamediv> + <refname>smbgroupedit</refname> + <refpurpose>Query/set/change UNIX - Windows NT group mapping</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbroupedit</command> + <arg choice="opt">-v [l|s]</arg> + <arg choice="opt">-a UNIX-groupname [-d NT-groupname|-p prividge|</arg> + </cmdsynopsis> +</refsynopsisdiv> + + + +<!-- **************************************************** +** Description ** +**************************************************** --> +<refsect1> + +<title>DESCRIPTION</title> + +<para> +This program is part of the <ulink url="samba.7.html">Samba</ulink> +suite. +</para> + +<para> +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc. +</para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-v[l|s]</term> + <listitem><para>This option will list all groups available + in the Windows NT domain in which samba is operating. + </para> + + <variablelist> + <varlistentry> + <term>-l</term> + <listitem><para>give a long listing, of the format:</para> + +<para><programlisting> +"NT Group Name" + SID : + Unix group : + Group type : + Comment : + Privilege : +</programlisting></para> + +<para>For examples,</para> +<para><programlisting> +Users + SID : S-1-5-32-545 + Unix group: -1 + Group type: Local group + Comment : + Privilege : No privilege +</programlisting></para> + + </listitem> + </varlistentry> + + <varlistentry> + <term>-s</term> + <listitem><para>display a short listing of the format:</para> + +<para><programlisting> +NTGroupName(SID) -> UnixGroupName +</programlisting></para> + +<para>For example,</para> + +<para><programlisting> +Users (S-1-5-32-545) -> -1 +</programlisting></para> + + </listitem> + </varlistentry> + </variablelist> + + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + + + +<!-- **************************************************** +**************************************************** --> +<refsect1> +<title>FILES</title> + +<para></para> + +</refsect1> + + + +<!-- **************************************************** +**************************************************** --> +<refsect1> + +<title>EXIT STATUS</title> + +<para> +<command>smbgroupedit</command> returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure. +</para> + +</refsect1> + + + + +<!-- **************************************************** +**************************************************** --> +<refsect1> + +<title>EXAMPLES</title> + + +<para> +To make a subset of your samba PDC users members of +the 'Domain Admins' Global group: +</para> + +<orderedlist> + + <listitem><para>create a unix group (usually in + <filename>/etc/group</filename>), let's call it <constant>domadm</constant>. + </para></listitem> + + <listitem><para>add to this group the users that you want to be + domain administrators. For example if you want joe, john and mary, + your entry in <filename>/etc/group</filename> will look like: + </para> + + <para>domadm:x:502:joe,john,mary</para> + </listitem> + + <listitem><para>map this domadm group to the 'domain admins' group: + </para> + <orderedlist> + <listitem><para>Get the SID for the Windows NT "Domain Admins" + group:</para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit -vs | grep "Domain Admins"</command> +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 +</programlisting></para> +</listitem> + + <listitem><para>map the unix domadm group to the Windows NT + "Domain Admins" group, by running the command: + </para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit \ +-c S-1-5-21-1108995562-3116817432-1375597819-512 \ +-u domadm</command> +</programlisting></para> + + <para> + <emphasis>warning:</emphasis> don't copy and paste this sample, the + Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. + </para> + </listitem> + </orderedlist> + </listitem> +</orderedlist> + +<para> +To verify that you mapping has taken effect: +</para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit -vs|grep "Domain Admins"</command> +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm +</programlisting></para> + +<para> +To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group: +</para> + +<para><programlisting> +<prompt>root# </prompt><command>smbgroupedit -a unixgroup -td</command> +</programlisting></para> + + + +</refsect1> + + + + +<!-- **************************************************** +**************************************************** --> +<refsect1> + +<title>VERSION</title> + +<para> +This man page is correct for the 3.0alpha releases of +the Samba suite. +</para> +</refsect1> + +<!-- **************************************************** +**************************************************** --> + +<refsect1> +<title>SEE ALSO</title> + +<para> +<ulink url="smb.conf.5.html">smb.conf(5)</ulink> +</para> + +</refsect1> + + +<!-- **************************************************** +**************************************************** --> + +<refsect1> +<title>AUTHOR</title> + +<para> +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +</para> + +<para> +<command>smbgroupedit</command> was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code.</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml new file mode 100644 index 0000000000..55b66d5d25 --- /dev/null +++ b/docs/docbook/manpages/smbmnt.8.sgml @@ -0,0 +1,113 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbmnt"> + +<refmeta> + <refentrytitle>smbmnt</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbmnt</refname> + <refpurpose>helper utility for mounting SMB filesystems</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbmnt</command> + <arg choice="req">mount-point</arg> + <arg choice="opt">-s <share></arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-u <uid></arg> + <arg choice="opt">-g <gid></arg> + <arg choice="opt">-f <mask></arg> + <arg choice="opt">-d <mask></arg> + <arg choice="opt">-o <options></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para><command>smbmnt</command> is a helper application used + by the smbmount program to do the actual mounting of SMB shares. + <command>smbmnt</command> can be installed setuid root if you want + normal users to be able to mount their SMB shares.</para> + + <para>A setuid smbmnt will only allow mounts on directories owned + by the user, and that the user has write permission on.</para> + + <para>The <command>smbmnt</command> program is normally invoked + by <ulink url="smbmount.8.html"><command>smbmount(8)</command> + </ulink>. It should not be invoked directly by users. </para> + + <para>smbmount searches the normal PATH for smbmnt. You must ensure + that the smbmnt version in your path matches the smbmount used.</para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-r</term> + <listitem><para>mount the filesystem read-only + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-u uid</term> + <listitem><para>specify the uid that the files will + be owned by </para></listitem> + </varlistentry> + + <varlistentry> + <term>-g gid</term> + <listitem><para>specify the gid that the files will be + owned by </para></listitem> + </varlistentry> + + <varlistentry> + <term>-f mask</term> + <listitem><para>specify the octal file mask applied + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-d mask</term> + <listitem><para>specify the octal directory mask + applied </para></listitem> + </varlistentry> + + <varlistentry> + <term>-o options</term> + <listitem><para> + list of options that are passed as-is to smbfs, if this + command is run on a 2.4 or higher Linux kernel. + </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.</para> + + <para>The current maintainer of smbfs and the userspace + tools <command>smbmount</command>, <command>smbumount</command>, + and <command>smbmnt</command> is <ulink + url="mailto:urban@teststation.com">Urban Widmark</ulink>. + The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + + <para>The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml new file mode 100644 index 0000000000..b4a77e51c9 --- /dev/null +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -0,0 +1,327 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbmount"> + +<refmeta> + <refentrytitle>smbmount</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbmount</refname> + <refpurpose>mount an smbfs filesystem</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbumount</command> + <arg choice="req">service</arg> + <arg choice="req">mount-point</arg> + <arg choice="opt">-o options</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para><command>smbmount</command> mounts a Linux SMB filesystem. It + is usually invoked as <command>mount.smbfs</command> by + the <command>mount(8)</command> command when using the + "-t smbfs" option. This command only works in Linux, and the kernel must + support the smbfs filesystem. </para> + + <para>Options to <command>smbmount</command> are specified as a comma-separated + list of key=value pairs. It is possible to send options other + than those listed here, assuming that smbfs supports them. If + you get mount failures, check your kernel log for errors on + unknown options.</para> + + <para><command>smbmount</command> is a daemon. After mounting it keeps running until + the mounted smbfs is umounted. It will log things that happen + when in daemon mode using the "machine name" smbmount, so + typically this output will end up in <filename>log.smbmount</filename>. The + <command>smbmount</command> process may also be called mount.smbfs.</para> + + <para><emphasis>NOTE:</emphasis> <command>smbmount</command> + calls <command>smbmnt(8)</command> to do the actual mount. You + must make sure that <command>smbmnt</command> is in the path so + that it can be found. </para> + +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>username=<arg></term> + <listitem><para>specifies the username to connect as. If + this is not given, then the environment variable <envar> + USER</envar> is used. This option can also take the + form "user%password" or "user/workgroup" or + "user/workgroup%password" to allow the password and workgroup + to be specified as part of the username.</para></listitem> + </varlistentry> + + <varlistentry> + <term>password=<arg></term> + <listitem><para>specifies the SMB password. If this + option is not given then the environment variable + <envar>PASSWD</envar> is used. If it can find + no password <command>smbmount</command> will prompt + for a passeword, unless the guest option is + given. </para> + + <para> + Note that password which contain the arguement delimiter + character (i.e. a comma ',') will failed to be parsed correctly + on the command line. However, the same password defined + in the PASSWD environment variable or a credentials file (see + below) will be read correctly. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>credentials=<filename></term> + <listitem><para>specifies a file that contains a username + and/or password. The format of the file is:</para> + + <para> + <programlisting> + username = <value> + password = <value> + </programlisting> + </para> + + <para>This is preferred over having passwords in plaintext in a + shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any + credentials file properly. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>netbiosname=<arg></term> + <listitem><para>sets the source NetBIOS name. It defaults + to the local hostname. </para></listitem> + </varlistentry> + + <varlistentry> + <term>uid=<arg></term> + <listitem><para>sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>gid=<arg></term> + <listitem><para>sets the gid that will own all files on + the mounted filesystem. + It may be specified as either a groupname or a numeric + gid. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>port=<arg></term> + <listitem><para>sets the remote SMB port number. The default + is 139. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>fmask=<arg></term> + <listitem><para>sets the file mask. This determines the + permissions that remote files have in the local filesystem. + The default is based on the current umask. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>dmask=<arg></term> + <listitem><para>sets the directory mask. This determines the + permissions that remote directories have in the local filesystem. + The default is based on the current umask. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>debug=<arg></term> + <listitem><para>sets the debug level. This is useful for + tracking down SMB connection problems. A suggested value to + start with is 4. If set too high there will be a lot of + output, possibly hiding the useful output.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>ip=<arg></term> + <listitem><para>sets the destination host or IP address. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>workgroup=<arg></term> + <listitem><para>sets the workgroup on the destination </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>sockopt=<arg></term> + <listitem><para>sets the TCP socket options. See the <ulink + url="smb.conf.5.html#SOCKETOPTIONS"><filename>smb.conf + </filename></ulink> <parameter>socket options</parameter> option. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>scope=<arg></term> + <listitem><para>sets the NetBIOS scope </para></listitem> + </varlistentry> + + <varlistentry> + <term>guest</term> + <listitem><para>don't prompt for a password </para></listitem> + </varlistentry> + + + <varlistentry> + <term>ro</term> + <listitem><para>mount read-only </para></listitem> + </varlistentry> + + <varlistentry> + <term>rw</term><listitem><para>mount read-write </para></listitem> + </varlistentry> + + <varlistentry> + <term>iocharset=<arg></term> + <listitem><para> + sets the charset used by the Linux side for codepage + to charset translations (NLS). Argument should be the + name of a charset, like iso8859-1. (Note: only kernel + 2.4.0 or later) + </para></listitem> + </varlistentry> + + <varlistentry> + <term>codepage=<arg></term> + <listitem><para> + sets the codepage the server uses. See the iocharset + option. Example value cp850. (Note: only kernel 2.4.0 + or later) + </para></listitem> + </varlistentry> + + <varlistentry> + <term>ttl=<arg></term> + <listitem><para> + how long a directory listing is cached in milliseconds + (also affects visibility of file size and date + changes). A higher value means that changes on the + server take longer to be noticed but it can give + better performance on large directories, especially + over long distances. Default is 1000ms but something + like 10000ms (10 seconds) is probably more reasonable + in many cases. + (Note: only kernel 2.4.2 or later) + </para></listitem> + </varlistentry> + + </variablelist> + + +</refsect1> + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para>The variable <envar>USER</envar> may contain the username of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. The variable can be used to set both username and + password by using the format username%password.</para> + + <para>The variable <envar>PASSWD</envar> may contain the password of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords.</para> + + <para>The variable <envar>PASSWD_FILE</envar> may contain the pathname + of a file to read the password from. A single line of input is + read and used as the password.</para> +</refsect1> + + +<refsect1> + <title>BUGS</title> + + <para>Passwords and other options containing , can not be handled. + For passwords an alternative way of passing them is in a credentials + file or in the PASSWD environment.</para> + + <para>The credentials file does not handle usernames or passwords with + leading space.</para> + + <para>One smbfs bug is important enough to mention here, even if it + is a bit misplaced:</para> + + <itemizedlist> + + <listitem><para>Mounts sometimes stop working. This is usually + caused by smbmount terminating. Since smbfs needs smbmount to + reconnect when the server disconnects, the mount will eventually go + dead. An umount/mount normally fixes this. At least 2 ways to + trigger this bug are known.</para></listitem> + + </itemizedlist> + + <para>Note that the typical response to a bug report is suggestion + to try the latest version first. So please try doing that first, + and always include which versions you use of relevant software + when reporting bugs (minimum: samba, kernel, distribution)</para> + +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + + <para>Documentation/filesystems/smbfs.txt in the linux kernel + source tree may contain additional options and information.</para> + + <para>FreeBSD also has a smbfs, but it is not related to smbmount</para> + + <para>For Solaris, HP-UX and others you may want to look at + <ulink url="smbsh.1.html"><command>smbsh(1)</command></ulink> or at other + solutions, such as sharity or perhaps replacing the SMB server with + a NFS server.</para> + +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.</para> + + <para>The current maintainer of smbfs and the userspace + tools <command>smbmount</command>, <command>smbumount</command>, + and <command>smbmnt</command> is <ulink + url="mailto:urban@teststation.com">Urban Widmark</ulink>. + The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + + <para>The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml new file mode 100644 index 0000000000..be75107819 --- /dev/null +++ b/docs/docbook/manpages/smbpasswd.5.sgml @@ -0,0 +1,204 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbpasswd"> + +<refmeta> + <refentrytitle>smbpasswd</refentrytitle> + <manvolnum>5</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbpasswd</refname> + <refpurpose>The Samba encrypted password file</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <para><filename>smbpasswd</filename></para> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para>smbpasswd is the Samba encrypted password file. It contains + the username, Unix user id and the SMB hashed passwords of the + user, as well as account flag information and the time the + password was last changed. This file format has been evolving with + Samba and has had several different formats in the past. </para> +</refsect1> + +<refsect1> + <title>FILE FORMAT</title> + + <para>The format of the smbpasswd file used by Samba 2.2 + is very similar to the familiar Unix <filename>passwd(5)</filename> + file. It is an ASCII file containing one line for each user. Each field + ithin each line is separated from the next by a colon. Any entry + beginning with '#' is ignored. The smbpasswd file contains the + following information for each user: </para> + + <variablelist> + <varlistentry> + <term>name</term> + <listitem><para> This is the user name. It must be a name that + already exists in the standard UNIX passwd file. </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>uid</term> + <listitem><para>This is the UNIX uid. It must match the uid + field for the same user entry in the standard UNIX passwd file. + If this does not match then Samba will refuse to recognize + this smbpasswd file entry as being valid for a user. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>Lanman Password Hash</term> + <listitem><para>This is the LANMAN hash of the user's password, + encoded as 32 hex digits. The LANMAN hash is created by DES + encrypting a well known string with the user's password as the + DES key. This is the same password used by Windows 95/98 machines. + Note that this password hash is regarded as weak as it is + vulnerable to dictionary attacks and if two users choose the + same password this entry will be identical (i.e. the password + is not "salted" as the UNIX password is). If the user has a + null password this field will contain the characters "NO PASSWORD" + as the start of the hex string. If the hex string is equal to + 32 'X' characters then the user's account is marked as + <constant>disabled</constant> and the user will not be able to + log onto the Samba server. </para> + + <para><emphasis>WARNING !!</emphasis> Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as <emphasis>plain text + equivalents</emphasis> and must <emphasis>NOT</emphasis> be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>NT Password Hash</term> + <listitem><para>This is the Windows NT hash of the user's + password, encoded as 32 hex digits. The Windows NT hash is + created by taking the user's password as represented in + 16-bit, little-endian UNICODE and then applying the MD4 + (internet rfc1321) hashing algorithm to it. </para> + + <para>This password hash is considered more secure than + the LANMAN Password Hash as it preserves the case of the + password and uses a much higher quality hashing algorithm. + However, it is still the case that if two users choose the same + password this entry will be identical (i.e. the password is + not "salted" as the UNIX password is). </para> + + <para><emphasis>WARNING !!</emphasis>. Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as <emphasis>plain text + equivalents</emphasis> and must <emphasis>NOT</emphasis> be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>Account Flags</term> + <listitem><para>This section contains flags that describe + the attributes of the users account. In the Samba 2.2 release + this field is bracketed by '[' and ']' characters and is always + 13 characters in length (including the '[' and ']' characters). + The contents of this field may be any of the characters. + </para> + + <itemizedlist> + <listitem><para><emphasis>U</emphasis> - This means + this is a "User" account, i.e. an ordinary user. Only User + and Workstation Trust accounts are currently supported + in the smbpasswd file. </para></listitem> + + <listitem><para><emphasis>N</emphasis> - This means the + account has no password (the passwords in the fields LANMAN + Password Hash and NT Password Hash are ignored). Note that this + will only allow users to log on with no password if the <parameter> + null passwords</parameter> parameter is set in the <ulink + url="smb.conf.5.html#NULLPASSWORDS"><filename>smb.conf(5) + </filename></ulink> config file. </para></listitem> + + <listitem><para><emphasis>D</emphasis> - This means the account + is disabled and no SMB/CIFS logins will be allowed for + this user. </para></listitem> + + <listitem><para><emphasis>W</emphasis> - This means this account + is a "Workstation Trust" account. This kind of account is used + in the Samba PDC code stream to allow Windows NT Workstations + and Servers to join a Domain hosted by a Samba PDC. </para> + </listitem> + </itemizedlist> + + <para>Other flags may be added as the code is extended in future. + The rest of this field space is filled in with spaces. </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>Last Change Time</term> + <listitem><para>This field consists of the time the account was + last modified. It consists of the characters 'LCT-' (standing for + "Last Change Time") followed by a numeric encoding of the UNIX time + in seconds since the epoch (1970) that the last change was made. + </para></listitem> + </varlistentry> + </variablelist> + + <para>All other colon separated fields are ignored at this time.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, + <ulink url="samba.7.html">samba(7)</ulink>, and + the Internet RFC1321 for details on the MD4 algorithm. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml new file mode 100644 index 0000000000..3c7a6a5150 --- /dev/null +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -0,0 +1,389 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbpasswd"> + +<refmeta> + <refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbpasswd</refname> + <refpurpose>change a user's SMB password</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbpasswd</command> + <arg choice="opt">-a</arg> + <arg choice="opt">-x</arg> + <arg choice="opt">-d</arg> + <arg choice="opt">-e</arg> + <arg choice="opt">-D debuglevel</arg> + <arg choice="opt">-n</arg> + <arg choice="opt">-r <remote machine></arg> + <arg choice="opt">-R <name resolve order></arg> + <arg choice="opt">-m</arg> + <arg choice="opt">-j DOMAIN</arg> + <arg choice="opt">-U username[%password]</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-s</arg> + <arg choice="opt">-w pass</arg> + <arg choice="opt">username</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para>The smbpasswd program has several different + functions, depending on whether it is run by the <emphasis>root</emphasis> + user or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords. </para> + + <para>By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the <command>passwd(1)</command> program works. + <command>smbpasswd</command> differs from how the passwd program works + however in that it is not <emphasis>setuid root</emphasis> but works in + a client-server mode and communicates with a locally running + <command>smbd(8)</command>. As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the <filename>smbpasswd(5)</filename> file. </para> + + <para>When run by an ordinary user with no options. smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password. </para> + + <para>smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (-r) and -U options below. </para> + + <para>When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, + <command>smbpasswd</command> accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running. </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term>-a</term> + <listitem><para>This option specifies that the username + following should be added to the local smbpasswd file, with the + new password typed (type <Enter> for the old password). This + option is ignored if the username following already exists in + the smbpasswd file and it is treated like a regular change + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + <filename>/etc/passwd</filename>), else the request to add the + user will fail. </para> + + <para>This option is only available when running smbpasswd + as root. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-x</term> + <listitem><para>This option specifies that the username + following should be deleted from the local smbpasswd file. + </para> + + <para>This option is only available when running smbpasswd as + root.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-d</term> + <listitem><para>This option specifies that the username following + should be <constant>disabled</constant> in the local smbpasswd + file. This is done by writing a <constant>'D'</constant> flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail. </para> + + <para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See <command>smbpasswd(5) + </command> for details on the 'old' and new password file formats. + </para> + + <para>This option is only available when running smbpasswd as + root.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-e</term> + <listitem><para>This option specifies that the username following + should be <constant>enabled</constant> in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again. </para> + + <para>If the smbpasswd file is in the 'old' format, then <command> + smbpasswd</command> will FAIL to enable the account. + See <command>smbpasswd (5)</command> for + details on the 'old' and new password file formats. </para> + + <para>This option is only available when running smbpasswd as root. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-D debuglevel</term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer + from 0 to 10. The default value if this parameter is not specified + is zero. </para> + + <para>The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged. </para> + + <para>Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-n</term> + <listitem><para>This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file. </para> + + <para>Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the <filename>smb.conf</filename> file : </para> + + <para><command>null passwords = yes</command></para> + + <para>This option is only available when running smbpasswd as + root.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-r remote machine name</term> + <listitem><para>This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The <replaceable>remote + machine name</replaceable> is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the <parameter>-R + name resolve order</parameter> parameter for details on changing + this resolving mechanism. </para> + + <para>The username whose password is changed is that of the + current UNIX logged on user. See the <parameter>-U username</parameter> + parameter for details on changing the password for a different + username. </para> + + <para>Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change).</para> + + <para><emphasis>Note</emphasis> that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-R name resolve order</term> + <listitem><para>This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to. </para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". They cause + names to be resolved as follows : </para> + <itemizedlist> + <listitem><para><constant>lmhosts</constant> : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + any name type matches for lookup.</para></listitem> + + <listitem><para><constant>host</constant> : Do a standard host + name to IP address resolution, using the system <filename>/etc/hosts + </filename>, NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf</filename> + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.</para></listitem> + + <listitem><para><constant>wins</constant> : Query a name with + the IP address listed in the <parameter>wins server</parameter> + parameter. If no WINS server has been specified this method + will be ignored.</para></listitem> + + <listitem><para><constant>bcast</constant> : Do a broadcast on + each of the known local interfaces listed in the + <parameter>interfaces</parameter> parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet.</para></listitem> + </itemizedlist> + + <para>The default order is <command>lmhosts, host, wins, bcast</command> + and without this parameter or any entry in the + <filename>smb.conf</filename> file the name resolution methods will + be attempted in this order. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-m</term> + <listitem><para>This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller.</para> + + <para>This option is only available when running smbpasswd as root. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-U username</term> + <listitem><para>This option may only be used in conjunction + with the <parameter>-r</parameter> option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-h</term> + <listitem><para>This option prints the help string for <command> + smbpasswd</command>, selecting the correct one for running as root + or as an ordinary user. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-s</term> + <listitem><para>This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from <filename>/dev/tty</filename> + (like the <command>passwd(1)</command> program does). This option + is to aid people writing scripts to drive smbpasswd</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-w password</term> + <listitem><para>This parameter is only available is Samba + has been configured to use the experiemental + <command>--with-ldapsam</command> option. The <parameter>-w</parameter> + switch is used to specify the password to be used with the + <ulink url="smb.conf.5.html#LDAPADMINDN"><parameter>ldap admin + dn</parameter></ulink>. Note that the password is stored in + the <filename>private/secrets.tdb</filename> and is keyed off + of the admin's DN. This means that if the value of <parameter>ldap + admin dn</parameter> ever changes, the password will beed to be + manually updated as well. + </para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>username</term> + <listitem><para>This specifies the username for all of the + <emphasis>root only</emphasis> options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>Since <command>smbpasswd</command> works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the <command> + smbd</command> running on the local machine by specifying a + <parameter>allow hosts</parameter> or <parameter>deny hosts</parameter> + entry in the <filename>smb.conf</filename> file and neglecting to + allow "localhost" access to the smbd. </para> + + <para>In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. See the file + <filename>ENCRYPTION.txt</filename> in the docs directory for details + on how to do this. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink>, + <ulink url="samba.7.html">samba(7)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> + + + + diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml new file mode 100644 index 0000000000..46adac6b79 --- /dev/null +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -0,0 +1,105 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbsh"> + +<refmeta> + <refentrytitle>smbsh</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbsh</refname> + <refpurpose>Allows access to Windows NT filesystem + using UNIX commands</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbsh</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>smbsh</command> allows you to access an NT filesystem + using UNIX commands such as <command>ls</command>, <command> + egrep</command>, and <command>rcp</command>. You must use a + shell that is dynamically linked in order for <command>smbsh</command> + to work correctly.</para> + + <para>To use the <command>smbsh</command> command, execute <command> + smbsh</command> from the prompt and enter the username and password + that authenticates you to the machine running the Windows NT + operating system.</para> + + <para><programlisting> + <prompt>system% </prompt><userinput>smbsh</userinput> + <prompt>Username: </prompt><userinput>user</userinput> + <prompt>Password: </prompt><userinput>XXXXXXX</userinput> + </programlisting></para> + + + <para>Any dynamically linked command you execute from + this shell will access the <filename>/smb</filename> directory + using the smb protocol. For example, the command <command>ls /smb + </command> will show a list of workgroups. The command + <command>ls /smb/MYGROUP </command> will show all the machines in + the workgroup MYGROUP. The command + <command>ls /smb/MYGROUP/<machine-name></command> will show the share + names for that machine. You could then, for example, use the <command> + cd</command> command to change directories, <command>vi</command> to + edit files, and <command>rcp</command> to copy files.</para> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>BUGS</title> + + <para><command>smbsh</command> works by intercepting the standard + libc calls with the dynamically loaded versions in <filename> + smbwrapper.o</filename>. Not all calls have been "wrapped", so + some programs may not function correctly under <command>smbsh + </command>.</para> + + <para>Programs which are not dynamically linked cannot make + use of <command>smbsh</command>'s functionality. Most versions + of UNIX have a <command>file</command> command that will + describe how a program was linked.</para> +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml new file mode 100644 index 0000000000..d5c9c0a114 --- /dev/null +++ b/docs/docbook/manpages/smbspool.8.sgml @@ -0,0 +1,131 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbspool"> + +<refmeta> + <refentrytitle>smbspool</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbspool</refname> + <refpurpose>send print file to an SMB printer</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbspool</command> + <arg>job</arg> + <arg>user</arg> + <arg>title</arg> + <arg>copies</arg> + <arg>options</arg> + <arg>filename</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para>smbspool is a very small print spooling program that + sends a print file to an SMB printer. The command-line arguments + are position-dependent for compatibility with the Common UNIX + Printing System, but you can use smbspool with any printing system + or from a program or script.</para> + + <para><emphasis>DEVICE URI</emphasis></para> + + <para>smbspool specifies the destination using a Uniform Resource + Identifier ("URI") with a method of "smb". This string can take + a number of forms:</para> + + <itemizedlist> + <listitem><para>smb://server/printer</para></listitem> + <listitem><para>smb://workgroup/server/printer</para></listitem> + <listitem><para>smb://username:password@server/printer</para> + </listitem> + <listitem><para>smb://username:password@workgroup/server/printer + </para></listitem> + </itemizedlist> + + <para>smbspool tries to get the URI from argv[0]. If argv[0] + contains the name of the program then it looks in the <envar> + DEVICE_URI</envar> environment variable.</para> + + <para>Programs using the <command>exec(2)</command> functions can + pass the URI in argv[0], while shell scripts must set the + <envar>DEVICE_URI</envar> environment variable prior to + running smbspool.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <itemizedlist> + <listitem><para>The job argument (argv[1]) contains the + job ID number and is presently not used by smbspool. + </para></listitem> + + <listitem><para>The user argument (argv[2]) contains the + print user's name and is presently not used by smbspool. + </para></listitem> + + <listitem><para>The title argument (argv[3]) contains the + job title string and is passed as the remote file name + when sending the print job.</para></listitem> + + <listitem><para>The copies argument (argv[4]) contains + the number of copies to be printed of the named file. If + no filename is provided than this argument is not used by + smbspool.</para></listitem> + + <listitem><para>The options argument (argv[5]) contains + the print options in a single string and is presently + not used by smbspool.</para></listitem> + + <listitem><para>The filename argument (argv[6]) contains the + name of the file to print. If this argument is not specified + then the print file is read from the standard input.</para> + </listitem> + </itemizedlist> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + and <ulink url="samba.7.html">samba(7)</ulink>. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para><command>smbspool</command> was written by Michael Sweet + at Easy Software Products.</para> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml new file mode 100644 index 0000000000..99963a4bec --- /dev/null +++ b/docs/docbook/manpages/smbstatus.1.sgml @@ -0,0 +1,152 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbstatus"> + +<refmeta> + <refentrytitle>smbstatus</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbstatus</refname> + <refpurpose>report on current Samba connections</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbstatus</command> + <arg choice="opt">-P</arg> + <arg choice="opt">-b</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-v</arg> + <arg choice="opt">-L</arg> + <arg choice="opt">-B</arg> + <arg choice="opt">-p</arg> + <arg choice="opt">-S</arg> + <arg choice="opt">-s <configuration file></arg> + <arg choice="opt">-u <username></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>smbstatus</command> is a very simple program to + list the current Samba connections.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-P|--profile</term> + <listitem><para>If samba has been compiled with the + profiling option, print only the contents of the profiling + shared memory area.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-b|--brief</term> + <listitem><para>gives brief output.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-d|--debug=<debuglevel></term> + <listitem><para>sets debugging to specified level</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-v|--verbose</term> + <listitem><para>gives verbose output.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-L|--locks</term> + <listitem><para>causes smbstatus to only list locks.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-B|--byterange</term> + <listitem><para>causes smbstatus to include byte range locks. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-p|--processes</term> + <listitem><para>print a list of <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> processes and exit. + Useful for scripting.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-S|--shares</term> + <listitem><para>causes smbstatus to only list shares.</para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term>-s|--conf=<configuration file></term> + <listitem><para>The default configuration file name is + determined at compile time. The file specified contains the + configuration details required by the server. See <ulink + url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink> for more information.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>-u|--user=<username></term> + <listitem><para>selects information relevant to + <parameter>username</parameter> only.</para> + </listitem> + </varlistentry> + + </variablelist> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3.0 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink> and + <ulink url="smb.conf.5.html">smb.conf(5)</ulink>.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml new file mode 100644 index 0000000000..4e2ee5fff0 --- /dev/null +++ b/docs/docbook/manpages/smbtar.1.sgml @@ -0,0 +1,226 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbtar"> + +<refmeta> + <refentrytitle>smbtar</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbtar</refname> + <refpurpose>shell script for backing up SMB/CIFS shares + directly to UNIX tape drives</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbtar</command> + <arg choice="req">-s server</arg> + <arg choice="opt">-p password</arg> + <arg choice="opt">-x services</arg> + <arg choice="opt">-X</arg> + <arg choice="opt">-d directory</arg> + <arg choice="opt">-u user</arg> + <arg choice="opt">-t tape</arg> + <arg choice="opt">-t tape</arg> + <arg choice="opt">-b blocksize</arg> + <arg choice="opt">-N filename</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-l loglevel</arg> + <arg choice="opt">-v</arg> + <arg choice="req">filenames</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>smbtar</command> is a very small shell script on top + of <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> + which dumps SMB shares directly to tape. </para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-s server</term> + <listitem><para>The SMB/CIFS server that the share resides + upon.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-x service</term> + <listitem><para>The share name on the server to connect to. + The default is "backup".</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-X</term> + <listitem><para>Exclude mode. Exclude filenames... from tar + create or restore. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-d directory</term> + <listitem><para>Change to initial <parameter>directory + </parameter> before restoring / backing up files. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-v</term> + <listitem><para>Verbose mode.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-p password</term> + <listitem><para>The password to use to access a share. + Default: none </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-u user</term> + <listitem><para>The user id to connect as. Default: + UNIX login name. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-t tape</term> + <listitem><para>Tape device. May be regular file or tape + device. Default: <parameter>$TAPE</parameter> environmental + variable; if not set, a file called <filename>tar.out + </filename>. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-b blocksize</term> + <listitem><para>Blocking factor. Defaults to 20. See + <command>tar(1)</command> for a fuller explanation. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-N filename</term> + <listitem><para>Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-i</term> + <listitem><para>Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-r</term> + <listitem><para>Restore. Files are restored to the share + from the tar file. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-l log level</term> + <listitem><para>Log (debug) level. Corresponds to the + <parameter>-d</parameter> flag of <command>smbclient(1) + </command>. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>ENVIRONMENT VARIABLES</title> + + <para>The <parameter>$TAPE</parameter> variable specifies the + default tape device to write to. May be overridden + with the -t option. </para> +</refsect1> + + +<refsect1> + <title>BUGS</title> + + <para>The <command>smbtar</command> script has different + options from ordinary tar and tar called from smbclient. </para> + +</refsect1> + +<refsect1> + <title>CAVEATS</title> + + <para>Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares, should work on file lists. smbtar works best + with GNU tar and may not work well with other versions. </para> +</refsect1> + + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>See the <emphasis>DIAGNOSTICS</emphasis> section for the + <ulink url="smbclient.1.html"><command>smbclient(1)</command> + </ulink> command.</para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink>, + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><ulink url="mailto:poultenr@logica.co.uk">Ricky Poulten</ulink> + wrote the tar extension and this man page. The <command>smbtar</command> + script was heavily rewritten and improved by <ulink + url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter.</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.sgml new file mode 100644 index 0000000000..d6a1b65b57 --- /dev/null +++ b/docs/docbook/manpages/smbumount.8.sgml @@ -0,0 +1,73 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbumount"> + +<refmeta> + <refentrytitle>smbumount</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>smbumount</refname> + <refpurpose>smbfs umount for normal users</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>smbumount</command> + <arg choice="req">mount-point</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>With this program, normal users can unmount smb-filesystems, + provided that it is suid root. <command>smbumount</command> has + been written to give normal Linux users more control over their + resources. It is safe to install this program suid root, because only + the user who has mounted a filesystem is allowed to unmount it again. + For root it is not necessary to use smbumount. The normal umount + program works perfectly well, but it would certainly be problematic + to make umount setuid root.