diff options
Diffstat (limited to 'docs/docbook')
376 files changed, 4343 insertions, 11887 deletions
diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index dae5b81e71..ae24606caf 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -21,9 +21,7 @@ MANPAGES_NAMES=findsmb.1 smbclient.1 \ smbpasswd.8 testprns.1 \ smb.conf.5 wbinfo.1 pdbedit.8 \ smbcacls.1 smbsh.1 winbindd.8 \ - smbgroupedit.8 vfstest.1 \ - profiles.1 smbtree.1 ntlm_auth.1 \ - editreg.1 + smbgroupedit.8 vfstest.1 ## This part contains only rules. You shouldn't need to change it ## if you are adding docs @@ -85,9 +83,9 @@ $(TXTDIR)/Samba-HOWTO-Collection.txt: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2TXT) -o . $< mv ./samba-doc.txt $@ -$(TXTDIR)/Samba-Developers-Guide.txt: $(DEVDOC)/dev-doc.sgml +$(TXTDIR)/Samba-Developers-Guide.txt: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2TXT) -o . $< - mv ./dev-doc.txt $@ + mv ./samba-doc.txt $@ # PostScript @@ -95,9 +93,9 @@ $(PSDIR)/Samba-HOWTO-Collection.ps: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2PS) -o . $< mv ./samba-doc.ps $@ -$(PSDIR)/Samba-Developers-Guide.ps: $(DEVDOC)/dev-doc.sgml +$(PSDIR)/Samba-Developers-Guide.ps: $(PROJDOC)/samba-doc.sgml $(DOCBOOK2PS) -o . $< - mv ./dev-doc.ps $@ + mv ./samba-doc.ps $@ # Adobe PDF files diff --git a/docs/docbook/configure b/docs/docbook/configure index 8680e5b5ab..609c17ed87 100755 --- a/docs/docbook/configure +++ b/docs/docbook/configure @@ -557,13 +557,10 @@ else echo "$ac_t""no" 1>&6 fi -if test "x$JW" = x; then - { echo "configure: error: "jw is required"" 1>&2; exit 1; } -fi # Extract the first word of "perl", so it can be a program name with args. set dummy perl; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:567: checking for $ac_word" >&5 +echo "configure:564: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -595,13 +592,10 @@ else echo "$ac_t""no" 1>&6 fi -if test "x$PERL" = x; then - { echo "configure: error: "perl is required"" 1>&2; exit 1; } -fi # Extract the first word of "htmldoc", so it can be a program name with args. set dummy htmldoc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:605: checking for $ac_word" >&5 +echo "configure:599: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -633,9 +627,6 @@ else echo "$ac_t""no" 1>&6 fi -if test "x$HTMLDOC" = x; then - { echo "configure: error: "htmldoc is required"" 1>&2; exit 1; } -fi DOC_BUILD_DATE=`date '+%d-%m-%Y'` diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in index 57482d134e..3a9ed51d16 100644 --- a/docs/docbook/configure.in +++ b/docs/docbook/configure.in @@ -1,18 +1,8 @@ AC_INIT(global.ent) -# Jade wrapper AC_PATH_PROG(JW, jw) -if test "x$JW" = x; then - AC_MSG_ERROR("jw is required") -fi AC_PATH_PROG(PERL, perl) -if test "x$PERL" = x; then - AC_MSG_ERROR("perl is required") -fi AC_PATH_PROG(HTMLDOC, htmldoc) -if test "x$HTMLDOC" = x; then - AC_MSG_ERROR("htmldoc is required") -fi DOC_BUILD_DATE=`date '+%d-%m-%Y'` AC_SUBST(DOC_BUILD_DATE) diff --git a/docs/docbook/devdoc/dev-doc.sgml b/docs/docbook/devdoc/dev-doc.sgml index 5e1af3d3a0..e256dbe3a2 100644 --- a/docs/docbook/devdoc/dev-doc.sgml +++ b/docs/docbook/devdoc/dev-doc.sgml @@ -12,9 +12,6 @@ <!ENTITY wins SYSTEM "wins.sgml"> <!ENTITY sam SYSTEM "sam.sgml"> <!ENTITY encryption SYSTEM "encryption.sgml"> -<!ENTITY rpc-plugin SYSTEM "rpc_plugin.sgml"> -<!ENTITY modules SYSTEM "modules.sgml"> -<!ENTITY packagers SYSTEM "packagers.sgml"> ]> <book id="Samba-Developers-Guide"> @@ -69,8 +66,5 @@ url="http://www.fsf.org/licenses/gpl.txt">http://www.fsf.org/licenses/gpl.txt</u &wins; &sam; &encryption; -&modules; -&rpc-plugin; -&packagers; </book> diff --git a/docs/docbook/devdoc/modules.sgml b/docs/docbook/devdoc/modules.sgml deleted file mode 100644 index 0bcdadc66c..0000000000 --- a/docs/docbook/devdoc/modules.sgml +++ /dev/null @@ -1,156 +0,0 @@ -<chapter id="modules"> -<chapterinfo> - <author> - <firstname>Jelmer</firstname><surname>Vernooij</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address><email>jelmer@samba.org</email></address> - </affiliation> - </author> - <pubdate> 19 March 2003 </pubdate> -</chapterinfo> - -<title>Modules</title> - -<sect1> -<title>Advantages</title> - -<para> -The new modules system has the following advantages: -</para> - -<simplelist> -<member>Transparent loading of static and shared modules (no need -for a subsystem to know about modules)</member> -<member>Simple selection between shared and static modules at configure time</member> -<member>"preload modules" option for increasing performance for stable modules</member> -<member>No nasty #define stuff anymore</member> -<member>All backends are available as plugin now (including pdb_ldap and pdb_tdb)</member> -</simplelist> -</sect1> - -<sect1> -<title>Loading modules</title> - -<para> -Some subsystems in samba use different backends. These backends can be -either statically linked in to samba or available as a plugin. A subsystem -should have a function that allows a module to register itself. For example, -the passdb subsystem has: -</para> - -<para><programlisting> -BOOL smb_register_passdb(const char *name, pdb_init_function init, int version); -</programlisting></para> - -<para> -This function will be called by the initialisation function of the module to -register itself. -</para> - -<sect2> -<title>Static modules</title> - -<para> -The modules system compiles a list of initialisation functions for the -static modules of each subsystem. This is a define. For example, -it is here currently (from <filename>include/config.h</filename>): -</para> - -<para><programlisting> -/* Static init functions */ -#define static_init_pdb { pdb_mysql_init(); pdb_ldap_init(); pdb_smbpasswd_init(); pdb_tdbsam_init(); pdb_guest_init();} -</programlisting></para> - -<para> -These functions should be called before the subsystem is used. That -should be done when the subsystem is initialised or first used. -</para> - -</sect2> - -<sect2> -<title>Shared modules</title> - -<para> -If a subsystem needs a certain backend, it should check if it has -already been registered. If the backend hasn't been registered already, -the subsystem should call smb_probe_module(char *subsystem, char *backend). -This function tries to load the correct module from a certain path -($LIBDIR/subsystem/backend.so). If the first character in 'backend' -is a slash, smb_probe_module() tries to load the module from the -absolute path specified in 'backend'. -</para> - -<para>After smb_probe_module() has been executed, the subsystem -should check again if the module has been registered. -</para> - -</sect2> -</sect1> - -<sect1> -<title>Writing modules</title> - -<para> -Each module has an initialisation function. For modules that are -included with samba this name is '<replaceable>subsystem</replaceable>_<replaceable>backend</replaceable>_init'. For external modules (that will never be built-in, but only available as a module) this name is always 'init_module'. (In the case of modules included with samba, the configure system will add a #define subsystem_backend_init() init_module()). -The prototype for these functions is: -</para> - -<para><programlisting> -int init_module(void); -</programlisting></para> - -<para>This function should call one or more -registration functions. The function should return non-zero on success and zero on -failure.</para> - -<para>For example, pdb_ldap_init() contains: </para> - -<para><programlisting> -int pdb_ldap_init(void) -{ - smb_register_passdb("ldapsam", pdb_init_ldapsam, PASSDB_INTERFACE_VERSION); - smb_register_passdb("ldapsam_nua", pdb_init_ldapsam_nua, PASSDB_INTERFACE_VERSION); - return TRUE; -} -</programlisting></para> - -<sect2> -<title>Static/Shared selection in configure.in</title> - -<para> -Some macros in configure.in generate the various defines and substs that -are necessary for the system to work correct. All modules that should -be built by default have to be added to the variable 'default_modules'. -For example, if ldap is found, pdb_ldap is added to this variable. -</para> - -<para> -On the bottom of configure.in, SMB_MODULE() should be called -for each module and SMB_SUBSYSTEM() for each subsystem. -</para> - -<para>Syntax:</para> - -<para><programlisting> -SMB_MODULE(<replaceable>subsystem</replaceable>_<replaceable>backend</replaceable>, <replaceable>object files</replaceable>, <replaceable>plugin name</replaceable>, <replaceable>subsystem name</replaceable>, <replaceable>static_action</replaceable>, <replaceable>shared_action</replaceable>) -SMB_SUBSYSTEM(<replaceable>subsystem</replaceable>) -</programlisting></para> - -<para>Also, make sure to add the correct directives to -<filename>Makefile.in</filename>. <replaceable>@SUBSYSTEM_STATIC@</replaceable> -will be replaced with a list of objects files of the modules that need to -be linked in statically. <replaceable>@SUBSYSTEM_MODULES@</replaceable> will -be replaced with the names of the plugins to build. -</para> - -<para>You must make sure all .c files that contain defines that can -be changed by ./configure are rebuilded in the 'modules_clean' make target. -Practically, this means all c files that contain <command>static_init_subsystem;</command> calls need to be rebuilded. -</para> - -</sect2> -</sect1> -</chapter> diff --git a/docs/docbook/devdoc/packagers.sgml b/docs/docbook/devdoc/packagers.sgml deleted file mode 100644 index fb47c7305c..0000000000 --- a/docs/docbook/devdoc/packagers.sgml +++ /dev/null @@ -1,40 +0,0 @@ -<chapter id="Packaging"> -<chapterinfo> - <author> - <firstname>Jelmer</firstname><surname>Vernooij</surname> - </author> -</chapterinfo> - -<title>Notes to packagers</title> - -<sect1> -<title>Versioning</title> - -<para>Please, please update the version number in -<filename>source/include/version.h</filename> to include the versioning of your package. This makes it easier to distinguish standard samba builds -from custom-build samba builds (distributions often patch packages). For -example, a good version would be: </para> - -<para><programlisting> -Version 2.999+3.0.alpha21-5 for Debian -</programlisting></para> - -</sect1> - -<sect1> -<title>Modules</title> - -<para>Samba now has support for building parts of samba as plugins. This -makes it possible to, for example, put ldap or mysql support in a seperate -package, thus making it possible to have a normal samba package not -depending on ldap or mysql. To build as much parts of samba -as a plugin, run: </para> - -<para><programlisting> -./configure --with-shared-modules=rpc,vfs,auth,pdb,charset -</programlisting></para> - -</sect1> - - -</chapter> diff --git a/docs/docbook/devdoc/rpc_plugin.sgml b/docs/docbook/devdoc/rpc_plugin.sgml deleted file mode 100644 index c83742a247..0000000000 --- a/docs/docbook/devdoc/rpc_plugin.sgml +++ /dev/null @@ -1,83 +0,0 @@ -<chapter id="rpc-plugin"> -<chapterinfo> - <author> - <firstname>Anthony</firstname><surname>Liguori</surname> - <affiliation> - <orgname>IBM</orgname> - <address><email>aliguor@us.ibm.com</email></address> - </affiliation> - </author> - <author> - <firstname>Jelmer</firstname><surname>Vernooij</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address><email>jelmer@samba.org</email></address> - </affiliation> - </author> - <pubdate>January 2003</pubdate> -</chapterinfo> - -<title>RPC Pluggable Modules</title> - -<sect1> -<title>About</title> - -<para> -This document describes how to make use the new RPC Pluggable Modules features -of Samba 3.0. This architecture was added to increase the maintainability of -Samba allowing RPC Pipes to be worked on separately from the main CVS branch. -The RPM architecture will also allow third-party vendors to add functionality -to Samba through plug-ins. -</para> - -</sect1> - -<sect1> -<title>General Overview</title> - -<para> -When an RPC call is sent to smbd, smbd tries to load a shared library by the -name <filename>librpc_<pipename>.so</filename> to handle the call if -it doesn't know how to handle the call internally. For instance, LSA calls -are handled by <filename>librpc_lsass.so</filename>.. -These shared libraries should be located in the <filename><sambaroot>/lib/rpc</filename>. smbd then attempts to call the init_module function within -the shared library. Check the chapter on modules for more information. -</para> - -<para> -In the init_module function, the library should call -rpc_pipe_register_commands(). This function takes the following arguments: -</para> - -<para><programlisting> -int rpc_pipe_register_commands(const char *clnt, const char *srv, - const struct api_struct *cmds, int size); -</programlisting></para> - -<variablelist> - -<varlistentry><term>clnt</term> -<listitem><para>the Client name of the named pipe</para></listitem> -</varlistentry> - -<varlistentry><term>srv</term> -<listitem><para>the Server name of the named pipe</para></listitem> -</varlistentry> - -<varlistentry><term>cmds</term> -<listitem><para>a list of api_structs that map RPC ordinal numbers to function calls</para></listitem> -</varlistentry> - -<varlistentry><term>size</term> -<listitem><para>the number of api_structs contained in cmds</para></listitem> -</varlistentry> - -</variablelist> - -<para> -See rpc_server/srv_reg.c and rpc_server/srv_reg_nt.c for a small example of -how to use this library. -</para> - -</sect1> -</chapter> diff --git a/docs/docbook/faq/clientapp.sgml b/docs/docbook/faq/clientapp.sgml index 3d44dd44c0..6d687bf772 100644 --- a/docs/docbook/faq/clientapp.sgml +++ b/docs/docbook/faq/clientapp.sgml @@ -1,8 +1,8 @@ -<chapter id="FAQ-ClientApp"> +<chapter id="ClientApp"> <title>Specific client application problems</title> <sect1> -<title>MS Office Setup reports "Cannot change properties of '\\MSOFFICE\\SETUP.INI'"</title> +<title>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"</title> <para> When installing MS Office on a Samba drive for which you have admin user permissions, ie. admin users = username, you will find the @@ -60,16 +60,16 @@ set the following parameters on the share containing it: </para> <para><programlisting> -[MSOP95] - path = /where_you_put_it - comment = Your comment - volume = "The_CD_ROM_Label" - read only = yes - available = yes - share modes = no - locking = no - browseable = yes - public = yes + [MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes </programlisting></para> </listitem> diff --git a/docs/docbook/faq/config.sgml b/docs/docbook/faq/config.sgml index db27102cdf..78f73252a2 100644 --- a/docs/docbook/faq/config.sgml +++ b/docs/docbook/faq/config.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-Config"> +<chapter id="Config"> <title>Configuration problems</title> <sect1> @@ -8,18 +8,4 @@ When you have a user in 'admin users', samba will always do file operations for this user as 'root', even if 'force user' has been set. </para> </sect1> - -<sect1> -<title>I have just installed samba and I'm trying to log in from Windows, but samba refuses all logins!</title> - -<para> -Newer windows clients(NT4, 2000, XP) send encrypted passwords. Samba can't compare these -passwords to the unix password database, so it needs it's own user database. You can -add users to this database using "smbpasswd -a user-name". -</para> - -<para> -See also the "User database" chapter of the samba HOWTO Collection. -</para> -</sect1> </chapter> diff --git a/docs/docbook/faq/errors.sgml b/docs/docbook/faq/errors.sgml index 97619ce704..6476ec064e 100644 --- a/docs/docbook/faq/errors.sgml +++ b/docs/docbook/faq/errors.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-errors"> +<chapter id="errors"> <title>Common errors</title> @@ -50,6 +50,7 @@ Windows NT in the chapter "Portability" of the samba HOWTO collection </member> </simplelist> </para> + </sect1> <sect1> @@ -63,6 +64,7 @@ It also ignores the "-N" argument when querying some (but not all) of our NT servers. </quote> </para> + <para> No, it does not ignore -N, it is just that your server rejected the null password in the connection, so smbclient prompts for a password diff --git a/docs/docbook/faq/features.sgml b/docs/docbook/faq/features.sgml index 66b05379cc..bc1081e5c0 100644 --- a/docs/docbook/faq/features.sgml +++ b/docs/docbook/faq/features.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-features"> +<chapter id="features"> <title>Features</title> @@ -83,7 +83,9 @@ manual carefully.</para> <title>Tools for printing faxes</title> <para>Your incomed faxes are in: -<filename>/var/spool/fax/incoming</filename>. Print it with:</para> +<filename>/var/spool/fax/incoming</filename></para> + +<para>print it with:</para> <para><programlisting> for i in * diff --git a/docs/docbook/faq/general.sgml b/docs/docbook/faq/general.sgml index 3f7c2074f9..38bcdf49e3 100644 --- a/docs/docbook/faq/general.sgml +++ b/docs/docbook/faq/general.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-general"> +<chapter id="general"> <title>General Information</title> <sect1> diff --git a/docs/docbook/faq/install.sgml b/docs/docbook/faq/install.sgml index f8341dc65a..88520fc71d 100644 --- a/docs/docbook/faq/install.sgml +++ b/docs/docbook/faq/install.sgml @@ -1,4 +1,4 @@ -<chapter id="FAQ-Install"> +<chapter id="Install"> <title>Compiling and installing Samba on a Unix host</title> <sect1> @@ -22,7 +22,7 @@ client to client - check your client's documentation. </sect1> <sect1> -<title>Some files that I KNOW are on the server don't show up when I view the files from my client!</title> +<title>Some files that I KNOW are on the server doesn't show up when I view the files from my client!</title> <para>See the next question.</para> </sect1> diff --git a/docs/docbook/faq/printing.sgml b/docs/docbook/faq/printing.sgml deleted file mode 100644 index 4a58c385bb..0000000000 --- a/docs/docbook/faq/printing.sgml +++ /dev/null @@ -1,37 +0,0 @@ -<chapter id="FAQ-Printing"> -<chapterinfo> -<author> - <firstname>Ronan</firstname><surname>Waide</surname> -</author> -</chapterinfo> - -<title>Printing problems</title> - -<sect1> -<title>setdriver or cupsaddsmb failes</title> -<para> -setdriver expects the following setup: - -<simplelist> -<member>you are a printer admin, or root. this is the smb.conf printer admin group, not the Printer Operators group in NT. I've not tried the latter, but I don't believe it will work based on the current code.</member> -<member>printer admins has to be defined in [global]</member> -<member>upload the driver files to \\server\print$\w32x86 and win40 as appropriate. DON'T put them in the 0 or 2 subdirectories.</member> -<member>Make sure that the user you're connecting as is able to write to the print$ directories</member> -<member>Use adddriver (with appropriate parameters) to create the driver. note, this will not just update samba's notion of drivers, it will also move the files from the w32x86 and win40 directories to an appropriate subdirectory (based on driver version, I think, but not important enough for me to find out)</member> -<member>Use setdriver to associate the driver with a printer</member> -</simplelist> -</para> - -<para> -The setdriver call will fail if the printer doesn't already exist in -samba's view of the world. Either create the printer in cups and -restart samba, or create an add printer command (see smb.conf doco) -and use RPC calls to create a printer. NB the add printer command MUST -return a single line of text indicating which port the printer was -added on. If it doesn't, Samba won't reload the printer -definitions. Although samba doesn't really support the notion of -ports, suitable add printer command and enumport command settings can -allow you pretty good remote control of the samba printer setup. -</para> -</sect1> -</chapter> diff --git a/docs/docbook/faq/sambafaq.sgml b/docs/docbook/faq/sambafaq.sgml index 2cc7d466fd..e9e5ed7a3c 100644 --- a/docs/docbook/faq/sambafaq.sgml +++ b/docs/docbook/faq/sambafaq.sgml @@ -5,7 +5,6 @@ <!ENTITY clientapp SYSTEM "clientapp.sgml"> <!ENTITY features SYSTEM "features.sgml"> <!ENTITY config SYSTEM "config.sgml"> -<!ENTITY printing SYSTEM "printing.sgml"> ]> <book id="Samba-FAQ"> @@ -35,5 +34,4 @@ and the old samba text documents which were mostly written by John Terpstra. &clientapp; &errors; &features; -&printing; </book> diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent index 5f89a97593..46745c2773 100644 --- a/docs/docbook/global.ent +++ b/docs/docbook/global.ent @@ -6,7 +6,6 @@ <!ENTITY email.jmoore 'jmoore@php.net'> <!ENTITY email.jerry 'jerry@samba.org'> <!ENTITY email.patches 'samba-patches@samba.org'> -<!ENTITY email.jelmer 'jelmer@samba.org'> <!-- URL's --> <!ENTITY url.samba.cvsinfo 'http://pserver.samba.org/samba/cvs.html'> @@ -31,9 +30,8 @@ <!-- Misc --> <!ENTITY samba.pub.cvshost 'pserver.samba.org'> -<!ENTITY percnt '%'> -<!ENTITY stdarg.debug ' +<!ENTITY stdarg.debuglevel ' <varlistentry> <term>-d|--debug=debuglevel</term> <listitem> @@ -61,6 +59,13 @@ level</ulink> parameter in the <ulink url="smb.conf.5.html"> </listitem> </varlistentry>'> +<!ENTITY stdarg.help ' +<varlistentry> +<term>-h|--help</term> +<listitem><para>Print a summary of command line options. +</para></listitem> +</varlistentry>'> + <!ENTITY stdarg.configfile ' <varlistentry> <term>-s <configuration file></term> @@ -77,218 +82,7 @@ compile time.</para></listitem> <!ENTITY stdarg.version ' <varlistentry> -<term>-V</term> +<term>-v</term> <listitem><para>Prints the version number for <command>smbd</command>.</para></listitem> </varlistentry>'> - -<!ENTITY stdarg.logfile ' -<varlistentry> -<term>-l|--logfile=logbasename</term> -<listitem><para>File name for log/debug files. The extension -<constant>".client"</constant> will be appended. The log file is -never removed by the client. -</para></listitem> -</varlistentry>'> - -<!ENTITY popt.common.samba ' -&stdarg.version; -&stdarg.configfile; -&stdarg.debug; -&stdarg.logfile; -'> - -<!ENTITY stdarg.resolve.order ' -<varlistentry> -<term>-R <name resolve order></term> -<listitem><para>This option is used to determine what naming -services and in what order to resolve -host names to IP addresses. The option takes a space-separated -string of different name resolution options.</para> - -<para>The options are: "lmhosts", "host", "wins" and "bcast". -They cause names to be resolved as follows :</para> - -<itemizedlist> -<listitem><para><constant>lmhosts</constant>: -Lookup an IP address in the Samba lmhosts file. If the -line in lmhosts has no name type attached to the -NetBIOS name -(see the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details) -then any name type matches for lookup. -</para></listitem> - -<listitem><para><constant>host</constant>: -Do a standard host name to IP address resolution, using -the system <filename>/etc/hosts</filename>, NIS, or DNS -lookups. This method of name resolution is operating -system dependent, for instance on IRIX or Solaris this -may be controlled by the <filename>/etc/nsswitch.conf -</filename> file). Note that this method is only used -if the NetBIOS name type being queried is the 0x20 -(server) name type, otherwise it is ignored. -</para></listitem> - -<listitem><para><constant>wins</constant>: -Query a name with the IP address listed in the -<parameter>wins server</parameter> parameter. If no -WINS server has been specified this method will be -ignored. -</para></listitem> - -<listitem><para><constant>bcast</constant>: -Do a broadcast on each of the known local interfaces -listed in the <parameter>interfaces</parameter> -parameter. This is the least reliable of the name -resolution methods as it depends on the target host -being on a locally connected subnet. -</para></listitem> -</itemizedlist> - -<para>If this parameter is not set then the name resolve order -defined in the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> file parameter -(<parameter>name resolve order</parameter>) will be used. </para> - -<para>The default order is lmhosts, host, wins, bcast. Without -this parameter or any entry in the <parameter>name resolve order -</parameter> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> file, the name resolution methods -will be attempted in this order. </para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.netbios.name ' -<varlistentry> -<term>-n <primary NetBIOS name></term> -<listitem><para>This option allows you to override -the NetBIOS name that Samba uses for itself. This is identical -to setting the <ulink url="smb.conf.5.html#netbiosname"><parameter>NetBIOS -name</parameter></ulink> parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> file. However, a command -line setting will take precedence over settings in -<citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry>.</para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.scope ' -<varlistentry> -<term>-i <scope></term> -<listitem><para>This specifies a NetBIOS scope that -<command>nmblookup</command> will use to communicate with when -generating NetBIOS names. For details on the use of NetBIOS -scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are -<emphasis>very</emphasis> rarely used, only set this parameter -if you are the system administrator in charge of all the -NetBIOS systems you communicate with.</para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.workgroup ' -<varlistentry> -<term>-W|--workgroup=domain</term> -<listitem><para>Set the SMB domain of the username. This -overrides the default domain which is the domain defined in -smb.conf. If the domain specified is the same as the servers -NetBIOS name, it causes the client to log on using the servers local -SAM (as opposed to the Domain SAM). </para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.socket.options ' -<varlistentry> -<term>-O socket options</term> -<listitem><para>TCP socket options to set on the client -socket. See the socket options parameter in -the <citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry> manual page for the list of valid -options. </para></listitem> -</varlistentry> -'> - -<!ENTITY popt.common.connection ' -&stdarg.netbios.name; -&stdarg.scope; -&stdarg.workgroup; -&stdarg.socket.options; -'> - -<!ENTITY stdarg.nopass ' -<varlistentry> -<term>-N</term> -<listitem><para>If specified, this parameter suppresses the normal -password prompt from the client to the user. This is useful when -accessing a service that does not require a password. </para> - -<para>Unless a password is specified on the command line or -this parameter is specified, the client will request a -password.</para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.username ' -<varlistentry> -<term>-U|--user=username[%password]</term> -<listitem><para>Sets the SMB username or username and password. </para> - -<para>If %password is not specified, the user will be prompted. The -client will first check the <envar>USER</envar> environment variable, then the -<envar>LOGNAME</envar> variable and if either exists, the -string is uppercased. If these environmental variables are not -found, the username <constant>GUEST</constant> is used. </para> - -<para>A third option is to use a credentials file which -contains the plaintext of the username and password. This -option is mainly provided for scripts where the admin does not -wish to pass the credentials on the command line or via environment -variables. If this method is used, make certain that the permissions -on the file restrict access from unwanted users. See the -<parameter>-A</parameter> for more details. </para> - -<para>Be cautious about including passwords in scripts. Also, on -many systems the command line of a running process may be seen -via the <command>ps</command> command. To be safe always allow -<command>rpcclient</command> to prompt for a password and type -it in directly. </para></listitem> -</varlistentry> -'> - -<!ENTITY stdarg.authfile ' -<varlistentry> -<term>-A|--authfile=filename</term> -<listitem><para>This option allows -you to specify a file from which to read the username and -password used in the connection. The format of the file is -</para> - -<para><programlisting> -username = <value> -password = <value> -domain = <value> -</programlisting></para> - -<para>Make certain that the permissions on the file restrict -access from unwanted users. </para></listitem> -</varlistentry>'> - -<!ENTITY stdarg.kerberos ' -<varlistentry> -<term>-k</term> -<listitem><para> -Try to authenticate with kerberos. Only useful in -an Active Directory environment. -</para></listitem> -</varlistentry> -'> - - -<!ENTITY stdarg.help ' -<varlistentry> -<term>-h|--help</term> -<listitem><para>Print a summary of command line options. -</para></listitem> -</varlistentry>'> - -<!ENTITY popt.common.credentials ' -&stdarg.nopass; -&stdarg.kerberos; -&stdarg.authfile; -&stdarg.username; -'> diff --git a/docs/docbook/manpages/editreg.1.sgml b/docs/docbook/manpages/editreg.1.sgml deleted file mode 100644 index 22c3c3e759..0000000000 --- a/docs/docbook/manpages/editreg.1.sgml +++ /dev/null @@ -1,85 +0,0 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="editreg.1"> - -<refmeta> - <refentrytitle>editreg</refentrytitle> - <manvolnum>1</manvolnum> -</refmeta> - - -<refnamediv> - <refname>editreg</refname> - <refpurpose>A utility to report and change SIDs in registry files - </refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>editreg</command> - <arg choice="opt">-v</arg> - <arg choice="opt">-c file</arg> - <arg choice="req">file</arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para><command>editreg</command> is a utility that - can visualize windows registry files (currently only NT4) and apply - so-called commandfiles to them. - </para> -</refsect1> - - -<refsect1> - <title>OPTIONS</title> - - <variablelist> - <varlistentry> - <term>registry_file</term> - <listitem><para>Registry file to view or edit. </para></listitem> - </varlistentry> - - - <varlistentry> - <term>-v,--verbose</term> - <listitem><para>Increases verbosity of messages. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-c commandfile</term> - <listitem><para>Read commands to execute on <filename>registry_file</filename> from <filename>commandfile</filename>. Currently not yet supported! - </para></listitem> - </varlistentry> - - &stdarg.help; - - </variablelist> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba - suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The editreg man page was written by Jelmer Vernooij. </para> -</refsect1> - -</refentry> diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml index 090b1c8388..0b3bbca017 100644 --- a/docs/docbook/manpages/findsmb.1.sgml +++ b/docs/docbook/manpages/findsmb.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="findsmb.1"> +<refentry id="findsmb"> <refmeta> <refentrytitle>findsmb</refentrytitle> @@ -23,16 +23,15 @@ <refsect1> <title>DESCRIPTION</title> - <para>This perl script is part of the <citerefentry> - <refentrytitle>Samba</refentrytitle><manvolnum>7</manvolnum></citerefentry> - suite.</para> + <para>This perl script is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>findsmb</command> is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. - It uses <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> - and <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum></citerefentry> - to obtain this information. + It uses <ulink url="nmblookup.1.html"><command> + nmblookup(1)</command></ulink> and <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink> to obtain this information. </para> </refsect1> @@ -46,17 +45,16 @@ bugs in Windows95 into account when trying to find a Netbios name registered of the remote machine. This option is disabled by default because it is specific to Windows 95 and Windows 95 machines only. - If set, <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> + If set, <ulink url="nmblookup.1.html"><command>nmblookup</command></ulink> will be called with <constant>-B</constant> option.</para></listitem> </varlistentry> <varlistentry> <term>subnet broadcast address</term> <listitem><para>Without this option, <command>findsmb </command> will probe the subnet of the machine where - <citerefentry><refentrytitle>findsmb</refentrytitle><manvolnum>1</manvolnum></citerefentry> - is run. This value is passed to - <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry> - as part of the <constant>-B</constant> option.</para></listitem> + <command>findsmb</command> is run. This value is passed + to <command>nmblookup</command> as part of the + <constant>-B</constant> option.</para></listitem> </varlistentry> </variablelist> </refsect1> @@ -78,21 +76,19 @@ version.</para> <para>The command with <constant>-r</constant> option - must be run on a system without <citerefentry> - <refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> running. - + must be run on a system without <ulink + url="nmbd.8.html"><command>nmbd</command></ulink> running. If <command>nmbd</command> is running on the system, you will only get the IP address and the DNS name of the machine. To get proper responses from Windows 95 and Windows 98 machines, the command must be run as root and with <constant>-r</constant> option on a machine without <command>nmbd</command> running.</para> - <para>For example, running <command>findsmb</command> - without <constant>-r</constant> option set would yield output similar + <para>For example, running <command>findsmb</command> without + <constant>-r</constant> option set would yield output similar to the following</para> -<screen> + <screen><computeroutput> IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION --------------------------------------------------------------------- 192.168.35.10 MINESET-TEST1 [DMVENGR] @@ -105,7 +101,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION 192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] 192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] 192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] -</screen> + </computeroutput></screen> </refsect1> @@ -119,12 +115,10 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION <refsect1> <title>SEE ALSO</title> - <para><citerefentry> - <refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>, and <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, and <ulink url="nmblookup.1.html"> + <command>nmblookup(1)</command></ulink> </para> </refsect1> @@ -138,11 +132,11 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink - url="ftp://ftp.icce.rug.nl/pub/unix/">ftp://ftp.icce.rug.nl/pub/unix/</ulink>) - and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.sgml index a8a5f2c072..7934c18e8e 100644 --- a/docs/docbook/manpages/lmhosts.5.sgml +++ b/docs/docbook/manpages/lmhosts.5.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="lmhosts.5"> +<refentry id="lmhosts"> <refmeta> <refentrytitle>lmhosts</refentrytitle> @@ -13,15 +13,15 @@ </refnamediv> <refsynopsisdiv> - <para><filename>lmhosts</filename> is the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> NetBIOS name to IP address mapping file.</para> + <para><filename>lmhosts</filename> is the <ulink url="samba.7.html"> + Samba</ulink> NetBIOS name to IP address mapping file.</para> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This file is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This file is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><filename>lmhosts</filename> is the <emphasis>Samba </emphasis> NetBIOS name to IP address mapping file. It @@ -35,7 +35,7 @@ <para>It is an ASCII file containing one line for NetBIOS name. The two fields on each line are separated from each other by white space. Any entry beginning with '#' is ignored. Each line - in the lmhosts file contains the following information:</para> + in the lmhosts file contains the following information :</para> <itemizedlist> <listitem><para>IP Address - in dotted decimal format.</para> @@ -52,16 +52,16 @@ </listitem> </itemizedlist> - <para>An example follows:</para> + <para>An example follows :</para> - <programlisting> + <para><programlisting> # # Sample Samba lmhosts file. # 192.9.200.1 TESTPC 192.9.200.20 NTSERVER#20 192.9.200.21 SAMBASERVER - </programlisting> + </programlisting></para> <para>Contains three IP to NetBIOS name mappings. The first and third will be returned for any queries for the names "TESTPC" @@ -73,24 +73,24 @@ be resolved.</para> <para>The default location of the <filename>lmhosts</filename> file - is in the same directory as the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file.</para> + is in the same directory as the <ulink url="smb.conf.5.html"> + smb.conf(5)></ulink> file.</para> </refsect1> <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, and <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <para><ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="smb.conf.5.html#NAMERESOLVEORDER"> + smb.conf(5)</ulink>, and <ulink url="smbpasswd.8.html"><command> + smbpasswd(8)</command></ulink> </para> </refsect1> @@ -108,8 +108,7 @@ <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml index 62cee8c1d7..aab9032f14 100644 --- a/docs/docbook/manpages/net.8.sgml +++ b/docs/docbook/manpages/net.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="net.8"> +<refentry id="net"> <refmeta> <refentrytitle>net</refentrytitle> @@ -42,8 +42,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The samba net utility is meant to work just like the net utility available for windows and DOS.</para> @@ -65,8 +65,7 @@ <varlistentry> <term>-w target-workgroup</term> <listitem><para> - Sets target workgroup or domain. You have to specify - either this option or the IP address or the name of a server. + Sets target workgroup or domain. You have to specify either this option or the IP address or the name of a server. </para></listitem> </varlistentry> @@ -87,8 +86,7 @@ <varlistentry> <term>-I ip-address</term> <listitem><para> - IP address of target server to use. You have to - specify either this option or a target workgroup or a target server. + IP address of target server to use. You have to specify either this option or a target workgroup or a target server. </para></listitem> </varlistentry> @@ -116,8 +114,7 @@ <varlistentry> <term>-S server</term> <listitem><para> - Name of target server. You should specify either - this option or a target workgroup or a target IP address. + Name of target server. You should specify either this option or a target workgroup or a target IP address. </para></listitem> </varlistentry> @@ -214,7 +211,7 @@ <varlistentry> <term>SYSTEM</term> <listitem><para> - Displays the time on the remote server in a format ready for <command>/bin/date</command> + Displays the time on the remote server in a format ready for /bin/date </para></listitem> </varlistentry> @@ -222,7 +219,7 @@ <term>SET</term> <listitem><para> Tries to set the date and time of the local server to that on - the remote server using <command>/bin/date</command>. + the remote server using /bin/date. </para></listitem> </varlistentry> @@ -279,7 +276,7 @@ </varlistentry> <varlistentry> - <term>USER ADD <name> [password] [-F user flags] [misc. options]</term> + <term>USER ADD <name> [password] [-F user flags] [misc. options</term> <listitem><para> Add specified user </para></listitem> diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index f2b4ac5a05..db920c79a1 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="nmbd.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="nmbd"> <refmeta> <refentrytitle>nmbd</refentrytitle> @@ -37,8 +35,7 @@ <refsect1> <title>DESCRIPTION</title> - <para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This program is part of the Samba suite.</para> <para><command>nmbd</command> is a server that understands and can reply to NetBIOS over IP name service requests, like @@ -60,8 +57,8 @@ option (see OPTIONS below). Thus <command>nmbd</command> will reply to broadcast queries for its own name(s). Additional names for <command>nmbd</command> to respond on can be set - via parameters in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + via parameters in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> configuration file.</para> <para><command>nmbd</command> can also be used as a WINS (Windows Internet Name Server) server. What this basically means @@ -114,27 +111,46 @@ </varlistentry> <varlistentry> + <term>-a</term> + <listitem><para>If this parameter is specified, each new + connection will append log messages to the log file. + This is the default.</para></listitem> + </varlistentry> + + <varlistentry> <term>-i</term> <listitem><para>If this parameter is specified it causes the server to run "interactively", not as a daemon, even if the server is executed on the command line of a shell. Setting this parameter negates the implicit daemon mode when run from the command line. <command>nmbd</command> also logs to standard - output, as if the <constant>-S</constant> parameter had been + output, as if the <command>-S</command> parameter had been given. </para></listitem> </varlistentry> - &stdarg.help; + <varlistentry> + <term>-o</term> + <listitem><para>If this parameter is specified, the + log files will be overwritten when opened. By default, + <command>smbd</command> will append entries to the log + files.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem><para>Prints the help information (usage) + for <command>nmbd</command>.</para></listitem> + </varlistentry> <varlistentry> <term>-H <filename></term> <listitem><para>NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name - resolution mechanism <ulink url="smb.conf.5.html#nameresolveorder"><parameter>name resolve - order</parameter></ulink> described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> to resolve any - NetBIOS name queries needed by the server. Note + resolution mechanism <ulink url="smb.conf.5.html#nameresolveorder"> + name resolve order</ulink> described in <ulink + url="smb.conf.5.html"> <filename>smb.conf(5)</filename></ulink> + to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are <emphasis>NOT</emphasis> used by <command>nmbd</command> to answer any name queries. Adding a line to this file affects name NetBIOS resolution @@ -144,13 +160,71 @@ Samba as part of the build process. Common defaults are <filename>/usr/local/samba/lib/lmhosts</filename>, <filename>/usr/samba/lib/lmhosts</filename> or - <filename>/etc/samba/lmhosts</filename>. See the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> man page for details on the contents of this file.</para></listitem> + <filename>/etc/lmhosts</filename>. See the + <ulink url="lmhosts.5.html"><filename>lmhosts(5)</filename></ulink> + man page for details on the contents of this file.</para></listitem> </varlistentry> - &popt.common.samba; + <varlistentry> + <term>-V</term> + <listitem><para>Prints the version number for + <command>nmbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-d <debug level></term> + <listitem><para>debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.</para> + + <para>The higher this value, the more detail will + be logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.</para> + + <para>Levels above 1 will generate considerable amounts + of log data, and should only be used when investigating + a problem. Levels above 3 are designed for use only by developers + and generate HUGE amounts of log data, most of which is extremely + cryptic.</para> + + <para>Note that specifying this parameter here will override + the <ulink url="smb.conf.5.html#loglevel">log level</ulink> + parameter in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file.</para></listitem> + </varlistentry> <varlistentry> + <term>-l <log directory></term> + <listitem><para>The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running <command>nmbd</command> + server. The default log directory is compiled into Samba + as part of the build process. Common defaults are <filename> + /usr/local/samba/var/log.nmb</filename>, <filename> + /usr/samba/var/log.nmb</filename> or + <filename>/var/log/log.nmb</filename>. <emphasis>Beware:</emphasis> + If the directory specified does not exist, <command>nmbd</command> + will log to the default debug log location defined at compile time. + </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-n <primary NetBIOS name></term> + <listitem><para>This option allows you to override + the NetBIOS name that Samba uses for itself. This is identical + to setting the <ulink url="smb.conf.5.html#netbiosname"> + NetBIOS name</ulink> parameter in the <ulink url="smb.conf.5.html"> + <filename>smb.conf</filename></ulink> file. However, a command + line setting will take precedence over settings in + <filename>smb.conf</filename>.</para></listitem> + </varlistentry> + + + <varlistentry> <term>-p <UDP port number></term> <listitem><para>UDP port number is a positive integer value. This option changes the default UDP port number (normally 137) @@ -159,6 +233,18 @@ won't need help!</para></listitem> </varlistentry> + <varlistentry> + <term>-s <configuration file></term> + <listitem><para>The default configuration file name + is set at build time, typically as <filename> + /usr/local/samba/lib/smb.conf</filename>, but + this may be changed when Samba is autoconfigured.</para> + + <para>The file specified contains the configuration details + required by the server. See <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> for more information. + </para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -172,7 +258,7 @@ <command>inetd</command> meta-daemon, this file must contain suitable startup information for the meta-daemon. See the <ulink - url="install.html">install</ulink> document + url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details. </para></listitem> </varlistentry> @@ -185,7 +271,7 @@ <para>If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server. See the <ulink - url="install.html">"How to Install and Test SAMBA"</ulink> document + url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> @@ -195,23 +281,21 @@ meta-daemon <command>inetd</command>, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp). - See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of - the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> server - configuration file. Other common places that systems + <listitem><para>This is the default location of the + <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> + server configuration file. Other common places that systems install this file are <filename>/usr/samba/lib/smb.conf</filename> - and <filename>/etc/samba/smb.conf</filename>.</para> + and <filename>/etc/smb.conf</filename>.</para> <para>When run as a WINS server (see the - <ulink url="smb.conf.5.html#WINSSUPPORT"><constant>wins support</constant></ulink> - parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> man page), + <ulink url="smb.conf.5.html#WINSSUPPORT">wins support</ulink> + parameter in the <filename>smb.conf(5)</filename> man page), <command>nmbd</command> will store the WINS database in the file <filename>wins.dat</filename> in the <filename>var/locks</filename> directory configured under @@ -219,9 +303,9 @@ <para>If <command>nmbd</command> is acting as a <emphasis> browse master</emphasis> (see the <ulink - url="smb.conf.5.html#LOCALMASTER"><constant>local master</constant></ulink> - parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> man page, <command>nmbd</command> + url="smb.conf.5.html#LOCALMASTER">local master</ulink> + parameter in the <filename>smb.conf(5)</filename> man page, + <command>nmbd</command> will store the browsing database in the file <filename>browse.dat </filename> in the <filename>var/locks</filename> directory configured under wherever Samba was configured to install itself. @@ -247,11 +331,10 @@ cause <command>nmbd</command> to dump out its server database in the <filename>log.nmb</filename> file.</para> - <para>The debug log level of nmbd may be raised or lowered - using <citerefentry><refentrytitle>smbcontrol</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> (SIGUSR[1|2] signals - are no longer used since Samba 2.2). This is to allow - transient problems to be diagnosed, whilst still running + <para>The debug log level of nmbd may be raised or lowered using + <ulink url="smbcontrol.1.html"><command>smbcontrol(1)</command> + </ulink> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + to allow transient problems to be diagnosed, whilst still running at a normally low log level.</para> </refsect1> @@ -265,15 +348,14 @@ <refsect1> <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>inetd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, and the Internet - RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + <para><command>inetd(8)</command>, <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink>, <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="testparm.1.html"><command> + testparm(1)</command></ulink>, <ulink url="testprns.1.html"> + <command>testprns(1)</command></ulink>, and the Internet RFC's + <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. In addition the CIFS (formerly SMB) specification is available as a link from the Web page <ulink url="http://samba.org/cifs/"> http://samba.org/cifs/</ulink>.</para> @@ -289,11 +371,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml index 176050b9c8..33ae631ed9 100644 --- a/docs/docbook/manpages/nmblookup.1.sgml +++ b/docs/docbook/manpages/nmblookup.1.sgml @@ -1,6 +1,4 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> <refentry id="nmblookup"> <refmeta> @@ -38,8 +36,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>nmblookup</command> is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP @@ -68,7 +66,7 @@ query to a machine running a WINS server and the user wishes to query the names in the WINS server. If this bit is unset the normal (broadcast responding) NetBIOS processing code - on a machine is used instead. See RFC1001, RFC1002 for details. + on a machine is used instead. See rfc1001, rfc1002 for details. </para></listitem> </varlistentry> @@ -88,8 +86,8 @@ where it ignores the source port of the requesting packet and only replies to UDP port 137. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and - in addition, if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon is running on this machine it also binds to this port. + in addition, if the <ulink url="nmbd.8.html">nmbd(8)</ulink> + daemon is running on this machine it also binds to this port. </para></listitem> </varlistentry> @@ -103,8 +101,12 @@ - &popt.common.connection; - &stdarg.help; + <varlistentry> + <term>-h</term> + <listitem><para>Print a help (usage) message.</para></listitem> + </varlistentry> + + <varlistentry> <term>-B <broadcast address></term> @@ -113,8 +115,7 @@ query to the broadcast address of the network interfaces as either auto-detected or defined in the <ulink url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter> - </ulink> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file. + </ulink> parameter of the <filename>smb.conf (5)</filename> file. </para></listitem> </varlistentry> @@ -129,8 +130,48 @@ </varlistentry> - &popt.common.samba; + <varlistentry> + <term>-d <debuglevel></term> + <listitem><para>debuglevel is an integer from 0 to 10.</para> + <para>The default value if this parameter is not specified + is zero.</para> + + <para>The higher this value, the more detail will be logged + about the activities of <command>nmblookup</command>. At level + 0, only critical errors and serious warnings will be logged.</para> + + <para>Levels above 1 will generate considerable amounts of + log data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of data, most of which is extremely cryptic.</para> + + <para>Note that specifying this parameter here will override + the <ulink url="smb.conf.5.html#LOGLEVEL"><parameter> + log level</parameter></ulink> parameter in the <filename> + smb.conf(5)</filename> file.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-s <smb.conf></term> + <listitem><para>This parameter specifies the pathname to + the Samba configuration file, <ulink url="smb.conf.5.html"> + smb.conf(5)</ulink>. This file controls all aspects of + the Samba setup on the machine.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-i <scope></term> + <listitem><para>This specifies a NetBIOS scope that + <command>nmblookup</command> will use to communicate with when + generating NetBIOS names. For details on the use of NetBIOS + scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are + <emphasis>very</emphasis> rarely used, only set this parameter + if you are the system administrator in charge of all the + NetBIOS systems you communicate with.</para></listitem> + </varlistentry> + + <varlistentry> <term>-T</term> <listitem><para>This causes any IP addresses found in the @@ -157,7 +198,7 @@ <listitem><para>This is the NetBIOS name being queried. Depending upon the previous options this may be a NetBIOS name or IP address. If a NetBIOS name then the different name types may be specified - by appending '#<type>' to the name. This name may also be + by appending '#<type>' to the name. This name may also be '*', which will return all registered names within a broadcast area.</para></listitem> </varlistentry> @@ -170,8 +211,8 @@ <para><command>nmblookup</command> can be used to query a WINS server (in the same way <command>nslookup</command> is - used to query DNS servers). To query a WINS server, <command>nmblookup</command> - must be called like this:</para> + used to query DNS servers). To query a WINS server, + <command>nmblookup</command> must be called like this:</para> <para><command>nmblookup -U server -R 'name'</command></para> @@ -192,10 +233,10 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, and <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="samba.7.html">samba(7)</ulink>, and <ulink + url="smb.conf.5.html">smb.conf(5)</ulink> + </para> </refsect1> <refsect1> @@ -208,11 +249,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/ntlm_auth.1.sgml b/docs/docbook/manpages/ntlm_auth.1.sgml deleted file mode 100644 index 08a7d4aa88..0000000000 --- a/docs/docbook/manpages/ntlm_auth.1.sgml +++ /dev/null @@ -1,126 +0,0 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="ntlm_auth.1"> - -<refmeta> - <refentrytitle>ntlm_auth</refentrytitle> - <manvolnum>1</manvolnum> -</refmeta> - - -<refnamediv> - <refname>ntlm_auth</refname> - <refpurpose>tool to allow external access to Winbind's NTLM authentication function</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>ntlm_auth</command> - <arg choice="opt">-d debuglevel</arg> - <arg choice="opt">-l logfile</arg> - <arg choice="opt">-s <smb config file></arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para><command>ntlm_auth</command> is a helper utility that authenticates - users using NT/LM authentication. It returns 0 if the users is authenticated - successfully and 1 if access was denied. ntlm_auth uses winbind to access - the user and authentication data for a domain. This utility - is only to be used by other programs (currently squid). - </para> -</refsect1> - - -<refsect1> - <title>OPTIONS</title> - - <varlistentry> - <term>--helper-protocol=PROTO</term> - <listitem><para> - Operate as a stdio-based helper - </para></listitem> - </varlistentry> - - <varlistentry> - <term>--username=USERNAME</term> - <listitem><para> - Specify username of user to authenticate - </para></listitem> - </varlistentry> - - <varlistentry> - <term>--domain=DOMAIN</term> - <listitem><para> - Specify domain of user to authenticate - </para></listitem> - </varlistentry> - - <varlistentry> - <term>--workstation=WORKSTATION</term> - <listitem><para> - Specify the workstation the user authenticated from - </para></listitem> - </varlistentry> - - <varlistentry> - <term>--challenge=STRING</term> - <listitem><para>challenge (HEX encoded)</para></listitem> - </varlistentry> - - <varlistentry> - <term>--lm-response=RESPONSE</term> - <listitem><para>LM Response to the challenge (HEX encoded)</para></listitem> - </varlistentry> - - <varlistentry> - <term>--nt-response=RESPONSE</term> - <listitem><para>NT or NTLMv2 Response to the challenge (HEX encoded)</para></listitem> - </varlistentry> - - <varlistentry> - <term>--password=PASSWORD</term> - <listitem><para>User's plaintext password</para></listitem> - </varlistentry> - - <varlistentry> - <term>--request-lm-key</term> - <listitem><para>Retreive LM session key</para></listitem> - </varlistentry> - - <varlistentry> - <term>--request-nt-key</term> - <listitem><para>Request NT key</para></listitem> - </varlistentry> - - &popt.common.samba; - &stdarg.help; - - </variablelist> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba - suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The ntlm_auth manpage was written by Jelmer Vernooij.</para> -</refsect1> - -</refentry> diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml index fc9a212c19..3454b7d7fa 100644 --- a/docs/docbook/manpages/pdbedit.8.sgml +++ b/docs/docbook/manpages/pdbedit.8.sgml @@ -1,7 +1,7 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; ]> -<refentry id="pdbedit.8"> +<refentry id="pdbedit"> <refmeta> <refentrytitle>pdbedit</refentrytitle> @@ -33,19 +33,18 @@ <arg choice="opt">-e passdb-backend</arg> <arg choice="opt">-g</arg> <arg choice="opt">-b passdb-backend</arg> - <arg choice="opt">-g</arg> <arg choice="opt">-d debuglevel</arg> <arg choice="opt">-s configfile</arg> <arg choice="opt">-P account-policy</arg> - <arg choice="opt">-C value</arg> + <arg choice="opt">-V value</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The pdbedit program is used to manage the users accounts stored in the sam database and can only be run by root.</para> @@ -69,11 +68,12 @@ present in the users database. This option prints a list of user/uid pairs separated by the ':' character.</para> + <para>Example: <command>pdbedit -l</command></para> - <para><screen> -sorce:500:Simo Sorce -samba:45:Test User -</screen></para> + <para><programlisting> + sorce:500:Simo Sorce + samba:45:Test User + </programlisting></para> </listitem> </varlistentry> @@ -86,26 +86,26 @@ samba:45:Test User out the account fields in a descriptive format.</para> <para>Example: <command>pdbedit -l -v</command></para> - <para><screen> ---------------- -username: sorce -user ID/Group: 500/500 -user RID/GRID: 2000/2001 -Full Name: Simo Sorce -Home Directory: \\BERSERKER\sorce -HomeDir Drive: H: -Logon Script: \\BERSERKER\netlogon\sorce.bat -Profile Path: \\BERSERKER\profile ---------------- -username: samba -user ID/Group: 45/45 -user RID/GRID: 1090/1091 -Full Name: Test User -Home Directory: \\BERSERKER\samba -HomeDir Drive: -Logon Script: -Profile Path: \\BERSERKER\profile -</screen></para> + <para><programlisting> + --------------- + username: sorce + user ID/Group: 500/500 + user RID/GRID: 2000/2001 + Full Name: Simo Sorce + Home Directory: \\BERSERKER\sorce + HomeDir Drive: H: + Logon Script: \\BERSERKER\netlogon\sorce.bat + Profile Path: \\BERSERKER\profile + --------------- + username: samba + user ID/Group: 45/45 + user RID/GRID: 1090/1091 + Full Name: Test User + Home Directory: \\BERSERKER\samba + HomeDir Drive: + Logon Script: + Profile Path: \\BERSERKER\profile + </programlisting></para> </listitem> </varlistentry> @@ -116,15 +116,14 @@ Profile Path: \\BERSERKER\profile <listitem><para>This option sets the "smbpasswd" listing format. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the - <filename>smbpasswd</filename> file format. (see the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details)</para> + <filename>smbpasswd</filename> file format. (see the <ulink + url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink> for details)</para> <para>Example: <command>pdbedit -l -w</command></para> - <screen> -sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: -samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: -</screen> + <para><programlisting> + sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: + samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: + </programlisting></para> </listitem> </varlistentry> @@ -138,6 +137,8 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX operations.</para> </listitem> </varlistentry> + + <varlistentry> <term>-f fullname</term> @@ -162,6 +163,7 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX </listitem> </varlistentry> + <varlistentry> <term>-D drive</term> <listitem><para>This option can be used while adding or @@ -206,10 +208,9 @@ samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ask for the password to be used.</para> <para>Example: <command>pdbedit -a -u sorce</command> -<programlisting>new password: -retype new password -</programlisting> -</para> + <programlisting>new password: + retype new password</programlisting> + </para> </listitem> </varlistentry> @@ -270,18 +271,7 @@ retype new password <listitem><para>If you specify <parameter>-g</parameter>, then <parameter>-i in-backend -e out-backend</parameter> applies to the group mapping instead of the user database. - - <para>This option will ease migration from one passdb backend to - another and will ease backing up.</para> - - </listitem> - </varlistentry> - - <varlistentry> - <term>-g</term> - <listitem><para>If you specify <parameter>-g</parameter>, - then <parameter>-i in-backend -e out-backend</parameter> - applies to the group mapping instead of the user database. + </para> <para>This option will ease migration from one passdb backend to another and will ease backing up.</para> @@ -305,30 +295,31 @@ retype new password maximum password age and bad lockout attempt.</para> <para>Example: <command>pdbedit -P "bad lockout attempt"</command></para> -<para><programlisting> -account policy value for bad lockout attempt is 0 -</programlisting></para> + <para><programlisting> + account policy value for bad lockout attempt is 0 + </programlisting></para> </listitem> </varlistentry> <varlistentry> - <term>-C account-policy-value</term> + <term>-V account-policy-value</term> <listitem><para>Sets an account policy to a specified value. This option may only be used in conjunction with the <parameter>-P</parameter> option. </para> - <para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para> -<para><programlisting> -account policy value for bad lockout attempt was 0 -account policy value for bad lockout attempt is now 3 -</programlisting></para> + <para>Example: <command>pdbedit -P "bad lockout attempt" -V 3</command></para> + <para><programlisting> + account policy value for bad lockout attempt was 0 + account policy value for bad lockout attempt is now 3 + </programlisting></para> </listitem> </varlistentry> + &stdarg.debuglevel; &stdarg.help; - &popt.common.samba; + &stdarg.configfile; </variablelist> </refsect1> @@ -350,9 +341,9 @@ account policy value for bad lockout attempt is now 3 <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry></para> + <para><ulink url="smbpasswd.8.html">smbpasswd(8)</ulink>, + <ulink url="samba.7.html">samba(7)</ulink> + </para> </refsect1> <refsect1> @@ -365,11 +356,11 @@ account policy value for bad lockout attempt is now 3 <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook - XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index 39a1e512c0..10e0ff438d 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -1,7 +1,7 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; ]> -<refentry id="rpcclient.1"> +<refentry id="rpcclient"> <refmeta> <refentrytitle>rpcclient</refentrytitle> @@ -36,8 +36,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>rpcclient</command> is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone @@ -56,9 +56,28 @@ <listitem><para>NetBIOS name of Server to which to connect. The server can be any SMB/CIFS server. The name is resolved using the <ulink url="smb.conf.5.html#NAMERESOLVEORDER"> - <parameter>name resolve order</parameter></ulink> line from <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para></listitem> - </varlistentry> + <parameter>name resolve order</parameter></ulink> line from + <filename>smb.conf(5)</filename>.</para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A|--authfile=filename</term> + <listitem><para>This option allows + you to specify a file from which to read the username and + password used in the connection. The format of the file is + </para> + + <para><programlisting> + username = <value> + password = <value> + domain = <value> + </programlisting></para> + + <para>Make certain that the permissions on the file restrict + access from unwanted users. </para></listitem> + </varlistentry> + <varlistentry> @@ -66,8 +85,13 @@ <listitem><para>execute semicolon separated commands (listed below)) </para></listitem> </varlistentry> - + + + + &stdarg.debuglevel; + &stdarg.help; + <varlistentry> <term>-I IP-address</term> <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. @@ -86,132 +110,117 @@ above. </para></listitem> </varlistentry> - &popt.common.samba; - &popt.common.credentials; - &popt.common.connection; - &stdarg.help; - </variablelist> -</refsect1> + + <varlistentry> + <term>-l|--logfile=logbasename</term> + <listitem><para>File name for log/debug files. The extension + <constant>'.client'</constant> will be appended. The log file is + never removed by the client. + </para></listitem> + </varlistentry> -<refsect1> - <title>COMMANDS</title> + + <varlistentry> + <term>-N|--nopass</term> + <listitem><para>instruct <command>rpcclient</command> not to ask + for a password. By default, <command>rpcclient</command> will + prompt for a password. See also the <parameter>-U</parameter> + option.</para></listitem> + </varlistentry> - <refsect2> - <title>LSARPC</title> + + <varlistentry> + <term>-s|--conf=smb.conf</term> + <listitem><para>Specifies the location of the all-important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> - <variablelist> - <varlistentry><term>lsaquery</term><listitem><para>Query info policy</para></listitem></varlistentry> + + + <varlistentry> + <term>-U|--user=username[%password]</term> + <listitem><para>Sets the SMB username or username and password. </para> - <varlistentry><term>lookupsids</term><listitem><para>Resolve a list - of SIDs to usernames. - </para></listitem></varlistentry> + <para>If %password is not specified, the user will be prompted. The + client will first check the <envar>USER</envar> environment variable, then the + <envar>LOGNAME</envar> variable and if either exists, the + string is uppercased. If these environmental variables are not + found, the username <constant>GUEST</constant> is used. </para> + + <para>A third option is to use a credentials file which + contains the plaintext of the username and password. This + option is mainly provided for scripts where the admin does not + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + <parameter>-A</parameter> for more details. </para> - <varlistentry><term>lookupnames</term><listitem><para>Resolve a list - of usernames to SIDs. - </para></listitem></varlistentry> + <para>Be cautious about including passwords in scripts. Also, on + many systems the command line of a running process may be seen + via the <command>ps</command> command. To be safe always allow + <command>rpcclient</command> to prompt for a password and type + it in directly. </para></listitem> + </varlistentry> - <varlistentry><term>enumtrusts</term><listitem><para>Enumerate trusted domains</para></listitem></varlistentry> - - <varlistentry><term>enumprivs</term><listitem><para>Enumerate privileges</para></listitem></varlistentry> - - <varlistentry><term>getdispname</term><listitem><para>Get the privilege name</para></listitem></varlistentry> - - <varlistentry><term>lsaenumsid</term><listitem><para>Enumerate the LSA SIDS</para></listitem></varlistentry> - - <varlistentry><term>lsaenumprivsaccount</term><listitem><para>Enumerate the privileges of an SID</para></listitem></varlistentry> - - <varlistentry><term>lsaenumacctrights</term><listitem><para>Enumerate the rights of an SID</para></listitem></varlistentry> - - <varlistentry><term>lsaenumacctwithright</term><listitem><para>Enumerate accounts with a right</para></listitem></varlistentry> - - <varlistentry><term>lsaaddacctrights</term><listitem><para>Add rights to an account</para></listitem></varlistentry> - - <varlistentry><term>lsaremoveacctrights</term><listitem><para>Remove rights from an account</para></listitem></varlistentry> - - <varlistentry><term>lsalookupprivvalue</term><listitem><para>Get a privilege value given its name</para></listitem></varlistentry> - - <varlistentry><term>lsaquerysecobj</term><listitem><para>Query LSA security object</para></listitem></varlistentry> - - </variablelist> - </refsect2> - - <refsect2> - <title>LSARPC-DS</title> - - <variablelist> - <varlistentry><term>dsroledominfo</term><listitem><para>Get Primary Domain Information</para></listitem></varlistentry> - </variablelist> - - <para> </para> - - <para><emphasis>DFS</emphasis></para> - <variablelist> - <varlistentry><term>dfsexist</term><listitem><para>Query DFS support</para></listitem></varlistentry> - <varlistentry><term>dfsadd</term><listitem><para>Add a DFS share</para></listitem></varlistentry> - <varlistentry><term>dfsremove</term><listitem><para>Remove a DFS share</para></listitem></varlistentry> - <varlistentry><term>dfsgetinfo</term><listitem><para>Query DFS share info</para></listitem></varlistentry> - <varlistentry><term>dfsenum</term><listitem><para>Enumerate dfs shares</para></listitem></varlistentry> - </variablelist> - - </refsect2> - - <refsect2> - <title>REG</title> - <variablelist> - <varlistentry><term>shutdown</term><listitem><para>Remote Shutdown</para></listitem></varlistentry> - <varlistentry><term>abortshutdown</term><listitem><para>Abort Shutdown</para></listitem></varlistentry> + + + + <varlistentry> + <term>-W|--workgroup=domain</term> + <listitem><para>Set the SMB domain of the username. This + overrides the default domain which is the domain defined in + smb.conf. If the domain specified is the same as the server's NetBIOS name, + it causes the client to log on using the server's local SAM (as + opposed to the Domain SAM). </para></listitem> + </varlistentry> + + </variablelist> +</refsect1> - </refsect2> - <refsect2> - <title>SRVSVC</title> +<refsect1> + <title>COMMANDS</title> - <variablelist> - <varlistentry><term>srvinfo</term><listitem><para>Server query info</para></listitem></varlistentry> + <para><emphasis>LSARPC</emphasis></para> + <itemizedlist> + <listitem><para><command>lsaquery</command></para></listitem> - <varlistentry><term>netshareenum</term><listitem><para>Enumerate shares</para></listitem></varlistentry> - - <varlistentry><term>netfileenum</term><listitem><para>Enumerate open files</para></listitem></varlistentry> + <listitem><para><command>lookupsids</command> - Resolve a list + of SIDs to usernames. + </para></listitem> - <varlistentry><term>netremotetod</term><listitem><para>Fetch remote time of day</para></listitem></varlistentry> + <listitem><para><command>lookupnames</command> - Resolve a list + of usernames to SIDs. + </para></listitem> - </variablelist> + <listitem><para><command>enumtrusts</command></para></listitem> + </itemizedlist> + <para> </para> + - </refsect2> - <refsect2> - <title>SAMR</title> + <para><emphasis>SAMR</emphasis></para> + <itemizedlist> + <listitem><para><command>queryuser</command></para></listitem> + <listitem><para><command>querygroup</command></para></listitem> + <listitem><para><command>queryusergroups</command></para></listitem> + <listitem><para><command>querygroupmem</command></para></listitem> + <listitem><para><command>queryaliasmem</command></para></listitem> + <listitem><para><command>querydispinfo</command></para></listitem> + <listitem><para><command>querydominfo</command></para></listitem> + <listitem><para><command>enumdomgroups</command></para></listitem> + </itemizedlist> + <para> </para> - <variablelist> - <varlistentry><term>queryuser</term><listitem><para>Query user info</para></listitem></varlistentry> - <varlistentry><term>querygroup</term><listitem><para>Query group info</para></listitem></varlistentry> - <varlistentry><term>queryusergroups</term><listitem><para>Query user groups</para></listitem></varlistentry> - <varlistentry><term>querygroupmem</term><listitem><para>Query group membership</para></listitem></varlistentry> - <varlistentry><term>queryaliasmem</term><listitem><para>Query alias membership</para></listitem></varlistentry> - <varlistentry><term>querydispinfo</term><listitem><para>Query display info</para></listitem></varlistentry> - <varlistentry><term>querydominfo</term><listitem><para>Query domain info</para></listitem></varlistentry> - <varlistentry><term>enumdomusers</term><listitem><para>Enumerate domain users</para></listitem></varlistentry> - <varlistentry><term>enumdomgroups</term><listitem><para>Enumerate domain groups</para></listitem></varlistentry> - <varlistentry><term>enumalsgroups</term><listitem><para>Enumerate alias groups</para></listitem></varlistentry> - <varlistentry><term>createdomuser</term><listitem><para>Create domain user</para></listitem></varlistentry> - <varlistentry><term>samlookupnames</term><listitem><para>Look up names</para></listitem></varlistentry> - <varlistentry><term>samlookuprids</term><listitem><para>Look up names</para></listitem></varlistentry> - <varlistentry><term>deletedomuser</term><listitem><para>Delete domain user</para></listitem></varlistentry> - <varlistentry><term>samquerysecobj</term><listitem><para>Query SAMR security object</para></listitem></varlistentry> - <varlistentry><term>getdompwinfo</term><listitem><para>Retrieve domain password info</para></listitem></varlistentry> - </variablelist> - </refsect2> - <refsect2> - <title>SPOOLSS</title> + <para><emphasis>SPOOLSS</emphasis></para> - <variablelist> - <varlistentry><term>adddriver <arch> <config></term> - <listitem><para> - Execute an AddPrinterDriver() RPC to install the printer driver + <itemizedlist> + <listitem><para><command>adddriver <arch> <config></command> + - Execute an AddPrinterDriver() RPC to install the printer driver information on the server. Note that the driver files should already exist in the directory returned by <command>getdriverdir</command>. Possible values for @@ -220,16 +229,16 @@ The <parameter>config</parameter> parameter is defined as follows: </para> -<para><programlisting> -Long Printer Name:\ -Driver File Name:\ -Data File Name:\ -Config File Name:\ -Help File Name:\ -Language Monitor Name:\ -Default Data Type:\ -Comma Separated list of Files -</programlisting></para> + <para><programlisting> + Long Printer Name:\ + Driver File Name:\ + Data File Name:\ + Config File Name:\ + Help File Name:\ + Language Monitor Name:\ + Default Data Type:\ + Comma Separated list of Files + </programlisting></para> <para>Any empty fields should be enter as the string "NULL". </para> @@ -238,174 +247,133 @@ Comma Separated list of Files use of a bi-directional link for communication. This field should be "NULL". On a remote NT print server, the Print Monitor for a driver must already be installed prior to adding the driver or - else the RPC will fail. </para></listitem></varlistentry> - - <varlistentry><term>addprinter <printername> - <sharename> <drivername> <port></term> - <listitem><para> - Add a printer on the remote server. This printer + else the RPC will fail. </para></listitem> + + + + + <listitem><para><command>addprinter <printername> + <sharename> <drivername> <port></command> + - Add a printer on the remote server. This printer will be automatically shared. Be aware that the printer driver must already be installed on the server (see <command>adddriver</command>) and the <parameter>port</parameter>must be a valid port name (see <command>enumports</command>.</para> - </listitem></varlistentry> + </listitem> - <varlistentry><term>deldriver</term><listitem><para>Delete the + <listitem><para><command>deldriver</command> - Delete the specified printer driver for all architectures. This does not delete the actual driver files from the server, only the entry from the server's list of drivers. - </para></listitem></varlistentry> + </para></listitem> - <varlistentry><term>enumdata</term><listitem><para>Enumerate all + <listitem><para><command>enumdata</command> - Enumerate all printer setting data stored on the server. On Windows NT clients, these values are stored in the registry, while Samba servers store them in the printers TDB. This command corresponds to the MS Platform SDK GetPrinterData() function (* This - command is currently unimplemented).</para></listitem></varlistentry> + command is currently unimplemented).</para></listitem> + - <varlistentry><term>enumdataex</term><listitem><para>Enumerate printer data for a key</para></listitem></varlistentry> - <varlistentry><term>enumjobs <printer></term> - <listitem><para>List the jobs and status of a given printer. + <listitem><para><command>enumjobs <printer></command> + - List the jobs and status of a given printer. This command corresponds to the MS Platform SDK EnumJobs() - function </listitem></varlistentry> + function (* This command is currently unimplemented).</para></listitem> + + - <varlistentry><term>enumkey</term><listitem><para>Enumerate printer keys</para></listitem></varlistentry> - <varlistentry><term>enumports [level]</term> - <listitem><para> - Executes an EnumPorts() call using the specified + <listitem><para><command>enumports [level]</command> + - Executes an EnumPorts() call using the specified info level. Currently only info levels 1 and 2 are supported. - </para></listitem></varlistentry> + </para></listitem> - <varlistentry><term>enumdrivers [level]</term> - <listitem><para> - Execute an EnumPrinterDrivers() call. This lists the various installed + <listitem><para><command>enumdrivers [level]</command> + - Execute an EnumPrinterDrivers() call. This lists the various installed printer drivers for all architectures. Refer to the MS Platform SDK documentation for more details of the various flags and calling - options. Currently supported info levels are 1, 2, and 3.</para></listitem></varlistentry> + options. Currently supported info levels are 1, 2, and 3.</para></listitem> - <varlistentry><term>enumprinters [level]</term> - <listitem><para>Execute an EnumPrinters() call. This lists the various installed + <listitem><para><command>enumprinters [level]</command> + - Execute an EnumPrinters() call. This lists the various installed and share printers. Refer to the MS Platform SDK documentation for more details of the various flags and calling options. Currently - supported info levels are 0, 1, and 2.</para></listitem></varlistentry> + supported info levels are 0, 1, and 2.</para></listitem> - <varlistentry><term>getdata <printername> <valuename;></term> - <listitem><para>Retrieve the data for a given printer setting. See + <listitem><para><command>getdata <printername></command> + - Retrieve the data for a given printer setting. See the <command>enumdata</command> command for more information. This command corresponds to the GetPrinterData() MS Platform - SDK function. </para></listitem></varlistentry> + SDK function (* This command is currently unimplemented). </para></listitem> - <varlistentry><term>getdataex</term><listitem><para>Get printer driver data with keyname</para></listitem></varlistentry> - <varlistentry><term>getdriver <printername></term> - <listitem><para> - Retrieve the printer driver information (such as driver file, + <listitem><para><command>getdriver <printername></command> + - Retrieve the printer driver information (such as driver file, config file, dependent files, etc...) for the given printer. This command corresponds to the GetPrinterDriver() MS Platform SDK function. Currently info level 1, 2, and 3 are supported. - </para></listitem></varlistentry> + </para></listitem> - <varlistentry><term>getdriverdir <arch></term> - <listitem><para> - Execute a GetPrinterDriverDirectory() + <listitem><para><command>getdriverdir <arch></command> + - Execute a GetPrinterDriverDirectory() RPC to retrieve the SMB share name and subdirectory for storing printer driver files for a given architecture. Possible values for <parameter>arch</parameter> are "Windows 4.0" (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows - Alpha_AXP", and "Windows NT R4000". </para></listitem></varlistentry> + Alpha_AXP", and "Windows NT R4000". </para></listitem> - <varlistentry><term>getprinter <printername></term> - <listitem><para>Retrieve the current printer information. This command + <listitem><para><command>getprinter <printername></command> + - Retrieve the current printer information. This command corresponds to the GetPrinter() MS Platform SDK function. - </para></listitem></varlistentry> + </para></listitem> + - <varlistentry><term>getprintprocdir</term><listitem><para>Get print processor directory</para></listitem></varlistentry> - <varlistentry><term>openprinter <printername></term> - <listitem><para>Execute an OpenPrinterEx() and ClosePrinter() RPC + <listitem><para><command>openprinter <printername></command> + - Execute an OpenPrinterEx() and ClosePrinter() RPC against a given printer. </para></listitem> - <varlistentry><term>setdriver <printername> - <drivername></term> - <listitem><para>Execute a SetPrinter() command to update the printer driver + + <listitem><para><command>setdriver <printername> + <drivername></command> + - Execute a SetPrinter() command to update the printer driver associated with an installed printer. The printer driver must already be correctly installed on the print server. </para> <para>See also the <command>enumprinters</command> and <command>enumdrivers</command> commands for obtaining a list of - of installed printers and drivers.</para></listitem></varlistentry> - - <varlistentry><term>addform</term><listitem><para>Add form</para></listitem></varlistentry> - <varlistentry><term>setform</term><listitem><para>Set form</para></listitem></varlistentry> - <varlistentry><term>getform</term><listitem><para>Get form</para></listitem></varlistentry> - <varlistentry><term>deleteform</term><listitem><para>Delete form</para></listitem></varlistentry> - <varlistentry><term>enumforms</term><listitem><para>Enumerate form</para></listitem></varlistentry> - <varlistentry><term>setprinter</term><listitem><para>Set printer comment</para></listitem></varlistentry> - <varlistentry><term>setprinterdata</term><listitem><para>Set REG_SZ printer data</para></listitem></varlistentry> - <varlistentry><term>rffpcnex</term><listitem><para>Rffpcnex test</para></listitem></varlistentry> - + of installed printers and drivers.</para></listitem> - </variablelist> + </itemizedlist> - </refsect2> - <refsect2> - <title>NETLOGON</title> + <para><emphasis>GENERAL OPTIONS</emphasis></para> - <variablelist> + <itemizedlist> + <listitem><para><command>debuglevel</command> - Set the current + debug level used to log information.</para></listitem> - <varlistentry><term>logonctrl2</term> - <listitem><para>Logon Control 2</para></listitem> - </varlistentry> - - <varlistentry><term>logonctrl</term> - <listitem><para>Logon Control</para></listitem> - </varlistentry> - - <varlistentry><term>samsync</term> - <listitem><para>Sam Synchronisation</para></listitem> - </varlistentry> - - <varlistentry><term>samdeltas</term> - <listitem><para>Query Sam Deltas</para></listitem> - </varlistentry> - - <varlistentry><term>samlogon</term> - <listitem><para>Sam Logon</para></listitem> - </varlistentry> - - </variablelist> - </refsect2> - - <refsect2> - <title>GENERAL COMMANDS</title> - - <variablelist> - <varlistentry><term>debuglevel</term><listitem><para>Set the current - debug level used to log information.</para></listitem></varlistentry> - - <varlistentry><term>help (?)</term><listitem><para>Print a listing of all + <listitem><para><command>help (?)</command> - Print a listing of all known commands or extended help on a particular command. - </para></listitem></varlistentry> + </para></listitem> - <varlistentry><term>quit (exit)</term><listitem><para>Exit <command>rpcclient - </command>.</para></listitem></varlistentry> - </variablelist> - </refsect2> + <listitem><para><command>quit (exit)</command> - Exit <command>rpcclient + </command>.</para></listitem> + </itemizedlist> + </refsect1> @@ -419,7 +387,7 @@ Comma Separated list of Files <para>From Luke Leighton's original rpcclient man page:</para> - <para><emphasis>WARNING!</emphasis> The MSRPC over SMB code has + <para><emphasis>"WARNING!</emphasis> The MSRPC over SMB code has been developed from examining Network traces. No documentation is available from the original creators (Microsoft) on how MSRPC over SMB works, or how the individual MSRPC services work. Microsoft's @@ -427,13 +395,12 @@ Comma Separated list of Files to be... a bit flaky in places. </para> <para>The development of Samba's implementation is also a bit rough, - and as more of the services are understood, it can even result in - versions of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>rpcclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> that are incompatible for some commands or services. Additionally, + and as more of the services are understood, it can even result in + versions of <command>smbd(8)</command> and <command>rpcclient(1)</command> + that are incompatible for some commands or services. Additionally, the developers are sending reports to Microsoft, and problems found or reported to Microsoft are fixed in Service Packs, which may - result in incompatibilities.</para> + result in incompatibilities." </para> </refsect1> @@ -455,8 +422,7 @@ Comma Separated list of Files <para>The original rpcclient man page was written by Matthew Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. The conversion to DocBook for Samba 2.2 was done by Gerald - Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was - done by Alexander Bokovoy.</para> + Carter.