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>mount-point</term> + <listitem><para>The directory to unmount.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>SEE ALSO</title> + + <para><ulink url="smbmount.8.html"><command>smbmount(8)</command> + </ulink></para> +</refsect1> + + +<refsect1> + <title>AUTHOR</title> + + <para>Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.</para> + + <para>The current maintainer of smbfs and the userspace + tools <command>smbmount</command>, <command>smbumount</command>, + and <command>smbmnt</command> is <ulink + url="mailto:urban@teststation.com">Urban Widmark</ulink>. + The <ulink url="mailto:samba@samba.org">SAMBA Mailing list</ulink> + is the preferred place to ask questions regarding these programs. + </para> + + <para>The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml new file mode 100644 index 0000000000..dc6989d566 --- /dev/null +++ b/docs/docbook/manpages/swat.8.sgml @@ -0,0 +1,209 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="swat"> + +<refmeta> + <refentrytitle>swat</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>swat</refname> + <refpurpose>Samba Web Administration Tool</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>swat</command> + <arg choice="opt">-s <smb config file></arg> + <arg choice="opt">-a</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + + <para><command>swat</command> allows a Samba administrator to + configure the complex <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file via a Web browser. In addition, + a <command>swat</command> configuration page has help links + to all the configurable options in the <filename>smb.conf</filename> file allowing an + administrator to easily look up the effects of any change. </para> + + <para><command>swat</command> is run from <command>inetd</command> </para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-s smb configuration file</term> + <listitem><para>The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the <command>smbd + </command> server. This is the file that <command>swat</command> will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See <filename>smb.conf</filename> for more information. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-a</term> + <listitem><para>This option disables authentication and puts + <command>swat</command> in demo mode. In that mode anyone will be able to modify + the <filename>smb.conf</filename> file. </para> + + <para><emphasis>Do NOT enable this option on a production + server. </emphasis></para></listitem> + </varlistentry> + </variablelist> + +</refsect1> + +<refsect1> + + <title>INSTALLATION</title> + + <para>After you compile SWAT you need to run <command>make install + </command> to install the <command>swat</command> binary + and the various help files and images. A default install would put + these in: </para> + + <itemizedlist> + <listitem><para>/usr/local/samba/bin/swat</para></listitem> + <listitem><para>/usr/local/samba/swat/images/*</para></listitem> + <listitem><para>/usr/local/samba/swat/help/*</para></listitem> + </itemizedlist> + + <refsect2> + <title>Inetd Installation</title> + + <para>You need to edit your <filename>/etc/inetd.conf + </filename> and <filename>/etc/services</filename> + to enable SWAT to be launched via <command>inetd</command>.</para> + + <para>In <filename>/etc/services</filename> you need to + add a line like this: </para> + + <para><command>swat 901/tcp</command></para> + + <para>Note for NIS/YP users - you may need to rebuild the + NIS service maps rather than alter your local <filename> + /etc/services</filename> file. </para> + + <para>the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + <command>inetd</command> daemon). </para> + + <para>In <filename>/etc/inetd.conf</filename> you should + add a line like this: </para> + + <para><command>swat stream tcp nowait.400 root + /usr/local/samba/bin/swat swat</command></para> + + <para>One you have edited <filename>/etc/services</filename> + and <filename>/etc/inetd.conf</filename> you need to send a + HUP signal to inetd. To do this use <command>kill -1 PID + </command> where PID is the process ID of the inetd daemon. </para> + + </refsect2> + + + <refsect2> + <title>Launching</title> + + <para>To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/".</para> + + <para>Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. </para> + </refsect2> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/inetd.conf</filename></term> + <listitem><para>This file must contain suitable startup + information for the meta-daemon.</para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/etc/services</filename></term> + <listitem><para>This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp). </para></listitem> + </varlistentry> + + <varlistentry> + <term><filename>/usr/local/samba/lib/smb.conf</filename></term> + <listitem><para>This is the default location of the <filename>smb.conf(5) + </filename> server configuration file that swat edits. Other + common places that systems install this file are <filename> + /usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf + </filename>. This file describes all the services the server + is to make available to clients. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>WARNINGS</title> + + <para><command>swat</command> will rewrite your <filename>smb.conf + </filename> file. It will rearrange the entries and delete all + comments, <parameter>include=</parameter> and <parameter>copy=" + </parameter> options. If you have a carefully crafted <filename> + smb.conf</filename> then back it up or don't use swat! </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><command>inetd(5)</command>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml new file mode 100644 index 0000000000..320e39e6f5 --- /dev/null +++ b/docs/docbook/manpages/testparm.1.sgml @@ -0,0 +1,168 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="testparm"> + +<refmeta> + <refentrytitle>testparm</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>testparm</refname> + <refpurpose>check an smb.conf configuration file for + internal correctness</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>testparm</command> + <arg choice="opt">-s</arg> + <arg choice="opt">-h</arg> + <arg choice="opt">-L <servername></arg> + <arg choice="req">config filename</arg> + <arg choice="opt">hostname hostIP</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>testparm</command> is a very simple test program + to check an <command>smbd</command> configuration file for + internal correctness. If this program reports no problems, you + can use the configuration file with confidence that <command>smbd + </command> will successfully load the configuration file.</para> + + + <para>Note that this is <emphasis>NOT</emphasis> a guarantee that + the services specified in the configuration file will be + available or will operate as expected. </para> + + <para>If the optional host name and host IP address are + specified on the command line, this test program will run through + the service entries reporting whether the specified host + has access to each service. </para> + + <para>If <command>testparm</command> finds an error in the <filename> + smb.conf</filename> file it returns an exit code of 1 to the calling + program, else it returns an exit code of 0. This allows shell scripts + to test the output from <command>testparm</command>.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-s</term> + <listitem><para>Without this option, <command>testparm</command> + will prompt for a carriage return after printing the service + names and before dumping the service definitions.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-h</term> + <listitem><para>Print usage message </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-L servername</term> + <listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>. + This is useful for testing include files specified with the + %L macro. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>configfilename</term> + <listitem><para>This is the name of the configuration file + to check. If this parameter is not present then the + default <filename>smb.conf</filename> file will be checked. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>hostname</term> + <listitem><para>If this parameter and the following are + specified, then <command>testparm</command> will examine the <parameter>hosts + allow</parameter> and <parameter>hosts deny</parameter> + parameters in the <filename>smb.conf</filename> file to + determine if the hostname with this IP address would be + allowed access to the <command>smbd</command> server. If + this parameter is supplied, the hostIP parameter must also + be supplied.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>hostIP</term> + <listitem><para>This is the IP address of the host specified + in the previous parameter. This address must be supplied + if the hostname parameter is supplied. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>smb.conf</filename></term> + <listitem><para>This is usually the name of the configuration + file used by <command>smbd</command>. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>The program will issue a message saying whether the + configuration file loaded OK or not. This message may be preceded by + errors and warnings if the file did not load. If the file was + loaded OK, the program then dumps all known service details + to stdout. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> + diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.sgml new file mode 100644 index 0000000000..cd99494a9a --- /dev/null +++ b/docs/docbook/manpages/testprns.1.sgml @@ -0,0 +1,143 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="testprns"> + +<refmeta> + <refentrytitle>testprns</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>testprns</refname> + <refpurpose>check printer name for validity with smbd</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>testprns</command> + <arg choice="req">printername</arg> + <arg choice="opt">printcapname</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>testprns</command> is a very simple test program + to determine whether a given printer name is valid for use in + a service to be provided by <ulink url="smbd.8.html"><command> + smbd(8)</command></ulink>. </para> + + <para>"Valid" in this context means "can be found in the + printcap specified". This program is very stupid - so stupid in + fact that it would be wisest to always specify the printcap file + to use. </para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>printername</term> + <listitem><para>The printer name to validate.</para> + + <para>Printer names are taken from the first field in each + record in the printcap file, single printer names and sets + of aliases separated by vertical bars ("|") are recognized. + Note that no validation or checking of the printcap syntax is + done beyond that required to extract the printer name. It may + be that the print spooling system is more forgiving or less + forgiving than <command>testprns</command>. However, if + <command>testprns</command> finds the printer then + <command>smbd</command> should do so as well. </para></listitem> + </varlistentry> + + <varlistentry> + <term>printcapname</term> + <listitem><para>This is the name of the printcap file within + which to search for the given printer name. </para> + + <para>If no printcap name is specified <command>testprns + </command> will attempt to scan the printcap file name + specified at compile time. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/printcap</filename></term> + <listitem><para>This is usually the default printcap + file to scan. See <filename>printcap (5)</filename>. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>DIAGNOSTICS</title> + + <para>If a printer is found to be valid, the message + "Printer name <printername> is valid" will be + displayed. </para> + + <para>If a printer is found to be invalid, the message + "Printer name <printername> is not valid" will be + displayed. </para> + + <para>All messages that would normally be logged during + operation of the Samba daemons are logged by this program to the + file <filename>test.log</filename> in the current directory. The + program runs at debuglevel 3, so quite extensive logging + information is written. The log should be checked carefully + for errors and warnings. </para> + + <para>Other messages are self-explanatory. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><filename>printcap(5)</filename>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> +</refsect1> + +</refentry> + diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml new file mode 100644 index 0000000000..7f2c4624a9 --- /dev/null +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -0,0 +1,201 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="wbinfo"> + +<refmeta> + <refentrytitle>wbinfo</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>wbinfo</refname> + <refpurpose>Query information from winbind daemon</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>wbinfo</command> + <arg choice="opt">-u</arg> + <arg choice="opt">-g</arg> + <arg choice="opt">-n name</arg> + <arg choice="opt">-s sid</arg> + <arg choice="opt">-U uid</arg> + <arg choice="opt">-G gid</arg> + <arg choice="opt">-S sid</arg> + <arg choice="opt">-Y sid</arg> + <arg choice="opt">-t</arg> + <arg choice="opt">-m</arg> + <arg choice="opt">-a user%password</arg> + <arg choice="opt">-p</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para>The <command>wbinfo</command> program queries and returns information + created and used by the <ulink url="winbindd.8.html"><command> + winbindd(8)</command></ulink> daemon. </para> + + <para>The <command>winbindd(8)</command> daemon must be configured + and running for the <command>wbinfo</command> program to be able + to return information.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-u</term> + <listitem><para>This option will list all users available + in the Windows NT domain for which the <command>winbindd(8) + </command> daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign + user ids to any users that have not already been seen by + <command>winbindd(8)</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-g</term> + <listitem><para>This option will list all groups available + in the Windows NT domain for which the <command>winbindd(8) + </command> daemon is operating in. Groups in all trusted domains + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been seen by + <command>winbindd(8)</command>. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-n name</term> + <listitem><para>The <parameter>-n</parameter> option + queries <command>winbindd(8)</command> for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. + For example CWDOM1/Administrator refers to the Administrator + user in the domain CWDOM1. If no domain is specified then the + domain used is the one specified in the <filename>smb.conf</filename> + <parameter>workgroup</parameter> parameter. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-s sid</term> + <listitem><para>Use <parameter>-s</parameter> to resolve + a SID to a name. This is the inverse of the <parameter>-n + </parameter> option above. SIDs must be specified as ASCII strings + in the traditional Microsoft format. For example, + S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-U uid</term> + <listitem><para>Try to convert a UNIX user id to a Windows NT + SID. If the uid specified does not refer to one within + the winbind uid range then the operation will fail. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-G gid</term> + <listitem><para>Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within + the winbind gid range then the operation will fail. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-S sid</term> + <listitem><para>Convert a SID to a UNIX user id. If the SID + does not correspond to a UNIX user mapped by <command> + winbindd(8)</command> then the operation will fail. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-Y sid</term> + <listitem><para>Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by <command> + winbindd(8)</command> then the operation will fail. </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-t</term> + <listitem><para>Verify that the workstation trust account + created when the Samba server is added to the Windows NT + domain is working. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-m</term> + <listitem><para>Produce a list of domains trusted by the + Windows NT server <command>winbindd(8)</command> contacts + when resolving names. This list does not include the Windows + NT domain the server is a Primary Domain Controller for. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-a username%password</term> + <listitem><para>Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-p</term> + <listitem><para>Attempt a simple 'ping' check that the winbindd + is indeed alive. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>EXIT STATUS</title> + + <para>The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the <command>winbindd(8) + </command> daemon is not working <command>wbinfo</command> will always return + failure. </para> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + <para><ulink url="winbindd.8.html"><command>winbindd(8)</command> + </ulink></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>wbinfo</command> and <command>winbindd</command> + were written by Tim Potter.</para> + + <para>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml new file mode 100644 index 0000000000..bd1dafa07e --- /dev/null +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -0,0 +1,514 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="winbindd"> + +<refmeta> + <refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum> +</refmeta> + + +<refnamediv> + <refname>winbindd</refname> + <refpurpose>Name Service Switch daemon for resolving names + from NT servers</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>winbindd</command> + <arg choice="opt">-i</arg> + <arg choice="opt">-d <debug level></arg> + <arg choice="opt">-s <smb config file></arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This program is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + + <para><command>winbindd</command> is a daemon that provides + a service for the Name Service Switch capability that is present + in most modern C libraries. The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the <filename>/etc/nsswitch.conf</filename> file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system.</para> + + <para>The service provided by <command>winbindd</command> is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module. </para> + + <para> + The <filename>pam_winbind</filename> module in the 2.2.2 release only + supports the <parameter>auth</parameter> and <parameter>account</parameter> + module-types. The latter is simply + performs a getpwnam() to verify that the system can obtain a uid for the + user. If the <filename>libnss_winbind</filename> library has been correctly + installed, this should always suceed. + </para> + + <para>The following nsswitch databases are implemented by + the winbindd service: </para> + + <variablelist> + <varlistentry> + <term>passwd</term> + <listitem><para>User information traditionally stored in + the <filename>passwd(5)</filename> file and used by + <command>getpwent(3)</command> functions. </para></listitem> + </varlistentry> + + <varlistentry> + <term>group</term> + <listitem><para>Group information traditionally stored in + the <filename>group(5)</filename> file and used by + <command>getgrent(3)</command> functions. </para></listitem> + </varlistentry> + </variablelist> + + <para>For example, the following simple configuration in the + <filename>/etc/nsswitch.conf</filename> file can be used to initially + resolve user and group information from <filename>/etc/passwd + </filename> and <filename>/etc/group</filename> and then from the + Windows NT server. </para> + + <para><programlisting> +passwd: files winbind +group: files winbind + </programlisting></para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-d debuglevel</term> + <listitem><para>Sets the debuglevel to an integer between + 0 and 100. 0 is for no debugging and 100 is for reams and + reams. To submit a bug report to the Samba Team, use debug + level 100 (see BUGS.txt). </para></listitem> + </varlistentry> + + <varlistentry> + <term>-i</term> + <listitem><para>Tells <command>winbindd</command> to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of <command>winbindd</command> is required. </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>NAME AND ID RESOLUTION</title> + + <para>Users and groups on a Windows NT server are assigned + a relative id (rid) which is unique for the domain when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between rids and unix user + and group ids is required. This is one of the jobs that <command> + winbindd</command> performs. </para> + + <para>As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database file under the Samba lock directory and will be + remembered. </para> + + <para>WARNING: The rid to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + file is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids. </para> +</refsect1> + + +<refsect1> + <title>CONFIGURATION</title> + + <para>Configuration of the <command>winbindd</command> daemon + is done through configuration parameters in the <filename>smb.conf(5) + </filename> file. All parameters should be specified in the + [global] section of smb.conf. </para> + + <variablelist> + <varlistentry> + <term>winbind separator</term> + <listitem><para>The winbind separator option allows you + to specify how NT domain names and user names are combined + into unix user names when presented to users. By default, + <command>winbindd</command> will use the traditional '\' + separator so that the unix user names look like + DOMAIN\username. In some cases this separator character may + cause problems as the '\' character has special meaning in + unix shells. In that case you can use the winbind separator + option to specify an alternative separator character. Good + alternatives may be '/' (although that conflicts + with the unix directory separator) or a '+ 'character. + The '+' character appears to be the best choice for 100% + compatibility with existing unix utilities, but may be an + aesthetically bad choice depending on your taste. </para> + + <para>Default: <command>winbind separator = \ </command> + </para> + <para>Example: <command>winbind separator = + </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>winbind uid</term> + <listitem><para>The winbind uid parameter specifies the + range of user ids that are allocated by the winbindd daemon. + This range of ids should have no existing local or NIS users + within it as strange conflicts can occur otherwise. </para> + + <para>Default: <command>winbind uid = <empty string> + </command></para> + <para>Example: <command>winbind uid = 10000-20000</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term>winbind gid</term> + <listitem><para>The winbind gid parameter specifies the + range of group ids that are allocated by the winbindd daemon. + This range of group ids should have no existing local or NIS + groups within it as strange conflicts can occur otherwise.</para> + + <para>Default: <command>winbind gid = <empty string> + </command></para> + <para>Example: <command>winbind gid = 10000-20000 + </command> </para></listitem> + </varlistentry> + + + <varlistentry> + <term>winbind cache time</term> + <listitem><para>This parameter specifies the number of + seconds the winbindd daemon will cache user and group information + before querying a Windows NT server again. When a item in the + cache is older than this time winbindd will ask the domain + controller for the sequence number of the server's account database. + If the sequence number has not changed then the cached item is + marked as valid for a further <parameter>winbind cache time + </parameter> seconds. Otherwise the item is fetched from the + server. This means that as long as the account database is not + actively changing winbindd will only have to send one sequence + number query packet every <parameter>winbind cache time + </parameter> seconds. </para> + + <para>Default: <command>winbind cache time = 15</command> + </para></listitem> + </varlistentry> + + <varlistentry> + <term>winbind enum users</term> + <listitem><para>On large installations it may be necessary + to suppress the enumeration of users through the <command> + setpwent()</command>, <command>getpwent()</command> and + <command>endpwent()</command> group of system calls. If + the <parameter>winbind enum users</parameter> parameter is false, + calls to the <command>getpwent</command> system call will not + return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off user enumeration + may cause some programs to behave oddly. For example, the <command>finger</command> + program relies on having access to the full user list when + searching for matching usernames. </para> + + <para>Default: <command>winbind enum users = yes </command></para> + </listitem> + </varlistentry> + + <varlistentry> + <term>winbind enum groups</term> + <listitem><para>On large installations it may be necessary + to suppress the enumeration of groups through the <command> + setgrent()</command>, <command>getgrent()</command> and + <command>endgrent()</command> group of system calls. If + the <parameter>winbind enum groups</parameter> parameter is + false, calls to the <command>getgrent()</command> system + call will not return any data. </para> + + <para><emphasis>Warning:</emphasis> Turning off group + enumeration may cause some programs to behave oddly. + </para> + + <para>Default: <command>winbind enum groups = no </command> + </para></listitem> + </varlistentry> + + + + <varlistentry> + <term>template homedir</term> + <listitem><para>When filling out the user information + for a Windows NT user, the <command>winbindd</command> daemon + uses this parameter to fill in the home directory for that user. + If the string <parameter>%D</parameter> is present it is + substituted with the user's Windows NT domain name. If the + string <parameter>%U</parameter> is present it is substituted + with the user's Windows NT user name. </para> + + <para>Default: <command>template homedir = /home/%D/%U </command> + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>template shell</term> + <listitem><para>When filling out the user information for + a Windows NT user, the <command>winbindd</command> daemon + uses this parameter to fill in the shell for that user. + </para> + + <para>Default: <command>template shell = /bin/false </command> + </para></listitem> + </varlistentry> + + <varlistentry> + <term>winbind use default domain</term> + <listitem><para>This parameter specifies whether the <command>winbindd</command> + daemon should operate on users without domain component in their username. + Users without a domain component are treated as is part of the winbindd server's + own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail + function in a way much closer to the way they would in a native unix system.</para> + + <para>Default: <command>winbind use default domain = <falseg> + </command></para> + <para>Example: <command>winbind use default domain = true</command></para> + </listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>EXAMPLE SETUP</title> + + <para>To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on a RedHat 6.2 Linux box. </para> + + <para>In <filename>/etc/nsswitch.conf</filename> put the + following:</para> + + <para><programlisting> +passwd: files winbind +group: files winbind + </programlisting></para> + + <para>In <filename>/etc/pam.d/*</filename> replace the + <parameter>auth</parameter> lines with something like this: </para> + + + <para><programlisting> +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok + </programlisting></para> + + + <para>Note in particular the use of the <parameter>sufficient</parameter> + keyword and the <parameter>use_first_pass</parameter> keyword. </para> + + <para>Now replace the account lines with this: </para> + + <para><command>account required /lib/security/pam_winbind.so + </command></para> + + <para>The next step is to join the domain. To do that use the + <command>smbpasswd</command> program like this: </para> + + <para><command>smbpasswd -j DOMAIN -r PDC -U + Administrator</command></para> + + <para>The username after the <parameter>-U</parameter> can be any + Domain user that has administrator privileges on the machine. + Substitute your domain name for "DOMAIN" and the name of your PDC + for "PDC".</para> + + <para>Next copy <filename>libnss_winbind.so</filename> to + <filename>/lib</filename> and <filename>pam_winbind.so</filename> + to <filename>/lib/security</filename>. A symbolic link needs to be + made from <filename>/lib/libnss_winbind.so</filename> to + <filename>/lib/libnss_winbind.so.2</filename>. If you are using an + older version of glibc then the target of the link should be + <filename>/lib/libnss_winbind.so.1</filename>.</para> + + <para>Finally, setup a <filename>smb.conf</filename> containing directives like the + following: </para> + + <para><programlisting> +[global] + winbind separator = + + winbind cache time = 10 + template shell = /bin/bash + template homedir = /home/%D/%U + winbind uid = 10000-20000 + winbind gid = 10000-20000 + workgroup = DOMAIN + security = domain + password server = * + </programlisting></para> + + + <para>Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands <command>getent passwd</command> and <command>getent group + </command> to confirm the correct operation of winbindd.</para> +</refsect1> + + +<refsect1> + <title>NOTES</title> + + <para>The following notes are useful when configuring and + running <command>winbindd</command>: </para> + + <para><command>nmbd</command> must be running on the local machine + for <command>winbindd</command> to work. <command>winbindd</command> + queries the list of trusted domains for the Windows NT server + on startup and when a SIGHUP is received. Thus, for a running <command> + winbindd</command> to become aware of new trust relationships between + servers, it must be sent a SIGHUP signal. </para> + + <para>Client processes resolving names through the <command>winbindd</command> + nsswitch module read an environment variable named <envar> + $WINBINDD_DOMAIN</envar>. If this variable contains a comma separated + list of Windows NT domain names, then winbindd will only resolve users + and groups within those Windows NT domains. </para> + + <para>PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system. </para> + + <para>If more than one UNIX machine is running <command>winbindd</command>, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine.</para> + + <para>If the the Windows NT RID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost. </para> +</refsect1> + + +<refsect1> + <title>SIGNALS</title> + + <para>The following signals can be used to manipulate the + <command>winbindd</command> daemon. </para> + + <variablelist> + <varlistentry> + <term>SIGHUP</term> + <listitem><para>Reload the <filename>smb.conf(5)</filename> + file and apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded. </para></listitem> + </varlistentry> + + <varlistentry> + <term>SIGUSR1</term> + <listitem><para>The SIGUSR1 signal will cause <command> + winbindd</command> to write status information to the winbind + log file including information about the number of user and + group ids allocated by <command>winbindd</command>.</para> + + <para>Log files are stored in the filename specified by the + log file parameter.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>FILES</title> + + <variablelist> + <varlistentry> + <term><filename>/etc/nsswitch.conf(5)</filename></term> + <listitem><para>Name service switch configuration file.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>/tmp/.winbindd/pipe</term> + <listitem><para>The UNIX pipe over which clients communicate with + the <command>winbindd</command> program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the <filename>/tmp/.winbindd</filename> directory + and <filename>/tmp/.winbindd/pipe</filename> file are owned by + root. </para></listitem> + </varlistentry> + + <varlistentry> + <term>/lib/libnss_winbind.so.X</term> + <listitem><para>Implementation of name service switch library. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>$LOCKDIR/winbindd_idmap.tdb</term> + <listitem><para>Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the <parameter>--with-lockdir</parameter> option. + This directory is by default <filename>/usr/local/samba/var/locks + </filename>. </para></listitem> + </varlistentry> + + <varlistentry> + <term>$LOCKDIR/winbindd_cache.tdb</term> + <listitem><para>Storage for cached user and group information. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 2.2 of + the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + + <para><filename>nsswitch.conf(5)</filename>, + <ulink url="samba.7.html">samba(7)</ulink>, + <ulink url="wbinfo.1.html">wbinfo(1)</ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink></para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> + + <para><command>wbinfo</command> and <command>winbindd</command> + were written by Tim Potter.</para> + + <para>The conversion to DocBook for Samba 2.2 was done + by Gerald Carter</para> +</refsect1> + +</refentry> diff --git a/docs/docbook/projdoc/CVS-Access.sgml b/docs/docbook/projdoc/CVS-Access.sgml new file mode 100644 index 0000000000..98ef925f20 --- /dev/null +++ b/docs/docbook/projdoc/CVS-Access.sgml @@ -0,0 +1,157 @@ +<chapter id="cvs-access"> + + +<chapterinfo> + <author> + <affiliation> + <orgname>Samba Team</orgname> + </affiliation> + </author> + + + <pubdate> (22 May 2001) </pubdate> +</chapterinfo> + +<title>HOWTO Access Samba source code via CVS</title> + +<sect1> +<title>Introduction</title> + +<para> +Samba is developed in an open environment. Developers use CVS +(Concurrent Versioning System) to "checkin" (also known as +"commit") new source code. Samba's various CVS branches can +be accessed via anonymous CVS using the instructions +detailed in this chapter. +</para> + +<para> +This document is a modified version of the instructions found at +<ulink url="http://samba.org/samba/cvs.html">http://samba.org/samba/cvs.html</ulink> +</para> + +</sect1> + + +<sect1> +<title>CVS Access to samba.org</title> + +<para> +The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host. +</para> + +<sect2> +<title>Access via CVSweb</title> + +<para> +You can access the source code via your +favourite WWW browser. This allows you to access the contents of +individual files in the repository and also to look at the revision +history and commit logs of individual files. You can also ask for a diff +listing between any two versions on the repository. +</para> + +<para> +Use the URL : <ulink +url="http://samba.org/cgi-bin/cvsweb">http://samba.org/cgi-bin/cvsweb</ulink> +</para> +</sect2> + +<sect2> +<title>Access via cvs</title> + +<para> +You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser. +</para> + +<para> +To download the latest cvs source code, point your +browser at the URL : <ulink url="http://www.cyclic.com/">http://www.cyclic.com/</ulink>. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com. +</para> + +<para> +To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name +</para> + +<orderedlist> +<listitem> + <para> + Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. + </para> +</listitem> + + +<listitem> + <para> + Run the command + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot login</command> + </para> + + <para> + When it asks you for a password type <userinput>cvs</userinput>. + </para> +</listitem> + + +<listitem> + <para> + Run the command + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</command> + </para> + + <para> + This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. + </para> + + <para> + CVS branches other HEAD can be obtained by using the <parameter>-r</parameter> + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</command> + </para> +</listitem> + +<listitem> + <para> + Whenever you want to merge in the latest code changes use + the following command from within the samba directory: + </para> + + <para> + <command>cvs update -d -P</command> + </para> +</listitem> +</orderedlist> + +</sect2> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml new file mode 100644 index 0000000000..6d0b36eafc --- /dev/null +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -0,0 +1,224 @@ +<chapter id="domain-security"> + +<chapterinfo> + <author> + <firstname>Jeremy</firstname><surname>Allison</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>samba@samba.org</email> + </address> + </affiliation> + </author> + <author> + <firstname>Jerry</firstname><surname>Carter</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jerry@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate>16 Apr 2001</pubdate> +</chapterinfo> + + +<title>security = domain in Samba 2.x</title> + +<sect1> + + <title>Joining an NT Domain with Samba 2.2</title> + + <para>Assume you have a Samba 2.x server with a NetBIOS name of + <constant>SERV1</constant> and are joining an NT domain called + <constant>DOM</constant>, which has a PDC with a NetBIOS name + of <constant>DOMPDC</constant> and two backup domain controllers + with NetBIOS names <constant>DOMBDC1</constant> and <constant>DOMBDC2 + </constant>.</para> + + <para>In order to join the domain, first stop all Samba daemons + and run the command:</para> + + <para><prompt>root# </prompt><userinput>smbpasswd -j DOM -r DOMPDC + -U<replaceable>Administrator%password</replaceable></userinput></para> + + <para>as we are joining the domain DOM and the PDC for that domain + (the only machine that has write access to the domain SAM database) + is DOMPDC. The <replaceable>Administrator%password</replaceable> is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:</para> + + <para><computeroutput>smbpasswd: Joined domain DOM.</computeroutput> + </para> + + <para>in your terminal window. See the <ulink url="smbpasswd.8.html"> + smbpasswd(8)</ulink> man page for more details.</para> + + <para>There is existing development code to join a domain + without having to create the machine trust account on the PDC + beforehand. This code will hopefully be available soon + in release branches as well.</para> + + <para>This command goes through the machine account password + change protocol, then writes the new (random) machine account + password for this Samba server into a file in the same directory + in which an smbpasswd file would be stored - normally :</para> + + <para><filename>/usr/local/samba/private</filename></para> + + <para>In Samba 2.0.x, the filename looks like this:</para> + + <para><filename><replaceable><NT DOMAIN NAME></replaceable>.<replaceable><Samba + Server Name></replaceable>.mac</filename></para> + + <para>The <filename>.mac</filename> suffix stands for machine account + password file. So in our example above, the file would be called:</para> + + <para><filename>DOM.SERV1.mac</filename></para> + + <para>In Samba 2.2, this file has been replaced with a TDB + (Trivial Database) file named <filename>secrets.tdb</filename>. + </para> + + + <para>This file is created and owned by root and is not + readable by any other user. It is the key to the domain-level + security for your system, and should be treated as carefully + as a shadow password file.</para> + + <para>Now, before restarting the Samba daemons you must + edit your <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink> file to tell Samba it should now use domain security.</para> + + <para>Change (or add) your <ulink url="smb.conf.5.html#SECURITY"> + <parameter>security =</parameter></ulink> line in the [global] section + of your smb.conf to read:</para> + + <para><command>security = domain</command></para> + + <para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter> + workgroup =</parameter></ulink> line in the [global] section to read: </para> + + <para><command>workgroup = DOM</command></para> + + <para>as this is the name of the domain we are joining. </para> + + <para>You must also have the parameter <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS"> + <parameter>encrypt passwords</parameter></ulink> set to <constant>yes + </constant> in order for your users to authenticate to the NT PDC.</para> + + <para>Finally, add (or modify) a <ulink url="smb.conf.5.html#PASSWORDSERVER"> + <parameter>password server =</parameter></ulink> line in the [global] + section to read: </para> + + <para><command>password server = DOMPDC DOMBDC1 DOMBDC2</command></para> + + <para>These are the primary and backup domain controllers Samba + will attempt to contact in order to authenticate users. Samba will + try to contact each of these servers in order, so you may want to + rearrange this list in order to spread out the authentication load + among domain controllers.</para> + + <para>Alternatively, if you want smbd to automatically determine + the list of Domain controllers to use for authentication, you may + set this line to be :</para> + + <para><command>password server = *</command></para> + + <para>This method, which was introduced in Samba 2.0.6, + allows Samba to use exactly the same mechanism that NT does. This + method either broadcasts or uses a WINS database in order to + find domain controllers to authenticate against.</para> + + <para>Finally, restart your Samba daemons and get ready for + clients to begin using domain security!</para> +</sect1> + +<sect1> +<title>Samba and Windows 2000 Domains</title> + +<para> +Many people have asked regarding the state of Samba's ability to participate in +a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows +2000 domain operating in mixed or native mode. +</para> + +<para> +There is much confusion between the circumstances that require a "mixed" mode +Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode +Win2k domain controller is only needed if Windows NT BDCs must exist in the same +domain. By default, a Win2k DC in "native" mode will still support +NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and +NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server. +</para> + +<para> +The steps for adding a Samba 2.2 host to a Win2k domain are the same as those +for adding a Samba server to a Windows NT 4.0 domain. The only exception is that +the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and +Computers" MMC (Microsoft Management Console) plugin. +</para> + +</sect1> + + +<sect1> + <title>Why is this better than security = server?</title> + + <para>Currently, domain security in Samba doesn't free you from + having to create local Unix users to represent the users attaching + to your server. This means that if domain user <constant>DOM\fred + </constant> attaches to your domain security Samba server, there needs + to be a local Unix user fred to represent that user in the Unix + filesystem. This is very similar to the older Samba security mode + <ulink url="smb.conf.5.html#SECURITYEQUALSSERVER">security = server</ulink>, + where Samba would pass through the authentication request to a Windows + NT server in the same way as a Windows 95 or Windows 98 server would. + </para> + + <para>Please refer to the <ulink url="winbind.html">Winbind + paper</ulink> for information on a system to automatically + assign UNIX uids and gids to Windows NT Domain users and groups. + This code is available in development branches only at the moment, + but will be moved to release branches soon.</para> + + <para>The advantage to domain-level security is that the + authentication in domain-level security is passed down the authenticated + RPC channel in exactly the same way that an NT server would do it. This + means Samba servers now participate in domain trust relationships in + exactly the same way NT servers do (i.e., you can add Samba servers into + a resource domain and have the authentication passed on from a resource + domain PDC to an account domain PDC.</para> + + <para>In addition, with <command>security = server</command> every Samba + daemon on a server has to keep a connection open to the + authenticating server for as long as that daemon lasts. This can drain + the connection resources on a Microsoft NT server and cause it to run + out of available connections. With <command>security = domain</command>, + however, the Samba daemons connect to the PDC/BDC only for as long + as is necessary to authenticate the user, and then drop the connection, + thus conserving PDC connection resources.</para> + + <para>And finally, acting in the same manner as an NT server + authenticating to a PDC means that as part of the authentication + reply, the Samba server gets the user identification information such + as the user SID, the list of NT groups the user belongs to, etc. All + this information will allow Samba to be extended in the future into + a mode the developers currently call appliance mode. In this mode, + no local Unix users will be necessary, and Samba will generate Unix + uids and gids from the information passed back from the PDC when a + user is authenticated, making a Samba server truly plug and play + in an NT domain environment. Watch for this code soon.</para> + + <para><emphasis>NOTE:</emphasis> Much of the text of this document + was first published in the Web magazine <ulink url="http://www.linuxworld.com"> + LinuxWorld</ulink> as the article <ulink + url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html">Doing + the NIS/NT Samba</ulink>.</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml new file mode 100644 index 0000000000..6a26dbeffa --- /dev/null +++ b/docs/docbook/projdoc/ENCRYPTION.sgml @@ -0,0 +1,378 @@ +<chapter id="pwencrypt"> + + +<chapterinfo> + <author> + <firstname>Jeremy</firstname><surname>Allison</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>samba@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate>19 Apr 1999</pubdate> +</chapterinfo> + +<title>LanMan and NT Password Encryption in Samba 2.x</title> + + +<sect1> + <title>Introduction</title> + + <para>With the development of LanManager and Windows NT + compatible password encryption for Samba, it is now able + to validate user connections in exactly the same way as + a LanManager or Windows NT server.</para> + + <para>This document describes how the SMB password encryption + algorithm works and what issues there are in choosing whether + you want to use it. You should read it carefully, especially + the part about security and the "PROS and CONS" section.</para> + +</sect1> + +<sect1> + <title>How does it work?</title> + + <para>LanManager encryption is somewhat similar to UNIX + password encryption. The server uses a file containing a + hashed value of a user's password. This is created by taking + the user's plaintext password, capitalising it, and either + truncating to 14 bytes or padding to 14 bytes with null bytes. + This 14 byte value is used as two 56 bit DES keys to encrypt + a 'magic' eight byte value, forming a 16 byte value which is + stored by the server and client. Let this value be known as + the "hashed password".</para> + + <para>Windows NT encryption is a higher quality mechanism, + consisting of doing an MD4 hash on a Unicode version of the user's + password. This also produces a 16 byte hash value that is + non-reversible.</para> + + <para>When a client (LanManager, Windows for WorkGroups, Windows + 95 or Windows NT) wishes to mount a Samba drive (or use a Samba + resource), it first requests a connection and negotiates the + protocol that the client and server will use. In the reply to this + request the Samba server generates and appends an 8 byte, random + value - this is stored in the Samba server after the reply is sent + and is known as the "challenge". The challenge is different for + every client connection.</para> + + <para>The client then uses the hashed password (16 byte values + described above), appended with 5 null bytes, as three 56 bit + DES keys, each of which is used to encrypt the challenge 8 byte + value, forming a 24 byte value known as the "response".</para> + + <para>In the SMB call SMBsessionsetupX (when user level security + is selected) or the call SMBtconX (when share level security is + selected), the 24 byte response is returned by the client to the + Samba server. For Windows NT protocol levels the above calculation + is done on both hashes of the user's password and both responses are + returned in the SMB call, giving two 24 byte values.</para> + + <para>The Samba server then reproduces the above calculation, using + its own stored value of the 16 byte hashed password (read from the + <filename>smbpasswd</filename> file - described later) and the challenge + value that it kept from the negotiate protocol reply. It then checks + to see if the 24 byte value it calculates matches the 24 byte value + returned to it from the client.</para> + + <para>If these values match exactly, then the client knew the + correct password (or the 16 byte hashed value - see security note + below) and is thus allowed access. If not, then the client did not + know the correct password and is denied access.</para> + + <para>Note that the Samba server never knows or stores the cleartext + of the user's password - just the 16 byte hashed values derived from + it. Also note that the cleartext password or 16 byte hashed values + are never transmitted over the network - thus increasing security.</para> +</sect1> + +<sect1> + <title>Important Notes About Security</title> + + <para>The unix and SMB password encryption techniques seem similar + on the surface. This similarity is, however, only skin deep. The unix + scheme typically sends clear text passwords over the network when + logging in. This is bad. The SMB encryption scheme never sends the + cleartext password over the network but it does store the 16 byte + hashed values on disk. This is also bad. Why? Because the 16 byte hashed + values are a "password equivalent". You cannot derive the user's + password from them, but they could potentially be used in a modified + client to gain access to a server. This would require considerable + technical knowledge on behalf of the attacker but is perfectly possible. + You should thus treat the smbpasswd file as though it contained the + cleartext passwords of all your users. Its contents must be kept + secret, and the file should be protected accordingly.</para> + + <para>Ideally we would like a password scheme which neither requires + plain text passwords on the net or on disk. Unfortunately this + is not available as Samba is stuck with being compatible with + other SMB systems (WinNT, WfWg, Win95 etc). </para> + + <warning> + <para>Note that Windows NT 4.0 Service pack 3 changed the + default for permissible authentication so that plaintext + passwords are <emphasis>never</emphasis> sent over the wire. + The solution to this is either to switch to encrypted passwords + with Samba or edit the Windows NT registry to re-enable plaintext + passwords. See the document WinNT.txt for details on how to do + this.</para> + + <para>Other Microsoft operating systems which also exhibit + this behavior includes</para> + + <itemizedlist> + <listitem><para>MS DOS Network client 3.0 with + the basic network redirector installed</para></listitem> + + <listitem><para>Windows 95 with the network redirector + update installed</para></listitem> + + <listitem><para>Windows 98 [se]</para></listitem> + + <listitem><para>Windows 2000</para></listitem> + </itemizedlist> + + <para><emphasis>Note :</emphasis>All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication.</para> + </warning> + + <sect2> + <title>Advantages of SMB Encryption</title> + + <itemizedlist> + <listitem><para>plain text passwords are not passed across + the network. Someone using a network sniffer cannot just + record passwords going to the SMB server.</para> + </listitem> + + <listitem><para>WinNT doesn't like talking to a server + that isn't using SMB encrypted passwords. It will refuse + to browse the server if the server is also in user level + security mode. It will insist on prompting the user for the + password on each connection, which is very annoying. The + only things you can do to stop this is to use SMB encryption. + </para></listitem> + </itemizedlist> + </sect2> + + + <sect2> + <title>Advantages of non-encrypted passwords</title> + + <itemizedlist> + <listitem><para>plain text passwords are not kept + on disk. </para></listitem> + + <listitem><para>uses same password file as other unix + services such as login and ftp</para></listitem> + + <listitem><para>you are probably already using other + services (such as telnet and ftp) which send plain text + passwords over the net, so sending them for SMB isn't + such a big deal.</para></listitem> + </itemizedlist> + </sect2> +</sect1> + + +<sect1> + <title><anchor id="SMBPASSWDFILEFORMAT">The smbpasswd file</title> + + <para>In order for Samba to participate in the above protocol + it must be able to look up the 16 byte hashed values given a user name. + Unfortunately, as the UNIX password value is also a one way hash + function (ie. it is impossible to retrieve the cleartext of the user's + password given the UNIX hash of it), a separate password file + containing this 16 byte value must be kept. To minimise problems with + these two password files, getting out of sync, the UNIX <filename> + /etc/passwd</filename> and the <filename>smbpasswd</filename> file, + a utility, <command>mksmbpasswd.sh</command>, is provided to generate + a smbpasswd file from a UNIX <filename>/etc/passwd</filename> file. + </para + + + <para>To generate the smbpasswd file from your <filename>/etc/passwd + </filename> file use the following command :</para> + + <para><prompt>$ </prompt><userinput>cat /etc/passwd | mksmbpasswd.sh + > /usr/local/samba/private/smbpasswd</userinput></para> + + <para>If you are running on a system that uses NIS, use</para> + + <para><prompt>$ </prompt><userinput>ypcat passwd | mksmbpasswd.sh + > /usr/local/samba/private/smbpasswd</userinput></para> + + <para>The <command>mksmbpasswd.sh</command> program is found in + the Samba source directory. By default, the smbpasswd file is + stored in :</para> + + <para><filename>/usr/local/samba/private/smbpasswd</filename></para> + + <para>The owner of the <filename>/usr/local/samba/private/</filename> + directory should be set to root, and the permissions on it should + be set to 0500 (<command>chmod 500 /usr/local/samba/private</command>). + </para> + + <para>Likewise, the smbpasswd file inside the private directory should + be owned by root and the permissions on is should be set to 0600 + (<command>chmod 600 smbpasswd</command>).</para> + + + <para>The format of the smbpasswd file is (The line has been + wrapped here. It should appear as one entry per line in + your smbpasswd file.)</para> + + <para><programlisting> +username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: + [Account type]:LCT-<last-change-time>:Long name + </programlisting></para> + + <para>Although only the <replaceable>username</replaceable>, + <replaceable>uid</replaceable>, <replaceable> + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</replaceable>, + [<replaceable>Account type</replaceable>] and <replaceable> + last-change-time</replaceable> sections are significant + and are looked at in the Samba code.</para> + + <para>It is <emphasis>VITALLY</emphasis> important that there by 32 + 'X' characters between the two ':' characters in the XXX sections - + the smbpasswd and Samba code will fail to validate any entries that + do not have 32 characters between ':' characters. The first XXX + section is for the Lanman password hash, the second is for the + Windows NT version.</para> + + <para>When the password file is created all users have password entries + consisting of 32 'X' characters. By default this disallows any access + as this user. When a user has a password set, the 'X' characters change + to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii + representation of the 16 byte hashed value of a user's password.</para> + + <para>To set a user to have no password (not recommended), edit the file + using vi, and replace the first 11 characters with the ascii text + <constant>"NO PASSWORD"</constant> (minus the quotes).</para> + + <para>For example, to clear the password for user bob, his smbpasswd file + entry would look like :</para> + + <para><programlisting> + bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell + </programlisting></para> + + <para>If you are allowing users to use the smbpasswd command to set + their own passwords, you may want to give users NO PASSWORD initially + so they do not have to enter a previous password when changing to their + new password (not recommended). In order for you to allow this the + <command>smbpasswd</command> program must be able to connect to the + <command>smbd</command> daemon as that user with no password. Enable this + by adding the line :</para> + + <para><command>null passwords = yes</command></para> + + <para>to the [global] section of the smb.conf file (this is why + the above scenario is not recommended). Preferably, allocate your + users a default password to begin with, so you do not have + to enable this on your server.</para> + + <para><emphasis>Note : </emphasis>This file should be protected very + carefully. Anyone with access to this file can (with enough knowledge of + the protocols) gain access to your SMB server. The file is thus more + sensitive than a normal unix <filename>/etc/passwd</filename> file.</para> +</sect1> + + +<sect1> + <title>The smbpasswd Command</title> + + <para>The smbpasswd command maintains the two 32 byte password fields + in the smbpasswd file. If you wish to make it similar to the unix + <command>passwd</command> or <command>yppasswd</command> programs, + install it in <filename>/usr/local/samba/bin/</filename> (or your + main Samba binary directory).</para> + + <para>Note that as of Samba 1.9.18p4 this program <emphasis>MUST NOT + BE INSTALLED</emphasis> setuid root (the new <command>smbpasswd</command> + code enforces this restriction so it cannot be run this way by + accident).</para> + + <para><command>smbpasswd</command> now works in a client-server mode + where it contacts the local smbd to change the user's password on its + behalf. This has enormous benefits - as follows.</para> + + <itemizedlist> + <listitem><para>smbpasswd no longer has to be setuid root - + an enormous range of potential security problems is + eliminated.</para></listitem> + + <listitem><para><command>smbpasswd</command> now has the capability + to change passwords on Windows NT servers (this only works when + the request is sent to the NT Primary Domain Controller if you + are changing an NT Domain user's password).</para></listitem> + </itemizedlist> + + <para>To run smbpasswd as a normal user just type :</para> + + <para><prompt>$ </prompt><userinput>smbpasswd</userinput></para> + <para><prompt>Old SMB password: </prompt><userinput><type old value here - + or hit return if there was no old password></userinput></para> + <para><prompt>New SMB Password: </prompt><userinput><type new value> + </userinput></para> + <para><prompt>Repeat New SMB Password: </prompt><userinput><re-type new value + </userinput></para> + + <para>If the old value does not match the current value stored for + that user, or the two new values do not match each other, then the + password will not be changed.</para> + + <para>If invoked by an ordinary user it will only allow the user + to change his or her own Samba password.</para> + + <para>If run by the root user smbpasswd may take an optional + argument, specifying the user name whose SMB password you wish to + change. Note that when run as root smbpasswd does not prompt for + or check the old password value, thus allowing root to set passwords + for users who have forgotten their passwords.</para> + + <para><command>smbpasswd</command> is designed to work in the same way + and be familiar to UNIX users who use the <command>passwd</command> or + <command>yppasswd</command> commands.</para> + + <para>For more details on using <command>smbpasswd</command> refer + to the man page which will always be the definitive reference.</para> +</sect1> + + +<sect1> + <title>Setting up Samba to support LanManager Encryption</title> + + <para>This is a very brief description on how to setup samba to + support password encryption. </para> + + <orderedlist numeration="Arabic"> + <listitem><para>compile and install samba as usual</para> + </listitem> + + <listitem><para>enable encrypted passwords in <filename> + smb.conf</filename> by adding the line <command>encrypt + passwords = yes</command> in the [global] section</para> + </listitem> + + <listitem><para>create the initial <filename>smbpasswd</filename> + password file in the place you specified in the Makefile + (--prefix=<dir>). See the notes under the <link + linkend="SMBPASSWDFILEFORMAT">The smbpasswd File</link> + section earlier in the document for details.</para> + </listitem> + </orderedlist> + + <para>Note that you can test things using smbclient.</para> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml new file mode 100644 index 0000000000..0b6abaf80f --- /dev/null +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -0,0 +1,935 @@ +<chapter id="integrate-ms-networks"> + + +<chapterinfo> + <author> + <firstname>John</firstname><surname>Terpstra</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jht@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate> (Jan 01 2001) </pubdate> +</chapterinfo> + +<title>Integrating MS Windows networks with Samba</title> + +<sect1> +<title>Agenda</title> + +<para> +To identify the key functional mechanisms of MS Windows networking +to enable the deployment of Samba as a means of extending and/or +replacing MS Windows NT/2000 technology. +</para> + +<para> +We will examine: +</para> + +<orderedlist> + <listitem><para>Name resolution in a pure Unix/Linux TCP/IP + environment + </para></listitem> + + <listitem><para>Name resolution as used within MS Windows + networking + </para></listitem> + + <listitem><para>How browsing functions and how to deploy stable + and dependable browsing using Samba + </para></listitem> + + <listitem><para>MS Windows security options and how to + configure Samba for seemless integration + </para></listitem> + + <listitem><para>Configuration of Samba as:</para> + <orderedlist> + <listitem><para>A stand-alone server</para></listitem> + <listitem><para>An MS Windows NT 3.x/4.0 security domain member + </para></listitem> + <listitem><para>An alternative to an MS Windows NT 3.x/4.0 Domain Controller + </para></listitem> + </orderedlist> + </listitem> +</orderedlist> + +</sect1> + + +<sect1> +<title>Name Resolution in a pure Unix/Linux world</title> + +<para> +The key configuration files covered in this section are: +</para> + +<itemizedlist> + <listitem><para><filename>/etc/hosts</filename></para></listitem> + <listitem><para><filename>/etc/resolv.conf</filename></para></listitem> + <listitem><para><filename>/etc/host.conf</filename></para></listitem> + <listitem><para><filename>/etc/nsswitch.conf</filename></para></listitem> +</itemizedlist> + +<sect2> +<title><filename>/etc/hosts</filename></title> + +<para> +Contains a static list of IP Addresses and names. +eg: +</para> +<para><programlisting> + 127.0.0.1 localhost localhost.localdomain + 192.168.1.1 bigbox.caldera.com bigbox alias4box +</programlisting></para> + +<para> +The purpose of <filename>/etc/hosts</filename> is to provide a +name resolution mechanism so that uses do not need to remember +IP addresses. +</para> + + +<para> +Network packets that are sent over the physical network transport +layer communicate not via IP addresses but rather using the Media +Access Control address, or MAC address. IP Addresses are currently +32 bits in length and are typically presented as four (4) decimal +numbers that are separated by a dot (or period). eg: 168.192.1.1 +</para> + +<para> +MAC Addresses use 48 bits (or 6 bytes) and are typically represented +as two digit hexadecimal numbers separated by colons. eg: +40:8e:0a:12:34:56 +</para> + +<para> +Every network interfrace must have an MAC address. Associated with +a MAC address there may be one or more IP addresses. There is NO +relationship between an IP address and a MAC address, all such assignments +are arbitary or discretionary in nature. At the most basic level all +network communications takes place using MAC addressing. Since MAC +addresses must be globally unique, and generally remains fixed for +any particular interface, the assignment of an IP address makes sense +from a network management perspective. More than one IP address can +be assigned per MAC address. One address must be the primary IP address, +this is the address that will be returned in the ARP reply. +</para> + +<para> +When a user or a process wants to communicate with another machine +the protocol implementation ensures that the "machine name" or "host +name" is resolved to an IP address in a manner that is controlled +by the TCP/IP configuration control files. The file +<filename>/etc/hosts</filename> is one such file. +</para> + +<para> +When the IP address of the destination interface has been +determined a protocol called ARP/RARP isused to identify +the MAC address of the target interface. ARP stands for Address +Resolution Protocol, and is a broadcast oriented method that +uses UDP (User Datagram Protocol) to send a request to all +interfaces on the local network segment using the all 1's MAC +address. Network interfaces are programmed to respond to two +MAC addresses only; their own unique address and the address +ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will +contain the MAC address and the primary IP address for each +interface. +</para> + +<para> +The <filename>/etc/hosts</filename> file is foundational to all +Unix/Linux TCP/IP installations and as a minumum will contain +the localhost and local network interface IP addresses and the +primary names by which they are known within the local machine. +This file helps to prime the pump so that a basic level of name +resolution can exist before any other method of name resolution +becomes available. +</para> + +</sect2> + + +<sect2> +<title><filename>/etc/resolv.conf</filename></title> + +<para> +This file tells the name resolution libraries: +</para> + +<itemizedlist> + <listitem><para>The name of the domain to which the machine + belongs + </para></listitem> + + <listitem><para>The name(s) of any domains that should be + automatically searched when trying to resolve unqualified + host names to their IP address + </para></listitem> + + <listitem><para>The name or IP address of available Domain + Name Servers that may be asked to perform name to address + translation lookups + </para></listitem> +</itemizedlist> + +</sect2> + + +<sect2> +<title><filename>/etc/host.conf</filename></title> + + +<para> +<filename>/etc/host.conf</filename> is the primary means by +which the setting in /etc/resolv.conf may be affected. It is a +critical configuration file. This file controls the order by +which name resolution may procede. The typical structure is: +</para> + +<para><programlisting> + order hosts,bind + multi on +</programlisting></para> + +<para> +then both addresses should be returned. Please refer to the +man page for host.conf for further details. +</para> + + +</sect2> + + + +<sect2> +<title><filename>/etc/nsswitch.conf</filename></title> + +<para> +This file controls the actual name resolution targets. The +file typically has resolver object specifications as follows: +</para> + + +<para><programlisting> + # /etc/nsswitch.conf + # + # Name Service Switch configuration file. + # + + passwd: compat + # Alternative entries for password authentication are: + # passwd: compat files nis ldap winbind + shadow: compat + group: compat + + hosts: files nis dns + # Alternative entries for host name resolution are: + # hosts: files dns nis nis+ hesoid db compat ldap wins + networks: nis files dns + + ethers: nis files + protocols: nis files + rpc: nis files + services: nis files +</programlisting></para> + +<para> +Of course, each of these mechanisms requires that the appropriate +facilities and/or services are correctly configured. +</para> + +<para> +It should be noted that unless a network request/message must be +sent, TCP/IP networks are silent. All TCP/IP communications assumes a +principal of speaking only when necessary. +</para> + +<para> +Samba version 2.2.0 will add Linux support for extensions to +the name service switch infrastructure so that linux clients will +be able to obtain resolution of MS Windows NetBIOS names to IP +Addresses. To gain this functionality Samba needs to be compiled +with appropriate arguments to the make command (ie: <command>make +nsswitch/libnss_wins.so</command>). The resulting library should +then be installed in the <filename>/lib</filename> directory and +the "wins" parameter needs to be added to the "hosts:" line in +the <filename>/etc/nsswitch.conf</filename> file. At this point it +will be possible to ping any MS Windows machine by it's NetBIOS +machine name, so long as that machine is within the workgroup to +which both the samba machine and the MS Windows machine belong. +</para> + +</sect2> +</sect1> + + +<sect1> +<title>Name resolution as used within MS Windows networking</title> + +<para> +MS Windows networking is predicated about the name each machine +is given. This name is known variously (and inconsistently) as +the "computer name", "machine name", "networking name", "netbios name", +"SMB name". All terms mean the same thing with the exception of +"netbios name" which can apply also to the name of the workgroup or the +domain name. The terms "workgroup" and "domain" are really just a +simply name with which the machine is associated. All NetBIOS names +are exactly 16 characters in length. The 16th character is reserved. +It is used to store a one byte value that indicates service level +information for the NetBIOS name that is registered. A NetBIOS machine +name is therefore registered for each service type that is provided by +the client/server. +</para> + +<para> +The following are typical NetBIOS name/service type registrations: +</para> + +<para><programlisting> + Unique NetBIOS Names: + MACHINENAME<00> = Server Service is running on MACHINENAME + MACHINENAME<03> = Generic Machine Name (NetBIOS name) + MACHINENAME<20> = LanMan Server service is running on MACHINENAME + WORKGROUP<1b> = Domain Master Browser + + Group Names: + WORKGROUP<03> = Generic Name registered by all members of WORKGROUP + WORKGROUP<1c> = Domain Controllers / Netlogon Servers + WORKGROUP<1d> = Local Master Browsers + WORKGROUP<1e> = Internet Name Resolvers +</programlisting></para> + +<para> +It should be noted that all NetBIOS machines register their own +names as per the above. This is in vast contrast to TCP/IP +installations where traditionally the system administrator will +determine in the /etc/hosts or in the DNS database what names +are associated with each IP address. +</para> + +<para> +One further point of clarification should be noted, the <filename>/etc/hosts</filename> +file and the DNS records do not provide the NetBIOS name type information +that MS Windows clients depend on to locate the type of service that may +be needed. An example of this is what happens when an MS Windows client +wants to locate a domain logon server. It find this service and the IP +address of a server that provides it by performing a lookup (via a +NetBIOS broadcast) for enumeration of all machines that have +registered the name type *<1c>. A logon request is then sent to each +IP address that is returned in the enumerated list of IP addresses. Which +ever machine first replies then ends up providing the logon services. +</para> + +<para> +The name "workgroup" or "domain" really can be confusing since these +have the added significance of indicating what is the security +architecture of the MS Windows network. The term "workgroup" indicates +that the primary nature of the network environment is that of a +peer-to-peer design. In a WORKGROUP all machines are responsible for +their own security, and generally such security is limited to use of +just a password (known as SHARE MORE security). In most situations +with peer-to-peer networking the users who control their own machines +will simply opt to have no security at all. It is possible to have +USER MODE security in a WORKGROUP environment, thus requiring use +of a user name and a matching password. +</para> + +<para> +MS Windows networking is thus predetermined to use machine names +for all local and remote machine message passing. The protocol used is +called Server Message Block (SMB) and this is implemented using +the NetBIOS protocol (Network Basic Input Output System). NetBIOS can +be encapsulated using LLC (Logical Link Control) protocol - in which case +the resulting protocol is called NetBEUI (Network Basic Extended User +Interface). NetBIOS can also be run over IPX (Internetworking Packet +Exchange) protocol as used by Novell NetWare, and it can be run +over TCP/IP protocols - in which case the resulting protocol is called +NBT or NetBT, the NetBIOS over TCP/IP. +</para> + +<para> +MS Windows machines use a complex array of name resolution mechanisms. +Since we are primarily concerned with TCP/IP this demonstration is +limited to this area. +</para> + +<sect2> +<title>The NetBIOS Name Cache</title> + +<para> +All MS Windows machines employ an in memory buffer in which is +stored the NetBIOS names and their IP addresses for all external +machines that that the local machine has communicated with over the +past 10-15 minutes. It is more efficient to obtain an IP address +for a machine from the local cache than it is to go through all the +configured name resolution mechanisms. +</para> + +<para> +If a machine whose name is in the local name cache has been shut +down before the name had been expired and flushed from the cache, then +an attempt to exchange a message with that machine will be subject +to time-out delays. ie: It's name is in the cache, so a name resolution +lookup will succeed, but the machine can not respond. This can be +frustrating for users - but it is a characteristic of the protocol. +</para> + +<para> +The MS Windows utility that allows examination of the NetBIOS +name cache is called "nbtstat". The Samba equivalent of this +is called "nmblookup". +</para> + +</sect2> + +<sect2> +<title>The LMHOSTS file</title> + +<para> +This file is usually located in MS Windows NT 4.0 or +2000 in <filename>C:\WINNT\SYSTEM32\DRIVERS\ETC</filename> and contains +the IP Address and the machine name in matched pairs. The +<filename>LMHOSTS</filename> file performs NetBIOS name +to IP address mapping oriented. +</para> + +<para> +It typically looks like: +</para> + +<para><programlisting> + # Copyright (c) 1998 Microsoft Corp. + # + # This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS + # over TCP/IP) stack for Windows98 + # + # This file contains the mappings of IP addresses to NT computernames + # (NetBIOS) names. Each entry should be kept on an individual line. + # The IP address should be placed in the first column followed by the + # corresponding computername. The address and the comptername + # should be separated by at least one space or tab. The "#" character + # is generally used to denote the start of a comment (see the exceptions + # below). + # + # This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts + # files and offers the following extensions: + # + # #PRE + # #DOM:<domain> + # #INCLUDE <filename> + # #BEGIN_ALTERNATE + # #END_ALTERNATE + # \0xnn (non-printing character support) + # + # Following any entry in the file with the characters "#PRE" will cause + # the entry to be preloaded into the name cache. By default, entries are + # not preloaded, but are parsed only after dynamic name resolution fails. + # + # Following an entry with the "#DOM:<domain>" tag will associate the + # entry with the domain specified by <domain>. This affects how the + # browser and logon services behave in TCP/IP environments. To preload + # the host name associated with #DOM entry, it is necessary to also add a + # #PRE to the line. The <domain> is always preloaded although it will not + # be shown when the name cache is viewed. + # + # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) + # software to seek the specified <filename> and parse it as if it were + # local. <filename> is generally a UNC-based name, allowing a + # centralized lmhosts file to be maintained on a server. + # It is ALWAYS necessary to provide a mapping for the IP address of the + # server prior to the #INCLUDE. This mapping must use the #PRE directive. + # In addtion the share "public" in the example below must be in the + # LanManServer list of "NullSessionShares" in order for client machines to + # be able to read the lmhosts file successfully. This key is under + # \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares + # in the registry. Simply add "public" to the list found there. + # + # The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE + # statements to be grouped together. Any single successful include + # will cause the group to succeed. + # + # Finally, non-printing characters can be embedded in mappings by + # first surrounding the NetBIOS name in quotations, then using the + # \0xnn notation to specify a hex value for a non-printing character. + # + # The following example illustrates all of these extensions: + # + # 102.54.94.97 rhino #PRE #DOM:networking #net group's DC + # 102.54.94.102 "appname \0x14" #special app server + # 102.54.94.123 popular #PRE #source server + # 102.54.94.117 localsrv #PRE #needed for the include + # + # #BEGIN_ALTERNATE + # #INCLUDE \\localsrv\public\lmhosts + # #INCLUDE \\rhino\public\lmhosts + # #END_ALTERNATE + # + # In the above example, the "appname" server contains a special + # character in its name, the "popular" and "localsrv" server names are + # preloaded, and the "rhino" server name is specified so it can be used + # to later #INCLUDE a centrally maintained lmhosts file if the "localsrv" + # system is unavailable. + # + # Note that the whole file is parsed including comments on each lookup, + # so keeping the number of comments to a minimum will improve performance. + # Therefore it is not advisable to simply add lmhosts file entries onto the + # end of this file. +</programlisting></para> + +</sect2> + +<sect2> +<title>HOSTS file</title> + +<para> +This file is usually located in MS Windows NT 4.0 or 2000 in +<filename>C:\WINNT\SYSTEM32\DRIVERS\ETC</filename> and contains +the IP Address and the IP hostname in matched pairs. It can be +used by the name resolution infrastructure in MS Windows, depending +on how the TCP/IP environment is configured. This file is in +every way the equivalent of the Unix/Linux <filename>/etc/hosts</filename> file. +</para> +</sect2> + + +<sect2> +<title>DNS Lookup</title> + +<para> +This capability is configured in the TCP/IP setup area in the network +configuration facility. If enabled an elaborate name resolution sequence +is followed the precise nature of which isdependant on what the NetBIOS +Node Type parameter is configured to. A Node Type of 0 means use +NetBIOS broadcast (over UDP broadcast) is first used if the name +that is the subject of a name lookup is not found in the NetBIOS name +cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to +Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the +WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast +lookup is used. +</para> + +</sect2> + +<sect2> +<title>WINS Lookup</title> + +<para> +A WINS (Windows Internet Name Server) service is the equivaent of the +rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores +the names and IP addresses that are registered by a Windows client +if the TCP/IP setup has been given at least one WINS Server IP Address. +</para> + +<para> +To configure Samba to be a WINS server the following parameter needs +to be added to the <filename>smb.conf</filename> file: +</para> + +<para><programlisting> + wins support = Yes +</programlisting></para> + +<para> +To configure Samba to use a WINS server the following parameters are +needed in the smb.conf file: +</para> + +<para><programlisting> + wins support = No + wins server = xxx.xxx.xxx.xxx +</programlisting></para> + +<para> +where <replaceable>xxx.xxx.xxx.xxx</replaceable> is the IP address +of the WINS server. +</para> + +</sect2> +</sect1> + + +<sect1> +<title>How browsing functions and how to deploy stable and +dependable browsing using Samba</title> + + +<para> +As stated above, MS Windows machines register their NetBIOS names +(ie: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc. +</para> + +<para> +In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter). +</para> + +<para> +Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks. +</para> + +<para> +During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser. +</para> + +<para> +Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses. +</para> + +<para> +Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services. +</para> + +<para> +Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, <filename>/etc/hosts</filename>, +and so on. +</para> + +</sect1> + +<sect1> +<title>MS Windows security options and how to configure +Samba for seemless integration</title> + +<para> +MS Windows clients may use encrypted passwords as part of a +challenege/response authentication model (a.k.a. NTLMv1) or +alone, or clear text strings for simple password based +authentication. It should be realized that with the SMB +protocol the password is passed over the network either +in plain text or encrypted, but not both in the same +authentication requets. +</para> + +<para> +When encrypted passwords are used a password that has been +entered by the user is encrypted in two ways: +</para> + +<itemizedlist> + <listitem><para>An MD4 hash of the UNICODE of the password + string. This is known as the NT hash. + </para></listitem> + + <listitem><para>The password is converted to upper case, + and then padded or trucated to 14 bytes. This string is + then appended with 5 bytes of NULL characters and split to + form two 56 bit DES keys to encrypt a "magic" 8 byte value. + The resulting 16 bytes for the LanMan hash. + </para></listitem> +</itemizedlist> + +<para> +You should refer to the <ulink url="ENCRYPTION.html"> +Password Encryption</ulink> chapter in this HOWTO collection +for more details on the inner workings +</para> + +<para> +MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x +and version 4.0 pre-service pack 3 will use either mode of +password authentication. All versions of MS Windows that follow +these versions no longer support plain text passwords by default. +</para> + +<para> +MS Windows clients have a habit of dropping network mappings that +have been idle for 10 minutes or longer. When the user attempts to +use the mapped drive connection that has been dropped the SMB protocol +has a mechanism by which the connection can be re-established using +a cached copy of the password. +</para> + +<para> +When Microsoft changed the default password mode, they dropped support for +caching of the plain text password. This means that when the registry +parameter is changed to re-enable use of plain text passwords it appears to +work, but when a dropped mapping attempts to revalidate it will fail if +the remote authentication server does not support encrypted passwords. +This means that it is definitely not a good idea to re-enable plain text +password support in such clients. +</para> + +<para> +The following parameters can be used to work around the +issue of Windows 9x client upper casing usernames and +password before transmitting them to the SMB server +when using clear text authentication. +</para> + +<para><programlisting> + <ulink url="smb.conf.5.html#PASSWORDLEVEL">passsword level</ulink> = <replaceable>integer</replaceable> + <ulink url="smb.conf.5.html#USERNAMELEVEL">username level</ulink> = <replaceable>integer</replaceable> +</programlisting></para> + +<para> +By default Samba will lower case the username before attempting +to lookup the user in the database of local system accounts. +Because UNIX usernames conventionally only contain lower case +character, the <parameter>username level</parameter> parameter +is rarely even needed. +</para> + +<para> +However, password on UNIX systems often make use of mixed case +characters. This means that in order for a user on a Windows 9x +client to connect to a Samba server using clear text authentication, +the <parameter>password level</parameter> must be set to the maximum +number of upper case letter which <emphasis>could</emphasis> appear +is a password. Note that is the server OS uses the traditional +DES version of crypt(), then a <parameter>password level</parameter> +of 8 will result in case insensitive passwords as seen from Windows +users. This will also result in longer login times as Samba +hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail). +</para> + +<para> +The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords: +</para> + + +<sect2> +<title>Use MS Windows NT as an authentication server</title> + +<para> +This method involves the additions of the following parameters +in the smb.conf file: +</para> + +<para><programlisting> + encrypt passwords = Yes + security = server + password server = "NetBIOS_name_of_PDC" +</programlisting></para> + + +<para> +There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code. +</para> + +<para> +The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts. +</para> + +<para> +Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients. +</para> + +</sect2> + +<sect2> +<title>Make Samba a member of an MS Windows NT security domain</title> + +<para> +This method involves additon of the following paramters in the smb.conf file: +</para> + +<para><programlisting> + encrypt passwords = Yes + security = domain + workgroup = "name of NT domain" + password server = * +</programlisting></para> + +<para> +The use of the "*" argument to "password server" will cause samba +to locate the domain controller in a way analogous to the way +this is done within MS Windows NT. +</para> + +<para> +In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows: +</para> + +<itemizedlist> + <listitem><para>On the MS Windows NT domain controller using + the Server Manager add a machine account for the Samba server. + </para></listitem> + + <listitem><para>Next, on the Linux system execute: + <command>smbpasswd -r PDC_NAME -j DOMAIN_NAME</command> + </para></listitem> +</itemizedlist> + +<para> +Use of this mode of authentication does require there to be +a standard Unix account for the user in order to assign +a uid once the account has been authenticated by the remote +Windows DC. This account can be blocked to prevent logons by +other than MS Windows clients by things such as setting an invalid +shell in the <filename>/etc/passwd</filename> entry. +</para> + +<para> +An alternative to assigning UIDs to Windows users on a +Samba member server is presented in the <ulink +url="winbind.html">Winbind Overview</ulink> chapter in +this HOWTO collection. +</para> + + +</sect2> + + +<sect2> +<title>Configure Samba as an authentication server</title> + +<para> +This mode of authentication demands that there be on the +Unix/Linux system both a Unix style account as well as and +smbpasswd entry for the user. The Unix system account can be +locked if required as only the encrypted password will be +used for SMB client authentication. +</para> + +<para> +This method involves addition of the following parameters to +the smb.conf file: +</para> + +<para><programlisting> +## please refer to the Samba PDC HOWTO chapter later in +## this collection for more details +[global] + encrypt passwords = Yes + security = user + domain logons = Yes + ; an OS level of 33 or more is recommended + os level = 33 + +[NETLOGON] + path = /somewhare/in/file/system + read only = yes +</programlisting></para> + +<para> +in order for this method to work a Unix system account needs +to be created for each user, as well as for each MS Windows NT/2000 +machine. The following structure is required. +</para> + +<sect3> +<title>Users</title> + +<para> +A user account that may provide a home directory should be +created. The following Linux system commands are typical of +the procedure for creating an account. +</para> + +<para><programlisting> + # useradd -s /bin/bash -d /home/"userid" -m "userid" + # passwd "userid" + Enter Password: <pw> + + # smbpasswd -a "userid" + Enter Password: <pw> +</programlisting></para> +</sect3> + +<sect3> +<title>MS Windows NT Machine Accounts</title> + +<para> +These are required only when Samba is used as a domain +controller. Refer to the Samba-PDC-HOWTO for more details. +</para> + +<para><programlisting> + # useradd -s /bin/false -d /dev/null "machine_name"\$ + # passwd -l "machine_name"\$ + # smbpasswd -a -m "machine_name" +</programlisting></para> +</sect3> +</sect2> +</sect1> + + +<sect1> +<title>Conclusions</title> + +<para> +Samba provides a flexible means to operate as... +</para> + +<itemizedlist> + <listitem><para>A Stand-alone server - No special action is needed + other than to create user accounts. Stand-alone servers do NOT + provide network logon services, meaning that machines that use this + server do NOT perform a domain logon but instead make use only of + the MS Windows logon which is local to the MS Windows + workstation/server. + </para></listitem> + + <listitem><para>An MS Windows NT 3.x/4.0 security domain member. + </para></listitem> + + + <listitem><para>An alternative to an MS Windows NT 3.x/4.0 + Domain Controller. + </para></listitem> + +</itemizedlist> + +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml new file mode 100644 index 0000000000..2259dae029 --- /dev/null +++ b/docs/docbook/projdoc/NT_Security.sgml @@ -0,0 +1,358 @@ +<chapter id="unix-permissions"> + +<chapterinfo> + <author> + <firstname>Jeremy</firstname><surname>Allison</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>samba@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate>12 Apr 1999</pubdate> +</chapterinfo> + + +<title>UNIX Permission Bits and Windows NT Access Control Lists</title> + +<sect1> + <title>Viewing and changing UNIX permissions using the NT + security dialogs</title> + + + <para>New in the Samba 2.0.4 release is the ability for Windows + NT clients to use their native security settings dialog box to + view and modify the underlying UNIX permissions.</para> + + <para>Note that this ability is careful not to compromise + the security of the UNIX host Samba is running on, and + still obeys all the file permission rules that a Samba + administrator can set.</para> + + <para>In Samba 2.0.4 and above the default value of the + parameter <ulink url="smb.conf.5.html#NTACLSUPPORT"><parameter> + nt acl support</parameter></ulink> has been changed from + <constant>false</constant> to <constant>true</constant>, so + manipulation of permissions is turned on by default.