</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml index a352a6a7c6..17865edd81 100644 --- a/docs/docbook/manpages/samba.7.sgml +++ b/docs/docbook/manpages/samba.7.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="samba.7"> +<refentry id="samba"> <refmeta> <refentrytitle>samba</refentrytitle> @@ -8,7 +8,7 @@ <refnamediv> - <refname>Samba</refname> + <refname>SAMBA</refname> <refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose> </refnamediv> @@ -29,30 +29,26 @@ <variablelist> <varlistentry> - <term><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>smbd</command> daemon provides the file and print services to + <term><command>smbd</command></term> + <listitem><para>The <command>smbd </command> + daemon provides the file and print services to SMB clients, such as Windows 95/98, Windows NT, Windows for Workgroups or LanManager. The configuration file - for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> + for this daemon is described in <filename>smb.conf</filename> </para></listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> + <term><command>nmbd</command></term> <listitem><para>The <command>nmbd</command> daemon provides NetBIOS nameservice and browsing support. The configuration file for this daemon - is described in <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + is described in <filename>smb.conf</filename></para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>smbclient</command></term> <listitem><para>The <command>smbclient</command> program implements a simple ftp-like client. This is useful for accessing SMB shares on other compatible @@ -63,17 +59,15 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>testparm</command></term> <listitem><para>The <command>testparm</command> - utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> configuration file.</para> + utility is a simple syntax checker for Samba's + <filename>smb.conf</filename>configuration file.</para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>testprns</command></term> <listitem><para>The <command>testprns</command> utility supports testing printer names defined in your <filename>printcap</filename> file used @@ -82,8 +76,7 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbstatus</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>smbstatus</command></term> <listitem><para>The <command>smbstatus</command> tool provides access to information about the current connections to <command>smbd</command>.</para> @@ -91,8 +84,7 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></term> + <term><command>nmblookup</command></term> <listitem><para>The <command>nmblookup</command> tools allows NetBIOS name queries to be made from a UNIX host.</para> @@ -100,18 +92,15 @@ </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbgroupedit</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> - <listitem><para>The <command>smbgroupedit</command> - tool allows for mapping unix groups to NT Builtin, - Domain, or Local groups. Also it allows setting - priviledges for that group, such as saAddUser, etc.</para> + <term><command>make_smbcodepage</command></term> + <listitem><para>The <command>make_smbcodepage</command> + utility provides a means of creating SMB code page + definition files for your <command>smbd</command> server.</para> </listitem> </varlistentry> <varlistentry> - <term><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></term> + <term><command>smbpasswd</command></term> <listitem><para>The <command>smbpasswd</command> command is a tool for changing LanMan and Windows NT password hashes on Samba and Windows NT servers.</para> @@ -158,8 +147,8 @@ list. Details on how to join the mailing list are given in the README file that comes with Samba.</para> - <para>If you have access to a WWW viewer (such as Mozilla - or Konqueror) then you will also find lots of useful information, + <para>If you have access to a WWW viewer (such as Netscape + or Mosaic) then you will also find lots of useful information, including back issues of the Samba mailing list, at <ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para> </refsect1> @@ -167,7 +156,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the + <para>This man page is correct for version 2.2 of the Samba suite. </para> </refsect1> @@ -181,8 +170,8 @@ <para>If you have patches to submit, visit <ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink> - for information on how to do it properly. We prefer patches - in <command>diff -u</command> format.</para> + for information on how to do it properly. We prefer patches in + <command>diff -u</command> format.</para> </refsect1> <refsect1> @@ -217,11 +206,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML - 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 2fbd27b934..7910b1ce8e 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smb.conf.5"> +<refentry id="smb.conf"> <refmeta> <refentrytitle>smb.conf</refentrytitle> @@ -15,13 +15,14 @@ <refsect1> <title>SYNOPSIS</title> - <para>The <filename>smb.conf</filename> file is a configuration - file for the Samba suite. <filename>smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename>smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> + <para>The <filename>smb.conf</filename> file is a configuration + file for the Samba suite. <filename>smb.conf</filename> contains + runtime configuration information for the Samba programs. The + <filename>smb.conf</filename> file is designed to be configured and + administered by the <ulink url="swat.8.html"><command>swat(8)</command> + </ulink> program. The complete description of the file format and + possible parameters held within are here for reference purposes.</para> +</refsect1> <refsect1> <title id="FILEFORMATSECT">FILE FORMAT</title> @@ -104,13 +105,13 @@ The user has write access to the path <filename>/home/bar</filename>. The share is accessed via the share name "foo":</para> -<screen> -<computeroutput> -[foo] - path = /home/bar - read only = no -</computeroutput> -</screen> + <screen> + <computeroutput> + [foo] + path = /home/bar + read only = no + </computeroutput> + </screen> <para>The following sample section defines a printable share. The share is readonly, but printable. That is, the only write @@ -119,15 +120,15 @@ access will be permitted as the default guest user (specified elsewhere):</para> -<screen> -<computeroutput> -[aprinter] - path = /usr/spool/public - read only = yes - printable = yes - guest ok = yes -</computeroutput> -</screen> + <screen> + <computeroutput> + [aprinter] + path = /usr/spool/public + read only = yes + printable = yes + guest ok = yes + </computeroutput> + </screen> </refsect1> <refsect1> @@ -191,12 +192,12 @@ than others. The following is a typical and suitable [homes] section:</para> -<screen> -<computeroutput> -[homes] - read only = no -</computeroutput> -</screen> + <screen> + <computeroutput> + [homes] + read only = no + </computeroutput> + </screen> <para>An important point is that if guest access is specified in the [homes] section, all home directories will be @@ -256,12 +257,12 @@ it. A typical [printers] entry would look like this:</para> -<screen><computeroutput> -[printers] - path = /usr/spool/public - guest ok = yes - printable = yes -</computeroutput></screen> + <screen><computeroutput> + [printers] + path = /usr/spool/public + guest ok = yes + printable = yes + </computeroutput></screen> <para>All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned. @@ -269,11 +270,11 @@ to set up a pseudo-printcap. This is a file consisting of one or more lines like this:</para> -<screen> -<computeroutput> -alias|alias|alias|alias... -</computeroutput> -</screen> + <screen> + <computeroutput> + alias|alias|alias|alias... + </computeroutput> + </screen> <para>Each alias should be an acceptable printer name for your printing subsystem. In the [global] section, specify @@ -287,11 +288,11 @@ alias|alias|alias|alias... components (if there are more than one) are separated by vertical bar symbols ('|').</para> - <note><para>On SYSV systems which use lpstat to determine what + <para>NOTE: On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use "printcap name = lpstat" to automatically obtain a list of printers. See the "printcap name" option - for more details.</para></note> + for more details.</para> </refsect2> </refsect1> @@ -471,7 +472,7 @@ alias|alias|alias|alias... </variablelist> <para>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</para> + with these substitutions and other smb.conf options.</para </refsect1> <refsect1> @@ -551,7 +552,7 @@ alias|alias|alias|alias... then steps 1 to 5 are skipped.</para> - <orderedlist numeration="arabic"> + <orderedlist numeration="Arabic"> <listitem><para>If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs then the connection is made as that @@ -684,7 +685,6 @@ alias|alias|alias|alias... <listitem><para><link linkend="LOGONSCRIPT"><parameter>logon script</parameter></link></para></listitem> <listitem><para><link linkend="LPQCACHETIME"><parameter>lpq cache time</parameter></link></para></listitem> <listitem><para><link linkend="MACHINEPASSWORDTIMEOUT"><parameter>machine password timeout</parameter></link></para></listitem> - <listitem><para><link linkend="MANGLEPREFIX"><parameter>mangle prefix</parameter></link></para></listitem> <listitem><para><link linkend="MANGLEDSTACK"><parameter>mangled stack</parameter></link></para></listitem> <listitem><para><link linkend="MAPTOGUEST"><parameter>map to guest</parameter></link></para></listitem> <listitem><para><link linkend="MAXDISKSIZE"><parameter>max disk size</parameter></link></para></listitem> @@ -728,9 +728,9 @@ alias|alias|alias|alias... <listitem><para><link linkend="PREFEREDMASTER"><parameter>prefered master</parameter></link></para></listitem> <listitem><para><link linkend="PREFERREDMASTER"><parameter>preferred master</parameter></link></para></listitem> <listitem><para><link linkend="PRELOAD"><parameter>preload</parameter></link></para></listitem> - <listitem><para><link linkend="PRELOADMODULES"><parameter>preload modules</parameter></link></para></listitem> <listitem><para><link linkend="PRINTCAP"><parameter>printcap</parameter></link></para></listitem> <listitem><para><link linkend="PRINTCAPNAME"><parameter>printcap name</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVERFILE"><parameter>printer driver file</parameter></link></para></listitem> <listitem><para><link linkend="PRIVATEDIR"><parameter>private dir</parameter></link></para></listitem> <listitem><para><link linkend="PROTOCOL"><parameter>protocol</parameter></link></para></listitem> <listitem><para><link linkend="READBMPX"><parameter>read bmpx</parameter></link></para></listitem> @@ -771,6 +771,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="UNIXPASSWORDSYNC"><parameter>unix password sync</parameter></link></para></listitem> <listitem><para><link linkend="UPDATEENCRYPTED"><parameter>update encrypted</parameter></link></para></listitem> <listitem><para><link linkend="USEMMAP"><parameter>use mmap</parameter></link></para></listitem> + <listitem><para><link linkend="USERHOSTS"><parameter>use rhosts</parameter></link></para></listitem> <listitem><para><link linkend="USESENDFILE"><parameter>use sendfile</parameter></link></para></listitem> <listitem><para><link linkend="USERNAMELEVEL"><parameter>username level</parameter></link></para></listitem> <listitem><para><link linkend="USERNAMEMAP"><parameter>username map</parameter></link></para></listitem> @@ -806,7 +807,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="ALLOWHOSTS"><parameter>allow hosts</parameter></link></para></listitem> <listitem><para><link linkend="AVAILABLE"><parameter>available</parameter></link></para></listitem> <listitem><para><link linkend="BLOCKINGLOCKS"><parameter>blocking locks</parameter></link></para></listitem> - <listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem> +<listitem><para><link linkend="BLOCKSIZE"><parameter>block size</parameter></link></para></listitem> <listitem><para><link linkend="BROWSABLE"><parameter>browsable</parameter></link></para></listitem> <listitem><para><link linkend="BROWSEABLE"><parameter>browseable</parameter></link></para></listitem> <listitem><para><link linkend="CASESENSITIVE"><parameter>case sensitive</parameter></link></para></listitem> @@ -882,6 +883,7 @@ alias|alias|alias|alias... <listitem><para><link linkend="PATH"><parameter>path</parameter></link></para></listitem> <listitem><para><link linkend="POSIXLOCKING"><parameter>posix locking</parameter></link></para></listitem> <listitem><para><link linkend="POSTEXEC"><parameter>postexec</parameter></link></para></listitem> + <listitem><para><link linkend="POSTSCRIPT"><parameter>postscript</parameter></link></para></listitem> <listitem><para><link linkend="PREEXEC"><parameter>preexec</parameter></link></para></listitem> <listitem><para><link linkend="PREEXECCLOSE"><parameter>preexec close</parameter></link></para></listitem> <listitem><para><link linkend="PRESERVECASE"><parameter>preserve case</parameter></link></para></listitem> @@ -890,6 +892,8 @@ alias|alias|alias|alias... <listitem><para><link linkend="PRINTABLE"><parameter>printable</parameter></link></para></listitem> <listitem><para><link linkend="PRINTER"><parameter>printer</parameter></link></para></listitem> <listitem><para><link linkend="PRINTERADMIN"><parameter>printer admin</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVER"><parameter>printer driver</parameter></link></para></listitem> + <listitem><para><link linkend="PRINTERDRIVERLOCATION"><parameter>printer driver location</parameter></link></para></listitem> <listitem><para><link linkend="PRINTERNAME"><parameter>printer name</parameter></link></para></listitem> <listitem><para><link linkend="PRINTING"><parameter>printing</parameter></link></para></listitem> <listitem><para><link linkend="PUBLIC"><parameter>public</parameter></link></para></listitem> @@ -935,10 +939,10 @@ alias|alias|alias|alias... <variablelist> <varlistentry> - <term><anchor id="ABORTSHUTDOWNSCRIPT"/>abort shutdown script (G)</term> + <term><anchor id="ABORTSHUTDOWNSCRIPT">abort shutdown script (G)</term> <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> that + This a full path name to a script called by + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"><parameter>shutdown script</parameter></link>.</para> @@ -950,7 +954,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADDPRINTERCOMMAND"/>addprinter command (G)</term> + <term><anchor id="ADDPRINTERCOMMAND">addprinter command (G)</term> <listitem><para>With the introduction of MS-RPC based printing support for Windows NT/2000 clients in Samba 2.2, The MS Add Printer Wizard (APW) icon is now also available in the @@ -964,12 +968,12 @@ alias|alias|alias|alias... will perform the necessary operations for adding the printer to the print system and to add the appropriate service definition to the <filename>smb.conf</filename> file in order that it can be - shared by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + shared by <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> <para>The <parameter>addprinter command</parameter> is automatically invoked with the following parameter (in - order):</para> + order:</para> <itemizedlist> <listitem><para><parameter>printer name</parameter></para></listitem> @@ -986,22 +990,16 @@ alias|alias|alias|alias... driver location" parameter is included for backwards compatibility only. The remaining fields in the structure are generated from answers to the APW questions.</para> - + <para>Once the <parameter>addprinter command</parameter> has been executed, <command>smbd</command> will reparse the <filename> smb.conf</filename> to determine if the share defined by the APW exists. If the sharename is still invalid, then <command>smbd </command> will return an ACCESS_DENIED error to the client.</para> - - <para> - The "add printer command" program can output a single line of text, - which Samba will set as the port the new printer is connected to. - If this line isn't output, Samba won't reload its printer shares. - </para> <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter> deleteprinter command</parameter></link>, <link - linkend="PRINTING"><parameter>printing</parameter></link>, + linkend="printing"><parameter>printing</parameter></link>, <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para> @@ -1014,7 +1012,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="ADDSHARECOMMAND"/>add share command (G)</term> + <term><anchor id="ADDSHARECOMMAND">add share command (G)</term> <listitem><para>Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The <parameter>add share command</parameter> is used to define an @@ -1068,10 +1066,9 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="ADDMACHINESCRIPT"/>add machine script (G)</term> + <term><anchor id="ADDMACHINESCRIPT">add machine script (G)</term> <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a machine is added + be run by <ulink url="smbd.8.html">smbd(8)</ulink> when a machine is added to it's domain using the administrator username and password method. </para> <para>This option is only required when using sam back-ends tied to the @@ -1087,7 +1084,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADSSERVER"/>ads server (G)</term> + <term><anchor id="ADSSERVER">ads server (G)</term> <listitem><para>If this option is specified, samba does not try to figure out what ads server to use itself, but uses the specified ads server. Either one DNS name or IP @@ -1100,10 +1097,10 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> + <term><anchor id="ADDUSERSCRIPT">add user script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8) + </ulink> under special circumstances described below.</para> <para>Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites @@ -1113,16 +1110,16 @@ alias|alias|alias|alias... url="smbd.8.html">smbd</ulink> to create the required UNIX users <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> - <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter> + <para>In order to use this option, <ulink url="smbd.8.html">smbd</ulink> + must <emphasis>NOT</emphasis> be set to <parameter>security = share</parameter> and <parameter>add user script</parameter> must be set to a full pathname for a script that will create a UNIX user given one argument of <parameter>%u</parameter>, which expands into the UNIX user name to create.</para> <para>When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts the <parameter>password server</parameter> and + at login (session setup in the SMB protocol) time, <ulink url="smbd.8.html"> + smbd</ulink> contacts the <parameter>password server</parameter> and attempts to authenticate the given user with the given password. If the authentication succeeds then <command>smbd</command> attempts to find a UNIX user in the UNIX password database to map the @@ -1150,10 +1147,10 @@ alias|alias|alias|alias... </listitem> </varlistentry> - <varlistentry><term><anchor id="ADDGROUPSCRIPT"/>add group script (G)</term> + <varlistentry><term><anchor id="ADDGROUPSCRIPT">add group script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a new group is + be run <emphasis>AS ROOT</emphasis> by <ulink + url="smbd.8.html">smbd(8)</ulink> when a new group is requested. It will expand any <parameter>%g</parameter> to the group name passed. This script is only useful for installations using the @@ -1166,7 +1163,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADMINUSERS"/>admin users (S)</term> + <term><anchor id="ADMINUSERS">admin users (S)</term> <listitem><para>This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).</para> @@ -1182,13 +1179,13 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ADDUSERTOGROUPSCRIPT"/>add user to group script (G)</term> + <term><anchor id="ADDUSERTOGROUPSCRIPT">add user to group script (G)</term> <listitem><para>Full path to the script that will be called when a user is added to a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter>%g</parameter> will be replaced with the group name and - any <parameter>%u</parameter> will be replaced with the user name. + tools. It will be run by <ulink url="smbd.8.html">smbd(8)</ulink> + <emphasis>AS ROOT</emphasis>. Any <parameter>%g</parameter> will be + replaced with the group name and any <parameter>%u</parameter> will + be replaced with the user name. </para> <para>Default: <command>add user to group script = </command></para> @@ -1199,13 +1196,13 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ALLOWHOSTS"/>allow hosts (S)</term> + <term><anchor id="ALLOWHOSTS">allow hosts (S)</term> <listitem><para>Synonym for <link linkend="HOSTSALLOW"> <parameter>hosts allow</parameter></link>.</para></listitem> </varlistentry> <varlistentry> - <term><anchor id="ALGORITHMICRIDBASE"/>algorithmic rid base (G)</term> + <term><anchor id="ALGORITHMICRIDBASE">algorithmic rid base (G)</term> <listitem><para>This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers.</para> @@ -1228,7 +1225,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ALLOWTRUSTEDDOMAINS"/>allow trusted domains (G)</term> + <term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term> <listitem><para>This option only takes effect when the <link linkend="SECURITY"><parameter>security</parameter></link> option is set to <constant>server</constant> or <constant>domain</constant>. @@ -1252,9 +1249,10 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="ANNOUNCEAS"/>announce as (G)</term> - <listitem><para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse + <term><anchor id="ANNOUNCEAS">announce as (G)</term> + <listitem><para>This specifies what type of server + <ulink url="nmbd.8.html"><command>nmbd</command></ulink> + will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, @@ -1273,7 +1271,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="ANNOUNCEVERSION"/>announce version (G)</term> + <term><anchor id="ANNOUNCEVERSION">announce version (G)</term> <listitem><para>This specifies the major and minor version numbers that nmbd will use when announcing itself as a server. The default is 4.9. Do not change this parameter unless you have a specific @@ -1288,7 +1286,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="AUTOSERVICES"/>auto services (G)</term> + <term><anchor id="AUTOSERVICES">auto services (G)</term> <listitem><para>This is a synonym for the <link linkend="PRELOAD"> <parameter>preload</parameter></link>.</para> </listitem> @@ -1297,7 +1295,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="AUTHMETHODS"/>auth methods (G)</term> + <term><anchor id="AUTHMETHODS">auth methods (G)</term> <listitem><para>This option allows the administrator to chose what authentication methods <command>smbd</command> will use when authenticating a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter> @@ -1315,7 +1313,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="AVAILABLE"/>available (S)</term> + <term><anchor id="AVAILABLE">available (S)</term> <listitem><para>This parameter lets you "turn off" a service. If <parameter>available = no</parameter>, then <emphasis>ALL</emphasis> attempts to connect to the service will fail. Such failures are @@ -1329,12 +1327,12 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="BINDINTERFACESONLY"/>bind interfaces only (G)</term> + <term><anchor id="BINDINTERFACESONLY">bind interfaces only (G)</term> <listitem><para>This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. It - affects file service <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and name service <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> in a slightly different ways.</para> + affects file service <ulink url="smbd.8.html">smbd(8)</ulink> and + name service <ulink url="nmbd.8.html">nmbd(8)</ulink> in slightly + different ways.</para> <para>For name service it causes <command>nmbd</command> to bind to ports 137 and 138 on the interfaces listed in the <link @@ -1354,9 +1352,8 @@ alias|alias|alias|alias... does defeat this simple check, however, so it must not be used seriously as a security feature for <command>nmbd</command>.</para> - <para>For file service it causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to bind only to the interface list - given in the <link linkend="INTERFACES"> + <para>For file service it causes <ulink url="smbd.8.html">smbd(8)</ulink> + to bind only to the interface list given in the <link linkend="INTERFACES"> interfaces</link> parameter. This restricts the networks that <command>smbd</command> will serve to packets coming in those interfaces. Note that you should not use this parameter for machines @@ -1365,9 +1362,10 @@ alias|alias|alias|alias... <para>If <parameter>bind interfaces only</parameter> is set then unless the network address <emphasis>127.0.0.1</emphasis> is added - to the <parameter>interfaces</parameter> parameter list <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> may not work as expected due to the reasons covered below.</para> + to the <parameter>interfaces</parameter> parameter list <ulink + url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> + and <ulink url="swat.8.html"><command>swat(8)</command></ulink> may + not work as expected due to the reasons covered below.</para> <para>To change a users SMB password, the <command>smbpasswd</command> by default connects to the <emphasis>localhost - 127.0.0.1</emphasis> @@ -1377,9 +1375,9 @@ alias|alias|alias|alias... <parameter>interfaces</parameter> parameter list then <command> smbpasswd</command> will fail to connect in it's default mode. <command>smbpasswd</command> can be forced to use the primary IP interface - of the local host by using its <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <parameter>-r <replaceable>remote machine</replaceable></parameter> - parameter, with <replaceable>remote machine</replaceable> set + of the local host by using its <ulink url="smbpasswd.8.html#minusr"> + <parameter>-r <replaceable>remote machine</replaceable></parameter> + </ulink> parameter, with <replaceable>remote machine</replaceable> set to the IP name of the primary interface of the local host.</para> <para>The <command>swat</command> status page tries to connect with @@ -1399,10 +1397,9 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="BLOCKINGLOCKS"/>blocking locks (S)</term> - <listitem><para>This parameter controls the behavior - of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when given a request by a client + <term><anchor id="BLOCKINGLOCKS">blocking locks (S)</term> + <listitem><para>This parameter controls the behavior of <ulink + url="smbd.8.html">smbd(8)</ulink> when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it.</para> @@ -1422,9 +1419,9 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="BLOCKSIZE"/>block size (S)</term> - <listitem><para>This parameter controls the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when reporting disk free + <term><anchor id="BLOCKSIZE">block size (S)</term> + <listitem><para>This parameter controls the behavior of + <ulink url="smbd.8.html">smbd(8)</ulink> when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes. </para> @@ -1438,19 +1435,27 @@ alias|alias|alias|alias... <para>Changing this option does not change the disk free reporting size, just the block size unit reported to the client.</para> - </listitem> - </varlistentry> + + <para>Default: <command>block size = 1024</command></para> + <para>Example: <command>block size = 65536</command></para> + + </listitem> + </varlistentry> + + <varlistentry> - <term><anchor id="BROWSABLE"/>browsable (S)</term> + <term><anchor id="BROWSABLE">browsable (S)</term> <listitem><para>See the <link linkend="BROWSEABLE"><parameter> browseable</parameter></link>.</para></listitem> </varlistentry> + + <varlistentry> - <term><anchor id="BROWSELIST"/>browse list (G)</term> - <listitem><para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will serve a browse list to + <term><anchor id="BROWSELIST">browse list (G)</term> + <listitem><para>This controls whether <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> will serve a browse list to a client doing a <command>NetServerEnum</command> call. Normally set to <constant>yes</constant>. You should never need to change this.</para> @@ -1461,7 +1466,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="BROWSEABLE"/>browseable (S)</term> + <term><anchor id="BROWSEABLE">browseable (S)</term> <listitem><para>This controls whether this share is seen in the list of available shares in a net view and in the browse list.</para> @@ -1472,7 +1477,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CASESENSITIVE"/>case sensitive (S)</term> + <term><anchor id="CASESENSITIVE">case sensitive (S)</term> <listitem><para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> @@ -1483,7 +1488,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CASESIGNAMES"/>casesignames (S)</term> + <term><anchor id="CASESIGNAMES">casesignames (S)</term> <listitem><para>Synonym for <link linkend="CASESENSITIVE">case sensitive</link>.</para></listitem> </varlistentry> @@ -1491,12 +1496,12 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CHANGENOTIFYTIMEOUT"/>change notify timeout (G)</term> + <term><anchor id="CHANGENOTIFYTIMEOUT">change notify timeout (G)</term> <listitem><para>This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of - a directory is expensive under UNIX, hence an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon only performs such a scan + a directory is expensive under UNIX, hence an <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> daemon only performs such a scan on each requested directory once every <parameter>change notify timeout</parameter> seconds.</para> @@ -1509,7 +1514,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CHANGESHARECOMMAND"/>change share command (G)</term> + <term><anchor id="CHANGESHARECOMMAND">change share command (G)</term> <listitem><para>Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The <parameter>change share command</parameter> is used to define an @@ -1559,8 +1564,12 @@ alias|alias|alias|alias... </listitem> </varlistentry> + + + + <varlistentry> - <term><anchor id="COMMENT"/>comment (S)</term> + <term><anchor id="COMMENT">comment (S)</term> <listitem><para>This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via <command>net view</command> to list what shares @@ -1577,7 +1586,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CONFIGFILE"/>config file (G)</term> + <term><anchor id="CONFIGFILE">config file (G)</term> <listitem><para>This allows you to override the config file to use, instead of the default (usually <filename>smb.conf</filename>). There is a chicken and egg problem here as this option is set @@ -1601,7 +1610,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="COPY"/>copy (S)</term> + <term><anchor id="COPY">copy (S)</term> <listitem><para>This parameter allows you to "clone" service entries. The specified service is simply duplicated under the current service's name. Any parameters specified in the current @@ -1619,7 +1628,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CREATEMASK"/>create mask (S)</term> + <term><anchor id="CREATEMASK">create mask (S)</term> <listitem><para>A synonym for this parameter is <link linkend="CREATEMODE"><parameter>create mode</parameter> </link>.</para> @@ -1663,14 +1672,14 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="CREATEMODE"/>create mode (S)</term> + <term><anchor id="CREATEMODE">create mode (S)</term> <listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter> create mask</parameter></link>.</para></listitem> </varlistentry> <varlistentry> - <term><anchor id="CSCPOLICY"/>csc policy (S)</term> + <term><anchor id="CSCPOLICY">csc policy (S)</term> <listitem><para>This stands for <emphasis>client-side caching policy</emphasis>, and specifies how clients capable of offline caching will cache the files in the share. The valid values @@ -1689,7 +1698,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="DEADTIME"/>deadtime (G)</term> + <term><anchor id="DEADTIME">deadtime (G)</term> <listitem><para>The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected. The deadtime only takes @@ -1715,7 +1724,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGHIRESTIMESTAMP"/>debug hires timestamp (G)</term> + <term><anchor id="DEBUGHIRESTIMESTAMP">debug hires timestamp (G)</term> <listitem><para>Sometimes the timestamps in the log messages are needed with a resolution of higher that seconds, this boolean parameter adds microsecond resolution to the timestamp @@ -1732,7 +1741,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGPID"/>debug pid (G)</term> + <term><anchor id="DEBUGPID">debug pid (G)</term> <listitem><para>When using only one log file for more then one forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id @@ -1747,7 +1756,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGTIMESTAMP"/>debug timestamp (G)</term> + <term><anchor id="DEBUGTIMESTAMP">debug timestamp (G)</term> <listitem><para>Samba debug log messages are timestamped by default. If you are running at a high <link linkend="DEBUGLEVEL"> <parameter>debug level</parameter></link> these timestamps @@ -1760,7 +1769,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGUID"/>debug uid (G)</term> + <term><anchor id="DEBUGUID">debug uid (G)</term> <listitem><para>Samba is sometimes run as root and sometime run as the connected user, this boolean parameter inserts the current euid, egid, uid and gid to the timestamp message headers @@ -1776,7 +1785,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEBUGLEVEL"/>debuglevel (G)</term> + <term><anchor id="DEBUGLEVEL">debuglevel (G)</term> <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter> log level</parameter></link>.</para> </listitem> @@ -1785,7 +1794,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULT"/>default (G)</term> + <term><anchor id="DEFAULT">default (G)</term> <listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter> default service</parameter></link>.</para></listitem> </varlistentry> @@ -1793,7 +1802,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULTCASE"/>default case (S)</term> + <term><anchor id="DEFAULTCASE">default case (S)</term> <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> <parameter>short preserve case</parameter></link> parameter.</para> @@ -1805,7 +1814,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULTDEVMODE"/>default devmode (S)</term> + <term><anchor id="DEFAULTDEVMODE">default devmode (S)</term> <listitem><para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba @@ -1843,7 +1852,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DEFAULTSERVICE"/>default service (G)</term> + <term><anchor id="DEFAULTSERVICE">default service (G)</term> <listitem><para>This parameter specifies the name of a service which will be connected to if the service actually requested cannot be found. Note that the square brackets are <emphasis>NOT</emphasis> @@ -1869,27 +1878,24 @@ alias|alias|alias|alias... <para>Example:</para> -<para><programlisting> + <para><programlisting> [global] default service = pub [pub] path = /%S -</programlisting></para> + </programlisting></para> </listitem> </varlistentry> - <varlistentry><term><anchor id="DELETEGROUPSCRIPT"/>delete group script (G)</term> + <varlistentry><term><anchor id="DELETEGROUPSCRIPT">delete group script (G)</term> <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. - It will expand any <parameter>%g</parameter> to the group name passed. - This script is only useful for installations using the Windows NT domain administration tools. + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html">smbd(8)</ulink> when a group is requested to be deleted. It will expand any <parameter>%g</parameter> to the group name passed. This script is only useful for installations using the Windows NT domain administration tools. </para></listitem> </varlistentry> <varlistentry> - <term><anchor id="DELETEPRINTERCOMMAND"/>deleteprinter command (G)</term> + <term><anchor id="DELETEPRINTERCOMMAND">deleteprinter command (G)</term> <listitem><para>With the introduction of MS-RPC based printer support for Windows NT/2000 clients in Samba 2.2, it is now possible to delete printer at run time by issuing the @@ -1915,7 +1921,7 @@ alias|alias|alias|alias... <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter> addprinter command</parameter></link>, <link - linkend="PRINTING"><parameter>printing</parameter></link>, + linkend="printing"><parameter>printing</parameter></link>, <link linkend="SHOWADDPRINTERWIZARD"><parameter>show add printer wizard</parameter></link></para> @@ -1931,7 +1937,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DELETEREADONLY"/>delete readonly (S)</term> + <term><anchor id="DELETEREADONLY">delete readonly (S)</term> <listitem><para>This parameter allows readonly files to be deleted. This is not normal DOS semantics, but is allowed by UNIX.</para> @@ -1945,7 +1951,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DELETESHARECOMMAND"/>delete share command (G)</term> + <term><anchor id="DELETESHARECOMMAND">delete share command (G)</term> <listitem><para>Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server Manager. The <parameter>delete share command</parameter> is used to define an @@ -1993,11 +1999,10 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DELETEUSERSCRIPT"/>delete user script (G)</term> + <term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term> <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when managing users - with remote RPC (NT) tools. + be run by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + when managing user's with remote RPC (NT) tools. </para> <para>This script is called when a remote client removes a user @@ -2015,13 +2020,13 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="DELETEUSERFROMGROUPSCRIPT"/>delete user from group script (G)</term> + <term><anchor id="DELETEUSERFROMGROUPSCRIPT">delete user from group script (G)</term> <listitem><para>Full path to the script that will be called when a user is removed from a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter>%g</parameter> will be replaced with the group name and - any <parameter>%u</parameter> will be replaced with the user name. + tools. It will be run by <ulink url="smbd.8.html">smbd(8)</ulink> + <emphasis>AS ROOT</emphasis>. Any <parameter>%g</parameter> will be + replaced with the group name and any <parameter>%u</parameter> will + be replaced with the user name. </para> <para>Default: <command>delete user from group script = </command></para> @@ -2032,7 +2037,7 @@ alias|alias|alias|alias... </varlistentry> <varlistentry> - <term><anchor id="DELETEVETOFILES"/>delete veto files (S)</term> + <term><anchor id="DELETEVETOFILES">delete veto files (S)</term> <listitem><para>This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the <link linkend="VETOFILES"><parameter>veto files</parameter></link> @@ -2061,7 +2066,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DENYHOSTS"/>deny hosts (S)</term> + <term><anchor id="DENYHOSTS">deny hosts (S)</term> <listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter>hosts deny</parameter></link>.</para></listitem> </varlistentry> @@ -2070,7 +2075,7 @@ alias|alias|alias|alias... <varlistentry> - <term><anchor id="DFREECOMMAND"/>dfree command (G)</term> + <term><anchor id="DFREECOMMAND">dfree command (G)</term> <listitem><para>The <parameter>dfree command</parameter> setting should only be used on systems where a problem occurs with the internal disk space calculations. This has been known to happen with Ultrix, @@ -2103,17 +2108,17 @@ alias|alias|alias|alias... <para>Where the script dfree (which must be made executable) could be:</para> -<para><programlisting> -#!/bin/sh -df $1 | tail -1 | awk '{print $2" "$4}' -</programlisting></para> + <para><programlisting> + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' + </programlisting></para> <para>or perhaps (on Sys V based systems):</para> -<para><programlisting> -#!/bin/sh -/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -</programlisting></para> + <para><programlisting> + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + </programlisting></para> <para>Note that you may have to replace the command names with full path names on some systems.</para> @@ -2124,7 +2129,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORY"/>directory (S)</term> + <term><anchor id="DIRECTORY">directory (S)</term> <listitem><para>Synonym for <link linkend="PATH"><parameter>path </parameter></link>.</para></listitem> </varlistentry> @@ -2132,7 +2137,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORYMASK"/>directory mask (S)</term> + <term><anchor id="DIRECTORYMASK">directory mask (S)</term> <listitem><para>This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories.</para> @@ -2180,7 +2185,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORYMODE"/>directory mode (S)</term> + <term><anchor id="DIRECTORYMODE">directory mode (S)</term> <listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter> directory mask</parameter></link></para></listitem> </varlistentry> @@ -2188,7 +2193,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DIRECTORYSECURITYMASK"/>directory security mask (S)</term> + <term><anchor id="DIRECTORYSECURITYMASK">directory security mask (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog @@ -2223,7 +2228,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DISABLENETBIOS"/>disable netbios (G)</term> + <term><anchor id="DISABLENETBIOS">disable netbios (G)</term> <listitem><para>Enabling this parameter will disable netbios support in Samba. Netbios is the only available form of browsing in all windows versions except for 2000 and XP. </para> @@ -2238,7 +2243,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="DISABLESPOOLSS"/>disable spoolss (G)</term> + <term><anchor id="DISABLESPOOLSS">disable spoolss (G)</term> <listitem><para>Enabling this parameter will disable Samba's support for the SPOOLSS set of MS-RPC's and will yield identical behavior as Samba 2.0.x. Windows NT/2000 clients will downgrade to using @@ -2259,7 +2264,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="DISPLAYCHARSET"/>display charset (G)</term> + <term><anchor id="DISPLAYCHARSET">display charset (G)</term> <listitem><para>Specifies the charset that samba will use to print messages to stdout and stderr and SWAT will use. Should generally be the same as the <command>unix charset</command>. @@ -2274,12 +2279,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DNSPROXY"/>dns proxy (G)</term> - <listitem><para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and - finding that a NetBIOS name has not been registered, should treat the - NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server - for that name on behalf of the name-querying client.</para> + <term><anchor id="DNSPROXY">dns proxy (G)</term> + <listitem><para>Specifies that <ulink url="nmbd.8.html">nmbd(8)</ulink> + when acting as a WINS server and finding that a NetBIOS name has not + been registered, should treat the NetBIOS name word-for-word as a DNS + name and do a lookup with the DNS server for that name on behalf of + the name-querying client.</para> <para>Note that the maximum length for a NetBIOS name is 15 characters, so the DNS name (or DNS alias) can likewise only be @@ -2297,7 +2302,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOMAINLOGONS"/>domain logons (G)</term> + <term><anchor id="DOMAINLOGONS">domain logons (G)</term> <listitem><para>If set to <constant>yes</constant>, the Samba server will serve Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> <parameter>workgroup</parameter></link> it is in. Samba 2.2 @@ -2312,20 +2317,20 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOMAINMASTER"/>domain master (G)</term> - <listitem><para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list + <term><anchor id="DOMAINMASTER">domain master (G)</term> + <listitem><para>Tell <ulink url="nmbd.8.html"><command> + nmbd(8)</command></ulink> to enable WAN-wide browse list collation. Setting this option causes <command>nmbd</command> to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given <link linkend="WORKGROUP"> <parameter>workgroup</parameter></link>. Local master browsers in the same <parameter>workgroup</parameter> on broadcast-isolated subnets will give this <command>nmbd</command> their local browse lists, - and then ask <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse - list for the whole wide area network. Browser clients will then contact - their local master browser, and will receive the domain-wide browse list, - instead of just the list for their broadcast-isolated subnet.</para> + and then ask <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + for a complete copy of the browse list for the whole wide area + network. Browser clients will then contact their local master browser, + and will receive the domain-wide browse list, instead of just the list + for their broadcast-isolated subnet.</para> <para>Note that Windows NT Primary Domain Controllers expect to be able to claim this <parameter>workgroup</parameter> specific special @@ -2350,7 +2355,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DONTDESCEND"/>dont descend (S)</term> + <term><anchor id="DONTDESCEND">dont descend (S)</term> <listitem><para>There are certain directories on some systems (e.g., the <filename>/proc</filename> tree under Linux) that are either not of interest to clients or are infinitely deep (recursive). This @@ -2369,22 +2374,22 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="DOSCHARSET"/>dos charset (G)</term> + <term><anchor id="DOSCHARSET">dos charset (G)</term> <listitem><para>DOS SMB clients assume the server has the same charset as they do. This option specifies which charset Samba should talk to DOS clients. </para> - <para>The default depends on which charsets you have installed. + <para>The default depends on which charsets you have instaled. Samba tries to use charset 850 but falls back to ASCII in - case it is not available. Run <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> to check the default on your system. + case it is not available. Run <ulink url="testparm.1.html">testparm(1) + </ulink> to check the default on your system. </para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="DOSFILEMODE"/>dos filemode (S)</term> + <term><anchor id="DOSFILEMODE">dos filemode (S)</term> <listitem><para> The default behavior in Samba is to provide UNIX-like behavior where only the owner of a file/directory is able to change the permissions on it. However, this behavior @@ -2403,13 +2408,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOSFILETIMERESOLUTION"/>dos filetime resolution (S)</term> + <term><anchor id="DOSFILETIMERESOLUTION">dos filetime resolution (S)</term> <listitem><para>Under the DOS and Windows FAT filesystem, the finest granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second - resolution is made to <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + resolution is made to <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink>.</para> <para>This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. If oplocks are enabled on a @@ -2429,15 +2434,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="DOSFILETIMES"/>dos filetimes (S)</term> + <term><anchor id="DOSFILETIMES">dos filetimes (S)</term> <listitem><para>Under DOS and Windows, if a user can write to a file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user <command>smbd</command> is acting on behalf of is not the file owner. Setting this option to <constant> - yes</constant> allows DOS semantics and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will change the file + yes</constant> allows DOS semantics and <ulink url="smbd.8.html">smbd</ulink> will change the file timestamp as DOS requires.</para> <para>Default: <command>dos filetimes = no</command></para></listitem> @@ -2446,7 +2450,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ENCRYPTPASSWORDS"/>encrypt passwords (G)</term> + <term><anchor id="ENCRYPTPASSWORDS">encrypt passwords (G)</term> <listitem><para>This boolean controls whether encrypted passwords will be negotiated with the client. Note that Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords @@ -2455,11 +2459,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' directory <filename>docs/</filename> shipped with the source code.</para> <para>In order for encrypted passwords to work correctly - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must either - have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program for information on how to set up + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> must either + have access to a local <ulink url="smbpasswd.5.html"><filename>smbpasswd(5) + </filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command> + smbpasswd(8)</command></ulink> program for information on how to set up and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which causes <command>smbd</command> to authenticate against another @@ -2470,7 +2473,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ENHANCEDBROWSING"/>enhanced browsing (G)</term> + <term><anchor id="ENHANCEDBROWSING">enhanced browsing (G)</term> <listitem><para>This option enables a couple of enhancements to cross-subnet browse propagation that have been added in Samba but which are not standard in Microsoft implementations. @@ -2496,7 +2499,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ENUMPORTSCOMMAND"/>enumports command (G)</term> + <term><anchor id="ENUMPORTSCOMMAND">enumports command (G)</term> <listitem><para>The concept of a "port" is fairly foreign to UNIX hosts. Under Windows NT/2000 print servers, a port is associated with a port monitor and generally takes the form of @@ -2519,7 +2522,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="EXEC"/>exec (S)</term> + <term><anchor id="EXEC">exec (S)</term> <listitem><para>This is a synonym for <link linkend="PREEXEC"> <parameter>preexec</parameter></link>.</para></listitem> </varlistentry> @@ -2527,7 +2530,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FAKEDIRECTORYCREATETIMES"/>fake directory create times (S)</term> + <term><anchor id="FAKEDIRECTORYCREATETIMES">fake directory create times (S)</term> <listitem><para>NTFS and Windows VFAT file systems keep a create time for all files and directories. This is not the same as the ctime - status change time - that Unix keeps, so Samba by default @@ -2561,7 +2564,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FAKEOPLOCKS"/>fake oplocks (S)</term> + <term><anchor id="FAKEOPLOCKS">fake oplocks (S)</term> <listitem><para>Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an oplock (opportunistic lock) then the client is free to assume @@ -2593,11 +2596,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FOLLOWSYMLINKS"/>follow symlinks (S)</term> + <term><anchor id="FOLLOWSYMLINKS">follow symlinks (S)</term> <listitem><para>This parameter allows the Samba administrator - to stop <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> from following symbolic - links in a particular share. Setting this + to stop <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + from following symbolic links in a particular share. Setting this parameter to <constant>no</constant> prevents any file or directory that is a symbolic link from being followed (the user will get an error). This option is very useful to stop users from adding a @@ -2614,7 +2616,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCECREATEMODE"/>force create mode (S)</term> + <term><anchor id="FORCECREATEMODE">force create mode (S)</term> <listitem><para>This parameter specifies a set of UNIX mode bit permissions that will <emphasis>always</emphasis> be set on a file created by Samba. This is done by bitwise 'OR'ing these bits onto @@ -2642,7 +2644,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEDIRECTORYMODE"/>force directory mode (S)</term> + <term><anchor id="FORCEDIRECTORYMODE">force directory mode (S)</term> <listitem><para>This parameter specifies a set of UNIX mode bit permissions that will <emphasis>always</emphasis> be set on a directory created by Samba. This is done by bitwise 'OR'ing these bits onto the @@ -2671,7 +2673,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEDIRECTORYSECURITYMODE"/>force directory security mode (S)</term> + <term><anchor id="FORCEDIRECTORYSECURITYMODE">force directory security mode (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box.</para> @@ -2707,7 +2709,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEGROUP"/>force group (S)</term> + <term><anchor id="FORCEGROUP">force group (S)</term> <listitem><para>This specifies a UNIX group name that will be assigned as the default primary group for all users connecting to this service. This is useful for sharing files by ensuring @@ -2743,7 +2745,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term> + <term><anchor id="FORCESECURITYMODE">force security mode (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog @@ -2781,7 +2783,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FORCEUSER"/>force user (S)</term> + <term><anchor id="FORCEUSER">force user (S)</term> <listitem><para>This specifies a UNIX user name that will be assigned as the default user for all users connecting to this service. This is useful for sharing files. You should also use it carefully @@ -2809,11 +2811,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="FSTYPE"/>fstype (S)</term> + <term><anchor id="FSTYPE">fstype (S)</term> <listitem><para>This parameter allows the administrator to configure the string that specifies the type of filesystem a share - is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a client queries the filesystem type + is using that is reported by <ulink url="smbd.8.html"><command>smbd(8) + </command></ulink> when a client queries the filesystem type for a share. The default type is <constant>NTFS</constant> for compatibility with Windows NT but this can be changed to other strings such as <constant>Samba</constant> or <constant>FAT @@ -2826,7 +2828,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GETWDCACHE"/>getwd cache (G)</term> + <term><anchor id="GETWDCACHE">getwd cache (G)</term> <listitem><para>This is a tuning option. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially @@ -2840,7 +2842,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GROUP"/>group (S)</term> + <term><anchor id="GROUP">group (S)</term> <listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter>force group</parameter></link>.</para></listitem> </varlistentry> @@ -2848,7 +2850,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GUESTACCOUNT"/>guest account (S)</term> + <term><anchor id="GUESTACCOUNT">guest account (S)</term> <listitem><para>This is a username which will be used for access to services which are specified as <link linkend="GUESTOK"><parameter> guest ok</parameter></link> (see below). Whatever privileges this @@ -2878,16 +2880,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GUESTOK"/>guest ok (S)</term> + <term><anchor id="GUESTOK">guest ok (S)</term> <listitem><para>If this parameter is <constant>yes</constant> for a service, then no password is required to connect to the service. Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter> guest account</parameter></link>.</para> - <para>This paramater nullifies the benifits of setting - <link linkend="RESTRICTANONYMOUS"><parameter>restrict - anonymous</parameter></link> = 2</para> - <para>See the section below on <link linkend="SECURITY"><parameter> security</parameter></link> for more information about this option. </para> @@ -2898,7 +2896,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="GUESTONLY"/>guest only (S)</term> + <term><anchor id="GUESTONLY">guest only (S)</term> <listitem><para>If this parameter is <constant>yes</constant> for a service, then only guest connections to the service are permitted. This parameter will have no effect if <link linkend="GUESTOK"> @@ -2914,7 +2912,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDEDOTFILES"/>hide dot files (S)</term> + <term><anchor id="HIDEDOTFILES">hide dot files (S)</term> <listitem><para>This is a boolean parameter that controls whether files starting with a dot appear as hidden files.</para> @@ -2924,7 +2922,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDEFILES"/>hide files(S)</term> + <term><anchor id="HIDEFILES">hide files(S)</term> <listitem><para>This is a list of files or directories that are not visible but are accessible. The DOS 'hidden' attribute is applied to any files or directories that match.</para> @@ -2962,7 +2960,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDELOCALUSERS"/>hide local users(G)</term> + <term><anchor id="HIDELOCALUSERS">hide local users(G)</term> <listitem><para>This parameter toggles the hiding of local UNIX users (root, wheel, floppy, etc) from remote clients.</para> @@ -2972,7 +2970,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HIDEUNREADABLE"/>hide unreadable (G)</term> + <term><anchor id="HIDEUNREADABLE">hide unreadable (G)</term> <listitem><para>This parameter prevents clients from seeing the existance of files that cannot be read. Defaults to off.</para> @@ -2981,7 +2979,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HIDEUNWRITEABLEFILES"/>hide unwriteable files (G)</term> + <term><anchor id="HIDEUNWRITEABLEFILES">hide unwriteable files (G)</term> <listitem><para>This parameter prevents clients from seeing the existance of files that cannot be written to. Defaults to off. Note that unwriteable directories are shown as usual. @@ -2992,7 +2990,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HIDESPECIALFILES"/>hide special files (G)</term> + <term><anchor id="HIDESPECIALFILES">hide special files (G)</term> <listitem><para>This parameter prevents clients from seeing special files such as sockets, devices and fifo's in directory listings. @@ -3003,10 +3001,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HOMEDIRMAP"/>homedir map (G)</term> + <term><anchor id="HOMEDIRMAP">homedir map (G)</term> <listitem><para>If<link linkend="NISHOMEDIR"><parameter>nis homedir - </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> is also acting + </parameter></link> is <constant>yes</constant>, and <ulink + url="smbd.8.html"><command>smbd(8)</command></ulink> is also acting as a Win95/98 <parameter>logon server</parameter> then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun @@ -3019,8 +3017,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' that copes with different map formats and also Amd (another automounter) maps.</para> - <note><para>A working NIS client is required on - the system for this option to work.</para></note> + <para><emphasis>NOTE :</emphasis>A working NIS client is required on + the system for this option to work.</para> <para>See also <link linkend="NISHOMEDIR"><parameter>nis homedir</parameter> </link>, <link linkend="DOMAINLOGONS"><parameter>domain logons</parameter> @@ -3036,7 +3034,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTMSDFS"/>host msdfs (G)</term> + <term><anchor id="HOSTMSDFS">host msdfs (G)</term> <listitem><para>This boolean parameter is only available if Samba has been configured and compiled with the <command> --with-msdfs</command> option. If set to <constant>yes</constant>, @@ -3054,7 +3052,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="HOSTNAMELOOKUPS"/>hostname lookups (G)</term> + <term><anchor id="HOSTNAMELOOKUPS">hostname lookups (G)</term> <listitem><para>Specifies whether samba should use (expensive) hostname lookups or use the ip addresses instead. An example place where hostname lookups are currently used is when checking @@ -3070,7 +3068,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTSALLOW"/>hosts allow (S)</term> + <term><anchor id="HOSTSALLOW">hosts allow (S)</term> <listitem><para>A synonym for this parameter is <parameter>allow hosts</parameter>.</para> @@ -3119,9 +3117,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>Note that access still requires suitable user-level passwords.</para> - <para>See <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> for a way of testing your host access - to see if it does what you expect.</para> + <para>See <ulink url="testparm.1.html"><command>testparm(1)</command> + </ulink> for a way of testing your host access to see if it does + what you expect.</para> <para>Default: <emphasis>none (i.e., all hosts permitted access) </emphasis></para> @@ -3134,7 +3132,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTSDENY"/>hosts deny (S)</term> + <term><anchor id="HOSTSDENY">hosts deny (S)</term> <listitem><para>The opposite of <parameter>hosts allow</parameter> - hosts listed here are <emphasis>NOT</emphasis> permitted access to services unless the specific services have their own lists to override @@ -3151,7 +3149,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term> + <term><anchor id="HOSTSEQUIV">hosts equiv (G)</term> <listitem><para>If this global parameter is a non-null string, it specifies the name of a file to read for the names of hosts and users who will be allowed access without specifying a password. @@ -3163,14 +3161,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' hosts equiv</parameter> may be useful for NT clients which will not supply passwords to Samba.</para> - <note><para>The use of <parameter>hosts equiv + <para><emphasis>NOTE :</emphasis> The use of <parameter>hosts equiv </parameter> can be a major security hole. This is because you are trusting the PC to supply the correct username. It is very easy to get a PC to supply a false username. I recommend that the <parameter>hosts equiv</parameter> option be only used if you really know what you are doing, or perhaps on a home network where you trust your spouse and kids. And only if you <emphasis>really</emphasis> trust - them :-).</para></note> + them :-).</para> <para>Default: <emphasis>no host equivalences</emphasis></para> <para>Example: <command>hosts equiv = /etc/hosts.equiv</command></para> @@ -3180,7 +3178,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INCLUDE"/>include (G)</term> + <term><anchor id="INCLUDE">include (G)</term> <listitem><para>This allows you to include one config file inside another. The file is included literally, as though typed in place.</para> @@ -3197,7 +3195,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INHERITACLS"/>inherit acls (S)</term> + <term><anchor id="INHERITACLS">inherit acls (S)</term> <listitem><para>This parameter can be used to ensure that if default acls exist on parent directories, they are always honored when creating a subdirectory. @@ -3215,7 +3213,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INHERITPERMISSIONS"/>inherit permissions (S)</term> + <term><anchor id="INHERITPERMISSIONS">inherit permissions (S)</term> <listitem><para>The permissions on new files and directories are normally governed by <link linkend="CREATEMASK"><parameter> create mask</parameter></link>, <link linkend="DIRECTORYMASK"> @@ -3256,7 +3254,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INTERFACES"/>interfaces (G)</term> + <term><anchor id="INTERFACES">interfaces (G)</term> <listitem><para>This option allows you to override the default network interfaces list that Samba will use for browsing, name registration and other NBT traffic. By default Samba will query @@ -3308,7 +3306,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="INVALIDUSERS"/>invalid users (S)</term> + <term><anchor id="INVALIDUSERS">invalid users (S)</term> <listitem><para>This is a list of users that should not be allowed to login to this service. This is really a <emphasis>paranoid</emphasis> check to absolutely ensure an improper setting does not breach @@ -3320,12 +3318,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with - '&' is interpreted only by looking in the NIS netgroup database + '&' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters - '+' and '&' may be used at the start of the name in either order + '+' and '&' may be used at the start of the name in either order so the value <parameter>+&group</parameter> means check the UNIX group database, followed by the NIS netgroup database, and - the value <parameter>&+group</parameter> means check the NIS + the value <parameter>&+group</parameter> means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix).</para> @@ -3344,7 +3342,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="KEEPALIVE"/>keepalive (G)</term> + <term><anchor id="KEEPALIVE">keepalive (G)</term> <listitem><para>The value of the parameter (an integer) represents the number of seconds between <parameter>keepalive</parameter> packets. If this parameter is zero, no keepalive packets will be @@ -3364,7 +3362,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="KERNELOPLOCKS"/>kernel oplocks (G)</term> + <term><anchor id="KERNELOPLOCKS">kernel oplocks (G)</term> <listitem><para>For UNIXes that support kernel based <link linkend="OPLOCKS"><parameter>oplocks</parameter></link> (currently only IRIX and the Linux 2.4 kernel), this parameter @@ -3372,10 +3370,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>Kernel oplocks support allows Samba <parameter>oplocks </parameter> to be broken whenever a local UNIX process or NFS operation - accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete - data consistency between SMB/CIFS, NFS and local file access (and is - a <emphasis>very</emphasis> cool feature :-).</para> + accesses a file that <ulink url="smbd.8.html"><command>smbd(8)</command> + </ulink> has oplocked. This allows complete data consistency between + SMB/CIFS, NFS and local file access (and is a <emphasis>very</emphasis> + cool feature :-).</para> <para>This parameter defaults to <constant>on</constant>, but is translated to a no-op on systems that no not have the necessary kernel support. @@ -3393,12 +3391,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LANMANAUTH"/>lanman auth (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users - using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> + <term><anchor id="LANMANAUTH">lanman auth (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will + attempt to authenticate users using the LANMAN password hash. + If disabled, only clients which support NT password hashes (e.g. Windows + NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS + network client) will be able to connect to the Samba host.</para> <para>Default : <command>lanman auth = yes</command></para> </listitem> @@ -3409,10 +3407,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LARGEREADWRITE"/>large readwrite (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> supports the new 64k streaming - read and write varient SMB requests introduced + <term><anchor id="LARGEREADWRITE">large readwrite (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> + supports the new 64k streaming read and write varient SMB requests introduced with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with @@ -3427,15 +3424,15 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term> - <listitem><para> The <parameter>ldap admin dn</parameter> defines the Distinguished + <term><anchor id="LDAPADMINDN">ldap admin dn (G)</term> + <listitem><para>The <parameter>ldap admin dn</parameter> defines the Distinguished Name (DN) name used by Samba to contact the ldap server when retreiving user account information. The <parameter>ldap admin dn</parameter> is used in conjunction with the admin dn password stored in the <filename>private/secrets.tdb</filename> file. See the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> man page for more information on how - to accmplish this.</para> + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink> man + page for more information on how to accomplish this. + </para> </listitem> </varlistentry> @@ -3452,7 +3449,17 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPFILTER"/>ldap filter (G)</term> + <term><anchor id="LDAPDELONLYSAMATTR"/>ldap del only sam attr (G)</term> + <listitem><para> Inverted synonym for <link linkend="LDAPDELETEDN"><parameter> + ldap delete dn</parameter></link>. + </para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="LDAPFILTER">ldap filter (G)</term> <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter. The default is to match the login name with the <constant>uid</constant> attribute for all entries matching the <constant>sambaAccount</constant> @@ -3466,7 +3473,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPPORT"/>ldap port (G)</term> + <term><anchor id="LDAPPORT">ldap port (G)</term> <listitem><para>This parameter is only available if Samba has been configure to include the <command>--with-ldapsam</command> option at compile time. @@ -3488,7 +3495,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPSERVER"/>ldap server (G)</term> + <term><anchor id="LDAPSERVER">ldap server (G)</term> <listitem><para>This parameter is only available if Samba has been configure to include the <command>--with-ldapsam</command> option at compile time. @@ -3505,7 +3512,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPSSL"/>ldap ssl (G)</term> + <term><anchor id="LDAPSSL">ldap ssl (G)</term> <listitem><para>This option is used to define whether or not Samba should use SSL when connecting to the ldap server This is <emphasis>NOT</emphasis> related to @@ -3539,7 +3546,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term> + <term><anchor id="LDAPSUFFIX">ldap suffix (G)</term> <listitem> <para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command>ldap user suffix</command> and <command>ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para> @@ -3550,7 +3557,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term> + <term><anchor id="LDAPUSERSUFFIX">ldap user suffix (G)</term> <listitem><para>It specifies where users are added to the tree. </para> @@ -3563,7 +3570,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term> + <term><anchor id="LDAPMACHINESUFFIX">ldap machine suffix (G)</term> <listitem><para>It specifies where machines should be added to the ldap tree. </para> @@ -3575,7 +3582,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term> + <term><anchor id="LDAPPASSWDSYNC">ldap passwd sync (G)</term> <listitem><para>This option is used to define whether or not Samba should sync the LDAP password with the NT and LM hashes for normal accounts (NOT for @@ -3599,7 +3606,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term> + <term><anchor id="LDAPTRUSTIDS">ldap trust ids (G)</term> <listitem><para>Normally, Samba validates each entry in the LDAP server against getpwnam(). This allows LDAP to be used for Samba with the unix system using @@ -3618,7 +3625,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="LEVEL2OPLOCKS"/>level2 oplocks (S)</term> + <term><anchor id="LEVEL2OPLOCKS">level2 oplocks (S)</term> <listitem><para>This parameter controls whether Samba supports level2 (read-only) oplocks on a share.</para> @@ -3662,9 +3669,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LMANNOUNCE"/>lm announce (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce + <term><anchor id="LMANNOUNCE">lm announce (G)</term> + <listitem><para>This parameter determines if <ulink url="nmbd.8.html"> + <command>nmbd(8)</command></ulink> will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, <constant>yes</constant>, <constant>no</constant>, or @@ -3689,7 +3696,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LMINTERVAL"/>lm interval (G)</term> + <term><anchor id="LMINTERVAL">lm interval (G)</term> <listitem><para>If Samba is set to produce Lanman announce broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> <parameter>lm announce</parameter></link> parameter) then this @@ -3709,7 +3716,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOADPRINTERS"/>load printers (G)</term> + <term><anchor id="LOADPRINTERS">load printers (G)</term> <listitem><para>A boolean variable that controls whether all printers in the printcap will be loaded for browsing by default. See the <link linkend="PRINTERSSECT">printers</link> section for @@ -3722,9 +3729,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCALMASTER"/>local master (G)</term> - <listitem><para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser + <term><anchor id="LOCALMASTER">local master (G)</term> + <listitem><para>This option allows <ulink url="nmbd.8.html"><command> + nmbd(8)</command></ulink> to try and become a local master browser on a subnet. If set to <constant>no</constant> then <command> nmbd</command> will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By @@ -3743,7 +3750,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKDIR"/>lock dir (G)</term> + <term><anchor id="LOCKDIR">lock dir (G)</term> <listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter> lock directory</parameter></link>.</para></listitem> </varlistentry> @@ -3751,7 +3758,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKDIRECTORY"/>lock directory (G)</term> + <term><anchor id="LOCKDIRECTORY">lock directory (G)</term> <listitem><para>This option specifies the directory where lock files will be placed. The lock files are used to implement the <link linkend="MAXCONNECTIONS"><parameter>max connections</parameter> @@ -3765,7 +3772,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKSPINCOUNT"/>lock spin count (G)</term> + <term><anchor id="LOCKSPINCOUNT">lock spin count (G)</term> <listitem><para>This parameter controls the number of times that smbd should attempt to gain a byte range lock on the behalf of a client request. Experiments have shown that @@ -3784,7 +3791,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKSPINTIME"/>lock spin time (G)</term> + <term><anchor id="LOCKSPINTIME">lock spin time (G)</term> <listitem><para>The time in microseconds that smbd should pause before attempting to gain a failed lock. See <link linkend="LOCKSPINCOUNT"><parameter>lock spin @@ -3798,7 +3805,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOCKING"/>locking (S)</term> + <term><anchor id="LOCKING">locking (S)</term> <listitem><para>This controls whether or not locking will be performed by the server in response to lock requests from the client.</para> @@ -3826,7 +3833,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGFILE"/>log file (G)</term> + <term><anchor id="LOGFILE">log file (G)</term> <listitem><para>This option allows you to override the name of the Samba log file (also known as the debug file).</para> @@ -3840,7 +3847,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGLEVEL"/>log level (G)</term> + <term><anchor id="LOGLEVEL">log level (G)</term> <listitem><para>The value of the parameter (a astring) allows the debug level (logging level) to be specified in the <filename>smb.conf</filename> file. This parameter has been @@ -3858,7 +3865,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONDRIVE"/>logon drive (G)</term> + <term><anchor id="LOGONDRIVE">logon drive (G)</term> <listitem><para>This parameter specifies the local path to which the home directory will be connected (see <link linkend="LOGONHOME"><parameter>logon home</parameter></link>) @@ -3875,7 +3882,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONHOME"/>logon home (G)</term> + <term><anchor id="LOGONHOME">logon home (G)</term> <listitem><para>This parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. It allows you to do </para> @@ -3917,7 +3924,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONPATH"/>logon path (G)</term> + <term><anchor id="LOGONPATH">logon path (G)</term> <listitem><para>This parameter specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are stored. Contrary to previous versions of these manual pages, it has @@ -3965,7 +3972,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LOGONSCRIPT"/>logon script (G)</term> + <term><anchor id="LOGONSCRIPT">logon script (G)</term> <listitem><para>This parameter specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS @@ -4007,7 +4014,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPPAUSECOMMAND"/>lppause command (S)</term> + <term><anchor id="LPPAUSECOMMAND">lppause command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to stop printing or spooling a specific print job.</para> @@ -4051,7 +4058,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPQCACHETIME"/>lpq cache time (G)</term> + <term><anchor id="LPQCACHETIME">lpq cache time (G)</term> <listitem><para>This controls how long lpq info will be cached for to prevent the <command>lpq</command> command being called too often. A separate cache is kept for each variation of the <command> @@ -4080,7 +4087,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPQCOMMAND"/>lpq command (S)</term> + <term><anchor id="LPQCOMMAND">lpq command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to obtain <command>lpq </command>-style printer status information.</para> @@ -4124,7 +4131,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPRESUMECOMMAND"/>lpresume command (S)</term> + <term><anchor id="LPRESUMECOMMAND">lpresume command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to restart or continue printing or spooling a specific print job.</para> @@ -4164,7 +4171,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="LPRMCOMMAND"/>lprm command (S)</term> + <term><anchor id="LPRMCOMMAND">lprm command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to delete a print job.</para> @@ -4194,7 +4201,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MACHINEPASSWORDTIMEOUT"/>machine password timeout (G)</term> + <term><anchor id="MACHINEPASSWORDTIMEOUT">machine password timeout (G)</term> <listitem><para>If a Samba server is a member of a Windows NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) parameter) then periodically a running <ulink url="smbd.8.html"> @@ -4204,8 +4211,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server.</para> - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> + <para>See also <ulink url="smbpasswd.8.html"><command>smbpasswd(8) + </command></ulink>, and the <link linkend="SECURITYEQUALSDOMAIN"> security = domain</link>) parameter.</para> <para>Default: <command>machine password timeout = 604800</command></para> @@ -4214,7 +4221,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAGICOUTPUT"/>magic output (S)</term> + <term><anchor id="MAGICOUTPUT">magic output (S)</term> <listitem><para>This parameter specifies the name of a file which will contain output created by a magic script (see the <link linkend="MAGICSCRIPT"><parameter>magic script</parameter></link> @@ -4234,7 +4241,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAGICSCRIPT"/>magic script (S)</term> + <term><anchor id="MAGICSCRIPT">magic script (S)</term> <listitem><para>This parameter specifies the name of a file which, if opened, will be executed by the server when the file is closed. This allows a UNIX script to be sent to the Samba host and @@ -4265,7 +4272,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLECASE"/>mangle case (S)</term> + <term><anchor id="MANGLECASE">mangle case (S)</term> <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> NAME MANGLING</link></para> @@ -4275,7 +4282,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLEDMAP"/>mangled map (S)</term> + <term><anchor id="MANGLEDMAP">mangled map (S)</term> <listitem><para>This is for those who want to directly map UNIX file names which cannot be represented on Windows/DOS. The mangling of names is not always what is needed. In particular you may have @@ -4300,7 +4307,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLEDNAMES"/>mangled names (S)</term> + <term><anchor id="MANGLEDNAMES">mangled names (S)</term> <listitem><para>This controls whether non-DOS names under UNIX should be mapped to DOS-compatible names ("mangled") and made visible, or whether non-DOS names should simply be ignored.</para> @@ -4359,7 +4366,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="MANGLINGMETHOD"/>mangling method (G)</term> + <term><anchor id="MANGLINGMETHOD">mangling method (G)</term> <listitem><para> controls the algorithm used for the generating the mangled names. Can take two different values, "hash" and "hash2". "hash" is the default and is the algorithm that has been @@ -4374,7 +4381,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="MANGLEPREFIX"/>mangle prefix (G)</term> + <term><anchor id="MANGLEPREFIX">mangle prefix (G)</term> <listitem><para> controls the number of prefix characters from the original name used when generating the mangled names. A larger value will give a weaker @@ -4386,10 +4393,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="MANGLEDSTACK"/>mangled stack (G)</term> + <term><anchor id="MANGLEDSTACK">mangled stack (G)</term> <listitem><para>This parameter controls the number of mangled names - that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + that should be cached in the Samba server <ulink url="smbd.8.html"> + smbd(8)</ulink>.</para> <para>This stack is a list of recently mangled base names (extensions are only maintained if they are longer than 3 characters @@ -4413,7 +4420,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MANGLINGCHAR"/>mangling char (S)</term> + <term><anchor id="MANGLINGCHAR">mangling char (S)</term> <listitem><para>This controls what character is used as the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~' @@ -4430,7 +4437,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPARCHIVE"/>map archive (S)</term> + <term><anchor id="MAPARCHIVE">map archive (S)</term> <listitem><para>This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit. The DOS archive bit is set when a file has been modified since its last backup. One @@ -4450,7 +4457,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPHIDDEN"/>map hidden (S)</term> + <term><anchor id="MAPHIDDEN">map hidden (S)</term> <listitem><para>This controls whether DOS style hidden files should be mapped to the UNIX world execute bit.</para> @@ -4465,7 +4472,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPSYSTEM"/>map system (S)</term> + <term><anchor id="MAPSYSTEM">map system (S)</term> <listitem><para>This controls whether DOS style system files should be mapped to the UNIX group execute bit.</para> @@ -4480,15 +4487,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAPTOGUEST"/>map to guest (G)</term> + <term><anchor id="MAPTOGUEST">map to guest (G)</term> <listitem><para>This parameter is only useful in <link linkend="SECURITY"> security</link> modes other than <parameter>security = share</parameter> - i.e. <constant>user</constant>, <constant>server</constant>, and <constant>domain</constant>.</para> <para>This parameter can take three different values, which tell - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> what to do with user + <ulink url="smbd.8.html">smbd(8)</ulink> what to do with user login requests that don't match a valid UNIX user in some way.</para> <para>The three settings are :</para> @@ -4536,7 +4542,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXCONNECTIONS"/>max connections (S)</term> + <term><anchor id="MAXCONNECTIONS">max connections (S)</term> <listitem><para>This option allows the number of simultaneous connections to a service to be limited. If <parameter>max connections </parameter> is greater than 0 then connections will be refused if @@ -4556,7 +4562,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXDISKSIZE"/>max disk size (G)</term> + <term><anchor id="MAXDISKSIZE">max disk size (G)</term> <listitem><para>This option allows you to put an upper limit on the apparent size of disks. If you set this option to 100 then all shares will appear to be not larger than 100 MB in @@ -4583,7 +4589,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXLOGSIZE"/>max log size (G)</term> + <term><anchor id="MAXLOGSIZE">max log size (G)</term> <listitem><para>This option (an integer in kilobytes) specifies the max size the log file should grow to. Samba periodically checks the size and if it is exceeded it will rename the file, adding @@ -4599,7 +4605,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXMUX"/>max mux (G)</term> + <term><anchor id="MAXMUX">max mux (G)</term> <listitem><para>This option controls the maximum number of outstanding simultaneous SMB operations that Samba tells the client it will allow. You should never need to set this parameter.</para> @@ -4611,10 +4617,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXOPENFILES"/>max open files (G)</term> + <term><anchor id="MAXOPENFILES">max open files (G)</term> <listitem><para>This parameter limits the maximum number of - open files that one <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> file + open files that one <ulink url="smbd.8.html">smbd(8)</ulink> file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses only one bit per unopened file.</para> @@ -4630,11 +4635,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXPRINTJOBS"/>max print jobs (S)</term> + <term><anchor id="MAXPRINTJOBS">max print jobs (S)</term> <listitem><para>This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will remote "Out of Space" to the client. + If this number is exceeded, <ulink url="smbd.8.html"><command> + smbd(8)</command></ulink> will remote "Out of Space" to the client. See all <link linkend="TOTALPRINTJOBS"><parameter>total print jobs</parameter></link>. </para> @@ -4646,7 +4651,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXPROTOCOL"/>max protocol (G)</term> + <term><anchor id="MAXPROTOCOL">max protocol (G)</term> <listitem><para>The value of the parameter (a string) is the highest protocol level that will be supported by the server.