</para> +</sect1> + +<sect1> + <title>How to view file security on a Samba share</title> + + <para>From an NT 4.0 client, single-click with the right + mouse button on any file or directory in a Samba mounted + drive letter or UNC path. When the menu pops-up, click + on the <emphasis>Properties</emphasis> entry at the bottom of + the menu. This brings up the normal file properties dialog + box, but with Samba 2.0.4 this will have a new tab along the top + marked <emphasis>Security</emphasis>. Click on this tab and you + will see three buttons, <emphasis>Permissions</emphasis>, + <emphasis>Auditing</emphasis>, and <emphasis>Ownership</emphasis>. + The <emphasis>Auditing</emphasis> button will cause either + an error message <errorname>A requested privilege is not held + by the client</errorname> to appear if the user is not the + NT Administrator, or a dialog which is intended to allow an + Administrator to add auditing requirements to a file if the + user is logged on as the NT Administrator. This dialog is + non-functional with a Samba share at this time, as the only + useful button, the <command>Add</command> button will not currently + allow a list of users to be seen.</para> + +</sect1> + +<sect1> + <title>Viewing file ownership</title> + + <para>Clicking on the <command>"Ownership"</command> button + brings up a dialog box telling you who owns the given file. The + owner name will be of the form :</para> + + <para><command>"SERVER\user (Long name)"</command></para> + + <para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of + the Samba server, <replaceable>user</replaceable> is the user name of + the UNIX user who owns the file, and <replaceable>(Long name)</replaceable> + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). Click on the <command>Close + </command> button to remove this dialog.</para> + + <para>If the parameter <parameter>nt acl support</parameter> + is set to <constant>false</constant> then the file owner will + be shown as the NT user <command>"Everyone"</command>.</para> + + <para>The <command>Take Ownership</command> button will not allow + you to change the ownership of this file to yourself (clicking on + it will display a dialog box complaining that the user you are + currently logged onto the NT client cannot be found). The reason + for this is that changing the ownership of a file is a privileged + operation in UNIX, available only to the <emphasis>root</emphasis> + user. As clicking on this button causes NT to attempt to change + the ownership of a file to the current user logged into the NT + client this will not work with Samba at this time.</para> + + <para>There is an NT chown command that will work with Samba + and allow a user with Administrator privilege connected + to a Samba 2.0.4 server as root to change the ownership of + files on both a local NTFS filesystem or remote mounted NTFS + or Samba drive. This is available as part of the <emphasis>Seclib + </emphasis> NT security library written by Jeremy Allison of + the Samba Team, available from the main Samba ftp site.</para> + +</sect1> + +<sect1> + <title>Viewing file or directory permissions</title> + + <para>The third button is the <command>"Permissions"</command> + button. Clicking on this brings up a dialog box that shows both + the permissions and the UNIX owner of the file or directory. + The owner is displayed in the form :</para> + + <para><command>"SERVER\user (Long name)"</command></para> + + <para>Where <replaceable>SERVER</replaceable> is the NetBIOS name of + the Samba server, <replaceable>user</replaceable> is the user name of + the UNIX user who owns the file, and <replaceable>(Long name)</replaceable> + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database).</para> + + <para>If the parameter <parameter>nt acl support</parameter> + is set to <constant>false</constant> then the file owner will + be shown as the NT user <command>"Everyone"</command> and the + permissions will be shown as NT "Full Control".</para> + + + <para>The permissions field is displayed differently for files + and directories, so I'll describe the way file permissions + are displayed first.</para> + + <sect2> + <title>File Permissions</title> + + <para>The standard UNIX user/group/world triple and + the corresponding "read", "write", "execute" permissions + triples are mapped by Samba into a three element NT ACL + with the 'r', 'w', and 'x' bits mapped into the corresponding + NT permissions. The UNIX world permissions are mapped into + the global NT group <command>Everyone</command>, followed + by the list of permissions allowed for UNIX world. The UNIX + owner and group permissions are displayed as an NT + <command>user</command> icon and an NT <command>local + group</command> icon respectively followed by the list + of permissions allowed for the UNIX user and group.</para> + + <para>As many UNIX permission sets don't map into common + NT names such as <command>"read"</command>, <command> + "change"</command> or <command>"full control"</command> then + usually the permissions will be prefixed by the words <command> + "Special Access"</command> in the NT display list.</para> + + <para>But what happens if the file has no permissions allowed + for a particular UNIX user group or world component ? In order + to allow "no permissions" to be seen and modified then Samba + overloads the NT <command>"Take Ownership"</command> ACL attribute + (which has no meaning in UNIX) and reports a component with + no permissions as having the NT <command>"O"</command> bit set. + This was chosen of course to make it look like a zero, meaning + zero permissions. More details on the decision behind this will + be given below.</para> + </sect2> + + <sect2> + <title>Directory Permissions</title> + + <para>Directories on an NT NTFS file system have two + different sets of permissions. The first set of permissions + is the ACL set on the directory itself, this is usually displayed + in the first set of parentheses in the normal <command>"RW"</command> + NT style. This first set of permissions is created by Samba in + exactly the same way as normal file permissions are, described + above, and is displayed in the same way.</para> + + <para>The second set of directory permissions has no real meaning + in the UNIX permissions world and represents the <command> + "inherited"</command> permissions that any file created within + this directory would inherit.</para> + + <para>Samba synthesises these inherited permissions for NT by + returning as an NT ACL the UNIX permission mode that a new file + created by Samba on this share would receive.</para> + </sect2> +</sect1> + +<sect1> + <title>Modifying file or directory permissions</title> + + <para>Modifying file and directory permissions is as simple + as changing the displayed permissions in the dialog box, and + clicking the <command>OK</command> button. However, there are + limitations that a user needs to be aware of, and also interactions + with the standard Samba permission masks and mapping of DOS + attributes that need to also be taken into account.</para> + + <para>If the parameter <parameter>nt acl support</parameter> + is set to <constant>false</constant> then any attempt to set + security permissions will fail with an <command>"Access Denied" + </command> message.</para> + + <para>The first thing to note is that the <command>"Add"</command> + button will not return a list of users in Samba 2.0.4 (it will give + an error message of <command>"The remote procedure call failed + and did not execute"</command>). This means that you can only + manipulate the current user/group/world permissions listed in + the dialog box. This actually works quite well as these are the + only permissions that UNIX actually has.</para> + + <para>If a permission triple (either user, group, or world) + is removed from the list of permissions in the NT dialog box, + then when the <command>"OK"</command> button is pressed it will + be applied as "no permissions" on the UNIX side. If you then + view the permissions again the "no permissions" entry will appear + as the NT <command>"O"</command> flag, as described above. This + allows you to add permissions back to a file or directory once + you have removed them from a triple component.</para> + + <para>As UNIX supports only the "r", "w" and "x" bits of + an NT ACL then if other NT security attributes such as "Delete + access" are selected then they will be ignored when applied on + the Samba server.</para> + + <para>When setting permissions on a directory the second + set of permissions (in the second set of parentheses) is + by default applied to all files within that directory. If this + is not what you want you must uncheck the <command>"Replace + permissions on existing files"</command> checkbox in the NT + dialog before clicking <command>"OK"</command>.</para> + + <para>If you wish to remove all permissions from a + user/group/world component then you may either highlight the + component and click the <command>"Remove"</command> button, + or set the component to only have the special <command>"Take + Ownership"</command> permission (displayed as <command>"O" + </command>) highlighted.</para> +</sect1> + +<sect1> + <title>Interaction with the standard Samba create mask + parameters</title> + + <para>Note that with Samba 2.0.5 there are four new parameters + to control this interaction. These are :</para> + + <para><parameter>security mask</parameter></para> + <para><parameter>force security mode</parameter></para> + <para><parameter>directory security mask</parameter></para> + <para><parameter>force directory security mode</parameter></para> + + <para>Once a user clicks <command>"OK"</command> to apply the + permissions Samba maps the given permissions into a user/group/world + r/w/x triple set, and then will check the changed permissions for a + file against the bits set in the <ulink url="smb.conf.5.html#SECURITYMASK"> + <parameter>security mask</parameter></ulink> parameter. Any bits that + were changed that are not set to '1' in this parameter are left alone + in the file permissions.</para> + + <para>Essentially, zero bits in the <parameter>security mask</parameter> + mask may be treated as a set of bits the user is <emphasis>not</emphasis> + allowed to change, and one bits are those the user is allowed to change. + </para> + + <para>If not set explicitly this parameter is set to the same value as + the <ulink url="smb.conf.5.html#CREATEMASK"><parameter>create mask + </parameter></ulink> parameter to provide compatibility with Samba 2.0.4 + where this permission change facility was introduced. To allow a user to + modify all the user/group/world permissions on a file, set this parameter + to 0777.</para> + + <para>Next Samba checks the changed permissions for a file against + the bits set in the <ulink url="smb.conf.5.html#FORCESECURITYMODE"> + <parameter>force security mode</parameter></ulink> parameter. Any bits + that were changed that correspond to bits set to '1' in this parameter + are forced to be set.</para> + + <para>Essentially, bits set in the <parameter>force security mode + </parameter> parameter may be treated as a set of bits that, when + modifying security on a file, the user has always set to be 'on'.</para> + + <para>If not set explicitly this parameter is set to the same value + as the <ulink url="smb.conf.5.html#FORCECREATEMODE"><parameter>force + create mode</parameter></ulink> parameter to provide compatibility + with Samba 2.0.4 where the permission change facility was introduced. + To allow a user to modify all the user/group/world permissions on a file + with no restrictions set this parameter to 000.</para> + + <para>The <parameter>security mask</parameter> and <parameter>force + security mode</parameter> parameters are applied to the change + request in that order.</para> + + <para>For a directory Samba will perform the same operations as + described above for a file except using the parameter <parameter> + directory security mask</parameter> instead of <parameter>security + mask</parameter>, and <parameter>force directory security mode + </parameter> parameter instead of <parameter>force security mode + </parameter>.</para> + + <para>The <parameter>directory security mask</parameter> parameter + by default is set to the same value as the <parameter>directory mask + </parameter> parameter and the <parameter>force directory security + mode</parameter> parameter by default is set to the same value as + the <parameter>force directory mode</parameter> parameter to provide + compatibility with Samba 2.0.4 where the permission change facility + was introduced.</para> + + <para>In this way Samba enforces the permission restrictions that + an administrator can set on a Samba share, whilst still allowing users + to modify the permission bits within that restriction.</para> + + <para>If you want to set up a share that allows users full control + in modifying the permission bits on their files and directories and + doesn't force any particular bits to be set 'on', then set the following + parameters in the <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink> file in that share specific section :</para> + + <para><parameter>security mask = 0777</parameter></para> + <para><parameter>force security mode = 0</parameter></para> + <para><parameter>directory security mask = 0777</parameter></para> + <para><parameter>force directory security mode = 0</parameter></para> + + <para>As described, in Samba 2.0.4 the parameters :</para> + + <para><parameter>create mask</parameter></para> + <para><parameter>force create mode</parameter></para> + <para><parameter>directory mask</parameter></para> + <para><parameter>force directory mode</parameter></para> + + <para>were used instead of the parameters discussed here.</para> +</sect1> + +<sect1> + <title>Interaction with the standard Samba file attribute + mapping</title> + + <para>Samba maps some of the DOS attribute bits (such as "read + only") into the UNIX permissions of a file. This means there can + be a conflict between the permission bits set via the security + dialog and the permission bits set by the file attribute mapping. + </para> + + <para>One way this can show up is if a file has no UNIX read access + for the owner it will show up as "read only" in the standard + file attributes tabbed dialog. Unfortunately this dialog is + the same one that contains the security info in another tab.</para> + + <para>What this can mean is that if the owner changes the permissions + to allow themselves read access using the security dialog, clicks + <command>"OK"</command> to get back to the standard attributes tab + dialog, and then clicks <command>"OK"</command> on that dialog, then + NT will set the file permissions back to read-only (as that is what + the attributes still say in the dialog). This means that after setting + permissions and clicking <command>"OK"</command> to get back to the + attributes dialog you should always hit <command>"Cancel"</command> + rather than <command>"OK"</command> to ensure that your changes + are not overridden.</para> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml new file mode 100644 index 0000000000..ca7ad6a754 --- /dev/null +++ b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml @@ -0,0 +1,142 @@ +<chapter id="os2"> + + +<chapterinfo> + <author> + <firstname>Jim</firstname><surname>McDonough</surname> + <affiliation> + <orgname>IBM</orgname> + <address> + <email>jerry@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate>5 Mar 2001</pubdate> +</chapterinfo> + +<title>OS2 Client HOWTO</title> + +<sect1> + <title>FAQs</title> + + <sect2> + <title>How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?</title> + + <para>A more complete answer to this question can be + found on <ulink url="http://carol.wins.uva.nl/~leeuw/samba/warp.html"> + http://carol.wins.uva.nl/~leeuw/samba/warp.html</ulink>.</para> + + <para>Basically, you need three components:</para> + + <itemizedlist> + <listitem><para>The File and Print Client ('IBM Peer') + </para></listitem> + <listitem><para>TCP/IP ('Internet support') + </para></listitem> + <listitem><para>The "NetBIOS over TCP/IP" driver ('TCPBEUI') + </para></listitem> + </itemizedlist> + + <para>Installing the first two together with the base operating + system on a blank system is explained in the Warp manual. If Warp + has already been installed, but you now want to install the + networking support, use the "Selective Install for Networking" + object in the "System Setup" folder.</para> + + <para>Adding the "NetBIOS over TCP/IP" driver is not described + in the manual and just barely in the online documentation. Start + MPTS.EXE, click on OK, click on "Configure LAPS" and click + on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line + is then moved to 'Current Configuration'. Select that line, + click on "Change number" and increase it from 0 to 1. Save this + configuration.</para> + + <para>If the Samba server(s) is not on your local subnet, you + can optionally add IP names and addresses of these servers + to the "Names List", or specify a WINS server ('NetBIOS + Nameserver' in IBM and RFC terminology). For Warp Connect you + may need to download an update for 'IBM Peer' to bring it on + the same level as Warp 4. See the webpage mentioned above.</para> + </sect2> + + <sect2> + <title>How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?</title> + + <para>You can use the free Microsoft LAN Manager 2.2c Client + for OS/2 from + <ulink url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"> + ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>. + See <ulink url="http://carol.wins.uva.nl/~leeuw/lanman.html"> + http://carol.wins.uva.nl/~leeuw/lanman.html</ulink> for + more information on how to install and use this client. In + a nutshell, edit the file \OS2VER in the root directory of + the OS/2 boot partition and add the lines:</para> + + <para><programlisting> + 20=setup.exe + 20=netwksta.sys + 20=netvdd.sys + </programlisting></para> + + <para>before you install the client. Also, don't use the + included NE2000 driver because it is buggy. Try the NE2000 + or NS2000 driver from + <ulink url="ftp://ftp.cdrom.com/pub/os2/network/ndis/"> + ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead. + </para> + </sect2> + + <sect2> + <title>Are there any other issues when OS/2 (any version) + is used as a client?</title> + + <para>When you do a NET VIEW or use the "File and Print + Client Resource Browser", no Samba servers show up. This can + be fixed by a patch from <ulink + url="http://carol.wins.uva.nl/~leeuw/samba/fix.html"> + http://carol.wins.uva.nl/~leeuw/samba/fix.html</ulink>. + The patch will be included in a later version of Samba. It also + fixes a couple of other problems, such as preserving long + filenames when objects are dragged from the Workplace Shell + to the Samba server. </para> + </sect2> + + <sect2> + <title>How do I get printer driver download working + for OS/2 clients?</title> + + <para>First, create a share called [PRINTDRV] that is + world-readable. Copy your OS/2 driver files there. Note + that the .EA_ files must still be separate, so you will need + to use the original install files, and not copy an installed + driver from an OS/2 system.</para> + + <para>Install the NT driver first for that printer. Then, + add to your smb.conf a parameter, "os2 driver map = + <replaceable>filename</replaceable>". Then, in the file + specified by <replaceable>filename</replaceable>, map the + name of the NT driver name to the OS/2 driver name as + follows:</para> + + <para><nt driver name> = <os2 driver + name>.<device name>, e.g.: + HP LaserJet 5L = LASERJET.HP LaserJet 5L</para> + + <para>You can have multiple drivers mapped in this file.</para> + + <para>If you only specify the OS/2 driver name, and not the + device name, the first attempt to download the driver will + actually download the files, but the OS/2 client will tell + you the driver is not available. On the second attempt, it + will work. This is fixed simply by adding the device name + to the mapping, after which it will work on the first attempt. + </para> + </sect2> +</sect1> + +</chapter> + diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml new file mode 100644 index 0000000000..594516640d --- /dev/null +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml @@ -0,0 +1,215 @@ +<chapter id="pam"> + + +<chapterinfo> + <author> + <firstname>John</firstname><surname>Terpstra</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jht@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate> (Jun 21 2001) </pubdate> +</chapterinfo> + +<title>Configuring PAM for distributed but centrally +managed authentication</title> + +<sect1> +<title>Samba and PAM</title> + +<para> +A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (<filename>/etc/passwd</filename>) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: <command>login</command>, +<command>passwd</command>, <command>chown</command>, etc. +</para> + +<para> +PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file <filename>/etc/pam.conf</filename> (Solaris), +or by editing individual files that are located in <filename>/etc/pam.d</filename>. +</para> + +<para> +The following is an example <filename>/etc/pam.d/login</filename> configuration file. +This example had all options been uncommented is probably not usable +as it stacks many conditions before allowing successful completion +of the login process. Essentially all conditions can be disabled +by commenting them out except the calls to <filename>pam_pwdb.so</filename>. +</para> + +<para><programlisting> +#%PAM-1.0 +# The PAM configuration file for the `login' service +# +auth required pam_securetty.so +auth required pam_nologin.so +# auth required pam_dialup.so +# auth optional pam_mail.so +auth required pam_pwdb.so shadow md5 +# account requisite pam_time.so +account required pam_pwdb.so +session required pam_pwdb.so +# session optional pam_lastlog.so +# password required pam_cracklib.so retry=3 +password required pam_pwdb.so shadow md5 +</programlisting></para> + +<para> +PAM allows use of replacable modules. Those available on a +sample system include: +</para> + +<para><programlisting> +$ /bin/ls /lib/security +pam_access.so pam_ftp.so pam_limits.so +pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so +pam_cracklib.so pam_group.so pam_listfile.so +pam_nologin.so pam_rootok.so pam_tally.so +pam_deny.so pam_issue.so pam_mail.so +pam_permit.so pam_securetty.so pam_time.so +pam_dialup.so pam_lastlog.so pam_mkhomedir.so +pam_pwdb.so pam_shells.so pam_unix.so +pam_env.so pam_ldap.so pam_motd.so +pam_radius.so pam_smbpass.so pam_unix_acct.so +pam_wheel.so pam_unix_auth.so pam_unix_passwd.so +pam_userdb.so pam_warn.so pam_unix_session.so +</programlisting></para> + +<para> +The following example for the login program replaces the use of +the <filename>pam_pwdb.so</filename> module which uses the system +password database (<filename>/etc/passwd</filename>, +<filename>/etc/shadow</filename>, <filename>/etc/group</filename>) with +the module <filename>pam_smbpass.so</filename> which uses the Samba +database which contains the Microsoft MD4 encrypted password +hashes. This database is stored in either +<filename>/usr/local/samba/private/smbpasswd</filename>, +<filename>/etc/samba/smbpasswd</filename>, or in +<filename>/etc/samba.d/smbpasswd</filename>, depending on the +Samba implementation for your Unix/Linux system. The +<filename>pam_smbpass.so</filename> module is provided by +Samba version 2.2.1 or later. It can be compiled by specifying the +<command>--with-pam_smbpass</command> options when running Samba's +<filename>configure</filename> script. For more information +on the <filename>pam_smbpass</filename> module, see the documentation +in the <filename>source/pam_smbpass</filename> directory of the Samba +source distribution. +</para> + +<para><programlisting> +#%PAM-1.0 +# The PAM configuration file for the `login' service +# +auth required pam_smbpass.so nodelay +account required pam_smbpass.so nodelay +session required pam_smbpass.so nodelay +password required pam_smbpass.so nodelay +</programlisting></para> + +<para> +The following is the PAM configuration file for a particular +Linux system. The default condition uses <filename>pam_pwdb.so</filename>. +</para> + +<para><programlisting> +#%PAM-1.0 +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_pwdb.so shadow md5 +</programlisting></para> + +<para> +In the following example the decision has been made to use the +smbpasswd database even for basic samba authentication. Such a +decision could also be made for the passwd program and would +thus allow the smbpasswd passwords to be changed using the passwd +program. +</para> + +<para><programlisting> +#%PAM-1.0 +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_smbpass.so nodelay +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf +</programlisting></para> + +<para> +Note: PAM allows stacking of authentication mechanisms. It is +also possible to pass information obtained within on PAM module through +to the next module in the PAM stack. Please refer to the documentation for +your particular system implementation for details regarding the specific +capabilities of PAM in this environment. Some Linux implmentations also +provide the <filename>pam_stack.so</filename> module that allows all +authentication to be configured in a single central file. The +<filename>pam_stack.so</filename> method has some very devoted followers +on the basis that it allows for easier administration. As with all issues in +life though, every decision makes trade-offs, so you may want examine the +PAM documentation for further helpful information. +</para> + +</sect1> + +<sect1> +<title>Distributed Authentication</title> + +<para> +The astute administrator will realize from this that the +combination of <filename>pam_smbpass.so</filename>, +<command>winbindd</command>, and <command>rsync</command> (see +<ulink url="http://rsync.samba.org/">http://rsync.samba.org/</ulink>) +will allow the establishment of a centrally managed, distributed +user/password database that can also be used by all +PAM (eg: Linux) aware programs and applications. This arrangement +can have particularly potent advantages compared with the +use of Microsoft Active Directory Service (ADS) in so far as +reduction of wide area network authentication traffic. +</para> + +</sect1> + +<sect1> +<title>PAM Configuration in smb.conf</title> + +<para> +There is an option in smb.conf called <ulink +url="smb.conf.5.html#OBEYPAMRESTRICTIONS">obey pam restrictions</ulink>. +The following is from the on-line help for this option in SWAT; +</para> + +<para> +When Samba 2.2 is configure to enable PAM support (i.e. +<constant>--with-pam</constant>), this parameter will +control whether or not Samba should obey PAM's account +and session management directives. The default behavior +is to use PAM for clear text authentication only and to +ignore any account or session management. Note that Samba always +ignores PAM for authentication in the case of +<ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">encrypt passwords = yes</ulink>. +The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB +password encryption. +</para> + +<para>Default: <command>obey pam restrictions = no</command></para> + +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml new file mode 100644 index 0000000000..53a0959c39 --- /dev/null +++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml @@ -0,0 +1,233 @@ +<chapter id="samba-bdc"> + + +<chapterinfo> + <author> + <firstname>Volker</firstname><surname>Lendecke</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>Volker.Lendecke@SerNet.DE</email></address> + </affiliation> + </author> + <pubdate> (26 Apr 2001) </pubdate> +</chapterinfo> + +<title> +How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain +</title> + +<sect1> +<title>Prerequisite Reading</title> + +<para> +Before you continue reading in this chapter, please make sure +that you are comfortable with configuring a Samba PDC +as described in the <ulink url="Samba-PDC-HOWTO.html">Samba-PDC-HOWTO</ulink>. +</para> + + +</sect1> + +<sect1> + +<title>Background</title> + +<para> +What is a Domain Controller? It is a machine that is able to answer +logon requests from workstations in a Windows NT Domain. Whenever a +user logs into a Windows NT Workstation, the workstation connects to a +Domain Controller and asks him whether the username and password the +user typed in is correct. The Domain Controller replies with a lot of +information about the user, for example the place where the users +profile is stored, the users full name of the user. All this +information is stored in the NT user database, the so-called SAM. +</para> + +<para> +There are two kinds of Domain Controller in a NT 4 compatible Domain: +A Primary Domain Controller (PDC) and one or more Backup Domain +Controllers (BDC). The PDC contains the master copy of the +SAM. Whenever the SAM has to change, for example when a user changes +his password, this change has to be done on the PDC. A Backup Domain +Controller is a machine that maintains a read-only copy of the +SAM. This way it is able to reply to logon requests and authenticate +users in case the PDC is not available. During this time no changes to +the SAM are possible. Whenever changes to the SAM are done on the PDC, +all BDC receive the changes from the PDC. +</para> + +<para> +Since version 2.2 Samba officially supports domain logons for all +current Windows Clients, including Windows 2000 and XP. This text +assumes the domain to be named SAMBA. To be able to act as a PDC, some +parameters in the [global]-section of the smb.conf have to be set: +</para> + +<para><programlisting> +workgroup = SAMBA +domain master = yes +domain logons = yes +</programlisting></para> + +<para> +Several other things like a [homes] and a [netlogon] share also may be +set along with settings for the profile path, the users home drive and +others. This will not be covered in this document. +</para> + +</sect1> + + +<sect1> +<title>What qualifies a Domain Controller on the network?</title> + +<para> +Every machine that is a Domain Controller for the domain SAMBA has to +register the NetBIOS group name SAMBA#1c with the WINS server and/or +by broadcast on the local network. The PDC also registers the unique +NetBIOS name SAMBA#1b with the WINS server. The name type #1b is +normally reserved for the domain master browser, a role that has +nothing to do with anything related to authentication, but the +Microsoft Domain implementation requires the domain master browser to +be on the same machine as the PDC. +</para> + + +<sect2> +<title>How does a Workstation find its domain controller?</title> + +<para> +A NT workstation in the domain SAMBA that wants a local user to be +authenticated has to find the domain controller for SAMBA. It does +this by doing a NetBIOS name query for the group name SAMBA#1c. It +assumes that each of the machines it gets back from the queries is a +domain controller and can answer logon requests. To not open security +holes both the workstation and the selected (TODO: How is the DC +chosen) domain controller authenticate each other. After that the +workstation sends the user's credentials (his name and password) to +the domain controller, asking for approval. +</para> + +</sect2> + + +<sect2> +<title>When is the PDC needed?</title> + +<para> +Whenever a user wants to change his password, this has to be done on +the PDC. To find the PDC, the workstation does a NetBIOS name query +for SAMBA#1b, assuming this machine maintains the master copy of the +SAM. The workstation contacts the PDC, both mutually authenticate and +the password change is done. +</para> + +</sect2> + +</sect1> + + +<sect1> +<title>Can Samba be a Backup Domain Controller?</title> + +<para> +With version 2.2, no. The native NT SAM replication protocols have +not yet been fully implemented. The Samba Team is working on +understanding and implementing the protocols, but this work has not +been finished for version 2.2. +</para> + +<para> +Can I get the benefits of a BDC with Samba? Yes. The main reason for +implementing a BDC is availability. If the PDC is a Samba machine, +a second Samba machine can be set up to +service logon requests whenever the PDC is down. +</para> + +</sect1> + + +<sect1> +<title>How do I set up a Samba BDC?</title> + +<para> +Several things have to be done: +</para> + +<itemizedlist> + +<listitem><para> +The file private/MACHINE.SID identifies the domain. When a samba +server is first started, it is created on the fly and must never be +changed again. This file has to be the same on the PDC and the BDC, +so the MACHINE.SID has to be copied from the PDC to the BDC. +</para></listitem> + +<listitem><para> +The Unix user database has to be synchronized from the PDC to the +BDC. This means that both the /etc/passwd and /etc/group have to be +replicated from the PDC to the BDC. This can be done manually +whenever changes are made, or the PDC is set up as a NIS master +server and the BDC as a NIS slave server. To set up the BDC as a +mere NIS client would not be enough, as the BDC would not be able to +access its user database in case of a PDC failure. +</para></listitem> + +<listitem><para> +The Samba password database in the file private/smbpasswd has to be +replicated from the PDC to the BDC. This is a bit tricky, see the +next section. +</para></listitem> + +<listitem><para> +Any netlogon share has to be replicated from the PDC to the +BDC. This can be done manually whenever login scripts are changed, +or it can be done automatically together with the smbpasswd +synchronization. +</para></listitem> + +</itemizedlist> + +<para> +Finally, the BDC has to be found by the workstations. This can be done +by setting +</para> + +<para><programlisting> +workgroup = samba +domain master = no +domain logons = yes +</programlisting></para> + +<para> +in the [global]-section of the smb.conf of the BDC. This makes the BDC +only register the name SAMBA#1c with the WINS server. This is no +problem as the name SAMBA#1c is a NetBIOS group name that is meant to +be registered by more than one machine. The parameter 'domain master = +no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS +name is reserved for the Primary Domain Controller. +</para> + +<sect2> +<title>How do I replicate the smbpasswd file?</title> + +<para> +Replication of the smbpasswd file is sensitive. It has to be done +whenever changes to the SAM are made. Every user's password change is +done in the smbpasswd file and has to be replicated to the BDC. So +replicating the smbpasswd file very often is necessary. +</para> + +<para> +As the smbpasswd file contains plain text password equivalents, it +must not be sent unencrypted over the wire. The best way to set up +smbpasswd replication from the PDC to the BDC is to use the utility +rsync. rsync can use ssh as a transport. ssh itself can be set up to +accept *only* rsync transfer without requiring the user to type a +password. +</para> + + +</sect2> +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml new file mode 100644 index 0000000000..21d2c55ec7 --- /dev/null +++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml @@ -0,0 +1,594 @@ +<chapter id="samba-ldap-howto"> + +<chapterinfo> + <author> + <firstname>Gerald (Jerry)></firstname><surname>Carter</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>jerry@samba.org</email></address> + </affiliation> + <firstname>Olivier (lem)></firstname><surname>Lemaire</surname> + <affiliation> + <orgname>IDEALX</orgname> + <address><email>olem@IDEALX.org</email></address> + </affiliation> + </author> + + + <pubdate> (13 Jan 2002) </pubdate> +</chapterinfo> + +<title>Storing Samba's User/Machine Account information in an LDAP Directory</title> + +<sect1> +<title>Purpose</title> + +<para> +This document describes how to use an LDAP directory for storing Samba user +account information traditionally stored in the smbpasswd(5) file. It is +assumed that the reader already has a basic understanding of LDAP concepts +and has a working directory server already installed. For more information +on LDAP architectures and Directories, please refer to the following sites. +</para> + +<itemizedlist> + <listitem><para>OpenLDAP - <ulink url="http://www.openldap.org/">http://www.openldap.org/</ulink></para></listitem> + <listitem><para>iPlanet Directory Server - <ulink url="http://iplanet.netscape.com/directory">http://iplanet.netscape.com/directory</ulink></para></listitem> +</itemizedlist> + +<para> +Note that <ulink url="http://www.ora.com/">O'Reilly Publishing</ulink> is working on +a guide to LDAP for System Administrators which has a planned release date of +early summer, 2002. +</para> + +<para> +Two additional Samba resources which may prove to be helpful are +</para> + +<itemizedlist> + <listitem><para>The <ulink url="http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html">Samba-PDC-LDAP-HOWTO</ulink> + maintained by Ignacio Coupeau.</para></listitem> + + <listitem><para>The NT migration scripts from <ulink url="http://samba.idealx.org/">IDEALX</ulink> that are + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. + </para></listitem> +</itemizedlist> + +</sect1> + + +<sect1> +<title>Introduction</title> + +<para> +Traditionally, when configuring <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">"encrypt +passwords = yes"</ulink> in Samba's <filename>smb.conf</filename> file, user account +information such as username, LM/NT password hashes, password change times, and account +flags have been stored in the <filename>smbpasswd(5)</filename> file. There are several +disadvantages to this approach for sites with very large numbers of users (counted +in the thousands). +</para> + +<itemizedlist> +<listitem><para> +The first is that all lookups must be performed sequentially. Given that +there are approximately two lookups per domain logon (one for a normal +session connection such as when mapping a network drive or printer), this +is a performance bottleneck for lareg sites. What is needed is an indexed approach +such as is used in databases. +</para></listitem> + +<listitem><para> +The second problem is that administrators who desired to replicate a +smbpasswd file to more than one Samba server were left to use external +tools such as <command>rsync(1)</command> and <command>ssh(1)</command> +and wrote custom, in-house scripts. +</para></listitem> + +<listitem><para> +And finally, the amount of information which is stored in an +smbpasswd entry leaves no room for additional attributes such as +a home directory, password expiration time, or even a Relative +Identified (RID). +</para></listitem> +</itemizedlist> + +<para> +As a result of these defeciencies, a more robust means of storing user attributes +used by smbd was developed. The API which defines access to user accounts +is commonly referred to as the samdb interface (previously this was called the passdb +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or +<parameter>--with-tdbsam</parameter>) requires compile time support. +</para> + +<para> +When compiling Samba to include the <parameter>--with-ldapsam</parameter> autoconf +option, smbd (and associated tools) will store and lookup user accounts in +an LDAP directory. In reality, this is very easy to understand. If you are +comfortable with using an smbpasswd file, simply replace "smbpasswd" with +"LDAP directory" in all the documentation. +</para> + +<para> +There are a few points to stress about what the <parameter>--with-ldapsam</parameter> +does not provide. The LDAP support referred to in the this documentation does not +include: +</para> + +<itemizedlist> + <listitem><para>A means of retrieving user account information from + an Windows 2000 Active Directory server.</para></listitem> + <listitem><para>A means of replacing /etc/passwd.</para></listitem> +</itemizedlist> + +<para> +The second item can be accomplished by using LDAP NSS and PAM modules. LGPL +versions of these libraries can be obtained from PADL Software +(<ulink url="http://www.padl.com/">http://www.padl.com/</ulink>). However, +the details of configuring these packages are beyond the scope of this document. +</para> + +</sect1> + +<sect1> +<title>Supported LDAP Servers</title> + +<para> +The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP +2.0 server and client libraries. The same code should be able to work with +Netscape's Directory Server and client SDK. However, due to lack of testing +so far, there are bound to be compile errors and bugs. These should not be +hard to fix. If you are so inclined, please be sure to forward all patches to +<ulink url="samba-patches@samba.org">samba-patches@samba.org</ulink> and +<ulink url="jerry@samba.org">jerry@samba.org</ulink>. +</para> + +</sect1> + + + + +<sect1> +<title>Schema and Relationship to the RFC 2307 posixAccount</title> + + +<para> +Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in +<filename>examples/LDAP/samba.schema</filename>. (Note that this schema +file has been modified since the experimental support initially included +in 2.2.2). The sambaAccount objectclass is given here: +</para> + +<para><programlisting> +objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL + DESC 'Samba Account' + MUST ( uid $ rid ) + MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ + logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ + displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ + description $ userWorkstations $ primaryGroupID $ domain )) +</programlisting></para> + +<para> +The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +owned by the Samba Team and as such is legal to be openly published. +If you translate the schema to be used with Netscape DS, please +submit the modified schema file as a patch to <ulink +url="jerry@samba.org">jerry@samba.org</ulink> +</para> + +<para> +Just as the smbpasswd file is mean to store information which supplements a +user's <filename>/etc/passwd</filename> entry, so is the sambaAccount object +meant to supplement the UNIX user account information. A sambaAccount is a +<constant>STRUCTURAL</constant> objectclass so it can be stored individually +in the directory. However, there are several fields (e.g. uid) which overlap +with the posixAccount objectclass outlined in RFC2307. This is by design. +</para> + +<!--olem: we should perhaps have a note about shadowAccounts too as many +systems use them, isn'it ? --> + +<para> +In order to store all user account information (UNIX and Samba) in the directory, +it is necessary to use the sambaAccount and posixAccount objectclasses in +combination. However, smbd will still obtain the user's UNIX account +information via the standard C library calls (e.g. getpwnam(), et. al.). +This means that the Samba server must also have the LDAP NSS library installed +and functioning correctly. This division of information makes it possible to +store all Samba account information in LDAP, but still maintain UNIX account +information in NIS while the network is transitioning to a full LDAP infrastructure. +</para> +</sect1> + +<sect1> +<title>Configuring Samba with LDAP</title> + + +<sect2> +<title>OpenLDAP configuration</title> + +<para> +To include support for the sambaAccount object in an OpenLDAP directory +server, first copy the samba.schema file to slapd's configuration directory. +</para> + +<para> +<prompt>root# </prompt><command>cp samba.schema /etc/openldap/schema/</command> +</para> + +<para> +Next, include the <filename>samba.schema</filename> file in <filename>slapd.conf</filename>. +The sambaAccount object contains two attributes which depend upon other schema +files. The 'uid' attribute is defined in <filename>cosine.schema</filename> and +the 'displayName' attribute is defined in the <filename>inetorgperson.schema</filename> +file. Both of these must be included before the <filename>samba.schema</filename> file. +</para> + +<para><programlisting> +## /etc/openldap/slapd.conf + +## schema files (core.schema is required by default) +include /etc/openldap/schema/core.schema + +## needed for sambaAccount +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/samba.schema + +## uncomment this line if you want to support the RFC2307 (NIS) schema +## include /etc/openldap/schema/nis.schema + +.... +</programlisting></para> + +<para> +It is recommended that you maintain some indices on some of the most usefull attributes, +like in the following example, to speed up searches made on sambaAccount objectclasses +(and possibly posixAccount and posixGroup as well). +</para> +<para><programlisting> +# Indices to maintain +## required by OpenLDAP 2.0 +index objectclass eq + +## support pb_getsampwnam() +index uid pres,eq +## support pdb_getsambapwrid() +index rid eq + +## uncomment these if you are storing posixAccount and +## posixGroup entries in the directory as well +##index uidNumber eq +##index gidNumber eq +##index cn eq +##index memberUid eq +</programlisting></para> +</sect2> + + +<sect2> +<title>Configuring Samba</title> +<!