</para> @@ -4684,15 +4689,14 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXSMBDPROCESSES"/>max smbd processes (G)</term> + <term><anchor id="MAXSMBDPROCESSES">max smbd processes (G)</term> <listitem><para>This parameter limits the maximum number of <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating - conditions, each user will have an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> associated with him or her + conditions, each user will have an <ulink url="smbd.8.html">smbd</ulink> associated with him or her to handle connections to all shares from a given host. </para> @@ -4705,9 +4709,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXTTL"/>max ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <term><anchor id="MAXTTL">max ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink> what the default 'time to live' of NetBIOS names should be (in seconds) when <command>nmbd</command> is requesting a name using either a broadcast packet or from a WINS server. You should never need to @@ -4720,9 +4723,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXWINSTTL"/>max wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT"> + <term><anchor id="MAXWINSTTL">max wins ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8) + </ulink> when acting as a WINS server (<link linkend="WINSSUPPORT"> <parameter>wins support = yes</parameter></link>) what the maximum 'time to live' of NetBIOS names that <command>nmbd</command> will grant will be (in seconds). You should never need to change this @@ -4738,7 +4741,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MAXXMIT"/>max xmit (G)</term> + <term><anchor id="MAXXMIT">max xmit (G)</term> <listitem><para>This option controls the maximum packet size that will be negotiated by Samba. The default is 65535, which is the maximum. In some cases you may find you get better performance @@ -4753,7 +4756,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MESSAGECOMMAND"/>message command (G)</term> + <term><anchor id="MESSAGECOMMAND">message command (G)</term> <listitem><para>This specifies what command to run when the server receives a WinPopup style message.</para> @@ -4763,13 +4766,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>An example is:</para> - <para><command>message command = csh -c 'xedit %s;rm %s' &</command> + <para><command>message command = csh -c 'xedit %s;rm %s' &</command> </para> <para>This delivers the message using <command>xedit</command>, then removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I - have the '&' on the end. If it doesn't return immediately then + have the '&' on the end. If it doesn't return immediately then your PCs may freeze when sending messages (they should recover after 30 seconds, hopefully).</para> @@ -4814,7 +4817,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>Default: <emphasis>no message command</emphasis></para> <para>Example: <command>message command = csh -c 'xedit %s; - rm %s' &</command></para> + rm %s' &</command></para> </listitem> </varlistentry> @@ -4822,7 +4825,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPASSWDLENGTH"/>min passwd length (G)</term> + <term><anchor id="MINPASSWDLENGTH">min passwd length (G)</term> <listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH"> <parameter>min password length</parameter></link>.</para> </listitem> @@ -4831,7 +4834,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPASSWORDLENGTH"/>min password length (G)</term> + <term><anchor id="MINPASSWORDLENGTH">min password length (G)</term> <listitem><para>This option sets the minimum length in characters of a plaintext password that <command>smbd</command> will accept when performing UNIX password changing.</para> @@ -4849,7 +4852,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPRINTSPACE"/>min print space (S)</term> + <term><anchor id="MINPRINTSPACE">min print space (S)</term> <listitem><para>This sets the minimum amount of free disk space that must be available before a user will be able to spool a print job. It is specified in kilobytes. The default is 0, which @@ -4867,7 +4870,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINPROTOCOL"/>min protocol (G)</term> + <term><anchor id="MINPROTOCOL">min protocol (G)</term> <listitem><para>The value of the parameter (a string) is the lowest SMB protocol dialect than Samba will support. Please refer to the <link linkend="MAXPROTOCOL"><parameter>max protocol</parameter></link> @@ -4891,9 +4894,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MINWINSTTL"/>min wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <term><anchor id="MINWINSTTL">min wins ttl (G)</term> + <listitem><para>This option tells <ulink url="nmbd.8.html">nmbd(8)</ulink> when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter> wins support = yes</parameter></link>) what the minimum 'time to live' of NetBIOS names that <command>nmbd</command> will grant will be (in @@ -4906,7 +4908,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MSDFSPROXY"/>msdfs proxy (S)</term> + <term><anchor id="MSDFSPROXY">msdfs proxy (S)</term> <listitem><para>This parameter indicates that the share is a stand-in for another CIFS share whose location is specified by the value of the parameter. When clients attempt to connect to @@ -4917,7 +4919,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' and <link linkend="HOSTMSDFS"><parameter>host msdfs</parameter></link> options to find out how to set up a Dfs root share.</para> - <para>Example: <command>msdfs proxy = \\\\otherserver\\someshare</command></para> + <para>Example: <command>msdfs proxy = \otherserver\someshare</command></para> </listitem> </varlistentry> @@ -4925,17 +4927,17 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="MSDFSROOT"/>msdfs root (S)</term> + <term><anchor id="MSDFSROOT">msdfs root (S)</term> <listitem><para>This boolean parameter is only available if Samba is configured and compiled with the <command> --with-msdfs</command> option. If set to <constant>yes</constant>, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic - links of the form <filename>msdfs:serverA\\shareA,serverB\\shareB</filename> + links of the form <filename>msdfs:serverA\shareA,serverB\shareB</filename> and so on. For more information on setting up a Dfs tree - on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft - Distributed File System tree on Samba"</ulink> document.</para> + on Samba, refer to <ulink url="msdfs_setup.html">msdfs_setup.html + </ulink>.</para> <para>See also <link linkend="HOSTMSDFS"><parameter>host msdfs </parameter></link></para> @@ -4945,7 +4947,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="NAMECACHETIMEOUT"/>name cache timeout (G)</term> + <term><anchor id="NAMECACHETIMEOUT">name cache timeout (G)</term> <listitem><para>Specifies the number of seconds it takes before entries in samba's hostname resolve cache time out. If the timeout is set to 0. the caching is disabled. @@ -4958,7 +4960,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="NAMERESOLVEORDER"/>name resolve order (G)</term> + <term><anchor id="NAMERESOLVEORDER">name resolve order (G)</term> <listitem><para>This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses. The option takes a space @@ -5011,7 +5013,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NETBIOSALIASES"/>netbios aliases (G)</term> + <term><anchor id="NETBIOSALIASES">netbios aliases (G)</term> <listitem><para>This is a list of NetBIOS names that <ulink url="nmbd.8.html">nmbd(8)</ulink> will advertise as additional names by which the Samba server is known. This allows one machine @@ -5032,7 +5034,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NETBIOSNAME"/>netbios name (G)</term> + <term><anchor id="NETBIOSNAME">netbios name (G)</term> <listitem><para>This sets the NetBIOS name by which a Samba server is known. By default it is the same as the first component of the host's DNS name. If a machine is a browse server or @@ -5051,7 +5053,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NETBIOSSCOPE"/>netbios scope (G)</term> + <term><anchor id="NETBIOSSCOPE">netbios scope (G)</term> <listitem><para>This sets the NetBIOS scope that Samba will operate under. This should not be set unless every machine on your LAN also sets this value.</para> @@ -5060,7 +5062,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NISHOMEDIR"/>nis homedir (G)</term> + <term><anchor id="NISHOMEDIR">nis homedir (G)</term> <listitem><para>Get the home share server from a NIS map. For UNIX systems that use an automounter, the user's home directory will often be mounted on a workstation on demand from a remote @@ -5093,7 +5095,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NONUNIXACCOUNTRANGE"/>non unix account range (G)</term> + <term><anchor id="NONUNIXACCOUNTRANGE">non unix account range (G)</term> <listitem><para>The non unix account range parameter specifies the range of 'user ids' that are allocated by the various 'non unix account' passdb backends. These backends allow @@ -5102,10 +5104,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise.</para> - <note><para>These userids never appear on the system and Samba will never + <para>NOTE: These userids never appear on the system and Samba will never 'become' these users. They are used only to ensure that the algorithmic RID mapping does not conflict with normal users. - </para></note> + </para> <para>Default: <command>non unix account range = <empty string> </command></para> @@ -5117,7 +5119,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NTACLSUPPORT"/>nt acl support (S)</term> + <term><anchor id="NTACLSUPPORT">nt acl support (S)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map UNIX permissions into Windows NT access control lists. @@ -5131,10 +5133,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NTPIPESUPPORT"/>nt pipe support (G)</term> + <term><anchor id="NTPIPESUPPORT">nt pipe support (G)</term> <listitem><para>This boolean parameter controls whether - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will allow Windows NT + <ulink url="smbd.8.html">smbd(8)</ulink> will allow Windows NT clients to connect to the NT SMB specific <constant>IPC$</constant> pipes. This is a developer debugging option and can be left alone.</para> @@ -5146,7 +5147,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NTSTATUSSUPPORT"/>nt status support (G)</term> + <term><anchor id="NTSTATUSSUPPORT">nt status support (G)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status support with Windows NT/2k/XP clients. This is a developer @@ -5163,12 +5164,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="NULLPASSWORDS"/>null passwords (G)</term> + <term><anchor id="NULLPASSWORDS">null passwords (G)</term> <listitem><para>Allow or disallow client access to accounts that have null passwords. </para> - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para>See also <ulink url="smbpasswd.5.html">smbpasswd (5)</ulink>.</para> <para>Default: <command>null passwords = no</command></para> </listitem> @@ -5178,7 +5178,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OBEYPAMRESTRICTIONS"/>obey pam restrictions (G)</term> + <term><anchor id="OBEYPAMRESTRICTIONS">obey pam restrictions (G)</term> <listitem><para>When Samba 2.2 is configured to enable PAM support (i.e. --with-pam), this parameter will control whether or not Samba should obey PAM's account and session management directives. The @@ -5199,7 +5199,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ONLYUSER"/>only user (S)</term> + <term><anchor id="ONLYUSER">only user (S)</term> <listitem><para>This is a boolean option that controls whether connections with usernames not in the <parameter>user</parameter> list will be allowed. By default this option is disabled so that a @@ -5227,7 +5227,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="ONLYGUEST"/>only guest (S)</term> + <term><anchor id="ONLYGUEST">only guest (S)</term> <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter> guest only</parameter></link>.</para> </listitem> @@ -5236,7 +5236,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OPLOCKBREAKWAITTIME"/>oplock break wait time (G)</term> + <term><anchor id="OPLOCKBREAKWAITTIME">oplock break wait time (G)</term> <listitem><para>This is a tuning parameter added due to bugs in both Windows 9x and WinNT. If Samba responds to a client too quickly when that client issues an SMB that can cause an oplock @@ -5254,15 +5254,15 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OPLOCKCONTENTIONLIMIT"/>oplock contention limit (S)</term> + <term><anchor id="OPLOCKCONTENTIONLIMIT">oplock contention limit (S)</term> <listitem><para>This is a <emphasis>very</emphasis> advanced <ulink url="smbd.8.html">smbd(8)</ulink> tuning option to improve the efficiency of the granting of oplocks under multiple client contention for the same file.</para> - <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested - if the approximate number of clients contending for an oplock on the same file goes over this + <para>In brief it specifies a number, which causes <ulink url="smbd.8.html">smbd</ulink> not to + grant an oplock even when requested if the approximate number of + clients contending for an oplock on the same file goes over this limit. This causes <command>smbd</command> to behave in a similar way to Windows NT.</para> @@ -5278,7 +5278,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OPLOCKS"/>oplocks (S)</term> + <term><anchor id="OPLOCKS">oplocks (S)</term> <listitem><para>This boolean option tells <command>smbd</command> whether to issue oplocks (opportunistic locks) to file open requests on this share. The oplock code can dramatically (approx. 30% or more) improve @@ -5306,16 +5306,13 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="NTLMAUTH"/>ntlm auth (G)</term> - <listitem><para>This parameter determines - whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will + <term><anchor id="NTLMAUTH">ntlm auth (G)</term> + <listitem><para>This parameter determines whether or not <ulink url="smbd.8.html">smbd</ulink> will attempt to authenticate users using the NTLM password hash. If disabled, only the lanman password hashes will be used. </para> - <para>Please note that at least this option or <command>lanman auth</command> should - be enabled in order to be able to log in. + <para>Please note that at least this option or <command>lanman auth</command> should be enabled in order to be able to log in. </para> <para>Default : <command>ntlm auth = yes</command></para> @@ -5323,11 +5320,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="OSLEVEL"/>os level (G)</term> + <term><anchor id="OSLEVEL">os level (G)</term> <listitem><para>This integer value controls what level Samba advertises itself as for browse elections. The value of this - parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + parameter determines whether <ulink url="nmbd.8.html">nmbd(8)</ulink> has a chance of becoming a local master browser for the <parameter> WORKGROUP</parameter> in the local broadcast area.</para> @@ -5347,7 +5343,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="OS2DRIVERMAP"/>os2 driver map (G)</term> + <term><anchor id="OS2DRIVERMAP">os2 driver map (G)</term> <listitem><para>The parameter is used to define the absolute path to a file containing a mapping of Windows NT printer driver names to OS/2 printer driver names. The format is:</para> @@ -5360,9 +5356,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' LaserJet 5L</command>.</para> <para>The need for the file is due to the printer driver namespace - problem described in the <ulink url="printing.html">Samba + problem described in the <ulink url="printer_driver2.html">Samba Printing HOWTO</ulink>. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> + refer to the <ulink url="OS2-Client-HOWTO.html">OS2-Client-HOWTO + </ulink> containing in the Samba documentation.</para> <para>Default: <command>os2 driver map = <empty string> </command></para> @@ -5371,7 +5368,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PAMPASSWORDCHANGE"/>pam password change (G)</term> + <term><anchor id="PAMPASSWORDCHANGE">pam password change (G)</term> <listitem><para>With the addition of better PAM support in Samba 2.2, this parameter, it is possible to use PAM's password change control flag for Samba. If enabled, then PAM will be used for password @@ -5389,12 +5386,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PANICACTION"/>panic action (G)</term> + <term><anchor id="PANICACTION">panic action (G)</term> <listitem><para>This is a Samba developer option that allows a - system command to be called when either <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> crashes. This is usually used to - draw attention to the fact that a problem occurred.</para> + system command to be called when either <ulink url="smbd.8.html"> + smbd(8)</ulink> or <ulink url="nmbd.8.html">nmbd(8)</ulink> + crashes. This is usually used to draw attention to the fact that + a problem occurred.</para> <para>Default: <command>panic action = <empty string></command></para> <para>Example: <command>panic action = "/bin/sleep 90000"</command></para> @@ -5402,24 +5399,20 @@ df $1 | tail -1 | awk '{print $2" "$4}' </varlistentry> <varlistentry> - <term><anchor id="PARANOIDSERVERSECURITY"/>paranoid server security (G)</term> + <term><anchor id="PARANOIDSERVERSECURITY">paranoid server security (G)</term> <listitem><para>Some version of NT 4.x allow non-guest users with a bad passowrd. When this option is enabled, samba will not use a broken NT 4.x server as password server, but instead complain - to the logs and exit. + to the logs and exit. </para> - <para>Disabling this option prevents Samba from making - this check, which involves deliberatly attempting a - bad logon to the remote server.</para> - <para>Default: <command>paranoid server security = yes</command></para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="PASSDBBACKEND"/>passdb backend (G)</term> + <term><anchor id="PASSDBBACKEND">passdb backend (G)</term> <listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both smbpasswd and tdbsam to be used without a recompile. Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. @@ -5487,7 +5480,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' for its own processing</para> </listitem> - <listitem><para><command>unixsam</command> - Allows samba to map all (other) available unix users</para> + <listitem><para><command>unixsam</command> - (EXPERIMENTAL) Allows samba to map all (other) available unix users</para> <para>This backend uses the standard unix database for retrieving users. Users included in this pdb are NOT listed in samba user listings and users included in this pdb won't be @@ -5503,22 +5496,22 @@ df $1 | tail -1 | awk '{print $2" "$4}' </itemizedlist> </para> - <para>Default: <command>passdb backend = smbpasswd unixsam</command></para> - <para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam</command></para> - <para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam</command></para> + <para>Default: <command>passdb backend = smbpasswd guest</command></para> + <para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd </command></para> + <para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com </command></para> <para>Example: <command>passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term> + <term><anchor id="PASSWDCHAT">passwd chat (G)</term> <listitem><para>This string controls the <emphasis>"chat"</emphasis> - conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and the local password changing + conversation that takes places between <ulink + url="smbd.8.html">smbd</ulink> and the local password changing program to change the user's password. The string describes a - sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the + sequence of response-receive pairs that <ulink url="smbd.8.html"> + smbd(8)</ulink> uses to determine what to send to the <link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter> </link> and what to expect back. If the expected output is not received then the password is not changed.</para> @@ -5540,8 +5533,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>The string can contain the macro <parameter>%n</parameter> which is substituted for the new password. The chat sequence can also contain the standard - macros <constant>\\n</constant>, <constant>\\r</constant>, <constant> - \\t</constant> and <constant>\\s</constant> to give line-feed, + macros <constant>\n</constant>, <constant>\r</constant>, <constant> + \t</constant> and <constant>\s</constant> to give line-feed, carriage-return, tab and space. The chat sequence string can also contain a '*' which matches any sequence of characters. Double quotes can be used to collect strings with spaces @@ -5563,10 +5556,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' <parameter>passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> <parameter>pam password change</parameter></link>.</para> - <para>Default: <command>passwd chat = *new*password* %n\\n - *new*password* %n\\n *changed*</command></para> - <para>Example: <command>passwd chat = "*Enter OLD password*" %o\\n - "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password + <para>Default: <command>passwd chat = *new*password* %n\n + *new*password* %n\n *changed*</command></para> + <para>Example: <command>passwd chat = "*Enter OLD password*" %o\n + "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*"</command></para> </listitem> </varlistentry> @@ -5574,12 +5567,11 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWDCHATDEBUG"/>passwd chat debug (G)</term> + <term><anchor id="PASSWDCHATDEBUG">passwd chat debug (G)</term> <listitem><para>This boolean specifies if the passwd chat script parameter is run in <emphasis>debug</emphasis> mode. In this mode the strings passed to and received from the passwd chat are printed - in the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> log with a + in the <ulink url="smbd.8.html">smbd(8)</ulink> log with a <link linkend="DEBUGLEVEL"><parameter>debug level</parameter></link> of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the <command>smbd</command> log. It is available to help @@ -5602,7 +5594,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWDPROGRAM"/>passwd program (G)</term> + <term><anchor id="PASSWDPROGRAM">passwd program (G)</term> <listitem><para>The name of a program that can be used to set UNIX user passwords. Any occurrences of <parameter>%u</parameter> will be replaced with the user name. The user name is checked for @@ -5640,7 +5632,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWORDLEVEL"/>password level (G)</term> + <term><anchor id="PASSWORDLEVEL">password level (G)</term> <listitem><para>Some client/server combinations have difficulty with mixed-case passwords. One offending client is Windows for Workgroups, which for some reason forces passwords to upper @@ -5683,7 +5675,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PASSWORDSERVER"/>password server (G)</term> + <term><anchor id="PASSWORDSERVER">password server (G)</term> <listitem><para>By specifying the name of another SMB server (such as a WinNT box) with this option, and using <command>security = domain </command> or <command>security = server</command> you can get Samba @@ -5704,10 +5696,10 @@ df $1 | tail -1 | awk '{print $2" "$4}' the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in user level security mode.</para> - <note><para>Using a password server + <para><emphasis>NOTE:</emphasis> Using a password server means your UNIX box (running Samba) is only as secure as your password server. <emphasis>DO NOT CHOOSE A PASSWORD SERVER THAT - YOU DON'T COMPLETELY TRUST</emphasis>.</para></note> + YOU DON'T COMPLETELY TRUST</emphasis>.</para> <para>Never point a Samba server at itself for password serving. This will cause a loop and could lock up your Samba @@ -5778,7 +5770,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PATH"/>path (S)</term> + <term><anchor id="PATH">path (S)</term> <listitem><para>This parameter specifies a directory to which the user of the service is to be given access. In the case of printable services, this is where print data will spool prior to @@ -5809,7 +5801,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PIDDIRECTORY"/>pid directory (G)</term> + <term><anchor id="PIDDIRECTORY">pid directory (G)</term> <listitem><para>This option specifies the directory where pid files will be placed. </para> @@ -5821,9 +5813,8 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="POSIXLOCKING"/>posix locking (S)</term> - <listitem><para>The <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> + <term><anchor id="POSIXLOCKING">posix locking (S)</term> + <listitem><para>The <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> daemon maintains an database of file locks obtained by SMB clients. The default behavior is to map this internal database to POSIX locks. This means that file locks obtained by SMB clients are @@ -5839,7 +5830,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="POSTEXEC"/>postexec (S)</term> + <term><anchor id="POSTEXEC">postexec (S)</term> <listitem><para>This option specifies a command to be run whenever the service is disconnected. It takes the usual substitutions. The command may be run as the root on some @@ -5864,7 +5855,23 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREEXEC"/>preexec (S)</term> + <term><anchor id="POSTSCRIPT">postscript (S)</term> + <listitem><para>This parameter forces a printer to interpret + the print files as PostScript. This is done by adding a <constant>%! + </constant> to the start of print output.</para> + + <para>This is most useful when you have lots of PCs that persist + in putting a control-D at the start of print jobs, which then + confuses your printer.</para> + + <para>Default: <command>postscript = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PREEXEC">preexec (S)</term> <listitem><para>This option specifies a command to be run whenever the service is connected to. It takes the usual substitutions.</para> @@ -5873,12 +5880,12 @@ df $1 | tail -1 | awk '{print $2" "$4}' is an example:</para> <para><command>preexec = csh -c 'echo \"Welcome to %S!\" | - /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> + /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> <para>Of course, this could get annoying after a while :-)</para> <para>See also <link linkend="PREEXECCLOSE"><parameter>preexec close - </parameter></link> and <link linkend="POSTEXEC"><parameter>postexec + </parameter</link> and <link linkend="POSTEXEC"><parameter>postexec </parameter></link>.</para> <para>Default: <emphasis>none (no command executed)</emphasis></para> @@ -5890,7 +5897,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREEXECCLOSE"/>preexec close (S)</term> + <term><anchor id="PREEXECCLOSE">preexec close (S)</term> <listitem><para>This boolean option controls whether a non-zero return code from <link linkend="PREEXEC"><parameter>preexec </parameter></link> should close the service being connected to.</para> @@ -5901,7 +5908,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREFERREDMASTER"/>preferred master (G)</term> + <term><anchor id="PREFERREDMASTER">preferred master (G)</term> <listitem><para>This boolean parameter controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser for its workgroup.</para> @@ -5930,7 +5937,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PREFEREDMASTER"/>prefered master (G)</term> + <term><anchor id="PREFEREDMASTER">prefered master (G)</term> <listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter> preferred master</parameter></link> for people who cannot spell :-).</para> </listitem> @@ -5939,7 +5946,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRELOAD"/>preload (G)</term> + <term><anchor id="PRELOAD">preload (G)</term> <listitem><para>This is a list of services that you want to be automatically added to the browse lists. This is most useful for homes and printers services that would otherwise not be @@ -5955,24 +5962,9 @@ df $1 | tail -1 | awk '{print $2" "$4}' </listitem> </varlistentry> - <varlistentry> - <term><anchor id="PRELOADMODULES"/>preload modules (G)</term> - <listitem><para>This is a list of paths to modules that should - be loaded into smbd before a client connects. This improves - the speed of smbd when reacting to new connections somewhat. </para> - - <para>It is recommended to only use this option on heavy-performance - servers.</para> - - <para>Default: <command>preload modules = </command></para> - - <para>Example: <command>preload modules = /usr/lib/samba/passdb/mysql.so</command></para> - - </listitem> - </varlistentry> <varlistentry> - <term><anchor id="PRESERVECASE"/>preserve case (S)</term> + <term><anchor id="PRESERVECASE">preserve case (S)</term> <listitem><para> This controls if new filenames are created with the case that the client passes, or if they are forced to be the <link linkend="DEFAULTCASE"><parameter>default case @@ -5988,7 +5980,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTCOMMAND"/>print command (S)</term> + <term><anchor id="PRINTCOMMAND">print command (S)</term> <listitem><para>After a print job has finished spooling to a service, this command will be used via a <command>system()</command> call to process the spool file. Typically the command specified will @@ -6078,7 +6070,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTOK"/>print ok (S)</term> + <term><anchor id="PRINTOK">print ok (S)</term> <listitem><para>Synonym for <link linkend="PRINTABLE"> <parameter>printable</parameter></link>.</para> </listitem> @@ -6088,7 +6080,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTABLE"/>printable (S)</term> + <term><anchor id="PRINTABLE">printable (S)</term> <listitem><para>If this parameter is <constant>yes</constant>, then clients may open, write to and submit spool files on the directory specified for the service. </para> @@ -6106,7 +6098,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTCAP"/>printcap (G)</term> + <term><anchor id="PRINTCAP">printcap (G)</term> <listitem><para>Synonym for <link linkend="PRINTCAPNAME"><parameter> printcap name</parameter></link>.</para> </listitem> @@ -6116,7 +6108,7 @@ df $1 | tail -1 | awk '{print $2" "$4}' <varlistentry> - <term><anchor id="PRINTCAPNAME"/>printcap name (G)</term> + <term><anchor id="PRINTCAPNAME">printcap name (G)</term> <listitem><para>This parameter may be used to override the compiled-in default printcap name used by the server (usually <filename> /etc/printcap</filename>). See the discussion of the <link @@ -6142,22 +6134,22 @@ df $1 | tail -1 | awk '{print $2" "$4}' <para>A minimal printcap file would look something like this:</para> -<para><programlisting> -print1|My Printer 1 -print2|My Printer 2 -print3|My Printer 3 -print4|My Printer 4 -print5|My Printer 5 -</programlisting></para> + <para><programlisting> + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + </programlisting></para> <para>where the '|' separates aliases of a printer. The fact that the second alias has a space in it gives a hint to Samba that it's a comment.</para> - <note><para>Under AIX the default printcap + <para><emphasis>NOTE</emphasis>: Under AIX the default printcap name is <filename>/etc/qconfig</filename>. Samba will assume the file is in AIX <filename>qconfig</filename> format if the string - <filename>qconfig</filename> appears in the printcap filename.</para></note> + <filename>qconfig</filename> appears in the printcap filename.</para> <para>Default: <command>printcap name = /etc/printcap</command></para> <para>Example: <command>printcap name = /etc/myprintcap</command></para> @@ -6169,7 +6161,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRINTERADMIN"/>printer admin (S)</term> + <term><anchor id="PRINTERADMIN">printer admin (S)</term> <listitem><para>This is a list of users that can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation). Note that the root user always @@ -6183,8 +6175,113 @@ print5|My Printer 5 + + + <varlistentry> + <term><anchor id="PRINTERDRIVER">printer driver (S)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This option allows you to control the string + that clients receive when they ask the server for the printer driver + associated with a printer. If you are using Windows95 or Windows NT + then you can use this to automate the setup of printers on your + system.</para> + + <para>You need to set this parameter to the exact string (case + sensitive) that describes the appropriate printer driver for your + system. If you don't know the exact string to use then you should + first try with no <link linkend="PRINTERDRIVER"><parameter> + printer driver</parameter></link> option set and the client will + give you a list of printer drivers. The appropriate strings are + shown in a scroll box after you have chosen the printer manufacturer.</para> + + <para>See also <link linkend="PRINTERDRIVERFILE"><parameter>printer + driver file</parameter></link>.</para> + + <para>Example: <command>printer driver = HP LaserJet 4L</command></para> + </listitem> + </varlistentry> + + + <varlistentry> - <term><anchor id="PRINTERNAME"/>printer name (S)</term> + <term><anchor id="PRINTERDRIVERFILE">printer driver file (G)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This parameter tells Samba where the printer driver + definition file, used when serving drivers to Windows 95 clients, is + to be found. If this is not set, the default is :</para> + + <para><filename><replaceable>SAMBA_INSTALL_DIRECTORY</replaceable> + /lib/printers.def</filename></para> + + <para>This file is created from Windows 95 <filename>msprint.inf + </filename> files found on the Windows 95 client system. For more + details on setting up serving of printer drivers to Windows 95 + clients, see the outdated documentation file in the <filename>docs/</filename> + directory, <filename>PRINTER_DRIVER.txt</filename>.</para> + + <para>See also <link linkend="PRINTERDRIVERLOCATION"><parameter> + printer driver location</parameter></link>.</para> + + <para>Default: <emphasis>None (set in compile).</emphasis></para> + + <para>Example: <command>printer driver file = + /usr/local/samba/printers/drivers.def</command></para> + </listitem> + </varlistentry> + + + + + <varlistentry> + <term><anchor id="PRINTERDRIVERLOCATION">printer driver location (S)</term> + <listitem><para><emphasis>Note :</emphasis>This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the <ulink url="printer_driver2.html">Samba 2.2. Printing + HOWTO</ulink> for more information + on the new method of loading printer drivers onto a Samba server. + </para> + + <para>This parameter tells clients of a particular printer + share where to find the printer driver files for the automatic + installation of drivers for Windows 95 machines. If Samba is set up + to serve printer drivers to Windows 95 machines, this should be set to</para> + + <para><command>\\MACHINE\PRINTER$</command></para> + + <para>Where MACHINE is the NetBIOS name of your Samba server, + and PRINTER$ is a share you set up for serving printer driver + files. For more details on setting this up see the outdated documentation + file in the <filename>docs/</filename> directory, <filename> + PRINTER_DRIVER.txt</filename>.</para> + + <para>See also <link linkend="PRINTERDRIVERFILE"><parameter> + printer driver file</parameter></link>.</para> + + <para>Default: <command>none</command></para> + <para>Example: <command>printer driver location = \\MACHINE\PRINTER$ + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="PRINTERNAME">printer name (S)</term> <listitem><para>This parameter specifies the name of the printer to which print jobs spooled through a printable service will be sent.</para> @@ -6201,7 +6298,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRINTER"/>printer (S)</term> + <term><anchor id="PRINTER">printer (S)</term> <listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter> printer name</parameter></link>.</para> </listitem> @@ -6210,7 +6307,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRINTING"/>printing (S)</term> + <term><anchor id="PRINTING">printing (S)</term> <listitem><para>This parameters controls how printer status information is interpreted on your system. It also affects the default values for the <parameter>print command</parameter>, @@ -6241,7 +6338,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PRIVATEDIR"/>private dir (G)</term> + <term><anchor id="PRIVATEDIR">private dir (G)</term> <listitem><para>This parameters defines the directory smbd will use for storing such files as <filename>smbpasswd</filename> and <filename>secrets.tdb</filename>. @@ -6255,7 +6352,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PROTOCOL"/>protocol (G)</term> + <term><anchor id="PROTOCOL">protocol (G)</term> <listitem><para>Synonym for <link linkend="MAXPROTOCOL"> <parameter>max protocol</parameter></link>.</para></listitem> </varlistentry> @@ -6264,7 +6361,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="PUBLIC"/>public (S)</term> + <term><anchor id="PUBLIC">public (S)</term> <listitem><para>Synonym for <link linkend="GUESTOK"><parameter>guest ok</parameter></link>.</para> </listitem> @@ -6273,7 +6370,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="QUEUEPAUSECOMMAND"/>queuepause command (S)</term> + <term><anchor id="QUEUEPAUSECOMMAND">queuepause command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to pause the printer queue.</para> @@ -6302,7 +6399,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="QUEUERESUMECOMMAND"/>queueresume command (S)</term> + <term><anchor id="QUEUERESUMECOMMAND">queueresume command (S)</term> <listitem><para>This parameter specifies the command to be executed on the server host in order to resume the printer queue. It is the command to undo the behavior that is caused by the @@ -6337,7 +6434,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READBMPX"/>read bmpx (G)</term> + <term><anchor id="READBMPX">read bmpx (G)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to @@ -6352,7 +6449,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READLIST"/>read list (S)</term> + <term><anchor id="READLIST">read list (S)</term> <listitem><para>This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the <link @@ -6374,7 +6471,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READONLY"/>read only (S)</term> + <term><anchor id="READONLY">read only (S)</term> <listitem><para>An inverted synonym is <link linkend="WRITEABLE"> <parameter>writeable</parameter></link>.</para> @@ -6393,7 +6490,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READRAW"/>read raw (G)</term> + <term><anchor id="READRAW">read raw (G)</term> <listitem><para>This parameter controls whether or not the server will support the raw read SMB requests when transferring data to clients.</para> @@ -6416,7 +6513,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="READSIZE"/>read size (G)</term> + <term><anchor id="READSIZE">read size (G)</term> <listitem><para>The option <parameter>read size</parameter> affects the overlap of disk reads/writes with network reads/writes. If the amount of data being transferred in several of the SMB @@ -6443,7 +6540,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="REALM"/>realm (G)</term> + <term><anchor id="REALM">realm (G)</term> <listitem><para> This option specifies the kerberos realm to use. The realm is used as the ADS equivalent of the NT4<command>domain</command>. It @@ -6456,7 +6553,7 @@ print5|My Printer 5 </varlistentry> <varlistentry> - <term><anchor id="REMOTEANNOUNCE"/>remote announce (G)</term> + <term><anchor id="REMOTEANNOUNCE">remote announce (G)</term> <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name.</para> @@ -6481,7 +6578,7 @@ print5|My Printer 5 addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable.</para> - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> + <para>See the documentation file <filename>BROWSING.txt</filename> in the <filename>docs/</filename> directory.</para> <para>Default: <command>remote announce = <empty string> @@ -6492,7 +6589,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="REMOTEBROWSESYNC"/>remote browse sync (G)</term> + <term><anchor id="REMOTEBROWSESYNC">remote browse sync (G)</term> <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically request synchronization of browse lists with the master browser of a Samba @@ -6530,7 +6627,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="RESTRICTANONYMOUS"/>restrict anonymous (G)</term> + <term><anchor id="RESTRICTANONYMOUS">restrict anonymous (G)</term> <listitem><para>This is a integer parameter, and mirrors as much as possible the functinality the <constant>RestrictAnonymous</constant> @@ -6543,7 +6640,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOT"/>root (G)</term> + <term><anchor id="ROOT">root (G)</term> <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> <parameter>root directory"</parameter></link>.</para> </listitem> @@ -6552,7 +6649,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTDIR"/>root dir (G)</term> + <term><anchor id="ROOTDIR">root dir (G)</term> <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> <parameter>root directory"</parameter></link>.</para> </listitem> @@ -6560,7 +6657,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTDIRECTORY"/>root directory (G)</term> + <term><anchor id="ROOTDIRECTORY">root directory (G)</term> <listitem><para>The server will <command>chroot()</command> (i.e. Change its root directory) to this directory on startup. This is not strictly necessary for secure operation. Even without it the @@ -6592,7 +6689,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTPOSTEXEC"/>root postexec (S)</term> + <term><anchor id="ROOTPOSTEXEC">root postexec (S)</term> <listitem><para>This is the same as the <parameter>postexec</parameter> parameter except that the command is run as root. This is useful for unmounting filesystems @@ -6607,7 +6704,7 @@ print5|My Printer 5 </varlistentry> <varlistentry> - <term><anchor id="ROOTPREEXEC"/>root preexec (S)</term> + <term><anchor id="ROOTPREEXEC">root preexec (S)</term> <listitem><para>This is the same as the <parameter>preexec</parameter> parameter except that the command is run as root. This is useful for mounting filesystems (such as CDROMs) when a @@ -6625,7 +6722,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="ROOTPREEXECCLOSE"/>root preexec close (S)</term> + <term><anchor id="ROOTPREEXECCLOSE">root preexec close (S)</term> <listitem><para>This is the same as the <parameter>preexec close </parameter> parameter except that the command is run as root.</para> @@ -6639,14 +6736,14 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SECURITY"/>security (G)</term> + <term><anchor id="SECURITY">security (G)</term> <listitem><para>This option affects how clients respond to Samba and is one of the most important settings in the <filename> smb.conf</filename> file.</para> <para>The option sets the "security mode bit" in replies to - protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide + protocol negotiations with <ulink url="smbd.8.html">smbd(8) + </ulink> to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server.</para> @@ -6691,7 +6788,7 @@ print5|My Printer 5 <para>The different settings will now be explained.</para> - <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE + <para><anchor id="SECURITYEQUALSSHARE"><emphasis>SECURITY = SHARE </emphasis></para> <para>When clients connect to a share level security server they @@ -6760,10 +6857,10 @@ print5|My Printer 5 <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER + <para><anchor id="SECURITYEQUALSUSER"><emphasis>SECURITY = USER </emphasis></para> - <para>This is the default security setting in Samba 3.0. + <para>This is the default security setting in Samba 2.2. With user-level security a client must first "log-on" with a valid username and password (which can be mapped using the <link linkend="USERNAMEMAP"><parameter>username map</parameter></link> @@ -6787,27 +6884,24 @@ print5|My Printer 5 <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN - + <para><anchor id="SECURITYEQUALSSERVER"><emphasis>SECURITY = SERVER </emphasis></para> - <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has been used to add this - machine into a Windows NT Domain. It expects the <link - linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter to be set to <constant>yes</constant>. In this - mode Samba will try to validate the username/password by passing - it to a Windows NT Primary or Backup Domain Controller, in exactly - the same way that a Windows NT Server would do.</para> - - <para><emphasis>Note</emphasis> that a valid UNIX user must still - exist as well as the account on the Domain Controller to allow - Samba to have a valid UNIX account to map file access to.</para> + <para>In this mode Samba will try to validate the username/password + by passing it to another SMB server, such as an NT box. If this + fails it will revert to <command>security = user</command>, but note + that if encrypted passwords have been negotiated then Samba cannot + revert back to checking the UNIX password file, it must have a valid + <filename>smbpasswd</filename> file to check users against. See the + documentation file in the <filename>docs/</filename> directory + <filename>ENCRYPTION.txt</filename> for details on how to set this + up.</para> - <para><emphasis>Note</emphasis> that from the client's point - of view <command>security = domain</command> is the same as <command>security = user - </command>. It only affects how the server deals with the authentication, - it does not in any way affect what the client sees.</para> + <para><emphasis>Note</emphasis> that from the client's point of + view <command>security = server</command> is the same as <command> + security = user</command>. It only affects how the server deals + with the authentication, it does not in any way affect what the + client sees.</para> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -6825,42 +6919,27 @@ print5|My Printer 5 server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> </link> parameter.</para> - - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER + + <para><anchor id="SECURITYEQUALSDOMAIN"><emphasis>SECURITY = DOMAIN </emphasis></para> - <para>In this mode Samba will try to validate the username/password - by passing it to another SMB server, such as an NT box. If this - fails it will revert to <command>security = - user</command>. It expects the <link + <para>This mode will only work correctly if <ulink + url="smbpasswd.8.html">smbpasswd(8)</ulink> has been used to add this + machine into a Windows NT Domain. It expects the <link linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> - </link> parameter to be set to - <constant>yes</constant>, unless the remote server - does not support them. However note - that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid - <filename>smbpasswd</filename> file to check users against. See the - documentation file in the <filename>docs/</filename> directory - <filename>ENCRYPTION.txt</filename> for details on how to set this - up.</para> + </link> parameter to be set to <constant>yes</constant>. In this + mode Samba will try to validate the username/password by passing + it to a Windows NT Primary or Backup Domain Controller, in exactly + the same way that a Windows NT Server would do.</para> - <para><emphasis>Note</emphasis> this mode of operation - has significant pitfalls, due to the fact that is - activly initiates a man-in-the-middle attack on the - remote SMB server. In particular, this mode of - operation can cause significant resource consuption on - the PDC, as it must maintain an active connection for - the duration of the user's session. Furthermore, if - this connection is lost, there is no way to - reestablish it, and futher authenticaions to the Samba - server may fail. (From a single client, till it - disconnects). </para> + <para><emphasis>Note</emphasis> that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to.</para> - <para><emphasis>Note</emphasis> that from the client's point of - view <command>security = server</command> is the same as <command> - security = user</command>. It only affects how the server deals - with the authentication, it does not in any way affect what the - client sees.</para> + <para><emphasis>Note</emphasis> that from the client's point + of view <command>security = domain</command> is the same as <command>security = user + </command>. It only affects how the server deals with the authentication, + it does not in any way affect what the client sees.</para> <para><emphasis>Note</emphasis> that the name of the resource being requested is <emphasis>not</emphasis> sent to the server until after @@ -6871,6 +6950,14 @@ print5|My Printer 5 See the <link linkend="MAPTOGUEST"><parameter>map to guest</parameter> </link> parameter for details on doing this.</para> + <para><emphasis>BUG:</emphasis> There is currently a bug in the + implementation of <command>security = domain</command> with respect + to multi-byte character set usernames. The communication with a + Domain Controller must be done in UNICODE and Samba currently + does not widen multi-byte user names to UNICODE correctly, thus + a multi-byte username will not be recognized correctly at the + Domain Controller. This issue will be addressed in a future release.</para> + <para>See also the section <link linkend="VALIDATIONSECT"> NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> @@ -6878,17 +6965,16 @@ print5|My Printer 5 server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter>encrypted passwords</parameter> </link> parameter.</para> - + <para>Default: <command>security = USER</command></para> <para>Example: <command>security = DOMAIN</command></para> - </listitem> </varlistentry> <varlistentry> - <term><anchor id="SECURITYMASK"/>security mask (S)</term> + <term><anchor id="SECURITYMASK">security mask (S)</term> <listitem><para>This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security @@ -6923,7 +7009,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SERVERSTRING"/>server string (G)</term> + <term><anchor id="SERVERSTRING">server string (G)</term> <listitem><para>This controls what string will show up in the printer comment box in print manager and next to the IPC connection in <command>net view</command>. It can be any string that you wish @@ -6967,7 +7053,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SETDIRECTORY"/>set directory (S)</term> + <term><anchor id="SETDIRECTORY">set directory (S)</term> <listitem><para>If <command>set directory = no</command>, then users of the service may not use the setdir command to change directory.</para> @@ -6983,7 +7069,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHAREMODES"/>share modes (S)</term> + <term><anchor id="SHAREMODES">share modes (S)</term> <listitem><para>This enables or disables the honoring of the <parameter>share modes</parameter> during a file open. These modes are used by clients to gain exclusive read or write access @@ -7012,7 +7098,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHORTPRESERVECASE"/>short preserve case (S)</term> + <term><anchor id="SHORTPRESERVECASE">short preserve case (S)</term> <listitem><para>This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced @@ -7032,7 +7118,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHOWADDPRINTERWIZARD"/>show add printer wizard (G)</term> + <term><anchor id="SHOWADDPRINTERWIZARD">show add printer wizard (G)</term> <listitem><para>With the introduction of MS-RPC based printing support for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will appear on Samba hosts in the share listing. Normally this folder will @@ -7067,7 +7153,7 @@ print5|My Printer 5 <varlistentry> - <term><anchor id="SHUTDOWNSCRIPT"/>shutdown script (G)</term> + <term><anchor id="SHUTDOWNSCRIPT">shutdown script (G)</term> <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> This a full path name to a script called by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> that @@ -7093,15 +7179,15 @@ print5|My Printer 5 <para>Default: <emphasis>None</emphasis>.</para> <para>Example: <command>abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> <para>Shutdown script example: -<programlisting> -#!/bin/bash + <programlisting> + #!/bin/bash -$time=0 -let "time/60" -let "time++" + $time=0 + let "time/60" + let "time++" -/sbin/shutdown $3 $4 +$time $1 & -</programlisting> + /sbin/shutdown $3 $4 +$time $1 & + </programlisting> Shutdown does not return so we need to launch it in background. </para> @@ -7111,7 +7197,7 @@ let "time++" <varlistentry> - <term><anchor id="SMBPASSWDFILE"/>smb passwd file (G)</term> + <term><anchor id="SMBPASSWDFILE">smb passwd file (G)</term> <listitem><para>This option sets the path to the encrypted smbpasswd file. By default the path to the smbpasswd file is compiled into Samba.</para> @@ -7126,7 +7212,7 @@ let "time++" <varlistentry> - <term><anchor id="SMBPORTS"/>smb ports (G)</term> + <term><anchor id="SMBPORTS">smb ports (G)</term> <listitem><para>Specifies which ports the server should listen on for SMB traffic. </para> @@ -7137,7 +7223,7 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="SOCKETADDRESS"/>socket address (G)</term> + <term><anchor id="SOCKETADDRESS">socket address (G)</term> <listitem><para>This option allows you to control what address Samba will listen for connections on. This is used to support multiple virtual interfaces on the one server, each @@ -7154,7 +7240,7 @@ let "time++" <varlistentry> - <term><anchor id="SOCKETOPTIONS"/>socket options (G)</term> + <term><anchor id="SOCKETOPTIONS">socket options (G)</term> <listitem><para>This option allows you to set socket options to be used when talking with the client.</para> @@ -7227,7 +7313,7 @@ let "time++" <varlistentry> - <term><anchor id="SOURCEENVIRONMENT"/>source environment (G)</term> + <term><anchor id="SOURCEENVIRONMENT">source environment (G)</term> <listitem><para>This parameter causes Samba to set environment variables as per the content of the file named.</para> @@ -7249,23 +7335,17 @@ let "time++" /usr/local/smb_env_vars</command></para> </listitem> </varlistentry> +<varlistentry> +<term><anchor id="SPNEGO">use spnego (G)</term> +<listitem><para> This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. As of samba 3.0alpha it must be set to "no" for these clients to join a samba domain controller. It can be set to "yes" to allow samba to participate in an AD domain controlled by a Windows2000 domain controller.</para> +<para>Default: <emphasis>use spnego = yes</emphasis></para> +</listitem> +</varlistentry> <varlistentry> - <term><anchor id="SPNEGO"/>use spnego (G)</term> - <listitem><para> This variable controls controls whether samba will try - to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. - Unless further issues are discovered with our SPNEGO - implementation, there is no reason this should ever be - disabled.</para> - <para>Default: <emphasis>use spnego = yes</emphasis></para> - </listitem> - </varlistentry> - - <varlistentry> - <term><anchor id="STATCACHE"/>stat cache (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will use a cache in order to + <term><anchor id="STATCACHE">stat cache (G)</term> + <listitem><para>This parameter determines if <ulink + url="smbd.8.html">smbd(8)</ulink> will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter.</para> @@ -7274,7 +7354,7 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="STATCACHESIZE"/>stat cache size (G)</term> + <term><anchor id="STATCACHESIZE">stat cache size (G)</term> <listitem><para>This parameter determines the number of entries in the <parameter>stat cache</parameter>. You should never need to change this parameter.</para> @@ -7286,7 +7366,7 @@ let "time++" <varlistentry> - <term><anchor id="STRICTALLOCATE"/>strict allocate (S)</term> + <term><anchor id="STRICTALLOCATE">strict allocate (S)</term> <listitem><para>This is a boolean that controls the handling of disk space allocation in the server. When this is set to <constant>yes</constant> the server will change from UNIX behaviour of not committing real @@ -7310,7 +7390,7 @@ let "time++" <varlistentry> - <term><anchor id="STRICTLOCKING"/>strict locking (S)</term> + <term><anchor id="STRICTLOCKING">strict locking (S)</term> <listitem><para>This is a boolean that controls the handling of file locking in the server. When this is set to <constant>yes</constant> the server will check every read and write access for file locks, and @@ -7330,7 +7410,7 @@ let "time++" <varlistentry> - <term><anchor id="STRICTSYNC"/>strict sync (S)</term> + <term><anchor id="STRICTSYNC">strict sync (S)</term> <listitem><para>Many Windows applications (including the Windows 98 explorer shell) seem to confuse flushing buffer contents to disk with doing a sync to disk. Under UNIX, a sync call forces @@ -7338,8 +7418,7 @@ let "time++" all outstanding data in kernel disk buffers has been safely stored onto stable storage. This is very slow and should only be done rarely. Setting this parameter to <constant>no</constant> (the - default) means that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> ignores the Windows applications requests for + default) means that <ulink url="smbd.8.html">smbd</ulink> ignores the Windows applications requests for a sync call. There is only a possibility of losing data if the operating system itself that Samba is running on crashes, so there is little danger in this default setting. In addition, this fixes many @@ -7355,7 +7434,7 @@ let "time++" <varlistentry> - <term><anchor id="STRIPDOT"/>strip dot (G)</term> + <term><anchor id="STRIPDOT">strip dot (G)</term> <listitem><para>This is a boolean that controls whether to strip trailing dots off UNIX filenames. This helps with some CDROMs that have filenames ending in a single dot.</para> @@ -7367,7 +7446,7 @@ let "time++" <varlistentry> - <term><anchor id="SYNCALWAYS"/>sync always (S)</term> + <term><anchor id="SYNCALWAYS">sync always (S)</term> <listitem><para>This is a boolean parameter that controls whether writes will always be written to stable storage before the write call returns. If this is <constant>no</constant> then the server will be @@ -7389,7 +7468,7 @@ let "time++" <varlistentry> - <term><anchor id="SYSLOG"/>syslog (G)</term> + <term><anchor id="SYSLOG">syslog (G)</term> <listitem><para>This parameter maps how Samba debug messages are logged onto the system syslog logging levels. Samba debug level zero maps onto syslog <constant>LOG_ERR</constant>, debug @@ -7409,7 +7488,7 @@ let "time++" <varlistentry> - <term><anchor id="SYSLOGONLY"/>syslog only (G)</term> + <term><anchor id="SYSLOGONLY">syslog only (G)</term> <listitem><para>If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files.</para> @@ -7421,7 +7500,7 @@ let "time++" <varlistentry> - <term><anchor id="TEMPLATEHOMEDIR"/>template homedir (G)</term> + <term><anchor id="TEMPLATEHOMEDIR">template homedir (G)</term> <listitem><para>When filling out the user information for a Windows NT user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon uses this parameter to fill in the home directory for that user. @@ -7437,10 +7516,9 @@ let "time++" <varlistentry> - <term><anchor id="TEMPLATESHELL"/>template shell (G)</term> + <term><anchor id="TEMPLATESHELL">template shell (G)</term> <listitem><para>When filling out the user information for a Windows NT - user, the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon + user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon uses this parameter to fill in the login shell for that user.</para> <para>Default: <command>template shell = /bin/false</command></para> @@ -7450,7 +7528,7 @@ let "time++" <varlistentry> - <term><anchor id="TIMEOFFSET"/>time offset (G)</term> + <term><anchor id="TIMEOFFSET">time offset (G)</term> <listitem><para>This parameter is a setting in minutes to add to the normal GMT to local time conversion. This is useful if you are serving a lot of PCs that have incorrect daylight @@ -7464,9 +7542,9 @@ let "time++" <varlistentry> - <term><anchor id="TIMESERVER"/>time server (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows + <term><anchor id="TIMESERVER">time server (G)</term> + <listitem><para>This parameter determines if <ulink url="nmbd.8.html"> + nmbd(8)</ulink> advertises itself as a time server to Windows clients.</para> <para>Default: <command>time server = no</command></para> @@ -7475,7 +7553,7 @@ let "time++" <varlistentry> - <term><anchor id="TIMESTAMPLOGS"/>timestamp logs (G)</term> + <term><anchor id="TIMESTAMPLOGS">timestamp logs (G)</term> <listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter> debug timestamp</parameter></link>.</para> </listitem> @@ -7486,17 +7564,16 @@ let "time++" <varlistentry> - <term><anchor id="TOTALPRINTJOBS"/>total print jobs (G)</term> + <term><anchor id="TOTALPRINTJOBS">total print jobs (G)</term> <listitem><para>This parameter accepts an integer value which defines a limit on the maximum number of print jobs that will be accepted system wide at any given time. If a print job is submitted - by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will return an + by a client which will exceed this number, then <ulink url="smbd.8.html">smbd</ulink> will return an error indicating that no space is available on the server. The default value of 0 means that no such limit exists. This parameter can be used to prevent a server from exceeding its capacity and is designed as a printing throttle. See also - <link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter></link>. + <link linkend="MAXPRINTJOBS"><parameter>max print jobs</parameter</link>. </para> <para>Default: <command>total print jobs = 0</command></para> @@ -7505,7 +7582,7 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="UNICODE"/>unicode (G)</term> + <term><anchor id="UNICODE">unicode (G)</term> <listitem><para>Specifies whether Samba should try to use unicode on the wire by default. Note: This does NOT mean that samba will assume that the unix machine uses unicode! @@ -7517,19 +7594,19 @@ let "time++" </varlistentry> <varlistentry> - <term><anchor id="UNIXCHARSET"/>unix charset (G)</term> + <term><anchor id="UNIXCHARSET">unix charset (G)</term> <listitem><para>Specifies the charset the unix machine Samba runs on uses. Samba needs to know this in order to be able to convert text to the charsets other SMB clients use. </para> - <para>Default: <command>unix charset = UTF8</command></para> - <para>Example: <command>unix charset = ASCII</command></para> + <para>Default: <command>unix charset = ASCII</command></para> + <para>Example: <command>unix charset = UTF8</command></para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="UNIXEXTENSIONS"/>unix extensions(G)</term> + <term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term> <listitem><para>This boolean parameter controls whether Samba implments the CIFS UNIX extensions, as defined by HP. These extensions enable Samba to better serve UNIX CIFS clients @@ -7545,7 +7622,7 @@ let "time++" <varlistentry> - <term><anchor id="UNIXPASSWORDSYNC"/>unix password sync (G)</term> + <term><anchor id="UNIXPASSWORDSYNC">unix password sync (G)</term> <listitem><para>This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. @@ -7566,7 +7643,7 @@ let "time++" <varlistentry> - <term><anchor id="UPDATEENCRYPTED"/>update encrypted (G)</term> + <term><anchor id="UPDATEENCRYPTED">update encrypted (G)</term> <listitem><para>This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as @@ -7597,7 +7674,7 @@ let "time++" <varlistentry> - <term><anchor id="USECLIENTDRIVER"/>use client driver (S)</term> + <term><anchor id="USECLIENTDRIVER">use client driver (S)</term> <listitem><para>This parameter applies only to Windows NT/2000 clients. It has no affect on Windows 95/98/ME clients. When serving a printer to Windows NT/2000 clients without first installing @@ -7635,7 +7712,7 @@ let "time++" <varlistentry> - <term><anchor id="USEMMAP"/>use mmap (G)</term> + <term><anchor id="USEMMAP">use mmap (G)</term> <listitem><para>This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a @@ -7653,7 +7730,27 @@ let "time++" <varlistentry> - <term><anchor id="USER"/>user (S)</term> + <term><anchor id="USERHOSTS">use rhosts (G)</term> + <listitem><para>If this global parameter is <constant>yes</constant>, it specifies + that the UNIX user's <filename>.rhosts</filename> file in their home directory + will be read to find the names of hosts and users who will be allowed + access without specifying a password.</para> + + <para><emphasis>NOTE:</emphasis> The use of <parameter>use rhosts + </parameter> can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the <parameter> + use rhosts</parameter> option be only used if you really know what + you are doing.</para> + + <para>Default: <command>use rhosts = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="USER">user (S)</term> <listitem><para>Synonym for <link linkend="USERNAME"><parameter> username</parameter></link>.</para> </listitem> @@ -7662,7 +7759,7 @@ let "time++" <varlistentry> - <term><anchor id="USERS"/>users (S)</term> + <term><anchor id="USERS">users (S)</term> <listitem><para>Synonym for <link linkend="USERNAME"><parameter> username</parameter></link>.</para> </listitem> @@ -7670,7 +7767,7 @@ let "time++" <varlistentry> - <term><anchor id="USERNAME"/>username (S)</term> + <term><anchor id="USERNAME">username (S)</term> <listitem><para>Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right).</para> @@ -7711,7 +7808,7 @@ let "time++" will be looked up only in the UNIX groups database and will expand to a list of all users in the group of that name.</para> - <para>If any of the usernames begin with a '&' then the name + <para>If any of the usernames begin with a '&'then the name will be looked up only in the NIS netgroups database (if Samba is compiled with netgroup support) and will expand to a list of all users in the netgroup group of that name.</para> @@ -7735,7 +7832,7 @@ let "time++" <varlistentry> - <term><anchor id="USERNAMELEVEL"/>username level (G)</term> + <term><anchor id="USERNAMELEVEL">username level (G)</term> <listitem><para>This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username. By default Samba tries all lowercase, followed by the @@ -7758,7 +7855,7 @@ let "time++" <varlistentry> - <term><anchor id="USERNAMEMAP"/>username map (G)</term> + <term><anchor id="USERNAMEMAP">username map (G)</term> <listitem><para>This option allows you to specify a file containing a mapping of usernames from the clients to the server. This can be used for several purposes. The most common is to map usernames @@ -7821,10 +7918,10 @@ let "time++" '!' to tell Samba to stop processing if it gets a match on that line.</para> -<para><programlisting> -!sys = mary fred -guest = * -</programlisting></para> + <para><programlisting> + !sys = mary fred + guest = * + </programlisting></para> <para>Note that the remapping is applied to all occurrences of usernames. Thus if you connect to \\server\fred and <constant> @@ -7850,7 +7947,7 @@ guest = * <varlistentry> - <term><anchor id="USESENDFILE"/>use sendfile (S)</term> + <term><anchor id="USESENDFILE">use sendfile (S)</term> <listitem><para>If this parameter is <constant>yes</constant>, and Samba was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX @@ -7867,7 +7964,7 @@ guest = * <varlistentry> - <term><anchor id="UTMP"/>utmp (G)</term> + <term><anchor id="UTMP">utmp (G)</term> <listitem><para>This boolean parameter is only available if Samba has been configured and compiled with the option <command> --with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt @@ -7889,7 +7986,7 @@ guest = * </varlistentry> <varlistentry> - <term><anchor id="UTMPDIRECTORY"/>utmp directory(G)</term> + <term><anchor id="UTMPDIRECTORY">utmp directory(G)</term> <listitem><para>This parameter is only available if Samba has been configured and compiled with the option <command> --with-utmp</command>. It specifies a directory pathname that is @@ -7906,7 +8003,7 @@ guest = * </varlistentry> <varlistentry> - <term><anchor id="WTMPDIRECTORY"/>wtmp directory(G)</term> + <term><anchor id="WTMPDIRECTORY">wtmp directory(G)</term> <listitem><para>This parameter is only available if Samba has been configured and compiled with the option <command> --with-utmp</command>. It specifies a directory pathname that is @@ -7928,9 +8025,9 @@ guest = * <varlistentry> - <term><anchor id="VALIDUSERS"/>valid users (S)</term> + <term><anchor id="VALIDUSERS">valid users (S)</term> <listitem><para>This is a list of users that should be allowed - to login to this service. Names starting with '@', '+' and '&' + to login to this service. Names starting with '@', '+' and '&' are interpreted using the same rules as described in the <parameter>invalid users</parameter> parameter.</para> @@ -7955,7 +8052,7 @@ guest = * <varlistentry> - <term><anchor id="VETOFILES"/>veto files(S)</term> + <term><anchor id="VETOFILES">veto files(S)</term> <listitem><para>This is a list of files and directories that are neither visible nor accessible. Each entry in the list must be separated by a '/', which allows spaces to be included @@ -8003,7 +8100,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="VETOOPLOCKFILES"/>veto oplock files (S)</term> + <term><anchor id="VETOOPLOCKFILES">veto oplock files (S)</term> <listitem><para>This parameter is only valid when the <link linkend="OPLOCKS"><parameter>oplocks</parameter></link> parameter is turned on for a share. It allows the Samba administrator @@ -8029,7 +8126,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="VFSPATH"/>vfs path (S)</term> + <term><anchor id="VFSPATH">vfs path (S)</term> <listitem><para>This parameter specifies the directory to look in for vfs modules. The name of every <command>vfs object </command> will be prepended by this directory @@ -8042,7 +8139,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="VFSOBJECT"/>vfs object (S)</term> + <term><anchor id="VFSOBJECT">vfs object (S)</term> <listitem><para>This parameter specifies a shared object files that are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded @@ -8056,7 +8153,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="VFSOPTIONS"/>vfs options (S)</term> + <term><anchor id="VFSOPTIONS">vfs options (S)</term> <listitem><para>This parameter allows parameters to be passed to the vfs layer at initialization time. See also <link linkend="VFSOBJECT"><parameter> @@ -8069,7 +8166,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="VOLUME"/>volume (S)</term> + <term><anchor id="VOLUME">volume (S)</term> <listitem><para> This allows you to override the volume label returned for a share. Useful for CDROMs with installation programs that insist on a particular volume label.</para> @@ -8081,7 +8178,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WIDELINKS"/>wide links (S)</term> + <term><anchor id="WIDELINKS">wide links (S)</term> <listitem><para>This parameter controls whether or not links in the UNIX file system may be followed by the server. Links that point to areas within the directory tree exported by the @@ -8100,10 +8197,9 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDCACHETIME"/>winbind cache time (G)</term> - <listitem><para>This parameter specifies the number of - seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon will cache + <term><anchor id="WINBINDCACHETIME">winbind cache time (G)</term> + <listitem><para>This parameter specifies the number of seconds the + <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon will cache user and group information before querying a Windows NT server again.</para> @@ -8113,10 +8209,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDENUMUSERS"/>winbind enum users (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be - necessary to suppress the enumeration of users through the <command>setpwent()</command>, + <term><anchor id="WINBINDENUMUSERS">winbind enum users (G)</term> + <listitem><para>On large installations using + <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be + necessary to suppress the enumeration of users through the + <command> setpwent()</command>, <command>getpwent()</command> and <command>endpwent()</command> group of system calls. If the <parameter>winbind enum users</parameter> parameter is @@ -8134,10 +8231,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="WINBINDENUMGROUPS"/>winbind enum groups (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress - the enumeration of groups through the <command>setgrent()</command>, + <term><anchor id="WINBINDENUMGROUPS">winbind enum groups (G)</term> + <listitem><para>On large installations using + <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be + necessary to suppress the enumeration of groups through the + <command> setgrent()</command>, <command>getgrent()</command> and <command>endgrent()</command> group of system calls. If the <parameter>winbind enum groups</parameter> parameter is @@ -8154,10 +8252,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDGID"/>winbind gid (G)</term> + <term><anchor id="WINBINDGID">winbind gid (G)</term> <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no + ids that are allocated by the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> daemon. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise.</para> @@ -8170,7 +8268,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDSEPARATOR"/>winbind separator (G)</term> + <term><anchor id="WINBINDSEPARATOR">winbind separator (G)</term> <listitem><para>This parameter allows an admin to define the character used when listing a username of the form of <replaceable>DOMAIN </replaceable>\<replaceable>user</replaceable>. This parameter @@ -8191,10 +8289,10 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDUID"/>winbind uid (G)</term> + <term><anchor id="WINBINDUID">winbind uid (G)</term> <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no + ids that are allocated by the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> daemon. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise.</para> @@ -8207,10 +8305,12 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDUSEDEFAULTDOMAIN"/>winbind use default domain (G)</term> - <listitem><para>This parameter specifies whether the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon should operate on users - without domain component in their username. + <term>winbind use default domain</term> + + <term><anchor id="WINBINDUSEDEFAULTDOMAIN">winbind use default domain (G)</term> + <listitem><para>This parameter specifies whether the <ulink url="winbindd.8.html"> + winbindd(8)</ulink> + daemon should operate on users without domain component in their username. Users without a domain component are treated as is part of the winbindd server's own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system.</para> @@ -8223,7 +8323,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSHOOK"/>wins hook (G)</term> + <term><anchor id="WINSHOOK">wins hook (G)</term> <listitem><para>When Samba is running as a WINS server this allows you to call an external program for all changes to the WINS database. The primary use for this option is to allow the @@ -8271,7 +8371,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSPROXY"/>wins proxy (G)</term> + <term><anchor id="WINSPROXY">wins proxy (G)</term> <listitem><para>This is a boolean that controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name queries on behalf of other hosts. You may need to set this @@ -8285,46 +8385,33 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSSERVER"/>wins server (G)</term> + <term><anchor id="WINSSERVER">wins server (G)</term> <listitem><para>This specifies the IP address (or DNS name: IP - address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on + address for preference) of the WINS server that <ulink url="nmbd.8.html"> + nmbd(8)</ulink> should register with. If you have a WINS server on your network then you should set this to the WINS server's IP.</para> <para>You should point this at your WINS server if you have a multi-subnetted network.</para> - <para>If you want to work in multiple namespaces, you can - give every wins server a 'tag'. For each tag, only one - (working) server will be queried for a name. The tag should be - seperated from the ip address by a colon. - </para> - - <note><para>You need to set up Samba to point + <para><emphasis>NOTE</emphasis>. You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross-subnet - browsing to work correctly.</para></note> - + browsing to work correctly.</para> - <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para> + <para>See the documentation file <filename>BROWSING.txt</filename> + in the docs/ directory of your Samba source distribution.</para> <para>Default: <emphasis>not enabled</emphasis></para> - <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para> - <para>For this example when querying a certain name, 192.19.200.1 will - be asked first and if that doesn't respond 192.168.2.61. If either - of those doesn't know the name 192.168.3.199 will be queried. - </para> - - <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para> - + <para>Example: <command>wins server = 192.9.200.1</command></para> </listitem> </varlistentry> <varlistentry> - <term><anchor id="WINSSUPPORT"/>wins support (G)</term> - <listitem><para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should + <term><anchor id="WINSSUPPORT">wins support (G)</term> + <listitem><para>This boolean controls if the <ulink url="nmbd.8.html"> + nmbd(8)</ulink> process in Samba will act as a WINS server. You should not set this to <constant>yes</constant> unless you have a multi-subnetted network and you wish a particular <command>nmbd</command> to be your WINS server. Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> @@ -8337,7 +8424,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WORKGROUP"/>workgroup (G)</term> + <term><anchor id="WORKGROUP">workgroup (G)</term> <listitem><para>This controls what workgroup your server will appear to be in when queried by clients. Note that this parameter also controls the Domain name used with the <link @@ -8353,7 +8440,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITABLE"/>writable (S)</term> + <term><anchor id="WRITABLE">writable (S)</term> <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter> writeable</parameter></link> for people who can't spell :-).</para> </listitem> @@ -8362,7 +8449,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITECACHESIZE"/>write cache size (S)</term> + <term><anchor id="WRITECACHESIZE">write cache size (S)</term> <listitem><para>If this integer parameter is set to non-zero value, Samba will create an in-memory cache for each oplocked file (it does <emphasis>not</emphasis> do this for @@ -8394,7 +8481,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITELIST"/>write list (S)</term> + <term><anchor id="WRITELIST">write list (S)</term> <listitem><para>This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the <link @@ -8419,7 +8506,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINSPARTNERS"/>wins partners (G)</term> + <term><anchor id="WINSPARTNERS">wins partners (G)</term> <listitem><para>A space separated list of partners' IP addresses for WINS replication. WINS partners are always defined as push/pull partners as defining only one way WINS replication is unreliable. @@ -8435,7 +8522,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITEOK"/>write ok (S)</term> + <term><anchor id="WRITEOK">write ok (S)</term> <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter> read only</parameter></link>.</para> </listitem> @@ -8444,7 +8531,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITERAW"/>write raw (G)</term> + <term><anchor id="WRITERAW">write raw (G)</term> <listitem><para>This parameter controls whether or not the server will support raw write SMB's when transferring data from clients. You should never need to change this parameter.</para> @@ -8456,7 +8543,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WRITEABLE"/>writeable (S)</term> + <term><anchor id="WRITEABLE">writeable (S)</term> <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter> read only</parameter></link>.</para> </listitem> @@ -8476,8 +8563,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ problem - but be aware of the possibility.</para> <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such + limit service names to eight characters. <ulink url="smbd.8.html">smbd(8) + </ulink> has no such limitation, but attempts to connect from such clients will fail if they truncate the service names. For this reason you should probably keep your service names down to eight characters in length.</para> @@ -8492,22 +8579,22 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 3.0 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>.</para> + <para><ulink url="samba.7.html">samba(7)</ulink>, + <ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, + <ulink url="swat.8.html"><command>swat(8)</command></ulink>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, + <ulink url="nmblookup.1.html"><command>nmblookup(1)</command></ulink>, + <ulink url="testparm.1.html"><command>testparm(1)</command></ulink>, + <ulink url="testprns.1.html"><command>testprns(1)</command></ulink> + </para> </refsect1> <refsect1> @@ -8520,11 +8607,11 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml index 03fcbd6fd8..766d2a78b1 100644 --- a/docs/docbook/manpages/smbcacls.1.sgml +++ b/docs/docbook/manpages/smbcacls.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbcacls.1"> +<refentry id="smbcacls"> <refmeta> <refentrytitle>smbcacls</refentrytitle> @@ -17,26 +17,24 @@ <command>smbcacls</command> <arg choice="req">//server/share</arg> <arg choice="req">filename</arg> - <arg choice="opt">-D acls</arg> - <arg choice="opt">-M acls</arg> + <arg choice="opt">-U username</arg> <arg choice="opt">-A acls</arg> + <arg choice="opt">-M acls</arg> + <arg choice="opt">-D acls</arg> <arg choice="opt">-S acls</arg> <arg choice="opt">-C name</arg> <arg choice="opt">-G name</arg> <arg choice="opt">-n</arg> - <arg choice="opt">-t</arg> - <arg choice="opt">-U username</arg> <arg choice="opt">-h</arg> - <arg choice="opt">-d</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> + <para>The <command>smbcacls</command> program manipulates NT Access Control Lists (ACLs) on SMB file shares. </para> </refsect1> @@ -92,8 +90,7 @@ <listitem><para>Specifies a username used to connect to the specified service. The username may be of the form "username" in which case the user is prompted to enter in a password and the - workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file is + workgroup specified in the <filename>smb.conf</filename> file is used, or "username%password" or "DOMAIN\username%password" and the password and workgroup names are used as provided. </para></listitem> </varlistentry> @@ -133,16 +130,13 @@ and masks to a readable string format. </para></listitem> </varlistentry> + + <varlistentry> - <term>-t</term> - <listitem><para> - Don't actually do anything, only validate the correctness of - the arguments. - </para></listitem> + <term>-h</term> + <listitem><para>Print usage information on the <command>smbcacls + </command> program.</para></listitem> </varlistentry> - - &stdarg.help; - &popt.common.samba.small; </variablelist> </refsect1> @@ -153,12 +147,12 @@ <para>The format of an ACL is one or more ACL entries separated by either commas or newlines. An ACL entry is one of the following: </para> -<para><programlisting> + <para><programlisting> REVISION:<revision number> OWNER:<sid or name> GROUP:<sid or name> ACL:<sid or name>:<type>/<flags>/<mask> -</programlisting></para> + </programlisting></para> <para>The revision of the ACL specifies the internal Windows @@ -171,22 +165,24 @@ ACL:<sid or name>:<type>/<flags>/<mask> otherwise the name specified is resolved using the server on which the file or directory resides. </para> - <para>ACLs specify permissions granted to the SID. This SID again - can be specified in CWS-1-x-y-z format or as a name in which case - it is resolved against the server on which the file or directory - resides. The type, flags and mask values determine the type of - access granted to the SID. </para> - - <para>The type can be either 0 or 1 corresponding to ALLOWED or - DENIED access to the SID. The flags values are generally - zero for file ACLs and either 9 or 2 for directory ACLs. Some - common flags are: </para> - - <itemizedlist> - <listitem><para><constant>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</constant></para></listitem> - <listitem><para><constant>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</constant></para></listitem> - <listitem><para><constant>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</constant></para></listitem> - <listitem><para><constant>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</constant></para></listitem> + <para>ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. </para> + + <para>The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: </para> + + <itemizedlist> + <listitem><para>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</para></listitem> + <listitem><para>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</para></listitem> + <listitem><para>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 + </para></listitem> + <listitem><para>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</para> + </listitem> </itemizedlist> <para>At present flags can only be specified as decimal or @@ -237,7 +233,8 @@ ACL:<sid or name>:<type>/<flags>/<mask> <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> @@ -252,8 +249,7 @@ ACL:<sid or name>:<type>/<flags>/<mask> and Tim Potter.</para> <para>The conversion to DocBook for Samba 2.2 was done - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done - by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml index cd513398b9..43994a4529 100644 --- a/docs/docbook/manpages/smbclient.1.sgml +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbclient.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbclient"> <refmeta> <refentrytitle>smbclient</refentrytitle> @@ -40,20 +38,18 @@ <arg choice="opt">-R <name resolve order></arg> <arg choice="opt">-s <smb config file></arg> <arg choice="opt">-T<c|x>IXFqgbNan</arg> - <arg choice="opt">-k</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbclient</command> is a client that can 'talk' to an SMB/CIFS server. It offers an interface - similar to that of the ftp program (see <citerefentry><refentrytitle>ftp</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>). + similar to that of the ftp program (see <command>ftp(1)</command>). Operations include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server @@ -85,9 +81,7 @@ <para>The server name is looked up according to either the <parameter>-R</parameter> parameter to <command>smbclient</command> or - using the name resolve order parameter in - the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file, + using the name resolve order parameter in the <filename>smb.conf</filename> file, allowing an administrator to change the order and methods by which server names are looked up. </para></listitem> </varlistentry> @@ -118,6 +112,21 @@ </varlistentry> <varlistentry> + <term>-s smb.conf</term> + <listitem><para>Specifies the location of the all important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-O socket options</term> + <listitem><para>TCP socket options to set on the client + socket. See the socket options parameter in the <filename> + smb.conf (5)</filename> manpage for the list of valid + options. </para></listitem> + </varlistentry> + + + <varlistentry> <term>-R <name resolve order></term> <listitem><para>This option is used by the programs in the Samba suite to determine what naming services and in what order to resolve @@ -125,51 +134,44 @@ string of different name resolution options.</para> <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows:</para> + cause names to be resolved as follows :</para> <itemizedlist> - <listitem><para><constant>lmhosts</constant>: Lookup an IP + <listitem><para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see - the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details) then - any name type matches for lookup.</para> - </listitem> - - <listitem><para><constant>host</constant>: Do a standard host + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + any name type matches for lookup.</para></listitem> + + <listitem><para><constant>host</constant> : Do a standard host name to IP address resolution, using the system <filename>/etc/hosts </filename>, NIS, or DNS lookups. This method of name resolution is operating system dependent, for instance on IRIX or Solaris this may be controlled by the <filename>/etc/nsswitch.conf</filename> file). Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para> - </listitem> - - <listitem><para><constant>wins</constant>: Query a name with + it is ignored.</para></listitem> + + <listitem><para><constant>wins</constant> : Query a name with the IP address listed in the <parameter>wins server</parameter> parameter. If no WINS server has - been specified this method will be ignored.</para> - </listitem> - - <listitem><para><constant>bcast</constant>: Do a broadcast on + been specified this method will be ignored.</para></listitem> + + <listitem><para><constant>bcast</constant> : Do a broadcast on each of the known local interfaces listed in the <parameter>interfaces</parameter> parameter. This is the least reliable of the name resolution methods as it depends on the target host being on a locally - connected subnet.</para> - </listitem> + connected subnet.</para></listitem> </itemizedlist> <para>If this parameter is not set then the name resolve order - defined in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file parameter + defined in the <filename>smb.conf</filename> file parameter (name resolve order) will be used. </para> <para>The default order is lmhosts, host, wins, bcast and without this parameter or any entry in the <parameter>name resolve order - </parameter> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file the name resolution + </parameter> parameter of the <filename>smb.conf</filename> file the name resolution methods will be attempted in this order. </para></listitem> </varlistentry> @@ -200,8 +202,8 @@ <parameter>-I</parameter> options useful, as they allow you to control the FROM and TO parts of the message. </para> - <para>See the <parameter>message command</parameter> parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for a description of how to handle incoming + <para>See the message command parameter in the <filename> + smb.conf(5)</filename> for a description of how to handle incoming WinPopup messages in Samba. </para> <para><emphasis>Note</emphasis>: Copy WinPopup into the startup group @@ -210,6 +212,70 @@ </varlistentry> <varlistentry> + <term>-i scope</term> + <listitem><para>This specifies a NetBIOS scope that smbclient will + use to communicate with when generating NetBIOS names. For details + on the use of NetBIOS scopes, see <filename>rfc1001.txt</filename> + and <filename>rfc1002.txt</filename>. + NetBIOS scopes are <emphasis>very</emphasis> rarely used, only set + this parameter if you are the system administrator in charge of all + the NetBIOS systems you communicate with. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-N</term> + <listitem><para>If specified, this parameter suppresses the normal + password prompt from the client to the user. This is useful when + accessing a service that does not require a password. </para> + + <para>Unless a password is specified on the command line or + this parameter is specified, the client will request a + password.</para></listitem> + </varlistentry> + + + + <varlistentry> + <term>-n NetBIOS name</term> + <listitem><para>By default, the client will use the local + machine's hostname (in uppercase) as its NetBIOS name. This parameter + allows you to override the host name and use whatever NetBIOS + name you wish. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-d debuglevel</term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer from 0 to 10, or + the letter 'A'. </para> + + <para>The default value if this parameter is not specified + is zero. </para> + + <para>The higher this value, the more detail will be logged to + the log files about the activities of the + client. At level 0, only critical errors and serious warnings will + be logged. Level 1 is a reasonable level for day to day running - + it generates a small amount of information about operations + carried out. </para> + + <para>Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of log data, most of which is extremely + cryptic. If <replaceable>debuglevel</replaceable> is set to the letter 'A', then <emphasis>all + </emphasis> debug messages will be printed. This setting + is for developers only (and people who <emphasis>really</emphasis> want + to know how the code works internally). </para> + + <para>Note that specifying this parameter here will override + the log level parameter in the <filename>smb.conf (5)</filename> + file. </para></listitem> + </varlistentry> + + + <varlistentry> <term>-p port</term> <listitem><para>This number is the TCP port number that will be used when making connections to the server. The standard (well-known) @@ -235,7 +301,13 @@ </varlistentry> - &stdarg.help; + + <varlistentry> + <term>-h</term><listitem> + <para>Print the usage message for the client. </para></listitem> + </varlistentry> + + <varlistentry> <term>-I IP-address</term> @@ -269,6 +341,59 @@ <varlistentry> + <term>-U username[%pass]</term> + <listitem><para>Sets the SMB username or username and password. + If %pass is not specified, The user will be prompted. The client + will first check the <envar>USER</envar> environment variable, then the + <envar>LOGNAME</envar> variable and if either exists, the + string is uppercased. Anything in these variables following a '%' + sign will be treated as the password. If these environment + variables are not found, the username <constant>GUEST</constant> + is used. </para> + + <para>If the password is not included in these environment + variables (using the %pass syntax), <command>smbclient</command> will look for + a <envar>PASSWD</envar> environment variable from which + to read the password. </para> + + <para>A third option is to use a credentials file which + contains the plaintext of the domain name, username and password. This + option is mainly provided for scripts where the admin doesn't + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + <parameter>-A</parameter> for more details. </para> + + <para>Be cautious about including passwords in scripts or in + the <envar>PASSWD</envar> environment variable. Also, on + many systems the command line of a running process may be seen + via the <command>ps</command> command to be safe always allow + <command>smbclient</command> to prompt for a password and type + it in directly. </para></listitem> + </varlistentry> + + + <varlistentry> + <term>-A filename</term><listitem><para>This option allows + you to specify a file from which to read the username, domain name, and + password used in the connection. The format of the file is + </para> + + <para><programlisting> +username = <value> +password = <value> +domain = <value> + </programlisting></para> + + + <para>If the domain parameter is missing the current workgroup name + is used instead. Make certain that the permissions on the file restrict + access from unwanted users. </para></listitem> + </varlistentry> + + + + <varlistentry> <term>-L</term> <listitem><para>This option allows you to look at what services are available on a server. You use it as <command>smbclient -L @@ -305,9 +430,16 @@ </para></listitem> </varlistentry> - &popt.common.samba; - &popt.common.credentials; - &popt.common.connection; + + + <varlistentry> + <term>-W WORKGROUP</term> + <listitem><para>Override the default workgroup (domain) specified + in the workgroup parameter of the <filename>smb.conf</filename> + file for this connection. This may be needed to connect to some + servers. </para></listitem> + </varlistentry> + <varlistentry> <term>-T tar options</term> @@ -387,7 +519,7 @@ <para><emphasis>Tar Filenames</emphasis></para> - <para>All file names can be given as DOS path names (with '\\' + <para>All file names can be given as DOS path names (with '\' as the component separator) or as UNIX path names (with '/' as the component separator). </para> @@ -455,7 +587,7 @@ <para><prompt>smb:\> </prompt></para> - <para>The backslash ("\\") indicates the current working directory + <para>The backslash ("\") indicates the current working directory on the server, and will change if the current working directory is changed. </para> @@ -908,8 +1040,8 @@ and writeable only by the user. </para> <para>To test the client, you will need to know the name of a - running SMB/CIFS server. It is possible to run <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> as an ordinary user - running that server as a daemon + running SMB/CIFS server. It is possible to run <command>smbd(8) + </command> as an ordinary user - running that server as a daemon on a user-accessible port (typically any port number over 1024) would provide a suitable test server. </para> </refsect1> @@ -931,7 +1063,8 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 2.2 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> @@ -945,11 +1078,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index e19aabedc7..166ef63e87 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbcontrol.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbcontrol"> <refmeta> <refentrytitle>smbcontrol</refentrytitle> @@ -18,7 +16,6 @@ <cmdsynopsis> <command>smbcontrol</command> <arg>-i</arg> - <arg>-s</arg> </cmdsynopsis> <cmdsynopsis> @@ -32,14 +29,14 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbcontrol</command> is a very small program, which - sends messages to a <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, a <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, or a <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon running on the system.</para> + sends messages to an <ulink url="smbd.8.html">smbd(8)</ulink>, + an <ulink url="nmbd.8.html">nmbd(8)</ulink> + or a <ulink url="winbindd.8.html">winbindd(8)</ulink> + daemon running on the system.</para> </refsect1> @@ -47,8 +44,6 @@ <title>OPTIONS</title> <variablelist> - &stdarg.help; - &stdarg.configfile; <varlistentry> <term>-i</term> <listitem><para>Run interactively. Individual commands @@ -59,7 +54,8 @@ <varlistentry> <term>destination</term> - <listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para> + <listitem><para>One of <parameter>nmbd</parameter> + <parameter>smbd</parameter> or a process ID.</para> <para>The <parameter>smbd</parameter> destination causes the message to "broadcast" to all smbd daemons.</para> @@ -75,12 +71,107 @@ <varlistentry> <term>message-type</term> - <listitem><para>Type of message to send. See - the section <constant>MESSAGE-TYPES</constant> for details. - </para></listitem></varlistentry> - + <listitem><para>One of: <constant>close-share</constant>, + <constant>debug</constant>, + <constant>force-election</constant>, <constant>ping + </constant>, <constant>profile</constant>, <constant> + debuglevel</constant>, <constant>profilelevel</constant>, + or <constant>printnotify</constant>.</para> + + <para>The <constant>close-share</constant> message-type sends a + message to smbd which will then close the client connections to + the named share. Note that this doesn't affect client connections + to any other shares. This message-type takes an argument of the + share name for which client connections will be closed, or the + "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. + This message can only be sent to <constant>smbd</constant>.</para> + + <para>The <constant>debug</constant> message-type allows + the debug level to be set to the value specified by the + parameter. This can be sent to any of the destinations.</para> + + <para>The <constant>force-election</constant> message-type can only be + sent to the <constant>nmbd</constant> destination. This message + causes the <command>nmbd</command> daemon to force a new browse + master election.</para> + + <para>The <constant>ping</constant> message-type sends the + number of "ping" messages specified by the parameter and waits + for the same number of reply "pong" messages. This can be sent to + any of the destinations.</para> + + <para>The <constant>profile</constant> message-type sends a + message to an smbd to change the profile settings based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any smbd or nmbd destinations.</para> + + <para>The <constant>debuglevel</constant> message-type sends + a "request debug level" message. The current debug level setting + is returned by a "debuglevel" message. This can be + sent to any of the destinations.</para> + + <para>The <constant>profilelevel</constant> message-type sends + a "request profile level" message. The current profile level + setting is returned by a "profilelevel" message. This can be sent + to any smbd or nmbd destinations.</para> + + <para>The <constant>printnotify</constant> message-type sends a + message to smbd which in turn sends a printer notify message to + any Windows NT clients connected to a printer. This message-type + takes the following arguments: + + <variablelist> + + <varlistentry> + <term>queuepause printername</term> + <listitem><para>Send a queue pause change notify + message to the printer specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>queueresume printername</term> + <listitem><para>Send a queue resume change notify + message for the printer specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>jobpause printername unixjobid</term> + <listitem><para>Send a job pause change notify + message for the printer and unix jobid + specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>jobresume printername unixjobid</term> + <listitem><para>Send a job resume change notify + message for the printer and unix jobid + specified.</para></listitem> + </varlistentry> + + <varlistentry> + <term>jobdelete printername unixjobid</term> + <listitem><para>Send a job delete change notify + message for the printer and unix jobid + specified.</para></listitem> + </varlistentry> + + </variablelist> + + Note that this message only sends notification that an + event has occured. It doesn't actually cause the + event to happen. + + This message can only be sent to <constant>smbd</constant>. + </para> + + </listitem> + </varlistentry> + - <varlistentry> <term>parameters</term> <listitem><para>any parameters required for the message-type</para> @@ -91,181 +182,17 @@ </refsect1> <refsect1> - <title>MESSAGE-TYPES</title> - - <para>Available message types are:</para> - - <variablelist> - <varlistentry><term>close-share</term> - <listitem><para>Order smbd to close the client - connections to the named share. Note that this doesn't affect client - connections to any other shares. This message-type takes an argument of the - share name for which client connections will be closed, or the - "*" character which will close all currently open shares. - This may be useful if you made changes to the access controls on the share. - This message can only be sent to <constant>smbd</constant>.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>debug</term> - <listitem><para>Set debug level to the value specified by the - parameter. This can be sent to any of the destinations.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>force-election</term> - <listitem><para>This message causes the <command>nmbd</command> daemon to - force a new browse master election. </para> - </listitem></varlistentry> - - <varlistentry> - <term>ping</term> - <listitem><para> - Send specified number of "ping" messages and - wait for the same number of reply "pong" messages. This can be sent to - any of the destinations.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>profile</term> - <listitem><para>Change profile settings of a daemon, based on the - parameter. The parameter can be "on" to turn on profile stats - collection, "off" to turn off profile stats collection, "count" - to enable only collection of count stats (time stats are - disabled), and "flush" to zero the current profile stats. This can - be sent to any smbd or nmbd destinations.</para> - </listitem></varlistentry> - - <varlistentry> - <term>debuglevel</term> - <listitem><para> - Request debuglevel of a certain daemon and write it to stdout. This - can be sent to any of the destinations.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>profilelevel</term> - <listitem><para> - Request profilelevel of a certain daemon and write it to stdout. - This can be sent to any smbd or nmbd destinations.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>printnotify</term> - <listitem><para> - Order smbd to send a printer notify message to any Windows NT clients - connected to a printer. This message-type takes the following arguments: - </para> - - <variablelist> - - <varlistentry> - <term>queuepause printername</term> - <listitem><para>Send a queue pause change notify - message to the printer specified.</para></listitem> - </varlistentry> - - <varlistentry> - <term>queueresume printername</term> - <listitem><para>Send a queue resume change notify - message for the printer specified.</para></listitem> - </varlistentry> - - <varlistentry> - <term>jobpause printername unixjobid</term> - <listitem><para>Send a job pause change notify - message for the printer and unix jobid - specified.</para></listitem> - </varlistentry> - - <varlistentry> - <term>jobresume printername unixjobid</term> - <listitem><para>Send a job resume change notify - message for the printer and unix jobid - specified.</para></listitem> - </varlistentry> - - <varlistentry> - <term>jobdelete printername unixjobid</term> - <listitem><para>Send a job delete change notify - message for the printer and unix jobid - specified.</para></listitem> - </varlistentry> - </variablelist> - - <para> - Note that this message only sends notification that an - event has occured. It doesn't actually cause the - event to happen. - </para> - - <para>This message can only be sent to <constant>smbd</constant>. </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>samsync</term> - <listitem><para>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <constant>smbd</constant>. </para> - <note><para>Not working at the moment</para></note> - </listitem> - </varlistentry> - - <varlistentry> - <term>samrepl</term> - <listitem><para>Send sam replication message, with specified serial. Can only be sent to <constant>smbd</constant>. Should not be used manually.</para></listitem> - </varlistentry> - - <varlistentry> - <term>dmalloc-mark</term> - <listitem><para>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem> - </varlistentry> - - <varlistentry> - <term>dmalloc-log-changed</term> - <listitem><para> - Dump the pointers that have changed since the mark set by dmalloc-mark. - Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem> - </varlistentry> - - <varlistentry> - <term>shutdown</term> - <listitem><para>Shut down specified daemon. Can be sent to both smbd and nmbd.</para></listitem> - </varlistentry> - - <varlistentry> - <term>tallocdump and pool-usage</term> - <listitem><para>Print a human-readable description of all - talloc(pool) memory usage by the specified daemon/process. Available - for both smbd and nmbd.</para></listitem> - </varlistentry> - - <varlistentry> - <term>drvupgrade</term> - <listitem><para>Force clients of printers using specified driver - to update their local version of the driver. Can only be - sent to smbd.</para></listitem> - </varlistentry> - -</variablelist> -</refsect1> - -<refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of + <para>This man page is correct for version 2.2 of the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + <para><ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + and <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>. + </para> </refsect1> <refsect1> @@ -278,11 +205,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml index b31d919a12..9fb80901be 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbd.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbd"> <refmeta> <refentrytitle>smbd</refentrytitle> @@ -34,8 +32,7 @@ <refsect1> <title>DESCRIPTION</title> - <para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This program is part of the Samba suite.</para> <para><command>smbd</command> is the server daemon that provides filesharing and printing services to Windows clients. @@ -49,14 +46,15 @@ <para>An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those - services (see <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>. This man page will not describe the + services (see <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink>. This man page will not describe the services, but will concentrate on the administrative aspects of running the server.</para> <para>Please note that there are significant security - implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before + implications to running this server, and the <ulink + url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink> + manpage should be regarded as mandatory reading before proceeding with installation.</para> <para>A session is created whenever a client requests one. @@ -124,8 +122,17 @@ </para></listitem> </varlistentry> - &popt.common.samba; - &stdarg.help; + <varlistentry> + <term>-h</term> + <listitem><para>Prints the help information (usage) + for <command>smbd</command>.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-V</term> + <listitem><para>Prints the version number for + <command>smbd</command>.</para></listitem> + </varlistentry> <varlistentry> <term>-b</term> @@ -134,6 +141,32 @@ </varlistentry> <varlistentry> + <term>-d <debug level></term> + <listitem><para><replaceable>debuglevel</replaceable> is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.</para> + + <para>The higher this value, the more detail will be + logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.</para> + + <para>Levels above 1 will generate considerable + amounts of log data, and should only be used when + investigating a problem. Levels above 3 are designed for + use only by developers and generate HUGE amounts of log + data, most of which is extremely cryptic.</para> + + <para>Note that specifying this parameter here will + override the <ulink url="smb.conf.5.html#loglevel">log + level</ulink> parameter in the <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> file.</para> + </listitem> + </varlistentry> + + <varlistentry> <term>-l <log directory></term> <listitem><para>If specified, <replaceable>log directory</replaceable> @@ -142,9 +175,9 @@ messages from the running server. The log file generated is never removed by the server although its size may be controlled by the <ulink - url="smb.conf.5.html#maxlogsize"><parameter>max log size</parameter></ulink> - option in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file. <emphasis>Beware:</emphasis> + url="smb.conf.5.html#maxlogsize">max log size</ulink> + option in the <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file. <emphasis>Beware:</emphasis> If the directory specified does not exist, <command>smbd</command> will log to the default debug log location defined at compile time. </para> @@ -154,6 +187,14 @@ </varlistentry> <varlistentry> + <term>-O <socket options></term> + <listitem><para>See the <ulink + url="smb.conf.5.html#socketoptions">socket options</ulink> + parameter in the <ulink url="smb.conf.5.html"><filename>smb.conf(5) + </filename></ulink> file for details.</para></listitem> + </varlistentry> + + <varlistentry> <term>-p <port number></term> <listitem><para><replaceable>port number</replaceable> is a positive integer value. The default value if this parameter is not @@ -177,6 +218,19 @@ <para>This parameter is not normally specified except in the above situation.</para></listitem> </varlistentry> + + <varlistentry> + <term>-s <configuration file></term> + <listitem><para>The file specified contains the + configuration details required by the server. The + information in this file includes server-specific + information such as what printcap file to use, as well + as descriptions of all the services that the server is + to provide. See <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> for more information. + The default configuration file name is determined at + compile time.</para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -189,7 +243,7 @@ <listitem><para>If the server is to be run by the <command>inetd</command> meta-daemon, this file must contain suitable startup information for the - meta-daemon. See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + meta-daemon. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details. </para></listitem> </varlistentry> @@ -201,7 +255,7 @@ <para>If running the server as a daemon at startup, this file will need to contain an appropriate startup - sequence for the server. See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + sequence for the server. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> @@ -211,20 +265,21 @@ meta-daemon <command>inetd</command>, this file must contain a mapping of service name (e.g., netbios-ssn) to service port (e.g., 139) and protocol type (e.g., tcp). - See the <ulink url="install.html">"How to Install and Test SAMBA"</ulink> + See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems + <listitem><para>This is the default location of the + <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> + server configuration file. Other common places that systems install this file are <filename>/usr/samba/lib/smb.conf</filename> - and <filename>/etc/samba/smb.conf</filename>.</para> + and <filename>/etc/smb.conf</filename>.</para> <para>This file describes all the services the server - is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for more information.</para> + is to make available to clients. See <ulink url="smb.conf.5.html"> + <filename>smb.conf(5)</filename></ulink> for more information.</para> </listitem> </varlistentry> </variablelist> @@ -262,9 +317,9 @@ <para>Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management. The degree too which samba supports PAM is restricted - by the limitations of the SMB protocol and the <ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS"><parameter>obey - pam restricions</parameter></ulink> <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply: + by the limitations of the SMB protocol and the + <ulink url="smb.conf.5.html#OBEYPAMRESRICTIONS">obey pam restricions</ulink> + smb.conf paramater. When this is set, the following restrictions apply: </para> <itemizedlist> @@ -324,9 +379,9 @@ it to die on its own.</para> <para>The debug log level of <command>smbd</command> may be raised - or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer - used since Samba 2.2). This is to allow transient problems to be diagnosed, + or lowered using <ulink url="smbcontrol.1.html"><command>smbcontrol(1) + </command></ulink> program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level.</para> <para>Note that as the signal handlers send a debug write, @@ -339,15 +394,14 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>hosts_access</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, and the - Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. + <para>hosts_access(5), <command>inetd(8)</command>, + <ulink url="nmbd.8.html"><command>nmbd(8)</command></ulink>, + <ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink>, <ulink url="smbclient.1.html"><command>smbclient(1) + </command></ulink>, <ulink url="testparm.1.html"><command> + testparm(1)</command></ulink>, <ulink url="testprns.1.html"> + <command>testprns(1)</command></ulink>, and the Internet RFC's + <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>. In addition the CIFS (formerly SMB) specification is available as a link from the Web page <ulink url="http://samba.org/cifs/"> http://samba.org/cifs/</ulink>.</para> @@ -363,11 +417,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml index 6c489bb785..188218c249 100644 --- a/docs/docbook/manpages/smbgroupedit.8.sgml +++ b/docs/docbook/manpages/smbgroupedit.8.sgml @@ -1,11 +1,15 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbgroupedit.8"> +<refentry id="smbgroupedit"> <refmeta> <refentrytitle>smbgroupedit</refentrytitle> <manvolnum>8</manvolnum> </refmeta> + +<!-- **************************************************** +** Name and Options ** +**************************************************** --> <refnamediv> <refname>smbgroupedit</refname> <refpurpose>Query/set/change UNIX - Windows NT group mapping</refpurpose> @@ -21,13 +25,17 @@ +<!-- **************************************************** +** Description ** +**************************************************** --> <refsect1> <title>DESCRIPTION</title> <para> -This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> -<manvolnum>7</manvolnum></citerefentry> suite.</para> +This program is part of the <ulink url="samba.7.html">Samba</ulink> +suite. +</para> <para> The smbgroupedit command allows for mapping unix groups @@ -62,8 +70,8 @@ etc. Privilege : </programlisting></para> -<para>For example: -<programlisting> +<para>For examples,</para> +<para><programlisting> Users SID : S-1-5-32-545 Unix group: -1 @@ -83,8 +91,9 @@ Users NTGroupName(SID) -> UnixGroupName </programlisting></para> -<para>For example: -<programlisting> +<para>For example,</para> + +<para><programlisting> Users (S-1-5-32-545) -> -1 </programlisting></para> @@ -100,6 +109,8 @@ Users (S-1-5-32-545) -> -1 +<!-- **************************************************** +**************************************************** --> <refsect1> <title>FILES</title> @@ -109,6 +120,8 @@ Users (S-1-5-32-545) -> -1 +<!-- **************************************************** +**************************************************** --> <refsect1> <title>EXIT STATUS</title> @@ -150,45 +163,65 @@ the 'Domain Admins' Global group: <para>domadm:x:502:joe,john,mary</para> </listitem> - <listitem><para>map this domadm group to the 'domain admins' group:</para> + <listitem><para>map this domadm group to the 'domain admins' group: + </para> <orderedlist> - <listitem><para>Get the SID for the Windows NT "Domain Admins" group:</para> + <listitem><para>Get the SID for the Windows NT "Domain Admins" + group:</para> + <para><programlisting> <prompt>root# </prompt><command>smbgroupedit -vs | grep "Domain Admins"</command> Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 -</programlisting></para></listitem> +</programlisting></para> +</listitem> <listitem><para>map the unix domadm group to the Windows NT "Domain Admins" group, by running the command: -<programlisting> + </para> + +<para><programlisting> <prompt>root# </prompt><command>smbgroupedit \ -c S-1-5-21-1108995562-3116817432-1375597819-512 \ -u domadm -td</command> </programlisting></para> - <para><emphasis>warning:</emphasis> don't copy and paste this sample, the + <para> + <emphasis>warning:</emphasis> don't copy and paste this sample, the Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. - </para> </listitem> + </para> + </listitem> </orderedlist> </listitem> </orderedlist> <para> To verify that your mapping has taken effect: -<programlisting> +</para> + +<para><programlisting> <prompt>root# </prompt><command>smbgroupedit -vs|grep "Domain Admins"</command> Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm </programlisting></para> -<para>To give access to a certain directory on a domain member machine (an +<para> +To give access to a certain directory on a domain member machine (an NT/W2K or a samba server running winbind) to some users who are member of a group on your samba PDC, flag that group as a domain group: -<programlisting> +</para> + +<para><programlisting> <prompt>root# </prompt><command>smbgroupedit -a unixgroup -td</command> </programlisting></para> + + </refsect1> + + + +<!-- **************************************************** +**************************************************** --> <refsect1> <title>VERSION</title> @@ -199,16 +232,22 @@ the Samba suite. </para> </refsect1> +<!-- **************************************************** +**************************************************** --> + <refsect1> <title>SEE ALSO</title> <para> -<citerefentry><refentrytitle>smb.conf</refentrytitle> -<manvolnum>5</manvolnum></citerefentry></para> +<ulink url="smb.conf.5.html">smb.conf(5)</ulink> +</para> </refsect1> +<!-- **************************************************** +**************************************************** --> + <refsect1> <title>AUTHOR</title> @@ -222,8 +261,7 @@ to the way the Linux kernel is developed. <para> <command>smbgroupedit</command> was written by Jean Francois Micouleau. The current set of manpages and documentation is maintained -by the Samba Team in the same fashion as the Samba source code. The conversion -to DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para> +by the Samba Team in the same fashion as the Samba source code.</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml index 8c07ed2eb4..55b66d5d25 100644 --- a/docs/docbook/manpages/smbmnt.8.sgml +++ b/docs/docbook/manpages/smbmnt.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbmnt.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbmnt"> <refmeta> <refentrytitle>smbmnt</refentrytitle> @@ -25,7 +23,6 @@ <arg choice="opt">-f <mask></arg> <arg choice="opt">-d <mask></arg> <arg choice="opt">-o <options></arg> - <arg choice="opt">-h</arg> </cmdsynopsis> </refsynopsisdiv> @@ -41,8 +38,8 @@ by the user, and that the user has write permission on.</para> <para>The <command>smbmnt</command> program is normally invoked - by <citerefentry><refentrytitle>smbmount</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. It should not be invoked directly by users. </para> + by <ulink url="smbmount.8.html"><command>smbmount(8)</command> + </ulink>. It should not be invoked directly by users. </para> <para>smbmount searches the normal PATH for smbmnt. You must ensure that the smbmnt version in your path matches the smbmount used.</para> @@ -91,8 +88,6 @@ </para></listitem> </varlistentry> - &stdarg.help; - </variablelist> </refsect1> @@ -112,8 +107,7 @@ </para> <para>The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml index 12f64c7354..c4b91a5572 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbmount.8"> +<refentry id="smbmount"> <refmeta> <refentrytitle>smbmount</refentrytitle> @@ -26,8 +26,7 @@ <para><command>smbmount</command> mounts a Linux SMB filesystem. It is usually invoked as <command>mount.smbfs</command> by - the <citerefentry><refentrytitle>mount</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> command when using the + the <command>mount(8)</command> command when using the "-t smbfs" option. This command only works in Linux, and the kernel must support the smbfs filesystem. </para> @@ -40,12 +39,11 @@ <para><command>smbmount</command> is a daemon. After mounting it keeps running until the mounted smbfs is umounted. It will log things that happen when in daemon mode using the "machine name" smbmount, so - typically this output will end up in <filename>log.smbmount</filename>. The <command> - smbmount</command> process may also be called mount.smbfs.</para> + typically this output will end up in <filename>log.smbmount</filename>. The + <command>smbmount</command> process may also be called mount.smbfs.</para> <para><emphasis>NOTE:</emphasis> <command>smbmount</command> - calls <citerefentry><refentrytitle>smbmnt</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to do the actual mount. You + calls <command>smbmnt(8)</command> to do the actual mount. You must make sure that <command>smbmnt</command> is in the path so that it can be found. </para> @@ -86,12 +84,15 @@ <varlistentry> <term>credentials=<filename></term> - <listitem><para>specifies a file that contains a username and/or password. -The format of the file is: -<programlisting> -username = <value> -password = <value> -</programlisting></para> + <listitem><para>specifies a file that contains a username + and/or password. The format of the file is:</para> + + <para> + <programlisting> + username = <value> + password = <value> + </programlisting> + </para> <para>This is preferred over having passwords in plaintext in a shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any @@ -100,11 +101,6 @@ password = <value> </varlistentry> <varlistentry> - <term>krb</term> - <listitem><para>Use kerberos (Active Directory). </para></listitem> - </varlistentry> - - <varlistentry> <term>netbiosname=<arg></term> <listitem><para>sets the source NetBIOS name. It defaults to the local hostname. </para></listitem> @@ -145,7 +141,7 @@ password = <value> <varlistentry> <term>dmask=<arg></term> - <listitem><para>Sets the directory mask. This determines the + <listitem><para>sets the directory mask. This determines the permissions that remote directories have in the local filesystem. The default is based on the current umask. </para></listitem> </varlistentry> @@ -153,7 +149,7 @@ password = <value> <varlistentry> <term>debug=<arg></term> - <listitem><para>Sets the debug level. This is useful for + <listitem><para>sets the debug level. This is useful for tracking down SMB connection problems. A suggested value to start with is 4. If set too high there will be a lot of output, possibly hiding the useful output.</para></listitem> @@ -162,7 +158,7 @@ password = <value> <varlistentry> <term>ip=<arg></term> - <listitem><para>Sets the destination host or IP address. + <listitem><para>sets the destination host or IP address. </para></listitem> </varlistentry> @@ -170,30 +166,31 @@ password = <value> <varlistentry> <term>workgroup=<arg></term> - <listitem><para>Sets the workgroup on the destination </para> + <listitem><para>sets the workgroup on the destination </para> </listitem> </varlistentry> <varlistentry> <term>sockopt=<arg></term> - <listitem><para>Sets the TCP socket options. See the <ulink - url="smb.conf.5.html#SOCKETOPTIONS"><citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></ulink> <parameter>socket options</parameter> option. + <listitem><para>sets the TCP socket options. See the <ulink + url="smb.conf.5.html#SOCKETOPTIONS"><filename>smb.conf + </filename></ulink> <parameter>socket options</parameter> option. </para></listitem> </varlistentry> <varlistentry> <term>scope=<arg></term> - <listitem><para>Sets the NetBIOS scope </para></listitem> + <listitem><para>sets the NetBIOS scope </para></listitem> </varlistentry> <varlistentry> <term>guest</term> - <listitem><para>Don't prompt for a password </para></listitem> + <listitem><para>don't prompt for a password </para></listitem> </varlistentry> + <varlistentry> <term>ro</term> <listitem><para>mount read-only </para></listitem> @@ -301,9 +298,10 @@ password = <value> <para>FreeBSD also has a smbfs, but it is not related to smbmount</para> - <para>For Solaris, HP-UX and others you may want to look at <citerefentry><refentrytitle>smbsh</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> or at other solutions, such as - Sharity or perhaps replacing the SMB server with a NFS server.</para> + <para>For Solaris, HP-UX and others you may want to look at + <ulink url="smbsh.1.html"><command>smbsh(1)</command></ulink> or at other + solutions, such as sharity or perhaps replacing the SMB server with + a NFS server.</para> </refsect1> @@ -323,8 +321,7 @@ password = <value> </para> <para>The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml index f78e986bef..5c80ac4c06 100644 --- a/docs/docbook/manpages/smbpasswd.5.sgml +++ b/docs/docbook/manpages/smbpasswd.5.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbpasswd.5"> +<refentry id="smbpasswd"> <refmeta> <refentrytitle>smbpasswd</refentrytitle> @@ -19,8 +19,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the @@ -122,7 +122,7 @@ the attributes of the users account. In the Samba 2.2 release this field is bracketed by '[' and ']' characters and is always 13 characters in length (including the '[' and ']' characters). - The contents of this field may be any of the following characters: + The contents of this field may be any of the characters. </para> <itemizedlist> @@ -136,11 +136,12 @@ Password Hash and NT Password Hash are ignored). Note that this will only allow users to log on with no password if the <parameter> null passwords</parameter> parameter is set in the <ulink - url="smb.conf.5.html#NULLPASSWORDS"><citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></ulink> config file. </para></listitem> + url="smb.conf.5.html#NULLPASSWORDS"><filename>smb.conf(5) + </filename></ulink> config file. </para></listitem> <listitem><para><emphasis>D</emphasis> - This means the account - is disabled and no SMB/CIFS logins will be allowed for this user. </para></listitem> + is disabled and no SMB/CIFS logins will be allowed for + this user. </para></listitem> <listitem><para><emphasis>W</emphasis> - This means this account is a "Workstation Trust" account. This kind of account is used @@ -177,9 +178,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, and + <para><ulink url="smbpasswd.8.html"><command>smbpasswd(8)</command></ulink>, + <ulink url="samba.7.html">samba(7)</ulink>, and the Internet RFC1321 for details on the MD4 algorithm. </para> </refsect1> @@ -194,11 +194,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml index 5d475cf08c..8e6d925ae0 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbpasswd.8"> +<refentry id="smbpasswd"> <refmeta> <refentrytitle>smbpasswd</refentrytitle> @@ -37,27 +37,25 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The smbpasswd program has several different - functions, depending on whether it is run by the <emphasis>root</emphasis> user - or not. When run as a normal user it allows the user to change + functions, depending on whether it is run by the <emphasis>root</emphasis> + user or not. When run as a normal user it allows the user to change the password used for their SMB sessions on any machines that store SMB passwords. </para> <para>By default (when run with no arguments) it will attempt to change the current user's SMB password on the local machine. This is - similar to the way the <command>passwd(1)</command> program works. <command> - smbpasswd</command> differs from how the passwd program works + similar to the way the <command>passwd(1)</command> program works. + <command>smbpasswd</command> differs from how the passwd program works however in that it is not <emphasis>setuid root</emphasis> but works in - a client-server mode and communicates with a - locally running <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. As a consequence in order for this to + a client-server mode and communicates with a locally running + <command>smbd(8)</command>. As a consequence in order for this to succeed the smbd daemon must be running on the local machine. On a UNIX machine the encrypted SMB passwords are usually stored in - the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file. </para> + the <filename>smbpasswd(5)</filename> file. </para> <para>When run by an ordinary user with no options, smbpasswd will prompt them for their old SMB password and then ask them @@ -69,13 +67,12 @@ <para>smbpasswd can also be used by a normal user to change their SMB password on remote machines, such as Windows NT Primary Domain - Controllers. See the (<parameter>-r</parameter>) and <parameter>-U</parameter> options - below. </para> + Controllers. See the (-r) and -U options below. </para> <para>When run by root, smbpasswd allows new users to be added and deleted in the smbpasswd file, as well as allows changes to - the attributes of the user in this file to be made. When run by root, <command> - smbpasswd</command> accesses the local smbpasswd file + the attributes of the user in this file to be made. When run by root, + <command>smbpasswd</command> accesses the local smbpasswd file directly, thus enabling changes to be made even if smbd is not running. </para> </refsect1> @@ -124,8 +121,8 @@ <para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 format) there is no space in the user's password entry to write - this information and the command will FAIL. See <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details on the 'old' and new password file formats. + this information and the command will FAIL. See <command>smbpasswd(5) + </command> for details on the 'old' and new password file formats. </para> <para>This option is only available when running smbpasswd as @@ -143,8 +140,7 @@ <para>If the smbpasswd file is in the 'old' format, then <command> smbpasswd</command> will FAIL to enable the account. - See <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for + See <command>smbpasswd (5)</command> for details on the 'old' and new password file formats. </para> <para>This option is only available when running smbpasswd as root. @@ -230,15 +226,15 @@ name of the host being connected to. </para> <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows: </para> + cause names to be resolved as follows : </para> <itemizedlist> - <listitem><para><constant>lmhosts</constant>: Lookup an IP + <listitem><para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <citerefentry><refentrytitle>lmhosts</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> for details) then + no name type attached to the NetBIOS name (see the <ulink + url="lmhosts.5.html">lmhosts(5)</ulink> for details) then any name type matches for lookup.</para></listitem> - <listitem><para><constant>host</constant>: Do a standard host + <listitem><para><constant>host</constant> : Do a standard host name to IP address resolution, using the system <filename>/etc/hosts </filename>, NIS, or DNS lookups. This method of name resolution is operating system depended for instance on IRIX or Solaris this @@ -247,12 +243,12 @@ type being queried is the 0x20 (server) name type, otherwise it is ignored.</para></listitem> - <listitem><para><constant>wins</constant>: Query a name with + <listitem><para><constant>wins</constant> : Query a name with the IP address listed in the <parameter>wins server</parameter> parameter. If no WINS server has been specified this method will be ignored.</para></listitem> - <listitem><para><constant>bcast</constant>: Do a broadcast on + <listitem><para><constant>bcast</constant> : Do a broadcast on each of the known local interfaces listed in the <parameter>interfaces</parameter> parameter. This is the least reliable of the name resolution methods as it depends on the @@ -260,8 +256,8 @@ </itemizedlist> <para>The default order is <command>lmhosts, host, wins, bcast</command> - and without this parameter or any entry in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file the name resolution methods will + and without this parameter or any entry in the + <filename>smb.conf</filename> file the name resolution methods will be attempted in this order. </para></listitem> </varlistentry> @@ -296,6 +292,7 @@ </varlistentry> + <varlistentry> <term>-s</term> <listitem><para>This option causes smbpasswd to be silent (i.e. @@ -315,7 +312,7 @@ switch is used to specify the password to be used with the <ulink url="smb.conf.5.html#LDAPADMINDN"><parameter>ldap admin dn</parameter></ulink>. Note that the password is stored in - the <filename>secrets.tdb</filename> and is keyed off + the <filename>private/secrets.tdb</filename> and is keyed off of the admin's DN. This means that if the value of <parameter>ldap admin dn</parameter> ever changes, the password will need to be manually updated as well. @@ -358,15 +355,14 @@ mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work. A common problem is to add a restriction to the hosts that may access the <command> - smbd</command> running on the local machine by specifying either <parameter>allow - hosts</parameter> or <parameter>deny hosts</parameter> entry in - the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file and neglecting to + smbd</command> running on the local machine by specifying a + <parameter>allow hosts</parameter> or <parameter>deny hosts</parameter> + entry in the <filename>smb.conf</filename> file and neglecting to allow "localhost" access to the smbd. </para> <para>In addition, the smbpasswd command is only useful if Samba - has been set up to use encrypted passwords. See the document <ulink url="pwencrypt.html"> - "LanMan and NT Password Encryption in Samba"</ulink> in the docs directory for details + has been set up to use encrypted passwords. See the file + <filename>ENCRYPTION.txt</filename> in the docs directory for details on how to do this. </para> </refsect1> @@ -374,14 +370,15 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 3.0 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>.</para> + <para><ulink url="smbpasswd.5.html"><filename>smbpasswd(5)</filename></ulink>, + <ulink url="samba.7.html">samba(7)</ulink> + </para> </refsect1> <refsect1> @@ -394,11 +391,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index f51b5eb34f..c40609be4f 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbsh.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbsh"> <refmeta> <refentrytitle>smbsh</refentrytitle> @@ -31,8 +29,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbsh</command> allows you to access an NT filesystem using UNIX commands such as <command>ls</command>, <command> @@ -48,8 +46,7 @@ <varlistentry> <term>-W WORKGROUP</term> <listitem><para>Override the default workgroup specified in the - workgroup parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file + workgroup parameter of the <filename>smb.conf</filename> file for this session. This may be needed to connect to some servers. </para></listitem> </varlistentry> @@ -64,17 +61,91 @@ </varlistentry> <varlistentry> - <term>-P prefix</term> - <listitem><para>This option allows + <term>-P prefix</term><listitem><para>This option allows the user to set the directory prefix for SMB access. The default value if this option is not specified is <emphasis>smb</emphasis>. </para></listitem> </varlistentry> - &stdarg.configfile; - &stdarg.debug; - &stdarg.resolve.order; + <varlistentry> + <term>-R <name resolve order></term> + <listitem><para>This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.</para> + + <para>The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows :</para> + + <itemizedlist> + <listitem><para><constant>lmhosts</constant> : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> + for details) then any name type matches for lookup. + </para></listitem> + + <listitem><para><constant>host</constant> : + Do a standard host name to IP address resolution, using + the system <filename>/etc/hosts</filename>, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the <filename>/etc/nsswitch.conf + </filename> file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. + </para></listitem> + + <listitem><para><constant>wins</constant> : + Query a name with the IP address listed in the + <parameter>wins server</parameter> parameter. If no + WINS server has been specified this method will be + ignored. + </para></listitem> + + <listitem><para><constant>bcast</constant> : + Do a broadcast on each of the known local interfaces + listed in the <parameter>interfaces</parameter> + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. + </para></listitem> + </itemizedlist> + + <para>If this parameter is not set then the name resolve order + defined in the <filename>smb.conf</filename> file parameter + (name resolve order) will be used. </para> + + <para>The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the <parameter>name resolve order + </parameter> parameter of the <filename>smb.conf</filename> + file, the name resolution methods will be attempted in this + order. </para></listitem> + </varlistentry> + + <varlistentry> + <term>-d <debug level></term> + <listitem><para>debug level is an integer from 0 to 10.</para> + + <para>The default value if this parameter is not specified + is zero.</para> + + <para>The higher this value, the more detail will be logged + about the activities of <command>nmblookup</command>. At level + 0, only critical errors and serious warnings will be logged. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-l logfilename</term> + <listitem><para>If specified causes all debug messages to be + written to the file specified by <replaceable>logfilename + </replaceable>. If not specified then all messages will be + written to<replaceable>stderr</replaceable>. + </para></listitem> + </varlistentry> <varlistentry> <term>-L libdir</term> @@ -93,12 +164,13 @@ <para>To use the <command>smbsh</command> command, execute <command> smbsh</command> from the prompt and enter the username and password that authenticates you to the machine running the Windows NT - operating system. -<programlisting> -<prompt>system% </prompt><userinput>smbsh</userinput> -<prompt>Username: </prompt><userinput>user</userinput> -<prompt>Password: </prompt><userinput>XXXXXXX</userinput> -</programlisting></para> + operating system.</para> + + <para><programlisting> + <prompt>system% </prompt><userinput>smbsh</userinput> + <prompt>Username: </prompt><userinput>user</userinput> + <prompt>Password: </prompt><userinput>XXXXXXX</userinput> + </programlisting></para> <para>Any dynamically linked command you execute from @@ -116,7 +188,8 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 3.0 of + the Samba suite.</para> </refsect1> <refsect1> @@ -137,9 +210,9 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> </refsect1> <refsect1> @@ -152,11 +225,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml index dabdcced01..d164cb0864 100644 --- a/docs/docbook/manpages/smbspool.8.sgml +++ b/docs/docbook/manpages/smbspool.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbspool.8"> +<refentry id="smbspool"> <refmeta> <refentrytitle>smbspool</refentrytitle> @@ -15,20 +15,20 @@ <refsynopsisdiv> <cmdsynopsis> <command>smbspool</command> - <arg choice="req">job</arg> - <arg choice="req">user</arg> - <arg choice="req">title</arg> - <arg choice="req">copies</arg> - <arg choice="req">options</arg> - <arg choice="opt">filename</arg> + <arg>job</arg> + <arg>user</arg> + <arg>title</arg> + <arg>copies</arg> + <arg>options</arg> + <arg>filename</arg> </cmdsynopsis> </refsynopsisdiv> <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments @@ -45,8 +45,10 @@ <itemizedlist> <listitem><para>smb://server/printer</para></listitem> <listitem><para>smb://workgroup/server/printer</para></listitem> - <listitem><para>smb://username:password@server/printer</para></listitem> - <listitem><para>smb://username:password@workgroup/server/printer</para></listitem> + <listitem><para>smb://username:password@server/printer</para> + </listitem> + <listitem><para>smb://username:password@workgroup/server/printer + </para></listitem> </itemizedlist> <para>smbspool tries to get the URI from argv[0]. If argv[0] @@ -95,14 +97,15 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>.</para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + and <ulink url="samba.7.html">samba(7)</ulink>. + </para> </refsect1> <refsect1> @@ -118,11 +121,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml index 98f7e864f6..99963a4bec 100644 --- a/docs/docbook/manpages/smbstatus.1.sgml +++ b/docs/docbook/manpages/smbstatus.1.sgml @@ -1,8 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> - -<refentry id="smbstatus.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="smbstatus"> <refmeta> <refentrytitle>smbstatus</refentrytitle> @@ -34,8 +31,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbstatus</command> is a very simple program to list the current Samba connections.</para> @@ -57,7 +54,13 @@ <listitem><para>gives brief output.</para></listitem> </varlistentry> - &popt.common.samba; + + <varlistentry> + <term>-d|--debug=<debuglevel></term> + <listitem><para>sets debugging to specified level</para> + </listitem> + </varlistentry> + <varlistentry> <term>-v|--verbose</term> @@ -81,8 +84,8 @@ <varlistentry> <term>-p|--processes</term> - <listitem><para>print a list of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> processes and exit. + <listitem><para>print a list of <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> processes and exit. Useful for scripting.</para></listitem> </varlistentry> @@ -93,7 +96,18 @@ </listitem> </varlistentry> - &stdarg.help; + + + <varlistentry> + <term>-s|--conf=<configuration file></term> + <listitem><para>The default configuration file name is + determined at compile time. The file specified contains the + configuration details required by the server. See <ulink + url="smb.conf.5.html"><filename>smb.conf(5)</filename> + </ulink> for more information.</para> + </listitem> + </varlistentry> + <varlistentry> <term>-u|--user=<username></term> @@ -114,9 +128,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink> and + <ulink url="smb.conf.5.html">smb.conf(5)</ulink>.</para> </refsect1> <refsect1> @@ -129,11 +142,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml index 0492a3a574..bd70493b6b 100644 --- a/docs/docbook/manpages/smbtar.1.sgml +++ b/docs/docbook/manpages/smbtar.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbtar.1"> +<refentry id="smbtar"> <refmeta> <refentrytitle>smbtar</refentrytitle> @@ -16,20 +16,20 @@ <refsynopsisdiv> <cmdsynopsis> <command>smbtar</command> - <arg choice="opt">-r</arg> - <arg choice="opt">-i</arg> - <arg choice="opt">-a</arg> - <arg choice="opt">-v</arg> <arg choice="req">-s server</arg> <arg choice="opt">-p password</arg> <arg choice="opt">-x services</arg> <arg choice="opt">-X</arg> - <arg choice="opt">-N filename</arg> - <arg choice="opt">-b blocksize</arg> <arg choice="opt">-d directory</arg> - <arg choice="opt">-l loglevel</arg> <arg choice="opt">-u user</arg> <arg choice="opt">-t tape</arg> + <arg choice="opt">-t tape</arg> + <arg choice="opt">-b blocksize</arg> + <arg choice="opt">-N filename</arg> + <arg choice="opt">-i</arg> + <arg choice="opt">-r</arg> + <arg choice="opt">-l loglevel</arg> + <arg choice="opt">-v</arg> <arg choice="req">filenames</arg> </cmdsynopsis> </refsynopsisdiv> @@ -37,12 +37,12 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>smbtar</command> is a very small shell script on top - of <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> which dumps SMB shares directly to tape.</para> + of <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> + which dumps SMB shares directly to tape. </para> </refsect1> <refsect1> @@ -100,11 +100,6 @@ </varlistentry> - <varlistentry> - <term>-a</term> - <listitem><para>Reset DOS archive bit mode to - indicate file has been archived. </para></listitem> - </varlistentry> <varlistentry> <term>-t tape</term> @@ -149,9 +144,8 @@ <varlistentry> <term>-l log level</term> <listitem><para>Log (debug) level. Corresponds to the - <parameter>-d</parameter> flag of <citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>.</para></listitem> + <parameter>-d</parameter> flag of <command>smbclient(1) + </command>. </para></listitem> </varlistentry> </variablelist> </refsect1> @@ -187,9 +181,9 @@ <refsect1> <title>DIAGNOSTICS</title> - <para>See the <emphasis>DIAGNOSTICS</emphasis> section for the <citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry> command.</para> + <para>See the <emphasis>DIAGNOSTICS</emphasis> section for the + <ulink url="smbclient.1.html"><command>smbclient(1)</command> + </ulink> command.</para> </refsect1> @@ -202,11 +196,10 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry> - <refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum> - </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> + <para><ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink>, + </para> </refsect1> <refsect1> @@ -223,11 +216,11 @@ url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many thanks to everyone who suggested extensions, improvements, bug fixes, etc. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter.</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/smbtree.1.sgml b/docs/docbook/manpages/smbtree.1.sgml deleted file mode 100644 index 3677695d5a..0000000000 --- a/docs/docbook/manpages/smbtree.1.sgml +++ /dev/null @@ -1,93 +0,0 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="smbtree.1"> - -<refmeta> - <refentrytitle>smbtree</refentrytitle> - <manvolnum>1</manvolnum> -</refmeta> - - -<refnamediv> - <refname>smbtree</refname> - <refpurpose>A text based smb network browser - </refpurpose> -</refnamediv> - -<refsynopsisdiv> - <cmdsynopsis> - <command>smbtree</command> - <arg choice="opt">-b</arg> - <arg choice="opt">-D</arg> - <arg choice="opt">-S</arg> - </cmdsynopsis> -</refsynopsisdiv> - -<refsect1> - <title>DESCRIPTION</title> - - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> - - <para><command>smbtree</command> is a smb browser program - in text mode. It is similar to the "Network Neighborhood" found - on Windows computers. It prints a tree with all - the known domains, the servers in those domains and - the shares on the servers. - </para> -</refsect1> - - -<refsect1> - <title>OPTIONS</title> - - <variablelist> - <varlistentry> - <term>-b</term> - <listitem><para>Query network nodes by sending requests - as broadcasts instead of querying the (domain) master browser. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-D</term> - <listitem><para>Only print a list of all - the domains known on broadcast or by the - master browser</para></listitem> - </varlistentry> - - <varlistentry> - <term>-S</term> - <listitem><para>Only print a list of - all the domains and servers responding on broadcast or - known by the master browser. - </para></listitem> - </varlistentry> - - &popt.common.samba; - &popt.common.credentials; - &stdarg.help; - - </variablelist> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba - suite.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The smbtree man page was written by Jelmer Vernooij. </para> -</refsect1> - -</refentry> diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.sgml index 089ede79ea..d6a1b65b57 100644 --- a/docs/docbook/manpages/smbumount.8.sgml +++ b/docs/docbook/manpages/smbumount.8.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="smbumount.8"> +<refentry id="smbumount"> <refmeta> <refentrytitle>smbumount</refentrytitle> @@ -47,8 +47,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>smbmount</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></para> + <para><ulink url="smbmount.8.html"><command>smbmount(8)</command> + </ulink></para> </refsect1> @@ -67,8 +67,7 @@ </para> <para>The conversion of this manpage for Samba 2.2 was performed - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 - was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml index 72b3cd65c8..c0052f3d53 100644 --- a/docs/docbook/manpages/swat.8.sgml +++ b/docs/docbook/manpages/swat.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="swat.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="swat"> <refmeta> <refentrytitle>swat</refentrytitle> @@ -25,13 +23,13 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>swat</command> allows a Samba administrator to - configure the complex <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file via a Web browser. In addition, + configure the complex <ulink url="smb.conf.5.html"><filename> + smb.conf(5)</filename></ulink> file via a Web browser. In addition, a <command>swat</command> configuration page has help links to all the configurable options in the <filename>smb.conf</filename> file allowing an administrator to easily look up the effects of any change. </para> @@ -48,9 +46,8 @@ <term>-s smb configuration file</term> <listitem><para>The default configuration file path is determined at compile time. The file specified contains - the configuration details required by the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> server. This is the file - that <command>swat</command> will modify. + the configuration details required by the <command>smbd + </command> server. This is the file that <command>swat</command> will modify. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide. @@ -68,10 +65,6 @@ <para><emphasis>WARNING: Do NOT enable this option on a production server. </emphasis></para></listitem> </varlistentry> - - &popt.common.samba; - &stdarg.help; - </variablelist> </refsect1> @@ -80,12 +73,6 @@ <title>INSTALLATION</title> - <para>Swat is included as binary package with most distributions. The - package manager in this case takes care of the installation and - configuration. This section is only for those who have compiled - swat from scratch. - </para> - <para>After you compile SWAT you need to run <command>make install </command> to install the <command>swat</command> binary and the various help files and images. A default install would put @@ -109,7 +96,7 @@ <para><command>swat 901/tcp</command></para> - <para>Note for NIS/YP and LDAP users - you may need to rebuild the + <para>Note for NIS/YP users - you may need to rebuild the NIS service maps rather than alter your local <filename> /etc/services</filename> file. </para> @@ -133,19 +120,17 @@ </refsect2> + <refsect2> + <title>Launching</title> -</refsect1> - -<refsect1> - <title>LAUNCHING</title> - - <para>To launch SWAT just run your favorite web browser and - point it at "http://localhost:901/".</para> + <para>To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/".</para> - <para>Note that you can attach to SWAT from any IP connected - machine but connecting from a remote machine leaves your - connection open to password sniffing as passwords will be sent - in the clear over the wire. </para> + <para>Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. </para> + </refsect2> </refsect1> <refsect1> @@ -167,9 +152,8 @@ <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of the <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> server configuration file that swat edits. Other + <listitem><para>This is the default location of the <filename>smb.conf(5) + </filename> server configuration file that swat edits. Other common places that systems install this file are <filename> /usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf </filename>. This file describes all the services the server @@ -182,9 +166,8 @@ <refsect1> <title>WARNINGS</title> - <para><command>swat</command> will rewrite your <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file. It will rearrange the entries and delete all + <para><command>swat</command> will rewrite your <filename>smb.conf + </filename> file. It will rearrange the entries and delete all comments, <parameter>include=</parameter> and <parameter>copy= </parameter> options. If you have a carefully crafted <filename> smb.conf</filename> then back it up or don't use swat! </para> @@ -194,15 +177,16 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of the Samba suite.</para> + <para>This man page is correct for version 2.2 of + the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> - <para><command>inetd(5)</command>, <citerefentry> - <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <para><command>inetd(5)</command>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink> + </para> </refsect1> <refsect1> @@ -215,11 +199,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml index 31a9549416..f34528a43d 100644 --- a/docs/docbook/manpages/testparm.1.sgml +++ b/docs/docbook/manpages/testparm.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="testparm.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="testparm"> <refmeta> <refentrytitle>testparm</refentrytitle> @@ -31,12 +29,11 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>testparm</command> is a very simple test program - to check an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> configuration file for + to check an <command>smbd</command> configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that <command>smbd </command> will successfully load the configuration file.</para> @@ -67,9 +64,13 @@ will prompt for a carriage return after printing the service names and before dumping the service definitions.</para></listitem> </varlistentry> - - &stdarg.help; - &stdarg.version; + + + <varlistentry> + <term>-h</term> + <listitem><para>Print usage message </para></listitem> + </varlistentry> + <varlistentry> <term>-L servername</term> @@ -81,9 +82,9 @@ <varlistentry> <term>-v</term> <listitem><para>If this option is specified, testparm - will also output all options that were not used in <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> and are thus set to their defaults.</para></listitem> + will also output all options that were not used in + <filename>smb.conf</filename> and are thus set to + their defaults.</para></listitem> </varlistentry> <varlistentry> @@ -97,8 +98,7 @@ <term>configfilename</term> <listitem><para>This is the name of the configuration file to check. If this parameter is not present then the - default <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file will be checked. + default <filename>smb.conf</filename> file will be checked. </para></listitem> </varlistentry> @@ -108,9 +108,7 @@ <listitem><para>If this parameter and the following are specified, then <command>testparm</command> will examine the <parameter>hosts allow</parameter> and <parameter>hosts deny</parameter> - parameters in the <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file to + parameters in the <filename>smb.conf</filename> file to determine if the hostname with this IP address would be allowed access to the <command>smbd</command> server. If this parameter is supplied, the hostIP parameter must also @@ -132,11 +130,9 @@ <variablelist> <varlistentry> - <term><citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry></term> + <term><filename>smb.conf</filename></term> <listitem><para>This is usually the name of the configuration - file used by <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>. + file used by <command>smbd</command>. </para></listitem> </varlistentry> </variablelist> @@ -162,11 +158,9 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, <citerefentry> - <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry></para> + <para><ulink url="smb.conf.5.html"><filename>smb.conf(5)</filename></ulink>, + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> + </para> </refsect1> <refsect1> @@ -179,11 +173,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.sgml index 3ff1d85055..cd99494a9a 100644 --- a/docs/docbook/manpages/testprns.1.sgml +++ b/docs/docbook/manpages/testprns.1.sgml @@ -1,5 +1,5 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> -<refentry id="testprns.1"> +<refentry id="testprns"> <refmeta> <refentrytitle>testprns</refentrytitle> @@ -23,13 +23,13 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>testprns</command> is a very simple test program to determine whether a given printer name is valid for use in - a service to be provided by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> + a service to be provided by <ulink url="smbd.8.html"><command> + smbd(8)</command></ulink>. </para> <para>"Valid" in this context means "can be found in the printcap specified". This program is very stupid - so stupid in @@ -54,9 +54,8 @@ done beyond that required to extract the printer name. It may be that the print spooling system is more forgiving or less forgiving than <command>testprns</command>. However, if - <command>testprns</command> finds the printer then <citerefentry> - <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> should do so as well. </para></listitem> + <command>testprns</command> finds the printer then + <command>smbd</command> should do so as well. </para></listitem> </varlistentry> <varlistentry> @@ -111,16 +110,16 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 3.0 of + <para>This man page is correct for version 2.2 of the Samba suite.</para> </refsect1> <refsect1> <title>SEE ALSO</title> <para><filename>printcap(5)</filename>, - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry></para> + <ulink url="smbd.8.html"><command>smbd(8)</command></ulink>, + <ulink url="smbclient.1.html"><command>smbclient(1)</command></ulink> + </para> </refsect1> <refsect1> @@ -133,11 +132,11 @@ <para>The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> + excellent piece of Open Source software, available at + <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> + Samba 2.2 was done by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/vfstest.1.sgml b/docs/docbook/manpages/vfstest.1.sgml index 8be9271679..d6c7e5f142 100644 --- a/docs/docbook/manpages/vfstest.1.sgml +++ b/docs/docbook/manpages/vfstest.1.sgml @@ -1,7 +1,8 @@ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ <!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; ]> -<refentry id="vfstest.1"> + +<refentry id="vfstest"> <refmeta> <refentrytitle>vfstest</refentrytitle> @@ -27,8 +28,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>vfstest</command> is a small command line utility that has the ability to test dso samba VFS modules. It gives the @@ -50,6 +51,7 @@ </para> </listitem> </varlistentry> + &stdarg.debuglevel; &stdarg.help; <varlistentry> @@ -60,8 +62,6 @@ </para></listitem> </varlistentry> - &popt.common.samba; - </variablelist> </refsect1> diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml index 2e9a811bcb..a6ca244243 100644 --- a/docs/docbook/manpages/wbinfo.1.sgml +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="wbinfo.1"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="wbinfo"> <refmeta> <refentrytitle>wbinfo</refentrytitle> @@ -19,8 +17,8 @@ <command>wbinfo</command> <arg choice="opt">-u</arg> <arg choice="opt">-g</arg> + <arg choice="opt">-i ip</arg> <arg choice="opt">-N netbios-name</arg> - <arg choice="opt">-I ip</arg> <arg choice="opt">-n name</arg> <arg choice="opt">-s sid</arg> <arg choice="opt">-U uid</arg> @@ -29,11 +27,9 @@ <arg choice="opt">-Y sid</arg> <arg choice="opt">-t</arg> <arg choice="opt">-m</arg> - <arg choice="opt">--sequence</arg> <arg choice="opt">-r user</arg> <arg choice="opt">-a user%password</arg> <arg choice="opt">-A user%password</arg> - <arg choice="opt">--get-auth-user</arg> <arg choice="opt">-p</arg> </cmdsynopsis> </refsynopsisdiv> @@ -41,15 +37,14 @@ <refsect1> <title>DESCRIPTION</title> - <para>This tool is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This tool is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para>The <command>wbinfo</command> program queries and returns information - created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. </para> + created and used by the <ulink url="winbindd.8.html"><command> + winbindd(8)</command></ulink> daemon. </para> - <para>The <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon must be configured + <para>The <command>winbindd(8)</command> daemon must be configured and running for the <command>wbinfo</command> program to be able to return information.</para> </refsect1> @@ -61,30 +56,27 @@ <varlistentry> <term>-u</term> <listitem><para>This option will list all users available - in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains + in the Windows NT domain for which the <command>winbindd(8) + </command> daemon is operating in. Users in all trusted domains will also be listed. Note that this operation does not assign - user ids to any users that have not already been seen by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> - .</para></listitem> + user ids to any users that have not already been seen by + <command>winbindd(8)</command>.</para></listitem> </varlistentry> <varlistentry> <term>-g</term> <listitem><para>This option will list all groups available - in the Windows NT domain for which the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains + in the Windows NT domain for which the <command>winbindd(8) + </command> daemon is operating in. Groups in all trusted domains will also be listed. Note that this operation does not assign - group ids to any groups that have not already been - seen by <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>. </para></listitem> + group ids to any groups that have not already been seen by + <command>winbindd(8)</command>. </para></listitem> </varlistentry> <varlistentry> <term>-N name</term> <listitem><para>The <parameter>-N</parameter> option - queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to query the WINS + queries <command>winbindd(8)</command> to query the WINS server for the IP address associated with the NetBIOS name specified by the <parameter>name</parameter> parameter. </para></listitem> @@ -94,8 +86,7 @@ <varlistentry> <term>-I ip</term> <listitem><para>The <parameter>-I</parameter> option - queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to send a node status + queries <command>winbindd(8)</command> to send a node status request to get the NetBIOS name associated with the IP address specified by the <parameter>ip</parameter> parameter. </para></listitem> @@ -105,15 +96,13 @@ <varlistentry> <term>-n name</term> <listitem><para>The <parameter>-n</parameter> option - queries <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for the SID + queries <command>winbindd(8)</command> for the SID associated with the name specified. Domain names can be specified before the user name by using the winbind separator character. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1. If no domain is specified then the - domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> <parameter>workgroup - </parameter> parameter. </para></listitem> + domain used is the one specified in the <filename>smb.conf</filename> + <parameter>workgroup</parameter> parameter. </para></listitem> </varlistentry> @@ -146,18 +135,16 @@ <varlistentry> <term>-S sid</term> <listitem><para>Convert a SID to a UNIX user id. If the SID - does not correspond to a UNIX user mapped by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> then the operation will fail. </para></listitem> + does not correspond to a UNIX user mapped by <command> + winbindd(8)</command> then the operation will fail. </para></listitem> </varlistentry> <varlistentry> <term>-Y sid</term> <listitem><para>Convert a SID to a UNIX group id. If the SID - does not correspond to a UNIX group mapped by <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then - the operation will fail. </para></listitem> + does not correspond to a UNIX group mapped by <command> + winbindd(8)</command> then the operation will fail. </para></listitem> </varlistentry> @@ -173,18 +160,12 @@ <varlistentry> <term>-m</term> <listitem><para>Produce a list of domains trusted by the - Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts + Windows NT server <command>winbindd(8)</command> contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. </para></listitem> </varlistentry> - <varlistentry> - <term>--sequence</term> - <listitem><para>Show sequence numbers of - all known domains</para></listitem> - </varlistentry> <varlistentry> <term>-r username</term> @@ -212,25 +193,6 @@ Windows 2000 servers only). </para></listitem> </varlistentry> - - <varlistentry> - <term>--get-auth-user</term> - <listitem><para>Print username and password used by winbindd - during session setup to a domain controller. Username - and password can be set using '-A'. Only available for - root.</para></listitem> - </varlistentry> - - <varlistentry> - <term>-p</term> - <listitem><para>Check whether winbindd is still alive. - Prints out either 'succeeded' or 'failed'. - </para></listitem> - </varlistentry> - - &stdarg.version; - &stdarg.help; - </variablelist> </refsect1> @@ -239,9 +201,8 @@ <title>EXIT STATUS</title> <para>The wbinfo program returns 0 if the operation - succeeded, or 1 if the operation failed. If the <citerefentry> - <refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> daemon is not working <command>wbinfo</command> will always return + succeeded, or 1 if the operation failed. If the <command>winbindd(8) + </command> daemon is not working <command>wbinfo</command> will always return failure. </para> </refsect1> @@ -255,8 +216,8 @@ <refsect1> <title>SEE ALSO</title> - <para><citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry></para> + <para><ulink url="winbindd.8.html"><command>winbindd(8)</command> + </ulink></para> </refsect1> <refsect1> @@ -271,8 +232,7 @@ were written by Tim Potter.</para> <para>The conversion to DocBook for Samba 2.2 was done - by Gerald Carter. The conversion to DocBook XML 4.2 for Samba - 3.0 was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index e0489c43c4..ccef2fa623 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -1,7 +1,5 @@ -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN" [ -<!ENTITY % globalentities SYSTEM '../global.ent'> %globalentities; -]> -<refentry id="winbindd.8"> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<refentry id="winbindd"> <refmeta> <refentrytitle>winbindd</refentrytitle> @@ -31,8 +29,8 @@ <refsect1> <title>DESCRIPTION</title> - <para>This program is part of the <citerefentry><refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry> suite.</para> + <para>This program is part of the <ulink url="samba.7.html"> + Samba</ulink> suite.</para> <para><command>winbindd</command> is a daemon that provides a service for the Name Service Switch capability that is present @@ -90,11 +88,12 @@ <filename>/etc/nsswitch.conf</filename> file can be used to initially resolve user and group information from <filename>/etc/passwd </filename> and <filename>/etc/group</filename> and then from the - Windows NT server. -<programlisting> + Windows NT server. </para> + + <para><programlisting> passwd: files winbind group: files winbind -</programlisting></para> + </programlisting></para> <para>The following simple configuration in the <filename>/etc/nsswitch.conf</filename> file can be used to initially @@ -130,8 +129,13 @@ group: files winbind than a file.</para></listitem> </varlistentry> - &popt.common.samba; - &stdarg.help; + <varlistentry> + <term>-d debuglevel</term> + <listitem><para>Sets the debuglevel to an integer between + 0 and 100. 