--lem: <title>smb.conf LDAP parameters</title> --> + +<para> +The following parameters are available in smb.conf only with <parameter>--with-ldapsam</parameter> +was included with compiling Samba. +</para> + +<itemizedlist> + <listitem><para><ulink url="smb.conf.5.html#LDAPSSL">ldap ssl</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPSERVER">ldap server</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPADMINDN">ldap admin dn</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPSUFFIX">ldap suffix</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPFILTER">ldap filter</ulink></para></listitem> + <listitem><para><ulink url="smb.conf.5.html#LDAPPORT">ldap port</ulink></para></listitem> +</itemizedlist> + +<para> +These are described in the <ulink url="smb.conf.5.html">smb.conf(5)</ulink> man +page and so will not be repeated here. However, a sample smb.conf file for +use with an LDAP directory could appear as +</para> + +<para><programlisting> +## /usr/local/samba/lib/smb.conf +[global] + security = user + encrypt passwords = yes + + netbios name = TASHTEGO + workgroup = NARNIA + + # ldap related parameters + + # define the DN to use when binding to the directory servers + # The password for this DN is not stored in smb.conf. Rather it + # must be set by using 'smbpasswd -w <replaceable>secretpw</replaceable>' to store the + # passphrase in the secrets.tdb file. If the "ldap admin dn" values + # changes, this password will need to be reset. + ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org" + + # specify the LDAP server's hostname (defaults to locahost) + ldap server = ahab.samba.org + + # Define the SSL option when connecting to the directory + # ('off', 'start tls', or 'on' (default)) + ldap ssl = start tls + + # define the port to use in the LDAP session (defaults to 636 when + # "ldap ssl = on") + ldap port = 389 + + # specify the base DN to use when searching the directory + ldap suffix = "ou=people,dc=samba,dc=org" + + # generally the default ldap search filter is ok + # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" +</programlisting></para> + + +</sect2> +</sect1> + + +<sect1> +<title>Accounts and Groups management</title> + +<para> +As users accounts are managed thru the sambaAccount objectclass, you should +modify you existing administration tools to deal with sambaAccount attributes. +</para> + +<para> +Machines accounts are managed with the sambaAccount objectclass, just +like users accounts. However, it's up to you to stored thoses accounts +in a different tree of you LDAP namespace: you should use +"ou=Groups,dc=plainjoe,dc=org" to store groups and +"ou=People,dc=plainjoe,dc=org" to store users. Just configure your +NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration +file). +</para> + +<para> +In Samba release 2.2.3, the group management system is based on posix +groups. This meand that Samba make usage of the posixGroup objectclass. +For now, there is no NT-like group system management (global and local +groups). +</para> + +</sect1> + +<sect1> +<title>Security and sambaAccount</title> + + +<para> +There are two important points to remember when discussing the security +of sambaAccount entries in the directory. +</para> + +<itemizedlist> + <listitem><para><emphasis>Never</emphasis> retrieve the lmPassword or + ntPassword attribute values over an unencrypted LDAP session.</para></listitem> + <listitem><para><emphasis>Never</emphasis> allow non-admin users to + view the lmPassword or ntPassword attribute values.</para></listitem> +</itemizedlist> + +<para> +These password hashes are clear text equivalents and can be used to impersonate +the user without deriving the original clear text strings. For more information +on the details of LM/NT password hashes, refer to the <ulink +url="ENCRYPTION.html">ENCRYPTION chapter</ulink> of the Samba-HOWTO-Collection. +</para> + +<para> +To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +to require an encrypted session (<command>ldap ssl = on</command>) using +the default port of 636 +when contacting the directory server. When using an OpenLDAP 2.0 server, it +is possible to use the use the StartTLS LDAP extended operation in the place of +LDAPS. In either case, you are strongly discouraged to disable this security +(<command>ldap ssl = off</command>). +</para> + +<para> +Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS +extended operation. However, the OpenLDAP library still provides support for +the older method of securing communication between clients and servers. +</para> + +<para> +The second security precaution is to prevent non-administrative users from +harvesting password hashes from the directory. This can be done using the +following ACL in <filename>slapd.conf</filename>: +</para> + +<para><programlisting> +## allow the "ldap admin dn" access, but deny everyone else +access to attrs=lmPassword,ntPassword + by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write + by * none +</programlisting></para> + + +</sect1> + + + +<sect1> +<title>LDAP specials attributes for sambaAccounts</title> + +<para> +The sambaAccount objectclass is composed of the following attributes: +</para> + +<itemizedlist> + + <listitem><para><constant>lmPassword</constant>: the LANMAN password 16-byte hash stored as a character + representation of a hexidecimal string.</para></listitem> + + <listitem><para><constant>ntPassword</constant>: the NT password hash 16-byte stored as a character + representation of a hexidecimal string.</para></listitem> + + <listitem><para><constant>pwdLastSet</constant>: The integer time in seconds since 1970 when the + <constant>lmPassword</constant> and <constant>ntPassword</constant> attributes were last set. + </para></listitem> + + <listitem><para><constant>acctFlags</constant>: string of 11 characters surrounded by square brackets [] + representing account flags such as U (user), W(workstation), X(no password expiration), and + D(disabled).</para></listitem> + + <listitem><para><constant>logonTime</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>logoffTime</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>kickoffTime</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>pwdCanChange</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>pwdMustChange</constant>: Integer value currently unused</para></listitem> + + <listitem><para><constant>homeDrive</constant>: specifies the drive letter to which to map the + UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" + where X is the letter of the drive to map. Refer to the "logon drive" parameter in the + smb.conf(5) man page for more information.</para></listitem> + + <listitem><para><constant>scriptPath</constant>: The scriptPath property specifies the path of + the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path + is relative to the netlogon share. Refer to the "logon script" parameter in the + smb.conf(5) man page for more information.</para></listitem> + + <listitem><para><constant>profilePath</constant>: specifies a path to the user's profile. + This value can be a null string, a local absolute path, or a UNC path. Refer to the + "logon path" parameter in the smb.conf(5) man page for more information.</para></listitem> + + <listitem><para><constant>smbHome</constant>: The homeDirectory property specifies the path of + the home directory for the user. The string can be null. If homeDrive is set and specifies + a drive letter, homeDirectory should be a UNC path. The path must be a network + UNC path of the form \\server\share\directory. This value can be a null string. + Refer to the "logon home" parameter in the smb.conf(5) man page for more information. + </para></listitem> + + <listitem><para><constant>userWorkstation</constant>: character string value currently unused. + </para></listitem> + + <listitem><para><constant>rid</constant>: the integer representation of the user's relative identifier + (RID).</para></listitem> + + <listitem><para><constant>primaryGroupID</constant>: the relative identifier (RID) of the primary group + of the user.</para></listitem> + +</itemizedlist> + +<para> +The majority of these parameters are only used when Samba is acting as a PDC of +a domain (refer to the <ulink url="Samba-PDC-HOWTO.html">Samba-PDC-HOWTO</ulink> for details on +how to configure Samba as a Primary Domain Controller). The following four attributes +are only stored with the sambaAccount entry if the values are non-default values: +</para> + +<itemizedlist> + <listitem><para>smbHome</para></listitem> + <listitem><para>scriptPath</para></listitem> + <listitem><para>logonPath</para></listitem> + <listitem><para>homeDrive</para></listitem> +</itemizedlist> + +<para> +These attributes are only stored with the sambaAccount entry if +the values are non-default values. For example, assume TASHTEGO has now been +configured as a PDC and that <command>logon home = \\%L\%u</command> was defined in +its <filename>smb.conf</filename> file. When a user named "becky" logons to the domain, +the <parameter>logon home</parameter> string is expanded to \\TASHTEGO\becky. +If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", +this value is used. However, if this attribute does not exist, then the value +of the <parameter>logon home</parameter> parameter is used in its place. Samba +will only write the attribute value to the directory entry is the value is +something other than the default (e.g. \\MOBY\becky). +</para> + + +</sect1> + + + + +<sect1> +<title>Example LDIF Entries for a sambaAccount</title> + + +<para> +The following is a working LDIF with the inclusion of the posixAccount objectclass: +</para> + +<para><programlisting> +dn: uid=guest2, ou=people,dc=plainjoe,dc=org +ntPassword: 878D8014606CDA29677A44EFA1353FC7 +pwdMustChange: 2147483647 +primaryGroupID: 1201 +lmPassword: 552902031BEDE9EFAAD3B435B51404EE +pwdLastSet: 1010179124 +logonTime: 0 +objectClass: sambaAccount +uid: guest2 +kickoffTime: 2147483647 +acctFlags: [UX ] +logoffTime: 2147483647 +rid: 19006 +pwdCanChange: 0 +</programlisting></para> + +<para> +The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses: +</para> + +<para><programlisting> +dn: uid=gcarter, ou=people,dc=plainjoe,dc=org +logonTime: 0 +displayName: Gerald Carter +lmPassword: 552902031BEDE9EFAAD3B435B51404EE +primaryGroupID: 1201 +objectClass: posixAccount +objectClass: sambaAccount +acctFlags: [UX ] +userPassword: {crypt}BpM2ej8Rkzogo +uid: gcarter +uidNumber: 9000 +cn: Gerald Carter +loginShell: /bin/bash +logoffTime: 2147483647 +gidNumber: 100 +kickoffTime: 2147483647 +pwdLastSet: 1010179230 +rid: 19000 +homeDirectory: /home/tashtego/gcarter +pwdCanChange: 0 +pwdMustChange: 2147483647 +ntPassword: 878D8014606CDA29677A44EFA1353FC7 +</programlisting></para> + + +</sect1> + + + +<sect1> +<title>Comments</title> + + +<para> +Please mail all comments regarding this HOWTO to <ulink +url="mailto:jerry@samba.org">jerry@samba.org</ulink>. This documents was +last updated to reflect the Samba 2.2.3 release. + +</para> + + +</sect1> + + +</chapter> diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml new file mode 100644 index 0000000000..475b66598c --- /dev/null +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -0,0 +1,1828 @@ +<chapter id="samba-pdc"> + + +<chapterinfo> + <author> + <firstname>Gerald (Jerry)</firstname><surname>Carter</surname> + <affiliation> + <orgname>VA Linux Systems/Samba Team</orgname> + <address><email>jerry@samba.org</email></address> + </affiliation> + <firstname>David</firstname><surname>Bannon</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>dbannon@samba.org</email></address> + </affiliation> + + </author> + <pubdate> (26 Apr 2001) </pubdate> +</chapterinfo> + +<title> +How to Configure Samba 2.2 as a Primary Domain Controller +</title> + + +<!-- ********************************************************** + + Prerequisite Reading + +*************************************************************** --> +<sect1> +<title>Prerequisite Reading</title> + +<para> +Before you continue reading in this chapter, please make sure +that you are comfortable with configuring basic files services +in smb.conf and how to enable and administer password +encryption in Samba. Theses two topics are covered in the +<ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> +manpage and the <ulink url="ENCRYPTION.html">Encryption chapter</ulink> +of this HOWTO Collection. +</para> + + +</sect1> + + + +<!-- ********************************************************** + + Background Information + +*************************************************************** --> +<sect1> +<title> +Background +</title> + +<note> +<para> +<emphasis>Author's Note:</emphasis> This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". +Both documents are superseded by this one. +</para> +</note> + +<para> +Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller +<indexterm><primary>Primary Domain Controller</primary></indexterm> +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in <ulink +url="UNIX_INSTALL.html"> UNIX_INSTALL.html</ulink>, please make sure +that your server is configured correctly before proceeding. Another +good resource in the <ulink url="smb.conf.5.html">smb.conf(5) man +page</ulink>. The following functionality should work in 2.2: +</para> + +<itemizedlist> + <listitem><para> + domain logons for Windows NT 4.0/2000 clients. + </para></listitem> + + <listitem><para> + placing a Windows 9x client in user level security + </para></listitem> + + <listitem><para> + retrieving a list of users and groups from a Samba PDC to + Windows 9x/NT/2000 clients + </para></listitem> + + <listitem><para> + roving (roaming) user profiles + </para></listitem> + + <listitem><para> + Windows NT 4.0-style system policies + </para></listitem> +</itemizedlist> + + +<para> +The following pieces of functionality are not included in the 2.2 release: +</para> + +<itemizedlist> + <listitem><para> + Windows NT 4 domain trusts + </para></listitem> + + <listitem><para> + SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa) + </para></listitem> + + <listitem><para> + Adding users via the User Manager for Domains + </para></listitem> + + <listitem><para> + Acting as a Windows 2000 Domain Controller (i.e. Kerberos and + Active Directory) + </para></listitem> +</itemizedlist> + +<para> +Please note that Windows 9x clients are not true members of a domain +for reasons outlined in this article. Therefore the protocol for +support Windows 9x-style domain logons is completely different +from NT4 domain logons and has been officially supported for some +time. +</para> + + +<para> +Implementing a Samba PDC can basically be divided into 2 broad +steps. +</para> + +<orderedlist numeration="Arabic"> + <listitem><para> + Configuring the Samba PDC + </para></listitem> + + <listitem><para> + Creating machine trust accounts and joining clients + to the domain + </para></listitem> +</orderedlist> + +<para> +There are other minor details such as user profiles, system +policies, etc... However, these are not necessarily specific +to a Samba PDC as much as they are related to Windows NT networking +concepts. They will be mentioned only briefly here. +</para> + +</sect1> + + +<!-- ********************************************************** + + Configuring the Samba PDC + +*************************************************************** --> + +<sect1> +<title>Configuring the Samba Domain Controller</title> + +<para> +The first step in creating a working Samba PDC is to +understand the parameters necessary in smb.conf. I will not +attempt to re-explain the parameters here as they are more that +adequately covered in <ulink url="smb.conf.5.html"> the smb.conf +man page</ulink>. For convenience, the parameters have been +linked with the actual smb.conf description. +</para> + +<para> +Here is an example <filename>smb.conf</filename> for acting as a PDC: +</para> + +<para><programlisting> +[global] + ; Basic server settings + <ulink url="smb.conf.5.html#NETBIOSNAME">netbios name</ulink> = <replaceable>POGO</replaceable> + <ulink url="smb.conf.5.html#WORKGROUP">workgroup</ulink> = <replaceable>NARNIA</replaceable> + + ; we should act as the domain and local master browser + <ulink url="smb.conf.5.html#OSLEVEL">os level</ulink> = 64 + <ulink url="smb.conf.5.html#PERFERREDMASTER">preferred master</ulink> = yes + <ulink url="smb.conf.5.html#DOMAINMASTER">domain master</ulink> = yes + <ulink url="smb.conf.5.html#LOCALMASTER">local master</ulink> = yes + + ; security settings (must user security = user) + <ulink url="smb.conf.5.html#SECURITYEQUALSUSER">security</ulink> = user + + ; encrypted passwords are a requirement for a PDC + <ulink url="smb.conf.5.html#ENCRYPTPASSWORDS">encrypt passwords</ulink> = yes + + ; support domain logons + <ulink url="smb.conf.5.html#DOMAINLOGONS">domain logons</ulink> = yes + + ; where to store user profiles? + <ulink url="smb.conf.5.html#LOGONPATH">logon path</ulink> = \\%N\profiles\%u + + ; where is a user's home directory and where should it + ; be mounted at? + <ulink url="smb.conf.5.html#LOGONDRIVE">logon drive</ulink> = H: + <ulink url="smb.conf.5.html#LOGONHOME">logon home</ulink> = \\homeserver\%u + + ; specify a generic logon script for all users + ; this is a relative **DOS** path to the [netlogon] share + <ulink url="smb.conf.5.html#LOGONSCRIPT">logon script</ulink> = logon.cmd + +; necessary share for domain controller +[netlogon] + <ulink url="smb.conf.5.html#PATH">path</ulink> = /usr/local/samba/lib/netlogon + <ulink url="smb.conf.5.html#READONLY">read only</ulink> = yes + <ulink url="smb.conf.5.html#WRITELIST">write list</ulink> = <replaceable>ntadmin</replaceable> + +; share for storing user profiles +[profiles] + <ulink url="smb.conf.5.html#PATH">path</ulink> = /export/smb/ntprofile + <ulink url="smb.conf.5.html#READONLY">read only</ulink> = no + <ulink url="smb.conf.5.html#CREATEMASK">create mask</ulink> = 0600 + <ulink url="smb.conf.5.html#DIRECTORYMASK">directory mask</ulink> = 0700 +</programlisting></para> + +<para> +There are a couple of points to emphasize in the above configuration. +</para> + +<itemizedlist> + <listitem><para> + Encrypted passwords must be enabled. For more details on how + to do this, refer to <ulink url="ENCRYPTION.html">ENCRYPTION.html</ulink>. + </para></listitem> + + <listitem><para> + The server must support domain logons and a + <filename>[netlogon]</filename> share + </para></listitem> + + <listitem><para> + The server must be the domain master browser in order for Windows + client to locate the server as a DC. Please refer to the various + Network Browsing documentation included with this distribution for + details. + </para></listitem> +</itemizedlist> + +<para> +As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +<ulink url="smb.conf.5.html#DOMAINADMINGROUP">domain admin +group</ulink> smb.conf parameter for information of creating "Domain +Admins" style accounts. +</para> + +</sect1> + + +<sect1> +<title>Creating Machine Trust Accounts and Joining Clients to the +Domain</title> + +<para> +A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account."</para> + +<para> +The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller. +</para> + +<para>A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + +<itemizedlist> + <listitem><para>A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + <filename>smbpasswd</filename>). The Samba account + possesses and uses only the NT password hash.</para></listitem> + + <listitem><para>A corresponding Unix account, typically stored in + <filename>/etc/passwd</filename>. (Future releases will alleviate the need to + create <filename>/etc/passwd</filename> entries.) </para></listitem> +</itemizedlist> +</para> + +<para> +There are two ways to create machine trust accounts: +</para> + +<itemizedlist> + <listitem><para> Manual creation. Both the Samba and corresponding + Unix account are created by hand.</para></listitem> + + <listitem><para> "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually. </para> + </listitem> + +</itemizedlist> + +<sect2> +<title>Manual Creation of Machine Trust Accounts</title> + +<para> +The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +<filename>/etc/passwd</filename>. This can be done using +<command>vipw</command> or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server: +</para> + +<para> + <prompt>root# </prompt><command>/usr/sbin/useradd -g 100 -d /dev/null -c <replaceable>"machine +nickname"</replaceable> -s /bin/false <replaceable>machine_name</replaceable>$ </command> +</para> +<para> +<prompt>root# </prompt><command>passwd -l <replaceable>machine_name</replaceable>$</command> +</para> + +<para> +The <filename>/etc/passwd</filename> entry will list the machine name +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an +<filename>/etc/passwd</filename> entry like this: +</para> + +<para><programlisting> +doppy$:x:505:501:<replaceable>machine_nickname</replaceable>:/dev/null:/bin/false +</programlisting></para> + +<para> +Above, <replaceable>machine_nickname</replaceable> can be any +descriptive name for the client, i.e., BasementComputer. +<replaceable>machine_name</replaceable> absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account. +</para> + + +<para> +Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the <ulink +url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> command +as shown here: +</para> + +<para> +<prompt>root# </prompt><command>smbpasswd -a -m <replaceable>machine_name</replaceable></command> +</para> + +<para> +where <replaceable>machine_name</replaceable> is the machine's NetBIOS +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account. +</para> + +<warning> + <title>Join the client to the domain immediately</title> + + <para> + Manually creating a machine trust account using this method is the + equivalent of creating a machine trust account on a Windows NT PDC using + the "Server Manager". From the time at which the account is created + to the time which the client joins the domain and changes the password, + your domain is vulnerable to an intruder joining your domain using a + a machine with the same NetBIOS name. A PDC inherently trusts + members of the domain and will serve out a large degree of user + information to such clients. You have been warned! + </para> +</warning> +</sect2> + + +<sect2> +<title>"On-the-Fly" Creation of Machine Trust Accounts</title> + +<para> +The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain. </para> + +<para>Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +<ulink url="smb.conf.5.html#ADDUSERSCRIPT">add user script</ulink> +option in <filename>smb.conf</filename>. This +method is not required, however; corresponding Unix accounts may also +be created manually. +</para> + + +<para>Below is an example for a RedHat 6.2 Linux system. +</para> + +<para><programlisting> +[global] + # <...remainder of parameters...> + add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u +</programlisting></para> + +</sect2> + + +<sect2><title>Joining the Client to the Domain</title> + +<para> +The procedure for joining a client to the domain varies with the +version of Windows. +</para> + +<itemizedlist> +<listitem><para><emphasis>Windows 2000</emphasis></para> + + <para> When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + <filename>/etc/passwd</filename> entry, for security + reasons. </para> + + <para>The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists.</para> +</listitem> + +<listitem><para><emphasis>Windows NT</emphasis></para> + + <para> If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain.</para> + + <para> If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted).</para> +</listitem> +</itemizedlist> + +</sect2> +</sect1> +<!-- ********************************************************** + + Common Problems + +*************************************************************** --> + +<sect1> +<title>Common Problems and Errors</title> + +<para> +</para> +<itemizedlist> +<listitem> + <para> + <emphasis>I cannot include a '$' in a machine name.</emphasis> + </para> + + <para> + A 'machine name' in (typically) <filename>/etc/passwd</> + of the machine name with a '$' appended. FreeBSD (and other BSD + systems?) won't create a user with a '$' in their name. + </para> + + <para> + The problem is only in the program used to make the entry, once + made, it works perfectly. So create a user without the '$' and + use <command>vipw</> to edit the entry, adding the '$'. Or create + the whole entry with vipw if you like, make sure you use a + unique User ID ! + </para> +</listitem> + +<listitem> + <para> + <emphasis>I get told "You already have a connection to the Domain...." + or "Cannot join domain, the credentials supplied conflict with an + existing set.." when creating a machine trust account.</emphasis> + </para> + + <para> + This happens if you try to create a machine trust account from the + machine itself and already have a connection (e.g. mapped drive) + to a share (or IPC$) on the Samba PDC. The following command + will remove all network drive connections: + </para> + + <para> + <prompt>C:\WINNT\></prompt> <command>net use * /d</command> + </para> + + <para> + Further, if the machine is a already a 'member of a workgroup' that + is the same name as the domain you are joining (bad idea) you will + get this message. Change the workgroup name to something else, it + does not matter what, reboot, and try again. + </para> +</listitem> + +<listitem> + <para> + <emphasis>The system can not log you on (C000019B)....</emphasis> + </para> + + <para>I joined the domain successfully but after upgrading + to a newer version of the Samba code I get the message, "The system + can not log you on (C000019B), Please try a gain or consult your + system administrator" when attempting to logon. + </para> + + <para> + This occurs when the domain SID stored in + <filename>private/WORKGROUP.SID</filename> is + changed. For example, you remove the file and <command>smbd</command> automatically + creates a new one. Or you are swapping back and forth between + versions 2.0.7, TNG and the HEAD branch code (not recommended). The + only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. + </para> +</listitem> + +<listitem> + <para> + <emphasis>The machine trust account for this computer either does not + exist or is not accessible.</emphasis> + </para> + + <para> + When I try to join the domain I get the message "The machine account + for this computer either does not exist or is not accessible". What's + wrong? + </para> + + <para> + This problem is caused by the PDC not having a suitable machine trust account. + If you are using the <parameter>add user script</parameter> method to create + accounts then this would indicate that it has not worked. Ensure the domain + admin user system is working. + </para> + + <para> + Alternatively if you are creating account entries manually then they + have not been created correctly. Make sure that you have the entry + correct for the machine trust account in smbpasswd file on the Samba PDC. + If you added the account using an editor rather than using the smbpasswd + utility, make sure that the account name is the machine NetBIOS name + with a '$' appended to it ( i.e. computer_name$ ). There must be an entry + in both /etc/passwd and the smbpasswd file. Some people have reported + that inconsistent subnet masks between the Samba server and the NT + client have caused this problem. Make sure that these are consistent + for both client and server. + </para> +</listitem> + +<listitem> + <para> + <emphasis>When I attempt to login to a Samba Domain from a NT4/W2K workstation, + I get a message about my account being disabled.</emphasis> + </para> + + <para> + This problem is caused by a PAM related bug in Samba 2.2.0. This bug is + fixed in 2.2.1. Other symptoms could be unaccessible shares on + NT/W2K member servers in the domain or the following error in your smbd.log: + passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% + </para> + + <para> + At first be ensure to enable the useraccounts with <command>smbpasswd -e + %user%</command>, this is normally done, when you create an account. + </para> + + <para> + In order to work around this problem in 2.2.0, configure the + <parameter>account</parameter> control flag in + <filename>/etc/pam.d/samba</filename> file as follows: + </para> + + <para><programlisting> + account required pam_permit.so + </programlisting></para> + + <para> + If you want to remain backward compatibility to samba 2.0.x use + <filename>pam_permit.so</filename>, it's also possible to use + <filename>pam_pwdb.so</filename>. There are some bugs if you try to + use <filename>pam_unix.so</filename>, if you need this, be ensure to use + the most recent version of this file. + </para> +</listitem> +</itemizedlist> + +</sect1> + + + +<!-- ********************************************************** + + Policies and Profiles + +*************************************************************** --> + +<sect1> +<title> +System Policies and Profiles +</title> + +<para> +Much of the information necessary to implement System Policies and +Roving User Profiles in a Samba domain is the same as that for +implementing these same items in a Windows NT 4.0 domain. +You should read the white paper <ulink url="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp">Implementing +Profiles and Policies in Windows NT 4.0</ulink> available from Microsoft. +</para> + +<para> +Here are some additional details: +</para> + +<itemizedlist> + +<listitem> + <para> + <emphasis>What about Windows NT Policy Editor?</emphasis> + </para> + + <para> + To create or edit <filename>ntconfig.pol</filename> you must use + the NT Server Policy Editor, <command>poledit.exe</command> which + is included with NT Server but <emphasis>not NT Workstation</emphasis>. + There is a Policy Editor on a NTws + but it is not suitable for creating <emphasis>Domain Policies</emphasis>. + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need <filename>poledit.exe, common.adm</> and <filename>winnt.adm</>. It is convenient + to put the two *.adm files in <filename>c:\winnt\inf</> which is where + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'. + </para> + + <para> + The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using <command>servicepackname /x</command>, + i.e. that's <command>Nt4sp6ai.exe /x</command> for service pack 6a. The policy editor, + <command>poledit.exe</command> and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft. + </para> +</listitem> + + +<listitem> + <para> + <emphasis>Can Win95 do Policies?</emphasis> + </para> + + <para> + Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. + Install group policies on a Win9x client by double-clicking + <filename>grouppol.inf</filename>. Log off and on again a couple of + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... + </para> + + <para> + If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group. + </para> +</listitem> + + +<listitem> + <para> + <emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis> + </para> + + <para> + Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager'? + </para> + + <para> + Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes + </para> + + <itemizedlist> + <listitem><para>Server Manager</para></listitem> + + <listitem><para>User Manager for Domains</para></listitem> + + <listitem><para>Event Viewer</para></listitem> + </itemizedlist> + + <para> + Click here to download the archived file <ulink + url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink> + </para> + + <para> + The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink> + </para> +</listitem> +</itemizedlist> + +</sect1> + + + +<!-- ********************************************************** + + Getting Help + +*************************************************************** --> + + +<sect1> +<title>What other help can I get? </title> + +<para> +There are many sources of information available in the form +of mailing lists, RFC's and documentation. The docs that come +with the samba distribution contain very good explanations of +general SMB topics such as browsing.</para> + +<itemizedlist> +<listitem> + <para> + <emphasis>What are some diagnostics tools I can use to debug the domain logon + process and where can I find them?</emphasis> + </para> + + <para> + One of the best diagnostic tools for debugging problems is Samba itself. + You can use the -d option for both smbd and nmbd to specify what + 'debug level' at which to run. See the man pages on smbd, nmbd and + smb.conf for more information on debugging options. The debug + level can range from 1 (the default) to 10 (100 for debugging passwords). + </para> + + <para> + Another helpful method of debugging is to compile samba using the + <command>gcc -g </command> flag. This will include debug + information in the binaries and allow you to attach gdb to the + running smbd / nmbd process. In order to attach gdb to an smbd + process for an NT workstation, first get the workstation to make the + connection. Pressing ctrl-alt-delete and going down to the domain box + is sufficient (at least, on the first time you join the domain) to + generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation + maintains an open connection, and therefore there will be an smbd + process running (assuming that you haven't set a really short smbd + idle timeout) So, in between pressing ctrl alt delete, and actually + typing in your password, you can gdb attach and continue. + </para> + + <para> + Some useful samba commands worth investigating: + </para> + + <itemizedlist> + <listitem><para>testparam | more</para></listitem> + <listitem><para>smbclient -L //{netbios name of server}</para></listitem> + </itemizedlist> + + <para> + An SMB enabled version of tcpdump is available from + <ulink url="http://www.tcpdump.org/">http://www.tcpdup.org/</ulink>. + Ethereal, another good packet sniffer for Unix and Win32 + hosts, can be downloaded from <ulink + url="http://www.ethereal.com/">http://www.ethereal.com</ulink>. + </para> + + <para> + For tracing things on the Microsoft Windows NT, Network Monitor + (aka. netmon) is available on the Microsoft Developer Network CD's, + the Windows NT Server install CD and the SMS CD's. The version of + netmon that ships with SMS allows for dumping packets between any two + computers (i.e. placing the network interface in promiscuous mode). + The version on the NT Server install CD will only allow monitoring + of network traffic directed to the local NT box and broadcasts on the + local subnet. Be aware that Ethereal can read and write netmon + formatted files. + </para> +</listitem> + + +<listitem> + <para> + <emphasis>How do I install 'Network Monitor' on an NT Workstation + or a Windows 9x box?</emphasis> + </para> + + <para> + Installing netmon on an NT workstation requires a couple + of steps. The following are for installing Netmon V4.00.349, which comes + with Microsoft Windows NT Server 4.0, on Microsoft Windows NT + Workstation 4.0. The process should be similar for other version of + Windows NT / Netmon. You will need both the Microsoft Windows + NT Server 4.0 Install CD and the Workstation 4.0 Install CD. + </para> + + <para> + Initially you will need to install 'Network Monitor Tools and Agent' + on the NT Server. To do this + </para> + + <itemizedlist> + <listitem><para>Goto Start - Settings - Control Panel - + Network - Services - Add </para></listitem> + + <listitem><para>Select the 'Network Monitor Tools and Agent' and + click on 'OK'.</para></listitem> + + <listitem><para>Click 'OK' on the Network Control Panel. + </para></listitem> + + <listitem><para>Insert the Windows NT Server 4.0 install CD + when prompted.</para></listitem> + </itemizedlist> + + <para> + At this point the Netmon files should exist in + <filename>%SYSTEMROOT%\System32\netmon\*.*</filename>. + Two subdirectories exist as well, <filename>parsers\</filename> + which contains the necessary DLL's for parsing the netmon packet + dump, and <filename>captures\</filename>. + </para> + + <para> + In order to install the Netmon tools on an NT Workstation, you will + first need to install the 'Network Monitor Agent' from the Workstation + install CD. + </para> + + <itemizedlist> + <listitem><para>Goto Start - Settings - Control Panel - + Network - Services - Add</para></listitem> + + <listitem><para>Select the 'Network Monitor Agent' and click + on 'OK'.</para></listitem> + + <listitem><para>Click 'OK' on the Network Control Panel. + </para></listitem> + + <listitem><para>Insert the Windows NT Workstation 4.0 install + CD when prompted.</para></listitem> + </itemizedlist> + + + <para> + Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* + to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set + permissions as you deem appropriate for your site. You will need + administrative rights on the NT box to run netmon. + </para> + + <para> + To install Netmon on a Windows 9x box install the network monitor agent + from the Windows 9x CD (\admin\nettools\netmon). There is a readme + file located with the netmon driver files on the CD if you need + information on how to do this. Copy the files from a working + Netmon installation. + </para> +</listitem> + + + + +<listitem> + <para> + The following is a list if helpful URLs and other links: + </para> + + <itemizedlist> + + <listitem><para>Home of Samba site <ulink url="http://samba.org"> + http://samba.org</ulink>. We have a mirror near you !</para></listitem> + + <listitem><para> The <emphasis>Development</emphasis> document + on the Samba mirrors might mention your problem. If so, + it might mean that the developers are working on it.</para></listitem> + + <listitem><para>See how Scott Merrill simulates a BDC behavior at + <ulink url="http://www.skippy.net/linux/smb-howto.html"> + http://www.skippy.net/linux/smb-howto.html</>. </para></listitem> + + <listitem><para>Although 2.0.7 has almost had its day as a PDC, David Bannon will + keep the 2.0.7 PDC pages at <ulink url="http://bioserve.latrobe.edu.au/samba"> + http://bioserve.latrobe.edu.au/samba</ulink> going for a while yet.</para></listitem> + + <listitem><para>Misc links to CIFS information + <ulink url="http://samba.org/cifs/">http://samba.org/cifs/</ulink></para></listitem> + + <listitem><para>NT Domains for Unix <ulink url="http://mailhost.cb1.com/~lkcl/ntdom/"> + http://mailhost.cb1.com/~lkcl/ntdom/</ulink></para></listitem> + + <listitem><para>FTP site for older SMB specs: + <ulink url="ftp://ftp.microsoft.com/developr/drg/CIFS/"> + ftp://ftp.microsoft.com/developr/drg/CIFS/</ulink></para></listitem> + + </itemizedlist> +</listitem> +</itemizedlist> + + +<itemizedlist> +<listitem> + <para> + <emphasis>How do I get help from the mailing lists?</emphasis> + </para> + + <para> + There are a number of Samba related mailing lists. Go to <ulink + url="http://samba.org">http://samba.org</ulink>, click on your nearest mirror + and then click on <command>Support</> and then click on <command> + Samba related mailing lists</>. + </para> + + <para> + For questions relating to Samba TNG go to + <ulink url="http://www.samba-tng.org/">http://www.samba-tng.org/</ulink> + It has been requested that you don't post questions about Samba-TNG to the + main stream Samba lists.</para> + + <para> + If you post a message to one of the lists please observe the following guide lines : + </para> + + <itemizedlist> + + <listitem><para> Always remember that the developers are volunteers, they are + not paid and they never guarantee to produce a particular feature at + a particular time. Any time lines are 'best guess' and nothing more. + </para></listitem> + + <listitem><para> Always mention what version of samba you are using and what + operating system its running under. You should probably list the + relevant sections of your smb.conf file, at least the options + in [global] that affect PDC support.</para></listitem> + + <listitem><para>In addition to the version, if you obtained Samba via + CVS mention the date when you last checked it out.</para></listitem> + + <listitem><para> Try and make your question clear and brief, lots of long, + convoluted questions get deleted before they are completely read ! + Don't post html encoded messages (if you can select colour or font + size its html).</para></listitem> + + <listitem><para> If you run one of those nifty 'I'm on holidays' things when + you are away, make sure its configured to not answer mailing lists. + </para></listitem> + + <listitem><para> Don't cross post. Work out which is the best list to post to + and see what happens, i.e. don't post to both samba-ntdom and samba-technical. + Many people active on the lists subscribe to more + than one list and get annoyed to see the same message two or more times. + Often someone will see a message and thinking it would be better dealt + with on another, will forward it on for you.</para></listitem> + + <listitem><para>You might include <emphasis>partial</emphasis> + log files written at a debug level set to as much as 20. + Please don't send the entire log but enough to give the context of the + error messages.</para></listitem> + + <listitem><para>(Possibly) If you have a complete netmon trace ( from the opening of + the pipe to the error ) you can send the *.CAP file as well.</para></listitem> + + <listitem><para>Please think carefully before attaching a document to an email. + Consider pasting the relevant parts into the body of the message. The samba + mailing lists go to a huge number of people, do they all need a copy of your + smb.conf in their attach directory?</para></listitem> + + </itemizedlist> +</listitem> + + +<listitem> + <para> + <emphasis>How do I get off the mailing lists?</emphasis> + </para> + + <para>To have your name removed from a samba mailing list, go to the + same place you went to to get on it. Go to <ulink + url="http://lists.samba.org/">http://lists.samba.org</ulink>, + click on your nearest mirror and then click on <command>Support</> and + then click on <command> Samba related mailing lists</>. Or perhaps see + <ulink url="http://lists.samba.org/mailman/roster/samba-ntdom">here</ulink> + </para> + + <para> + Please don't post messages to the list asking to be removed, you will just + be referred to the above address (unless that process failed in some way...) + </para> +</listitem> +</itemizedlist> + +</sect1> + + +<!-- ********************************************************** + + Windows 9x domain control + +*************************************************************** --> +<sect1> +<title>Domain Control for Windows 9x/ME</title> + +<note> +<para> +The following section contains much of the original +DOMAIN.txt file previously included with Samba. Much of +the material is based on what went into the book <emphasis>Special +Edition, Using Samba</emphasis>, by Richard Sharpe. +</para> +</note> + +<para> +A domain and a workgroup are exactly the same thing in terms of network +browsing. The difference is that a distributable authentication +database is associated with a domain, for secure login access to a +network. Also, different access rights can be granted to users if they +successfully authenticate against a domain logon server (NT server and +other systems based on NT server support this, as does at least Samba TNG now). +</para> + +<para> +The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +Network browsing functionality of domains and workgroups is +identical and is explained in BROWSING.txt. It should be noted, that browsing +is totally orthogonal to logon support. +</para> + +<para> +Issues related to the single-logon network model are discussed in this +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section. +</para> + + +<para> +When an SMB client in a domain wishes to logon it broadcast requests for a +logon server. The first one to reply gets the job, and validates its +password using whatever mechanism the Samba administrator has installed. +It is possible (but very stupid) to create a domain where the user +database is not shared between servers, i.e. they are effectively workgroup +servers advertising themselves as participating in a domain. This +demonstrates how authentication is quite different from but closely +involved with domains. +</para> + + +<para> +Using these features you can make your clients verify their logon via +the Samba server; make clients run a batch file when they logon to +the network and download their preferences, desktop and start menu. +</para> + +<para> +Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon: +</para> + +<orderedlist> +<listitem> + <para> + The client broadcasts (to the IP broadcast address of the subnet it is in) + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the + NetBIOS layer. The client chooses the first response it receives, which + contains the NetBIOS name of the logon server to use in the format of + \\SERVER. + </para> +</listitem> + +<listitem> + <para> + The client then connects to that server, logs on (does an SMBsessetupX) and + then connects to the IPC$ share (using an SMBtconX). + </para> +</listitem> + +<listitem> + <para> + The client then does a NetWkstaUserLogon request, which retrieves the name + of the user's logon script. + </para> +</listitem> + +<listitem> + <para> + The client then connects to the NetLogon share and searches for this + and if it is found and can be read, is retrieved and executed by the client. + After this, the client disconnects from the NetLogon share. + </para> +</listitem> + +<listitem> + <para> + The client then sends a NetUserGetInfo request to the server, to retrieve + the user's home share, which is used to search for profiles. Since the + response to the NetUserGetInfo request does not contain much more + the user's home share, profiles for Win9X clients MUST reside in the user + home directory. + </para> +</listitem> + +<listitem> + <para> + The client then connects to the user's home share and searches for the + user's profile. As it turns out, you can specify the user's home share as + a sharename and path. For example, \\server\fred\.profile. + If the profiles are found, they are implemented. + </para> +</listitem> + +<listitem> + <para> + The client then disconnects from the user's home share, and reconnects to + the NetLogon share and looks for CONFIG.POL, the policies file. If this is + found, it is read and implemented. + </para> +</listitem> +</orderedlist> + + +<sect2> +<title>Configuration Instructions: Network Logons</title> + +<para> +The main difference between a PDC and a Windows 9x logon +server configuration is that +</para> + +<itemizedlist> + +<listitem><para> +Password encryption is not required for a Windows 9x logon server. +</para></listitem> + +<listitem><para> +Windows 9x/ME clients do not possess machine trust accounts. +</para></listitem> + +</itemizedlist> + +<para> +Therefore, a Samba PDC will also act as a Windows 9x logon +server. +</para> + + +<warning> +<title>security mode and master browsers</title> + +<para> +There are a few comments to make in order to tie up some +loose ends. There has been much debate over the issue of whether +or not it is ok to configure Samba as a Domain Controller in security +modes other than <constant>USER</constant>. The only security mode +which will not work due to technical reasons is <constant>SHARE</constant> +mode security. <constant>DOMAIN</constant> and <constant>SERVER</constant> +mode security is really just a variation on SMB user level security. +</para> + +<para> +Actually, this issue is also closely tied to the debate on whether +or not Samba must be the domain master browser for its workgroup +when operating as a DC. While it may technically be possible +to configure a server as such (after all, browsing and domain logons +are two distinctly different functions), it is not a good idea to +so. You should remember that the DC must register the DOMAIN#1b NetBIOS +name. This is the name used by Windows clients to locate the DC. +Windows clients do not distinguish between the DC and the DMB. +For this reason, it is very wise to configure the Samba DC as the DMB. +</para> + +<para> +Now back to the issue of configuring a Samba DC to use a mode other +than "security = user". If a Samba host is configured to use +another SMB server or DC in order to validate user connection +requests, then it is a fact that some other machine on the network +(the "password server") knows more about user than the Samba host. +99% of the time, this other host is a domain controller. Now +in order to operate in domain mode security, the "workgroup" parameter +must be set to the name of the Windows NT domain (which already +has a domain controller, right?) +</para> + +<para> +Therefore configuring a Samba box as a DC for a domain that +already by definition has a PDC is asking for trouble. +Therefore, you should always configure the Samba DC to be the DMB +for its domain. +</para> +</warning> + +</sect2> + + +<sect2> +<title>Configuration Instructions: Setting up Roaming User Profiles</title> + +<warning> +<para> +<emphasis>NOTE!