0 is for no debugging and 100 is for reams and + reams. To submit a bug report to the Samba Team, use debug + level 100 (see BUGS.txt). </para></listitem> + </varlistentry> <varlistentry> <term>-i</term> @@ -161,10 +165,15 @@ group: files winbind as 2 threads. The first will answer all requests from the cache, thus making responses to clients faster. The other will update the cache for the query that the first has just responded. - Advantage of this is that responses stay accurate and are faster. + Advantage of this is that responses are accurate and fast. </para></listitem> </varlistentry> + <varlistentry> + <term>-s|--conf=smb.conf</term> + <listitem><para>Specifies the location of the all-important + <filename>smb.conf</filename> file. </para></listitem> + </varlistentry> </variablelist> </refsect1> @@ -199,9 +208,8 @@ group: files winbind <title>CONFIGURATION</title> <para>Configuration of the <command>winbindd</command> daemon - is done through configuration parameters in the <citerefentry> - <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry> file. All parameters should be specified in the + is done through configuration parameters in the <filename>smb.conf(5) + </filename> file. All parameters should be specified in the [global] section of smb.conf. </para> <itemizedlist> @@ -235,24 +243,27 @@ group: files winbind following setup. This was tested on a RedHat 6.2 Linux box. </para> <para>In <filename>/etc/nsswitch.conf</filename> put the - following: -<programlisting> + following:</para> + + <para><programlisting> passwd: files winbind group: files winbind -</programlisting></para> + </programlisting></para> + + <para>In <filename>/etc/pam.d/*</filename> replace the + <parameter>auth</parameter> lines with something like this: </para> - <para>In <filename>/etc/pam.d/*</filename> replace the <parameter> - auth</parameter> lines with something like this: -<programlisting> + + <para><programlisting> auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok -</programlisting></para> + </programlisting></para> - <para>Note in particular the use of the <parameter>sufficient - </parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para> + <para>Note in particular the use of the <parameter>sufficient</parameter> + keyword and the <parameter>use_first_pass</parameter> keyword. </para> <para>Now replace the account lines with this: </para> @@ -260,26 +271,28 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok </command></para> <para>The next step is to join the domain. To do that use the - <command>net</command> program like this: </para> + <command>smbpasswd</command> program like this: </para> - <para><command>net join -S PDC -U Administrator</command></para> + <para><command>smbpasswd -j DOMAIN -r PDC -U + Administrator</command></para> <para>The username after the <parameter>-U</parameter> can be any Domain user that has administrator privileges on the machine. - Substitute the name or IP of your PDC for "PDC".</para> + Substitute your domain name for "DOMAIN" and the name of your PDC + for "PDC".</para> <para>Next copy <filename>libnss_winbind.so</filename> to - <filename>/lib</filename> and <filename>pam_winbind.so - </filename> to <filename>/lib/security</filename>. A symbolic link needs to be + <filename>/lib</filename> and <filename>pam_winbind.so</filename> + to <filename>/lib/security</filename>. A symbolic link needs to be made from <filename>/lib/libnss_winbind.so</filename> to <filename>/lib/libnss_winbind.so.2</filename>. If you are using an older version of glibc then the target of the link should be <filename>/lib/libnss_winbind.so.1</filename>.</para> - <para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> containing directives like the - following: -<programlisting> + <para>Finally, setup a <filename>smb.conf</filename> containing directives like the + following: </para> + + <para><programlisting> [global] winbind separator = + winbind cache time = 10 @@ -290,7 +303,7 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok workgroup = DOMAIN security = domain password server = * -</programlisting></para> + </programlisting></para> <para>Now start winbindd and you should find that your user and @@ -308,14 +321,19 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <para>The following notes are useful when configuring and running <command>winbindd</command>: </para> - <para><citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must be running on the local machine - for <command>winbindd</command> to work. <command>winbindd</command> queries - the list of trusted domains for the Windows NT server + <para><command>nmbd</command> must be running on the local machine + for <command>winbindd</command> to work. <command>winbindd</command> + queries the list of trusted domains for the Windows NT server on startup and when a SIGHUP is received. Thus, for a running <command> winbindd</command> to become aware of new trust relationships between servers, it must be sent a SIGHUP signal. </para> + <para>Client processes resolving names through the <command>winbindd</command> + nsswitch module read an environment variable named <envar> + $WINBINDD_DOMAIN</envar>. If this variable contains a comma separated + list of Windows NT domain names, then winbindd will only resolve users + and groups within those Windows NT domains. </para> + <para>PAM is really easy to misconfigure. Make sure you know what you are doing when modifying PAM configuration files. It is possible to set up PAM such that you can no longer log into your system. </para> @@ -339,9 +357,8 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <variablelist> <varlistentry> <term>SIGHUP</term> - <listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file and - apply any parameter changes to the running + <listitem><para>Reload the <filename>smb.conf(5)</filename> + file and apply any parameter changes to the running version of winbindd. This signal also clears any cached user and group information. The list of other domains trusted by winbindd is also reloaded. </para></listitem> @@ -381,21 +398,6 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok </varlistentry> <varlistentry> - <term>$LOCKDIR/winbindd_privilaged/pipe</term> - <listitem><para>The UNIX pipe over which 'privilaged' clients - communicate with the <command>winbindd</command> program. For security - reasons, access to some winbindd functions - like those needed by - the <command>ntlm_auth</command> utility - is restricted. By default, - only users in the 'root' group will get this access, however the administrator - may change the group permissions on $LOCKDIR/winbindd_privilaged to allow - programs like 'squid' to use ntlm_auth. - Note that the winbind client will only attempt to connect to the winbindd daemon - if both the <filename>$LOCKDIR/winbindd_privilaged</filename> directory - and <filename>$LOCKDIR/winbindd_privilaged/pipe</filename> file are owned by - root. </para></listitem> - </varlistentry> - - <varlistentry> <term>/lib/libnss_winbind.so.X</term> <listitem><para>Implementation of name service switch library. </para></listitem> @@ -429,13 +431,10 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok <refsect1> <title>SEE ALSO</title> - <para><filename>nsswitch.conf(5)</filename>, <citerefentry> - <refentrytitle>Samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry> - <refentrytitle>wbinfo</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry> - <refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum></citerefentry></para> + <para><filename>nsswitch.conf(5)</filename>, + <ulink url="samba.7.html">samba(7)</ulink>, + <ulink url="wbinfo.1.html">wbinfo(1)</ulink>, + <ulink url="smb.conf.5.html">smb.conf(5)</ulink></para> </refsect1> <refsect1> @@ -446,12 +445,11 @@ auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.</para> - <para><command>wbinfo</command> and <command>winbindd</command> were - written by Tim Potter.</para> + <para><command>wbinfo</command> and <command>winbindd</command> + were written by Tim Potter.</para> <para>The conversion to DocBook for Samba 2.2 was done - by Gerald Carter. The conversion to DocBook XML 4.2 for - Samba 3.0 was done by Alexander Bokovoy.</para> + by Gerald Carter</para> </refsect1> </refentry> diff --git a/docs/docbook/projdoc/ADS-HOWTO.sgml b/docs/docbook/projdoc/ADS-HOWTO.sgml index a98fe14e31..887ecd74c2 100644 --- a/docs/docbook/projdoc/ADS-HOWTO.sgml +++ b/docs/docbook/projdoc/ADS-HOWTO.sgml @@ -14,10 +14,67 @@ This is a rough guide to setting up Samba 3.0 with kerberos authentication again Windows2000 KDC. </para> +<para>Pieces you need before you begin:</para> +<para> +<simplelist> +<member>a Windows 2000 server.</member> +<member>samba 3.0 or higher.</member> +<member>the MIT kerberos development libraries (either install from the above sources or use a package). The heimdal libraries will not work.</member> +<member>the OpenLDAP development libraries.</member> +</simplelist> +</para> + +<sect1> +<title>Installing the required packages for Debian</title> + +<para>On Debian you need to install the following packages:</para> +<para> +<simplelist> +<member>libkrb5-dev</member> +<member>krb5-user</member> +</simplelist> +</para> +</sect1> + +<sect1> +<title>Installing the required packages for RedHat</title> + +<para>On RedHat this means you should have at least: </para> +<para> +<simplelist> +<member>krb5-workstation (for kinit)</member> +<member>krb5-libs (for linking with)</member> +<member>krb5-devel (because you are compiling from source)</member> +</simplelist> +</para> + +<para>in addition to the standard development environment.</para> + +<para>Note that these are not standard on a RedHat install, and you may need +to get them off CD2.</para> + +</sect1> + <sect1> -<title>Setup your <filename>smb.conf</filename></title> +<title>Compile Samba</title> +<para>If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR.</para> -<para>You must use at least the following 3 options in smb.conf:</para> +<para>After you run configure make sure that include/config.h it + generates contains + lines like this:</para> + +<para><programlisting> +#define HAVE_KRB5 1 +#define HAVE_LDAP 1 +</programlisting></para> + +<para>If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it.</para> + +<para>Then compile and install Samba as usual. You must use at least the + following 3 options in smb.conf:</para> <para><programlisting> realm = YOUR.KERBEROS.REALM @@ -36,13 +93,13 @@ In case samba can't figure out your ads server using your realm name, use the <para>You do *not* need a smbpasswd file, and older clients will be authenticated as if "security = domain", although it won't do any harm and allows you to have local users not in the domain. - I expect that the above required options will change soon when we get better - active directory integration.</para> - + I expect that the above + required options will change soon when we get better active + directory integration.</para> </sect1> - + <sect1> -<title>Setup your <filename>/etc/krb5.conf</filename></title> +<title>Setup your /etc/krb5.conf</title> <para>The minimal configuration for krb5.conf is:</para> @@ -130,11 +187,12 @@ specify the -k option to choose kerberos authentication. <sect1> <title>Notes</title> -<para>You must change administrator password at least once after DC -install, to create the right encoding types</para> +<para>You must change administrator password at least once after DC install, + to create the right encoding types</para> <para>w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in their defaults DNS setup. Maybe fixed in service packs?</para> + </sect1> </chapter> diff --git a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml b/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml deleted file mode 100644 index 18fda67123..0000000000 --- a/docs/docbook/projdoc/AdvancedNetworkAdmin.sgml +++ /dev/null @@ -1,57 +0,0 @@ -<chapter id="AdvancedNetworkManagement"> -<chapterinfo> - <author> - <firstname>John H</firstname><surname>Terpstra</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address> - <email>jht@samba.org</email> - </address> - </affiliation> - </author> - <pubdate>April 3 2003</pubdate> -</chapterinfo> - -<title>Advanced Network Manangement Information</title> - -<sect1> -<title>Remote Server Administration</title> - - -<para> -<emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis> -</para> - -<para> -Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', -the 'Server Manager'? -</para> - -<para> -Microsoft distributes a version of these tools called nexus for installation on Windows 95 -systems. The tools set includes: -</para> - -<itemizedlist> - <listitem><para>Server Manager</para></listitem> - - <listitem><para>User Manager for Domains</para></listitem> - - <listitem><para>Event Viewer</para></listitem> -</itemizedlist> - -<para> -Click here to download the archived file <ulink -url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink> -</para> - -<para> -The Windows NT 4.0 version of the 'User Manager for -Domains' and 'Server Manager' are available from Microsoft via ftp -from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink> -</para> - -</sect1> - -</chapter> - diff --git a/docs/docbook/projdoc/Browsing-Quickguide.sgml b/docs/docbook/projdoc/Browsing-Quickguide.sgml index adf20b7386..0a5cf72038 100644 --- a/docs/docbook/projdoc/Browsing-Quickguide.sgml +++ b/docs/docbook/projdoc/Browsing-Quickguide.sgml @@ -85,81 +85,6 @@ minutes to stabilise, particularly across network segments. </sect1> <sect1> -<title>How browsing functions and how to deploy stable and -dependable browsing using Samba</title> - - -<para> -As stated above, MS Windows machines register their NetBIOS names -(i.e.: the machine name for each service type in operation) on start -up. Also, as stated above, the exact method by which this name registration -takes place is determined by whether or not the MS Windows client/server -has been given a WINS server address, whether or not LMHOSTS lookup -is enabled, or if DNS for NetBIOS name resolution is enabled, etc. -</para> - -<para> -In the case where there is no WINS server all name registrations as -well as name lookups are done by UDP broadcast. This isolates name -resolution to the local subnet, unless LMHOSTS is used to list all -names and IP addresses. In such situations Samba provides a means by -which the samba server name may be forcibly injected into the browse -list of a remote MS Windows network (using the "remote announce" parameter). -</para> - -<para> -Where a WINS server is used, the MS Windows client will use UDP -unicast to register with the WINS server. Such packets can be routed -and thus WINS allows name resolution to function across routed networks. -</para> - -<para> -During the startup process an election will take place to create a -local master browser if one does not already exist. On each NetBIOS network -one machine will be elected to function as the domain master browser. This -domain browsing has nothing to do with MS security domain control. -Instead, the domain master browser serves the role of contacting each local -master browser (found by asking WINS or from LMHOSTS) and exchanging browse -list contents. This way every master browser will eventually obtain a complete -list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By the nature of -the election criteria used, the machine with the highest uptime, or the -most senior protocol version, or other criteria, will win the election -as domain master browser. -</para> - -<para> -Clients wishing to browse the network make use of this list, but also depend -on the availability of correct name resolution to the respective IP -address/addresses. -</para> - -<para> -Any configuration that breaks name resolution and/or browsing intrinsics -will annoy users because they will have to put up with protracted -inability to use the network services. -</para> - -<para> -Samba supports a feature that allows forced synchonisation -of browse lists across routed networks using the "remote -browse sync" parameter in the smb.conf file. This causes Samba -to contact the local master browser on a remote network and -to request browse list synchronisation. This effectively bridges -two networks that are separated by routers. The two remote -networks may use either broadcast based name resolution or WINS -based name resolution, but it should be noted that the "remote -browse sync" parameter provides browse list synchronisation - and -that is distinct from name to address resolution, in other -words, for cross subnet browsing to function correctly it is -essential that a name to address resolution mechanism be provided. -This mechanism could be via DNS, <filename>/etc/hosts</filename>, -and so on. -</para> - -</sect1> - -<sect1> <title>Use of the "Remote Announce" parameter</title> <para> The "remote announce" parameter of smb.conf can be used to forcibly ensure diff --git a/docs/docbook/projdoc/Browsing.sgml b/docs/docbook/projdoc/Browsing.sgml index 60512c3cd1..aeb3b477c5 100644 --- a/docs/docbook/projdoc/Browsing.sgml +++ b/docs/docbook/projdoc/Browsing.sgml @@ -534,10 +534,10 @@ options in the [global] section of the smb.conf file : <para> <programlisting> -domain master = yes -local master = yes -preferred master = yes -os level = 65 + domain master = yes + local master = yes + preferred master = yes + os level = 65 </programlisting> </para> @@ -559,10 +559,10 @@ smb.conf file : <para> <programlisting> -domain master = no -local master = yes -preferred master = yes -os level = 65 + domain master = no + local master = yes + preferred master = yes + os level = 65 </programlisting> </para> @@ -588,10 +588,10 @@ options in the [global] section of the smb.conf file : <para> <programlisting> -domain master = no -local master = no -preferred master = no -os level = 0 + domain master = no + local master = no + preferred master = no + os level = 0 </programlisting> </para> @@ -619,10 +619,10 @@ file : <para> <programlisting> -domain master = no -local master = yes -preferred master = yes -os level = 65 + domain master = no + local master = yes + preferred master = yes + os level = 65 </programlisting> </para> diff --git a/docs/docbook/projdoc/CVS-Access.sgml b/docs/docbook/projdoc/CVS-Access.sgml new file mode 100644 index 0000000000..98ef925f20 --- /dev/null +++ b/docs/docbook/projdoc/CVS-Access.sgml @@ -0,0 +1,157 @@ +<chapter id="cvs-access"> + + +<chapterinfo> + <author> + <affiliation> + <orgname>Samba Team</orgname> + </affiliation> + </author> + + + <pubdate> (22 May 2001) </pubdate> +</chapterinfo> + +<title>HOWTO Access Samba source code via CVS</title> + +<sect1> +<title>Introduction</title> + +<para> +Samba is developed in an open environment. Developers use CVS +(Concurrent Versioning System) to "checkin" (also known as +"commit") new source code. Samba's various CVS branches can +be accessed via anonymous CVS using the instructions +detailed in this chapter. +</para> + +<para> +This document is a modified version of the instructions found at +<ulink url="http://samba.org/samba/cvs.html">http://samba.org/samba/cvs.html</ulink> +</para> + +</sect1> + + +<sect1> +<title>CVS Access to samba.org</title> + +<para> +The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host. +</para> + +<sect2> +<title>Access via CVSweb</title> + +<para> +You can access the source code via your +favourite WWW browser. This allows you to access the contents of +individual files in the repository and also to look at the revision +history and commit logs of individual files. You can also ask for a diff +listing between any two versions on the repository. +</para> + +<para> +Use the URL : <ulink +url="http://samba.org/cgi-bin/cvsweb">http://samba.org/cgi-bin/cvsweb</ulink> +</para> +</sect2> + +<sect2> +<title>Access via cvs</title> + +<para> +You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser. +</para> + +<para> +To download the latest cvs source code, point your +browser at the URL : <ulink url="http://www.cyclic.com/">http://www.cyclic.com/</ulink>. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com. +</para> + +<para> +To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name +</para> + +<orderedlist> +<listitem> + <para> + Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. + </para> +</listitem> + + +<listitem> + <para> + Run the command + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot login</command> + </para> + + <para> + When it asks you for a password type <userinput>cvs</userinput>. + </para> +</listitem> + + +<listitem> + <para> + Run the command + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot co samba</command> + </para> + + <para> + This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. + </para> + + <para> + CVS branches other HEAD can be obtained by using the <parameter>-r</parameter> + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. + </para> + + <para> + <command>cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba</command> + </para> +</listitem> + +<listitem> + <para> + Whenever you want to merge in the latest code changes use + the following command from within the samba directory: + </para> + + <para> + <command>cvs update -d -P</command> + </para> +</listitem> +</orderedlist> + +</sect2> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/Compiling.sgml b/docs/docbook/projdoc/Compiling.sgml index ac98f34a32..49aafebec0 100644 --- a/docs/docbook/projdoc/Compiling.sgml +++ b/docs/docbook/projdoc/Compiling.sgml @@ -217,64 +217,6 @@ on this system just substitute the correct package name </userinput></para> <para>if you find this version a disaster!</para> - - <sect2> - <title>Compiling samba with Active Directory support</title> - - <para>In order to compile samba with ADS support, you need to have installed - on your system: - <simplelist> - <member>the MIT kerberos development libraries (either install from the sources or use a package). The heimdal libraries will not work.</member> - <member>the OpenLDAP development libraries.</member> - </simplelist> - - <para>If your kerberos libraries are in a non-standard location then - remember to add the configure option --with-krb5=DIR.</para> - - <para>After you run configure make sure that <filename>include/config.h</filename> it generates contains lines like this:</para> - - <para><programlisting> -#define HAVE_KRB5 1 -#define HAVE_LDAP 1 - </programlisting></para> - - <para>If it doesn't then configure did not find your krb5 libraries or - your ldap libraries. Look in config.log to figure out why and fix - it.</para> - - <sect3> - <title>Installing the required packages for Debian</title> - - <para>On Debian you need to install the following packages:</para> - <para> - <simplelist> - <member>libkrb5-dev</member> - <member>krb5-user</member> - </simplelist> - </para> - </sect3> - - <sect3> - <title>Installing the required packages for RedHat</title> - - <para>On RedHat this means you should have at least: </para> - <para> - <simplelist> - <member>krb5-workstation (for kinit)</member> - <member>krb5-libs (for linking with)</member> - <member>krb5-devel (because you are compiling from source)</member> - </simplelist> - </para> - - <para>in addition to the standard development environment.</para> - - <para>Note that these are not standard on a RedHat install, and you may need - to get them off CD2.</para> - - </sect3> - - </sect2> - </sect1> <sect1> diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml index 8ac3520384..b178bfd2c2 100644 --- a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -45,7 +45,9 @@ <parameter>security =</parameter></ulink> line in the [global] section of your smb.conf to read:</para> - <para><command>security = domain</command></para> + <para><command>security = domain</command> or + <command>security = ads</command> depending on if the PDC is + NT4 or running Active Directory respectivly.</para> <para>Next change the <ulink url="smb.conf.5.html#WORKGROUP"><parameter> workgroup =</parameter></ulink> line in the [global] section to read: </para> @@ -84,7 +86,7 @@ <para>In order to actually join the domain, you must run this command:</para> - <para><prompt>root# </prompt><userinput>net rpc join -S DOMPDC + <para><prompt>root# </prompt><userinput>net join -S DOMPDC -U<replaceable>Administrator%password</replaceable></userinput></para> <para>as we are joining the domain DOM and the PDC for that domain @@ -122,6 +124,19 @@ </sect1> <sect1> +<title>Samba and Windows 2000 Domains</title> +<!-- FIXME: this section is partly obsoleted - jelmer@samba.org --> + +<para> +Many people have asked regarding the state of Samba's ability to participate in +a Windows 2000 Domain. Samba 3.0 is able to act as a member server of a Windows +2000 domain operating in mixed or native mode. The steps above apply +to both NT4 and Windows 2000. +</para> + +</sect1> + +<sect1> <title>Why is this better than security = server?</title> <para>Currently, domain security in Samba doesn't free you from @@ -163,11 +178,11 @@ reply, the Samba server gets the user identification information such as the user SID, the list of NT groups the user belongs to, etc. </para> - <note><para> Much of the text of this document + <para><emphasis>NOTE:</emphasis> Much of the text of this document was first published in the Web magazine <ulink url="http://www.linuxworld.com"> LinuxWorld</ulink> as the article <ulink url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html">Doing - the NIS/NT Samba</ulink>.</para></note> + the NIS/NT Samba</ulink>.</para> </sect1> diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml new file mode 100644 index 0000000000..f903d7d334 --- /dev/null +++ b/docs/docbook/projdoc/ENCRYPTION.sgml @@ -0,0 +1,189 @@ +<chapter id="pwencrypt"> + + +<chapterinfo> + <author> + <firstname>Jeremy</firstname><surname>Allison</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jra@samba.org</email> + </address> + </affiliation> + </author> + + <author> + <firstname>Jelmer</firstname><surname>Vernooij</surname> + <affiliation> + <orgname>Samba Team</orgname> + <address> + <email>jelmer@samba.org</email> + </address> + </affiliation> + </author> + + <pubdate>4 November 2002</pubdate> +</chapterinfo> + +<title>LanMan and NT Password Encryption in Samba</title> + + +<sect1> + <title>Introduction</title> + + <para>Newer windows clients send encrypted passwords over + the wire, instead of plain text passwords. The newest clients + will only send encrypted passwords and refuse to send plain text + passwords, unless their registry is tweaked.</para> + + <para>These passwords can't be converted to unix style encrypted + passwords. Because of that you can't use the standard unix + user database, and you have to store the Lanman and NT hashes + somewhere else. For more information, see the documentation + about the <command>passdb backend = </command> parameter. + </para> + +</sect1> + +<sect1> + <title>Important Notes About Security</title> + + <para>The unix and SMB password encryption techniques seem similar + on the surface. This similarity is, however, only skin deep. The unix + scheme typically sends clear text passwords over the network when + logging in. This is bad. The SMB encryption scheme never sends the + cleartext password over the network but it does store the 16 byte + hashed values on disk. This is also bad. Why? Because the 16 byte hashed + values are a "password equivalent". You cannot derive the user's + password from them, but they could potentially be used in a modified + client to gain access to a server. This would require considerable + technical knowledge on behalf of the attacker but is perfectly possible. + You should thus treat the smbpasswd file as though it contained the + cleartext passwords of all your users. Its contents must be kept + secret, and the file should be protected accordingly.</para> + + <para>Ideally we would like a password scheme which neither requires + plain text passwords on the net or on disk. Unfortunately this + is not available as Samba is stuck with being compatible with + other SMB systems (WinNT, WfWg, Win95 etc). </para> + + <warning> + <para>Note that Windows NT 4.0 Service pack 3 changed the + default for permissible authentication so that plaintext + passwords are <emphasis>never</emphasis> sent over the wire. + The solution to this is either to switch to encrypted passwords + with Samba or edit the Windows NT registry to re-enable plaintext + passwords. See the document WinNT.txt for details on how to do + this.</para> + + <para>Other Microsoft operating systems which also exhibit + this behavior includes</para> + + <itemizedlist> + <listitem><para>MS DOS Network client 3.0 with + the basic network redirector installed</para></listitem> + + <listitem><para>Windows 95 with the network redirector + update installed</para></listitem> + + <listitem><para>Windows 98 [se]</para></listitem> + + <listitem><para>Windows 2000</para></listitem> + </itemizedlist> + + <para><emphasis>Note :</emphasis>All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication.</para> + </warning> + + <sect2> + <title>Advantages of SMB Encryption</title> + + <itemizedlist> + <listitem><para>plain text passwords are not passed across + the network. Someone using a network sniffer cannot just + record passwords going to the SMB server.</para> + </listitem> + + <listitem><para>WinNT doesn't like talking to a server + that isn't using SMB encrypted passwords. It will refuse + to browse the server if the server is also in user level + security mode. It will insist on prompting the user for the + password on each connection, which is very annoying. The + only things you can do to stop this is to use SMB encryption. + </para></listitem> + </itemizedlist> + </sect2> + + + <sect2> + <title>Advantages of non-encrypted passwords</title> + + <itemizedlist> + <listitem><para>plain text passwords are not kept + on disk. </para></listitem> + + <listitem><para>uses same password file as other unix + services such as login and ftp</para></listitem> + + <listitem><para>you are probably already using other + services (such as telnet and ftp) which send plain text + passwords over the net, so sending them for SMB isn't + such a big deal.</para></listitem> + </itemizedlist> + </sect2> +</sect1> + + +<sect1> + <title>The smbpasswd Command</title> + + <para>The smbpasswd command maintains the two 32 byte password fields + in the smbpasswd file. If you wish to make it similar to the unix + <command>passwd</command> or <command>yppasswd</command> programs, + install it in <filename>/usr/local/samba/bin/</filename> (or your + main Samba binary directory).</para> + + <para><command>smbpasswd</command> now works in a client-server mode + where it contacts the local smbd to change the user's password on its + behalf. This has enormous benefits - as follows.</para> + + <para><command>smbpasswd</command> now has the capability + to change passwords on Windows NT servers (this only works when + the request is sent to the NT Primary Domain Controller if you + are changing an NT Domain user's password).</para> + + <para>To run smbpasswd as a normal user just type :</para> + + <para><prompt>$ </prompt><userinput>smbpasswd</userinput></para> + <para><prompt>Old SMB password: </prompt><userinput><type old value here - + or hit return if there was no old password></userinput></para> + <para><prompt>New SMB Password: </prompt><userinput><type new value> + </userinput></para> + <para><prompt>Repeat New SMB Password: </prompt><userinput><re-type new value + </userinput></para> + + <para>If the old value does not match the current value stored for + that user, or the two new values do not match each other, then the + password will not be changed.</para> + + <para>If invoked by an ordinary user it will only allow the user + to change his or her own Samba password.</para> + + <para>If run by the root user smbpasswd may take an optional + argument, specifying the user name whose SMB password you wish to + change. Note that when run as root smbpasswd does not prompt for + or check the old password value, thus allowing root to set passwords + for users who have forgotten their passwords.</para> + + <para><command>smbpasswd</command> is designed to work in the same way + and be familiar to UNIX users who use the <command>passwd</command> or + <command>yppasswd</command> commands.</para> + + <para>For more details on using <command>smbpasswd</command> refer + to the man page which will always be the definitive reference.</para> +</sect1> + +</chapter> diff --git a/docs/docbook/projdoc/GroupProfiles.sgml b/docs/docbook/projdoc/GroupProfiles.sgml new file mode 100644 index 0000000000..8bdf98059a --- /dev/null +++ b/docs/docbook/projdoc/GroupProfiles.sgml @@ -0,0 +1,289 @@ +<chapter id="GroupProfiles"> +<chapterinfo> + <author> + <firstname>John</firstname><surname>Terpstra</surname> + </author> + <author> + <firstname>Jelmer</firstname><surname>Vernooij</surname> + </author> + <author> + <firstname>John</firstname><surname>Russell</surname> + <affiliation> + <address><email>apca72@dsl.pipex.com</email></address> + </affiliation> + </author> +</chapterinfo> + +<title>Creating Group Prolicy Files</title> + +<sect1> +<title>Windows '9x</title> +<para> +You need the Win98 Group Policy Editor to +set Group Profiles up under Windows '9x. It can be found on the Original +full product Win98 installation CD under +<filename>tools/reskit/netadmin/poledit</filename>. You install this +using the Add/Remove Programs facility and then click on the 'Have Disk' +tab. +</para> + +<para> +Use the Group Policy Editor to create a policy file that specifies the +location of user profiles and/or the <filename>My Documents</filename> etc. +stuff. You then save these settings in a file called +<filename>Config.POL</filename> that needs to be placed in +the root of the [NETLOGON] share. If your Win98 is configured to log onto +the Samba Domain, it will automatically read this file and update the +Win9x/Me registry of the machine that is logging on. +</para> + +<para> +All of this is covered in the Win98 Resource Kit documentation. +</para> + +<para> +If you do not do it this way, then every so often Win9x/Me will check the +integrity of the registry and will restore it's settings from the back-up +copy of the registry it stores on each Win9x/Me machine. Hence, you will +occasionally notice things changing back to the original settings. +</para> + +<para> +The following all refers to Windows NT/200x profile migration - not to policies. +We need a separate section on policies (NTConfig.Pol) for NT4/200x. +</para> +</sect1> + +<sect1> +<title>Windows NT 4</title> + +<para> +Unfortunately, the Resource Kit info is Win NT4 or 200x specific. +</para> + +<para> +Here is a quick guide: +</para> + +<itemizedlist> + +<listitem><para> +On your NT4 Domain Controller, right click on 'My Computer', then +select the tab labelled 'User Profiles'. +</para></listitem> + +<listitem><para> +Select a user profile you want to migrate and click on it. +</para> + +<note><para>I am using the term "migrate" lossely. You can copy a profile to +create a group profile. You can give the user 'Everyone' rights to the +profile you copy this to. That is what you need to do, since your samba +domain is not a member of a trust relationship with your NT4 PDC.</para></note> +</listitem> + +<listitem><para>Click the 'Copy To' button.</para></listitem> + +<listitem><para>In the box labelled 'Copy Profile to' add your new path, eg: +<filename>c:\temp\foobar</filename></para></listitem> + +<listitem><para>Click on the button labelled 'Change' in the "Permitted to use" box.</para></listitem> + +<listitem><para>Click on the group 'Everyone' and then click OK. This closes the +'chose user' box.</para></listitem> + +<listitem><para>Now click OK.</para></listitem> +</itemizedlist> + +<para> +Follow the above for every profile you need to migrate. +</para> + +<sect2> +<title>Side bar Notes</title> + +<para> +You should obtain the SID of your NT4 domain. You can use smbpasswd to do +this. Read the man page.</para> + +<para> +With Samba-3.0.0 alpha code you can import all you NT4 domain accounts +using the net samsync method. This way you can retain your profile +settings as well as all your users. +</para> + +</sect2> + +<sect2> +<title>Mandatory profiles</title> + +<para> +The above method can be used to create mandatory profiles also. To convert +a group profile into a mandatory profile simply locate the NTUser.DAT file +in the copied profile and rename it to NTUser.MAN. +</para> + +</sect2> + +<sect2> +<title>moveuser.exe</title> + +<para> +The W2K professional resource kit has moveuser.exe. moveuser.exe changes +the security of a profile from one user to another. This allows the account +domain to change, and/or the user name to change. +</para> + +</sect2> + +<sect2> +<title>Get SID</title> + +<para> +You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 +Resource Kit. +</para> + +<para> +Windows NT 4.0 stores the local profile information in the registry under +the following key: +HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList +</para> + +<para> +Under the ProfileList key, there will be subkeys named with the SIDs of the +users who have logged on to this computer. (To find the profile information +for the user whose locally cached profile you want to move, find the SID for +the user with the GetSID.exe utility.) Inside of the appropriate user's +subkey, you will see a string value named ProfileImagePath. +</para> + +</sect2> + +</sect1> + +<sect1> +<title>Windows 2000/XP</title> + +<para> +You must first convert the profile from a local profile to a domain +profile on the MS Windows workstation as follows: +</para> + +<itemizedlist> +<listitem><para> +Log on as the LOCAL workstation administrator. +</para></listitem> + +<listitem><para> +Right click on the 'My Computer' Icon, select 'Properties' +</para></listitem> + +<listitem><para> +Click on the 'User Profiles' tab +</para></listitem> + +<listitem><para> +Select the profile you wish to convert (click on it once) +</para></listitem> + +<listitem><para> +Click on the button 'Copy To' +</para></listitem> + +<listitem><para> +In the "Permitted to use" box, click on the 'Change' button. +</para></listitem> + +<listitem><para> +Click on the 'Look in" area that lists the machine name, when you click +here it will open up a selection box. Click on the domain to which the +profile must be accessible. +</para> + +<note><para>You will need to log on if a logon box opens up. Eg: In the connect +as: MIDEARTH\root, password: mypassword.</para></note> +</listitem> + +<listitem><para> +To make the profile capable of being used by anyone select 'Everyone' +</para></listitem> + +<listitem><para> +Click OK. The Selection box will close. +</para></listitem> + +<listitem><para> +Now click on the 'Ok' button to create the profile in the path you +nominated. +</para></listitem> +</itemizedlist> + +<para> +Done. You now have a profile that can be editted using the samba-3.0.0 +profiles tool. +</para> + +<note> +<para> +Under NT/2K the use of mandotory profiles forces the use of MS Exchange +storage of mail data. That keeps desktop profiles usable. +</para> +</note> + +<note> +<itemizedlist> +<listitem><para> +This is a security check new to Windows XP (or maybe only +Windows XP service pack 1). It can be disabled via a group policy in +Active Directory. The policy is:</para> + +<para>"Computer Configuration\Administrative Templates\System\User +Profiles\Do not check for user ownership of Roaming Profile Folders"</para> + +<para>...and it should be set to "Enabled". +Does the new version of samba have an Active Directory analogue? If so, +then you may be able to set the policy through this. +</para> + +<para> +If you cannot set group policies in samba, then you may be able to set +the policy locally on each machine. If you want to try this, then do +the following (N.B. I don't know for sure that this will work in the +same way as a domain group policy): +</para> + +</listitem> + +<listitem><para> +On the XP workstation log in with an Administrator account. +</para></listitem> + +<listitem><para>Click: "Start", "Run"</para></listitem> +<listitem><para>Type: "mmc"</para></listitem> +<listitem><para>Click: "OK"</para></listitem> + +<listitem><para>A Microsoft Management Console should appear.</para></listitem> +<listitem><para>Click: File, "Add/Remove Snap-in...", "Add"</para></listitem> +<listitem><para>Double-Click: "Group Policy"</para></listitem> +<listitem><para>Click: "Finish", "Close"</para></listitem> +<listitem><para>Click: "OK"</para></listitem> + +<listitem><para>In the "Console Root" window:</para></listitem> +<listitem><para>Expand: "Local Computer Policy", "Computer Configuration",</para></listitem> +<listitem><para>"Administrative Templates", "System", "User Profiles"</para></listitem> +<listitem><para>Double-Click: "Do not check for user ownership of Roaming Profile</para></listitem> +<listitem><para>Folders"</para></listitem> +<listitem><para>Select: "Enabled"</para></listitem> +<listitem><para>Click: OK"</para></listitem> + +<listitem><para>Close the whole console. You do not need to save the settings (this +refers to the console settings rather than the policies you have +changed).</para></listitem> + +<listitem><para>Reboot</para></listitem> +</itemizedlist> +</note> + +</sect1> +</chapter> diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml index 8a5c0c40f2..a4e79fd42b 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.sgml +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -18,46 +18,48 @@ <title>Integrating MS Windows networks with Samba</title> -<para> -This section deals with NetBIOS over TCP/IP name to IP address resolution. If you -your MS Windows clients are NOT configured to use NetBIOS over TCP/IP then this -section does not apply to your installation. If your installation involves use of -NetBIOS over TCP/IP then this section may help you to resolve networking problems. -</para> +<sect1> +<title>Agenda</title> -<note> <para> - NetBIOS over TCP/IP has nothing to do with NetBEUI. NetBEUI is NetBIOS - over Logical Link Control (LLC). On modern networks it is highly advised - to NOT run NetBEUI at all. Note also that there is NO such thing as - NetBEUI over TCP/IP - the existence of such a protocol is a complete - and utter mis-apprehension. +To identify the key functional mechanisms of MS Windows networking +to enable the deployment of Samba as a means of extending and/or +replacing MS Windows NT/2000 technology. </para> -</note> <para> -Since the introduction of MS Windows 2000 it is possible to run MS Windows networking -without the use of NetBIOS over TCP/IP. NetBIOS over TCP/IP uses UDP port 137 for NetBIOS -name resolution and uses TCP port 139 for NetBIOS session services. When NetBIOS over -TCP/IP is disabled on MS Windows 2000 and later clients then only TCP port 445 will be -used and UDP port 137 and TCP port 139 will not. +We will examine: </para> -<note> -<para> -When using Windows 2000 or later clients, if NetBIOS over TCP/IP is NOT disabled, then -the client will use UDP port 137 (NetBIOS Name Service, also known as the Windows Internet -Name Service or WINS), TCP port 139 AND TCP port 445 (for actual file and print traffic). -</para> -</note> +<orderedlist> + <listitem><para>Name resolution in a pure Unix/Linux TCP/IP + environment + </para></listitem> -<para> -When NetBIOS over TCP/IP is disabled the use of DNS is essential. Most installations that -disable NetBIOS over TCP/IP today use MS Active Directory Service (ADS). ADS requires -Dynamic DNS with Service Resource Records (SRV RR) and with Incremental Zone Transfers (IXFR). -Use of DHCP with ADS is recommended as a further means of maintaining central control -over client workstation network configuration. -</para> + <listitem><para>Name resolution as used within MS Windows + networking + </para></listitem> + + <listitem><para>How browsing functions and how to deploy stable + and dependable browsing using Samba + </para></listitem> + + <listitem><para>MS Windows security options and how to + configure Samba for seemless integration + </para></listitem> + + <listitem><para>Configuration of Samba as:</para> + <orderedlist> + <listitem><para>A stand-alone server</para></listitem> + <listitem><para>An MS Windows NT 3.x/4.0 security domain member + </para></listitem> + <listitem><para>An alternative to an MS Windows NT 3.x/4.0 Domain Controller + </para></listitem> + </orderedlist> + </listitem> +</orderedlist> + +</sect1> <sect1> @@ -553,4 +555,381 @@ of the WINS server. </sect2> </sect1> + +<sect1> +<title>How browsing functions and how to deploy stable and +dependable browsing using Samba</title> + + +<para> +As stated above, MS Windows machines register their NetBIOS names +(i.e.: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc. +</para> + +<para> +In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter). +</para> + +<para> +Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks. +</para> + +<para> +During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By the nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser. +</para> + +<para> +Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses. +</para> + +<para> +Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services. +</para> + +<para> +Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, <filename>/etc/hosts</filename>, +and so on. +</para> + +</sect1> + +<sect1> +<title>MS Windows security options and how to configure +Samba for seemless integration</title> + +<para> +MS Windows clients may use encrypted passwords as part of a +challenege/response authentication model (a.k.a. NTLMv1) or +alone, or clear text strings for simple password based +authentication. It should be realized that with the SMB +protocol the password is passed over the network either +in plain text or encrypted, but not both in the same +authentication requets. +</para> + +<para> +When encrypted passwords are used a password that has been +entered by the user is encrypted in two ways: +</para> + +<itemizedlist> + <listitem><para>An MD4 hash of the UNICODE of the password + string. This is known as the NT hash. + </para></listitem> + + <listitem><para>The password is converted to upper case, + and then padded or trucated to 14 bytes. This string is + then appended with 5 bytes of NULL characters and split to + form two 56 bit DES keys to encrypt a "magic" 8 byte value. + The resulting 16 bytes for the LanMan hash. + </para></listitem> +</itemizedlist> + +<para> +You should refer to the <ulink url="ENCRYPTION.html"> +Password Encryption</ulink> chapter in this HOWTO collection +for more details on the inner workings +</para> + +<para> +MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x +and version 4.0 pre-service pack 3 will use either mode of +password authentication. All versions of MS Windows that follow +these versions no longer support plain text passwords by default. +</para> + +<para> +MS Windows clients have a habit of dropping network mappings that +have been idle for 10 minutes or longer. When the user attempts to +use the mapped drive connection that has been dropped, the client +re-establishes the connection using +a cached copy of the password. +</para> + +<para> +When Microsoft changed the default password mode, they dropped support for +caching of the plain text password. This means that when the registry +parameter is changed to re-enable use of plain text passwords it appears to +work, but when a dropped mapping attempts to revalidate it will fail if +the remote authentication server does not support encrypted passwords. +This means that it is definitely not a good idea to re-enable plain text +password support in such clients. +</para> + +<para> +The following parameters can be used to work around the +issue of Windows 9x client upper casing usernames and +password before transmitting them to the SMB server +when using clear text authentication. +</para> + +<para><programlisting> + <ulink url="smb.conf.5.html#PASSWORDLEVEL">passsword level</ulink> = <replaceable>integer</replaceable> + <ulink url="smb.conf.5.html#USERNAMELEVEL">username level</ulink> = <replaceable>integer</replaceable> +</programlisting></para> + +<para> +By default Samba will lower case the username before attempting +to lookup the user in the database of local system accounts. +Because UNIX usernames conventionally only contain lower case +character, the <parameter>username level</parameter> parameter +is rarely even needed. +</para> + +<para> +However, password on UNIX systems often make use of mixed case +characters. This means that in order for a user on a Windows 9x +client to connect to a Samba server using clear text authentication, +the <parameter>password level</parameter> must be set to the maximum +number of upper case letter which <emphasis>could</emphasis> appear +is a password. Note that is the server OS uses the traditional +DES version of crypt(), then a <parameter>password level</parameter> +of 8 will result in case insensitive passwords as seen from Windows +users. This will also result in longer login times as Samba +hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail). +</para> + +<para> +The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords: +</para> + + +<sect2> +<title>Use MS Windows NT as an authentication server</title> + +<para> +This method involves the additions of the following parameters +in the smb.conf file: +</para> + +<para><programlisting> + encrypt passwords = Yes + security = server + password server = "NetBIOS_name_of_PDC" +</programlisting></para> + + +<para> +There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code. +</para> + +<para> +The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts. +</para> + +<para> +Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients. +</para> + +</sect2> + +<sect2> +<title>Make Samba a member of an MS Windows NT security domain</title> + +<para> +This method involves additon of the following paramters in the smb.conf file: +</para> + +<para><programlisting> + encrypt passwords = Yes + security = domain + workgroup = "name of NT domain" + password server = * +</programlisting></para> + +<para> +The use of the "*" argument to "password server" will cause samba +to locate the domain controller in a way analogous to the way +this is done within MS Windows NT. +</para> + +<para> +In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows: +</para> + +<itemizedlist> + <listitem><para>On the MS Windows NT domain controller using + the Server Manager add a machine account for the Samba server. + </para></listitem> + + <listitem><para>Next, on the Linux system execute: + <command>smbpasswd -r PDC_NAME -j DOMAIN_NAME</command> + </para></listitem> +</itemizedlist> + +<para> +Use of this mode of authentication does require there to be +a standard Unix account for the user in order to assign +a uid once the account has been authenticated by the remote +Windows DC. This account can be blocked to prevent logons by +other than MS Windows clients by things such as setting an invalid +shell in the <filename>/etc/passwd</filename> entry. +</para> + +<para> +An alternative to assigning UIDs to Windows users on a +Samba member server is presented in the <ulink +url="winbind.html">Winbind Overview</ulink> chapter in +this HOWTO collection. +</para> + + +</sect2> + + +<sect2> +<title>Configure Samba as an authentication server</title> + +<para> +This mode of authentication demands that there be on the +Unix/Linux system both a Unix style account as well as an +smbpasswd entry for the user. The Unix system account can be +locked if required as only the encrypted password will be +used for SMB client authentication. +</para> + +<para> +This method involves addition of the following parameters to +the smb.conf file: +</para> + +<para><programlisting> +## please refer to the Samba PDC HOWTO chapter later in +## this collection for more details +[global] + encrypt passwords = Yes + security = user + domain logons = Yes + ; an OS level of 33 or more is recommended + os level = 33 + +[NETLOGON] + path = /somewhare/in/file/system + read only = yes +</programlisting></para> + +<para> +in order for this method to work a Unix system account needs +to be created for each user, as well as for each MS Windows NT/2000 +machine. The following structure is required. +</para> + +<sect3> +<title>Users</title> + +<para> +A user account that may provide a home directory should be +created. The following Linux system commands are typical of +the procedure for creating an account. +</para> + +<para><programlisting> + # useradd -s /bin/bash -d /home/"userid" -m "userid" + # passwd "userid" + Enter Password: <pw> + + # smbpasswd -a "userid" + Enter Password: <pw> +</programlisting></para> +</sect3> + +<sect3> +<title>MS Windows NT Machine Accounts</title> + +<para> +These are required only when Samba is used as a domain +controller. Refer to the Samba-PDC-HOWTO for more details. +</para> + +<para><programlisting> + # useradd -s /bin/false -d /dev/null "machine_name"\$ + # passwd -l "machine_name"\$ + # smbpasswd -a -m "machine_name" +</programlisting></para> +</sect3> +</sect2> +</sect1> + + +<sect1> +<title>Conclusions</title> + +<para> +Samba provides a flexible means to operate as... +</para> + +<itemizedlist> + <listitem><para>A Stand-alone server - No special action is needed + other than to create user accounts. Stand-alone servers do NOT + provide network logon services, meaning that machines that use this + server do NOT perform a domain logon but instead make use only of + the MS Windows logon which is local to the MS Windows + workstation/server. + </para></listitem> + + <listitem><para>An MS Windows NT 3.x/4.0 security domain member. + </para></listitem> + + + <listitem><para>An alternative to an MS Windows NT 3.x/4.0 + Domain Controller. + </para></listitem> + +</itemizedlist> + +</sect1> + </chapter> diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml index a68a820b76..2843331519 100644 --- a/docs/docbook/projdoc/NT_Security.sgml +++ b/docs/docbook/projdoc/NT_Security.sgml @@ -22,8 +22,10 @@ <title>Viewing and changing UNIX permissions using the NT security dialogs</title> - <para>Windows NT clients can use their native security settings - dialog box to view and modify the underlying UNIX permissions.</para> + + <para>New in the Samba 2.0.4 release is the ability for Windows + NT clients to use their native security settings dialog box to + view and modify the underlying UNIX permissions.</para> <para>Note that this ability is careful not to compromise the security of the UNIX host Samba is running on, and @@ -34,12 +36,13 @@ <sect1> <title>How to view file security on a Samba share</title> - <para>From an NT4/2000/XP client, single-click with the right + <para>From an NT 4.0 client, single-click with the right mouse button on any file or directory in a Samba mounted drive letter or UNC path. When the menu pops-up, click on the <emphasis>Properties</emphasis> entry at the bottom of - the menu. This brings up the file properties dialog - box. Click on the tab <emphasis>Security</emphasis> and you + the menu. This brings up the normal file properties dialog + box, but with Samba 2.0.4 this will have a new tab along the top + marked <emphasis>Security</emphasis>. Click on this tab and you will see three buttons, <emphasis>Permissions</emphasis>, <emphasis>Auditing</emphasis>, and <emphasis>Ownership</emphasis>. The <emphasis>Auditing</emphasis> button will cause either @@ -86,7 +89,7 @@ <para>There is an NT chown command that will work with Samba and allow a user with Administrator privilege connected - to a Samba server as root to change the ownership of + to a Samba 2.0.4 server as root to change the ownership of files on both a local NTFS filesystem or remote mounted NTFS or Samba drive. This is available as part of the <emphasis>Seclib </emphasis> NT security library written by Jeremy Allison of @@ -190,7 +193,7 @@ </command> message.</para> <para>The first thing to note is that the <command>"Add"</command> - button will not return a list of users in Samba (it will give + button will not return a list of users in Samba 2.0.4 (it will give an error message of <command>"The remote procedure call failed and did not execute"</command>). This means that you can only manipulate the current user/group/world permissions listed in @@ -230,9 +233,8 @@ <title>Interaction with the standard Samba create mask parameters</title> - <para>There are four parameters - to control interaction with the standard Samba create mask parameters. - These are :</para> + <para>Note that with Samba 2.0.5 there are four new parameters + to control this interaction. These are :</para> <para><parameter>security mask</parameter></para> <para><parameter>force security mode</parameter></para> @@ -254,8 +256,9 @@ <para>If not set explicitly this parameter is set to the same value as the <ulink url="smb.conf.5.html#CREATEMASK"><parameter>create mask - </parameter></ulink> parameter. To allow a user to modify all the - user/group/world permissions on a file, set this parameter + </parameter></ulink> parameter to provide compatibility with Samba 2.0.4 + where this permission change facility was introduced. To allow a user to + modify all the user/group/world permissions on a file, set this parameter to 0777.</para> <para>Next Samba checks the changed permissions for a file against @@ -270,7 +273,8 @@ <para>If not set explicitly this parameter is set to the same value as the <ulink url="smb.conf.5.html#FORCECREATEMODE"><parameter>force - create mode</parameter></ulink> parameter. + create mode</parameter></ulink> parameter to provide compatibility + with Samba 2.0.4 where the permission change facility was introduced. To allow a user to modify all the user/group/world permissions on a file with no restrictions set this parameter to 000.</para> @@ -289,7 +293,9 @@ by default is set to the same value as the <parameter>directory mask </parameter> parameter and the <parameter>force directory security mode</parameter> parameter by default is set to the same value as - the <parameter>force directory mode</parameter> parameter. </para> + the <parameter>force directory mode</parameter> parameter to provide + compatibility with Samba 2.0.4 where the permission change facility + was introduced.</para> <para>In this way Samba enforces the permission restrictions that an administrator can set on a Samba share, whilst still allowing users @@ -305,6 +311,15 @@ <para><parameter>force security mode = 0</parameter></para> <para><parameter>directory security mask = 0777</parameter></para> <para><parameter>force directory security mode = 0</parameter></para> + + <para>As described, in Samba 2.0.4 the parameters :</para> + + <para><parameter>create mask</parameter></para> + <para><parameter>force create mode</parameter></para> + <para><parameter>directory mask</parameter></para> + <para><parameter>force directory mode</parameter></para> + + <para>were used instead of the parameters discussed here.</para> </sect1> <sect1> diff --git a/docs/docbook/projdoc/Other-Clients.sgml b/docs/docbook/projdoc/Other-Clients.sgml index e4d7e34185..6ba04b01d3 100644 --- a/docs/docbook/projdoc/Other-Clients.sgml +++ b/docs/docbook/projdoc/Other-Clients.sgml @@ -339,14 +339,4 @@ create accounts on the Samba host for Domain users.</emphasis></para> </sect1> -<sect1> -<title>Windows NT 3.1</title> - -<para>If you have problems communicating across routers with Windows -NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;[LN];Q103765">this Microsoft Knowledge Base article</ulink>. - -</para> - -</sect1> - </chapter> diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml index 7608f821cf..adcd059bc2 100644 --- a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml @@ -11,6 +11,8 @@ </address> </affiliation> </author> + + <pubdate> (Jun 21 2001) </pubdate> </chapterinfo> @@ -40,19 +42,6 @@ PAM is configured either through one file <filename>/etc/pam.conf</filename> (So or by editing individual files that are located in <filename>/etc/pam.d</filename>. </para> -<note> - <para> - If the PAM authentication module (loadable link library file) is located in the - default location then it is not necessary to specify the path. In the case of - Linux, the default location is <filename>/lib/security</filename>. If the module - is located other than default then the path may be specified as: - - <programlisting> - eg: "auth required /other_path/pam_strange_module.so" - </programlisting> - </para> -</note> - <para> The following is an example <filename>/etc/pam.d/login</filename> configuration file. This example had all options been uncommented is probably not usable @@ -62,20 +51,20 @@ by commenting them out except the calls to <filename>pam_pwdb.so</filename>. </para> <para><programlisting> - #%PAM-1.0 - # The PAM configuration file for the `login' service - # - auth required pam_securetty.so - auth required pam_nologin.so - # auth required pam_dialup.so - # auth optional pam_mail.so - auth required pam_pwdb.so shadow md5 - # account requisite pam_time.so - account required pam_pwdb.so - session required pam_pwdb.so - # session optional pam_lastlog.so - # password required pam_cracklib.so retry=3 - password required pam_pwdb.so shadow md5 +#%PAM-1.0 +# The PAM configuration file for the `login' service +# +auth required pam_securetty.so +auth required pam_nologin.so +# auth required pam_dialup.so +# auth optional pam_mail.so +auth required pam_pwdb.so shadow md5 +# account requisite pam_time.so +account required pam_pwdb.so +session required pam_pwdb.so +# session optional pam_lastlog.so +# password required pam_cracklib.so retry=3 +password required pam_pwdb.so shadow md5 </programlisting></para> <para> @@ -84,19 +73,19 @@ sample system include: </para> <para><programlisting> - $ /bin/ls /lib/security - pam_access.so pam_ftp.so pam_limits.so - pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so - pam_cracklib.so pam_group.so pam_listfile.so - pam_nologin.so pam_rootok.so pam_tally.so - pam_deny.so pam_issue.so pam_mail.so - pam_permit.so pam_securetty.so pam_time.so - pam_dialup.so pam_lastlog.so pam_mkhomedir.so - pam_pwdb.so pam_shells.so pam_unix.so - pam_env.so pam_ldap.so pam_motd.so - pam_radius.so pam_smbpass.so pam_unix_acct.so - pam_wheel.so pam_unix_auth.so pam_unix_passwd.so - pam_userdb.so pam_warn.so pam_unix_session.so +$ /bin/ls /lib/security +pam_access.so pam_ftp.so pam_limits.so +pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so +pam_cracklib.so pam_group.so pam_listfile.so +pam_nologin.so pam_rootok.so pam_tally.so +pam_deny.so pam_issue.so pam_mail.so +pam_permit.so pam_securetty.so pam_time.so +pam_dialup.so pam_lastlog.so pam_mkhomedir.so +pam_pwdb.so pam_shells.so pam_unix.so +pam_env.so pam_ldap.so pam_motd.so +pam_radius.so pam_smbpass.so pam_unix_acct.so +pam_wheel.so pam_unix_auth.so pam_unix_passwd.so +pam_userdb.so pam_warn.so pam_unix_session.so </programlisting></para> <para> @@ -121,13 +110,13 @@ source distribution. </para> <para><programlisting> - #%PAM-1.0 - # The PAM configuration file for the `login' service - # - auth required pam_smbpass.so nodelay - account required pam_smbpass.so nodelay - session required pam_smbpass.so nodelay - password required pam_smbpass.so nodelay +#%PAM-1.0 +# The PAM configuration file for the `login' service +# +auth required pam_smbpass.so nodelay +account required pam_smbpass.so nodelay +session required pam_smbpass.so nodelay +password required pam_smbpass.so nodelay </programlisting></para> <para> @@ -136,13 +125,13 @@ Linux system. The default condition uses <filename>pam_pwdb.so</filename>. </para> <para><programlisting> - #%PAM-1.0 - # The PAM configuration file for the `samba' service - # - auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit - account required /lib/security/pam_pwdb.so audit nodelay - session required /lib/security/pam_pwdb.so nodelay - password required /lib/security/pam_pwdb.so shadow md5 +#%PAM-1.0 +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_pwdb.so shadow md5 </programlisting></para> <para> @@ -154,16 +143,17 @@ program. </para> <para><programlisting> - #%PAM-1.0 - # The PAM configuration file for the `samba' service - # - auth required /lib/security/pam_smbpass.so nodelay - account required /lib/security/pam_pwdb.so audit nodelay - session required /lib/security/pam_pwdb.so nodelay - password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf +#%PAM-1.0 +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_smbpass.so nodelay +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf </programlisting></para> -<note><para>PAM allows stacking of authentication mechanisms. It is +<para> +Note: PAM allows stacking of authentication mechanisms. It is also possible to pass information obtained within one PAM module through to the next module in the PAM stack. Please refer to the documentation for your particular system implementation for details regarding the specific @@ -174,7 +164,7 @@ authentication to be configured in a single central file. The on the basis that it allows for easier administration. As with all issues in life though, every decision makes trade-offs, so you may want examine the PAM documentation for further helpful information. -</para></note> +</para> </sect1> @@ -184,9 +174,9 @@ PAM documentation for further helpful information. <para> The astute administrator will realize from this that the combination of <filename>pam_smbpass.so</filename>, -<command>winbindd</command>, and a distributed -passdb backend, such as ldap, will allow the establishment of a -centrally managed, distributed +<command>winbindd</command>, and <command>rsync</command> (see +<ulink url="http://rsync.samba.org/">http://rsync.samba.org/</ulink>) +will allow the establishment of a centrally managed, distributed user/password database that can also be used by all PAM (eg: Linux) aware programs and applications. This arrangement can have particularly potent advantages compared with the @@ -206,7 +196,7 @@ The following is from the on-line help for this option in SWAT; </para> <para> -When Samba is configured to enable PAM support (i.e. +When Samba 2.2 is configure to enable PAM support (i.e. <constant>--with-pam</constant>), this parameter will control whether or not Samba should obey PAM's account and session management directives. The default behavior diff --git a/docs/docbook/projdoc/PolicyMgmt.sgml b/docs/docbook/projdoc/PolicyMgmt.sgml deleted file mode 100644 index 6eb3a09a97..0000000000 --- a/docs/docbook/projdoc/PolicyMgmt.sgml +++ /dev/null @@ -1,261 +0,0 @@ -<chapter id="PolicyMgmt"> -<chapterinfo> - <author> - <firstname>John H</firstname><surname>Terpstra</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address> - <email>jht@samba.org</email> - </address> - </affiliation> - </author> - <pubdate>April 3 2003</pubdate> -</chapterinfo> -<title>Policy Management - Hows and Whys</title> - -<sect1> -<title>System Policies</title> - -<para> -Under MS Windows platforms, particularly those following the release of MS Windows -NT4 and MS Windows 95) it is possible to create a type of file that would be placed -in the NETLOGON share of a domain controller. As the client logs onto the network -this file is read and the contents initiate changes to the registry of the client -machine. This file allows changes to be made to those parts of the registry that -affect users, groups of users, or machines. -</para> - -<para> -For MS Windows 9x/Me this file must be called <filename>Config.POL</filename> and may -be generated using a tool called <filename>poledit.exe</filename>, better known as the -Policy Editor. The policy editor was provided on the Windows 98 installation CD, but -dissappeared again with the introduction of MS Windows Me (Millenium Edition). From -comments from MS Windows network administrators it would appear that this tool became -a part of the MS Windows Me Resource Kit. -</para> - -<para> -MS Windows NT4 Server products include the <emphasis>System Policy Editor</emphasis> -under the <filename>Start->Programs->Administrative Tools</filename> menu item. -For MS Windows NT4 and later clients this file must be called <filename>NTConfig.POL</filename>. -</para> - -<para> -New with the introduction of MS Windows 2000 was the Microsoft Management Console -or MMC. This tool is the new wave in the ever changing landscape of Microsoft -methods for management of network access and security. Every new Microsoft product -or technology seems to obsolete the old rules and to introduce newer and more -complex tools and methods. To Microsoft's credit though, the MMC does appear to -be a step forward, but improved functionality comes at a great price. -</para> - -<para> -Before embarking on the configuration of network and system policies it is highly -advisable to read the documentation available from Microsoft's web site from -<ulink url="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp"> -Implementing Profiles and Policies in Windows NT 4.0</ulink> available from Microsoft. -There are a large number of documents in addition to this old one that should also -be read and understood. Try searching on the Microsoft web site for "Group Policies". -</para> - -<para> -What follows is a very discussion with some helpful notes. The information provided -here is incomplete - you are warned. -</para> - -<sect2> -<title>Creating and Managing Windows 9x/Me Policies</title> - -<para> -You need the Win98 Group Policy Editor to set Group Profiles up under Windows 9x/Me. -It can be found on the Original full product Win98 installation CD under -<filename>tools/reskit/netadmin/poledit</filename>. You install this using the -Add/Remove Programs facility and then click on the 'Have Disk' tab. -</para> - -<para> -Use the Group Policy Editor to create a policy file that specifies the location of -user profiles and/or the <filename>My Documents</filename> etc. stuff. You then -save these settings in a file called <filename>Config.POL</filename> that needs to -be placed in the root of the [NETLOGON] share. If your Win98 is configured to log onto -the Samba Domain, it will automatically read this file and update the Win9x/Me registry -of the machine that is logging on. -</para> - -<para> -Further details are covered in the Win98 Resource Kit documentation. -</para> - -<para> -If you do not do it this way, then every so often Win9x/Me will check the -integrity of the registry and will restore it's settings from the back-up -copy of the registry it stores on each Win9x/Me machine. Hence, you will -occasionally notice things changing back to the original settings. -</para> - -<para> -Install the group policy handler for Win9x to pick up group policies. Look on the -Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. -Install group policies on a Win9x client by double-clicking -<filename>grouppol.inf</filename>. Log off and on again a couple of times and see -if Win98 picks up group policies. Unfortunately this needs to be done on every -Win9x/Me machine that uses group policies. -</para> - -</sect2> -<sect2> -<title>Creating and Managing Windows NT4 Style Policy Files</title> - -<para> -To create or edit <filename>ntconfig.pol</filename> you must use the NT Server -Policy Editor, <command>poledit.exe</command> which is included with NT4 Server -but <emphasis>not NT Workstation</emphasis>. There is a Policy Editor on a NT4 -Workstation but it is not suitable for creating <emphasis>Domain Policies</emphasis>. -Further, although the Windows 95 Policy Editor can be installed on an NT4 -Workstation/Server, it will not work with NT clients. However, the files from -the NT Server will run happily enough on an NT4 Workstation. -</para> - -<para> -You need <filename>poledit.exe, common.adm</filename> and <filename>winnt.adm</filename>. -It is convenient to put the two *.adm files in the <filename>c:\winnt\inf</filename> -directory which is where the binary will look for them unless told otherwise. Note also that that -directory is normally 'hidden'. -</para> - -<para> -The Windows NT policy editor is also included with the Service Pack 3 (and -later) for Windows NT 4.0. Extract the files using <command>servicepackname /x</command>, -i.e. that's <command>Nt4sp6ai.exe /x</command> for service pack 6a. The policy editor, -<command>poledit.exe</command> and the associated template files (*.adm) should -be extracted as well. It is also possible to downloaded the policy template -files for Office97 and get a copy of the policy editor. Another possible -location is with the Zero Administration Kit available for download from Microsoft. -</para> - -<sect3> -<title>Registry Tattoos</title> - -<para> -With NT4 style registry based policy changes, a large number of settings are not -automatically reversed as the user logs off. Since the settings that were in the -NTConfig.POL file were applied to the client machine registry and that apply to the -hive key HKEY_LOCAL_MACHINE are permanent until explicitly reveresd. This is known -as tattooing. It can have serious consequences down-stream and the administrator must -be extreemly careful not to lock out the ability to manage the machine at a later date. -</para> - - -</sect3> -</sect2> -<sect2> -<title>Creating and Managing MS Windows 200x Policies</title> - -<para> -Windows NT4 System policies allows setting of registry parameters specific to -users, groups and computers (client workstations) that are members of the NT4 -style domain. Such policy file will work with MS Windows 2000 / XP clients also. -</para> - -<para> -New to MS Windows 2000 Microsoft introduced a new style of group policy that confers -a superset of capabilities compared with NT4 style policies. Obviously, the tool used -to create them is different, and the mechanism for implementing them is much changed. -</para> - -<para> -The older NT4 style registry based policies are known as <emphasis>Administrative Templates</emphasis> -in MS Windows 2000/XP Group Policy Objects (GPOs). The later includes ability to set various security -configurations, enforce Internet Explorer browser settings, change and redirect aspects of the -users' desktop (including: the location of <emphasis>My Documents</emphasis> files (directory), as -well as intrinsics of where menu items will appear in the Start menu). An additional new -feature is the ability to make available particular software Windows applications to particular -users and/or groups. -</para> - -<para> -Remember: NT4 policy files are named <filename>NTConfig.POL</filename> and are stored in the root -of the NETLOGON share on the domain controllers. A Windows NT4 user enters a username, a password -and selects the domain name to which the logon will attempt to take place. During the logon -process the client machine reads the NTConfig.POL file from the NETLOGON share on the authenticating -server, modifies the local registry values according to the settings in this file. -</para> - -<para> -Windows 2K GPOs are very feature rich. They are NOT stored in the NETLOGON share, rather part of -a Windows 200x policy file is stored in the Active Directory itself and the other part is stored -in a shared (and replicated) volume called the SYSVOL folder. This folder is present on all Active -Directory domain controllers. The part that is stored in the Active Directory itself is called the -group policy container (GPC), and the part that is stored in the replicated share called SYSVOL is -known as the group policy template (GPT). -</para> - -<para> -With NT4 clients the policy file is read and executed upon only aas each user log onto the network. -MS Windows 200x policies are much more complex - GPOs are processed and applied at client machine -startup (machine specific part) and when the user logs onto the network the user specific part -is applied. In MS Windows 200x style policy management each machine and/or user may be subject -to any number of concurently applicable (and applied) policy sets (GPOs). Active Directory allows -the administrator to also set filters over the policy settings. No such equivalent capability -exists with NT4 style policy files. -</para> - -<sect3> -<title>Administration of Win2K Policies</title> - -<para> -Instead of using the tool called "The System Policy Editor", commonly called Poledit (from the -executable name poledit.exe), GPOs are created and managed using a Microsoft Management Console -(MMC) snap-in as follows: -</para> - -<itemizedlist> - <listitem> - <para> - Go to the Windows 200x / XP menu <filename>Start->Programs->Adminsitrative Tools</filename> - and select the MMC snap-in called "Active Directory Users and Computers" - <para> - </listitem> - - <listitem> - <para> - Select the domain or organizational unit (OU) that you wish to manage, then right click - to open the context menu for that object, select the properties item. - </para> - </listitem> - - <listitem> - <para> - Now left click on the Group Policy tab, then left click on the New tab. Type a name - for the new policy you will create. - </para> - </listitem> - - <listitem> - <para> - Now left click on the Edit tab to commence the steps needed to create the GPO. - </para> - </listitem> -</itemizedlist> - -<para> -All policy configuration options are controlled through the use of policy administrative -templates. These files have a .adm extension, both in NT4 as well as in Windows 200x / XP. -Beware however, since the .adm files are NOT interchangible across NT4 and Windows 200x. -The later introduces many new features as well as extended definition capabilities. It is -well beyond the scope of this documentation to explain how to program .adm files, for that -the adminsitrator is referred to the Microsoft Windows Resource Kit for your particular -version of MS Windows. -</para> - -<note> -<para> -The MS Windows 2000 Resource Kit contains a tool called gpolmig.exe. This tool can be used -to migrate an NT4 NTConfig.POL file into a Windows 200x style GPO. Be VERY careful how you -use this powerful tool. Please refer to the resource kit manuals for specific usage information. -</para> -</note> - -</sect2> -</sect1> -</chapter> diff --git a/docs/docbook/projdoc/ProfileMgmt.sgml b/docs/docbook/projdoc/ProfileMgmt.sgml deleted file mode 100644 index ffbc65f767..0000000000 --- a/docs/docbook/projdoc/ProfileMgmt.sgml +++ /dev/null @@ -1,631 +0,0 @@ -<chapter id="ProfileMgmt"> -<chapterinfo> - <author> - <firstname>John H</firstname><surname>Terpstra</surname> - <affiliation> - <orgname>Samba Team</orgname> - <address> - <email>jht@samba.org</email> - </address> - </affiliation> - </author> - <pubdate>April 3 2003</pubdate> -</chapterinfo> - -<title>Profile Management</title> - -<sect1> -<title>Roaming Profiles</title> - -<warning> -<para> -<emphasis>NOTE!</emphasis> Roaming profiles support is different for Win9X and WinNT. -</para> -</warning> - -<para> -Before discussing how to configure roaming profiles, it is useful to see how -Win9X and WinNT clients implement these features. -</para> - -<para> -Win9X clients send a NetUserGetInfo request to the server to get the user's -profiles location. However, the response does not have room for a separate -profiles location field, only the user's home share. This means that Win9X -profiles are restricted to being in the user's home directory. -</para> - - -<para> -WinNT clients send a NetSAMLogon RPC request, which contains many fields, -including a separate field for the location of the user's profiles. -This means that support for profiles is different for Win9X and WinNT. -</para> - -<sect2> -<title>Windows NT Configuration</title> - -<para> -To support WinNT clients, in the [global] section of smb.conf set the -following (for example): -</para> - -<para><programlisting> -logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath -</programlisting></para> - -<para> -The default for this option is \\%N\%U\profile, namely -\\sambaserver\username\profile. The \\N%\%U service is created -automatically by the [homes] service. -If you are using a samba server for the profiles, you _must_ make the -share specified in the logon path browseable. -</para> - -<note> -<para> -MS Windows NT/2K clients at times do not disconnect a connection to a server -between logons. It is recommended to NOT use the <emphasis>homes</emphasis> -meta-service name as part of the profile share path. -</para> -</note> - -</sect2> - -<sect2> -<title>Windows 9X Configuration</title> - -<para> -To support Win9X clients, you must use the "logon home" parameter. Samba has -now been fixed so that "net use /home" now works as well, and it, too, relies -on the "logon home" parameter. -</para> - -<para> -By using the logon home parameter, you are restricted to putting Win9X -profiles in the user's home directory. But wait! There is a trick you -can use. If you set the following in the [global] section of your -smb.conf file: -</para> -<para><programlisting> -logon home = \\%L\%U\.profiles -</programlisting></para> - -<para> -then your Win9X clients will dutifully put their clients in a subdirectory -of your home directory called .profiles (thus making them hidden). -</para> - -<para> -Not only that, but 'net use/home' will also work, because of a feature in -Win9X. It removes any directory stuff off the end of the home directory area -and only uses the server and share portion. That is, it looks like you -specified \\%L\%U for "logon home". -</para> - - -</sect2> - -<sect2> -<title>Win9X and WinNT Configuration</title> - -<para> -You can support profiles for both Win9X and WinNT clients by setting both the -"logon home" and "logon path" parameters. For example: -</para> - -<para><programlisting> -logon home = \\%L\%U\.profiles -logon path = \\%L\profiles\%U -</programlisting></para> - -<note> -<para> -I have not checked what 'net use /home' does on NT when "logon home" is -set as above. -</para> -</note> -</sect2> - -<sect2> -<title>Windows 9X Profile Setup</title> - -<para> -When a user first logs in on Windows 9X, the file user.DAT is created, -as are folders "Start Menu", "Desktop", "Programs" and "Nethood". -These directories and their contents will be merged with the local -versions stored in c:\windows\profiles\username on subsequent logins, -taking the most recent from each. You will need to use the [global] -options "preserve case = yes", "short preserve case = yes" and -"case sensitive = no" in order to maintain capital letters in shortcuts -in any of the profile folders. -</para> - -<para> -The user.DAT file contains all the user's preferences. If you wish to -enforce a set of preferences, rename their user.DAT file to user.MAN, -and deny them write access to this file. -</para> - -<orderedlist> -<listitem> - <para> - On the Windows 95 machine, go to Control Panel | Passwords and - select the User Profiles tab. Select the required level of - roaming preferences. Press OK, but do _not_ allow the computer - to reboot. - </para> -</listitem> - -<listitem> - <para> - On the Windows 95 machine, go to Control Panel | Network | - Client for Microsoft Networks | Preferences. Select 'Log on to - NT Domain'. Then, ensure that the Primary Logon is 'Client for - Microsoft Networks'. Press OK, and this time allow the computer - to reboot. - </para> -</listitem> - -</orderedlist> - -<para> -Under Windows 95, Profiles are downloaded from the Primary Logon. -If you have the Primary Logon as 'Client for Novell Networks', then -the profiles and logon script will be downloaded from your Novell -Server. If you have the Primary Logon as 'Windows Logon', then the -profiles will be loaded from the local machine - a bit against the -concept of roaming profiles, if you ask me. -</para> - -<para> -You will now find that the Microsoft Networks Login box contains -[user, password, domain] instead of just [user, password]. Type in -the samba server's domain name (or any other domain known to exist, -but bear in mind that the user will be authenticated against this -domain and profiles downloaded from it, if that domain logon server -supports it), user name and user's password. -</para> - -<para> -Once the user has been successfully validated, the Windows 95 machine -will inform you that 'The user has not logged on before' and asks you -if you wish to save the user's preferences? Select 'yes'. -</para> - -<para> -Once the Windows 95 client comes up with the desktop, you should be able -to examine the contents of the directory specified in the "logon path" -on the samba server and verify that the "Desktop", "Start Menu", -"Programs" and "Nethood" folders have been created. -</para> - -<para> -These folders will be cached locally on the client, and updated when -the user logs off (if you haven't made them read-only by then :-). -You will find that if the user creates further folders or short-cuts, -that the client will merge the profile contents downloaded with the -contents of the profile directory already on the local client, taking -the newest folders and short-cuts from each set. -</para> - -<para> -If you have made the folders / files read-only on the samba server, -then you will get errors from the w95 machine on logon and logout, as -it attempts to merge the local and the remote profile. Basically, if -you have any errors reported by the w95 machine, check the Unix file -permissions and ownership rights on the profile directory contents, -on the samba server. -</para> - -<para> -If you have problems creating user profiles, you can reset the user's -local desktop cache, as shown below. When this user then next logs in, -they will be told that they are logging in "for the first time". -</para> - -<orderedlist> -<listitem> - <para> - instead of logging in under the [user, password, domain] dialog, - press escape. - </para> -</listitem> -<listitem> - <para> - run the regedit.exe program, and look in: - </para> - - <para> - HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList - </para> - - <para> - you will find an entry, for each user, of ProfilePath. Note the - contents of this key (likely to be c:\windows\profiles\username), - then delete the key ProfilePath for the required user. - </para> - - <para> - [Exit the registry editor]. - </para> -</listitem> - -<listitem> - <para> - <emphasis>WARNING</emphasis> - before deleting the contents of the - directory listed in - the ProfilePath (this is likely to be c:\windows\profiles\username), - ask them if they have any important files stored on their desktop - or in their start menu. delete the contents of the directory - ProfilePath (making a backup if any of the files are needed). - </para> - - <para> - This will have the effect of removing the local (read-only hidden - system file) user.DAT in their profile directory, as well as the - local "desktop", "nethood", "start menu" and "programs" folders. - </para> -</listitem> - -<listitem> - <para> - search for the user's .PWL password-caching file in the c:\windows - directory, and delete it. - </para> -</listitem> - - -<listitem> - <para> - log off the windows 95 client. - </para> -</listitem> - -<listitem> - <para> - check the contents of the profile path (see "logon path" described - above), and delete the user.DAT or user.MAN file for the user, - making a backup if required. - </para> -</listitem> - -</orderedlist> - -<para> -If all else fails, increase samba's debug log levels to between 3 and 10, -and / or run a packet trace program such as tcpdump or netmon.exe, and -look for any error reports. -</para> - -<para> -If you have access to an NT server, then first set up roaming profiles -and / or netlogons on the NT server. Make a packet trace, or examine -the example packet traces provided with NT server, and see what the -differences are with the equivalent samba trace. -</para> - -</sect2> - -<sect2> -<title>Windows NT Workstation 4.0</title> - -<para> -When a user first logs in to a Windows NT Workstation, the profile -NTuser.DAT is created. The profile location can be now specified -through the "logon path" parameter. -</para> - -<para> -There is a parameter that is now available for use with NT Profiles: -"logon drive". This should be set to "h:" or any other drive, and -should be used in conjunction with the new "logon home" parameter. -</para> - -<para> -The entry for the NT 4.0 profile is a _directory_ not a file. The NT -help on profiles mentions that a directory is also created with a .PDS -extension. The user, while logging in, must have write permission to -create the full profile path (and the folder with the .PDS extension -for those situations where it might be created.) -</para> - -<para> -In the profile directory, NT creates more folders than 95. It creates -"Application Data" and others, as well as "Desktop", "Nethood", -"Start Menu" and "Programs". The profile itself is stored in a file -NTuser.DAT. Nothing appears to be stored in the .PDS directory, and -its purpose is currently unknown. -</para> - -<para> -You can use the System Control Panel to copy a local profile onto -a samba server (see NT Help on profiles: it is also capable of firing -up the correct location in the System Control Panel for you). The -NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN -turns a profile into a mandatory one. -</para> - -<para> -The case of the profile is significant. The file must be called -NTuser.DAT or, for a mandatory profile, NTuser.MAN. -</para> - -</sect2> - -<sect2> -<title>Windows NT/200x Server</title> - -<para> -There is nothing to stop you specifying any path that you like for the -location of users' profiles. Therefore, you could specify that the -profile be stored on a samba server, or any other SMB server, as long as -that SMB server supports encrypted passwords. -</para> - -</sect2> - -<sect2> -<title>Sharing Profiles between W9x/Me and NT4/200x/XP workstations</title> - -<para> -Sharing of desktop profiles between Windows versions is NOT recommended. -Desktop profiles are an evolving phenomenon and profiles for later versions -of MS Windows clients add features that may interfere with earlier versions -of MS Windows clients. Probably the more salient reason to NOT mix profiles -is that when logging off an earlier version of MS Windows the older format -of profile contents may overwrite information that belongs to the newer -version resulting in loss of profile information content when that user logs -on again with the newer version of MS Windows. -</para> - -<para> -If you then want to share the same Start Menu / Desktop with W9x/Me, you will -need to specify a common location for the profiles. The smb.conf parameters -that need to be common are <emphasis>logon path</emphasis> and -<emphasis>logon home</emphasis>. -</para> - -<para> -If you have this set up correctly, you will find separate user.DAT and -NTuser.DAT files in the same profile directory. -</para> - -</sect2> - - -<sect2> -<title>Windows NT 4</title> - -<para> -Unfortunately, the Resource Kit info is Win NT4 or 200x specific. -</para> - -<para> -Here is a quick guide: -</para> - -<itemizedlist> - -<listitem><para> -On your NT4 Domain Controller, right click on 'My Computer', then -select the tab labelled 'User Profiles'. -</para></listitem> - -<listitem><para> -Select a user profile you want to migrate and click on it. -</para> - -<note><para>I am using the term "migrate" lossely. You can copy a profile to -create a group profile. You can give the user 'Everyone' rights to the -profile you copy this to. That is what you need to do, since your samba -domain is not a member of a trust relationship with your NT4 PDC.</para></note> -</listitem> - -<listitem><para>Click the 'Copy To' button.</para></listitem> - -<listitem><para>In the box labelled 'Copy Profile to' add your new path, eg: -<filename>c:\temp\foobar</filename></para></listitem> - -<listitem><para>Click on the button labelled 'Change' in the "Permitted to use" box.</para></listitem> - -<listitem><para>Click on the group 'Everyone' and then click OK. This closes the -'chose user' box.</para></listitem> - -<listitem><para>Now click OK.</para></listitem> -</itemizedlist> - -<para> -Follow the above for every profile you need to migrate. -</para> - -<sect3> -<title>Side bar Notes</title> - -<para> -You should obtain the SID of your NT4 domain. You can use smbpasswd to do -this. Read the man page.</para> - -<para> -With Samba-3.0.0 alpha code you can import all you NT4 domain accounts -using the net samsync method. This way you can retain your profile -settings as well as all your users. -</para> - -</sect3> - -<sect3> -<title>Mandatory profiles</title> - -<para> -The above method can be used to create mandatory profiles also. To convert -a group profile into a mandatory profile simply locate the NTUser.DAT file -in the copied profile and rename it to NTUser.MAN. -</para> - -</sect3> - -<sect3> -<title>moveuser.exe</title> - -<para> -The W2K professional resource kit has moveuser.exe. moveuser.exe changes -the security of a profile from one user to another. This allows the account -domain to change, and/or the user name to change. -</para> - -</sect3> - -<sect3> -<title>Get SID</title> - -<para> -You can identify the SID by using GetSID.exe from the Windows NT Server 4.0 -Resource Kit. -</para> - -<para> -Windows NT 4.0 stores the local profile information in the registry under -the following key: -HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList -</para> - -<para> -Under the ProfileList key, there will be subkeys named with the SIDs of the -users who have logged on to this computer. (To find the profile information -for the user whose locally cached profile you want to move, find the SID for -the user with the GetSID.exe utility.) Inside of the appropriate user's -subkey, you will see a string value named ProfileImagePath. -</para> - -</sect3> - -</sect2> - -<sect2> -<title>Windows 2000/XP</title> - -<para> -You must first convert the profile from a local profile to a domain -profile on the MS Windows workstation as follows: -</para> - -<itemizedlist> -<listitem><para> -Log on as the LOCAL workstation administrator. -</para></listitem> - -<listitem><para> -Right click on the 'My Computer' Icon, select 'Properties' -</para></listitem> - -<listitem><para> -Click on the 'User Profiles' tab -</para></listitem> - -<listitem><para> -Select the profile you wish to convert (click on it once) -</para></listitem> - -<listitem><para> -Click on the button 'Copy To' -</para></listitem> - -<listitem><para> -In the "Permitted to use" box, click on the 'Change' button. -</para></listitem> - -<listitem><para> -Click on the 'Look in" area that lists the machine name, when you click -here it will open up a selection box. Click on the domain to which the -profile must be accessible. -</para> - - -<note><para>You will need to log on if a logon box opens up. Eg: In the connect -as: MIDEARTH\root, password: mypassword.</para></note> -</listitem> - -<listitem><para> -To make the profile capable of being used by anyone select 'Everyone' -</para></listitem> - -<listitem><para> -Click OK. The Selection box will close. -</para></listitem> - -<listitem><para> -Now click on the 'Ok' button to create the profile in the path you -nominated. -</para></listitem> -</itemizedlist> - -<para> -Done. You now have a profile that can be editted using the samba-3.0.0 -profiles tool. -</para> - -<note> -<para> -Under NT/2K the use of mandotory profiles forces the use of MS Exchange -storage of mail data. That keeps desktop profiles usable. -</para> -</note> - -<note> -<itemizedlist> -<listitem><para> -This is a security check new to Windows XP (or maybe only -Windows XP service pack 1). It can be disabled via a group policy in -Active Directory. The policy is:</para> - -<para>"Computer Configuration\Administrative Templates\System\User -Profiles\Do not check for user ownership of Roaming Profile Folders"</para> - -<para>...and it should be set to "Enabled". -Does the new version of samba have an Active Directory analogue? If so, -then you may be able to set the policy through this. -</para> - -<para> -If you cannot set group policies in samba, then you may be able to set -the policy locally on each machine. If you want to try this, then do -the following (N.B. I don't know for sure that this will work in the -same way as a domain group policy): -</para> - -</listitem> - -<listitem><para> -On the XP workstation log in with an Administrator account. -</para></listitem> - -<listitem><para>Click: "Start", "Run"</para></listitem> -<listitem><para>Type: "mmc"</para></listitem> -<listitem><para>Click: "OK"</para></listitem> - -<listitem><para>A Microsoft Management Console should appear.</para></listitem> -<listitem><para>Click: File, "Add/Remove Snap-in...", "Add"</para></listitem> -<listitem><para>Double-Click: "Group Policy"</para></listitem> -<listitem><para>Click: "Finish", "Close"</para></listitem> -<listitem><para>Click: "OK"</para></listitem> - -<listitem><para>In the "Console Root" window:</para></listitem> -<listitem><para>Expand: "Local Computer Policy", "Computer Configuration",</para></listitem> -<listitem><para>"Administrative Templates", "System", "User Profiles"</para></listitem> -<listitem><para>Double-Click: "Do not check for user ownership of Roaming Profile</para></listitem> -<listitem><para>Folders"</para></listitem> -<listitem><para>Select: "Enabled"</para></listitem> -<listitem><para>Click: OK"</para></listitem> - -<listitem><para>Close the whole console. You do not need to save the settings (this -refers to the console settings rather than the policies you have -changed).</para></listitem> - -<listitem><para>Reboot</para></listitem> -</itemizedlist> -</note> - -</sect2> -</sect1> -</chapter> diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml index 46e69e4ba9..e3bee32db0 100644 --- a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml @@ -13,7 +13,7 @@ </chapterinfo> <title> -Samba Backup Domain Controller to Samba Domain Control +How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain </title> <sect1> diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml index 7aabca948f..53dae21775 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -68,33 +68,27 @@ PDC functionality. <itemizedlist> <listitem><para> - Domain logons for Windows NT 4.0 / 200x / XP Professional clients. + domain logons for Windows NT 4.0 / 200x / XP Professional clients. </para></listitem> <listitem><para> - Placing Windows 9x / Me clients in user level security + placing Windows 9x / Me clients in user level security </para></listitem> <listitem><para> - Retrieving a list of users and groups from a Samba PDC to + retrieving a list of users and groups from a Samba PDC to Windows 9x / Me / NT / 200x / XP Professional clients </para></listitem> <listitem><para> - Roaming Profiles + roaming user profiles </para></listitem> <listitem><para> - Network/System Policies + Windows NT 4.0-style system policies </para></listitem> </itemizedlist> -<note> -<para> -Roaming Profiles and System/Network policies are advanced network administration topics -that are covered separately in this document. -</para> -</note> <para> The following functionalities are new to the Samba 3.0 release: @@ -593,17 +587,18 @@ version of Windows. <para>I joined the domain successfully but after upgrading to a newer version of the Samba code I get the message, "The system - can not log you on (C000019B), Please try again or consult your + can not log you on (C000019B), Please try a gain or consult your system administrator" when attempting to logon. </para> <para> - This occurs when the domain SID stored in the secrets.tdb database - is changed. The most common cause of a change in domain SID is when - the domain name and/or the server name (netbios name) is changed. - The only way to correct the problem is to restore the original domain - SID or remove the domain client from the domain and rejoin. The domain - SID may be reset using either the smbpasswd or rpcclient utilities. + This occurs when the domain SID stored in + <filename>private/WORKGROUP.SID</filename> is + changed. For example, you remove the file and <command>smbd</command> automatically + creates a new one. Or you are swapping back and forth between + versions 2.0.7, TNG and the HEAD branch code (not recommended). The + only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. </para> </listitem> @@ -680,6 +675,128 @@ version of Windows. </sect1> + + +<!-- ********************************************************** + + Policies and Profiles + +*************************************************************** --> + +<sect1> +<title> +System Policies and Profiles +</title> + +<para> +Much of the information necessary to implement System Policies and +Roving User Profiles in a Samba domain is the same as that for +implementing these same items in a Windows NT 4.0 domain. +You should read the white paper <ulink url="http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp">Implementing +Profiles and Policies in Windows NT 4.0</ulink> available from Microsoft. +</para> + +<para> +Here are some additional details: +</para> + +<itemizedlist> + +<listitem> + <para> + <emphasis>What about Windows NT Policy Editor?</emphasis> + </para> + + <para> + To create or edit <filename>ntconfig.pol</filename> you must use + the NT Server Policy Editor, <command>poledit.exe</command> which + is included with NT Server but <emphasis>not NT Workstation</emphasis>. + There is a Policy Editor on a NTws + but it is not suitable for creating <emphasis>Domain Policies</emphasis>. + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need <filename>poledit.exe, common.adm</filename> and <filename>winnt.adm</filename>. It is convenient + to put the two *.adm files in <filename>c:\winnt\inf</filename> which is where + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'. + </para> + + <para> + The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using <command>servicepackname /x</command>, + i.e. that's <command>Nt4sp6ai.exe /x</command> for service pack 6a. The policy editor, + <command>poledit.exe</command> and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft. + </para> +</listitem> + + +<listitem> + <para> + <emphasis>Can Win95 do Policies?</emphasis> + </para> + + <para> + Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in <filename>\tools\reskit\netadmin\poledit</filename>. + Install group policies on a Win9x client by double-clicking + <filename>grouppol.inf</filename>. Log off and on again a couple of + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... + </para> + + <para> + If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group. + </para> +</listitem> + + +<listitem> + <para> + <emphasis>How do I get 'User Manager' and 'Server Manager'</emphasis> + </para> + + <para> + Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager'? + </para> + + <para> + Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes + </para> + + <itemizedlist> + <listitem><para>Server Manager</para></listitem> + + <listitem><para>User Manager for Domains</para></listitem> + + <listitem><para>Event Viewer</para></listitem> + </itemizedlist> + + <para> + Click here to download the archived file <ulink + url="ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE</ulink> + </para> + + <para> + The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from <ulink url="ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE">ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE</ulink> + </para> +</listitem> +</itemizedlist> + +</sect1> + + + <!-- ********************************************************** Getting Help @@ -978,28 +1095,37 @@ general SMB topics such as browsing.</para> <sect1> <title>Domain Control for Windows 9x/ME</title> +<note> +<para> +The following section contains much of the original +DOMAIN.txt file previously included with Samba. Much of +the material is based on what went into the book <emphasis>Special +Edition, Using Samba</emphasis>, by Richard Sharpe. +</para> +</note> + <para> A domain and a workgroup are exactly the same thing in terms of network browsing. The difference is that a distributable authentication database is associated with a domain, for secure login access to a network. Also, different access rights can be granted to users if they -successfully authenticate against a domain logon server. Samba-3 does this -now in the same way that MS Windows NT/2K. +successfully authenticate against a domain logon server (NT server and +other systems based on NT server support this, as does at least Samba TNG now). </para> <para> The SMB client logging on to a domain has an expectation that every other server in the domain should accept the same authentication information. -Network browsing functionality of domains and workgroups is identical and -is explained in this documentation under the browsing discussions. -It should be noted, that browsing is totally orthogonal to logon support. +Network browsing functionality of domains and workgroups is +identical and is explained in BROWSING.txt. It should be noted, that browsing +is totally orthogonal to logon support. </para> <para> Issues related to the single-logon network model are discussed in this section. Samba supports domain logons, network logon scripts, and user profiles for MS Windows for workgroups and MS Windows 9X/ME clients -which are the focus of this section. +which will be the focus of this section. </para> @@ -1160,5 +1286,593 @@ for its domain. </warning> </sect2> + + +<sect2> +<title>Configuration Instructions: Setting up Roaming User Profiles</title> + +<warning> +<para> +<emphasis>NOTE!</emphasis> Roaming profiles support is different +for Win9X and WinNT. +</para> +</warning> + +<para> +Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features. +</para> + +<para> +Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory. +</para> + + +<para> +WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT. +</para> + + + +<sect3> +<title>Windows NT Configuration</title> + +<para> +To support WinNT clients, in the [global] section of smb.conf set the +following (for example): +</para> + +<para><programlisting> +logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath +</programlisting></para> + +<para> +The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable. +</para> + +<note> +<para> +[lkcl 26aug96 - we have discovered a problem where Windows clients can +maintain a connection to the [homes] share in between logins. The +[homes] share must NOT therefore be used in a profile path.] +</para> +</note> + +</sect3> + + +<sect3> +<title>Windows 9X Configuration</title> + +<para> +To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use/home" now works as well, and it, too, relies +on the "logon home" parameter. +</para> + +<para> +By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file: +</para> + +<para><programlisting> +logon home = \\%L\%U\.profiles +</programlisting></para> + +<para> +then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden). +</para> + +<para> +Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home". +</para> + + +</sect3> + + +<sect3> +<title>Win9X and WinNT Configuration</title> + +<para> +You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example: +</para> + +<para><programlisting> +logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U +</programlisting></para> + +<note> +<para> +I have not checked what 'net use /home' does on NT when "logon home" is +set as above. +</para> +</note> +</sect3> + + + +<sect3> +<title>Windows 9X Profile Setup</title> + +<para> +When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders. +</para> + + +<para> +The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file. +</para> + +<orderedlist> +<listitem> + <para> + On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. + </para> +</listitem> + + +<listitem> + <para> + On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. + </para> +</listitem> + +</orderedlist> + +<para> +Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me. +</para> + +<para> +You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password. +</para> + +<para> +Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'. +</para> + +<para> +Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created. +</para> + +<para> +These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set. +</para> + +<para> +If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server. +</para> + +<para> +If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time". +</para> + +<orderedlist> +<listitem> + <para> + instead of logging in under the [user, password, domain] dialog, + press escape. + </para> +</listitem> + +<listitem> + <para> + run the regedit.exe program, and look in: + </para> + + <para> + HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + </para> + + <para> + you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. + </para> + + <para> + [Exit the registry editor]. + </para> +</listitem> + +<listitem> + <para> + <emphasis>WARNING</emphasis> - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). + </para> + + <para> + This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. + </para> +</listitem> + +<listitem> + <para> + search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. + </para> +</listitem> + + +<listitem> + <para> + log off the windows 95 client. + </para> +</listitem> + +<listitem> + <para> + check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. + </para> +</listitem> + +</orderedlist> + +<para> +If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports. +</para> + +<para> +If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace. +</para> + +</sect3> + + +<sect3> +<title>Windows NT Workstation 4.0</title> + +<para> +When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter. +</para> + +<note> +<para> +[lkcl 10aug97 - i tried setting the path to +\\samba-server\homes\profile, and discovered that this fails because +a background process maintains the connection to the [homes] share +which does _not_ close down in between user logins. you have to +have \\samba-server\%L\profile, where user is the username created +from the [homes] share]. +</para> +</note> + +<para> +There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter. +</para> + +<para> +The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension) +[lkcl 10aug97 - i found that the creation of the .PDS directory failed, +and had to create these manually for each user, with a shell script. +also, i presume, but have not tested, that the full profile path must +be browseable just as it is for w95, due to the manner in which they +attempt to create the full profile path: test existence of each path +component; create path component]. +</para> + +<para> +In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown. +</para> + +<para> +You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one. +</para> + +<note> +<para> +[lkcl 10aug97 - i notice that NT Workstation tells me that it is +downloading a profile from a slow link. whether this is actually the +case, or whether there is some configuration issue, as yet unknown, +that makes NT Workstation _think_ that the link is a slow one is a +matter to be resolved]. +</para> + +<para> +[lkcl 20aug97 - after samba digest correspondence, one user found, and +another confirmed, that profiles cannot be loaded from a samba server +unless "security = user" and "encrypt passwords = yes" (see the file +ENCRYPTION.txt) or "security = server" and "password server = ip.address. +of.yourNTserver" are used. Either of these options will allow the NT +workstation to access the samba server using LAN manager encrypted +passwords, without the user intervention normally required by NT +workstation for clear-text passwords]. +</para> + +<para> +[lkcl 25aug97 - more comments received about NT profiles: the case of +the profile _matters_. the file _must_ be called NTuser.DAT or, for +a mandatory profile, NTuser.MAN]. +</para> +</note> + +</sect3> + + +<sect3> +<title>Windows NT Server</title> + +<para> +There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords. +</para> + +</sect3> + + +<sect3> +<title>Sharing Profiles between W95 and NT Workstation 4.0</title> + +<warning> +<title>Potentially outdated or incorrect material follows</title> +<para> +I think this is all bogus, but have not deleted it. (Richard Sharpe) +</para> +</warning> + +<para> +The default logon path is \\%N\%U. NT Workstation will attempt to create +a directory "\\samba-server\username.PDS" if you specify the logon path +as "\\samba-server\username" with the NT User Manager. Therefore, you +will need to specify (for example) "\\samba-server\username\profile". +NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which +is more likely to succeed. +</para> + +<para> +If you then want to share the same Start Menu / Desktop with W95, you will +need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 +this has its drawbacks: i created a shortcut to telnet.exe, which attempts +to run from the c:\winnt\system32 directory. this directory is obviously +unlikely to exist on a Win95-only host]. +</para> + +<para> + +If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory. +</para> + +<note> +<para> +[lkcl 25aug97 - there are some issues to resolve with downloading of +NT profiles, probably to do with time/date stamps. i have found that +NTuser.DAT is never updated on the workstation after the first time that +it is copied to the local workstation profile directory. this is in +contrast to w95, where it _does_ transfer / update profiles correctly]. +</para> +</note> + +</sect3> + +</sect2> </sect1> + + +<!-- ********************************************************** + + Appendix - DOMAIN_CONTROL.txt + +*************************************************************** --> + +<sect1> +<title> +DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba +</title> + +<warning> + <title>Possibly Outdated Material</title> + + <para> + This appendix was originally authored by John H Terpstra of + the Samba Team and is included here for posterity. + </para> +</warning> + + +<para> +<emphasis>NOTE :</emphasis> +The term "Domain Controller" and those related to it refer to one specific +method of authentication that can underly an SMB domain. Domain Controllers +prior to Windows NT Server 3.1 were sold by various companies and based on +private extensions to the LAN Manager 2.1 protocol. Windows NT introduced +Microsoft-specific ways of distributing the user authentication database. +See DOMAIN.txt for examples of how Samba can participate in or create +SMB domains based on shared authentication database schemes other than the +Windows NT SAM. +</para> + +<para> +Windows NT Server can be installed as either a plain file and print server +(WORKGROUP workstation or server) or as a server that participates in Domain +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT. +</para> + +<para> +To many people these terms can be confusing, so let's try to clear the air. +</para> + +<para> +Every Windows NT system (workstation or server) has a registry database. +The registry contains entries that describe the initialization information +for all services (the equivalent of Unix Daemons) that run within the Windows +NT environment. The registry also contains entries that tell application +software where to find dynamically loadable libraries that they depend upon. +In fact, the registry contains entries that describes everything that anything +may need to know to interact with the rest of the system. +</para> + +<para> +The registry files can be located on any Windows NT machine by opening a +command prompt and typing: +</para> + +<para> +<prompt>C:\WINNT\></prompt> dir %SystemRoot%\System32\config +</para> + +<para> +The environment variable %SystemRoot% value can be obtained by typing: +</para> + +<para> +<prompt>C:\WINNT></prompt>echo %SystemRoot% +</para> + +<para> +The active parts of the registry that you may want to be familiar with are +the files called: default, system, software, sam and security. +</para> + +<para> +In a domain environment, Microsoft Windows NT domain controllers participate +in replication of the SAM and SECURITY files so that all controllers within +the domain have an exactly identical copy of each. +</para> + +<para> +The Microsoft Windows NT system is structured within a security model that +says that all applications and services must authenticate themselves before +they can obtain permission from the security manager to do what they set out +to do. +</para> + +<para> +The Windows NT User database also resides within the registry. This part of +the registry contains the user's security identifier, home directory, group +memberships, desktop profile, and so on. +</para> + +<para> +Every Windows NT system (workstation as well as server) will have its own +registry. Windows NT Servers that participate in Domain Security control +have a database that they share in common - thus they do NOT own an +independent full registry database of their own, as do Workstations and +plain Servers. +</para> + +<para> +The User database is called the SAM (Security Access Manager) database and +is used for all user authentication as well as for authentication of inter- +process authentication (i.e. to ensure that the service action a user has +requested is permitted within the limits of that user's privileges). +</para> + +<para> +The Samba team have produced a utility that can dump the Windows NT SAM into +smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and +/pub/samba/pwdump on your nearest Samba mirror for the utility. This +facility is useful but cannot be easily used to implement SAM replication +to Samba systems. +</para> + +<para> +Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers +can participate in a Domain security system that is controlled by Windows NT +servers that have been correctly configured. Almost every domain will have +ONE Primary Domain Controller (PDC). It is desirable that each domain will +have at least one Backup Domain Controller (BDC). +</para> + +<para> +The PDC and BDCs then participate in replication of the SAM database so that +each Domain Controlling participant will have an up to date SAM component +within its registry. +</para> + +</sect1> + </chapter> diff --git a/docs/docbook/projdoc/ServerType.sgml b/docs/docbook/projdoc/ServerType.sgml index 91478740d6..41b1c0ed2f 100644 --- a/docs/docbook/projdoc/ServerType.sgml +++ b/docs/docbook/projdoc/ServerType.sgml @@ -45,13 +45,6 @@ that control security mode are: "security = user" and "security = share". </para> <para> -No special action is needed other than to create user accounts. Stand-alone -servers do NOT provide network logon services, meaning that machines that -use this server do NOT perform a domain logon but instead make use only of -the MS Windows logon which is local to the MS Windows workstation/server. -</para> - -<para> Samba tends to blur the distinction a little in respect of what is a stand alone server. This is because the authentication database may be local or on a remote server, even if from the samba protocol perspective diff --git a/docs/docbook/projdoc/passdb.sgml b/docs/docbook/projdoc/passdb.sgml index 8e7a409167..fa2d75bd34 100644 --- a/docs/docbook/projdoc/passdb.sgml +++ b/docs/docbook/projdoc/passdb.sgml @@ -831,6 +831,18 @@ ntPassword: 878D8014606CDA29677A44EFA1353FC7 <title>MySQL</title> <sect2> +<title>Building</title> + +<para>To build the plugin, run <command>make bin/pdb_mysql.so</command> +in the <filename>source/</filename> directory of samba distribution. +</para> + +<para>Next, copy pdb_mysql.so to any location you want. I +strongly recommend installing it in $PREFIX/lib or /usr/lib/samba/</para> + +</sect2> + +<sect2> <title>Creating the database</title> <para> @@ -850,7 +862,7 @@ contains the correct queries to create the required tables. Use the command : <para>Add a the following to the <command>passdb backend</command> variable in your <filename>smb.conf</filename>: <programlisting> -passdb backend = [other-plugins] mysql:identifier [other-plugins] +passdb backend = [other-plugins] plugin:/location/to/pdb_mysql.so:identifier [other-plugins] </programlisting> </para> @@ -966,23 +978,35 @@ Or, set 'identifier:workstations column' to : </sect1> <sect1> -<title>XML</title> +<title>Passdb XML plugin</title> + +<sect2> +<title>Building</title> <para>This module requires libxml2 to be installed.</para> +<para>To build pdb_xml, run: <command>make bin/pdb_xml.so</command> in +the directory <filename>source/</filename>. </para> + +</sect2> + +<sect2> +<title>Usage</title> + <para>The usage of pdb_xml is pretty straightforward. To export data, use: -<command>pdbedit -e xml:filename</command> +<command>pdbedit -e plugin:/usr/lib/samba/pdb_xml.so:filename</command> (where filename is the name of the file to put the data in) </para> <para> To import data, use: -<command>pdbedit -i xml:filename -e current-pdb</command> +<command>pdbedit -i plugin:/usr/lib/samba/pdb_xml.so:filename -e current-pdb</command> Where filename is the name to read the data from and current-pdb to put it in. </para> +</sect2> </sect1> </chapter> diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml index db421bc690..1a2e285596 100644 --- a/docs/docbook/projdoc/samba-doc.sgml +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -22,13 +22,11 @@ <!ENTITY ADS-HOWTO SYSTEM "ADS-HOWTO.sgml"> <!ENTITY Passdb SYSTEM "passdb.sgml"> <!ENTITY VFS SYSTEM "VFS.sgml"> +<!ENTITY GroupProfiles SYSTEM "GroupProfiles.sgml"> <!ENTITY SecuringSamba SYSTEM "securing-samba.sgml"> <!ENTITY Compiling SYSTEM "Compiling.sgml"> <!ENTITY unicode SYSTEM "unicode.sgml"> <!ENTITY CUPS SYSTEM "CUPS-printing.sgml"> -<!ENTITY AdvancedNetworkAdmin SYSTEM "AdvancedNetworkAdmin.sgml"> -<!ENTITY PolicyMgmt SYSTEM "PolicyMgmt.sgml"> -<!ENTITY ProfileMgmt SYSTEM "ProfileMgmt.sgml"> ]> <book id="Samba-HOWTO-Collection"> @@ -104,32 +102,30 @@ for various environments. </part> <part id="optional"> -<title>Advanced Configuration</title> +<title>Optional configuration</title> <partintro> <title>Introduction</title> <para>Samba has several features that you might want or might not want to use. The chapters in this part each cover one specific feature.</para> </partintro> -&AdvancedNetworkAdmin; +&IntegratingWithWindows; &NT-Security; -&GROUP-MAPPING-HOWTO; &Samba-PAM; +&MS-Dfs-Setup; &PRINTER-DRIVER2; &CUPS; &WINBIND; -&PolicyMgmt; -&ProfileMgmt; -&IntegratingWithWindows; &BROWSING; -&MS-Dfs-Setup; &VFS; +&GROUP-MAPPING-HOWTO; +&SPEED; +&GroupProfiles; &SecuringSamba; &unicode; </part> <part id="Appendixes"> <title>Appendixes</title> -&SPEED; &Portability; &Other-Clients; &Compiling; @@ -137,4 +133,4 @@ part each cover one specific feature.</para> &Diagnosis; </part> - +</book> diff --git a/docs/docbook/projdoc/security_level.sgml b/docs/docbook/projdoc/security_level.sgml index e3d7c6ac1f..00dcc6e83b 100644 --- a/docs/docbook/projdoc/security_level.sgml +++ b/docs/docbook/projdoc/security_level.sgml @@ -8,15 +8,8 @@ </affiliation> </author> </chapterinfo> -<title>Samba as Stand-Alone Server</title -<para> -In this section the function and purpose of Samba's <emphasis>security</emphasis> -modes are described. -</para> - -<sect1> -<Title>User and Share security level</title> +<title>Samba as Stand-Alone server (User and Share security level)</title> <para> A SMB server tells the client at startup what "security level" it is @@ -30,9 +23,6 @@ can only tell the client what is available and whether an action is allowed. </para> -<sect2> -<title>User Level Security</title> - <para> I'll describe user level security first, as its simpler. In user level security the client will send a "session setup" command directly after @@ -63,11 +53,6 @@ maintain multiple authentication contexts in this way (WinDD is an example of an application that does this) </para> -</sect2> - -<sect2> -<title>Share Level Security</title> - <para> Ok, now for share level security. In share level security the client authenticates itself separately for each share. It will send a @@ -94,11 +79,6 @@ usernames". If a match is found then the client is authenticated as that user. </para> -</sect2> - -<sect2> -<title>Server Level Security</title> - <para> Finally "server level" security. In server level security the samba server reports to the client that it is in user level security. The @@ -133,204 +113,4 @@ That real authentication server can be another Samba server or can be a Windows NT server, the later natively capable of encrypted password support. </para> -<sect3> -<title>Configuring Samba for Seemless Windows Network Integration</title> - -<para> -MS Windows clients may use encrypted passwords as part of a challenege/response -authentication model (a.k.a. NTLMv1) or alone, or clear text strings for simple -password based authentication. It should be realized that with the SMB protocol -the password is passed over the network either in plain text or encrypted, but -not both in the same authentication requests. -</para> - -<para> -When encrypted passwords are used a password that has been entered by the user -is encrypted in two ways: -</para> - -<itemizedlist> - <listitem><para>An MD4 hash of the UNICODE of the password - string. This is known as the NT hash. - </para></listitem> - - <listitem><para>The password is converted to upper case, - and then padded or trucated to 14 bytes. This string is - then appended with 5 bytes of NULL characters and split to - form two 56 bit DES keys to encrypt a "magic" 8 byte value. - The resulting 16 bytes for the LanMan hash. - </para></listitem> -</itemizedlist> - -<para> -MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x and version 4.0 -pre-service pack 3 will use either mode of password authentication. All -versions of MS Windows that follow these versions no longer support plain -text passwords by default. -</para> - -<para> -MS Windows clients have a habit of dropping network mappings that have been idle -for 10 minutes or longer. When the user attempts to use the mapped drive -connection that has been dropped, the client re-establishes the connection using -a cached copy of the password. -</para> - -<para> -When Microsoft changed the default password mode, support was dropped for caching -of the plain text password. This means that when the registry parameter is changed -to re-enable use of plain text passwords it appears to work, but when a dropped -service connection mapping attempts to revalidate it will fail if the remote -authentication server does not support encrypted passwords. This means that it -is definitely not a good idea to re-enable plain text password support in such clients. -</para> - -<para> -The following parameters can be used to work around the issue of Windows 9x client -upper casing usernames and password before transmitting them to the SMB server -when using clear text authentication. -</para> - -<para><programlisting> - <ulink url="smb.conf.5.html#PASSWORDLEVEL">passsword level</ulink> = <replaceable>integer</replaceable> - <ulink url="smb.conf.5.html#USERNAMELEVEL">username level</ulink> = <replaceable>integer</replaceable> -</programlisting></para> - -<para> -By default Samba will lower case the username before attempting to lookup the user -in the database of local system accounts. Because UNIX usernames conventionally -only contain lower case character, the <parameter>username level</parameter> parameter -is rarely needed. -</para> - -<para> -However, passwords on UNIX systems often make use of mixed case characters. -This means that in order for a user on a Windows 9x client to connect to a Samba -server using clear text authentication, the <parameter>password level</parameter> -must be set to the maximum number of upper case letter which <emphasis>could</emphasis> -appear is a password. Note that is the server OS uses the traditional DES version -of crypt(), then a <parameter>password level</parameter> of 8 will result in case -insensitive passwords as seen from Windows users. This will also result in longer -login times as Samba hash to compute the permutations of the password string and -try them one by one until a match is located (or all combinations fail). -</para> - -<para> -The best option to adopt is to enable support for encrypted passwords -where ever Samba is used. There are three configuration possibilities -for support of encrypted passwords: -</para> - -</sect3> -<sect3> -<title>Use MS Windows NT as an authentication server</title> - -<para> -This method involves the additions of the following parameters in the smb.conf file: -</para> - -<para><programlisting> - encrypt passwords = Yes - security = server - password server = "NetBIOS_name_of_PDC" -</programlisting></para> - - -<para> -There are two ways of identifying whether or not a username and -password pair was valid or not. One uses the reply information provided -as part of the authentication messaging process, the other uses -just and error code. -</para> - -<para> -The down-side of this mode of configuration is the fact that -for security reasons Samba will send the password server a bogus -username and a bogus password and if the remote server fails to -reject the username and password pair then an alternative mode -of identification of validation is used. Where a site uses password -lock out after a certain number of failed authentication attempts -this will result in user lockouts. -</para> - -<para> -Use of this mode of authentication does require there to be -a standard Unix account for the user, this account can be blocked -to prevent logons by other than MS Windows clients. -</para> - -</sect3> -</sect2> - -<sect2> -<title>Domain Level Security</title> - -<para> -When samba is operating in <emphasis>security = domain</emphasis> mode this means that -the Samba server has a domain security trust account (a machine account) and will cause -all authentication requests to be passed through to the domain controllers. -</para> - -<sect3> -<title>Samba as a member of an MS Windows NT security domain</title> - -<para> -This method involves additon of the following paramters in the smb.conf file: -</para> - -<para><programlisting> - encrypt passwords = Yes - security = domain - workgroup = "name of NT domain" - password server = * -</programlisting></para> - -<para> -The use of the "*" argument to "password server" will cause samba to locate the -domain controller in a way analogous to the way this is done within MS Windows NT. -This is the default behaviour. -</para> - -<para> -In order for this method to work the Samba server needs to join the -MS Windows NT security domain. This is done as follows: -</para> - -<itemizedlist> - <listitem><para>On the MS Windows NT domain controller using - the Server Manager add a machine account for the Samba server. - </para></listitem> - - <listitem><para>Next, on the Linux system execute: - <command>smbpasswd -r PDC_NAME -j DOMAIN_NAME</command> - </para></listitem> -</itemizedlist> - -<para> -Use of this mode of authentication does require there to be a standard Unix account -for the user in order to assign a uid once the account has been authenticated by -the remote Windows DC. This account can be blocked to prevent logons by other than -MS Windows clients by things such as setting an invalid shell in the -<filename>/etc/passwd</filename> entry. -</para> - -<para> -An alternative to assigning UIDs to Windows users on a Samba member server is -presented in the <ulink url="winbind.html">Winbind Overview</ulink> chapter -in this HOWTO collection. -</para> - -</sect3> -</sect2> - -<sect2> -<title>ADS Level Security</title> - -<para> -For information about the configuration option please refer to the entire section entitled -<emphasis>Samba as an ADS Domain Member.</emphasis> -</para> - -</sect2> -</sect1> </chapter> diff --git a/docs/docbook/projdoc/upgrading-to-3.0.sgml b/docs/docbook/projdoc/upgrading-to-3.0.sgml index cd0ec2064d..f227556151 100644 --- a/docs/docbook/projdoc/upgrading-to-3.0.sgml +++ b/docs/docbook/projdoc/upgrading-to-3.0.sgml @@ -24,12 +24,16 @@ In 3.0, the following configuration options have been removed. </para> <simplelist> -<member>printer driver (replaced by new driver procedures) </member> -<member>printer driver file (replaced by new driver procedures)</member> -<member>printer driver location (replaced by new driver procedures)</member> +<member>printer driver</member> +<member>printer driver file</member> +<member>printer driver location</member> <member>use rhosts</member> <member>postscript</member> -<member>client code page (replaced by dos charset)</member> </simplelist> + +<para>The first three options have been replaced by new driver procedures. +Please read the printing documentation.</para> + </sect1> + </chapter> diff --git a/docs/docbook/smbdotconf/.cvsignore b/docs/docbook/smbdotconf/.cvsignore deleted file mode 100644 index 0f8c6cb0ed..0000000000 --- a/docs/docbook/smbdotconf/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -parameters.all.xml -parameters.global.xml -parameters.service.xml - diff --git a/docs/docbook/smbdotconf/README b/docs/docbook/smbdotconf/README deleted file mode 100644 index e69d30af5f..0000000000 --- a/docs/docbook/smbdotconf/README +++ /dev/null @@ -1,159 +0,0 @@ -DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0 - -Author of the document: Alexander Bokovoy <ab@samba.org> - -Welcome to new smb.conf(5) documentation build system! This directory -contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2 -sources. Note that the output might be unsatisfying untill all smb.conf(5) -parameters will converted to new format (see Chapter 4 for details). - -Content -------- - -0. Prerequisites -1. Structure -2. XSLT stylesheets -3. Usage -4. Current status of converted parameters - -Prerequisites -------------- - -In order to compile smb.conf(5) documentation from Docbook XML 4.2 -sources you'll need: - - - a working libxml2 and libxslt installation, together with xsltproc utility - - - a locally installed Docbook XSL 4.2 or higher - - - a working xmlcatalog to eliminate Web access for Docbook XSL - -The latter requisite is important: we do not specify local copies of -Docbook XSL stylesheets in our XSLTs because of real nightmare in their -location in most distributions. Fortunately, libxml2 provides standard -way to access locally installed external resources via so-called -'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and -some other distributions but wasn't at the moment of this writting (Late -March'03) in Debian. - -Structure ---------- - -smb.conf(5) sources consist of a number of XML files distributed across -a number of subdirectories. Each subdirectory represents a group of -smb.conf(5) parameters dedicated to one specific task as described in -Samba's loadparm.c source file (and shown in SWAT). - -Each XML file in subdirectories represents one parameter description, -together with some additional meta-information about it. Complete list -of meta-information attributes - -attribute description -------------------------------------------------------------------- -name smb.conf(5) parameter name -context G for global, S for services -basic set to 1 if loadparm.c's description -wizard includes appropriate flag for -advanced this parameter (FLAG_BASIC, -developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER) -------------------------------------------------------------------- - -Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general -stub for man page and several XML instructions to include: - - - a list of global parameters (auto-generated); - - - a list of service parameters (auto-generated); - - - a complete list of alphabetically sorted parameters (auto-generated). - -XSLT stylesheets ----------------- - -In order to combine and build final version of smb.conf(5) we apply a -set of XSLT stylesheets to smb.conf(5) sources. Following is the -complete description of existing stylesheets in smb.conf(5) source tree: - -1. [expand-smb.conf.xsl] Main driver, produces big XML source with all -smaller components combined. The resulted tree is then feed to Docbook -XSL for final producing. - -This stylesheet performs two main transformations: - - - Replaces <samba:parameter> tag by <varlistentry> one; - - - Generates <term> and <anchor> tags for each <samba:parameter>. - -The latter step needs some explanation. We generate automatically -<anchor> and <term> tags based on meta-information about parameter. This -way all anchors have predictable names (capitalized parameter name with -all spaces supressed) and we really don't need to dublicate data. - -There was only one exception to the generation rule in smb.conf.5.sgml: -"use spnego" parameter had anchor SPNEGO which is now unified to -USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO -achnor. - -2. [generate-context.xsl] An utility stylesheet which main purpose is to -produce a list of parameters which are applicable for selected context -(global or service). - -The generate-context.xsl is run twice to generate both -parameters.global.xml and parameters.service.xml which are included then -by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file -which is generated by [generate-file-list.sh] shell script. - -The parameters.all.xml file contains a complete list of include -instructions for XSLT processor to include all small XML files from -subdirectories. - -3. [man.xsl] Our local copy of Docbook XML to man(5) transformer. It -fixes some annoying errors in official Docbook XSL stylesheets and adds -our tuned parameters. This file really belongs to upper level where it -would occur later, as we'll move to Docbook XML completely. - -4. [split-original-smb.conf.xsl] This stylesheet isn't required anymore. -It was used for initial split of SGML-based smb.conf.5.sgml onto a set -of per-parameter XML files. I left it in source tree just for historical -interest. :) - -Usage ------ - -1. Generate [parameters.all.xml]: - sh generate-file-list.sh >parameters.all.xml - -2. Generate [parameters.global.xml]: - xsltproc --xinclude \ - --param smb.context "'G'" \ - --output parameters.global.xml \ - generate-context.xsl parameters.all.xml - -3. Generate [parameters.service.xml]: - xsltproc --xinclude \ - --param smb.context "'S'" \ - --output parameters.service.xml \ - generate-context.xsl parameters.all.xml - -4. Process smb.conf.5.xml (for example, to HTML): - xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \ - xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - > smb.conf.5.html - -Note that in step 4 we are not saving preprocessed smb.conf.5.xml to -disk and directly passing it to the next XSLT processor (in this case -- -Docbook XML to HTML generator). - -For convenience, this sequence of commands is added into source tree as -process-all.sh - -Current state of converted parameters -------------------------------------- - -Only 'base' parameters converted so far to serve as example of -formatting. - -All undocumented parameters are listed in doc-status file in of Samba's -docs/ directory. - -Any help is greatly appreciated. - diff --git a/docs/docbook/smbdotconf/browse/browsable.xml b/docs/docbook/smbdotconf/browse/browsable.xml deleted file mode 100644 index 779571cff2..0000000000 --- a/docs/docbook/smbdotconf/browse/browsable.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BROWSABLE"/>browsable (S)</term> - <listitem><para>See the <link linkend="BROWSEABLE"><parameter moreinfo="none"> - browseable</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browseable.xml b/docs/docbook/smbdotconf/browse/browseable.xml deleted file mode 100644 index c223d6c7d7..0000000000 --- a/docs/docbook/smbdotconf/browse/browseable.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BROWSEABLE"/>browseable (S)</term> - <listitem><para>This controls whether this share is seen in - the list of available shares in a net view and in the browse list.</para> - - <para>Default: <command moreinfo="none">browseable = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/browselist.xml b/docs/docbook/smbdotconf/browse/browselist.xml deleted file mode 100644 index f15e2caf2a..0000000000 --- a/docs/docbook/smbdotconf/browse/browselist.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BROWSELIST"/>browse list (G)</term> - <listitem><para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will serve a browse list to - a client doing a <command moreinfo="none">NetServerEnum</command> call. Normally - set to <constant>yes</constant>. You should never need to change - this.</para> - - <para>Default: <command moreinfo="none">browse list = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/domainmaster.xml b/docs/docbook/smbdotconf/browse/domainmaster.xml deleted file mode 100644 index cf2d504e4d..0000000000 --- a/docs/docbook/smbdotconf/browse/domainmaster.xml +++ /dev/null @@ -1,34 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOMAINMASTER"/>domain master (G)</term> - <listitem><para>Tell <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list - collation. Setting this option causes <command moreinfo="none">nmbd</command> to - claim a special domain specific NetBIOS name that identifies - it as a domain master browser for its given <link linkend="WORKGROUP"> - <parameter moreinfo="none">workgroup</parameter></link>. Local master browsers - in the same <parameter moreinfo="none">workgroup</parameter> on broadcast-isolated - subnets will give this <command moreinfo="none">nmbd</command> their local browse lists, - and then ask <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse - list for the whole wide area network. Browser clients will then contact - their local master browser, and will receive the domain-wide browse list, - instead of just the list for their broadcast-isolated subnet.</para> - - <para>Note that Windows NT Primary Domain Controllers expect to be - able to claim this <parameter moreinfo="none">workgroup</parameter> specific special - NetBIOS name that identifies them as domain master browsers for - that <parameter moreinfo="none">workgroup</parameter> by default (i.e. there is no - way to prevent a Windows NT PDC from attempting to do this). This - means that if this parameter is set and <command moreinfo="none">nmbd</command> claims - the special name for a <parameter moreinfo="none">workgroup</parameter> before a Windows - NT PDC is able to do so then cross subnet browsing will behave - strangely and may fail.</para> - - <para>If <link linkend="DOMAINLOGONS"><command moreinfo="none">domain logons = yes</command> - </link>, then the default behavior is to enable the <parameter moreinfo="none">domain - master</parameter> parameter. If <parameter moreinfo="none">domain logons</parameter> is - not enabled (the default setting), then neither will <parameter moreinfo="none">domain - master</parameter> be enabled by default.</para> - - <para>Default: <command moreinfo="none">domain master = auto</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml deleted file mode 100644 index cf8d3e54b9..0000000000 --- a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ENHANCEDBROWSING"/>enhanced browsing (G)</term> - <listitem><para>This option enables a couple of enhancements to - cross-subnet browse propagation that have been added in Samba - but which are not standard in Microsoft implementations. - </para> - - <para>The first enhancement to browse propagation consists of a regular - wildcard query to a Samba WINS server for all Domain Master Browsers, - followed by a browse synchronization with each of the returned - DMBs. The second enhancement consists of a regular randomised browse - synchronization with all currently known DMBs.</para> - - <para>You may wish to disable this option if you have a problem with empty - workgroups not disappearing from browse lists. Due to the restrictions - of the browse protocols these enhancements can cause a empty workgroup - to stay around forever which can be annoying.</para> - - <para>In general you should leave this option enabled as it makes - cross-subnet browse propagation much more reliable.</para> - - <para>Default: <command moreinfo="none">enhanced browsing = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lmannounce.xml b/docs/docbook/smbdotconf/browse/lmannounce.xml deleted file mode 100644 index 1551c0991e..0000000000 --- a/docs/docbook/smbdotconf/browse/lmannounce.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LMANNOUNCE"/>lm announce (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce - broadcasts that are needed by OS/2 clients in order for them to see - the Samba server in their browse list. This parameter can have three - values, <constant>yes</constant>, <constant>no</constant>, or - <constant>auto</constant>. The default is <constant>auto</constant>. - If set to <constant>no</constant> Samba will never produce these - broadcasts. If set to <constant>yes</constant> Samba will produce - Lanman announce broadcasts at a frequency set by the parameter - <parameter moreinfo="none">lm interval</parameter>. If set to <constant>auto</constant> - Samba will not send Lanman announce broadcasts by default but will - listen for them. If it hears such a broadcast on the wire it will - then start sending them at a frequency set by the parameter - <parameter moreinfo="none">lm interval</parameter>.</para> - - <para>See also <link linkend="LMINTERVAL"><parameter moreinfo="none">lm interval - </parameter></link>.</para> - - <para>Default: <command moreinfo="none">lm announce = auto</command></para> - <para>Example: <command moreinfo="none">lm announce = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/lminterval.xml b/docs/docbook/smbdotconf/browse/lminterval.xml deleted file mode 100644 index cc17dc15b0..0000000000 --- a/docs/docbook/smbdotconf/browse/lminterval.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LMINTERVAL"/>lm interval (G)</term> - <listitem><para>If Samba is set to produce Lanman announce - broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE"> - <parameter moreinfo="none">lm announce</parameter></link> parameter) then this - parameter defines the frequency in seconds with which they will be - made. If this is set to zero then no Lanman announcements will be - made despite the setting of the <parameter moreinfo="none">lm announce</parameter> - parameter.</para> - - <para>See also <link linkend="LMANNOUNCE"><parameter moreinfo="none">lm - announce</parameter></link>.</para> - - <para>Default: <command moreinfo="none">lm interval = 60</command></para> - <para>Example: <command moreinfo="none">lm interval = 120</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/localmaster.xml b/docs/docbook/smbdotconf/browse/localmaster.xml deleted file mode 100644 index dffbd3cb19..0000000000 --- a/docs/docbook/smbdotconf/browse/localmaster.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCALMASTER"/>local master (G)</term> - <listitem><para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser - on a subnet. If set to <constant>no</constant> then <command moreinfo="none"> - nmbd</command> will not attempt to become a local master browser - on a subnet and will also lose in all browsing elections. By - default this value is set to <constant>yes</constant>. Setting this value to <constant>yes</constant> doesn't - mean that Samba will <emphasis>become</emphasis> the local master - browser on a subnet, just that <command moreinfo="none">nmbd</command> will <emphasis> - participate</emphasis> in elections for local master browser.</para> - - <para>Setting this value to <constant>no</constant> will cause <command moreinfo="none">nmbd</command> - <emphasis>never</emphasis> to become a local master browser.</para> - - <para>Default: <command moreinfo="none">local master = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/oslevel.xml b/docs/docbook/smbdotconf/browse/oslevel.xml deleted file mode 100644 index 927db32204..0000000000 --- a/docs/docbook/smbdotconf/browse/oslevel.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OSLEVEL"/>os level (G)</term> - <listitem><para>This integer value controls what level Samba - advertises itself as for browse elections. The value of this - parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - has a chance of becoming a local master browser for the <parameter moreinfo="none"> - WORKGROUP</parameter> in the local broadcast area.</para> - - <para><emphasis>Note :</emphasis>By default, Samba will win - a local master browsing election over all Microsoft operating - systems except a Windows NT 4.0/2000 Domain Controller. This - means that a misconfigured Samba host can effectively isolate - a subnet for browsing purposes. See <filename moreinfo="none">BROWSING.txt - </filename> in the Samba <filename moreinfo="none">docs/</filename> directory - for details.</para> - - <para>Default: <command moreinfo="none">os level = 20</command></para> - <para>Example: <command moreinfo="none">os level = 65 </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferedmaster.xml b/docs/docbook/smbdotconf/browse/preferedmaster.xml deleted file mode 100644 index 8098626c51..0000000000 --- a/docs/docbook/smbdotconf/browse/preferedmaster.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREFEREDMASTER"/>prefered master (G)</term> - <listitem><para>Synonym for <link linkend="PREFERREDMASTER"><parameter moreinfo="none"> - preferred master</parameter></link> for people who cannot spell :-).</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/browse/preferredmaster.xml b/docs/docbook/smbdotconf/browse/preferredmaster.xml deleted file mode 100644 index 53934fdb78..0000000000 --- a/docs/docbook/smbdotconf/browse/preferredmaster.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREFERREDMASTER"/>preferred master (G)</term> - <listitem><para>This boolean parameter controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> is a preferred master browser - for its workgroup.</para> - - <para>If this is set to <constant>yes</constant>, on startup, <command moreinfo="none">nmbd</command> - will force an election, and it will have a slight advantage in - winning the election. It is recommended that this parameter is - used in conjunction with <command moreinfo="none"><link linkend="DOMAINMASTER"><parameter moreinfo="none"> - domain master</parameter></link> = yes</command>, so that <command moreinfo="none"> - nmbd</command> can guarantee becoming a domain master.</para> - - <para>Use this option with caution, because if there are several - hosts (whether Samba servers, Windows 95 or NT) that are preferred - master browsers on the same subnet, they will each periodically - and continuously attempt to become the local master browser. - This will result in unnecessary broadcast traffic and reduced browsing - capabilities.</para> - - <para>See also <link linkend="OSLEVEL"><parameter moreinfo="none">os level</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">preferred master = auto</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml deleted file mode 100644 index 14e6d9c5df..0000000000 --- a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MACHINEPASSWORDTIMEOUT"/>machine password timeout (G)</term> - <listitem><para>If a Samba server is a member of a Windows - NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) - parameter) then periodically a running <ulink url="smbd.8.html"> - smbd(8)</ulink> process will try and change the MACHINE ACCOUNT - PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb - </filename>. This parameter specifies how often this password - will be changed, in seconds. The default is one week (expressed in - seconds), the same as a Windows NT Domain member server.</para> - - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN"> - security = domain</link>) parameter.</para> - - <para>Default: <command moreinfo="none">machine password timeout = 604800</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/expand-smb.conf.xsl b/docs/docbook/smbdotconf/expand-smb.conf.xsl deleted file mode 100644 index 87b4898cf7..0000000000 --- a/docs/docbook/smbdotconf/expand-smb.conf.xsl +++ /dev/null @@ -1,74 +0,0 @@ -<?xml version='1.0'?> -<!-- vim:set sts=2 shiftwidth=2 syntax=xml: --> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - xmlns:exsl="http://exslt.org/common" - xmlns:samba="http://samba.org/common" - version="1.1" - extension-element-prefixes="exsl"> - -<xsl:output method="xml"/> - -<!-- Generates one big XML file for smb.conf --> - -<xsl:param name="xmlSambaNsUri" select="'http://samba.org/common'"/> - -<!-- This is needed to copy content unchanged --> -<xsl:template match="@*|node()"> - <xsl:copy> - <xsl:apply-templates select="@*|node()"/> - </xsl:copy> -</xsl:template> - - -<xsl:template match="//samba:parameter"> - <!-- reconstruct varlistentry - not all of them will go into separate files - and also we must repair the main varlistentry itself. - --> - <xsl:message> - <xsl:text>Processing samba:parameter (</xsl:text> - <xsl:value-of select="@name"/> - <xsl:text>)</xsl:text> - </xsl:message> - - <xsl:variable name="name"><xsl:value-of select="translate(translate(string(@name),' ',''), - 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> - </xsl:variable> - - <xsl:variable name="anchor"> - <xsl:element name="anchor"> - <xsl:attribute name="id"> - <xsl:value-of select="$name"/> - </xsl:attribute> - </xsl:element> - </xsl:variable> - - <xsl:variable name="context"> - <xsl:text> (</xsl:text> - <xsl:value-of select="@context"/> - <xsl:text>)</xsl:text> - </xsl:variable> - - <xsl:variable name="term"> - <xsl:element name="term"> - <xsl:copy-of select="$anchor"/> - <xsl:value-of select="@name"/> - <xsl:value-of select="$context"/> - </xsl:element> - </xsl:variable> - - <xsl:variable name="content"> - <xsl:apply-templates/> - </xsl:variable> - - <xsl:element name="varlistentry"> - <xsl:text> -</xsl:text> - <xsl:copy-of select="$term"/> - <xsl:copy-of select="$content"/> - <xsl:text> -</xsl:text> - </xsl:element> - -</xsl:template> - -</xsl:stylesheet> diff --git a/docs/docbook/smbdotconf/filename/casesensitive.xml b/docs/docbook/smbdotconf/filename/casesensitive.xml deleted file mode 100644 index 622aea329e..0000000000 --- a/docs/docbook/smbdotconf/filename/casesensitive.xml +++ /dev/null @@ -1,7 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CASESENSITIVE"/>case sensitive (S)</term> - <listitem><para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para> - - <para>Default: <command moreinfo="none">case sensitive = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/casesignames.xml b/docs/docbook/smbdotconf/filename/casesignames.xml deleted file mode 100644 index 94bcb85984..0000000000 --- a/docs/docbook/smbdotconf/filename/casesignames.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CASESIGNAMES"/>casesignames (S)</term> - <listitem><para>Synonym for <link linkend="CASESENSITIVE">case - sensitive</link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/defaultcase.xml b/docs/docbook/smbdotconf/filename/defaultcase.xml deleted file mode 100644 index f2bdf5db1c..0000000000 --- a/docs/docbook/smbdotconf/filename/defaultcase.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULTCASE"/>default case (S)</term> - <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE"> - <parameter moreinfo="none">short preserve case</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">default case = lower</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/deletevetofiles.xml b/docs/docbook/smbdotconf/filename/deletevetofiles.xml deleted file mode 100644 index 49a5e2232f..0000000000 --- a/docs/docbook/smbdotconf/filename/deletevetofiles.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEVETOFILES"/>delete veto files (S)</term> - <listitem><para>This option is used when Samba is attempting to - delete a directory that contains one or more vetoed directories - (see the <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> - option). If this option is set to <constant>no</constant> (the default) then if a vetoed - directory contains any non-vetoed files or directories then the - directory delete will fail. This is usually what you want.</para> - - <para>If this option is set to <constant>yes</constant>, then Samba - will attempt to recursively delete any files and directories within - the vetoed directory. This can be useful for integration with file - serving systems such as NetAtalk which create meta-files within - directories you might normally veto DOS/Windows users from seeing - (e.g. <filename moreinfo="none">.AppleDouble</filename>)</para> - - <para>Setting <command moreinfo="none">delete veto files = yes</command> allows these - directories to be transparently deleted when the parent directory - is deleted (so long as the user has permissions to do so).</para> - - <para>See also the <link linkend="VETOFILES"><parameter moreinfo="none">veto - files</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">delete veto files = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidedotfiles.xml b/docs/docbook/smbdotconf/filename/hidedotfiles.xml deleted file mode 100644 index 63e87d8059..0000000000 --- a/docs/docbook/smbdotconf/filename/hidedotfiles.xml +++ /dev/null @@ -1,7 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEDOTFILES"/>hide dot files (S)</term> - <listitem><para>This is a boolean parameter that controls whether - files starting with a dot appear as hidden files.</para> - - <para>Default: <command moreinfo="none">hide dot files = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidefiles.xml b/docs/docbook/smbdotconf/filename/hidefiles.xml deleted file mode 100644 index 6f93a2a239..0000000000 --- a/docs/docbook/smbdotconf/filename/hidefiles.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEFILES"/>hide files(S)</term> - <listitem><para>This is a list of files or directories that are not - visible but are accessible. The DOS 'hidden' attribute is applied - to any files or directories that match.</para> - - <para>Each entry in the list must be separated by a '/', - which allows spaces to be included in the entry. '*' - and '?' can be used to specify multiple files or directories - as in DOS wildcards.</para> - - <para>Each entry must be a Unix path, not a DOS path and must - not include the Unix directory separator '/'.</para> - - <para>Note that the case sensitivity option is applicable - in hiding files.</para> - - <para>Setting this parameter will affect the performance of Samba, - as it will be forced to check all files and directories for a match - as they are scanned.</para> - - <para>See also <link linkend="HIDEDOTFILES"><parameter moreinfo="none">hide - dot files</parameter></link>, <link linkend="VETOFILES"><parameter moreinfo="none"> - veto files</parameter></link> and <link linkend="CASESENSITIVE"> - <parameter moreinfo="none">case sensitive</parameter></link>.</para> - - <para>Default: <emphasis>no file are hidden</emphasis></para> - <para>Example: <command moreinfo="none">hide files = - /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para> - - <para>The above example is based on files that the Macintosh - SMB client (DAVE) available from <ulink url="http://www.thursby.com"> - Thursby</ulink> creates for internal use, and also still hides - all files beginning with a dot.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml deleted file mode 100644 index 9a8c206097..0000000000 --- a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDESPECIALFILES"/>hide special files (G)</term> - <listitem><para>This parameter prevents clients from seeing - special files such as sockets, devices and fifo's in directory - listings. - </para> - - <para>Default: <command moreinfo="none">hide special files = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunreadable.xml b/docs/docbook/smbdotconf/filename/hideunreadable.xml deleted file mode 100644 index d25153f103..0000000000 --- a/docs/docbook/smbdotconf/filename/hideunreadable.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEUNREADABLE"/>hide unreadable (G)</term> - <listitem><para>This parameter prevents clients from seeing the - existance of files that cannot be read. Defaults to off.</para> - - <para>Default: <command moreinfo="none">hide unreadable = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml deleted file mode 100644 index 9e28e8de5c..0000000000 --- a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDEUNWRITEABLEFILES"/>hide unwriteable files (G)</term> - <listitem><para>This parameter prevents clients from seeing - the existance of files that cannot be written to. Defaults to off. - Note that unwriteable directories are shown as usual. - </para> - - <para>Default: <command moreinfo="none">hide unwriteable = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglecase.xml b/docs/docbook/smbdotconf/filename/manglecase.xml deleted file mode 100644 index 170d77d453..0000000000 --- a/docs/docbook/smbdotconf/filename/manglecase.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLECASE"/>mangle case (S)</term> - <listitem><para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link></para> - - <para>Default: <command moreinfo="none">mangle case = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledmap.xml b/docs/docbook/smbdotconf/filename/mangledmap.xml deleted file mode 100644 index abe6c031e0..0000000000 --- a/docs/docbook/smbdotconf/filename/mangledmap.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEDMAP"/>mangled map (S)</term> - <listitem><para>This is for those who want to directly map UNIX - file names which cannot be represented on Windows/DOS. The mangling - of names is not always what is needed. In particular you may have - documents with file extensions that differ between DOS and UNIX. - For example, under UNIX it is common to use <filename moreinfo="none">.html</filename> - for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename> - is more commonly used.</para> - - <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename> - you would use:</para> - - <para><command moreinfo="none">mangled map = (*.html *.htm)</command></para> - - <para>One very useful case is to remove the annoying <filename moreinfo="none">;1 - </filename> off the ends of filenames on some CDROMs (only visible - under some UNIXes). To do this use a map of (*;1 *;).</para> - - <para>Default: <emphasis>no mangled map</emphasis></para> - <para>Example: <command moreinfo="none">mangled map = (*;1 *;)</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglednames.xml b/docs/docbook/smbdotconf/filename/manglednames.xml deleted file mode 100644 index 41592b3159..0000000000 --- a/docs/docbook/smbdotconf/filename/manglednames.xml +++ /dev/null @@ -1,58 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEDNAMES"/>mangled names (S)</term> - <listitem><para>This controls whether non-DOS names under UNIX - should be mapped to DOS-compatible names ("mangled") and made visible, - or whether non-DOS names should simply be ignored.</para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link> for details on how to control the mangling process.</para> - - <para>If mangling is used then the mangling algorithm is as follows:</para> - - <itemizedlist> - <listitem><para>The first (up to) five alphanumeric characters - before the rightmost dot of the filename are preserved, forced - to upper case, and appear as the first (up to) five characters - of the mangled name.</para></listitem> - - <listitem><para>A tilde "~" is appended to the first part of the mangled - name, followed by a two-character unique sequence, based on the - original root name (i.e., the original filename minus its final - extension). The final extension is included in the hash calculation - only if it contains any upper case characters or is longer than three - characters.</para> - - <para>Note that the character to use may be specified using - the <link linkend="MANGLINGCHAR"><parameter moreinfo="none">mangling char</parameter> - </link> option, if you don't like '~'.</para></listitem> - - <listitem><para>The first three alphanumeric characters of the final - extension are preserved, forced to upper case and appear as the - extension of the mangled name. The final extension is defined as that - part of the original filename after the rightmost dot. If there are no - dots in the filename, the mangled name will have no extension (except - in the case of "hidden files" - see below).</para></listitem> - - <listitem><para>Files whose UNIX name begins with a dot will be - presented as DOS hidden files. The mangled name will be created as - for other filenames, but with the leading dot removed and "___" as - its extension regardless of actual original extension (that's three - underscores).</para></listitem> - </itemizedlist> - - <para>The two-digit hash value consists of upper case - alphanumeric characters.</para> - - <para>This algorithm can cause name collisions only if files - in a directory share the same first five alphanumeric characters. - The probability of such a clash is 1/1300.</para> - - <para>The name mangling (if enabled) allows a file to be - copied between UNIX directories from Windows/DOS while retaining - the long UNIX filename. UNIX files can be renamed to a new extension - from Windows/DOS and will retain the same basename. Mangled names - do not change between sessions.</para> - - <para>Default: <command moreinfo="none">mangled names = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml deleted file mode 100644 index 3e6099ba92..0000000000 --- a/docs/docbook/smbdotconf/filename/mangledstack.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEDSTACK"/>mangled stack (G)</term> - <listitem><para>This parameter controls the number of mangled names - that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>This stack is a list of recently mangled base names - (extensions are only maintained if they are longer than 3 characters - or contains upper case characters).</para> - - <para>The larger this value, the more likely it is that mangled - names can be successfully converted to correct long UNIX names. - However, large stack sizes will slow most directory accesses. Smaller - stacks save memory in the server (each stack element costs 256 bytes). - </para> - - <para>It is not possible to absolutely guarantee correct long - filenames, so be prepared for some surprises!</para> - - <para>Default: <command moreinfo="none">mangled stack = 50</command></para> - <para>Example: <command moreinfo="none">mangled stack = 100</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml deleted file mode 100644 index 7dfd46199c..0000000000 --- a/docs/docbook/smbdotconf/filename/mangleprefix.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLEPREFIX"/>mangle prefix (G)</term> - <listitem><para> controls the number of prefix - characters from the original name used when generating - the mangled names. A larger value will give a weaker - hash and therefore more name collisions. The minimum - value is 1 and the maximum value is 6.</para> - <para>Default: <command moreinfo="none">mangle prefix = 1</command></para> - <para>Example: <command moreinfo="none">mangle prefix = 4</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml deleted file mode 100644 index e6a9050466..0000000000 --- a/docs/docbook/smbdotconf/filename/manglingchar.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLINGCHAR"/>mangling char (S)</term> - <listitem><para>This controls what character is used as - the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The default is a '~' - but this may interfere with some software. Use this option to set - it to whatever you prefer.</para> - - <para>Default: <command moreinfo="none">mangling char = ~</command></para> - <para>Example: <command moreinfo="none">mangling char = ^</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/manglingmethod.xml b/docs/docbook/smbdotconf/filename/manglingmethod.xml deleted file mode 100644 index 11f9e9eb01..0000000000 --- a/docs/docbook/smbdotconf/filename/manglingmethod.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MANGLINGMETHOD"/>mangling method (G)</term> - <listitem><para> controls the algorithm used for the generating - the mangled names. Can take two different values, "hash" and - "hash2". "hash" is the default and is the algorithm that has been - used in Samba for many years. "hash2" is a newer and considered - a better algorithm (generates less collisions) in the names. - However, many Win32 applications store the mangled names and so - changing to the new algorithm must not be done - lightly as these applications may break unless reinstalled.</para> - <para>Default: <command moreinfo="none">mangling method = hash2</command></para> - <para>Example: <command moreinfo="none">mangling method = hash</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maparchive.xml b/docs/docbook/smbdotconf/filename/maparchive.xml deleted file mode 100644 index 18f39791aa..0000000000 --- a/docs/docbook/smbdotconf/filename/maparchive.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPARCHIVE"/>map archive (S)</term> - <listitem><para>This controls whether the DOS archive attribute - should be mapped to the UNIX owner execute bit. The DOS archive bit - is set when a file has been modified since its last backup. One - motivation for this option it to keep Samba/your PC from making - any file it touches from becoming executable under UNIX. This can - be quite annoying for shared source code, documents, etc...</para> - - <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> - parameter to be set such that owner execute bit is not masked out - (i.e. it must include 100). See the parameter <link linkend="CREATEMASK"> - <parameter moreinfo="none">create mask</parameter></link> for details.</para> - - <para>Default: <command moreinfo="none">map archive = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/maphidden.xml b/docs/docbook/smbdotconf/filename/maphidden.xml deleted file mode 100644 index 2b0266c23e..0000000000 --- a/docs/docbook/smbdotconf/filename/maphidden.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPHIDDEN"/>map hidden (S)</term> - <listitem><para>This controls whether DOS style hidden files - should be mapped to the UNIX world execute bit.</para> - - <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> - to be set such that the world execute bit is not masked out (i.e. - it must include 001). See the parameter <link linkend="CREATEMASK"> - <parameter moreinfo="none">create mask</parameter></link> for details.</para> - - <para>Default: <command moreinfo="none">map hidden = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/mapsystem.xml b/docs/docbook/smbdotconf/filename/mapsystem.xml deleted file mode 100644 index ead629971a..0000000000 --- a/docs/docbook/smbdotconf/filename/mapsystem.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPSYSTEM"/>map system (S)</term> - <listitem><para>This controls whether DOS style system files - should be mapped to the UNIX group execute bit.</para> - - <para>Note that this requires the <parameter moreinfo="none">create mask</parameter> - to be set such that the group execute bit is not masked out (i.e. - it must include 010). See the parameter <link linkend="CREATEMASK"> - <parameter moreinfo="none">create mask</parameter></link> for details.</para> - - <para>Default: <command moreinfo="none">map system = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/preservecase.xml b/docs/docbook/smbdotconf/filename/preservecase.xml deleted file mode 100644 index 3be458ce15..0000000000 --- a/docs/docbook/smbdotconf/filename/preservecase.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRESERVECASE"/>preserve case (S)</term> - <listitem><para> This controls if new filenames are created - with the case that the client passes, or if they are forced to - be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case - </parameter></link>.</para> - - <para>Default: <command moreinfo="none">preserve case = yes</command></para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME - MANGLING</link> for a fuller discussion.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/shortpreservecase.xml b/docs/docbook/smbdotconf/filename/shortpreservecase.xml deleted file mode 100644 index 1c8b36380d..0000000000 --- a/docs/docbook/smbdotconf/filename/shortpreservecase.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHORTPRESERVECASE"/>short preserve case (S)</term> - <listitem><para>This boolean parameter controls if new files - which conform to 8.3 syntax, that is all in upper case and of - suitable length, are created upper case, or if they are forced - to be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case - </parameter></link>. This option can be use with <link linkend="PRESERVECASE"><command moreinfo="none">preserve case = yes</command> - </link> to permit long filenames to retain their case, while short - names are lowered. </para> - - <para>See the section on <link linkend="NAMEMANGLINGSECT"> - NAME MANGLING</link>.