</emphasis> Roaming profiles support is different +for Win9X and WinNT. +</para> +</warning> + +<para> +Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features. +</para> + +<para> +Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory. +</para> + + +<para> +WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT. +</para> + + + +<sect3> +<title>Windows NT Configuration</title> + +<para> +To support WinNT clients, in the [global] section of smb.conf set the +following (for example): +</para> + +<para><programlisting> +logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath +</programlisting></para> + +<para> +The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable. +</para> + +<note> +<para> +[lkcl 26aug96 - we have discovered a problem where Windows clients can +maintain a connection to the [homes] share in between logins. The +[homes] share must NOT therefore be used in a profile path.] +</para> +</note> + +</sect3> + + +<sect3> +<title>Windows 9X Configuration</title> + +<para> +To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use/home" now works as well, and it, too, relies +on the "logon home" parameter. +</para> + +<para> +By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file: +</para> + +<para><programlisting> +logon home = \\%L\%U\.profiles +</programlisting></para> + +<para> +then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden). +</para> + +<para> +Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home". +</para> + + +</sect3> + + +<sect3> +<title>Win9X and WinNT Configuration</title> + +<para> +You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example: +</para> + +<para><programlisting> +logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U +</programlisting></para> + +<note> +<para> +I have not checked what 'net use /home' does on NT when "logon home" is +set as above. +</para> +</note> +</sect3> + + + +<sect3> +<title>Windows 9X Profile Setup</title> + +<para> +When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders. +</para> + + +<para> +The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file. +</para> + +<orderedlist> +<listitem> + <para> + On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. + </para> +</listitem> + + +<listitem> + <para> + On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. + </para> +</listitem> + +</orderedlist> + +<para> +Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me. +</para> + +<para> +You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password. +</para> + +<para> +Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'. +</para> + +<para> +Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created. +</para> + +<para> +These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set. +</para> + +<para> +If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server. +</para> + +<para> +If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time". +</para> + +<orderedlist> +<listitem> + <para> + instead of logging in under the [user, password, domain] dialog, + press escape. + </para> +</listitem> + +<listitem> + <para> + run the regedit.exe program, and look in: + </para> + + <para> + HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + </para> + + <para> + you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. + </para> + + <para> + [Exit the registry editor]. + </para> +</listitem> + +<listitem> + <para> + <emphasis>WARNING</emphasis> - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). + </para> + + <para> + This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. + </para> +</listitem> + +<listitem> + <para> + search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. + </para> +</listitem> + + +<listitem> + <para> + log off the windows 95 client. + </para> +</listitem> + +<listitem> + <para> + check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. + </para> +</listitem> + +</orderedlist> + +<para> +If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports. +</para> + +<para> +If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace. +</para> + +</sect3> + + +<sect3> +<title>Windows NT Workstation 4.0</title> + +<para> +When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter. +</para> + +<note> +<para> +[lkcl 10aug97 - i tried setting the path to +\\samba-server\homes\profile, and discovered that this fails because +a background process maintains the connection to the [homes] share +which does _not_ close down in between user logins. you have to +have \\samba-server\%L\profile, where user is the username created +from the [homes] share]. +</para> +</note> + +<para> +There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter. +</para> + +<para> +The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension) +[lkcl 10aug97 - i found that the creation of the .PDS directory failed, +and had to create these manually for each user, with a shell script. +also, i presume, but have not tested, that the full profile path must +be browseable just as it is for w95, due to the manner in which they +attempt to create the full profile path: test existence of each path +component; create path component]. +</para> + +<para> +In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown. +</para> + +<para> +You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one. +</para> + +<note> +<para> +[lkcl 10aug97 - i notice that NT Workstation tells me that it is +downloading a profile from a slow link. whether this is actually the +case, or whether there is some configuration issue, as yet unknown, +that makes NT Workstation _think_ that the link is a slow one is a +matter to be resolved]. +</para> + +<para> +[lkcl 20aug97 - after samba digest correspondence, one user found, and +another confirmed, that profiles cannot be loaded from a samba server +unless "security = user" and "encrypt passwords = yes" (see the file +ENCRYPTION.txt) or "security = server" and "password server = ip.address. +of.yourNTserver" are used. Either of these options will allow the NT +workstation to access the samba server using LAN manager encrypted +passwords, without the user intervention normally required by NT +workstation for clear-text passwords]. +</para> + +<para> +[lkcl 25aug97 - more comments received about NT profiles: the case of +the profile _matters_. the file _must_ be called NTuser.DAT or, for +a mandatory profile, NTuser.MAN]. +</para> +</note> + +</sect3> + + +<sect3> +<title>Windows NT Server</title> + +<para> +There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords. +</para> + +</sect3> + + +<sect3> +<title>Sharing Profiles between W95 and NT Workstation 4.0</title> + +<warning> +<title>Potentially outdated or incorrect material follows</title> +<para> +I think this is all bogus, but have not deleted it. (Richard Sharpe) +</para> +</warning> + +<para> +The default logon path is \\%N\U%. NT Workstation will attempt to create +a directory "\\samba-server\username.PDS" if you specify the logon path +as "\\samba-server\username" with the NT User Manager. Therefore, you +will need to specify (for example) "\\samba-server\username\profile". +NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which +is more likely to succeed. +</para> + +<para> +If you then want to share the same Start Menu / Desktop with W95, you will +need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 +this has its drawbacks: i created a shortcut to telnet.exe, which attempts +to run from the c:\winnt\system32 directory. this directory is obviously +unlikely to exist on a Win95-only host]. +</para> + +<para> + +If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory. +</para> + +<note> +<para> +[lkcl 25aug97 - there are some issues to resolve with downloading of +NT profiles, probably to do with time/date stamps. i have found that +NTuser.DAT is never updated on the workstation after the first time that +it is copied to the local workstation profile directory. this is in +contrast to w95, where it _does_ transfer / update profiles correctly]. +</para> +</note> + +</sect3> + +</sect2> +</sect1> + + +<!-- ********************************************************** + + Appendix - DOMAIN_CONTROL.txt + +*************************************************************** --> + +<sect1> +<title> +DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba +</title> + +<warning> + <title>Possibly Outdated Material</title> + + <para> + This appendix was originally authored by John H Terpstra of + the Samba Team and is included here for posterity. + </para> +</warning> + + +<para> +<emphasis>NOTE :</emphasis> +The term "Domain Controller" and those related to it refer to one specific +method of authentication that can underly an SMB domain. Domain Controllers +prior to Windows NT Server 3.1 were sold by various companies and based on +private extensions to the LAN Manager 2.1 protocol. Windows NT introduced +Microsoft-specific ways of distributing the user authentication database. +See DOMAIN.txt for examples of how Samba can participate in or create +SMB domains based on shared authentication database schemes other than the +Windows NT SAM. +</para> + +<para> +Windows NT Server can be installed as either a plain file and print server +(WORKGROUP workstation or server) or as a server that participates in Domain +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT. +</para> + +<para> +To many people these terms can be confusing, so let's try to clear the air. +</para> + +<para> +Every Windows NT system (workstation or server) has a registry database. +The registry contains entries that describe the initialization information +for all services (the equivalent of Unix Daemons) that run within the Windows +NT environment. The registry also contains entries that tell application +software where to find dynamically loadable libraries that they depend upon. +In fact, the registry contains entries that describes everything that anything +may need to know to interact with the rest of the system. +</para> + +<para> +The registry files can be located on any Windows NT machine by opening a +command prompt and typing: +</para> + +<para> +<prompt>C:\WINNT\></prompt> dir %SystemRoot%\System32\config +</para> + +<para> +The environment variable %SystemRoot% value can be obtained by typing: +</para> + +<para> +<prompt>C:\WINNT></prompt>echo %SystemRoot% +</para> + +<para> +The active parts of the registry that you may want to be familiar with are +the files called: default, system, software, sam and security. +</para> + +<para> +In a domain environment, Microsoft Windows NT domain controllers participate +in replication of the SAM and SECURITY files so that all controllers within +the domain have an exactly identical copy of each. +</para> + +<para> +The Microsoft Windows NT system is structured within a security model that +says that all applications and services must authenticate themselves before +they can obtain permission from the security manager to do what they set out +to do. +</para> + +<para> +The Windows NT User database also resides within the registry. This part of +the registry contains the user's security identifier, home directory, group +memberships, desktop profile, and so on. +</para> + +<para> +Every Windows NT system (workstation as well as server) will have its own +registry. Windows NT Servers that participate in Domain Security control +have a database that they share in common - thus they do NOT own an +independent full registry database of their own, as do Workstations and +plain Servers. +</para> + +<para> +The User database is called the SAM (Security Access Manager) database and +is used for all user authentication as well as for authentication of inter- +process authentication (i.e. to ensure that the service action a user has +requested is permitted within the limits of that user's privileges). +</para> + +<para> +The Samba team have produced a utility that can dump the Windows NT SAM into +smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and +/pub/samba/pwdump on your nearest Samba mirror for the utility. This +facility is useful but cannot be easily used to implement SAM replication +to Samba systems. +</para> + +<para> +Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers +can participate in a Domain security system that is controlled by Windows NT +servers that have been correctly configured. Almost every domain will have +ONE Primary Domain Controller (PDC). It is desirable that each domain will +have at least one Backup Domain Controller (BDC). +</para> + +<para> +The PDC and BDCs then participate in replication of the SAM database so that +each Domain Controlling participant will have an up to date SAM component +within its registry. +</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml new file mode 100644 index 0000000000..90d4843577 --- /dev/null +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -0,0 +1,451 @@ +<chapter id="install"> + +<title>How to Install and Test SAMBA</title> + +<sect1> + <title>Step 0: Read the man pages</title> + + <para>The man pages distributed with SAMBA contain + lots of useful info that will help to get you started. + If you don't know how to read man pages then try + something like:</para> + + <para><prompt>$ </prompt><userinput>nroff -man smbd.8 | more + </userinput></para> + + <para>Other sources of information are pointed to + by the Samba web site,<ulink url="http://www.samba.org/"> + http://www.samba.org</ulink></para> +</sect1> + +<sect1> + <title>Step 1: Building the Binaries</title> + + <para>To do this, first run the program <command>./configure + </command> in the source directory. This should automatically + configure Samba for your operating system. If you have unusual + needs then you may wish to run</para> + + <para><prompt>root# </prompt><userinput>./configure --help + </userinput></para> + + <para>first to see what special options you can enable. + Then executing</para> + + <para><prompt>root# </prompt><userinput>make</userinput></para> + + <para>will create the binaries. Once it's successfully + compiled you can use </para> + + <para><prompt>root# </prompt><userinput>make install</userinput></para> + + <para>to install the binaries and manual pages. You can + separately install the binaries and/or man pages using</para> + + <para><prompt>root# </prompt><userinput>make installbin + </userinput></para> + + <para>and</para> + + <para><prompt>root# </prompt><userinput>make installman + </userinput></para> + + <para>Note that if you are upgrading for a previous version + of Samba you might like to know that the old versions of + the binaries will be renamed with a ".old" extension. You + can go back to the previous version with</para> + + <para><prompt>root# </prompt><userinput>make revert + </userinput></para> + + <para>if you find this version a disaster!</para> +</sect1> + +<sect1> + <title>Step 2: The all important step</title> + + <para>At this stage you must fetch yourself a + coffee or other drink you find stimulating. Getting the rest + of the install right can sometimes be tricky, so you will + probably need it.</para> + + <para>If you have installed samba before then you can skip + this step.</para> +</sect1> + +<sect1> + <title>Step 3: Create the smb configuration file. </title> + + <para>There are sample configuration files in the examples + subdirectory in the distribution. I suggest you read them + carefully so you can see how the options go together in + practice. See the man page for all the options.</para> + + <para>The simplest useful configuration file would be + something like this:</para> + + <para><programlisting> + [global] + workgroup = MYGROUP + + [homes] + guest ok = no + read only = no + </programlisting</para> + + <para>which would allow connections by anyone with an + account on the server, using either their login name or + "homes" as the service name. (Note that I also set the + workgroup that Samba is part of. See BROWSING.txt for details)</para> + + <para>Note that <command>make install</command> will not install + a <filename>smb.conf</filename> file. You need to create it + yourself. </para> + + <para>Make sure you put the smb.conf file in the same place + you specified in the<filename>Makefile</filename> (the default is to + look for it in <filename>/usr/local/samba/lib/</filename>).</para> + + <para>For more information about security settings for the + [homes] share please refer to the document UNIX_SECURITY.txt.</para> +</sect1> + +<sect1> + <title>Step 4: Test your config file with + <command>testparm</command></title> + + <para>It's important that you test the validity of your + <filename>smb.conf</filename> file using the testparm program. + If testparm runs OK then it will list the loaded services. If + not it will give an error message.</para> + + <para>Make sure it runs OK and that the services look + reasonable before proceeding. </para> + +</sect1> + +<sect1> + <title>Step 5: Starting the smbd and nmbd</title> + + <para>You must choose to start smbd and nmbd either + as daemons or from <command>inetd</command>. Don't try + to do both! Either you can put them in <filename> + inetd.conf</filename> and have them started on demand + by <command>inetd</command>, or you can start them as + daemons either from the command line or in <filename> + /etc/rc.local</filename>. See the man pages for details + on the command line options. Take particular care to read + the bit about what user you need to be in order to start + Samba. In many cases you must be root.</para> + + <para>The main advantage of starting <command>smbd</command> + and <command>nmbd</command> using the recommended daemon method + is that they will respond slightly more quickly to an initial connection + request.</para> + + <sect2> + <title>Step 5a: Starting from inetd.conf</title> + + <para>NOTE; The following will be different if + you use NIS or NIS+ to distributed services maps.</para> + + <para>Look at your <filename>/etc/services</filename>. + What is defined at port 139/tcp. If nothing is defined + then add a line like this:</para> + + <para><userinput>netbios-ssn 139/tcp</userinput></para> + + <para>similarly for 137/udp you should have an entry like:</para> + + <para><userinput>netbios-ns 137/udp</userinput></para> + + <para>Next edit your <filename>/etc/inetd.conf</filename> + and add two lines something like this:</para> + + <para><programlisting> + netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd + netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd + </programlisting></para> + + <para>The exact syntax of <filename>/etc/inetd.conf</filename> + varies between unixes. Look at the other entries in inetd.conf + for a guide.</para> + + <para>NOTE: Some unixes already have entries like netbios_ns + (note the underscore) in <filename>/etc/services</filename>. + You must either edit <filename>/etc/services</filename> or + <filename>/etc/inetd.conf</filename> to make them consistent.</para> + + <para>NOTE: On many systems you may need to use the + "interfaces" option in smb.conf to specify the IP address + and netmask of your interfaces. Run <command>ifconfig</command> + as root if you don't know what the broadcast is for your + net. <command>nmbd</command> tries to determine it at run + time, but fails on some unixes. See the section on "testing nmbd" + for a method of finding if you need to do this.</para> + + <para>!!!WARNING!!! Many unixes only accept around 5 + parameters on the command line in <filename>inetd.conf</filename>. + This means you shouldn't use spaces between the options and + arguments, or you should use a script, and start the script + from <command>inetd</command>.</para> + + <para>Restart <command>inetd</command>, perhaps just send + it a HUP. If you have installed an earlier version of <command> + nmbd</command> then you may need to kill nmbd as well.</para> + </sect2> + + <sect2> + <title>Step 5b. Alternative: starting it as a daemon</title> + + <para>To start the server as a daemon you should create + a script something like this one, perhaps calling + it <filename>startsmb</filename>.</para> + + <para><programlisting> + #!/bin/sh + /usr/local/samba/bin/smbd -D + /usr/local/samba/bin/nmbd -D + </programlisting></para> + + <para>then make it executable with <command>chmod + +x startsmb</command></para> + + <para>You can then run <command>startsmb</command> by + hand or execute it from <filename>/etc/rc.local</filename> + </para> + + <para>To kill it send a kill signal to the processes + <command>nmbd</command> and <command>smbd</command>.</para> + + <para>NOTE: If you use the SVR4 style init system then + you may like to look at the <filename>examples/svr4-startup</filename> + script to make Samba fit into that system.</para> + </sect2> +</sect1> + +<sect1> + <title>Step 6: Try listing the shares available on your + server</title> + + <para><prompt>$ </prompt><userinput>smbclient -L + <replaceable>yourhostname</replaceable></userinput></para> + + <para>Your should get back a list of shares available on + your server. If you don't then something is incorrectly setup. + Note that this method can also be used to see what shares + are available on other LanManager clients (such as WfWg).</para> + + <para>If you choose user level security then you may find + that Samba requests a password before it will list the shares. + See the <command>smbclient</command> man page for details. (you + can force it to list the shares without a password by + adding the option -U% to the command line. This will not work + with non-Samba servers)</para> +</sect1> + +<sect1> + <title>Step 7: Try connecting with the unix client</title> + + <para><prompt>$ </prompt><userinput>smbclient <replaceable> + //yourhostname/aservice</replaceable></userinput></para> + + <para>Typically the <replaceable>yourhostname</replaceable> + would be the name of the host where you installed <command> + smbd</command>. The <replaceable>aservice</replaceable> is + any service you have defined in the <filename>smb.conf</filename> + file. Try your user name if you just have a [homes] section + in <filename>smb.conf</filename>.</para> + + <para>For example if your unix host is bambi and your login + name is fred you would type:</para> + + <para><prompt>$ </prompt><userinput>smbclient //bambi/fred + </userinput></para> +</sect1> + +<sect1> + <title>Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client</title> + + <para>Try mounting disks. eg:</para> + + <para><prompt>C:\WINDOWS\> </prompt><userinput>net use d: \\servername\service + </userinput></para> + + <para>Try printing. eg:</para> + + <para><prompt>C:\WINDOWS\> </prompt><userinput>net use lpt1: + \\servername\spoolservice</userinput></para> + + <para><prompt>C:\WINDOWS\> </prompt><userinput>print filename + </userinput></para> + + <para>Celebrate, or send me a bug report!</para> +</sect1> + +<sect1> + <title>What If Things Don't Work?</title> + + <para>If nothing works and you start to think "who wrote + this pile of trash" then I suggest you do step 2 again (and + again) till you calm down.</para> + + <para>Then you might read the file DIAGNOSIS.txt and the + FAQ. If you are still stuck then try the mailing list or + newsgroup (look in the README for details). Samba has been + successfully installed at thousands of sites worldwide, so maybe + someone else has hit your problem and has overcome it. You could + also use the WWW site to scan back issues of the samba-digest.</para> + + <para>When you fix the problem PLEASE send me some updates to the + documentation (or source code) so that the next person will find it + easier. </para> + + <sect2> + <title>Diagnosing Problems</title> + + <para>If you have installation problems then go to + <filename>DIAGNOSIS.txt</filename> to try to find the + problem.</para> + </sect2> + + <sect2> + <title>Scope IDs</title> + + <para>By default Samba uses a blank scope ID. This means + all your windows boxes must also have a blank scope ID. + If you really want to use a non-blank scope ID then you will + need to use the -i <scope> option to nmbd, smbd, and + smbclient. All your PCs will need to have the same setting for + this to work. I do not recommend scope IDs.</para> + </sect2> + + + <sect2> + <title>Choosing the Protocol Level</title> + + <para>The SMB protocol has many dialects. Currently + Samba supports 5, called CORE, COREPLUS, LANMAN1, + LANMAN2 and NT1.</para> + + <para>You can choose what maximum protocol to support + in the <filename>smb.conf</filename> file. The default is + NT1 and that is the best for the vast majority of sites.</para> + + <para>In older versions of Samba you may have found it + necessary to use COREPLUS. The limitations that led to + this have mostly been fixed. It is now less likely that you + will want to use less than LANMAN1. The only remaining advantage + of COREPLUS is that for some obscure reason WfWg preserves + the case of passwords in this protocol, whereas under LANMAN1, + LANMAN2 or NT1 it uppercases all passwords before sending them, + forcing you to use the "password level=" option in some cases.</para> + + <para>The main advantage of LANMAN2 and NT1 is support for + long filenames with some clients (eg: smbclient, Windows NT + or Win95). </para> + + <para>See the smb.conf(5) manual page for more details.</para> + + <para>Note: To support print queue reporting you may find + that you have to use TCP/IP as the default protocol under + WfWg. For some reason if you leave Netbeui as the default + it may break the print queue reporting on some systems. + It is presumably a WfWg bug.</para> + </sect2> + + <sect2> + <title>Printing from UNIX to a Client PC</title> + + <para>To use a printer that is available via a smb-based + server from a unix host you will need to compile the + smbclient program. You then need to install the script + "smbprint". Read the instruction in smbprint for more details. + </para> + + <para>There is also a SYSV style script that does much + the same thing called smbprint.sysv. It contains instructions.</para> + </sect2> + + <sect2> + <title>Locking</title> + + <para>One area which sometimes causes trouble is locking.</para> + + <para>There are two types of locking which need to be + performed by a SMB server. The first is "record locking" + which allows a client to lock a range of bytes in a open file. + The second is the "deny modes" that are specified when a file + is open.</para> + + <para>Record locking semantics under Unix is very + different from record locking under Windows. Versions + of Samba before 2.2 have tried to use the native + fcntl() unix system call to implement proper record + locking between different Samba clients. This can not + be fully correct due to several reasons. The simplest + is the fact that a Windows client is allowed to lock a + byte range up to 2^32 or 2^64, depending on the client + OS. The unix locking only supports byte ranges up to + 2^31. So it is not possible to correctly satisfy a + lock request above 2^31. There are many more + differences, too many to be listed here.</para> + + <para>Samba 2.2 and above implements record locking + completely independent of the underlying unix + system. If a byte range lock that the client requests + happens to fall into the range 0-2^31, Samba hands + this request down to the Unix system. All other locks + can not be seen by unix anyway.</para> + + <para>Strictly a SMB server should check for locks before + every read and write call on a file. Unfortunately with the + way fcntl() works this can be slow and may overstress the + rpc.lockd. It is also almost always unnecessary as clients + are supposed to independently make locking calls before reads + and writes anyway if locking is important to them. By default + Samba only makes locking calls when explicitly asked + to by a client, but if you set "strict locking = yes" then it will + make lock checking calls on every read and write. </para> + + <para>You can also disable by range locking completely + using "locking = no". This is useful for those shares that + don't support locking or don't need it (such as cdroms). In + this case Samba fakes the return codes of locking calls to + tell clients that everything is OK.</para> + + <para>The second class of locking is the "deny modes". These + are set by an application when it opens a file to determine + what types of access should be allowed simultaneously with + its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE + or DENY_ALL. There are also special compatibility modes called + DENY_FCB and DENY_DOS.</para> + + <para>You can disable share modes using "share modes = no". + This may be useful on a heavily loaded server as the share + modes code is very slow. See also the FAST_SHARE_MODES + option in the Makefile for a way to do full share modes + very fast using shared memory (if your OS supports it).</para> + </sect2> + + <sect2> + <title>Mapping Usernames</title> + + <para>If you have different usernames on the PCs and + the unix server then take a look at the "username map" option. + See the smb.conf man page for details.</para> + </sect2> + + <sect2> + <title>Other Character Sets</title> + + <para>If you have problems using filenames with accented + characters in them (like the German, French or Scandinavian + character sets) then I recommend you look at the "valid chars" + option in smb.conf and also take a look at the validchars + package in the examples directory.</para> + </sect2> + +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/msdfs_setup.sgml b/docs/docbook/projdoc/msdfs_setup.sgml new file mode 100644 index 0000000000..35c9d40840 --- /dev/null +++ b/docs/docbook/projdoc/msdfs_setup.sgml @@ -0,0 +1,117 @@ +<chapter id="msdfs"> + +<chapterinfo> + <author> + <firstname>Shirish</firstname><surname>Kalele</surname> + <affiliation> + <orgname>Samba Team & Veritas Software</orgname> + <address> + <email>samba@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate>12 Jul 200</pubdate> +</chapterinfo> + + +<title>Hosting a Microsoft Distributed File System tree on Samba</title> + +<sect1> + + <title>Instructions</title> + + <para>The Distributed File System (or Dfs) provides a means of + separating the logical view of files and directories that users + see from the actual physical locations of these resources on the + network. It allows for higher availability, smoother storage expansion, + load balancing etc. For more information about Dfs, refer to <ulink + url="http://www.microsoft.com/NTServer/nts/downloads/winfeatures/NTSDistrFile/AdminGuide.asp"> + Microsoft documentation</ulink>. </para> + + <para>This document explains how to host a Dfs tree on a Unix + machine (for Dfs-aware clients to browse) using Samba.</para> + + <para>To enable SMB-based DFS for Samba, configure it with the + <parameter>--with-msdfs</parameter> option. Once built, a + Samba server can be made a Dfs server by setting the global + boolean <ulink url="smb.conf.5.html#HOSTMSDFS"><parameter> + host msdfs</parameter></ulink> parameter in the <filename>smb.conf + </filename> file. You designate a share as a Dfs root using the share + level boolean <ulink url="smb.conf.5.html#MSDFSROOT"><parameter> + msdfs root</parameter></ulink> parameter. A Dfs root directory on + Samba hosts Dfs links in the form of symbolic links that point + to other servers. For example, a symbolic link + <filename>junction->msdfs:storage1\share1</filename> in + the share directory acts as the Dfs junction. When Dfs-aware + clients attempt to access the junction link, they are redirected + to the storage location (in this case, \\storage1\share1).</para> + + <para>Dfs trees on Samba work with all Dfs-aware clients ranging + from Windows 95 to 2000.</para> + + <para>Here's an example of setting up a Dfs tree on a Samba + server.</para> + + <para><programlisting> +# The smb.conf file: +[global] + netbios name = SAMBA + host msdfs = yes + +[dfs] + path = /export/dfsroot + msdfs root = yes + </programlisting></para> + + + <para>In the /export/dfsroot directory we set up our dfs links to + other servers on the network.</para> + + <para><prompt>root# </prompt><userinput>cd /export/dfsroot</userinput></para> + <para><prompt>root# </prompt><userinput>chown root /export/dfsroot</userinput></para> + <para><prompt>root# </prompt><userinput>chmod 755 /export/dfsroot</userinput></para> + <para><prompt>root# </prompt><userinput>ln -s msdfs:storageA\\shareA linka</userinput></para> + <para><prompt>root# </prompt><userinput>ln -s msdfs:serverB\\share,serverC\\share linkb</userinput></para> + + + <para>You should set up the permissions and ownership of + the directory acting as the Dfs root such that only designated + users can create, delete or modify the msdfs links. Also note + that symlink names should be all lowercase. This limitation exists + to have Samba avoid trying all the case combinations to get at + the link name. Finally set up the symbolic links to point to the + network shares you want, and start Samba.</para> + + <para>Users on Dfs-aware clients can now browse the Dfs tree + on the Samba server at \\samba\dfs. Accessing + links linka or linkb (which appear as directories to the client) + takes users directly to the appropriate shares on the network.</para> + + <sect2> + <title>Notes</title> + + <itemizedlist> + <listitem><para>Windows clients need to be rebooted + if a previously mounted non-dfs share is made a dfs + root or vice versa. A better way is to introduce a + new share and make it the dfs root.</para> + </listitem> + + <listitem><para>Currently there's a restriction that msdfs + symlink names should all be lowercase.</para> + </listitem> + + <listitem><para>For security purposes, the directory + acting as the root of the Dfs tree should have ownership + and permissions set so that only designated users can + modify the symbolic links in the directory.</para> + </listitem> + </itemizedlist> + </sect2> +</sect1> + + + +</chapter> diff --git a/docs/docbook/projdoc/printer_driver2.sgml b/docs/docbook/projdoc/printer_driver2.sgml new file mode 100644 index 0000000000..84a24bcdef --- /dev/null +++ b/docs/docbook/projdoc/printer_driver2.sgml @@ -0,0 +1,689 @@ +<chapter id="printing"> + + +<chapterinfo> + <author> + <firstname>Gerald (Jerry)</firstname><surname>Carter</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jerry@samba.org</email> + </address> + </affiliation> + </author> + + + <pubdate> (3 May 2001) </pubdate> +</chapterinfo> + +<title>Printing Support in Samba 2.2.x</title> + +<sect1> +<title>Introduction</title> + +<para>Beginning with the 2.2.0 release, Samba supports +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls.</para> + +<para>The additional functionality provided by the new +SPOOLSS support includes:</para> + +<itemizedlist> + <listitem><para>Support for downloading printer driver + files to Windows 95/98/NT/2000 clients upon demand. + </para></listitem> + + <listitem><para>Uploading of printer drivers via the + Windows NT Add Printer Wizard (APW) or the + Imprints tool set (refer to <ulink + url="http://imprints.sourceforge.net">http://imprints.sourceforge.net</ulink>). + </para></listitem> + + <listitem><para>Support for the native MS-RPC printing + calls such as StartDocPrinter, EnumJobs(), etc... (See + the MSDN documentation at <ulink + url="http://msdn.microsoft.com/">http://msdn.microsoft.com/</ulink> + for more information on the Win32 printing API) + </para></listitem> + + <listitem><para>Support for NT Access Control Lists (ACL) + on printer objects</para></listitem> + + <listitem><para>Improved support for printer queue manipulation + through the use of an internal databases for spooled job + information</para></listitem> +</itemizedlist> + +<para> +There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients +require that the Samba server possess a valid driver for the printer. +This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients +can use the local APW for installing drivers to be used with a Samba +served printer. This is the same behavior exhibited by Windows 9x clients. +As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients. +</para> + +<para> +The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: <emphasis>How to Add Printers with No User +Interaction in Windows 2000</emphasis> +</para> + +<para> +<ulink url="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP">http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</ulink> +</para> + +</sect1> + + +<sect1> +<title>Configuration</title> + +<warning> +<title>[print$] vs. [printer$]</title> + +<para> +Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads. +</para> + +<para> +However, the initial implementation allowed for a +parameter named <parameter>printer driver location</parameter> +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named <parameter>printer driver</parameter> provided +a means of defining the printer driver name to be sent to +the client. +</para> + +<para> +These parameters, including <parameter>printer driver +file</parameter> parameter, are being depreciated and should not +be used in new installations. For more information on this change, +you should refer to the <link linkend="MIGRATION">Migration section</link> +of this document. +</para> +</warning> + +<sect2> +<title>Creating [print$]</title> + +<para> +In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download). +</para> + +<para>You should modify the server's smb.conf file to add the global +parameters and to create the +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site):</para> + +<para><programlisting> +[global] + ; members of the ntadmin group should be able + ; to add drivers and set printer properties + ; root is implicitly a 'printer admin' + printer admin = @ntadmin + +[print$] + path = /usr/local/samba/printers + guest ok = yes + browseable = yes + read only = yes + ; since this share is configured as read only, then we need + ; a 'write list'. Check the file system permissions to make + ; sure this account can copy files to the share. If this + ; is setup to a non-root account, then it should also exist + ; as a 'printer admin' + write list = @ntadmin,root +</programlisting></para> + +<para>The <ulink url="smb.conf.5.html#WRITELIST"><parameter> +write list</parameter></ulink> is used to allow administrative +level user accounts to have write access in order to update files +on the share. See the <ulink url="smb.conf.5.html">smb.conf(5) +man page</ulink> for more information on configuring file shares.</para> + +<para>The requirement for <ulink url="smb.conf.5.html#GUESTOK"><command>guest +ok = yes</command></ulink> depends upon how your +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue.</para> + +<note> +<title>Author's Note</title> + +<para> +The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add <ulink +url="smb.conf.5.html#MAPTOGUEST"><command>map to guest = Bad User +</command></ulink> in the [global] section as well. Make sure +you understand what this parameter does before using it +though. --jerry +</para> +</note> + +<para>In order for a Windows NT print server to support +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well.</para> + +<para>Next create the directory tree below the [print$] share +for each architecture you wish to support.</para> + +<para><programlisting> +[print$]----- + |-W32X86 ; "Windows NT x86" + |-WIN40 ; "Windows 95/98" + |-W32ALPHA ; "Windows NT Alpha_AXP" + |-W32MIPS ; "Windows NT R4000" + |-W32PPC ; "Windows NT PowerPC" +</programlisting></para> + +<warning> +<title>ATTENTION! REQUIRED PERMISSIONS</title> + +<para> +In order to currently add a new driver to you Samba host, +one of two conditions must hold true: +</para> + +<itemizedlist> + <listitem><para>The account used to connect to the Samba host + must have a uid of 0 (i.e. a root account)</para></listitem> + + <listitem><para>The account used to connect to the Samba host + must be a member of the <ulink + url="smb.conf.5.html#PRINTERADMIN"><parameter>printer + admin</parameter></ulink> list.</para></listitem> +</itemizedlist> + +<para> +Of course, the connected account must still possess access +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default. +</para> +</warning> + + +<para> +Once you have created the required [print$] service and +associated subdirectories, simply log onto the Samba server using +a root (or <parameter>printer admin</parameter>) account +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers +that matches the printer shares defined on your Samba host. +</para> +</sect2> + +<sect2> +<title>Setting Drivers for Existing Printers</title> + +<para>The initial listing of printers in the Samba host's +Printers folder will have no real printer driver assigned +to them. By default, in Samba 2.2.0 this driver name was set to +<emphasis>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</emphasis>. +Later versions changed this to a NULL string to allow the use +tof the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message:</para> + +<para> +<emphasis>Device settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now?</emphasis> +</para> + +<para> +Click "No" in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a +printer is to either +</para> + +<itemizedlist> + <listitem><para>Use the "New Driver..." button to install + a new printer driver, or</para></listitem> + + <listitem><para>Select a driver from the popup list of + installed drivers. Initially this list will be empty.</para> + </listitem> +</itemizedlist> + +<para>If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog.</para> + +<para>Assuming you have connected with a root account, you +will also be able modify other printer properties such as +ACLs and device settings using this dialog box.</para> + +<para>A few closing comments for this section, it is possible +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +<filename>smb.conf</filename>.</para> + +<para>Another interesting side note is that Windows NT clients do +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group. +</para> + +</sect2> + + +<sect2> +<title>Support a large number of printers</title> + +<para>One issue that has arisen during the development +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the <ulink url="rpcclient.1.html"><command>rpcclient's +setdriver command</command></ulink> can be used to set the driver +associated with an installed driver. The following is example +of how this could be accomplished:</para> + +<para><programlisting> +<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumdrivers" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] + +[Windows NT x86] +Printer Driver Info 1: + Driver Name: [HP LaserJet 4000 Series PS] + +Printer Driver Info 1: + Driver Name: [HP LaserJet 2100 Series PS] + +Printer Driver Info 1: + Driver Name: [HP LaserJet 4Si/4SiMX PS] + +<prompt>$ </prompt>rpcclient pogo -U root%secret -c "enumprinters" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] + flags:[0x800000] + name:[\\POGO\hp-print] + description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] + comment:[] + +<prompt>$ </prompt>rpcclient pogo -U root%secret \ +<prompt>> </prompt> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] +Successfully set hp-print to driver HP LaserJet 4000 Series PS. +</programlisting></para> +</sect2> + + + +<sect2> +<title>Adding New Printers via the Windows NT APW</title> + +<para> +By default, Samba offers all printer shares defined in <filename>smb.conf</filename> +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if +</para> + +<itemizedlist> + <listitem><para>The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + privileges (i.e. root or <parameter>printer admin</parameter>). + </para></listitem> + + <listitem><para><ulink url="smb.conf.5.html#SHOWADDPRINTERWIZARD"><parameter>show + add printer wizard = yes</parameter></ulink> (the default). + </para></listitem> +</itemizedlist> + +<para> +In order to be able to use the APW to successfully add a printer to a Samba +server, the <ulink url="smb.conf.5.html#ADDPRINTERCOMMAND"><parameter>add +printer command</parameter></ulink> must have a defined value. The program +hook must successfully add the printer to the system (i.e. +<filename>/etc/printcap</filename> or appropriate files) and +<filename>smb.conf</filename> if necessary. +</para> + +<para> +When using the APW from a client, if the named printer share does +not exist, <command>smbd</command> will execute the <parameter>add printer +command</parameter> and reparse to the <filename>smb.conf</filename> +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +<parameter>add printer program</parameter> is executed under the context +of the connected user, not necessarily a root account. +</para> + +<para> +There is a complementing <ulink url="smb.conf.5.html#DELETEPRINTERCOMMAND"><parameter>delete +printer command</parameter></ulink> for removing entries from the "Printers..." +folder. +</para> + +</sect2> + + +<sect2> +<title>Samba and Printer Ports</title> + +<para> +Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients. +</para> + +<para> +Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over. +</para> + +<para> +If you require that multiple ports be defined for some reason, +<filename>smb.conf</filename> possesses a <ulink +url="smb.conf.5.html#ENUMPORTSCOMMAND"><parameter>enumports +command</parameter></ulink> which can be used to define an external program +that generates a listing of ports on a system. +</para> + +</sect2> + +</sect1> + + +<sect1> + <title>The Imprints Toolset</title> + + <para>The Imprints tool set provides a UNIX equivalent of the + Windows NT Add Printer Wizard. For complete information, please + refer to the Imprints web site at <ulink url="http://imprints.sourceforge.net/"> + http://imprints.sourceforge.net/</ulink> as well as the documentation + included with the imprints source distribution. This section will + only provide a brief introduction to the features of Imprints.