</para> - - <para>Default: <command moreinfo="none">short preserve case = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/statcache.xml b/docs/docbook/smbdotconf/filename/statcache.xml deleted file mode 100644 index ee94081483..0000000000 --- a/docs/docbook/smbdotconf/filename/statcache.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STATCACHE"/>stat cache (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will use a cache in order to - speed up case insensitive name mappings. You should never need - to change this parameter.</para> - - <para>Default: <command moreinfo="none">stat cache = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/stripdot.xml b/docs/docbook/smbdotconf/filename/stripdot.xml deleted file mode 100644 index ff877144a6..0000000000 --- a/docs/docbook/smbdotconf/filename/stripdot.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRIPDOT"/>strip dot (G)</term> - <listitem><para>This is a boolean that controls whether to - strip trailing dots off UNIX filenames. This helps with some - CDROMs that have filenames ending in a single dot.</para> - - <para>Default: <command moreinfo="none">strip dot = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/vetofiles.xml b/docs/docbook/smbdotconf/filename/vetofiles.xml deleted file mode 100644 index faef2040b9..0000000000 --- a/docs/docbook/smbdotconf/filename/vetofiles.xml +++ /dev/null @@ -1,46 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VETOFILES"/>veto files(S)</term> - <listitem><para>This is a list of files and directories that - are neither visible nor accessible. Each entry in the list must - be separated by a '/', which allows spaces to be included - in the entry. '*' and '?' can be used to specify multiple files - or directories as in DOS wildcards.</para> - - <para>Each entry must be a unix path, not a DOS path and - must <emphasis>not</emphasis> include the unix directory - separator '/'.</para> - - <para>Note that the <parameter moreinfo="none">case sensitive</parameter> option - is applicable in vetoing files.</para> - - <para>One feature of the veto files parameter that it - is important to be aware of is Samba's behaviour when - trying to delete a directory. If a directory that is - to be deleted contains nothing but veto files this - deletion will <emphasis>fail</emphasis> unless you also set - the <parameter moreinfo="none">delete veto files</parameter> parameter to - <parameter moreinfo="none">yes</parameter>.</para> - - <para>Setting this parameter will affect the performance - of Samba, as it will be forced to check all files and directories - for a match as they are scanned.</para> - - <para>See also <link linkend="HIDEFILES"><parameter moreinfo="none">hide files - </parameter></link> and <link linkend="CASESENSITIVE"><parameter moreinfo="none"> - case sensitive</parameter></link>.</para> - - <para>Default: <emphasis>No files or directories are vetoed. - </emphasis></para> - -<para>Examples:<programlisting format="linespecific"> -; Veto any files containing the word Security, -; any ending in .tmp, and any directory containing the -; word root. -veto files = /*Security*/*.tmp/*root*/ - -; Veto the Apple specific files that a NetAtalk server -; creates. -veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ -</programlisting></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml deleted file mode 100644 index 0c817c97f8..0000000000 --- a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VETOOPLOCKFILES"/>veto oplock files (S)</term> - <listitem><para>This parameter is only valid when the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter></link> - parameter is turned on for a share. It allows the Samba administrator - to selectively turn off the granting of oplocks on selected files that - match a wildcarded list, similar to the wildcarded list used in the - <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link> - parameter.</para> - - <para>Default: <emphasis>No files are vetoed for oplock - grants</emphasis></para> - - <para>You might want to do this on files that you know will - be heavily contended for by clients. A good example of this - is in the NetBench SMB benchmark program, which causes heavy - client contention for files ending in <filename moreinfo="none">.SEM</filename>. - To cause Samba not to grant oplocks on these files you would use - the line (either in the [global] section or in the section for - the particular NetBench share :</para> - - <para>Example: <command moreinfo="none">veto oplock files = /*.SEM/ - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/generate-context.xsl b/docs/docbook/smbdotconf/generate-context.xsl deleted file mode 100644 index c9ca31085c..0000000000 --- a/docs/docbook/smbdotconf/generate-context.xsl +++ /dev/null @@ -1,56 +0,0 @@ -<?xml version='1.0'?> -<!-- vim:set sts=2 shiftwidth=2 syntax=xml: --> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - xmlns:exsl="http://exslt.org/common" - xmlns:samba="http://samba.org/common" - version="1.1" - extension-element-prefixes="exsl"> - -<xsl:output method="xml" omit-xml-declaration="yes"/> - -<xsl:param name="smb.context" select="'G'"/> - -<!-- This is needed to copy content unchanged --> -<xsl:template match="@*|node()"> - <xsl:copy> - <xsl:apply-templates select="@*|node()"/> - </xsl:copy> -</xsl:template> - -<xsl:template match="variablelist"> - <xsl:element name="itemizedlist"> - <xsl:apply-templates/> - </xsl:element> -</xsl:template> - -<xsl:template match="//samba:parameter"> - <xsl:message> - <xsl:text>Processing samba:parameter (</xsl:text> - <xsl:value-of select="@name"/> - <xsl:text>)</xsl:text> - </xsl:message> - - <xsl:variable name="name"><xsl:value-of select="translate(translate(string(@name),' ',''), - 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> - </xsl:variable> - - <xsl:if test="contains(@context,$smb.context)"> - <xsl:element name="listitem"> - <xsl:element name="para"> - <xsl:element name="link"> - <xsl:attribute name="linkend"> - <xsl:value-of select="$name"/> - </xsl:attribute> - <xsl:element name="parameter"> - <xsl:attribute name="moreinfo"><xsl:text>none</xsl:text></xsl:attribute> - <xsl:value-of select="@name"/> - </xsl:element> - </xsl:element> - </xsl:element> - </xsl:element> - <xsl:text> -</xsl:text> - </xsl:if> -</xsl:template> - -</xsl:stylesheet> diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml deleted file mode 100644 index f92e8ce310..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term> - <listitem><para> The <parameter moreinfo="none">ldap admin dn</parameter> defines the Distinguished - Name (DN) name used by Samba to contact the ldap server when retreiving - user account information. The <parameter moreinfo="none">ldap - admin dn</parameter> is used in conjunction with the admin dn password - stored in the <filename moreinfo="none">private/secrets.tdb</filename> file. See the - <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> man page for more information on how - to accmplish this. - </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml deleted file mode 100644 index f4a820c16d..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPDELETEDN"/>ldap delete dn (G)</term> - <listitem><para> This parameter specifies whether a delete - operation in the ldapsam deletes the complete entry or only the attributes - specific to Samba. - </para> - - <para>Default : <emphasis>ldap delete dn = no</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml deleted file mode 100644 index 6ddf8db30f..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapfilter.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPFILTER"/>ldap filter (G)</term> - <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter. - The default is to match the login name with the <constant>uid</constant> - attribute for all entries matching the <constant>sambaAccount</constant> - objectclass. Note that this filter should only return one entry. - </para> - - - <para>Default : <command moreinfo="none">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml deleted file mode 100644 index e02bf9acfc..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term> - <listitem><para>It specifies where machines should be - added to the ldap tree. - </para> - - - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml deleted file mode 100644 index ce9449374d..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term> - <listitem><para>This option is used to define whether - or not Samba should sync the LDAP password with the NT - and LM hashes for normal accounts (NOT for - workstation, server or domain trusts) on a password - change via SAMBA. - </para> - - <para> - The <parameter moreinfo="none">ldap passwd sync</parameter> can be set to one of three values: - </para> - <itemizedlist> - <listitem><para><parameter moreinfo="none">Yes</parameter> = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem> - - <listitem><para><parameter moreinfo="none">No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem> - - <listitem><para><parameter moreinfo="none">Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem> - </itemizedlist> - - <para>Default : <command moreinfo="none">ldap passwd sync = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml deleted file mode 100644 index 97c256d423..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapport.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPPORT"/>ldap port (G)</term> - <listitem><para>This parameter is only available if Samba has been - configure to include the <command moreinfo="none">--with-ldapsam</command> option - at compile time. - </para> - - <para> - This option is used to control the tcp port number used to contact - the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>. - The default is to use the stand LDAPS port 636. - </para> - - <para>See Also: <link linkend="LDAPSSL">ldap ssl</link> - </para> - - <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para> - <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml deleted file mode 100644 index 33d5652ac9..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapserver.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPSERVER"/>ldap server (G)</term> - <listitem><para>This parameter is only available if Samba has been - configure to include the <command moreinfo="none">--with-ldapsam</command> option - at compile time. - </para> - - <para> - This parameter should contain the FQDN of the ldap directory - server which should be queried to locate user account information. - </para> - - <para>Default : <command moreinfo="none">ldap server = localhost</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml deleted file mode 100644 index d747d8f7df..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapssl.xml +++ /dev/null @@ -1,30 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPSSL"/>ldap ssl (G)</term> - <listitem><para>This option is used to define whether or not Samba should - use SSL when connecting to the ldap server - This is <emphasis>NOT</emphasis> related to - Samba's previous SSL support which was enabled by specifying the - <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> - script. - </para> - - <para> - The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values: - </para> - <itemizedlist> - <listitem><para><parameter moreinfo="none">Off</parameter> = Never use SSL when querying the directory.</para></listitem> - - <listitem><para><parameter moreinfo="none">Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation - (RFC2830) for communicating with the directory server.</para></listitem> - - <listitem><para><parameter moreinfo="none">On</parameter> = - Use SSL on the ldaps port when contacting the - <parameter moreinfo="none">ldap server</parameter>. Only - available when the backwards-compatiblity <command moreinfo="none"> - --with-ldapsam</command> option is specified - to configure. See <link linkend="PASSDBBACKEND"><parameter moreinfo="none">passdb backend</parameter></link></para></listitem> - </itemizedlist> - - <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml deleted file mode 100644 index dae15f8104..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term> - <listitem> - <para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command moreinfo="none">ldap user suffix</command> and <command moreinfo="none">ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para> - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml deleted file mode 100644 index 8fe4a1400b..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term> - <listitem><para>Normally, Samba validates each entry - in the LDAP server against getpwnam(). This allows - LDAP to be used for Samba with the unix system using - NIS (for example) and also ensures that Samba does not - present accounts that do not otherwise exist. </para> - <para>This option is used to disable this functionality, and - instead to rely on the presence of the appropriate - attributes in LDAP directly, which can result in a - significant performance boost in some situations. - Setting this option to yes effectivly assumes - that the local machine is running <command moreinfo="none">nss_ldap</command> against the - same LDAP server.</para> - - <para>Default: <command moreinfo="none">ldap trust ids = No</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml deleted file mode 100644 index e4fb681e23..0000000000 --- a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term> - <listitem><para>It specifies where users are added to the tree. - </para> - - - - <para>Default : <emphasis>none</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/blockinglocks.xml b/docs/docbook/smbdotconf/locking/blockinglocks.xml deleted file mode 100644 index ea5e90b5cd..0000000000 --- a/docs/docbook/smbdotconf/locking/blockinglocks.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BLOCKINGLOCKS"/>blocking locks (S)</term> - <listitem><para>This parameter controls the behavior - of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when given a request by a client - to obtain a byte range lock on a region of an open file, and the - request has a time limit associated with it.</para> - - <para>If this parameter is set and the lock range requested - cannot be immediately satisfied, samba will internally - queue the lock request, and periodically attempt to obtain - the lock until the timeout period expires.</para> - - <para>If this parameter is set to <constant>no</constant>, then - samba will behave as previous versions of Samba would and - will fail the lock request immediately if the lock range - cannot be obtained.</para> - - <para>Default: <command moreinfo="none">blocking locks = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/cscpolicy.xml b/docs/docbook/smbdotconf/locking/cscpolicy.xml deleted file mode 100644 index e5139bc4f3..0000000000 --- a/docs/docbook/smbdotconf/locking/cscpolicy.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CSCPOLICY"/>csc policy (S)</term> - <listitem><para>This stands for <emphasis>client-side caching - policy</emphasis>, and specifies how clients capable of offline - caching will cache the files in the share. The valid values - are: manual, documents, programs, disable.</para> - - <para>These values correspond to those used on Windows - servers.</para> - - <para>For example, shares containing roaming profiles can have - offline caching disabled using <command moreinfo="none">csc policy = disable - </command>.</para> - - <para>Default: <command moreinfo="none">csc policy = manual</command></para> - <para>Example: <command moreinfo="none">csc policy = programs</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/fakeoplocks.xml b/docs/docbook/smbdotconf/locking/fakeoplocks.xml deleted file mode 100644 index 16887726c0..0000000000 --- a/docs/docbook/smbdotconf/locking/fakeoplocks.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FAKEOPLOCKS"/>fake oplocks (S)</term> - <listitem><para>Oplocks are the way that SMB clients get permission - from a server to locally cache file operations. If a server grants - an oplock (opportunistic lock) then the client is free to assume - that it is the only one accessing the file and it will aggressively - cache file data. With some oplock types the client may even cache - file open/close operations. This can give enormous performance benefits. - </para> - - <para>When you set <command moreinfo="none">fake oplocks = yes</command>, <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> will - always grant oplock requests no matter how many clients are using - the file.</para> - - <para>It is generally much better to use the real <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter></link> support rather - than this parameter.</para> - - <para>If you enable this option on all read-only shares or - shares that you know will only be accessed from one client at a - time such as physically read-only media like CDROMs, you will see - a big performance improvement on many operations. If you enable - this option on shares where multiple clients may be accessing the - files read-write at the same time you can get data corruption. Use - this option carefully!</para> - - <para>Default: <command moreinfo="none">fake oplocks = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/kerneloplocks.xml b/docs/docbook/smbdotconf/locking/kerneloplocks.xml deleted file mode 100644 index 98513fdd1e..0000000000 --- a/docs/docbook/smbdotconf/locking/kerneloplocks.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="KERNELOPLOCKS"/>kernel oplocks (G)</term> - <listitem><para>For UNIXes that support kernel based <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter></link> - (currently only IRIX and the Linux 2.4 kernel), this parameter - allows the use of them to be turned on or off.</para> - - <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks - </parameter> to be broken whenever a local UNIX process or NFS operation - accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete - data consistency between SMB/CIFS, NFS and local file access (and is - a <emphasis>very</emphasis> cool feature :-).</para> - - <para>This parameter defaults to <constant>on</constant>, but is translated - to a no-op on systems that no not have the necessary kernel support. - You should never need to touch this parameter.</para> - - <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">level2 oplocks - </parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">kernel oplocks = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/level2oplocks.xml b/docs/docbook/smbdotconf/locking/level2oplocks.xml deleted file mode 100644 index adae6d268f..0000000000 --- a/docs/docbook/smbdotconf/locking/level2oplocks.xml +++ /dev/null @@ -1,39 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LEVEL2OPLOCKS"/>level2 oplocks (S)</term> - <listitem><para>This parameter controls whether Samba supports - level2 (read-only) oplocks on a share.</para> - - <para>Level2, or read-only oplocks allow Windows NT clients - that have an oplock on a file to downgrade from a read-write oplock - to a read-only oplock once a second client opens the file (instead - of releasing all oplocks on a second open, as in traditional, - exclusive oplocks). This allows all openers of the file that - support level2 oplocks to cache the file for read-ahead only (ie. - they may not cache writes or lock requests) and increases performance - for many accesses of files that are not commonly written (such as - application .EXE files).</para> - - <para>Once one of the clients which have a read-only oplock - writes to the file all clients are notified (no reply is needed - or waited for) and told to break their oplocks to "none" and - delete any read-ahead caches.</para> - - <para>It is recommended that this parameter be turned on - to speed access to shared executables.</para> - - <para>For more discussions on level2 oplocks see the CIFS spec.</para> - - <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel - oplocks</parameter></link> are supported then level2 oplocks are - not granted (even if this parameter is set to <constant>yes</constant>). - Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> parameter must be set to <constant>yes</constant> on this share in order for - this parameter to have any effect.</para> - - <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter> - </link> and <link linkend="OPLOCKS"><parameter moreinfo="none">kernel oplocks</parameter> - </link> parameters.</para> - - <para>Default: <command moreinfo="none">level2 oplocks = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/locking.xml b/docs/docbook/smbdotconf/locking/locking.xml deleted file mode 100644 index aa27027a11..0000000000 --- a/docs/docbook/smbdotconf/locking/locking.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKING"/>locking (S)</term> - <listitem><para>This controls whether or not locking will be - performed by the server in response to lock requests from the - client.</para> - - <para>If <command moreinfo="none">locking = no</command>, all lock and unlock - requests will appear to succeed and all lock queries will report - that the file in question is available for locking.</para> - - <para>If <command moreinfo="none">locking = yes</command>, real locking will be performed - by the server.</para> - - <para>This option <emphasis>may</emphasis> be useful for read-only - filesystems which <emphasis>may</emphasis> not need locking (such as - CDROM drives), although setting this parameter of <constant>no</constant> - is not really recommended even in this case.</para> - - <para>Be careful about disabling locking either globally or in a - specific service, as lack of locking may result in data corruption. - You should never need to set this parameter.</para> - - <para>Default: <command moreinfo="none">locking = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml deleted file mode 100644 index 1ee1aab4d4..0000000000 --- a/docs/docbook/smbdotconf/locking/lockspincount.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKSPINCOUNT"/>lock spin count (G)</term> - <listitem><para>This parameter controls the number of times - that smbd should attempt to gain a byte range lock on the - behalf of a client request. Experiments have shown that - Windows 2k servers do not reply with a failure if the lock - could not be immediately granted, but try a few more times - in case the lock could later be aquired. This behavior - is used to support PC database formats such as MS Access - and FoxPro. - </para> - - <para>Default: <command moreinfo="none">lock spin count = 2</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/lockspintime.xml b/docs/docbook/smbdotconf/locking/lockspintime.xml deleted file mode 100644 index 4d3ea1bdc4..0000000000 --- a/docs/docbook/smbdotconf/locking/lockspintime.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKSPINTIME"/>lock spin time (G)</term> - <listitem><para>The time in microseconds that smbd should - pause before attempting to gain a failed lock. See - <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin - count</parameter></link> for more details. - </para> - - <para>Default: <command moreinfo="none">lock spin time = 10</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml deleted file mode 100644 index 5e08200a33..0000000000 --- a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OPLOCKBREAKWAITTIME"/>oplock break wait time (G)</term> - <listitem><para>This is a tuning parameter added due to bugs in - both Windows 9x and WinNT. If Samba responds to a client too - quickly when that client issues an SMB that can cause an oplock - break request, then the network client can fail and not respond - to the break request. This tuning parameter (which is set in milliseconds) - is the amount of time Samba will wait before sending an oplock break - request to such (broken) clients.</para> - - <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> - - <para>Default: <command moreinfo="none">oplock break wait time = 0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml deleted file mode 100644 index fd3b45d0b1..0000000000 --- a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OPLOCKCONTENTIONLIMIT"/>oplock contention limit (S)</term> - <listitem><para>This is a <emphasis>very</emphasis> advanced - <ulink url="smbd.8.html">smbd(8)</ulink> tuning option to - improve the efficiency of the granting of oplocks under multiple - client contention for the same file.</para> - - <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested - if the approximate number of clients contending for an oplock on the same file goes over this - limit. This causes <command moreinfo="none">smbd</command> to behave in a similar - way to Windows NT.</para> - - <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ - AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para> - - <para>Default: <command moreinfo="none">oplock contention limit = 2</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/oplocks.xml b/docs/docbook/smbdotconf/locking/oplocks.xml deleted file mode 100644 index 071786f35c..0000000000 --- a/docs/docbook/smbdotconf/locking/oplocks.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OPLOCKS"/>oplocks (S)</term> - <listitem><para>This boolean option tells <command moreinfo="none">smbd</command> whether to - issue oplocks (opportunistic locks) to file open requests on this - share. The oplock code can dramatically (approx. 30% or more) improve - the speed of access to files on Samba servers. It allows the clients - to aggressively cache files locally and you may want to disable this - option for unreliable network environments (it is turned on by - default in Windows NT Servers). For more information see the file - <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename> - directory.</para> - - <para>Oplocks may be selectively turned off on certain files with a - share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none"> - veto oplock files</parameter></link> parameter. On some systems - oplocks are recognized by the underlying operating system. This - allows data synchronization between all access to oplocked files, - whether it be via Samba or NFS or a local UNIX process. See the - <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para> - - <para>See also the <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel - oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none"> - level2 oplocks</parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">oplocks = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/posixlocking.xml b/docs/docbook/smbdotconf/locking/posixlocking.xml deleted file mode 100644 index 4f2e2d215b..0000000000 --- a/docs/docbook/smbdotconf/locking/posixlocking.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="POSIXLOCKING"/>posix locking (S)</term> - <listitem><para>The <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - daemon maintains an database of file locks obtained by SMB clients. - The default behavior is to map this internal database to POSIX - locks. This means that file locks obtained by SMB clients are - consistent with those seen by POSIX compliant applications accessing - the files via a non-SMB method (e.g. NFS or local file access). - You should never need to disable this parameter.</para> - - <para>Default: <command moreinfo="none">posix locking = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/sharemodes.xml b/docs/docbook/smbdotconf/locking/sharemodes.xml deleted file mode 100644 index c789ed0fb2..0000000000 --- a/docs/docbook/smbdotconf/locking/sharemodes.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHAREMODES"/>share modes (S)</term> - <listitem><para>This enables or disables the honoring of - the <parameter moreinfo="none">share modes</parameter> during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.</para> - - <para>These open modes are not directly supported by UNIX, so - they are simulated using shared memory, or lock files if your - UNIX doesn't support shared memory (almost all do).</para> - - <para>The share modes that are enabled by this option are - <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>, - <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>, - <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>. - </para> - - <para>This option gives full share compatibility and enabled - by default.</para> - - <para>You should <emphasis>NEVER</emphasis> turn this parameter - off as many Windows applications will break if you do so.</para> - - <para>Default: <command moreinfo="none">share modes = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/locking/strictlocking.xml b/docs/docbook/smbdotconf/locking/strictlocking.xml deleted file mode 100644 index b67ae47736..0000000000 --- a/docs/docbook/smbdotconf/locking/strictlocking.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRICTLOCKING"/>strict locking (S)</term> - <listitem><para>This is a boolean that controls the handling of - file locking in the server. When this is set to <constant>yes</constant> - the server will check every read and write access for file locks, and - deny access if locks exist. This can be slow on some systems.</para> - - <para>When strict locking is <constant>no</constant> the server does file - lock checks only when the client explicitly asks for them.</para> - - <para>Well-behaved clients always ask for lock checks when it - is important, so in the vast majority of cases <command moreinfo="none">strict - locking = no</command> is preferable.</para> - - <para>Default: <command moreinfo="none">strict locking = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debughirestimestamp.xml b/docs/docbook/smbdotconf/logging/debughirestimestamp.xml deleted file mode 100644 index a5f40b73ca..0000000000 --- a/docs/docbook/smbdotconf/logging/debughirestimestamp.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGHIRESTIMESTAMP"/>debug hires timestamp (G)</term> - <listitem><para>Sometimes the timestamps in the log messages - are needed with a resolution of higher that seconds, this - boolean parameter adds microsecond resolution to the timestamp - message header when turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command moreinfo="none">debug hires timestamp = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debuglevel.xml b/docs/docbook/smbdotconf/logging/debuglevel.xml deleted file mode 100644 index 99153fa853..0000000000 --- a/docs/docbook/smbdotconf/logging/debuglevel.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGLEVEL"/>debuglevel (G)</term> - <listitem><para>Synonym for <link linkend="LOGLEVEL"><parameter moreinfo="none"> - log level</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debugpid.xml b/docs/docbook/smbdotconf/logging/debugpid.xml deleted file mode 100644 index 829e168412..0000000000 --- a/docs/docbook/smbdotconf/logging/debugpid.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGPID"/>debug pid (G)</term> - <listitem><para>When using only one log file for more then one - forked <ulink url="smbd.8.html">smbd</ulink>-process there may be hard to follow which process - outputs which message. This boolean parameter is adds the process-id - to the timestamp message headers in the logfile when turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command moreinfo="none">debug pid = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debugtimestamp.xml b/docs/docbook/smbdotconf/logging/debugtimestamp.xml deleted file mode 100644 index 1265c1d21b..0000000000 --- a/docs/docbook/smbdotconf/logging/debugtimestamp.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGTIMESTAMP"/>debug timestamp (G)</term> - <listitem><para>Samba debug log messages are timestamped - by default. If you are running at a high <link linkend="DEBUGLEVEL"> - <parameter moreinfo="none">debug level</parameter></link> these timestamps - can be distracting. This boolean parameter allows timestamping - to be turned off.</para> - - <para>Default: <command moreinfo="none">debug timestamp = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/debuguid.xml b/docs/docbook/smbdotconf/logging/debuguid.xml deleted file mode 100644 index 9b0786d6b3..0000000000 --- a/docs/docbook/smbdotconf/logging/debuguid.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEBUGUID"/>debug uid (G)</term> - <listitem><para>Samba is sometimes run as root and sometime - run as the connected user, this boolean parameter inserts the - current euid, egid, uid and gid to the timestamp message headers - in the log file if turned on.</para> - - <para>Note that the parameter <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link> must be on for this to have an - effect.</para> - - <para>Default: <command moreinfo="none">debug uid = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/logfile.xml b/docs/docbook/smbdotconf/logging/logfile.xml deleted file mode 100644 index 6f176ef02b..0000000000 --- a/docs/docbook/smbdotconf/logging/logfile.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGFILE"/>log file (G)</term> - <listitem><para>This option allows you to override the name - of the Samba log file (also known as the debug file).</para> - - <para>This option takes the standard substitutions, allowing - you to have separate log files for each user or machine.</para> - - <para>Example: <command moreinfo="none">log file = /usr/local/samba/var/log.%m - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/loglevel.xml b/docs/docbook/smbdotconf/logging/loglevel.xml deleted file mode 100644 index 610dc96812..0000000000 --- a/docs/docbook/smbdotconf/logging/loglevel.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGLEVEL"/>log level (G)</term> - <listitem><para>The value of the parameter (a astring) allows - the debug level (logging level) to be specified in the - <filename moreinfo="none">smb.conf</filename> file. This parameter has been - extended since the 2.2.x series, now it allow to specify the debug - level for multiple debug classes. This is to give greater - flexibility in the configuration of the system.</para> - - <para>The default will be the log level specified on - the command line or level zero if none was specified.</para> - - <para>Example: <command moreinfo="none">log level = 3 passdb:5 auth:10 winbind:2 - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/maxlogsize.xml b/docs/docbook/smbdotconf/logging/maxlogsize.xml deleted file mode 100644 index 117410b18c..0000000000 --- a/docs/docbook/smbdotconf/logging/maxlogsize.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXLOGSIZE"/>max log size (G)</term> - <listitem><para>This option (an integer in kilobytes) specifies - the max size the log file should grow to. Samba periodically checks - the size and if it is exceeded it will rename the file, adding - a <filename moreinfo="none">.old</filename> extension.</para> - - <para>A size of 0 means no limit.</para> - - <para>Default: <command moreinfo="none">max log size = 5000</command></para> - <para>Example: <command moreinfo="none">max log size = 1000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/syslog.xml b/docs/docbook/smbdotconf/logging/syslog.xml deleted file mode 100644 index ac098e690a..0000000000 --- a/docs/docbook/smbdotconf/logging/syslog.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SYSLOG"/>syslog (G)</term> - <listitem><para>This parameter maps how Samba debug messages - are logged onto the system syslog logging levels. Samba debug - level zero maps onto syslog <constant>LOG_ERR</constant>, debug - level one maps onto <constant>LOG_WARNING</constant>, debug level - two maps onto <constant>LOG_NOTICE</constant>, debug level three - maps onto LOG_INFO. All higher levels are mapped to <constant> - LOG_DEBUG</constant>.</para> - - <para>This parameter sets the threshold for sending messages - to syslog. Only messages with debug level less than this value - will be sent to syslog.</para> - - <para>Default: <command moreinfo="none">syslog = 1</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/syslogonly.xml b/docs/docbook/smbdotconf/logging/syslogonly.xml deleted file mode 100644 index a955306fe0..0000000000 --- a/docs/docbook/smbdotconf/logging/syslogonly.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SYSLOGONLY"/>syslog only (G)</term> - <listitem><para>If this parameter is set then Samba debug - messages are logged into the system syslog only, and not to - the debug log files.</para> - - <para>Default: <command moreinfo="none">syslog only = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logging/timestamplogs.xml b/docs/docbook/smbdotconf/logging/timestamplogs.xml deleted file mode 100644 index 5f5f42d738..0000000000 --- a/docs/docbook/smbdotconf/logging/timestamplogs.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TIMESTAMPLOGS"/>timestamp logs (G)</term> - <listitem><para>Synonym for <link linkend="DEBUGTIMESTAMP"><parameter moreinfo="none"> - debug timestamp</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml deleted file mode 100644 index 89fd9186bb..0000000000 --- a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ABORTSHUTDOWNSCRIPT"/>abort shutdown script (G)</term> - <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> that - should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT"><parameter moreinfo="none">shutdown script</parameter></link>.</para> - - <para>This command will be run as user.</para> - - <para>Default: <emphasis>None</emphasis>.</para> - <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml deleted file mode 100644 index 67441a1645..0000000000 --- a/docs/docbook/smbdotconf/logon/addgroupscript.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="ADDGROUPSCRIPT"/>add group script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a new group is - requested. It will expand any - <parameter moreinfo="none">%g</parameter> to the group name passed. - This script is only useful for installations using the - Windows NT domain administration tools. The script is - free to create a group with an arbitrary name to - circumvent unix group name restrictions. In that case - the script must print the numeric gid of the created - group on stdout. - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml deleted file mode 100644 index fdc69c9490..0000000000 --- a/docs/docbook/smbdotconf/logon/addmachinescript.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDMACHINESCRIPT"/>add machine script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a machine is added - to it's domain using the administrator username and password method. </para> - - <para>This option is only required when using sam back-ends tied to the - Unix uid method of RID calculation such as smbpasswd. This option is only - available in Samba 3.0.</para> - - <para>Default: <command moreinfo="none">add machine script = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml deleted file mode 100644 index 3afea231a5..0000000000 --- a/docs/docbook/smbdotconf/logon/adduserscript.xml +++ /dev/null @@ -1,49 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDUSERSCRIPT"/>add user script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para> - - <para>Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users - <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> - - <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter> - and <parameter moreinfo="none">add user script</parameter> - must be set to a full pathname for a script that will create a UNIX - user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into - the UNIX user name to create.</para> - - <para>When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and - attempts to authenticate the given user with the given password. If the - authentication succeeds then <command moreinfo="none">smbd</command> - attempts to find a UNIX user in the UNIX password database to map the - Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script - </parameter> is set then <command moreinfo="none">smbd</command> will - call the specified script <emphasis>AS ROOT</emphasis>, expanding - any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para> - - <para>If this script successfully creates the user then <command moreinfo="none">smbd - </command> will continue on as though the UNIX user - already existed. In this way, UNIX users are dynamically created to - match existing Windows NT accounts.</para> - - <para>See also <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link>, <link linkend="PASSWORDSERVER"> - <parameter moreinfo="none">password server</parameter></link>, - <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user - script</parameter></link>.</para> - - <para>Default: <command moreinfo="none">add user script = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user - %u</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml deleted file mode 100644 index fe8be5b504..0000000000 --- a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDUSERTOGROUPSCRIPT"/>add user to group script (G)</term> - <listitem><para>Full path to the script that will be called when - a user is added to a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and - any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. - </para> - - <para>Default: <command moreinfo="none">add user to group script = </command></para> - - <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml deleted file mode 100644 index 02c413115a..0000000000 --- a/docs/docbook/smbdotconf/logon/deletegroupscript.xml +++ /dev/null @@ -1,8 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="DELETEGROUPSCRIPT"/>delete group script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted. - It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed. - This script is only useful for installations using the Windows NT domain administration tools. - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml deleted file mode 100644 index bb1c5136c1..0000000000 --- a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEUSERFROMGROUPSCRIPT"/>delete user from group script (G)</term> - <listitem><para>Full path to the script that will be called when - a user is removed from a group using the Windows NT domain administration - tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>. - Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and - any <parameter moreinfo="none">%u</parameter> will be replaced with the user name. - </para> - - <para>Default: <command moreinfo="none">delete user from group script = </command></para> - - <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml deleted file mode 100644 index afb75dbe77..0000000000 --- a/docs/docbook/smbdotconf/logon/deleteuserscript.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEUSERSCRIPT"/>delete user script (G)</term> - <listitem><para>This is the full pathname to a script that will - be run by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when managing users - with remote RPC (NT) tools. - </para> - - <para>This script is called when a remote client removes a user - from the server, normally using 'User Manager for Domains' or - <command moreinfo="none">rpcclient</command>. - </para> - - <para>This script should delete the given UNIX username. - </para> - - <para>Default: <command moreinfo="none">delete user script = <empty string> - </command></para> - <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user - %u</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml deleted file mode 100644 index 9a2f432f7d..0000000000 --- a/docs/docbook/smbdotconf/logon/domainlogons.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOMAINLOGONS"/>domain logons (G)</term> - <listitem><para>If set to <constant>yes</constant>, the Samba server will serve - Windows 95/98 Domain logons for the <link linkend="WORKGROUP"> - <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2 - has limited capability to act as a domain controller for Windows - NT 4 Domains. For more details on setting up this feature see - the Samba-PDC-HOWTO included in the <filename moreinfo="none">htmldocs/</filename> - directory shipped with the source code.</para> - - <para>Default: <command moreinfo="none">domain logons = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml deleted file mode 100644 index d0aa4d7456..0000000000 --- a/docs/docbook/smbdotconf/logon/logondrive.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONDRIVE"/>logon drive (G)</term> - <listitem><para>This parameter specifies the local path to - which the home directory will be connected (see <link linkend="LOGONHOME"><parameter moreinfo="none">logon home</parameter></link>) - and is only used by NT Workstations. </para> - - <para>Note that this option is only useful if Samba is set up as a - logon server.</para> - - <para>Default: <command moreinfo="none">logon drive = z:</command></para> - <para>Example: <command moreinfo="none">logon drive = h:</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml deleted file mode 100644 index ec19c54043..0000000000 --- a/docs/docbook/smbdotconf/logon/logonhome.xml +++ /dev/null @@ -1,40 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONHOME"/>logon home (G)</term> - <listitem><para>This parameter specifies the home directory - location when a Win95/98 or NT Workstation logs into a Samba PDC. - It allows you to do </para> - - <para><prompt moreinfo="none">C:\> </prompt><userinput moreinfo="none">NET USE H: /HOME</userinput> - </para> - - <para>from a command prompt, for example.</para> - - <para>This option takes the standard substitutions, allowing - you to have separate logon scripts for each user or machine.</para> - - <para>This parameter can be used with Win9X workstations to ensure - that roaming profiles are stored in a subdirectory of the user's - home directory. This is done in the following way:</para> - - <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para> - - <para>This tells Samba to return the above string, with - substitutions made when a client requests the info, generally - in a NetUserGetInfo request. Win9X clients truncate the info to - \\server\share when a user does <command moreinfo="none">net use /home</command> - but use the whole string when dealing with profiles.</para> - - <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH"> - <parameter moreinfo="none">logon path</parameter></link> was returned rather than - <parameter moreinfo="none">logon home</parameter>. This broke <command moreinfo="none">net use - /home</command> but allowed profiles outside the home directory. - The current implementation is correct, and can be used for - profiles if you use the above trick.</para> - - <para>This option is only useful if Samba is set up as a logon - server.</para> - - <para>Default: <command moreinfo="none">logon home = "\\%N\%U"</command></para> - <para>Example: <command moreinfo="none">logon home = "\\remote_smb_server\%U"</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml deleted file mode 100644 index 04a2777862..0000000000 --- a/docs/docbook/smbdotconf/logon/logonpath.xml +++ /dev/null @@ -1,45 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONPATH"/>logon path (G)</term> - <listitem><para>This parameter specifies the home directory - where roaming profiles (NTuser.dat etc files for Windows NT) are - stored. Contrary to previous versions of these manual pages, it has - nothing to do with Win 9X roaming profiles. To find out how to - handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME"> - <parameter moreinfo="none">logon home</parameter></link> parameter.</para> - - <para>This option takes the standard substitutions, allowing you - to have separate logon scripts for each user or machine. It also - specifies the directory from which the "Application Data", - (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>, - <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename> - and other folders, and their contents, are loaded and displayed on - your Windows NT client.</para> - - <para>The share and the path must be readable by the user for - the preferences and directories to be loaded onto the Windows NT - client. The share must be writeable when the user logs in for the first - time, in order that the Windows NT client can create the NTuser.dat - and other directories.</para> - - <para>Thereafter, the directories and any of the contents can, - if required, be made read-only. It is not advisable that the - NTuser.dat file be made read-only - rename it to NTuser.man to - achieve the desired effect (a <emphasis>MAN</emphasis>datory - profile). </para> - - <para>Windows clients can sometimes maintain a connection to - the [homes] share, even though there is no user logged in. - Therefore, it is vital that the logon path does not include a - reference to the homes share (i.e. setting this parameter to - \%N\%U\profile_path will cause problems).</para> - - <para>This option takes the standard substitutions, allowing - you to have separate logon scripts for each user or machine.</para> - - <para>Note that this option is only useful if Samba is set up - as a logon server.</para> - - <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para> - <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml deleted file mode 100644 index 842cf927d2..0000000000 --- a/docs/docbook/smbdotconf/logon/logonscript.xml +++ /dev/null @@ -1,39 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOGONSCRIPT"/>logon script (G)</term> - <listitem><para>This parameter specifies the batch file (.bat) or - NT command file (.cmd) to be downloaded and run on a machine when - a user successfully logs in. The file must contain the DOS - style CR/LF line endings. Using a DOS-style editor to create the - file is recommended.</para> - - <para>The script must be a relative path to the [netlogon] - service. If the [netlogon] service specifies a <link linkend="PATH"> - <parameter moreinfo="none">path</parameter></link> of <filename moreinfo="none">/usr/local/samba/netlogon - </filename>, and <command moreinfo="none">logon script = STARTUP.BAT</command>, then - the file that will be downloaded is:</para> - - <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para> - - <para>The contents of the batch file are entirely your choice. A - suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET - /YES</command>, to force every machine to synchronize clocks with - the same time server. Another use would be to add <command moreinfo="none">NET USE - U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none"> - NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> - - <para>Note that it is particularly important not to allow write - access to the [netlogon] share, or to grant users write permission - on the batch files in a secure environment, as this would allow - the batch files to be arbitrarily modified and security to be - breached.</para> - - <para>This option takes the standard substitutions, allowing you - to have separate logon scripts for each user or machine.</para> - - <para>This option is only useful if Samba is set up as a logon - server.</para> - - <para>Default: <emphasis>no logon script defined</emphasis></para> - <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml deleted file mode 100644 index c4b2aa1d92..0000000000 --- a/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"><term><anchor id="SETPRIMARYGROUPSCRIPT"/>set primary group script (G)</term> - <listitem><para>Thanks to the Posix subsystem in NT a - Windows User has a primary group in addition to the - auxiliary groups. This script sets the primary group - in the unix userdatase when an administrator sets the - primary group from the windows user manager or when - fetching a SAM with <command>net rpc - vampire</command>. <parameter>%u</parameter> will be - replaced with the user whose primary group is to be - set. <parameter>%g</parameter> will be replaced with - the group to set. - - <para>Default: <emphasis>No default value</emphasis></para> - - <para>Example: <command>set primary group script = /usr/sbin/usermod -g '%g' '%u'</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml deleted file mode 100644 index ac286393b5..0000000000 --- a/docs/docbook/smbdotconf/logon/shutdownscript.xml +++ /dev/null @@ -1,42 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHUTDOWNSCRIPT"/>shutdown script (G)</term> - <listitem><para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis> - This a full path name to a script called by - <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> that - should start a shutdown procedure.</para> - - <para>This command will be run as the user connected to the - server.</para> - - <para>%m %t %r %f parameters are expanded</para> - <para><parameter moreinfo="none">%m</parameter> will be substituted with the - shutdown message sent to the server.</para> - <para><parameter moreinfo="none">%t</parameter> will be substituted with the - number of seconds to wait before effectively starting the - shutdown procedure.</para> - <para><parameter moreinfo="none">%r</parameter> will be substituted with the - switch <emphasis>-r</emphasis>. It means reboot after shutdown - for NT. - </para> - <para><parameter moreinfo="none">%f</parameter> will be substituted with the - switch <emphasis>-f</emphasis>. It means force the shutdown - even if applications do not respond for NT.</para> - - <para>Default: <emphasis>None</emphasis>.</para> - <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para> - <para>Shutdown script example: -<programlisting format="linespecific"> -#!/bin/bash - -$time=0 -let "time/60" -let "time++" - -/sbin/shutdown $3 $4 +$time $1 & -</programlisting> - Shutdown does not return so we need to launch it in background. - </para> - - <para>See also <link linkend="ABORTSHUTDOWNSCRIPT"><parameter moreinfo="none">abort shutdown script</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/man.xsl b/docs/docbook/smbdotconf/man.xsl deleted file mode 100644 index a7ae76bbd8..0000000000 --- a/docs/docbook/smbdotconf/man.xsl +++ /dev/null @@ -1,159 +0,0 @@ -<?xml version='1.0'?> -<!-- vim:set sts=2 shiftwidth=2 syntax=xml: --> -<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" - version='1.0'> - -<xsl:import href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"/> - -<xsl:param name="chunk.section.depth" select="0"/> -<xsl:param name="chunk.first.sections" select="1"/> -<xsl:param name="use.id.as.filename" select="1"/> -<xsl:param name="base.dir" select="'../../manpages/'"/> - -<!-- - Our ulink stylesheet omits @url part if content was specified ---> -<xsl:template match="ulink"> - <xsl:variable name="content"> - <xsl:apply-templates/> - </xsl:variable> - <xsl:if test="$content = ''"> - <xsl:text>: </xsl:text> - </xsl:if> - <xsl:if test="$content != ''"> - <xsl:value-of select="$content" /> - </xsl:if> - <xsl:if test="$content = ''"> - <xsl:apply-templates mode="italic" select="@url" /> - </xsl:if> -</xsl:template> - -<xsl:template match="refentry"> - - <xsl:variable name="section" select="refmeta/manvolnum"/> - <xsl:variable name="name" select="refnamediv/refname[1]"/> - <xsl:variable name="base.dir" select="$base.dir"/> - <!-- standard man page width is 64 chars; 6 chars needed for the two - (x) volume numbers, and 2 spaces, leaves 56 --> - <xsl:variable name="twidth" select="(74 - string-length(refmeta/refentrytitle)) div 2"/> - - <xsl:variable name="reftitle" - select="substring(refmeta/refentrytitle, 1, $twidth)"/> - - <xsl:variable name="title"> - <xsl:choose> - <xsl:when test="refentryinfo/title"> - <xsl:value-of select="refentryinfo/title"/> - </xsl:when> - <xsl:when test="../referenceinfo/title"> - <xsl:value-of select="../referenceinfo/title"/> - </xsl:when> - </xsl:choose> - </xsl:variable> - - <xsl:variable name="date"> - <xsl:choose> - <xsl:when test="refentryinfo/date"> - <xsl:value-of select="refentryinfo/date"/> - </xsl:when> - <xsl:when test="../referenceinfo/date"> - <xsl:value-of select="../referenceinfo/date"/> - </xsl:when> - </xsl:choose> - </xsl:variable> - - <xsl:variable name="productname"> - <xsl:choose> - <xsl:when test="refentryinfo/productname"> - <xsl:value-of select="refentryinfo/productname"/> - </xsl:when> - <xsl:when test="../referenceinfo/productname"> - <xsl:value-of select="../referenceinfo/productname"/> - </xsl:when> - </xsl:choose> - </xsl:variable> - - <xsl:call-template name="write.text.chunk"> - <xsl:with-param name="filename" - select="concat($base.dir, normalize-space ($name), '.', $section)"/> - <xsl:with-param name="content"> - <xsl:text>.\"Generated by db2man.xsl. Don't modify this, modify the source. -.de Sh \" Subsection -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. -.de Sp \" Vertical space (when we can't use .PP) -.if t .sp .5v -.if n .sp -.. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. -.TH "</xsl:text> - <xsl:value-of select="translate($reftitle,'abcdefghijklmnopqrstuvwxyz', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/> - <xsl:text>" </xsl:text> - <xsl:value-of select="refmeta/manvolnum[1]"/> - <xsl:text> "</xsl:text> - <xsl:value-of select="normalize-space($date)"/> - <xsl:text>" "</xsl:text> - <xsl:value-of select="normalize-space($productname)"/> - <xsl:text>" "</xsl:text> - <xsl:value-of select="$title"/> - <xsl:text>" -</xsl:text> - <xsl:apply-templates/> - <xsl:text> </xsl:text> - - <!-- Author section --> - <xsl:choose> - <xsl:when test="refentryinfo//author"> - <xsl:apply-templates select="refentryinfo" mode="authorsect"/> - </xsl:when> - </xsl:choose> - </xsl:with-param> - </xsl:call-template> -</xsl:template> - -<xsl:template match="informalexample|screen|programlisting"> - <xsl:text>.nf </xsl:text> - <xsl:apply-templates/> - <xsl:text>.fi </xsl:text> -</xsl:template> - -<xsl:template match="//emphasis"> - <xsl:text>\fB</xsl:text> - <xsl:apply-templates/> - <xsl:text>\fR</xsl:text> -</xsl:template> - -<xsl:template match="para|simpara|remark" mode="list"> - <xsl:variable name="foo"> - <xsl:apply-templates/> - </xsl:variable> - <xsl:choose match="node()"> - <!-- Don't normalize-space() for verbatim paragraphs --> - <xsl:when test="informalexample|screen|programlisting"> - <xsl:value-of select="$foo"/> - </xsl:when> - <xsl:otherwise> - <xsl:value-of select="normalize-space($foo)"/> - <xsl:text> </xsl:text> - </xsl:otherwise> - </xsl:choose> - <xsl:text> </xsl:text> - <xsl:if test="following-sibling::para or following-sibling::simpara or - following-sibling::remark"> - <!-- Make sure multiple paragraphs within a list item don't --> - <!-- merge together. --> - <xsl:text> </xsl:text> - </xsl:if> -</xsl:template> - -</xsl:stylesheet> diff --git a/docs/docbook/smbdotconf/misc/addsharecommand.xml b/docs/docbook/smbdotconf/misc/addsharecommand.xml deleted file mode 100644 index 233d3e7dc4..0000000000 --- a/docs/docbook/smbdotconf/misc/addsharecommand.xml +++ /dev/null @@ -1,51 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDSHARECOMMAND"/>add share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter moreinfo="none">add share command</parameter> is used to define an - external program or script which will add a new service definition - to <filename moreinfo="none">smb.conf</filename>. In order to successfully - execute the <parameter moreinfo="none">add share command</parameter>, <command moreinfo="none">smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command moreinfo="none">smbd</command> will automatically invoke the - <parameter moreinfo="none">add share command</parameter> with four parameters. - </para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">configFile</parameter> - the location - of the global <filename moreinfo="none">smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter moreinfo="none">shareName</parameter> - the name of the new - share. - </para></listitem> - - <listitem><para><parameter moreinfo="none">pathName</parameter> - path to an **existing** - directory on disk. - </para></listitem> - - <listitem><para><parameter moreinfo="none">comment</parameter> - comment string to associate - with the new share. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used for add file shares. To add printer shares, - see the <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter - command</parameter></link>. - </para> - - <para> - See also <link linkend="CHANGESHARECOMMAND"><parameter moreinfo="none">change share - command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter moreinfo="none">delete share - command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">add share command = /usr/local/bin/addshare</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/autoservices.xml b/docs/docbook/smbdotconf/misc/autoservices.xml deleted file mode 100644 index d137f650f8..0000000000 --- a/docs/docbook/smbdotconf/misc/autoservices.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="AUTOSERVICES"/>auto services (G)</term> - <listitem><para>This is a synonym for the <link linkend="PRELOAD"> - <parameter moreinfo="none">preload</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/available.xml b/docs/docbook/smbdotconf/misc/available.xml deleted file mode 100644 index 025c1c06fb..0000000000 --- a/docs/docbook/smbdotconf/misc/available.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="AVAILABLE"/>available (S)</term> - <listitem><para>This parameter lets you "turn off" a service. If - <parameter moreinfo="none">available = no</parameter>, then <emphasis>ALL</emphasis> - attempts to connect to the service will fail. Such failures are - logged.</para> - - <para>Default: <command moreinfo="none">available = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/changesharecommand.xml b/docs/docbook/smbdotconf/misc/changesharecommand.xml deleted file mode 100644 index 3fb494c513..0000000000 --- a/docs/docbook/smbdotconf/misc/changesharecommand.xml +++ /dev/null @@ -1,50 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CHANGESHARECOMMAND"/>change share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter moreinfo="none">change share command</parameter> is used to define an - external program or script which will modify an existing service definition - in <filename moreinfo="none">smb.conf</filename>. In order to successfully - execute the <parameter moreinfo="none">change share command</parameter>, <command moreinfo="none">smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command moreinfo="none">smbd</command> will automatically invoke the - <parameter moreinfo="none">change share command</parameter> with four parameters. - </para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">configFile</parameter> - the location - of the global <filename moreinfo="none">smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter moreinfo="none">shareName</parameter> - the name of the new - share. - </para></listitem> - - <listitem><para><parameter moreinfo="none">pathName</parameter> - path to an **existing** - directory on disk. - </para></listitem> - - <listitem><para><parameter moreinfo="none">comment</parameter> - comment string to associate - with the new share. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used modify existing file shares definitions. To modify - printer shares, use the "Printers..." folder as seen when browsing the Samba host. - </para> - - <para> - See also <link linkend="ADDSHARECOMMAND"><parameter moreinfo="none">add share - command</parameter></link>, <link linkend="DELETESHARECOMMAND"><parameter moreinfo="none">delete - share command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">change share command = /usr/local/bin/addshare</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/configfile.xml b/docs/docbook/smbdotconf/misc/configfile.xml deleted file mode 100644 index 3edf611b55..0000000000 --- a/docs/docbook/smbdotconf/misc/configfile.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CONFIGFILE"/>config file (G)</term> - <listitem><para>This allows you to override the config file - to use, instead of the default (usually <filename moreinfo="none">smb.conf</filename>). - There is a chicken and egg problem here as this option is set - in the config file!</para> - - <para>For this reason, if the name of the config file has changed - when the parameters are loaded then it will reload them from - the new config file.</para> - - <para>This option takes the usual substitutions, which can - be very useful.</para> - - <para>If the config file doesn't exist then it won't be loaded - (allowing you to special case the config files of just a few - clients).</para> - - <para>Example: <command moreinfo="none">config file = /usr/local/samba/lib/smb.conf.%m - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/copy.xml b/docs/docbook/smbdotconf/misc/copy.xml deleted file mode 100644 index a7945af8ae..0000000000 --- a/docs/docbook/smbdotconf/misc/copy.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="COPY"/>copy (S)</term> - <listitem><para>This parameter allows you to "clone" service - entries. The specified service is simply duplicated under the - current service's name. Any parameters specified in the current - section will override those in the section being copied.</para> - - <para>This feature lets you set up a 'template' service and - create similar services easily. Note that the service being - copied must occur earlier in the configuration file than the - service doing the copying.</para> - - <para>Default: <emphasis>no value</emphasis></para> - <para>Example: <command moreinfo="none">copy = otherservice</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/default.xml b/docs/docbook/smbdotconf/misc/default.xml deleted file mode 100644 index c396d1947b..0000000000 --- a/docs/docbook/smbdotconf/misc/default.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULT"/>default (G)</term> - <listitem><para>A synonym for <link linkend="DEFAULTSERVICE"><parameter moreinfo="none"> - default service</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/defaultservice.xml b/docs/docbook/smbdotconf/misc/defaultservice.xml deleted file mode 100644 index 7aeedb177a..0000000000 --- a/docs/docbook/smbdotconf/misc/defaultservice.xml +++ /dev/null @@ -1,36 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULTSERVICE"/>default service (G)</term> - <listitem><para>This parameter specifies the name of a service - which will be connected to if the service actually requested cannot - be found. Note that the square brackets are <emphasis>NOT</emphasis> - given in the parameter value (see example below).</para> - - <para>There is no default value for this parameter. If this - parameter is not given, attempting to connect to a nonexistent - service results in an error.</para> - - <para>Typically the default service would be a <link linkend="GUESTOK"> - <parameter moreinfo="none">guest ok</parameter></link>, <link linkend="READONLY"> - <parameter moreinfo="none">read-only</parameter></link> service.</para> - - <para>Also note that the apparent service name will be changed - to equal that of the requested service, this is very useful as it - allows you to use macros like <parameter moreinfo="none">%S</parameter> to make - a wildcard service.</para> - - <para>Note also that any "_" characters in the name of the service - used in the default service will get mapped to a "/". This allows for - interesting things.</para> - - - <para>Example:</para> - -<para><programlisting format="linespecific"> -[global] - default service = pub - -[pub] - path = /%S -</programlisting></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/deletereadonly.xml b/docs/docbook/smbdotconf/misc/deletereadonly.xml deleted file mode 100644 index 8e86b5b00b..0000000000 --- a/docs/docbook/smbdotconf/misc/deletereadonly.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEREADONLY"/>delete readonly (S)</term> - <listitem><para>This parameter allows readonly files to be deleted. - This is not normal DOS semantics, but is allowed by UNIX.</para> - - <para>This option may be useful for running applications such - as rcs, where UNIX file ownership prevents changing file - permissions, and DOS semantics prevent deletion of a read only file.</para> - - <para>Default: <command moreinfo="none">delete readonly = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/deletesharecommand.xml b/docs/docbook/smbdotconf/misc/deletesharecommand.xml deleted file mode 100644 index c3481c86ec..0000000000 --- a/docs/docbook/smbdotconf/misc/deletesharecommand.xml +++ /dev/null @@ -1,44 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETESHARECOMMAND"/>delete share command (G)</term> - <listitem><para>Samba 2.2.0 introduced the ability to dynamically - add and delete shares via the Windows NT 4.0 Server Manager. The - <parameter moreinfo="none">delete share command</parameter> is used to define an - external program or script which will remove an existing service - definition from <filename moreinfo="none">smb.conf</filename>. In order to successfully - execute the <parameter moreinfo="none">delete share command</parameter>, <command moreinfo="none">smbd</command> - requires that the administrator be connected using a root account (i.e. - uid == 0). - </para> - - <para> - When executed, <command moreinfo="none">smbd</command> will automatically invoke the - <parameter moreinfo="none">delete share command</parameter> with two parameters. - </para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">configFile</parameter> - the location - of the global <filename moreinfo="none">smb.conf</filename> file. - </para></listitem> - - <listitem><para><parameter moreinfo="none">shareName</parameter> - the name of - the existing service. - </para></listitem> - </itemizedlist> - - <para> - This parameter is only used to remove file shares. To delete printer shares, - see the <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none">deleteprinter - command</parameter></link>. - </para> - - <para> - See also <link linkend="ADDSHARECOMMAND"><parameter moreinfo="none">add share - command</parameter></link>, <link linkend="CHANGESHARECOMMAND"><parameter moreinfo="none">change - share command</parameter></link>. - </para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">delete share command = /usr/local/bin/delshare</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dfreecommand.xml b/docs/docbook/smbdotconf/misc/dfreecommand.xml deleted file mode 100644 index c71ec8e00b..0000000000 --- a/docs/docbook/smbdotconf/misc/dfreecommand.xml +++ /dev/null @@ -1,50 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DFREECOMMAND"/>dfree command (G)</term> - <listitem><para>The <parameter moreinfo="none">dfree command</parameter> setting should - only be used on systems where a problem occurs with the internal - disk space calculations. This has been known to happen with Ultrix, - but may occur with other operating systems. The symptom that was - seen was an error of "Abort Retry Ignore" at the end of each - directory listing.</para> - - <para>This setting allows the replacement of the internal routines to - calculate the total disk space and amount available with an external - routine. The example below gives a possible script that might fulfill - this function.</para> - - <para>The external program will be passed a single parameter indicating - a directory in the filesystem being queried. This will typically consist - of the string <filename moreinfo="none">./</filename>. The script should return two - integers in ASCII. The first should be the total disk space in blocks, - and the second should be the number of available blocks. An optional - third return value can give the block size in bytes. The default - blocksize is 1024 bytes.</para> - - <para>Note: Your script should <emphasis>NOT</emphasis> be setuid or - setgid and should be owned by (and writeable only by) root!</para> - - <para>Default: <emphasis>By default internal routines for - determining the disk capacity and remaining space will be used. - </emphasis></para> - - <para>Example: <command moreinfo="none">dfree command = /usr/local/samba/bin/dfree - </command></para> - - <para>Where the script dfree (which must be made executable) could be:</para> - -<para><programlisting format="linespecific"> -#!/bin/sh -df $1 | tail -1 | awk '{print $2" "$4}' -</programlisting></para> - - <para>or perhaps (on Sys V based systems):</para> - -<para><programlisting format="linespecific"> -#!/bin/sh -/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' -</programlisting></para> - - <para>Note that you may have to replace the command names - with full path names on some systems.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dontdescend.xml b/docs/docbook/smbdotconf/misc/dontdescend.xml deleted file mode 100644 index 8136f293df..0000000000 --- a/docs/docbook/smbdotconf/misc/dontdescend.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DONTDESCEND"/>dont descend (S)</term> - <listitem><para>There are certain directories on some systems - (e.g., the <filename moreinfo="none">/proc</filename> tree under Linux) that are either not - of interest to clients or are infinitely deep (recursive). This - parameter allows you to specify a comma-delimited list of directories - that the server should always show as empty.</para> - - <para>Note that Samba can be very fussy about the exact format - of the "dont descend" entries. For example you may need <filename moreinfo="none"> - ./proc</filename> instead of just <filename moreinfo="none">/proc</filename>. - Experimentation is the best policy :-) </para> - - <para>Default: <emphasis>none (i.e., all directories are OK - to descend)</emphasis></para> - <para>Example: <command moreinfo="none">dont descend = /proc,/dev</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dosfilemode.xml b/docs/docbook/smbdotconf/misc/dosfilemode.xml deleted file mode 100644 index e8aec3b78d..0000000000 --- a/docs/docbook/smbdotconf/misc/dosfilemode.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOSFILEMODE"/>dos filemode (S)</term> - <listitem><para> The default behavior in Samba is to provide - UNIX-like behavior where only the owner of a file/directory is - able to change the permissions on it. However, this behavior - is often confusing to DOS/Windows users. Enabling this parameter - allows a user who has write access to the file (by whatever - means) to modify the permissions on it. Note that a user - belonging to the group owning the file will not be allowed to - change permissions if the group is only granted read access. - Ownership of the file/directory is not changed, only the permissions - are modified.</para> - - <para>Default: <command moreinfo="none">dos filemode = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dosfiletimeresolution.xml b/docs/docbook/smbdotconf/misc/dosfiletimeresolution.xml deleted file mode 100644 index bc82582c87..0000000000 --- a/docs/docbook/smbdotconf/misc/dosfiletimeresolution.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOSFILETIMERESOLUTION"/>dos filetime resolution (S)</term> - <listitem><para>Under the DOS and Windows FAT filesystem, the finest - granularity on time resolution is two seconds. Setting this parameter - for a share causes Samba to round the reported time down to the - nearest two second boundary when a query call that requires one second - resolution is made to <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>This option is mainly used as a compatibility option for Visual - C++ when used against Samba shares. If oplocks are enabled on a - share, Visual C++ uses two different time reading calls to check if a - file has changed since it was last read. One of these calls uses a - one-second granularity, the other uses a two second granularity. As - the two second call rounds any odd second down, then if the file has a - timestamp of an odd number of seconds then the two timestamps will not - match and Visual C++ will keep reporting the file has changed. Setting - this option causes the two timestamps to match, and Visual C++ is - happy.</para> - - <para>Default: <command moreinfo="none">dos filetime resolution = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/dosfiletimes.xml b/docs/docbook/smbdotconf/misc/dosfiletimes.xml deleted file mode 100644 index d9b9f3b08b..0000000000 --- a/docs/docbook/smbdotconf/misc/dosfiletimes.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DOSFILETIMES"/>dos filetimes (S)</term> - <listitem><para>Under DOS and Windows, if a user can write to a - file they can change the timestamp on it. Under POSIX semantics, - only the owner of the file or root may change the timestamp. By - default, Samba runs with POSIX semantics and refuses to change the - timestamp on a file if the user <command moreinfo="none">smbd</command> is acting - on behalf of is not the file owner. Setting this option to <constant> - yes</constant> allows DOS semantics and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will change the file - timestamp as DOS requires.</para> - - <para>Default: <command moreinfo="none">dos filetimes = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/exec.xml b/docs/docbook/smbdotconf/misc/exec.xml deleted file mode 100644 index 34963c90b2..0000000000 --- a/docs/docbook/smbdotconf/misc/exec.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="EXEC"/>exec (S)</term> - <listitem><para>This is a synonym for <link linkend="PREEXEC"> - <parameter moreinfo="none">preexec</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/fakedirectorycreatetimes.xml b/docs/docbook/smbdotconf/misc/fakedirectorycreatetimes.xml deleted file mode 100644 index 81773606ee..0000000000 --- a/docs/docbook/smbdotconf/misc/fakedirectorycreatetimes.xml +++ /dev/null @@ -1,31 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FAKEDIRECTORYCREATETIMES"/>fake directory create times (S)</term> - <listitem><para>NTFS and Windows VFAT file systems keep a create - time for all files and directories. This is not the same as the - ctime - status change time - that Unix keeps, so Samba by default - reports the earliest of the various times Unix does keep. Setting - this parameter for a share causes Samba to always report midnight - 1-1-1980 as the create time for directories.</para> - - <para>This option is mainly used as a compatibility option for - Visual C++ when used against Samba shares. Visual C++ generated - makefiles have the object directory as a dependency for each object - file, and a make rule to create the directory. Also, when NMAKE - compares timestamps it uses the creation time when examining a - directory. Thus the object directory will be created if it does not - exist, but once it does exist it will always have an earlier - timestamp than the object files it contains.</para> - - <para>However, Unix time semantics mean that the create time - reported by Samba will be updated whenever a file is created or - or deleted in the directory. NMAKE finds all object files in - the object directory. The timestamp of the last one built is then - compared to the timestamp of the object directory. If the - directory's timestamp if newer, then all object files - will be rebuilt. Enabling this option - ensures directories always predate their contents and an NMAKE build - will proceed as expected.</para> - - <para>Default: <command moreinfo="none">fake directory create times = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/followsymlinks.xml b/docs/docbook/smbdotconf/misc/followsymlinks.xml deleted file mode 100644 index 88526da320..0000000000 --- a/docs/docbook/smbdotconf/misc/followsymlinks.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FOLLOWSYMLINKS"/>follow symlinks (S)</term> - <listitem><para>This parameter allows the Samba administrator - to stop <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> from following symbolic - links in a particular share. Setting this - parameter to <constant>no</constant> prevents any file or directory - that is a symbolic link from being followed (the user will get an - error). This option is very useful to stop users from adding a - symbolic link to <filename moreinfo="none">/etc/passwd</filename> in their home - directory for instance. However it will slow filename lookups - down slightly.</para> - - <para>This option is enabled (i.e. <command moreinfo="none">smbd</command> will - follow symbolic links) by default.</para> - - <para>Default: <command moreinfo="none">follow symlinks = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/fstype.xml b/docs/docbook/smbdotconf/misc/fstype.xml deleted file mode 100644 index 566bccb465..0000000000 --- a/docs/docbook/smbdotconf/misc/fstype.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FSTYPE"/>fstype (S)</term> - <listitem><para>This parameter allows the administrator to - configure the string that specifies the type of filesystem a share - is using that is reported by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when a client queries the filesystem type - for a share. The default type is <constant>NTFS</constant> for - compatibility with Windows NT but this can be changed to other - strings such as <constant>Samba</constant> or <constant>FAT - </constant> if required.</para> - - <para>Default: <command moreinfo="none">fstype = NTFS</command></para> - <para>Example: <command moreinfo="none">fstype = Samba</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/hidelocalusers.xml b/docs/docbook/smbdotconf/misc/hidelocalusers.xml deleted file mode 100644 index d0468ead6b..0000000000 --- a/docs/docbook/smbdotconf/misc/hidelocalusers.xml +++ /dev/null @@ -1,7 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HIDELOCALUSERS"/>hide local users(G)</term> - <listitem><para>This parameter toggles the hiding of local UNIX - users (root, wheel, floppy, etc) from remote clients.</para> - - <para>Default: <command moreinfo="none">hide local users = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/homedirmap.xml b/docs/docbook/smbdotconf/misc/homedirmap.xml deleted file mode 100644 index 41e6ca5ea1..0000000000 --- a/docs/docbook/smbdotconf/misc/homedirmap.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOMEDIRMAP"/>homedir map (G)</term> - <listitem><para>If<link linkend="NISHOMEDIR"><parameter moreinfo="none">nis homedir - </parameter></link> is <constant>yes</constant>, and <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> is also acting - as a Win95/98 <parameter moreinfo="none">logon server</parameter> then this parameter - specifies the NIS (or YP) map from which the server for the user's - home directory should be extracted. At present, only the Sun - auto.home map format is understood. The form of the map is:</para> - - <para><command moreinfo="none">username server:/some/file/system</command></para> - - <para>and the program will extract the servername from before - the first ':'. There should probably be a better parsing system - that copes with different map formats and also Amd (another - automounter) maps.</para> - - <note><para>A working NIS client is required on - the system for this option to work.</para></note> - - <para>See also <link linkend="NISHOMEDIR"><parameter moreinfo="none">nis homedir</parameter> - </link>, <link linkend="DOMAINLOGONS"><parameter moreinfo="none">domain logons</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">homedir map = <empty string></command></para> - <para>Example: <command moreinfo="none">homedir map = amd.homedir</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/include.xml b/docs/docbook/smbdotconf/misc/include.xml deleted file mode 100644 index 81230d4357..0000000000 --- a/docs/docbook/smbdotconf/misc/include.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INCLUDE"/>include (G)</term> - <listitem><para>This allows you to include one config file - inside another. The file is included literally, as though typed - in place.</para> - - <para>It takes the standard substitutions, except <parameter moreinfo="none">%u - </parameter>, <parameter moreinfo="none">%P</parameter> and <parameter moreinfo="none">%S</parameter>. - </para> - - <para>Default: <emphasis>no file included</emphasis></para> - <para>Example: <command moreinfo="none">include = /usr/local/samba/lib/admin_smb.conf - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/lockdir.xml b/docs/docbook/smbdotconf/misc/lockdir.xml deleted file mode 100644 index 2c29b9b61c..0000000000 --- a/docs/docbook/smbdotconf/misc/lockdir.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKDIR"/>lock dir (G)</term> - <listitem><para>Synonym for <link linkend="LOCKDIRECTORY"><parameter moreinfo="none"> - lock directory</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/lockdirectory.xml b/docs/docbook/smbdotconf/misc/lockdirectory.xml deleted file mode 100644 index 7945f19864..0000000000 --- a/docs/docbook/smbdotconf/misc/lockdirectory.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOCKDIRECTORY"/>lock directory (G)</term> - <listitem><para>This option specifies the directory where lock - files will be placed. The lock files are used to implement the - <link linkend="MAXCONNECTIONS"><parameter moreinfo="none">max connections</parameter> - </link> option.</para> - - <para>Default: <command moreinfo="none">lock directory = ${prefix}/var/locks</command></para> - <para>Example: <command moreinfo="none">lock directory = /var/run/samba/locks</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/magicoutput.xml b/docs/docbook/smbdotconf/misc/magicoutput.xml deleted file mode 100644 index 8208d5bd4c..0000000000 --- a/docs/docbook/smbdotconf/misc/magicoutput.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAGICOUTPUT"/>magic output (S)</term> - <listitem><para>This parameter specifies the name of a file - which will contain output created by a magic script (see the - <link linkend="MAGICSCRIPT"><parameter moreinfo="none">magic script</parameter></link> - parameter below).</para> - - <para>Warning: If two clients use the same <parameter moreinfo="none">magic script - </parameter> in the same directory the output file content - is undefined.