</para> + + + <sect2> + <title>What is Imprints?</title> + + <para>Imprints is a collection of tools for supporting the goals + of</para> + + <itemizedlist> + <listitem><para>Providing a central repository information + regarding Windows NT and 95/98 printer driver packages</para> + </listitem> + + <listitem><para>Providing the tools necessary for creating + the Imprints printer driver packages.</para></listitem> + + <listitem><para>Providing an installation client which + will obtain and install printer drivers on remote Samba + and Windows NT 4 print servers.</para></listitem> + </itemizedlist> + + </sect2> + + + <sect2> + <title>Creating Printer Driver Packages</title> + + <para>The process of creating printer driver packages is beyond + the scope of this document (refer to Imprints.txt also included + with the Samba distribution for more information). In short, + an Imprints driver package is a gzipped tarball containing the + driver files, related INF files, and a control file needed by the + installation client.</para> + </sect2> + + + <sect2> + <title>The Imprints server</title> + + <para>The Imprints server is really a database server that + may be queried via standard HTTP mechanisms. Each printer + entry in the database has an associated URL for the actual + downloading of the package. Each package is digitally signed + via GnuPG which can be used to verify that package downloaded + is actually the one referred in the Imprints database. It is + <emphasis>not</emphasis> recommended that this security check + be disabled.</para> + </sect2> + + <sect2> + <title>The Installation Client</title> + + <para>More information regarding the Imprints installation client + is available in the <filename>Imprints-Client-HOWTO.ps</filename> + file included with the imprints source package.</para> + + <para>The Imprints installation client comes in two forms.</para> + + <itemizedlist> + <listitem><para>a set of command line Perl scripts</para> + </listitem> + + <listitem><para>a GTK+ based graphical interface to + the command line perl scripts</para></listitem> + </itemizedlist> + + <para>The installation client (in both forms) provides a means + of querying the Imprints database server for a matching + list of known printer model names as well as a means to + download and install the drivers on remote Samba and Windows + NT print servers.</para> + + <para>The basic installation process is in four steps and + perl code is wrapped around <command>smbclient</command> + and <command>rpcclient</command>.</para> + +<para><programlisting> +foreach (supported architecture for a given driver) +{ + 1. rpcclient: Get the appropriate upload directory + on the remote server + 2. smbclient: Upload the driver files + 3. rpcclient: Issues an AddPrinterDriver() MS-RPC +} + +4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually + create the printer +</programlisting></para> + + <para>One of the problems encountered when implementing + the Imprints tool set was the name space issues between + various supported client architectures. For example, Windows + NT includes a driver named "Apple LaserWriter II NTX v51.8" + and Windows 95 calls its version of this driver "Apple + LaserWriter II NTX"</para> + + <para>The problem is how to know what client drivers have + been uploaded for a printer. As astute reader will remember + that the Windows NT Printer Properties dialog only includes + space for one printer driver name. A quick look in the + Windows NT 4.0 system registry at</para> + + <para><filename>HKLM\System\CurrentControlSet\Control\Print\Environment + </filename></para> + + <para>will reveal that Windows NT always uses the NT driver + name. This is ok as Windows NT always requires that at least + the Windows NT version of the printer driver is present. + However, Samba does not have the requirement internally. + Therefore, how can you use the NT driver name if is has not + already been installed?</para> + + <para>The way of sidestepping this limitation is to require + that all Imprints printer driver packages include both the Intel + Windows NT and 95/98 printer drivers and that NT driver is + installed first.</para> + </sect2> + +</sect1> + + +<sect1> +<title><anchor id="MIGRATION">Migration to from Samba 2.0.x to 2.2.x</title> + +<para> +Given that printer driver management has changed (we hope improved) in +2.2 over prior releases, migration from an existing setup to 2.2 can +follow several paths. Here are the possible scenarios for +migration: +</para> + +<itemizedlist> + <listitem><para>If you do not desire the new Windows NT + print driver support, nothing needs to be done. + All existing parameters work the same.</para></listitem> + + <listitem><para>If you want to take advantage of NT printer + driver support but do not want to migrate the + 9x drivers to the new setup, the leave the existing + <filename>printers.def</filename> file. When smbd attempts + to locate a + 9x driver for the printer in the TDB and fails it + will drop down to using the printers.def (and all + associated parameters). The <command>make_printerdef</command> + tool will also remain for backwards compatibility but will + be removed in the next major release.</para></listitem> + + <listitem><para>If you install a Windows 9x driver for a printer + on your Samba host (in the printing TDB), this information will + take precedence and the three old printing parameters + will be ignored (including print driver location).</para></listitem> + + <listitem><para>If you want to migrate an existing <filename>printers.def</filename> + file into the new setup, the current only solution is to use the Windows + NT APW to install the NT drivers and the 9x drivers. This can be scripted + using <command>smbclient</command> and <command>rpcclient</command>. See the + Imprints installation client at <ulink + url="http://imprints.sourceforge.net/">http://imprints.sourceforge.net/</ulink> + for an example. + </para></listitem> +</itemizedlist> + + +<warning> +<title>Achtung!</title> + +<para> +The following <filename>smb.conf</filename> parameters are considered to +be deprecated and will be removed soon. Do not use them in new +installations +</para> + +<itemizedlist> + <listitem><para><parameter>printer driver file (G)</parameter> + </para></listitem> + + <listitem><para><parameter>printer driver (S)</parameter> + </para></listitem> + + <listitem><para><parameter>printer driver location (S)</parameter> + </para></listitem> +</itemizedlist> +</warning> + + +<para> +The have been two new parameters add in Samba 2.2.2 to for +better support of Samba 2.0.x backwards capability (<parameter>disable +spoolss</parameter>) and for using local printers drivers on Windows +NT/2000 clients (<parameter>use client driver</parameter>). Both of +these options are described in the smb.coinf(5) man page and are +disabled by default. +</para> + + +</sect1> + + +<!-- + + This comment from rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex() + needs to be added into a section probably. This is to remind me it needs + to be done. -jerry + + /* + * If the openprinterex rpc call contains a devmode, + * it's a per-user one. This per-user devmode is derivated + * from the global devmode. Openprinterex() contains a per-user + * devmode for when you do EMF printing and spooling. + * In the EMF case, the NT workstation is only doing half the job + * of rendering the page. The other half is done by running the printer + * driver on the server. + * The EMF file doesn't contain the page description (paper size, orientation, ...). + * The EMF file only contains what is to be printed on the page. + * So in order for the server to know how to print, the NT client sends + * a devicemode attached to the openprinterex call. + * But this devicemode is short lived, it's only valid for the current print job. + * + * If Samba would have supported EMF spooling, this devicemode would + * have been attached to the handle, to sent it to the driver to correctly + * rasterize the EMF file. + * + * As Samba only supports RAW spooling, we only receive a ready-to-print file, + * we just act as a pass-thru between windows and the printer. + * + * In order to know that Samba supports only RAW spooling, NT has to call + * getprinter() at level 2 (attribute field) or NT has to call startdoc() + * and until NT sends a RAW job, we refuse it. + * + * But to call getprinter() or startdoc(), you first need a valid handle, + * and to get an handle you have to call openprintex(). Hence why you have + * a devicemode in the openprinterex() call. + * + * + * Differences between NT4 and NT 2000. + * NT4: + * + * On NT4, you only have a global devicemode. This global devicemode can be changed + * by the administrator (or by a user with enough privs). Every time a user + * wants to print, the devicemode is reset to the default. In Word, every time + * you print, the printer's characteristics are always reset to the global devicemode. + * + * NT 2000: + * + * In W2K, there is the notion of per-user devicemode. The first time you use + * a printer, a per-user devicemode is build from the global devicemode. + * If you change your per-user devicemode, it is saved in the registry, under the + * H_KEY_CURRENT_KEY sub_tree. So that every time you print, you have your default + * printer preferences available. + * + * To change the per-user devicemode: it's the "Printing Preferences ..." button + * on the General Tab of the printer properties windows. + * + * To change the global devicemode: it's the "Printing Defaults..." button + * on the Advanced Tab of the printer properties window. +--> + +</chapter> diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml new file mode 100644 index 0000000000..28baa7f609 --- /dev/null +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -0,0 +1,77 @@ +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ +<!ENTITY UNIX-INSTALL SYSTEM "UNIX_INSTALL.sgml"> +<!ENTITY ENCRYPTION SYSTEM "ENCRYPTION.sgml"> +<!ENTITY MS-Dfs-Setup SYSTEM "msdfs_setup.sgml"> +<!ENTITY PRINTER-DRIVER2 SYSTEM "printer_driver2.sgml"> +<!ENTITY DOMAIN-MEMBER SYSTEM "DOMAIN_MEMBER.sgml"> +<!ENTITY WINBIND SYSTEM "winbind.sgml"> +<!ENTITY NT-Security SYSTEM "NT_Security.sgml"> +<!ENTITY OS2-Client SYSTEM "OS2-Client-HOWTO.sgml"> +<!ENTITY Samba-PDC-HOWTO SYSTEM "Samba-PDC-HOWTO.sgml"> +<!ENTITY Samba-BDC-HOWTO SYSTEM "Samba-BDC-HOWTO.sgml"> +<!ENTITY CVS-Access SYSTEM "CVS-Access.sgml"> +<!ENTITY IntegratingWithWindows SYSTEM "Integrating-with-Windows.sgml"> +<!ENTITY Samba-PAM SYSTEM "PAM-Authentication-And-Samba.sgml"> +<!ENTITY Samba-LDAP SYSTEM "Samba-LDAP-HOWTO.sgml"> +<!ENTITY INDEX-FILE SYSTEM "index.sgml"> +]> + +<book id="Samba-Project-Documentation"> + +<title>SAMBA Project Documentation</title> + +<bookinfo> + <author> + <surname>SAMBA Team</surname> + </author> + <address><email>samba@samba.org</email></address> +</bookinfo> + +<dedication> +<title>Abstract</title> + +<para> +<emphasis>Last Update</emphasis> : Mon Apr 1 08:47:26 CST 2002 +</para> + +<para> +This book is a collection of HOWTOs added to Samba documentation over the years. +I try to ensure that all are current, but sometimes the is a larger job +than one person can maintain. The most recent version of this document +can be found at <ulink url="http://www.samba.org/">http://www.samba.org/</ulink> +on the "Documentation" page. Please send updates to <ulink +url="mailto:jerry@samba.org">jerry@samba.org</ulink>. +</para> + +<para> +This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at <ulink +url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</ulink> +</para> + +<para> +Cheers, jerry +</para> + +</dedication> + +<!-- Chapters --> +&UNIX-INSTALL; +&IntegratingWithWindows; +&Samba-PAM; +&MS-Dfs-Setup; +&NT-Security; +&PRINTER-DRIVER2; +&DOMAIN-MEMBER; +&Samba-PDC-HOWTO; +&Samba-BDC-HOWTO; +&Samba-LDAP; +&WINBIND; +&OS2-Client; +&CVS-Access; + +<!-- Autogenerated Index --> +&INDEX-FILE; + +</book> diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml new file mode 100644 index 0000000000..fc8d8d52a1 --- /dev/null +++ b/docs/docbook/projdoc/winbind.sgml @@ -0,0 +1,919 @@ +<chapter id="winbind"> + + +<chapterinfo> + <author> + <firstname>Tim</firstname><surname>Potter</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>tpot@linuxcare.com.au</email></address> + </affiliation> + </author> + <author> + <firstname>Andrew</firstname><surname>Trigdell</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address><email>tridge@linuxcare.com.au</email></address> + </affiliation> + </author> + <author> + <firstname>John</firstname><surname>Trostel</surname> + <affiliation> + <orgname>Snapserver</orgname> + <address><email>jtrostel@snapserver.com</email></address> + </affiliation> + </author> + + + <pubdate>16 Oct 2000</pubdate> +</chapterinfo> + +<title>Unified Logons between Windows NT and UNIX using Winbind</title> + +<sect1> + <title>Abstract</title> + + <para>Integration of UNIX and Microsoft Windows NT through + a unified logon has been considered a "holy grail" in heterogeneous + computing environments for a long time. We present + <emphasis>winbind</emphasis>, a component of the Samba suite + of programs as a solution to the unified logon problem. Winbind + uses a UNIX implementation + of Microsoft RPC calls, Pluggable Authentication Modules, and the Name + Service Switch to allow Windows NT domain users to appear and operate + as UNIX users on a UNIX machine. This paper describes the winbind + system, explaining the functionality it provides, how it is configured, + and how it works internally.</para> +</sect1> + + +<sect1> + <title>Introduction</title> + + <para>It is well known that UNIX and Microsoft Windows NT have + different models for representing user and group information and + use different technologies for implementing them. This fact has + made it difficult to integrate the two systems in a satisfactory + manner.</para> + + <para>One common solution in use today has been to create + identically named user accounts on both the UNIX and Windows systems + and use the Samba suite of programs to provide file and print services + between the two. This solution is far from perfect however, as + adding and deleting users on both sets of machines becomes a chore + and two sets of passwords are required both of which + can lead to synchronization problems between the UNIX and Windows + systems and confusion for users.</para> + + <para>We divide the unified logon problem for UNIX machines into + three smaller problems:</para> + + <itemizedlist> + <listitem><para>Obtaining Windows NT user and group information + </para></listitem> + + <listitem><para>Authenticating Windows NT users + </para></listitem> + + <listitem><para>Password changing for Windows NT users + </para></listitem> + </itemizedlist> + + + <para>Ideally, a prospective solution to the unified logon problem + would satisfy all the above components without duplication of + information on the UNIX machines and without creating additional + tasks for the system administrator when maintaining users and + groups on either system. The winbind system provides a simple + and elegant solution to all three components of the unified logon + problem.</para> +</sect1> + + +<sect1> + <title>What Winbind Provides</title> + + <para>Winbind unifies UNIX and Windows NT account management by + allowing a UNIX box to become a full member of a NT domain. Once + this is done the UNIX box will see NT users and groups as if + they were native UNIX users and groups, allowing the NT domain + to be used in much the same manner that NIS+ is used within + UNIX-only environments.</para> + + <para>The end result is that whenever any + program on the UNIX machine asks the operating system to lookup + a user or group name, the query will be resolved by asking the + NT domain controller for the specified domain to do the lookup. + Because Winbind hooks into the operating system at a low level + (via the NSS name resolution modules in the C library) this + redirection to the NT domain controller is completely + transparent.</para> + + <para>Users on the UNIX machine can then use NT user and group + names as they would use "native" UNIX names. They can chown files + so that they are owned by NT domain users or even login to the + UNIX machine and run a UNIX X-Window session as a domain user.</para> + + <para>The only obvious indication that Winbind is being used is + that user and group names take the form DOMAIN\user and + DOMAIN\group. This is necessary as it allows Winbind to determine + that redirection to a domain controller is wanted for a particular + lookup and which trusted domain is being referenced.</para> + + <para>Additionally, Winbind provides an authentication service + that hooks into the Pluggable Authentication Modules (PAM) system + to provide authentication via a NT domain to any PAM enabled + applications. This capability solves the problem of synchronizing + passwords between systems since all passwords are stored in a single + location (on the domain controller).</para> + + <sect2> + <title>Target Uses</title> + + <para>Winbind is targeted at organizations that have an + existing NT based domain infrastructure into which they wish + to put UNIX workstations or servers. Winbind will allow these + organizations to deploy UNIX workstations without having to + maintain a separate account infrastructure. This greatly + simplifies the administrative overhead of deploying UNIX + workstations into a NT based organization.</para> + + <para>Another interesting way in which we expect Winbind to + be used is as a central part of UNIX based appliances. Appliances + that provide file and print services to Microsoft based networks + will be able to use Winbind to provide seamless integration of + the appliance into the domain.</para> + </sect2> +</sect1> + + + +<sect1> + <title>How Winbind Works</title> + + <para>The winbind system is designed around a client/server + architecture. A long running <command>winbindd</command> daemon + listens on a UNIX domain socket waiting for requests + to arrive. These requests are generated by the NSS and PAM + clients and processed sequentially.</para> + + <para>The technologies used to implement winbind are described + in detail below.</para> + + <sect2> + <title>Microsoft Remote Procedure Calls</title> + + <para>Over the last two years, efforts have been underway + by various Samba Team members to decode various aspects of + the Microsoft Remote Procedure Call (MSRPC) system. This + system is used for most network related operations between + Windows NT machines including remote management, user authentication + and print spooling. Although initially this work was done + to aid the implementation of Primary Domain Controller (PDC) + functionality in Samba, it has also yielded a body of code which + can be used for other purposes.</para> + + <para>Winbind uses various MSRPC calls to enumerate domain users + and groups and to obtain detailed information about individual + users or groups. Other MSRPC calls can be used to authenticate + NT domain users and to change user passwords. By directly querying + a Windows PDC for user and group information, winbind maps the + NT account information onto UNIX user and group names.</para> + </sect2> + + <sect2> + <title>Name Service Switch</title> + + <para>The Name Service Switch, or NSS, is a feature that is + present in many UNIX operating systems. It allows system + information such as hostnames, mail aliases and user information + to be resolved from different sources. For example, a standalone + UNIX workstation may resolve system information from a series of + flat files stored on the local filesystem. A networked workstation + may first attempt to resolve system information from local files, + and then consult a NIS database for user information or a DNS server + for hostname information.</para> + + <para>The NSS application programming interface allows winbind + to present itself as a source of system information when + resolving UNIX usernames and groups. Winbind uses this interface, + and information obtained from a Windows NT server using MSRPC + calls to provide a new source of account enumeration. Using standard + UNIX library calls, one can enumerate the users and groups on + a UNIX machine running winbind and see all users and groups in + a NT domain plus any trusted domain as though they were local + users and groups.</para> + + <para>The primary control file for NSS is + <filename>/etc/nsswitch.conf</filename>. + When a UNIX application makes a request to do a lookup + the C library looks in <filename>/etc/nsswitch.conf</filename> + for a line which matches the service type being requested, for + example the "passwd" service type is used when user or group names + are looked up. This config line species which implementations + of that service should be tried and in what order. If the passwd + config line is:</para> + + <para><command>passwd: files example</command></para> + + <para>then the C library will first load a module called + <filename>/lib/libnss_files.so</filename> followed by + the module <filename>/lib/libnss_example.so</filename>. The + C library will dynamically load each of these modules in turn + and call resolver functions within the modules to try to resolve + the request. Once the request is resolved the C library returns the + result to the application.</para> + + <para>This NSS interface provides a very easy way for Winbind + to hook into the operating system. All that needs to be done + is to put <filename>libnss_winbind.so</filename> in <filename>/lib/</filename> + then add "winbind" into <filename>/etc/nsswitch.conf</filename> at + the appropriate place. The C library will then call Winbind to + resolve user and group names.</para> + </sect2> + + <sect2> + <title>Pluggable Authentication Modules</title> + + <para>Pluggable Authentication Modules, also known as PAM, + is a system for abstracting authentication and authorization + technologies. With a PAM module it is possible to specify different + authentication methods for different system applications without + having to recompile these applications. PAM is also useful + for implementing a particular policy for authorization. For example, + a system administrator may only allow console logins from users + stored in the local password file but only allow users resolved from + a NIS database to log in over the network.</para> + + <para>Winbind uses the authentication management and password + management PAM interface to integrate Windows NT users into a + UNIX system. This allows Windows NT users to log in to a UNIX + machine and be authenticated against a suitable Primary Domain + Controller. These users can also change their passwords and have + this change take effect directly on the Primary Domain Controller. + </para> + + <para>PAM is configured by providing control files in the directory + <filename>/etc/pam.d/</filename> for each of the services that + require authentication. When an authentication request is made + by an application the PAM code in the C library looks up this + control file to determine what modules to load to do the + authentication check and in what order. This interface makes adding + a new authentication service for Winbind very easy, all that needs + to be done is that the <filename>pam_winbind.so</filename> module + is copied to <filename>/lib/security/</filename> and the PAM + control files for relevant services are updated to allow + authentication via winbind. See the PAM documentation + for more details.</para> + </sect2> + + + <sect2> + <title>User and Group ID Allocation</title> + + <para>When a user or group is created under Windows NT + is it allocated a numerical relative identifier (RID). This is + slightly different to UNIX which has a range of numbers that are + used to identify users, and the same range in which to identify + groups. It is winbind's job to convert RIDs to UNIX id numbers and + vice versa. When winbind is configured it is given part of the UNIX + user id space and a part of the UNIX group id space in which to + store Windows NT users and groups. If a Windows NT user is + resolved for the first time, it is allocated the next UNIX id from + the range. The same process applies for Windows NT groups. Over + time, winbind will have mapped all Windows NT users and groups + to UNIX user ids and group ids.</para> + + <para>The results of this mapping are stored persistently in + an ID mapping database held in a tdb database). This ensures that + RIDs are mapped to UNIX IDs in a consistent way.</para> + </sect2> + + + <sect2> + <title>Result Caching</title> + + <para>An active system can generate a lot of user and group + name lookups. To reduce the network cost of these lookups winbind + uses a caching scheme based on the SAM sequence number supplied + by NT domain controllers. User or group information returned + by a PDC is cached by winbind along with a sequence number also + returned by the PDC. This sequence number is incremented by + Windows NT whenever any user or group information is modified. If + a cached entry has expired, the sequence number is requested from + the PDC and compared against the sequence number of the cached entry. + If the sequence numbers do not match, then the cached information + is discarded and up to date information is requested directly + from the PDC.</para> + </sect2> +</sect1> + + +<sect1> + <title>Installation and Configuration</title> + +<para> +Many thanks to John Trostel <ulink +url="mailto:jtrostel@snapserver.com">jtrostel@snapserver.com</ulink> +for providing the HOWTO for this section. +</para> + +<para> +This HOWTO describes how to get winbind services up and running +to control access and authenticate users on your Linux box using +the winbind services which come with SAMBA 2.2.2. +</para> + + +<sect2> +<title>Introduction</title> + +<para> +This HOWTO describes the procedures used to get winbind up and +running on my RedHat 7.1 system. Winbind is capable of providing access +and authentication control for Windows Domain users through an NT +or Win2K PDC for 'regular' services, such as telnet a nd ftp, as +well for SAMBA services. +</para> + +<para> +This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution, you may have to modify the instructions +somewhat to fit the way your distribution works. +</para> + + +<itemizedlist> +<listitem> + <para> + <emphasis>Why should I to this?</emphasis> + </para> + + <para>This allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate + accounts on the SAMBA server. + </para> +</listitem> + +<listitem> + <para> + <emphasis>Who should be reading this document?</emphasis> + </para> + + <para> + This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) + integrate existing NT/Win2K users from your PDC onto the + SAMBA server, this HOWTO is for you. That said, I am no NT or PAM + expert, so you may find a better or easier way to accomplish + these tasks. + </para> +</listitem> +</itemizedlist> +</sect2> + + +<sect2> +<title>Requirements</title> + +<para> +If you have a samba configuration file that you are currently +using... <emphasis>BACK IT UP!</emphasis> If your system already uses PAM, +<emphasis>back up the <filename>/etc/pam.d</filename> directory +contents!</emphasis> If you haven't already made a boot disk, +<emphasis>MAKE ONE NOW!</emphasis> +</para> + +<para> +Messing with the pam configuration files can make it nearly impossible +to log in to yourmachine. That's why you want to be able to boot back +into your machine in single user mode and restore your +<filename>/etc/pam.d</filename> back to the original state they were in if +you get frustrated with the way things are going. ;-) +</para> + +<para> +The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +<ulink url="http://samba.org/">main SAMBA web page</ulink> or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code. +</para> + +<para> +To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your +SAMBA machine, PAM (pluggable authentication modules) must +be setup properly on your machine. In order to compile the +winbind modules, you should have at least the pam libraries resident +on your system. For recent RedHat systems (7.1, for instance), that +means <filename>pam-0.74-22</filename>. For best results, it is helpful to also +install the development packages in <filename>pam-devel-0.74-22</filename>. +</para> + +</sect2> + + +<sect2> +<title>Testing Things Out</title> + +<para> +Before starting, it is probably best to kill off all the SAMBA +related daemons running on your server. Kill off all <command>smbd</command>, +<command>nmbd</command>, and <command>winbindd</command> processes that may +be running. To use PAM, you will want to make sure that you have the +standard PAM package (for RedHat) which supplies the <filename>/etc/pam.d</filename> +directory structure, including the pam modules are used by pam-aware +services, several pam libraries, and the <filename>/usr/doc</filename> +and <filename>/usr/man</filename> entries for pam. Winbind built better +in SAMBA if the pam-devel package was also installed. This package includes +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both <filename>pam-0.74-22</filename> and +<filename>pam-devel-0.74-22</filename> RPMs installed. +</para> + +<sect3> +<title>Configure and compile SAMBA</title> + +<para> +The configuration and compilation of SAMBA is pretty straightforward. +The first three steps may not be necessary depending upon +whether or not you have previously built the Samba binaries. +</para> + +<para><programlisting> +<prompt>root#</prompt> <command>autoconf</command> +<prompt>root#</prompt> <command>make clean</command> +<prompt>root#</prompt> <command>rm config.cache</command> +<prompt>root#</prompt> <command>./configure --with-winbind</command> +<prompt>root#</prompt> <command>make</command> +<prompt>root#</prompt> <command>make install</command> +</programlisting></para> + + +<para> +This will, by default, install SAMBA in <filename>/usr/local/samba</filename>. +See the main SAMBA documentation if you want to install SAMBA somewhere else. +It will also build the winbindd executable and libraries. +</para> + +</sect3> + +<sect3> +<title>Configure <filename>nsswitch.conf</filename> and the +winbind libraries</title> + +<para> +The libraries needed to run the <command>winbindd</command> daemon +through nsswitch need to be copied to their proper locations, so +</para> + +<para> +<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/libnss_winbind.so /lib</command> +</para> + +<para> +I also found it necessary to make the following symbolic link: +</para> + +<para> +<prompt>root#</prompt> <command>ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</command> +</para> + +<para> +Now, as root you need to edit <filename>/etc/nsswitch.conf</filename> to +allow user and group entries to be visible from the <command>winbindd</command> +daemon. My <filename>/etc/nsswitch.conf</filename> file look like +this after editing: +</para> + +<para><programlisting> + passwd: files winbind + shadow: files + group: files winbind +</programlisting></para> + +<para> +The libraries needed by the winbind daemon will be automatically +entered into the <command>ldconfig</command> cache the next time +your system reboots, but it +is faster (and you don't need to reboot) if you do it manually: +</para> + +<para> +<prompt>root#</prompt> <command>/sbin/ldconfig -v | grep winbind</command> +</para> + +<para> +This makes <filename>libnss_winbind</filename> available to winbindd +and echos back a check to you. +</para> + +</sect3> + + +<sect3> +<title>Configure smb.conf</title> + +<para> +Several parameters are needed in the smb.conf file to control +the behavior of <command>winbindd</command>. Configure +<filename>smb.conf</filename> These are described in more detail in +the <ulink url="winbindd.8.html">winbindd(8)</ulink> man page. My +<filename>smb.conf</filename> file was modified to +include the following entries in the [global] section: +</para> + +<para><programlisting> +[global] + <...> + # separate domain and username with '+', like DOMAIN+username + <ulink url="winbindd.8.html#WINBINDSEPARATOR">winbind separator</ulink> = + + # use uids from 10000 to 20000 for domain users + <ulink url="winbindd.8.html#WINBINDUID">winbind uid</ulink> = 10000-20000 + # use gids from 10000 to 20000 for domain groups + <ulink url="winbindd.8.html#WINBINDGID">winbind gid</ulink> = 10000-20000 + # allow enumeration of winbind users and groups + <ulink url="winbindd.8.html#WINBINDENUMUSERS">winbind enum users</ulink> = yes + <ulink url="winbindd.8.html#WINBINDENUMGROUP">winbind enum groups</ulink> = yes + # give winbind users a real shell (only needed if they have telnet access) + <ulink url="winbindd.8.html#TEMPLATEHOMEDIR">template homedir</ulink> = /home/winnt/%D/%U + <ulink url="winbindd.8.html#TEMPLATESHELL">template shell</ulink> = /bin/bash +</programlisting></para> + +</sect3> + + +<sect3> +<title>Join the SAMBA server to the PDC domain</title> + +<para> +Enter the following command to make the SAMBA server join the +PDC domain, where <replaceable>DOMAIN</replaceable> is the name of +your Windows domain and <replaceable>Administrator</replaceable> is +a domain user who has administrative privileges in the domain. +</para> + + +<para> +<prompt>root#</prompt> <command>/usr/local/samba/bin/net rpc join -s PDC -U Administrator</command> +</para> + + +<para> +The proper response to the command should be: "Joined the domain +<replaceable>DOMAIN</replaceable>" where <replaceable>DOMAIN</replaceable> +is your DOMAIN name. +</para> + +</sect3> + + +<sect3> +<title>Start up the winbindd daemon and test it!</title> + +<para> +Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of +SAMBA start, but it is possible to test out just the winbind +portion first. To start up winbind services, enter the following +command as root: +</para> + +<para> +<prompt>root#</prompt> <command>/usr/local/samba/bin/winbindd</command> +</para> + +<para> +I'm always paranoid and like to make sure the daemon +is really running... +</para> + +<para> +<prompt>root#</prompt> <command>ps -ae | grep winbindd</command> +</para> +<para> +This command should produce output like this, if the daemon is running +</para> +<para> +3025 ? 00:00:00 winbindd +</para> + +<para> +Now... for the real test, try to get some information about the +users on your PDC +</para> + +<para> +<prompt>root#</prompt> <command>/usr/local/samba/bin/wbinfo -u</command> +</para> + +<para> +This should echo back a list of users on your Windows users on +your PDC. For example, I get the following response: +</para> + +<para><programlisting> +CEO+Administrator +CEO+burdell +CEO+Guest +CEO+jt-ad +CEO+krbtgt +CEO+TsInternetUser +</programlisting></para> + +<para> +Obviously, I have named my domain 'CEO' and my <parameter>winbind +separator</parameter> is '+'. +</para> + +<para> +You can do the same sort of thing to get group information from +the PDC: +</para> + +<para><programlisting> +<prompt>root#</prompt> <command>/usr/local/samba/bin/wbinfo -g</command> +CEO+Domain Admins +CEO+Domain Users +CEO+Domain Guests +CEO+Domain Computers +CEO+Domain Controllers +CEO+Cert Publishers +CEO+Schema Admins +CEO+Enterprise Admins +CEO+Group Policy Creator Owners +</programlisting></para> + +<para> +The function 'getent' can now be used to get unified +lists of both local and PDC users and groups. +Try the following command: +</para> + +<para> +<prompt>root#</prompt> <command>getent passwd</command> +</para> + +<para> +You should get a list that looks like your <filename>/etc/passwd</filename> +list followed by the domain users with their new uids, gids, home +directories and default shells. +</para> + +<para> +The same thing can be done for groups with the command +</para> + +<para> +<prompt>root#</prompt> <command>getent group</command> +</para> + +</sect3> + + +<sect3> +<title>Fix the <filename>/etc/rc.d/init.d/smb</filename> startup files</title> + +<para> +The <command>winbindd</command> daemon needs to start up after the +<command>smbd</command> and <command>nmbd</command> daemons are running. +To accomplish this task, you need to modify the <filename>/etc/init.d/smb</filename> +script to add commands to invoke this daemon in the proper sequence. My +<filename>/etc/init.d/smb</filename> file starts up <command>smbd</command>, +<command>nmbd</command>, and <command>winbindd</command> from the +<filename>/usr/local/samba/bin</filename> directory directly. The 'start' +function in the script looks like this: +</para> + +<para><programlisting> +start() { + KIND="SMB" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/smbd $SMBDOPTIONS + RETVAL=$? + echo + KIND="NMB" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS + RETVAL2=$? + echo + KIND="Winbind" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/winbindd + RETVAL3=$? + echo + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ + RETVAL=1 + return $RETVAL +} +</programlisting></para> + +<para> +The 'stop' function has a corresponding entry to shut down the +services and look s like this: +</para> + +<para><programlisting> +stop() { + KIND="SMB" + echo -n $"Shutting down $KIND services: " + killproc smbd + RETVAL=$? + echo + KIND="NMB" + echo -n $"Shutting down $KIND services: " + killproc nmbd + RETVAL2=$? + echo + KIND="Winbind" + echo -n $"Shutting down $KIND services: " + killproc winbindd + RETVAL3=$? + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb + echo "" + return $RETVAL +} +</programlisting></para> + +<para> +If you restart the <command>smbd</command>, <command>nmbd</command>, +and <command>winbindd</command> daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user. +</para> + +</sect3> + + + +<sect3> +<title>Configure Winbind and PAM</title> + +<para> +If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in +this step. (Did you remember to make backups of your original +<filename>/etc/pam.d</filename> files? If not, do it now.) +</para> + +<para> +You will need a pam module to use winbindd with these other services. This +module will be compiled in the <filename>../source/nsswitch</filename> directory +by invoking the command +</para> + +<para> +<prompt>root#</prompt> <command>make nsswitch/pam_winbind.so</command> +</para> + +<para> +from the <filename>../source</filename> directory. The +<filename>pam_winbind.so</filename> file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +<filename>/lib/security</filename> directory. +</para> + +<para> +<prompt>root#</prompt> <command>cp ../samba/source/nsswitch/pam_winbind.so /lib/security</command> +</para> + +<para> +The <filename>/etc/pam.d/samba</filename> file does not need to be changed. I +just left this fileas it was: +</para> + + +<para><programlisting> +auth required /lib/security/pam_stack.so service=system-auth +account required /lib/security/pam_stack.so service=system-auth +</programlisting></para> + +<para> +The other services that I modified to allow the use of winbind +as an authentication service were the normal login on the console (or a terminal +session), telnet logins, and ftp service. In order to enable these +services, you may first need to change the entries in +<filename>/etc/xinetd.d</filename> (or <filename>/etc/inetd.conf</filename>). +RedHat 7.1 uses the new xinetd.d structure, in this case you need +to change the lines in <filename>/etc/xinetd.d/telnet</filename> +and <filename>/etc/xinetd.d/wu-ftp</filename> from +</para> + +<para><programlisting> +enable = no +</programlisting></para> + +<para> +to +</para> + +<para><programlisting> +enable = yes +</programlisting></para> + +<para> +For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on +the server, or change the home directory template to a general +directory for all domain users. These can be easily set using +the <filename>smb.conf</filename> global entry +<command>template homedir</command>. +</para> + +<para> +The <filename>/etc/pam.d/ftp</filename> file can be changed +to allow winbind ftp access in a manner similar to the +samba file. My <filename>/etc/pam.d/ftp</filename> file was +changed to look like this: +</para> + +<para><programlisting> +auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_shells.so +account sufficient /lib/security/pam_winbind.so +account required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +</programlisting></para> + +<para> +The <filename>/etc/pam.d/login</filename> file can be changed nearly the +same way. It now looks like this: +</para> + +<para><programlisting> +auth required /lib/security/pam_securetty.so +auth sufficient /lib/security/pam_winbind.so +auth sufficient /lib/security/pam_unix.so use_first_pass +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_nologin.so +account sufficient /lib/security/pam_winbind.so +account required /lib/security/pam_stack.so service=system-auth +password required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +session optional /lib/security/pam_console.so +</programlisting></para> + +<para> +In this case, I added the <command>auth sufficient /lib/security/pam_winbind.so</command> +lines as before, but also added the <command>required pam_securetty.so</command> +above it, to disallow root logins over the network. I also added a +<command>sufficient /lib/security/pam_unix.so use_first_pass</command> +line after the <command>winbind.so</command> line to get rid of annoying +double prompts for passwords. +</para> + + +</sect3> + +</sect2> + +</sect1> + +<sect1> + <title>Limitations</title> + + <para>Winbind has a number of limitations in its current + released version that we hope to overcome in future + releases:</para> + + <itemizedlist> + <listitem><para>Winbind is currently only available for + the Linux operating system, although ports to other operating + systems are certainly possible. For such ports to be feasible, + we require the C library of the target operating system to + support the Name Service Switch and Pluggable Authentication + Modules systems. This is becoming more common as NSS and + PAM gain support among UNIX vendors.</para></listitem> + + <listitem><para>The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file + containing this information is corrupted or destroyed.</para> + </listitem> + + <listitem><para>Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions + that may be been set for Windows NT users.</para></listitem> + </itemizedlist> +</sect1> + + +<sect1> + <title>Conclusion</title> + + <para>The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network.</para> + +</sect1> + +</chapter> diff --git a/docs/docbook/scripts/README.ldp_print b/docs/docbook/scripts/README.ldp_print new file mode 100644 index 0000000000..8d61a85534 --- /dev/null +++ b/docs/docbook/scripts/README.ldp_print @@ -0,0 +1,60 @@ + +###################################################################### + ldp_print - print tool/script for DocBook SGML/XML documents +###################################################################### + +This process/script is used in the production environment for the +LDP. It relies on the HTMLDOC software package (GPL'ed) which can be +obtained from the Easy Software Products (c) web site: + + http://www.easysw.com/htmldoc/ + +This process creates a PDF variant from the single-file HTML +representation of a DocBook SGML (or XML) instance. The simple +wrapper script (ldp_print) assumes that the file was created using +{open}jade in a manner similar to: + + jade -t sgml -i html -V nochunks -d $style $fname > $fname.html + +Give the script the filename as an argument. It will then parse the +file into 'title.html' and 'body.html' and send each to htmldoc (as +the corresponding title page and body of the document). + + +CAVEATS +======= + +o Assumes perl is in /usr/bin; adjust if necessary + +o You may need to specify where the htmldoc executable resides. + The script assumes it's within your $PATH. + +o If you want Postscript as an output variant, uncomment the + appropriate lines (see below). + +o Relies on output from a DocBook instance created via DSSSL/{open}jade! + +o Cleans up (removes) the intermediate files it creates (but not the + PDF or Postscript files, obviously!) + +o Works silently; PDF (PostScript) will be created in the same directory + as was specified for the input (single-file HTML) file. + +o Provided without warranty or support! + +o I ran into a problem with htmldoc v1.8.8 which required a source + code change (I was getting a core dump from the htmldoc process). + Here is the change required: + + htmldoc/ps-pdf.cxx : + 3662,3665d3661 + < /* gjf = 11Oct2000 */ + < if( temprow == NULL ) + < break; + < + + +==== +gferg (at) sgi.com / Ferg +11 Jan 2000 + diff --git a/docs/docbook/scripts/collateindex.pl b/docs/docbook/scripts/collateindex.pl new file mode 100644 index 0000000000..fd757edb32 --- /dev/null +++ b/docs/docbook/scripts/collateindex.pl @@ -0,0 +1,595 @@ +# -*- Perl -*-
+#
+
+use Getopt::Std;
+
+$usage = "Usage: $0 <opts> file
+Where <opts> are:
+ -p Link to points in the document. The default is to link
+ to the closest containing section.
+ -g Group terms with IndexDiv based on the first letter
+ of the term (or its sortas attribute).
+ (This probably doesn't handle i10n particularly well)
+ -s name Name the IndexDiv that contains symbols. The default
+ is 'Symbols'. Meaningless if -g is not used.
+ -t name Title for the index.
+ -P file Read a preamble from file. The content of file will
+ be inserted before the <index> tag.
+ -i id The ID for the <index> tag.
+ -o file Output to file. Defaults to stdout.
+ -S scope Scope of the index, must be 'all', 'local', or 'global'.
+ If unspecified, 'all' is assumed.
+ -I scope The implied scope, must be 'all', 'local', or 'global'.
+ IndexTerms which do not specify a scope will have the
+ implied scope. If unspecified, 'all' is assumed.
+ -x Make a SetIndex.
+ -f Force the output file to be written, even if it appears
+ to have been edited by hand.
+ -N New index (generates an empty index file).
+ file The file containing index data generated by Jade
+ with the DocBook HTML Stylesheet.\n";
+
+die $usage if ! getopts('Dfgi:NpP:s:o:S:I:t:x');
+
+$linkpoints = $opt_p;
+$lettergroups = $opt_g;
+$symbolsname = $opt_s || "Symbols";
+$title = $opt_t;
+$preamble = $opt_P;
+$outfile = $opt_o || '-';
+$indexid = $opt_i;
+$scope = uc($opt_S) || 'ALL';
+$impliedscope = uc($opt_I) || 'ALL';
+$setindex = $opt_x;
+$forceoutput = $opt_f;
+$newindex = $opt_N;
+$debug = $opt_D;
+
+$indextag = $setindex ? 'setindex' : 'index';
+
+if ($newindex) {
+ safe_open(*OUT, $outfile);
+ if ($indexid) {
+ print OUT "<$indextag id='$indexid'>\n\n";
+ } else {
+ print OUT "<$indextag>\n\n";
+ }
+
+ print OUT "<!-- This file was produced by collateindex.pl. -->\n";
+ print OUT "<!-- Remove this comment if you edit this file by hand! -->\n";
+
+ print OUT "</$indextag>\n";
+ exit 0;
+}
+
+$dat = shift @ARGV || die $usage;
+die "$0: cannot find $dat.\n" if ! -f $dat;
+
+%legal_scopes = ('ALL' => 1, 'LOCAL' => 1, 'GLOBAL' => 1);
+if ($scope && !$legal_scopes{$scope}) {
+ die "Invalid scope.\n$usage\n";
+}
+if ($impliedscope && !$legal_scopes{$impliedscope}) {
+ die "Invalid implied scope.\n$usage\n";
+}
+
+@term = ();
+%id = ();
+
+$termcount = 0;
+
+print STDERR "Processing $dat...\n";
+
+# Read the index file, creating an array of objects. Each object
+# represents and indexterm and has fields for the content of the
+# indexterm
+
+open (F, $dat);
+while (<F>) {
+ chop;
+
+ if (/^\/indexterm/i) {
+ push (@term, $idx);
+ next;
+ }
+
+ if (/^indexterm (.*)$/i) {
+ $termcount++;
+ $idx = {};
+ $idx->{'zone'} = {};
+ $idx->{'href'} = $1;
+ $idx->{'count'} = $termcount;
+ $idx->{'scope'} = $impliedscope;
+ next;
+ }
+
+ if (/^indexpoint (.*)$/i) {
+ $idx->{'hrefpoint'} = $1;
+ next;
+ }
+
+ if (/^title (.*)$/i) {
+ $idx->{'title'} = $1;
+ next;
+ }
+
+ if (/^primary[\[ ](.*)$/i) {
+ if (/^primary\[(.*?)\] (.*)$/i) {
+ $idx->{'psortas'} = $1;
+ $idx->{'primary'} = $2;
+ } else {
+ $idx->{'psortas'} = $1;
+ $idx->{'primary'} = $1;
+ }
+ next;
+ }
+
+ if (/^secondary[\[ ](.*)$/i) {
+ if (/^secondary\[(.*?)\] (.*)$/i) {
+ $idx->{'ssortas'} = $1;
+ $idx->{'secondary'} = $2;
+ } else {
+ $idx->{'ssortas'} = $1;
+ $idx->{'secondary'} = $1;
+ }
+ next;
+ }
+
+ if (/^tertiary[\[ ](.*)$/i) {
+ if (/^tertiary\[(.*?)\] (.*)$/i) {
+ $idx->{'tsortas'} = $1;
+ $idx->{'tertiary'} = $2;
+ } else {
+ $idx->{'tsortas'} = $1;
+ $idx->{'tertiary'} = $1;
+ }
+ next;
+ }
+
+ if (/^see (.*)$/i) {
+ $idx->{'see'} = $1;
+ next;
+ }
+
+ if (/^seealso (.*)$/i) {
+ $idx->{'seealso'} = $1;
+ next;
+ }
+
+ if (/^significance (.*)$/i) {
+ $idx->{'significance'} = $1;
+ next;
+ }
+
+ if (/^class (.*)$/i) {
+ $idx->{'class'} = $1;
+ next;
+ }
+
+ if (/^scope (.*)$/i) {
+ $idx->{'scope'} = uc($1);
+ next;
+ }
+
+ if (/^startref (.*)$/i) {
+ $idx->{'startref'} = $1;
+ next;
+ }
+
+ if (/^id (.*)$/i) {
+ $idx->{'id'} = $1;
+ $id{$1} = $idx;
+ next;
+ }
+
+ if (/^zone (.*)$/i) {
+ my($href) = $1;
+ $_ = scalar(<F>);
+ chop;
+ die "Bad zone: $_\n" if !/^title (.*)$/i;
+ $idx->{'zone'}->{$href} = $1;
+ next;
+ }
+
+ die "Unrecognized: $_\n";
+}
+close (F);
+
+print STDERR "$termcount entries loaded...\n";
+
+# Fixup the startrefs...
+# In DocBook, STARTREF is a #CONREF attribute; support this by copying
+# all of the fields from the indexterm with the id specified by STARTREF
+# to the indexterm that has the STARTREF.
+foreach $idx (@term) {
+ my($ididx, $field);
+ if ($idx->{'startref'}) {
+ $ididx = $id{$idx->{'startref'}};
+ foreach $field ('primary', 'secondary', 'tertiary', 'see', 'seealso',
+ 'psortas', 'ssortas', 'tsortas', 'significance',
+ 'class', 'scope') {
+ $idx->{$field} = $ididx->{$field};
+ }
+ }
+}
+
+# Sort the index terms
+@term = sort termsort @term;
+
+# Move all of the non-alphabetic entries to the front of the index.
+@term = sortsymbols(@term);
+
+safe_open(*OUT, $outfile);
+
+# Write the index...
+if ($indexid) {
+ print OUT "<$indextag id='$indexid'>\n\n";
+} else {
+ print OUT "<$indextag>\n\n";
+}
+
+print OUT "<!-- This file was produced by collateindex.pl. -->\n";
+print OUT "<!-- Remove this comment if you edit this file by hand! -->\n";
+
+print OUT "<!-- ULINK is abused here.
+
+ The URL attribute holds the URL that points from the index entry
+ back to the appropriate place in the output produced by the HTML
+ stylesheet. (It's much easier to calculate this URL in the first
+ pass.)
+
+ The Role attribute holds the ID (either real or manufactured) of
+ the corresponding INDEXTERM. This is used by the print backends
+ to produce page numbers.
+
+ The entries below are sorted and collated into the correct order.
+ Duplicates may be removed in the HTML backend, but in the print
+ backends, it is impossible to suppress duplicate pages or coalesce
+ sequences of pages into a range.
+-->\n\n";
+
+print OUT "<title>$title</title>\n\n" if $title;
+
+$last = {}; # the last indexterm we processed
+$first = 1; # this is the first one
+$group = ""; # we're not in a group yet
+$lastout = ""; # we've not put anything out yet
+
+foreach $idx (@term) {
+ next if $idx->{'startref'}; # no way to represent spans...
+ next if ($idx->{'scope'} eq 'LOCAL') && ($scope eq 'GLOBAL');
+ next if ($idx->{'scope'} eq 'GLOBAL') && ($scope eq 'LOCAL');
+ next if &same($idx, $last); # suppress duplicates
+
+ $termcount--;
+
+ # If primary changes, output a whole new index term, otherwise just
+ # output another secondary or tertiary, as appropriate. We know from
+ # sorting that the terms will always be in the right order.
+ if (!&tsame($last, $idx, 'primary')) {
+ print "DIFF PRIM\n" if $debug;
+ &end_entry() if not $first;
+
+ if ($lettergroups) {
+ # If we're grouping, make the right indexdivs
+ $letter = $idx->{'psortas'};
+ $letter = $idx->{'primary'} if !$letter;
+ $letter = uc(substr($letter, 0, 1));
+
+ # symbols are a special case
+ if (($letter lt 'A') || ($letter gt 'Z')) {
+ if (($group eq '')
+ || (($group ge 'A') && ($group le 'Z'))) {
+ print OUT "</indexdiv>\n" if !$first;
+ print OUT "<indexdiv><title>$symbolsname</title>\n\n";
+ $group = $letter;
+ }
+ } elsif (($group eq '') || ($group ne $letter)) {
+ print OUT "</indexdiv>\n" if !$first;
+ print OUT "<indexdiv><title>$letter</title>\n\n";
+ $group = $letter;
+ }
+ }
+
+ $first = 0; # there can only be on first ;-)
+
+ print OUT "<indexentry>\n";
+ print OUT " <primaryie>", $idx->{'primary'};
+ $lastout = "primaryie";
+
+ if ($idx->{'secondary'}) {
+ print OUT "\n </primaryie>\n";
+ print OUT " <secondaryie>", $idx->{'secondary'};
+ $lastout = "secondaryie";
+ };
+
+ if ($idx->{'tertiary'}) {
+ print OUT "\n </secondaryie>\n";
+ print OUT " <tertiaryie>", $idx->{'tertiary'};
+ $lastout = "tertiaryie";
+ }
+ } elsif (!&tsame($last, $idx, 'secondary')) {
+ print "DIFF SEC\n" if $debug;
+
+ print OUT "\n </$lastout>\n" if $lastout;
+
+ print OUT " <secondaryie>", $idx->{'secondary'};
+ $lastout = "secondaryie";
+ if ($idx->{'tertiary'}) {
+ print OUT "\n </secondaryie>\n";
+ print OUT " <tertiaryie>", $idx->{'tertiary'};
+ $lastout = "tertiaryie";
+ }
+ } elsif (!&tsame($last, $idx, 'tertiary')) {
+ print "DIFF TERT\n" if $debug;
+
+ print OUT "\n </$lastout>\n" if $lastout;
+
+ if ($idx->{'tertiary'}) {
+ print OUT " <tertiaryie>", $idx->{'tertiary'};
+ $lastout = "tertiaryie";
+ }
+ }
+
+ &print_term($idx);
+
+ $last = $idx;
+}
+
+# Termcount is > 0 iff some entries were skipped.
+print STDERR "$termcount entries ignored...\n";
+
+&end_entry();
+
+print OUT "</indexdiv>\n" if $lettergroups;
+print OUT "</$indextag>\n";
+
+close (OUT);
+
+print STDERR "Done.\n";
+
+sub same {
+ my($a) = shift;
+ my($b) = shift;
+
+ my($aP) = $a->{'psortas'} || $a->{'primary'};
+ my($aS) = $a->{'ssortas'} || $a->{'secondary'};
+ my($aT) = $a->{'tsortas'} || $a->{'tertiary'};
+
+ my($bP) = $b->{'psortas'} || $b->{'primary'};
+ my($bS) = $b->{'ssortas'} || $b->{'secondary'};
+ my($bT) = $b->{'tsortas'} || $b->{'tertiary'};
+
+ my($same);
+
+ $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP);
+ $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS);
+ $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT);
+ $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP);
+ $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS);
+ $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT);
+
+# print "[$aP]=[$bP]\n";
+# print "[$aS]=[$bS]\n";
+# print "[$aT]=[$bT]\n";
+
+ # Two index terms are the same if:
+ # 1. the primary, secondary, and tertiary entries are the same
+ # (or have the same SORTAS)
+ # AND
+ # 2. They occur in the same titled section
+ # AND
+ # 3. They point to the same place
+ #
+ # Notes: Scope is used to suppress some entries, but can't be used
+ # for comparing duplicates.
+ # Interpretation of "the same place" depends on whether or
+ # not $linkpoints is true.
+
+ $same = (($aP eq $bP)
+ && ($aS eq $bS)
+ && ($aT eq $bT)
+ && ($a->{'title'} eq $b->{'title'})
+ && ($a->{'href'} eq $b->{'href'}));
+
+ # If we're linking to points, they're only the same if they link
+ # to exactly the same spot. (surely this is redundant?)
+ $same = $same && ($a->{'hrefpoint'} eq $b->{'hrefpoint'})
+ if $linkpoints;
+
+ $same;
+}
+
+sub tsame {
+ # Unlike same(), tsame only compares a single term
+ my($a) = shift;
+ my($b) = shift;
+ my($term) = shift;
+ my($sterm) = substr($term, 0, 1) . "sortas";
+ my($A, $B);
+
+ $A = $a->{$sterm} || $a->{$term};
+ $B = $b->{$sterm} || $b->{$term};
+
+ $A =~ s/^\s*//; $A =~ s/\s*$//; $A = uc($A);
+ $B =~ s/^\s*//; $B =~ s/\s*$//; $B = uc($B);
+
+ return $A eq $B;
+}
+
+sub end_entry {
+ # End any open elements...
+ print OUT "\n </$lastout>\n" if $lastout;
+ print OUT "</indexentry>\n\n";
+ $lastout = "";
+}
+
+sub print_term {
+ # Print out the links for an indexterm. There can be more than
+ # one if the term has a ZONE that points to more than one place.
+ # (do we do the right thing in that case?)
+ my($idx) = shift;
+ my($key, $indent, @hrefs);
+ my(%href) = ();
+ my(%phref) = ();
+
+ $indent = " ";
+
+ if ($idx->{'see'}) {
+ # it'd be nice to make this a link...
+ if ($lastout) {
+ print OUT "\n </$lastout>\n";
+ $lastout = "";
+ }
+ print OUT $indent, "<seeie>", $idx->{'see'}, "</seeie>\n";
+ return;
+ }
+
+ if ($idx->{'seealso'}) {
+ # it'd be nice to make this a link...
+ if ($lastout) {
+ print OUT "\n </$lastout>\n";
+ $lastout = "";
+ }
+ print OUT $indent, "<seealsoie>", $idx->{'seealso'}, "</seealsoie>\n";
+ return;
+ }
+
+ if (keys %{$idx->{'zone'}}) {
+ foreach $key (keys %{$idx->{'zone'}}) {
+ $href{$key} = $idx->{'zone'}->{$key};
+ $phref{$key} = $idx->{'zone'}->{$key};
+ }
+ } else {
+ $href{$idx->{'href'}} = $idx->{'title'};
+ $phref{$idx->{'href'}} = $idx->{'hrefpoint'};
+ }
+
+ # We can't use <LINK> because we don't know the ID of the term in the
+ # original source (and, in fact, it might not have one).
+ print OUT ",\n";
+ @hrefs = keys %href;
+ while (@hrefs) {
+ my($linkend) = "";
+ my($role) = "";
+ $key = shift @hrefs;
+ if ($linkpoints) {
+ $linkend = $phref{$key};
+ } else {
+ $linkend = $key;
+ }
+
+ $role = $linkend;
+ $role = $1 if $role =~ /\#(.*)$/;
+
+ print OUT $indent;
+ print OUT "<ulink url=\"$linkend\" role=\"$role\">";
+ print OUT "<emphasis>" if ($idx->{'significance'} eq 'PREFERRED');
+ print OUT $href{$key};
+ print OUT "</emphasis>" if ($idx->{'significance'} eq 'PREFERRED');
+ print OUT "</ulink>";
+ }
+}
+
+sub termsort {
+ my($aP) = $a->{'psortas'} || $a->{'primary'};
+ my($aS) = $a->{'ssortas'} || $a->{'secondary'};
+ my($aT) = $a->{'tsortas'} || $a->{'tertiary'};
+ my($ap) = $a->{'count'};
+
+ my($bP) = $b->{'psortas'} || $b->{'primary'};
+ my($bS) = $b->{'ssortas'} || $b->{'secondary'};
+ my($bT) = $b->{'tsortas'} || $b->{'tertiary'};
+ my($bp) = $b->{'count'};
+
+ $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP);
+ $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS);
+ $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT);
+ $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP);
+ $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS);
+ $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT);
+
+ if ($aP eq $bP) {
+ if ($aS eq $bS) {
+ if ($aT eq $bT) {
+ # make sure seealso's always sort to the bottom
+ return 1 if ($a->{'seealso'});
+ return -1 if ($b->{'seealso'});
+ # if everything else is the same, keep these elements
+ # in document order (so the index links are in the right
+ # order)
+ return $ap <=> $bp;
+ } else {
+ return $aT cmp $bT;
+ }
+ } else {
+ return $aS cmp $bS;
+ }
+ } else {
+ return $aP cmp $bP;
+ }
+}
+
+sub sortsymbols {
+ my(@term) = @_;
+ my(@new) = ();
+ my(@sym) = ();
+ my($letter);
+ my($idx);
+
+ # Move the non-letter things to the front. Should digits be thier
+ # own group? Maybe...
+ foreach $idx (@term) {
+ $letter = $idx->{'psortas'};
+ $letter = $idx->{'primary'} if !$letter;
+ $letter = uc(substr($letter, 0, 1));
+
+ if (($letter lt 'A') || ($letter gt 'Z')) {
+ push (@sym, $idx);
+ } else {
+ push (@new, $idx);
+ }
+ }
+
+ return (@sym, @new);
+}
+
+sub safe_open {
+ local(*OUT) = shift;
+ local(*F, $_);
+
+ if (($outfile ne '-') && (!$forceoutput)) {
+ my($handedit) = 1;
+ if (open (OUT, $outfile)) {
+ while (<OUT>) {
+ if (/<!-- Remove this comment if you edit this file by hand! -->/){
+ $handedit = 0;
+ last;
+ }
+ }
+ close (OUT);
+ } else {
+ $handedit = 0;
+ }
+
+ if ($handedit) {
+ print "\n$outfile appears to have been edited by hand; use -f or\n";
+ print " change the output file.\n";
+ exit 1;
+ }
+ }
+
+ open (OUT, ">$outfile") || die "$usage\nCannot write to $outfile.\n";
+
+ if ($preamble) {
+ # Copy the preamble
+ if (open(F, $preamble)) {
+ while (<F>) {
+ print OUT $_;
+ }
+ close(F);
+ } else {
+ warn "$0: cannot open preamble $preamble.\n";
+ }
+ }
+}
diff --git a/docs/docbook/scripts/fix_print_html.lib b/docs/docbook/scripts/fix_print_html.lib new file mode 100644 index 0000000000..e8a9aaa4c7 --- /dev/null +++ b/docs/docbook/scripts/fix_print_html.lib @@ -0,0 +1,172 @@ +# +# fix_print_html.lib +# +# Dan Scott / <dan.scott (at) acm.org> +# Ferg / <gferg (at) sgi.com> +# +# Used to prepare single-file HTML variant for PDF/Postscript creation +# thru htmldoc. +# +# log: +# 16Oct2000 - initial entry <gferg (at) sgi.com> +# 03Apr2001 - fix for <preface> +# +# + +sub fix_print_html { + + my($in,$out,$ttl) = @_; + + open(IN_FILE, "< $in") || do { + print "fix_print_html: cannot open $in: $!\n"; + return 0; + }; + + my($buf,$ttl_buf) = ''; + my($indx) = -1; + my($is_article) = 0; + while(<IN_FILE>) { + + if( $indx == 1 ) { + + # ignore everything until we see the chapter or sect + # + if( $_ =~ /CLASS="CHAP/i || $_ =~ /CLASS="PREF/i ) { + + $buf .= $_; + $indx++; + + } elsif( $_ =~ /CLASS="SECT/ || $_ =~ /CLASS="sect/ ) { + + $buf .= $_; + $indx++; + $is_article = 1; + + } else { + next; + } + + } elsif( $indx == 0 ) { + + # write out the title page file + # + if( $_ =~ /CLASS="TOC"/ ) { + + $ttl_buf .= "></DIV>\n</BODY>\n</HTML>\n"; + $ttl_buf =~ s/<\/H1\n/<\/H1\n><P><BR><BR\n/ms; + + open(TOC_FILE, "> $ttl") || do { + print "fix_print_html: cannot open $ttl: $!\n"; + close(IN_FILE); + return 0; + }; + print TOC_FILE $ttl_buf; + close(TOC_FILE); + $ttl_buf = ''; + $indx++; + + } else { + $ttl_buf .= $_; + } + + } elsif( $indx < 0 ) { + + # up to this point, both buffers get the line + # + if( $_ =~ /CLASS="TITLEPAGE"/ ) { + + $ttl_buf .= $_ . ">\n<P>\n<BR><BR><BR><BR>\n<\/P\n"; + $indx++; + + } else { + $buf .= $_; + $ttl_buf .= $_; + } + + } else { + + $buf .= $_; + } + } + close(IN_FILE); + + open(OUT_FILE, "> $out") || do { + print "fix_print_html: cannot open $out: $!\n"; + return 0; + }; + + + # make these corrections and write out the file + # + + $buf =~ s/(\n><LI\n)><P\n(.*?)<\/P\n>/$1$2\n/gms; + $buf =~ s/(\n><LI\n><DIV\nCLASS="FORMALPARA"\n)><P\n(.*?)<\/P\n>/$1$2\n/gms; + $buf =~ s/(\n><LI\nSTYLE="[^\"]+"\n)><P\n(.*?)<\/P\n>/$1$2\n/gms; + if( $is_article == 0 ) { + $buf =~ s/(\nCLASS="SECT[TION\d]+"\n>)<H1\n(.*?)<\/H1/$1<H2\n$2<\/H2/gims; + $buf =~ s/(\nCLASS="SECT[TION\d]+"\n><HR>)<H1\n(.*?)<\/H1/$1<H2\n$2<\/H2/gims; + } + $buf =~ s/<H1(\nCLASS="INDEXDIV"\n)(.*?)<\/H1/<H2$1$2<\/H2/gims; + if( ($indx = rindex($buf, "<H1\n><A\nNAME=\"DOC-INDEX\"")) > -1 ) { + $buf = substr($buf, 0, $indx); + $buf .= "\n<\/BODY>\n<\/HTML>\n\n"; + } elsif( ($indx = rindex($buf, "<H1\n><A\nNAME=\"doc-index\"")) > -1 ) { + $buf = substr($buf, 0, $indx); + $buf .= "\n<\/BODY>\n<\/HTML>\n\n"; + } + $buf =~ s/\&\#13;//g; + $buf =~ s/\&\#60;/\</g; + $buf =~ s/\&\#62;/\>/g; + $buf =~ s/\&\#8211;/\-/g; + $buf =~ s/WIDTH=\"\d\"//g; + $buf =~ s/><[\/]*TBODY//g; + $buf =~ s/><[\/]*THEAD//g; + $buf =~ s/TYPE=\"1\"\n//gim; + + if( $is_article == 0 ) { + + # for books...decrement the headers by 1 and then re-set the + # chapter level only to H1... + # + my($cnt,$j) = 0; + for($cnt=5; $cnt > 0; $cnt--) { + $j = $cnt + 1; + $buf =~ s/<H${cnt}/<H${j}/g; + $buf =~ s/<\/H${cnt}/<\/H${j}/g; + } + + my(@l) = split(/\n/, $buf); + for( $cnt=0; $cnt < (@l + 0); $cnt++ ) { + + if( $j == 1 ) { + if( $l[$cnt] =~ /<DIV/ ) { + $j = 0; + next; + } + $l[$cnt] =~ s/<H2/<H1/g; + $l[$cnt] =~ s/<\/H2/<\/H1/g; + } + if( $l[$cnt] =~ /^CLASS=\"CHAP/i + || + $l[$cnt] =~ /^CLASS=\"PREF/i ) { + $j = 1; + } + } + + $buf = join("\n", @l); + + } + $buf =~ s/><DIV\nCLASS="\w+"\n//gms; + $buf =~ s/><\/DIV\n//gms; + $buf =~ s/(><LI\n)><P\n(.*?)<\/P\n>(<\/LI\n)/$1$2$3/gms; + + print OUT_FILE $buf; + close(OUT_FILE); + + return 1; +} + +# Return true from package include +# +1; + diff --git a/docs/docbook/scripts/ldp_print b/docs/docbook/scripts/ldp_print new file mode 100755 index 0000000000..70bb801def --- /dev/null +++ b/docs/docbook/scripts/ldp_print @@ -0,0 +1,71 @@ +#!/usr/bin/perl -w +# +# usage: ldp_print <single_file.html> +# +# Creates a PDF variant of a single-file HTML representation of a +# DocBook SGML (or XML) instance. This simple wrapper assumes that +# the file was created using {open}jade in a manner similar to: +# +# jade -t sgml -i html -V nochunks -d $style $fname > $fname.html +# +# Give this script the filename as an argument. It will then parse +# the file into 'title.html' and 'body.html' and send each to +# htmldoc (as the corresponding title page and body of the document). +# +# +# CAVEATS: +# +# Assumes perl is in /usr/bin; adjust if necessary +# +# You may need to specify where the htmldoc executable resides. +# The script assumes it's within your $PATH. +# +# If you want Postscript as an output variant, uncomment the +# appropriate lines (see below). +# +# Relies on output from a DocBook instance created via DSSSL/{open}jade! +# +# Cleans up (removes) the intermediate files it creates (but not the +# PDF or Postscript files, obviously!) +# +# Works silently; PDF (PostScript) will be created in the same directory +# as was specified for the input (single-file HTML) file. +# +# Provided without warranty or support! +# +# gferg@sgi.com / Ferg (used as part of the LDP production env) +# + +use strict; +push(@INC, "./"); +require 'fix_print_html.lib'; + +if( $ARGV[0] eq '' || !(-r $ARGV[0]) ) { + die "\nusage: ldp_print <single_file.html>\n\n"; +} + +my($fname_wo_ext) = $ARGV[0]; +$fname_wo_ext =~ s/\.[\w]+$//; + + +# create new files from single HTML file to use for print +# +&fix_print_html($ARGV[0], 'body.html', 'title.html'); + +my($cmd) = "htmldoc --size universal -t pdf -f ${fname_wo_ext}.pdf " . + "--firstpage p1 --titlefile title.html body.html"; + +# For postscript output; append onto the above cmd string: +# +# "; htmldoc --size universal -t ps -f -f ${fname_wo_ext}.ps " . +# "--firstpage p1 --titlefile title.html body.html"; +# +system($cmd); +die "\nldp_print: could not create ${fname_wo_ext}.pdf ($!)\n" if ($?); + +# cleanup +# +system("rm -f body.html title.html"); + +exit(0); + diff --git a/docs/docbook/scripts/make-article.pl b/docs/docbook/scripts/make-article.pl new file mode 100644 index 0000000000..d1f8c66832 --- /dev/null +++ b/docs/docbook/scripts/make-article.pl @@ -0,0 +1,25 @@ +#!/usr/bin/perl + +$ignore = 0; + +print "<!DOCTYPE article PUBLIC \"-//OASIS//DTD DocBook V4.1//EN\">\n"; + +while (<STDIN>) { + + $_ =~ s/<chapter/<article/g; + $_ =~ s/<\/chapter/<\/article/g; + + if ( $_ =~ '<articleinfo>') { + $ignore = 1; + } + + if ( $_ =~ '</articleinfo>') { + $ignore = 0; + $_ = ""; + } + + + if (! $ignore) { print "$_"; } + + +} diff --git a/docs/docbook/scripts/strip-links.pl b/docs/docbook/scripts/strip-links.pl new file mode 100644 index 0000000000..dbbdceaabc --- /dev/null +++ b/docs/docbook/scripts/strip-links.pl @@ -0,0 +1,14 @@ +#!/usr/bin/perl + +## small script to stirp the <URL:...> tags from +## manpages generated from docbook2man. we'll leave +## the <URL:ftp://...> and <URL:mailto:...> links for now + +while (<STDIN>) { + + chomp ($_); + $_ =~ s/\s*<URL:.*html.*>\s*//g; + print "$_\n"; + +} +exit 0; diff --git a/docs/docbook/stylesheets/ldp.dsl.in b/docs/docbook/stylesheets/ldp.dsl.in new file mode 100644 index 0000000000..d6e06f4b6d --- /dev/null +++ b/docs/docbook/stylesheets/ldp.dsl.in @@ -0,0 +1,256 @@ +<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [ +<!ENTITY % html "IGNORE"> +<![%html;[ +<!ENTITY % print "IGNORE"> +<!ENTITY docbook.dsl SYSTEM "@SGML_SHARE@/dsssl/docbook/html/docbook.dsl" CDATA dsssl> +]]> +<!ENTITY % print "INCLUDE"> +<![%print;[ +<!ENTITY docbook.dsl SYSTEM "@SGML_SHARE@/dsssl/docbook/print/docbook.dsl" CDATA dsssl> +]]> +]> + +<style-sheet> + +<style-specification id="print" use="docbook"> +<style-specification-body> + +;; ============================== +;; customize the print stylesheet +;; ============================== + +(declare-characteristic preserve-sdata? + ;; this is necessary because right now jadetex does not understand + ;; symbolic entities, whereas things work well with numeric entities. + "UNREGISTERED::James Clark//Characteristic::preserve-sdata?" + #f) + +(define %generate-article-toc% + ;; Should a Table of Contents be produced for Articles? + #t) + +(define (toc-depth nd) + 2) + +(define %generate-article-titlepage-on-separate-page% + ;; Should the article title page be on a separate page? + #t) + +(define %section-autolabel% + ;; Are sections enumerated? + #t) + +(define %footnote-ulinks% + ;; Generate footnotes for ULinks? + #f) + +(define %bop-footnotes% + ;; Make "bottom-of-page" footnotes? + #f) + +(define %body-start-indent% + ;; Default indent of body text + 0pi) + +(define %para-indent-firstpara% + ;; First line start-indent for the first paragraph + 0pt) + +(define %para-indent% + ;; First line start-indent for paragraphs (other than the first) + 0pt) + +(define %block-start-indent% + ;; Extra start-indent for block-elements + 0pt) + +(define formal-object-float + ;; Do formal objects float? + #t) + +(define %hyphenation% + ;; Allow automatic hyphenation? + #t) + +(define %admon-graphics% + ;; Use graphics in admonitions? + #f) + +</style-specification-body> +</style-specification> + + +<!-- +;; =================================================== +;; customize the html stylesheet; borrowed from Cygnus +;; at http://sourceware.cygnus.com/ (cygnus-both.dsl) +;; =================================================== +--> + +<style-specification id="html" use="docbook"> +<style-specification-body> + +(declare-characteristic preserve-sdata? + ;; this is necessary because right now jadetex does not understand + ;; symbolic entities, whereas things work well with numeric entities. + "UNREGISTERED::James Clark//Characteristic::preserve-sdata?" + #f) + +(define %generate-legalnotice-link% + ;; put the legal notice in a separate file + #t) + +(define %admon-graphics-path% + ;; use graphics in admonitions, set their + "../images/") + +(define %admon-graphics% + #f) + +(define %funcsynopsis-decoration% + ;; make funcsynopsis look pretty + #t) + +(define %html-ext% + ;; when producing HTML files, use this extension + ".html") + +(define %generate-book-toc% + ;; Should a Table of Contents be produced for books? + #t) + +(define %generate-article-toc% + ;; Should a Table of Contents be produced for articles? + #t) + +(define %generate-part-toc% + ;; Should a Table of Contents be produced for parts? + #t) + +(define %generate-book-titlepage% + ;; produce a title page for books + #t) + +(define %generate-article-titlepage% + ;; produce a title page for articles + #t) + +(define (chunk-skip-first-element-list) + ;; forces the Table of Contents on separate page + '()) + +(define (list-element-list) + ;; fixes bug in Table of Contents generation + '()) + +(define %root-filename% + ;; The filename of the root HTML document (e.g, "index"). + "index") + +(define %shade-verbatim% + ;; verbatim sections will be shaded if t(rue) + #t) + +(define %use-id-as-filename% + ;; Use ID attributes as name for component HTML files? + #t) + +(define %graphic-extensions% + ;; graphic extensions allowed + '("gif" "png" "jpg" "jpeg" "tif" "tiff" "eps" "epsf" )) + +(define %graphic-default-extension% + "gif") + +(define %section-autolabel% + ;; For enumerated sections (1.1, 1.1.1, 1.2, etc.) + #t) + +(define (toc-depth nd) + ;; more depth (2 levels) to toc; instead of flat hierarchy + ;; 2) + 4) + +(element emphasis + ;; make role=strong equate to bold for emphasis tag + (if (equal? (attribute-string "role") "strong") + (make element gi: "STRONG" (process-children)) + (make element gi: "EM" (process-children)))) + +(define (book-titlepage-recto-elements) + ;; elements on a book's titlepage + ;; note: added revhistory to the default list + (list (normalize "title") + (normalize "subtitle") + (normalize "graphic") + (normalize "mediaobject") + (normalize "corpauthor") + (normalize "authorgroup") + (normalize "author") + (normalize "editor") + (normalize "copyright") + (normalize "revhistory") + (normalize "abstract") + (normalize "legalnotice"))) + +(define (article-titlepage-recto-elements) + ;; elements on an article's titlepage + ;; note: added othercredit to the default list + (list (normalize "title") + (normalize "subtitle") + (normalize "authorgroup") + (normalize "author") + (normalize "othercredit") + (normalize "releaseinfo") + (normalize "copyright") + (normalize "pubdate") + (normalize "revhistory") + (normalize "abstract"))) + +(mode article-titlepage-recto-mode + + (element contrib + ;; print out with othercredit information; for translators, etc. + (make sequence + (make element gi: "SPAN" + attributes: (list (list "CLASS" (gi))) + (process-children)))) + + (element othercredit + ;; print out othercredit information; for translators, etc. + (let ((author-name (author-string)) + (author-contrib (select-elements (children (current-node)) + (normalize "contrib")))) + (make element gi: "P" + attributes: (list (list "CLASS" (gi))) + (make element gi: "B" + (literal author-name) + (literal " - ")) + (process-node-list author-contrib)))) +) + +(define (article-title nd) + (let* ((artchild (children nd)) + (artheader (select-elements artchild (normalize "artheader"))) + (artinfo (select-elements artchild (normalize "articleinfo"))) + (ahdr (if (node-list-empty? artheader) + artinfo + artheader)) + (ahtitles (select-elements (children ahdr) + (normalize "title"))) + (artitles (select-elements artchild (normalize "title"))) + (titles (if (node-list-empty? artitles) + ahtitles + artitles))) + (if (node-list-empty? titles) + "" + (node-list-first titles)))) + + +</style-specification-body> +</style-specification> + +<external-specification id="docbook" document="docbook.dsl"> + +</style-sheet> + |