</para> - - <para>Default: <command moreinfo="none">magic output = <magic script name>.out - </command></para> - - <para>Example: <command moreinfo="none">magic output = myfile.txt</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/magicscript.xml b/docs/docbook/smbdotconf/misc/magicscript.xml deleted file mode 100644 index 73abb50fc5..0000000000 --- a/docs/docbook/smbdotconf/misc/magicscript.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAGICSCRIPT"/>magic script (S)</term> - <listitem><para>This parameter specifies the name of a file which, - if opened, will be executed by the server when the file is closed. - This allows a UNIX script to be sent to the Samba host and - executed on behalf of the connected user.</para> - - <para>Scripts executed in this way will be deleted upon - completion assuming that the user has the appropriate level - of privilege and the file permissions allow the deletion.</para> - - <para>If the script generates output, output will be sent to - the file specified by the <link linkend="MAGICOUTPUT"><parameter moreinfo="none"> - magic output</parameter></link> parameter (see above).</para> - - <para>Note that some shells are unable to interpret scripts - containing CR/LF instead of CR as - the end-of-line marker. Magic scripts must be executable - <emphasis>as is</emphasis> on the host, which for some hosts and - some shells will require filtering at the DOS end.</para> - - <para>Magic scripts are <emphasis>EXPERIMENTAL</emphasis> and - should <emphasis>NOT</emphasis> be relied upon.</para> - - <para>Default: <emphasis>None. Magic scripts disabled.</emphasis></para> - <para>Example: <command moreinfo="none">magic script = user.csh</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/messagecommand.xml b/docs/docbook/smbdotconf/misc/messagecommand.xml deleted file mode 100644 index 199fab5610..0000000000 --- a/docs/docbook/smbdotconf/misc/messagecommand.xml +++ /dev/null @@ -1,65 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MESSAGECOMMAND"/>message command (G)</term> - <listitem><para>This specifies what command to run when the - server receives a WinPopup style message.</para> - - <para>This would normally be a command that would - deliver the message somehow. How this is to be done is - up to your imagination.</para> - - <para>An example is:</para> - - <para><command moreinfo="none">message command = csh -c 'xedit %s;rm %s' &</command> - </para> - - <para>This delivers the message using <command moreinfo="none">xedit</command>, then - removes it afterwards. <emphasis>NOTE THAT IT IS VERY IMPORTANT - THAT THIS COMMAND RETURN IMMEDIATELY</emphasis>. That's why I - have the '&' on the end. If it doesn't return immediately then - your PCs may freeze when sending messages (they should recover - after 30 seconds, hopefully).</para> - - <para>All messages are delivered as the global guest user. - The command takes the standard substitutions, although <parameter moreinfo="none"> - %u</parameter> won't work (<parameter moreinfo="none">%U</parameter> may be better - in this case).</para> - - <para>Apart from the standard substitutions, some additional - ones apply. In particular:</para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">%s</parameter> = the filename containing - the message.</para></listitem> - - <listitem><para><parameter moreinfo="none">%t</parameter> = the destination that - the message was sent to (probably the server name).</para></listitem> - - <listitem><para><parameter moreinfo="none">%f</parameter> = who the message - is from.</para></listitem> - </itemizedlist> - - <para>You could make this command send mail, or whatever else - takes your fancy. Please let us know of any really interesting - ideas you have.</para> - - - <para>Here's a way of sending the messages as mail to root:</para> - - <para><command moreinfo="none">message command = /bin/mail -s 'message from %f on - %m' root < %s; rm %s</command></para> - - <para>If you don't have a message command then the message - won't be delivered and Samba will tell the sender there was - an error. Unfortunately WfWg totally ignores the error code - and carries on regardless, saying that the message was delivered. - </para> - - <para>If you want to silently delete it then try:</para> - - <para><command moreinfo="none">message command = rm %s</command></para> - - <para>Default: <emphasis>no message command</emphasis></para> - <para>Example: <command moreinfo="none">message command = csh -c 'xedit %s; - rm %s' &</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/nishomedir.xml b/docs/docbook/smbdotconf/misc/nishomedir.xml deleted file mode 100644 index 5a2980d4fd..0000000000 --- a/docs/docbook/smbdotconf/misc/nishomedir.xml +++ /dev/null @@ -1,30 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NISHOMEDIR"/>nis homedir (G)</term> - <listitem><para>Get the home share server from a NIS map. For - UNIX systems that use an automounter, the user's home directory - will often be mounted on a workstation on demand from a remote - server. </para> - - <para>When the Samba logon server is not the actual home directory - server, but is mounting the home directories via NFS then two - network hops would be required to access the users home directory - if the logon server told the client to use itself as the SMB server - for home directories (one over SMB and one over NFS). This can - be very slow.</para> - - <para>This option allows Samba to return the home share as - being on a different server to the logon server and as - long as a Samba daemon is running on the home directory server, - it will be mounted on the Samba client directly from the directory - server. When Samba is returning the home share to the client, it - will consult the NIS map specified in <link linkend="HOMEDIRMAP"> - <parameter moreinfo="none">homedir map</parameter></link> and return the server - listed there.</para> - - <para>Note that for this option to work there must be a working - NIS system and the Samba server with this option must also - be a logon server.</para> - - <para>Default: <command moreinfo="none">nis homedir = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/panicaction.xml b/docs/docbook/smbdotconf/misc/panicaction.xml deleted file mode 100644 index 6de37c2c17..0000000000 --- a/docs/docbook/smbdotconf/misc/panicaction.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PANICACTION"/>panic action (G)</term> - <listitem><para>This is a Samba developer option that allows a - system command to be called when either <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> or <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> crashes. This is usually used to - draw attention to the fact that a problem occurred.</para> - - <para>Default: <command moreinfo="none">panic action = <empty string></command></para> - <para>Example: <command moreinfo="none">panic action = "/bin/sleep 90000"</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/piddirectory.xml b/docs/docbook/smbdotconf/misc/piddirectory.xml deleted file mode 100644 index 81c1b13e75..0000000000 --- a/docs/docbook/smbdotconf/misc/piddirectory.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PIDDIRECTORY"/>pid directory (G)</term> - <listitem><para>This option specifies the directory where pid - files will be placed. </para> - - <para>Default: <command moreinfo="none">pid directory = ${prefix}/var/locks</command></para> - <para>Example: <command moreinfo="none">pid directory = /var/run/</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/postexec.xml b/docs/docbook/smbdotconf/misc/postexec.xml deleted file mode 100644 index 017177be3d..0000000000 --- a/docs/docbook/smbdotconf/misc/postexec.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="POSTEXEC"/>postexec (S)</term> - <listitem><para>This option specifies a command to be run - whenever the service is disconnected. It takes the usual - substitutions. The command may be run as the root on some - systems.</para> - - <para>An interesting example may be to unmount server - resources:</para> - - <para><command moreinfo="none">postexec = /etc/umount /cdrom</command></para> - - <para>See also <link linkend="PREEXEC"><parameter moreinfo="none">preexec</parameter> - </link>.</para> - - <para>Default: <emphasis>none (no command executed)</emphasis> - </para> - - <para>Example: <command moreinfo="none">postexec = echo \"%u disconnected from %S - from %m (%I)\" >> /tmp/log</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preexec.xml b/docs/docbook/smbdotconf/misc/preexec.xml deleted file mode 100644 index fc047e008d..0000000000 --- a/docs/docbook/smbdotconf/misc/preexec.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREEXEC"/>preexec (S)</term> - <listitem><para>This option specifies a command to be run whenever - the service is connected to. It takes the usual substitutions.</para> - - <para>An interesting example is to send the users a welcome - message every time they log in. Maybe a message of the day? Here - is an example:</para> - - <para><command moreinfo="none">preexec = csh -c 'echo \"Welcome to %S!\" | - /usr/local/samba/bin/smbclient -M %m -I %I' & </command></para> - - <para>Of course, this could get annoying after a while :-)</para> - - <para>See also <link linkend="PREEXECCLOSE"><parameter moreinfo="none">preexec close - </parameter></link> and <link linkend="POSTEXEC"><parameter moreinfo="none">postexec - </parameter></link>.</para> - - <para>Default: <emphasis>none (no command executed)</emphasis></para> - <para>Example: <command moreinfo="none">preexec = echo \"%u connected to %S from %m - (%I)\" >> /tmp/log</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preexecclose.xml b/docs/docbook/smbdotconf/misc/preexecclose.xml deleted file mode 100644 index c617a7f7fa..0000000000 --- a/docs/docbook/smbdotconf/misc/preexecclose.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PREEXECCLOSE"/>preexec close (S)</term> - <listitem><para>This boolean option controls whether a non-zero - return code from <link linkend="PREEXEC"><parameter moreinfo="none">preexec - </parameter></link> should close the service being connected to.</para> - - <para>Default: <command moreinfo="none">preexec close = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preload.xml b/docs/docbook/smbdotconf/misc/preload.xml deleted file mode 100644 index 574ed1a369..0000000000 --- a/docs/docbook/smbdotconf/misc/preload.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRELOAD"/>preload (G)</term> - <listitem><para>This is a list of services that you want to be - automatically added to the browse lists. This is most useful - for homes and printers services that would otherwise not be - visible.</para> - - <para>Note that if you just want all printers in your - printcap file loaded then the <link linkend="LOADPRINTERS"> - <parameter moreinfo="none">load printers</parameter></link> option is easier.</para> - - <para>Default: <emphasis>no preloaded services</emphasis></para> - - <para>Example: <command moreinfo="none">preload = fred lp colorlp</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/preloadmodules.xml b/docs/docbook/smbdotconf/misc/preloadmodules.xml deleted file mode 100644 index 52b8c412e6..0000000000 --- a/docs/docbook/smbdotconf/misc/preloadmodules.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRELOADMODULES"/>preload modules (S)</term> - <listitem><para>This is a list of paths to modules that should - be loaded into smbd before a client connects. This improves - the speed of smbd when reacting to new connections somewhat. </para> - - <para>It is recommended to only use this option on heavy-performance - servers.</para> - - <para>Default: <command>preload modules = </command></para> - - <para>Example: <command>preload modules = /usr/lib/samba/passdb/mysql.so+++ </command></para> - - </listitem> -</samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/remoteannounce.xml b/docs/docbook/smbdotconf/misc/remoteannounce.xml deleted file mode 100644 index e6de4bdcaf..0000000000 --- a/docs/docbook/smbdotconf/misc/remoteannounce.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="REMOTEANNOUNCE"/>remote announce (G)</term> - <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically announce itself - to arbitrary IP addresses with an arbitrary workgroup name.</para> - - <para>This is useful if you want your Samba server to appear - in a remote workgroup for which the normal browse propagation - rules don't work. The remote workgroup can be anywhere that you - can send IP packets to.</para> - - <para>For example:</para> - - <para><command moreinfo="none">remote announce = 192.168.2.255/SERVERS - 192.168.4.255/STAFF</command></para> - - <para>the above line would cause <command moreinfo="none">nmbd</command> to announce itself - to the two given IP addresses using the given workgroup names. - If you leave out the workgroup name then the one given in - the <link linkend="WORKGROUP"><parameter moreinfo="none">workgroup</parameter></link> - parameter is used instead.</para> - - <para>The IP addresses you choose would normally be the broadcast - addresses of the remote networks, but can also be the IP addresses - of known browse masters if your network config is that stable.</para> - - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> - in the <filename moreinfo="none">docs/</filename> directory.</para> - - <para>Default: <command moreinfo="none">remote announce = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/remotebrowsesync.xml b/docs/docbook/smbdotconf/misc/remotebrowsesync.xml deleted file mode 100644 index 8b0d863ed7..0000000000 --- a/docs/docbook/smbdotconf/misc/remotebrowsesync.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="REMOTEBROWSESYNC"/>remote browse sync (G)</term> - <listitem><para>This option allows you to setup <ulink url="nmbd.8.html">nmbd(8)</ulink> to periodically request - synchronization of browse lists with the master browser of a Samba - server that is on a remote segment. This option will allow you to - gain browse lists for multiple workgroups across routed networks. This - is done in a manner that does not work with any non-Samba servers.</para> - - <para>This is useful if you want your Samba server and all local - clients to appear in a remote workgroup for which the normal browse - propagation rules don't work. The remote workgroup can be anywhere - that you can send IP packets to.</para> - - <para>For example:</para> - - <para><command moreinfo="none">remote browse sync = 192.168.2.255 192.168.4.255 - </command></para> - - <para>the above line would cause <command moreinfo="none">nmbd</command> to request - the master browser on the specified subnets or addresses to - synchronize their browse lists with the local server.</para> - - <para>The IP addresses you choose would normally be the broadcast - addresses of the remote networks, but can also be the IP addresses - of known browse masters if your network config is that stable. If - a machine IP address is given Samba makes NO attempt to validate - that the remote machine is available, is listening, nor that it - is in fact the browse master on its segment.</para> - - <para>Default: <command moreinfo="none">remote browse sync = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/rootpostexec.xml b/docs/docbook/smbdotconf/misc/rootpostexec.xml deleted file mode 100644 index ed60646677..0000000000 --- a/docs/docbook/smbdotconf/misc/rootpostexec.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTPOSTEXEC"/>root postexec (S)</term> - <listitem><para>This is the same as the <parameter moreinfo="none">postexec</parameter> - parameter except that the command is run as root. This - is useful for unmounting filesystems - (such as CDROMs) after a connection is closed.</para> - - <para>See also <link linkend="POSTEXEC"><parameter moreinfo="none"> - postexec</parameter></link>.</para> - - <para>Default: <command moreinfo="none">root postexec = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/rootpreexec.xml b/docs/docbook/smbdotconf/misc/rootpreexec.xml deleted file mode 100644 index 29802b6d63..0000000000 --- a/docs/docbook/smbdotconf/misc/rootpreexec.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTPREEXEC"/>root preexec (S)</term> - <listitem><para>This is the same as the <parameter moreinfo="none">preexec</parameter> - parameter except that the command is run as root. This - is useful for mounting filesystems (such as CDROMs) when a - connection is opened.</para> - - <para>See also <link linkend="PREEXEC"><parameter moreinfo="none"> - preexec</parameter></link> and <link linkend="PREEXECCLOSE"> - <parameter moreinfo="none">preexec close</parameter></link>.</para> - - <para>Default: <command moreinfo="none">root preexec = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/rootpreexecclose.xml b/docs/docbook/smbdotconf/misc/rootpreexecclose.xml deleted file mode 100644 index d21b0dd7b5..0000000000 --- a/docs/docbook/smbdotconf/misc/rootpreexecclose.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTPREEXECCLOSE"/>root preexec close (S)</term> - <listitem><para>This is the same as the <parameter moreinfo="none">preexec close - </parameter> parameter except that the command is run as root.</para> - - <para>See also <link linkend="PREEXEC"><parameter moreinfo="none"> - preexec</parameter></link> and <link linkend="PREEXECCLOSE"> - <parameter moreinfo="none">preexec close</parameter></link>.</para> - - <para>Default: <command moreinfo="none">root preexec close = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/setdirectory.xml b/docs/docbook/smbdotconf/misc/setdirectory.xml deleted file mode 100644 index 860632cdaf..0000000000 --- a/docs/docbook/smbdotconf/misc/setdirectory.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SETDIRECTORY"/>set directory (S)</term> - <listitem><para>If <command moreinfo="none">set directory = no</command>, then - users of the service may not use the setdir command to change - directory.</para> - - <para>The <command moreinfo="none">setdir</command> command is only implemented - in the Digital Pathworks client. See the Pathworks documentation - for details.</para> - - <para>Default: <command moreinfo="none">set directory = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/socketaddress.xml b/docs/docbook/smbdotconf/misc/socketaddress.xml deleted file mode 100644 index e77737f18b..0000000000 --- a/docs/docbook/smbdotconf/misc/socketaddress.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SOCKETADDRESS"/>socket address (G)</term> - <listitem><para>This option allows you to control what - address Samba will listen for connections on. This is used to - support multiple virtual interfaces on the one server, each - with a different configuration.</para> - - <para>By default Samba will accept connections on any - address.</para> - - <para>Example: <command moreinfo="none">socket address = 192.168.2.20</command> - </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/sourceenvironment.xml b/docs/docbook/smbdotconf/misc/sourceenvironment.xml deleted file mode 100644 index 07a8abce4d..0000000000 --- a/docs/docbook/smbdotconf/misc/sourceenvironment.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SOURCEENVIRONMENT"/>source environment (G)</term> - <listitem><para>This parameter causes Samba to set environment - variables as per the content of the file named.</para> - - <para>If the value of this parameter starts with a "|" character - then Samba will treat that value as a pipe command to open and - will set the environment variables from the output of the pipe.</para> - - <para>The contents of the file or the output of the pipe should - be formatted as the output of the standard Unix <command moreinfo="none">env(1) - </command> command. This is of the form :</para> - <para>Example environment entry:</para> - <para><command moreinfo="none">SAMBA_NETBIOS_NAME = myhostname</command></para> - - <para>Default: <emphasis>No default value</emphasis></para> - <para>Examples: <command moreinfo="none">source environment = |/etc/smb.conf.sh - </command></para> - - <para>Example: <command moreinfo="none">source environment = - /usr/local/smb_env_vars</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/timeoffset.xml b/docs/docbook/smbdotconf/misc/timeoffset.xml deleted file mode 100644 index 0c973234c3..0000000000 --- a/docs/docbook/smbdotconf/misc/timeoffset.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TIMEOFFSET"/>time offset (G)</term> - <listitem><para>This parameter is a setting in minutes to add - to the normal GMT to local time conversion. This is useful if - you are serving a lot of PCs that have incorrect daylight - saving time handling.</para> - - <para>Default: <command moreinfo="none">time offset = 0</command></para> - <para>Example: <command moreinfo="none">time offset = 60</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/utmp.xml b/docs/docbook/smbdotconf/misc/utmp.xml deleted file mode 100644 index 014b85d6bc..0000000000 --- a/docs/docbook/smbdotconf/misc/utmp.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UTMP"/>utmp (G)</term> - <listitem><para>This boolean parameter is only available if - Samba has been configured and compiled with the option <command moreinfo="none"> - --with-utmp</command>. If set to <constant>yes</constant> then Samba will attempt - to add utmp or utmpx records (depending on the UNIX system) whenever a - connection is made to a Samba server. Sites may use this to record the - user connecting to a Samba share.</para> - - <para>Due to the requirements of the utmp record, we - are required to create a unique identifier for the - incoming user. Enabling this option creates an n^2 - algorithm to find this number. This may impede - performance on large installations. </para> - - <para>See also the <link linkend="UTMPDIRECTORY"><parameter moreinfo="none"> - utmp directory</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">utmp = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/utmpdirectory.xml b/docs/docbook/smbdotconf/misc/utmpdirectory.xml deleted file mode 100644 index 9e5574fb39..0000000000 --- a/docs/docbook/smbdotconf/misc/utmpdirectory.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UTMPDIRECTORY"/>utmp directory(G)</term> - <listitem><para>This parameter is only available if Samba has - been configured and compiled with the option <command moreinfo="none"> - --with-utmp</command>. It specifies a directory pathname that is - used to store the utmp or utmpx files (depending on the UNIX system) that - record user connections to a Samba server. See also the <link linkend="UTMP"> - <parameter moreinfo="none">utmp</parameter></link> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <filename moreinfo="none">/var/run/utmp</filename> on Linux).</para> - - <para>Default: <emphasis>no utmp directory</emphasis></para> - <para>Example: <command moreinfo="none">utmp directory = /var/run/utmp</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/volume.xml b/docs/docbook/smbdotconf/misc/volume.xml deleted file mode 100644 index f0a82c6f0c..0000000000 --- a/docs/docbook/smbdotconf/misc/volume.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VOLUME"/>volume (S)</term> - <listitem><para> This allows you to override the volume label - returned for a share. Useful for CDROMs with installation programs - that insist on a particular volume label.</para> - - <para>Default: <emphasis>the name of the share</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/widelinks.xml b/docs/docbook/smbdotconf/misc/widelinks.xml deleted file mode 100644 index b3474ce26c..0000000000 --- a/docs/docbook/smbdotconf/misc/widelinks.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WIDELINKS"/>wide links (S)</term> - <listitem><para>This parameter controls whether or not links - in the UNIX file system may be followed by the server. Links - that point to areas within the directory tree exported by the - server are always allowed; this parameter controls access only - to areas that are outside the directory tree being exported.</para> - - <para>Note that setting this parameter can have a negative - effect on your server performance due to the extra system calls - that Samba has to do in order to perform the link checks.</para> - - <para>Default: <command moreinfo="none">wide links = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/misc/wtmpdirectory.xml b/docs/docbook/smbdotconf/misc/wtmpdirectory.xml deleted file mode 100644 index bb144473ff..0000000000 --- a/docs/docbook/smbdotconf/misc/wtmpdirectory.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WTMPDIRECTORY"/>wtmp directory(G)</term> - <listitem><para>This parameter is only available if Samba has - been configured and compiled with the option <command moreinfo="none"> - --with-utmp</command>. It specifies a directory pathname that is - used to store the wtmp or wtmpx files (depending on the UNIX system) that - record user connections to a Samba server. The difference with - the utmp directory is the fact that user info is kept after a user - has logged out. - - See also the <link linkend="UTMP"> - <parameter moreinfo="none">utmp</parameter></link> parameter. By default this is - not set, meaning the system will use whatever utmp file the - native system is set to use (usually - <filename moreinfo="none">/var/run/wtmp</filename> on Linux).</para> - - <para>Default: <emphasis>no wtmp directory</emphasis></para> - <para>Example: <command moreinfo="none">wtmp directory = /var/log/wtmp</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/addprintercommand.xml b/docs/docbook/smbdotconf/printing/addprintercommand.xml deleted file mode 100644 index abff09cda4..0000000000 --- a/docs/docbook/smbdotconf/printing/addprintercommand.xml +++ /dev/null @@ -1,60 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADDPRINTERCOMMAND"/>addprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printing - support for Windows NT/2000 clients in Samba 2.2, The MS Add - Printer Wizard (APW) icon is now also available in the - "Printers..." folder displayed a share listing. The APW - allows for printers to be add remotely to a Samba or Windows - NT/2000 print server.</para> - - <para>For a Samba host this means that the printer must be - physically added to the underlying printing system. The <parameter moreinfo="none">add - printer command</parameter> defines a script to be run which - will perform the necessary operations for adding the printer - to the print system and to add the appropriate service definition - to the <filename moreinfo="none">smb.conf</filename> file in order that it can be - shared by <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>.</para> - - <para>The <parameter moreinfo="none">addprinter command</parameter> is - automatically invoked with the following parameter (in - order):</para> - - <itemizedlist> - <listitem><para><parameter moreinfo="none">printer name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">share name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">port name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">driver name</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">location</parameter></para></listitem> - <listitem><para><parameter moreinfo="none">Windows 9x driver location</parameter> - </para></listitem> - </itemizedlist> - - <para>All parameters are filled in from the PRINTER_INFO_2 structure sent - by the Windows NT/2000 client with one exception. The "Windows 9x - driver location" parameter is included for backwards compatibility - only. The remaining fields in the structure are generated from answers - to the APW questions.</para> - - <para>Once the <parameter moreinfo="none">addprinter command</parameter> has - been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> - smb.conf</filename> to determine if the share defined by the APW - exists. If the sharename is still invalid, then <command moreinfo="none">smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para> - The "add printer command" program can output a single line of text, - which Samba will set as the port the new printer is connected to. - If this line isn't output, Samba won't reload its printer shares. - </para> - - <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none"> - deleteprinter command</parameter></link>, <link linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">addprinter command = /usr/bin/addprinter - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/defaultdevmode.xml b/docs/docbook/smbdotconf/printing/defaultdevmode.xml deleted file mode 100644 index 9609038dcd..0000000000 --- a/docs/docbook/smbdotconf/printing/defaultdevmode.xml +++ /dev/null @@ -1,34 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEFAULTDEVMODE"/>default devmode (S)</term> - <listitem><para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services. When smbd is serving - Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba - server has a Device Mode which defines things such as paper size and - orientation and duplex settings. The device mode can only correctly be - generated by the printer driver itself (which can only be executed on a - Win32 platform). Because smbd is unable to execute the driver code - to generate the device mode, the default behavior is to set this field - to NULL. - </para> - - <para>Most problems with serving printer drivers to Windows NT/2k/XP clients - can be traced to a problem with the generated device mode. Certain drivers - will do things such as crashing the client's Explorer.exe with a NULL devmode. - However, other printer drivers can cause the client's spooler service - (spoolsv.exe) to die if the devmode was not created by the driver itself - (i.e. smbd generates a default devmode). - </para> - - <para>This parameter should be used with care and tested with the printer - driver in question. It is better to leave the device mode to NULL - and let the Windows client set the correct values. Because drivers do not - do this all the time, setting <command moreinfo="none">default devmode = yes</command> - will instruct smbd to generate a default one. - </para> - - <para>For more information on Windows NT/2k printing and Device Modes, - see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>. - </para> - - <para>Default: <command moreinfo="none">default devmode = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml deleted file mode 100644 index 23f2ff76b0..0000000000 --- a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DELETEPRINTERCOMMAND"/>deleteprinter command (G)</term> - <listitem><para>With the introduction of MS-RPC based printer - support for Windows NT/2000 clients in Samba 2.2, it is now - possible to delete printer at run time by issuing the - DeletePrinter() RPC call.</para> - - <para>For a Samba host this means that the printer must be - physically deleted from underlying printing system. The <parameter moreinfo="none"> - deleteprinter command</parameter> defines a script to be run which - will perform the necessary operations for removing the printer - from the print system and from <filename moreinfo="none">smb.conf</filename>. - </para> - - <para>The <parameter moreinfo="none">deleteprinter command</parameter> is - automatically called with only one parameter: <parameter moreinfo="none"> - "printer name"</parameter>.</para> - - - <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has - been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none"> - smb.conf</filename> to associated printer no longer exists. - If the sharename is still valid, then <command moreinfo="none">smbd - </command> will return an ACCESS_DENIED error to the client.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none"> - addprinter command</parameter></link>, <link linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link>, - <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add - printer wizard</parameter></link></para> - - <para>Default: <emphasis>none</emphasis></para> - <para>Example: <command moreinfo="none">deleteprinter command = /usr/bin/removeprinter - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/disablespoolss.xml b/docs/docbook/smbdotconf/printing/disablespoolss.xml deleted file mode 100644 index dff1e63fab..0000000000 --- a/docs/docbook/smbdotconf/printing/disablespoolss.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DISABLESPOOLSS"/>disable spoolss (G)</term> - <listitem><para>Enabling this parameter will disable Samba's support - for the SPOOLSS set of MS-RPC's and will yield identical behavior - as Samba 2.0.x. Windows NT/2000 clients will downgrade to using - Lanman style printing commands. Windows 9x/ME will be uneffected by - the parameter. However, this will also disable the ability to upload - printer drivers to a Samba server via the Windows NT Add Printer - Wizard or by using the NT printer properties dialog window. It will - also disable the capability of Windows NT/2000 clients to download - print drivers from the Samba host upon demand. - <emphasis>Be very careful about enabling this parameter.</emphasis> - </para> - - <para>See also <link linkend="USECLIENTDRIVER">use client driver</link> - </para> - - <para>Default : <command moreinfo="none">disable spoolss = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/enumportscommand.xml b/docs/docbook/smbdotconf/printing/enumportscommand.xml deleted file mode 100644 index b1111a5e1c..0000000000 --- a/docs/docbook/smbdotconf/printing/enumportscommand.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ENUMPORTSCOMMAND"/>enumports command (G)</term> - <listitem><para>The concept of a "port" is fairly foreign - to UNIX hosts. Under Windows NT/2000 print servers, a port - is associated with a port monitor and generally takes the form of - a local port (i.e. LPT1:, COM1:, FILE:) or a remote port - (i.e. LPD Port Monitor, etc...). By default, Samba has only one - port defined--<constant>"Samba Printer Port"</constant>. Under - Windows NT/2000, all printers must have a valid port name. - If you wish to have a list of ports displayed (<command moreinfo="none">smbd - </command> does not use a port name for anything) other than - the default <constant>"Samba Printer Port"</constant>, you - can define <parameter moreinfo="none">enumports command</parameter> to point to - a program which should generate a list of ports, one per line, - to standard output. This listing will then be used in response - to the level 1 and 2 EnumPorts() RPC.</para> - - <para>Default: <emphasis>no enumports command</emphasis></para> - <para>Example: <command moreinfo="none">enumports command = /usr/bin/listports - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/loadprinters.xml b/docs/docbook/smbdotconf/printing/loadprinters.xml deleted file mode 100644 index adaa8afca9..0000000000 --- a/docs/docbook/smbdotconf/printing/loadprinters.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LOADPRINTERS"/>load printers (G)</term> - <listitem><para>A boolean variable that controls whether all - printers in the printcap will be loaded for browsing by default. - See the <link linkend="PRINTERSSECT">printers</link> section for - more details.</para> - - <para>Default: <command moreinfo="none">load printers = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lppausecommand.xml b/docs/docbook/smbdotconf/printing/lppausecommand.xml deleted file mode 100644 index 34d7c7f800..0000000000 --- a/docs/docbook/smbdotconf/printing/lppausecommand.xml +++ /dev/null @@ -1,41 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPPAUSECOMMAND"/>lppause command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to stop printing or spooling - a specific print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number to pause the print job. One way - of implementing this is by using job priorities, where jobs - having a too low priority won't be sent to the printer.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with - the job number (an integer). On HPUX (see <parameter moreinfo="none">printing=hpux - </parameter>), if the <parameter moreinfo="none">-p%p</parameter> option is added - to the lpq command, the job will show up with the correct status, i.e. - if the job priority is lower than the set fence priority it will - have the PAUSED status, whereas if the priority is equal or higher it - will have the SPOOLED or PRINTING status.</para> - - <para>Note that it is good practice to include the absolute path - in the lppause command as the PATH may not be available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: Currently no default value is given to - this string, unless the value of the <parameter moreinfo="none">printing</parameter> - parameter is <constant>SYSV</constant>, in which case the default is :</para> - - <para><command moreinfo="none">lp -i %p-%j -H hold</command></para> - - <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter - is <constant>SOFTQ</constant>, then the default is:</para> - - <para><command moreinfo="none">qstat -s -j%j -h</command></para> - - <para>Example for HPUX: <command moreinfo="none">lppause command = /usr/bin/lpalt - %p-%j -p0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpqcachetime.xml b/docs/docbook/smbdotconf/printing/lpqcachetime.xml deleted file mode 100644 index 6f351fdaf9..0000000000 --- a/docs/docbook/smbdotconf/printing/lpqcachetime.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPQCACHETIME"/>lpq cache time (G)</term> - <listitem><para>This controls how long lpq info will be cached - for to prevent the <command moreinfo="none">lpq</command> command being called too - often. A separate cache is kept for each variation of the <command moreinfo="none"> - lpq</command> command used by the system, so if you use different - <command moreinfo="none">lpq</command> commands for different users then they won't - share cache information.</para> - - <para>The cache files are stored in <filename moreinfo="none">/tmp/lpq.xxxx</filename> - where xxxx is a hash of the <command moreinfo="none">lpq</command> command in use.</para> - - <para>The default is 10 seconds, meaning that the cached results - of a previous identical <command moreinfo="none">lpq</command> command will be used - if the cached data is less than 10 seconds old. A large value may - be advisable if your <command moreinfo="none">lpq</command> command is very slow.</para> - - <para>A value of 0 will disable caching completely.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">lpq cache time = 10</command></para> - <para>Example: <command moreinfo="none">lpq cache time = 30</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpqcommand.xml b/docs/docbook/smbdotconf/printing/lpqcommand.xml deleted file mode 100644 index ddcdf1ef49..0000000000 --- a/docs/docbook/smbdotconf/printing/lpqcommand.xml +++ /dev/null @@ -1,41 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPQCOMMAND"/>lpq command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to obtain <command moreinfo="none">lpq - </command>-style printer status information.</para> - - <para>This command should be a program or script which - takes a printer name as its only parameter and outputs printer - status information.</para> - - <para>Currently nine styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. - This covers most UNIX systems. You control which type is expected - using the <parameter moreinfo="none">printing =</parameter> option.</para> - - <para>Some clients (notably Windows for Workgroups) may not - correctly send the connection number for the printer they are - requesting status information about. To get around this, the - server reports on the first printer service connected to by the - client. This only happens if the connection number sent is invalid.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the - command.</para> - - <para>Note that it is good practice to include the absolute path - in the <parameter moreinfo="none">lpq command</parameter> as the <envar>$PATH - </envar> may not be available to the server. When compiled with - the CUPS libraries, no <parameter moreinfo="none">lpq command</parameter> is - needed because smbd will make a library call to obtain the - print queue listing.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none"> - printing</parameter></emphasis></para> - - <para>Example: <command moreinfo="none">lpq command = /usr/bin/lpq -P%p</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lpresumecommand.xml b/docs/docbook/smbdotconf/printing/lpresumecommand.xml deleted file mode 100644 index fbb1ac71ad..0000000000 --- a/docs/docbook/smbdotconf/printing/lpresumecommand.xml +++ /dev/null @@ -1,37 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPRESUMECOMMAND"/>lpresume command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to restart or continue - printing or spooling a specific print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number to resume the print job. See - also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command - </parameter></link> parameter.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with - the job number (an integer).</para> - - <para>Note that it is good practice to include the absolute path - in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not - be available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: Currently no default value is given - to this string, unless the value of the <parameter moreinfo="none">printing</parameter> - parameter is <constant>SYSV</constant>, in which case the default is :</para> - - <para><command moreinfo="none">lp -i %p-%j -H resume</command></para> - - <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter - is <constant>SOFTQ</constant>, then the default is:</para> - - <para><command moreinfo="none">qstat -s -j%j -r</command></para> - - <para>Example for HPUX: <command moreinfo="none">lpresume command = /usr/bin/lpalt - %p-%j -p2</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/lprmcommand.xml b/docs/docbook/smbdotconf/printing/lprmcommand.xml deleted file mode 100644 index 7f59d6c5a0..0000000000 --- a/docs/docbook/smbdotconf/printing/lprmcommand.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LPRMCOMMAND"/>lprm command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to delete a print job.</para> - - <para>This command should be a program or script which takes - a printer name and job number, and deletes the print job.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with - the job number (an integer).</para> - - <para>Note that it is good practice to include the absolute - path in the <parameter moreinfo="none">lprm command</parameter> as the PATH may not be - available to the server.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing - </parameter></emphasis></para> - - <para>Example 1: <command moreinfo="none">lprm command = /usr/bin/lprm -P%p %j - </command></para> - <para>Example 2: <command moreinfo="none">lprm command = /usr/bin/cancel %p-%j - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/maxprintjobs.xml b/docs/docbook/smbdotconf/printing/maxprintjobs.xml deleted file mode 100644 index f0c7d83d3f..0000000000 --- a/docs/docbook/smbdotconf/printing/maxprintjobs.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXPRINTJOBS"/>max print jobs (S)</term> - <listitem><para>This parameter limits the maximum number of - jobs allowable in a Samba printer queue at any given moment. - If this number is exceeded, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will remote "Out of Space" to the client. - See all <link linkend="TOTALPRINTJOBS"><parameter moreinfo="none">total - print jobs</parameter></link>. - </para> - - <para>Default: <command moreinfo="none">max print jobs = 1000</command></para> - <para>Example: <command moreinfo="none">max print jobs = 5000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml deleted file mode 100644 index fdfba35a49..0000000000 --- a/docs/docbook/smbdotconf/printing/os2drivermap.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OS2DRIVERMAP"/>os2 driver map (G)</term> - <listitem><para>The parameter is used to define the absolute - path to a file containing a mapping of Windows NT printer driver - names to OS/2 printer driver names. The format is:</para> - - <para><nt driver name> = <os2 driver - name>.<device name></para> - - <para>For example, a valid entry using the HP LaserJet 5 - printer driver would appear as <command moreinfo="none">HP LaserJet 5L = LASERJET.HP - LaserJet 5L</command>.</para> - - <para>The need for the file is due to the printer driver namespace - problem described in the <ulink url="printing.html">Samba - Printing HOWTO</ulink>. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> - - <para>Default: <command moreinfo="none">os2 driver map = <empty string> - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printable.xml b/docs/docbook/smbdotconf/printing/printable.xml deleted file mode 100644 index 22d4d73b01..0000000000 --- a/docs/docbook/smbdotconf/printing/printable.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTABLE"/>printable (S)</term> - <listitem><para>If this parameter is <constant>yes</constant>, then - clients may open, write to and submit spool files on the directory - specified for the service. </para> - - <para>Note that a printable service will ALWAYS allow writing - to the service path (user privileges permitting) via the spooling - of print data. The <link linkend="READONLY"><parameter moreinfo="none">read only - </parameter></link> parameter controls only non-printing access to - the resource.</para> - - <para>Default: <command moreinfo="none">printable = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printcap.xml b/docs/docbook/smbdotconf/printing/printcap.xml deleted file mode 100644 index 2f5e4af580..0000000000 --- a/docs/docbook/smbdotconf/printing/printcap.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTCAP"/>printcap (G)</term> - <listitem><para>Synonym for <link linkend="PRINTCAPNAME"><parameter moreinfo="none"> - printcap name</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printcapname.xml b/docs/docbook/smbdotconf/printing/printcapname.xml deleted file mode 100644 index 0025624d25..0000000000 --- a/docs/docbook/smbdotconf/printing/printcapname.xml +++ /dev/null @@ -1,47 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTCAPNAME"/>printcap name (G)</term> - <listitem><para>This parameter may be used to override the - compiled-in default printcap name used by the server (usually <filename moreinfo="none"> - /etc/printcap</filename>). See the discussion of the <link linkend="PRINTERSSECT">[printers]</link> section above for reasons - why you might want to do this.</para> - - <para>To use the CUPS printing interface set <command moreinfo="none">printcap name = cups - </command>. This should be supplemented by an addtional setting - <link linkend="PRINTING">printing = cups</link> in the [global] - section. <command moreinfo="none">printcap name = cups</command> will use the - "dummy" printcap created by CUPS, as specified in your CUPS - configuration file. - </para> - - <para>On System V systems that use <command moreinfo="none">lpstat</command> to - list available printers you can use <command moreinfo="none">printcap name = lpstat - </command> to automatically obtain lists of available printers. This - is the default for systems that define SYSV at configure time in - Samba (this includes most System V based systems). If <parameter moreinfo="none"> - printcap name</parameter> is set to <command moreinfo="none">lpstat</command> on - these systems then Samba will launch <command moreinfo="none">lpstat -v</command> and - attempt to parse the output to obtain a printer list.</para> - - <para>A minimal printcap file would look something like this:</para> - -<para><programlisting format="linespecific"> -print1|My Printer 1 -print2|My Printer 2 -print3|My Printer 3 -print4|My Printer 4 -print5|My Printer 5 -</programlisting></para> - - <para>where the '|' separates aliases of a printer. The fact - that the second alias has a space in it gives a hint to Samba - that it's a comment.</para> - - <note><para>Under AIX the default printcap - name is <filename moreinfo="none">/etc/qconfig</filename>. Samba will assume the - file is in AIX <filename moreinfo="none">qconfig</filename> format if the string - <filename moreinfo="none">qconfig</filename> appears in the printcap filename.</para></note> - - <para>Default: <command moreinfo="none">printcap name = /etc/printcap</command></para> - <para>Example: <command moreinfo="none">printcap name = /etc/myprintcap</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printcommand.xml b/docs/docbook/smbdotconf/printing/printcommand.xml deleted file mode 100644 index c996ed6c2e..0000000000 --- a/docs/docbook/smbdotconf/printing/printcommand.xml +++ /dev/null @@ -1,86 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTCOMMAND"/>print command (S)</term> - <listitem><para>After a print job has finished spooling to - a service, this command will be used via a <command moreinfo="none">system()</command> - call to process the spool file. Typically the command specified will - submit the spool file to the host's printing subsystem, but there - is no requirement that this be the case. The server will not remove - the spool file, so whatever command you specify should remove the - spool file when it has been processed, otherwise you will need to - manually remove old spool files.</para> - - <para>The print command is simply a text string. It will be used - verbatim after macro substitutions have been made:</para> - - <para>s, %p - the path to the spool - file name</para> - - <para>%p - the appropriate printer - name</para> - - <para>%J - the job - name as transmitted by the client.</para> - - <para>%c - The number of printed pages - of the spooled job (if known).</para> - - <para>%z - the size of the spooled - print job (in bytes)</para> - - <para>The print command <emphasis>MUST</emphasis> contain at least - one occurrence of <parameter moreinfo="none">%s</parameter> or <parameter moreinfo="none">%f - </parameter> - the <parameter moreinfo="none">%p</parameter> is optional. At the time - a job is submitted, if no printer name is supplied the <parameter moreinfo="none">%p - </parameter> will be silently removed from the printer command.</para> - - <para>If specified in the [global] section, the print command given - will be used for any printable service that does not have its own - print command specified.</para> - - <para>If there is neither a specified print command for a - printable service nor a global print command, spool files will - be created but not processed and (most importantly) not removed.</para> - - <para>Note that printing may fail on some UNIXes from the - <constant>nobody</constant> account. If this happens then create - an alternative guest account that can print and set the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link> - in the [global] section.</para> - - <para>You can form quite complex print commands by realizing - that they are just passed to a shell. For example the following - will log a print job, print the file, then remove it. Note that - ';' is the usual separator for command in shell scripts.</para> - - <para><command moreinfo="none">print command = echo Printing %s >> - /tmp/print.log; lpr -P %p %s; rm %s</command></para> - - <para>You may have to vary this command considerably depending - on how you normally print files on your system. The default for - the parameter varies depending on the setting of the <link linkend="PRINTING"> - <parameter moreinfo="none">printing</parameter></link> parameter.</para> - - <para>Default: For <command moreinfo="none">printing = BSD, AIX, QNX, LPRNG - or PLP :</command></para> - <para><command moreinfo="none">print command = lpr -r -P%p %s</command></para> - - <para>For <command moreinfo="none">printing = SYSV or HPUX :</command></para> - <para><command moreinfo="none">print command = lp -c -d%p %s; rm %s</command></para> - - <para>For <command moreinfo="none">printing = SOFTQ :</command></para> - <para><command moreinfo="none">print command = lp -d%p -s %s; rm %s</command></para> - - <para>For printing = CUPS : If SAMBA is compiled against - libcups, then <link linkend="PRINTING">printcap = cups</link> - uses the CUPS API to - submit jobs, etc. Otherwise it maps to the System V - commands with the -oraw option for printing, i.e. it - uses <command moreinfo="none">lp -c -d%p -oraw; rm %s</command>. - With <command moreinfo="none">printing = cups</command>, - and if SAMBA is compiled against libcups, any manually - set print command will be ignored.</para> - - - <para>Example: <command moreinfo="none">print command = /usr/local/samba/bin/myprintscript - %p %s</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printer.xml b/docs/docbook/smbdotconf/printing/printer.xml deleted file mode 100644 index 4cf90b06fa..0000000000 --- a/docs/docbook/smbdotconf/printing/printer.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTER"/>printer (S)</term> - <listitem><para>Synonym for <link linkend="PRINTERNAME"><parameter moreinfo="none"> - printer name</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printername.xml b/docs/docbook/smbdotconf/printing/printername.xml deleted file mode 100644 index 25e6afa1f2..0000000000 --- a/docs/docbook/smbdotconf/printing/printername.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTERNAME"/>printer name (S)</term> - <listitem><para>This parameter specifies the name of the printer - to which print jobs spooled through a printable service will be sent.</para> - - <para>If specified in the [global] section, the printer - name given will be used for any printable service that does - not have its own printer name specified.</para> - - <para>Default: <emphasis>none (but may be <constant>lp</constant> - on many systems)</emphasis></para> - - <para>Example: <command moreinfo="none">printer name = laserwriter</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printing.xml b/docs/docbook/smbdotconf/printing/printing.xml deleted file mode 100644 index d49c0e2471..0000000000 --- a/docs/docbook/smbdotconf/printing/printing.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTING"/>printing (S)</term> - <listitem><para>This parameters controls how printer status - information is interpreted on your system. It also affects the - default values for the <parameter moreinfo="none">print command</parameter>, - <parameter moreinfo="none">lpq command</parameter>, <parameter moreinfo="none">lppause command - </parameter>, <parameter moreinfo="none">lpresume command</parameter>, and - <parameter moreinfo="none">lprm command</parameter> if specified in the - [global] section.</para> - - <para>Currently nine printing styles are supported. They are - <constant>BSD</constant>, <constant>AIX</constant>, - <constant>LPRNG</constant>, <constant>PLP</constant>, - <constant>SYSV</constant>, <constant>HPUX</constant>, - <constant>QNX</constant>, <constant>SOFTQ</constant>, - and <constant>CUPS</constant>.</para> - - <para>To see what the defaults are for the other print - commands when using the various options use the <ulink url="testparm.1.html">testparm(1)</ulink> program.</para> - - <para>This option can be set on a per printer basis</para> - - <para>See also the discussion in the <link linkend="PRINTERSSECT"> - [printers]</link> section.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/printok.xml b/docs/docbook/smbdotconf/printing/printok.xml deleted file mode 100644 index 7900e91bbb..0000000000 --- a/docs/docbook/smbdotconf/printing/printok.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTOK"/>print ok (S)</term> - <listitem><para>Synonym for <link linkend="PRINTABLE"> - <parameter moreinfo="none">printable</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queuepausecommand.xml b/docs/docbook/smbdotconf/printing/queuepausecommand.xml deleted file mode 100644 index c991994f7f..0000000000 --- a/docs/docbook/smbdotconf/printing/queuepausecommand.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="QUEUEPAUSECOMMAND"/>queuepause command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to pause the printer queue.</para> - - <para>This command should be a program or script which takes - a printer name as its only parameter and stops the printer queue, - such that no longer jobs are submitted to the printer.</para> - - <para>This command is not supported by Windows for Workgroups, - but can be issued from the Printers window under Windows 95 - and NT.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the command. - </para> - - <para>Note that it is good practice to include the absolute - path in the command as the PATH may not be available to the - server.</para> - - <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing - </parameter></emphasis></para> - <para>Example: <command moreinfo="none">queuepause command = disable %p</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/queueresumecommand.xml b/docs/docbook/smbdotconf/printing/queueresumecommand.xml deleted file mode 100644 index 7c0d60961a..0000000000 --- a/docs/docbook/smbdotconf/printing/queueresumecommand.xml +++ /dev/null @@ -1,31 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="QUEUERESUMECOMMAND"/>queueresume command (S)</term> - <listitem><para>This parameter specifies the command to be - executed on the server host in order to resume the printer queue. It - is the command to undo the behavior that is caused by the - previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none"> - queuepause command</parameter></link>).</para> - - <para>This command should be a program or script which takes - a printer name as its only parameter and resumes the printer queue, - such that queued jobs are resubmitted to the printer.</para> - - <para>This command is not supported by Windows for Workgroups, - but can be issued from the Printers window under Windows 95 - and NT.</para> - - <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name - is put in its place. Otherwise it is placed at the end of the - command.</para> - - <para>Note that it is good practice to include the absolute - path in the command as the PATH may not be available to the - server.</para> - - <para>Default: <emphasis>depends on the setting of <link linkend="PRINTING"><parameter moreinfo="none">printing</parameter></link></emphasis> - </para> - - <para>Example: <command moreinfo="none">queuepause command = enable %p - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml deleted file mode 100644 index 9bf5160ad5..0000000000 --- a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml +++ /dev/null @@ -1,31 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SHOWADDPRINTERWIZARD"/>show add printer wizard (G)</term> - <listitem><para>With the introduction of MS-RPC based printing support - for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will - appear on Samba hosts in the share listing. Normally this folder will - contain an icon for the MS Add Printer Wizard (APW). However, it is - possible to disable this feature regardless of the level of privilege - of the connected user.</para> - - <para>Under normal circumstances, the Windows NT/2000 client will - open a handle on the printer server with OpenPrinterEx() asking for - Administrator privileges. If the user does not have administrative - access on the print server (i.e is not root or a member of the - <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx() - call fails and the client makes another open call with a request for - a lower privilege level. This should succeed, however the APW - icon will not be displayed.</para> - - <para>Disabling the <parameter moreinfo="none">show add printer wizard</parameter> - parameter will always cause the OpenPrinterEx() on the server - to fail. Thus the APW icon will never be displayed. <emphasis> - Note :</emphasis>This does not prevent the same user from having - administrative privilege on an individual printer.</para> - - <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter - command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND"> - <parameter moreinfo="none">deleteprinter command</parameter></link>, <link linkend="PRINTERADMIN"><parameter moreinfo="none">printer admin</parameter></link></para> - - <para>Default :<command moreinfo="none">show add printer wizard = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/totalprintjobs.xml b/docs/docbook/smbdotconf/printing/totalprintjobs.xml deleted file mode 100644 index 25784a3c29..0000000000 --- a/docs/docbook/smbdotconf/printing/totalprintjobs.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TOTALPRINTJOBS"/>total print jobs (G)</term> - <listitem><para>This parameter accepts an integer value which defines - a limit on the maximum number of print jobs that will be accepted - system wide at any given time. If a print job is submitted - by a client which will exceed this number, then <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will return an - error indicating that no space is available on the server. The - default value of 0 means that no such limit exists. This parameter - can be used to prevent a server from exceeding its capacity and is - designed as a printing throttle. See also - <link linkend="MAXPRINTJOBS"><parameter moreinfo="none">max print jobs</parameter></link>. - </para> - - <para>Default: <command moreinfo="none">total print jobs = 0</command></para> - <para>Example: <command moreinfo="none">total print jobs = 5000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/printing/useclientdriver.xml b/docs/docbook/smbdotconf/printing/useclientdriver.xml deleted file mode 100644 index 8327d0aaa4..0000000000 --- a/docs/docbook/smbdotconf/printing/useclientdriver.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USECLIENTDRIVER"/>use client driver (S)</term> - <listitem><para>This parameter applies only to Windows NT/2000 - clients. It has no affect on Windows 95/98/ME clients. When - serving a printer to Windows NT/2000 clients without first installing - a valid printer driver on the Samba host, the client will be required - to install a local printer driver. From this point on, the client - will treat the print as a local printer and not a network printer - connection. This is much the same behavior that will occur - when <command moreinfo="none">disable spoolss = yes</command>. </para> - - <para>The differentiating - factor is that under normal circumstances, the NT/2000 client will - attempt to open the network printer using MS-RPC. The problem is that - because the client considers the printer to be local, it will attempt - to issue the OpenPrinterEx() call requesting access rights associated - with the logged on user. If the user possesses local administator rights - but not root privilegde on the Samba host (often the case), the OpenPrinterEx() - call will fail. The result is that the client will now display an "Access - Denied; Unable to connect" message in the printer queue window (even though - jobs may successfully be printed). </para> - - <para>If this parameter is enabled for a printer, then any attempt - to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped - to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() - call to succeed. <emphasis>This parameter MUST not be able enabled - on a print share which has valid print driver installed on the Samba - server.</emphasis></para> - - <para>See also <link linkend="DISABLESPOOLSS">disable spoolss</link> - </para> - - <para>Default: <command moreinfo="none">use client driver = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/process-all.sh b/docs/docbook/smbdotconf/process-all.sh deleted file mode 100755 index 6d8c9941b4..0000000000 --- a/docs/docbook/smbdotconf/process-all.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -sh generate-file-list.sh >parameters.all.xml - -xsltproc --xinclude \ - --param smb.context "'G'" \ - --output parameters.global.xml \ - generate-context.xsl parameters.all.xml - -xsltproc --xinclude \ - --param smb.context "'S'" \ - --output parameters.service.xml \ - generate-context.xsl parameters.all.xml - -xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \ -xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - diff --git a/docs/docbook/smbdotconf/protocol/announceas.xml b/docs/docbook/smbdotconf/protocol/announceas.xml deleted file mode 100644 index 1f3169609c..0000000000 --- a/docs/docbook/smbdotconf/protocol/announceas.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ANNOUNCEAS"/>announce as (G)</term> - <listitem><para>This specifies what type of server <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will announce itself as, to a network neighborhood browse - list. By default this is set to Windows NT. The valid options - are : "NT Server" (which can also be written as "NT"), - "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, - Windows NT Workstation, Windows 95 and Windows for Workgroups - respectively. Do not change this parameter unless you have a - specific need to stop Samba appearing as an NT server as this - may prevent Samba servers from participating as browser servers - correctly.</para> - - <para>Default: <command moreinfo="none">announce as = NT Server</command></para> - - <para>Example: <command moreinfo="none">announce as = Win95</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/announceversion.xml b/docs/docbook/smbdotconf/protocol/announceversion.xml deleted file mode 100644 index 03ad429dbd..0000000000 --- a/docs/docbook/smbdotconf/protocol/announceversion.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ANNOUNCEVERSION"/>announce version (G)</term> - <listitem><para>This specifies the major and minor version numbers - that nmbd will use when announcing itself as a server. The default - is 4.9. Do not change this parameter unless you have a specific - need to set a Samba server to be a downlevel server.</para> - - <para>Default: <command moreinfo="none">announce version = 4.9</command></para> - - <para>Example: <command moreinfo="none">announce version = 2.0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/disablenetbios.xml b/docs/docbook/smbdotconf/protocol/disablenetbios.xml deleted file mode 100644 index ac97cdf7c3..0000000000 --- a/docs/docbook/smbdotconf/protocol/disablenetbios.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DISABLENETBIOS"/>disable netbios (G)</term> - <listitem><para>Enabling this parameter will disable netbios support - in Samba. Netbios is the only available form of browsing in - all windows versions except for 2000 and XP. </para> - - <para>Note that clients that only support netbios won't be able to - see your samba server when netbios support is disabled. - </para> - - <para>Default: <command moreinfo="none">disable netbios = no</command></para> - <para>Example: <command moreinfo="none">disable netbios = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/largereadwrite.xml b/docs/docbook/smbdotconf/protocol/largereadwrite.xml deleted file mode 100644 index 9aa28593e6..0000000000 --- a/docs/docbook/smbdotconf/protocol/largereadwrite.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LARGEREADWRITE"/>large readwrite (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> supports the new 64k streaming - read and write varient SMB requests introduced - with Windows 2000. Note that due to Windows 2000 client redirector bugs - this requires Samba to be running on a 64-bit capable operating system such - as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with - Windows 2000 clients. Defaults to on. Not as tested as some other Samba - code paths. - </para> - - <para>Default : <command moreinfo="none">large readwrite = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxmux.xml b/docs/docbook/smbdotconf/protocol/maxmux.xml deleted file mode 100644 index 51296e0747..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxmux.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXMUX"/>max mux (G)</term> - <listitem><para>This option controls the maximum number of - outstanding simultaneous SMB operations that Samba tells the client - it will allow. You should never need to set this parameter.</para> - - <para>Default: <command moreinfo="none">max mux = 50</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxprotocol.xml b/docs/docbook/smbdotconf/protocol/maxprotocol.xml deleted file mode 100644 index be859f8ee3..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxprotocol.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXPROTOCOL"/>max protocol (G)</term> - <listitem><para>The value of the parameter (a string) is the highest - protocol level that will be supported by the server.</para> - - <para>Possible values are :</para> - <itemizedlist> - <listitem><para><constant>CORE</constant>: Earliest version. No - concept of user names.</para></listitem> - - <listitem><para><constant>COREPLUS</constant>: Slight improvements on - CORE for efficiency.</para></listitem> - - <listitem><para><constant>LANMAN1</constant>: First <emphasis> - modern</emphasis> version of the protocol. Long filename - support.</para></listitem> - - <listitem><para><constant>LANMAN2</constant>: Updates to Lanman1 protocol. - </para></listitem> - - <listitem><para><constant>NT1</constant>: Current up to date version of - the protocol. Used by Windows NT. Known as CIFS.</para></listitem> - </itemizedlist> - - <para>Normally this option should not be set as the automatic - negotiation phase in the SMB protocol takes care of choosing - the appropriate protocol.</para> - - <para>See also <link linkend="MINPROTOCOL"><parameter moreinfo="none">min - protocol</parameter></link></para> - - <para>Default: <command moreinfo="none">max protocol = NT1</command></para> - <para>Example: <command moreinfo="none">max protocol = LANMAN1</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxttl.xml b/docs/docbook/smbdotconf/protocol/maxttl.xml deleted file mode 100644 index 04c6771308..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxttl.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXTTL"/>max ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - what the default 'time to live' of NetBIOS names should be (in seconds) - when <command moreinfo="none">nmbd</command> is requesting a name using either a - broadcast packet or from a WINS server. You should never need to - change this parameter. The default is 3 days.</para> - - <para>Default: <command moreinfo="none">max ttl = 259200</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxwinsttl.xml b/docs/docbook/smbdotconf/protocol/maxwinsttl.xml deleted file mode 100644 index c8e2d9df8d..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxwinsttl.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXWINSTTL"/>max wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server (<link linkend="WINSSUPPORT"> - <parameter moreinfo="none">wins support = yes</parameter></link>) what the maximum - 'time to live' of NetBIOS names that <command moreinfo="none">nmbd</command> - will grant will be (in seconds). You should never need to change this - parameter. The default is 6 days (518400 seconds).</para> - - <para>See also the <link linkend="MINWINSTTL"><parameter moreinfo="none">min - wins ttl</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">max wins ttl = 518400</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/maxxmit.xml b/docs/docbook/smbdotconf/protocol/maxxmit.xml deleted file mode 100644 index c16cf47655..0000000000 --- a/docs/docbook/smbdotconf/protocol/maxxmit.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXXMIT"/>max xmit (G)</term> - <listitem><para>This option controls the maximum packet size - that will be negotiated by Samba. The default is 65535, which - is the maximum. In some cases you may find you get better performance - with a smaller value. A value below 2048 is likely to cause problems. - </para> - - <para>Default: <command moreinfo="none">max xmit = 65535</command></para> - <para>Example: <command moreinfo="none">max xmit = 8192</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/minprotocol.xml b/docs/docbook/smbdotconf/protocol/minprotocol.xml deleted file mode 100644 index 6b1d420a4b..0000000000 --- a/docs/docbook/smbdotconf/protocol/minprotocol.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPROTOCOL"/>min protocol (G)</term> - <listitem><para>The value of the parameter (a string) is the - lowest SMB protocol dialect than Samba will support. Please refer - to the <link linkend="MAXPROTOCOL"><parameter moreinfo="none">max protocol</parameter></link> - parameter for a list of valid protocol names and a brief description - of each. You may also wish to refer to the C source code in - <filename moreinfo="none">source/smbd/negprot.c</filename> for a listing of known protocol - dialects supported by clients.</para> - - <para>If you are viewing this parameter as a security measure, you should - also refer to the <link linkend="LANMANAUTH"><parameter moreinfo="none">lanman - auth</parameter></link> parameter. Otherwise, you should never need - to change this parameter.</para> - - <para>Default : <command moreinfo="none">min protocol = CORE</command></para> - <para>Example : <command moreinfo="none">min protocol = NT1</command> # disable DOS - clients</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/minwinsttl.xml b/docs/docbook/smbdotconf/protocol/minwinsttl.xml deleted file mode 100644 index e67c253f2e..0000000000 --- a/docs/docbook/smbdotconf/protocol/minwinsttl.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINWINSTTL"/>min wins ttl (G)</term> - <listitem><para>This option tells <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> - when acting as a WINS server (<link linkend="WINSSUPPORT"><parameter moreinfo="none"> - wins support = yes</parameter></link>) what the minimum 'time to live' - of NetBIOS names that <command moreinfo="none">nmbd</command> will grant will be (in - seconds). You should never need to change this parameter. The default - is 6 hours (21600 seconds).</para> - - <para>Default: <command moreinfo="none">min wins ttl = 21600</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml deleted file mode 100644 index a5dd893902..0000000000 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ /dev/null @@ -1,47 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NAMERESOLVEORDER"/>name resolve order (G)</term> - <listitem><para>This option is used by the programs in the Samba - suite to determine what naming services to use and in what order - to resolve host names to IP addresses. The option takes a space - separated string of name resolution options.</para> - - <para>The options are :"lmhosts", "host", "wins" and "bcast". They - cause names to be resolved as follows :</para> - - <itemizedlist> - <listitem><para><constant>lmhosts</constant> : Lookup an IP - address in the Samba lmhosts file. If the line in lmhosts has - no name type attached to the NetBIOS name (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> for details) then - any name type matches for lookup.</para></listitem> - - <listitem><para><constant>host</constant> : Do a standard host - name to IP address resolution, using the system <filename moreinfo="none">/etc/hosts - </filename>, NIS, or DNS lookups. This method of name resolution - is operating system depended for instance on IRIX or Solaris this - may be controlled by the <filename moreinfo="none">/etc/nsswitch.conf</filename> - file. Note that this method is only used if the NetBIOS name - type being queried is the 0x20 (server) name type, otherwise - it is ignored.</para></listitem> - - <listitem><para><constant>wins</constant> : Query a name with - the IP address listed in the <link linkend="WINSSERVER"><parameter moreinfo="none"> - wins server</parameter></link> parameter. If no WINS server has - been specified this method will be ignored.</para></listitem> - - <listitem><para><constant>bcast</constant> : Do a broadcast on - each of the known local interfaces listed in the <link linkend="INTERFACES"><parameter moreinfo="none">interfaces</parameter></link> - parameter. This is the least reliable of the name resolution - methods as it depends on the target host being on a locally - connected subnet.</para></listitem> - </itemizedlist> - - <para>Default: <command moreinfo="none">name resolve order = lmhosts host wins bcast - </command></para> - <para>Example: <command moreinfo="none">name resolve order = lmhosts bcast host - </command></para> - - <para>This will cause the local lmhosts file to be examined - first, followed by a broadcast attempt, followed by a normal - system hostname lookup.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/ntaclsupport.xml b/docs/docbook/smbdotconf/protocol/ntaclsupport.xml deleted file mode 100644 index df0d8dc068..0000000000 --- a/docs/docbook/smbdotconf/protocol/ntaclsupport.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTACLSUPPORT"/>nt acl support (S)</term> - <listitem><para>This boolean parameter controls whether - <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map - UNIX permissions into Windows NT access control lists. - This parameter was formally a global parameter in releases - prior to 2.2.2.</para> - - <para>Default: <command moreinfo="none">nt acl support = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/ntpipesupport.xml b/docs/docbook/smbdotconf/protocol/ntpipesupport.xml deleted file mode 100644 index cab2032847..0000000000 --- a/docs/docbook/smbdotconf/protocol/ntpipesupport.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTPIPESUPPORT"/>nt pipe support (G)</term> - <listitem><para>This boolean parameter controls whether - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will allow Windows NT - clients to connect to the NT SMB specific <constant>IPC$</constant> - pipes. This is a developer debugging option and can be left - alone.</para> - - <para>Default: <command moreinfo="none">nt pipe support = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/ntstatussupport.xml b/docs/docbook/smbdotconf/protocol/ntstatussupport.xml deleted file mode 100644 index 17dafa47c5..0000000000 --- a/docs/docbook/smbdotconf/protocol/ntstatussupport.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTSTATUSSUPPORT"/>nt status support (G)</term> - <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status - support with Windows NT/2k/XP clients. This is a developer - debugging option and should be left alone. - If this option is set to <constant>no</constant> then Samba offers - exactly the same DOS error codes that versions prior to Samba 2.2.3 - reported.</para> - - <para>You should not need to ever disable this parameter.</para> - - <para>Default: <command moreinfo="none">nt status support = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/protocol.xml b/docs/docbook/smbdotconf/protocol/protocol.xml deleted file mode 100644 index 5161806cfc..0000000000 --- a/docs/docbook/smbdotconf/protocol/protocol.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PROTOCOL"/>protocol (G)</term> - <listitem><para>Synonym for <link linkend="MAXPROTOCOL"> - <parameter moreinfo="none">max protocol</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/readbmpx.xml b/docs/docbook/smbdotconf/protocol/readbmpx.xml deleted file mode 100644 index 0bc8f1d10b..0000000000 --- a/docs/docbook/smbdotconf/protocol/readbmpx.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READBMPX"/>read bmpx (G)</term> - <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will support the "Read - Block Multiplex" SMB. This is now rarely used and defaults to - <constant>no</constant>. You should never need to set this - parameter.</para> - - <para>Default: <command moreinfo="none">read bmpx = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/readraw.xml b/docs/docbook/smbdotconf/protocol/readraw.xml deleted file mode 100644 index b867816e84..0000000000 --- a/docs/docbook/smbdotconf/protocol/readraw.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READRAW"/>read raw (G)</term> - <listitem><para>This parameter controls whether or not the server - will support the raw read SMB requests when transferring data - to clients.</para> - - <para>If enabled, raw reads allow reads of 65535 bytes in - one packet. This typically provides a major performance benefit. - </para> - - <para>However, some clients either negotiate the allowable - block size incorrectly or are incapable of supporting larger block - sizes, and for these clients you may need to disable raw reads.</para> - - <para>In general this parameter should be viewed as a system tuning - tool and left severely alone. See also <link linkend="WRITERAW"> - <parameter moreinfo="none">write raw</parameter></link>.</para> - - <para>Default: <command moreinfo="none">read raw = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/smbports.xml b/docs/docbook/smbdotconf/protocol/smbports.xml deleted file mode 100644 index ed088ab9d2..0000000000 --- a/docs/docbook/smbdotconf/protocol/smbports.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SMBPORTS"/>smb ports (G)</term> - <listitem><para>Specifies which ports the server should listen on - for SMB traffic. - </para> - - <para>Default: <command moreinfo="none">smb ports = 445 139</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/timeserver.xml b/docs/docbook/smbdotconf/protocol/timeserver.xml deleted file mode 100644 index eb1a720a8d..0000000000 --- a/docs/docbook/smbdotconf/protocol/timeserver.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TIMESERVER"/>time server (G)</term> - <listitem><para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> advertises itself as a time server to Windows - clients.</para> - - <para>Default: <command moreinfo="none">time server = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/unicode.xml b/docs/docbook/smbdotconf/protocol/unicode.xml deleted file mode 100644 index 866dad28a0..0000000000 --- a/docs/docbook/smbdotconf/protocol/unicode.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UNICODE"/>unicode (G)</term> - <listitem><para>Specifies whether Samba should try - to use unicode on the wire by default. Note: This does NOT - mean that samba will assume that the unix machine uses unicode! - </para> - - <para>Default: <command moreinfo="none">unicode = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/unixextensions.xml b/docs/docbook/smbdotconf/protocol/unixextensions.xml deleted file mode 100644 index d0adde9d27..0000000000 --- a/docs/docbook/smbdotconf/protocol/unixextensions.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UNIXEXTENSIONS"/>unix extensions(G)</term> - <listitem><para>This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. - These extensions enable Samba to better serve UNIX CIFS clients - by supporting features such as symbolic links, hard links, etc... - These extensions require a similarly enabled client, and are of - no current use to Windows clients.</para> - - <para>Default: <command moreinfo="none">unix extensions = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/usespnego.xml b/docs/docbook/smbdotconf/protocol/usespnego.xml deleted file mode 100644 index 9e3c873a4b..0000000000 --- a/docs/docbook/smbdotconf/protocol/usespnego.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USESPNEGO"/>use spnego (G)</term> - <listitem><para> This variable controls controls whether samba will try - to use Simple and Protected NEGOciation (as specified by rfc2478) with - WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism. - Unless further issues are discovered with our SPNEGO - implementation, there is no reason this should ever be - disabled.</para> - <para>Default: <emphasis>use spnego = yes</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/protocol/writeraw.xml b/docs/docbook/smbdotconf/protocol/writeraw.xml deleted file mode 100644 index dbaad0130e..0000000000 --- a/docs/docbook/smbdotconf/protocol/writeraw.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITERAW"/>write raw (G)</term> - <listitem><para>This parameter controls whether or not the server - will support raw write SMB's when transferring data from clients. - You should never need to change this parameter.</para> - - <para>Default: <command moreinfo="none">write raw = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/adminusers.xml b/docs/docbook/smbdotconf/security/adminusers.xml deleted file mode 100644 index 2e1abaf6e1..0000000000 --- a/docs/docbook/smbdotconf/security/adminusers.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ADMINUSERS"/>admin users (S)</term> - <listitem><para>This is a list of users who will be granted - administrative privileges on the share. This means that they - will do all file operations as the super-user (root).</para> - - <para>You should use this option very carefully, as any user in - this list will be able to do anything they like on the share, - irrespective of file permissions.</para> - - <para>Default: <emphasis>no admin users</emphasis></para> - - <para>Example: <command moreinfo="none">admin users = jason</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/algorithmicridbase.xml b/docs/docbook/smbdotconf/security/algorithmicridbase.xml deleted file mode 100644 index 3c2bf8686e..0000000000 --- a/docs/docbook/smbdotconf/security/algorithmicridbase.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ALGORITHMICRIDBASE"/>algorithmic rid base (G)</term> - <listitem><para>This determines how Samba will use its - algorithmic mapping from uids/gid to the RIDs needed to construct - NT Security Identifiers.</para> - - <para>Setting this option to a larger value could be useful to sites - transitioning from WinNT and Win2k, as existing user and - group rids would otherwise clash with sytem users etc. - </para> - - <para>All UIDs and GIDs must be able to be resolved into SIDs for - the correct operation of ACLs on the server. As such the algorithmic - mapping can't be 'turned off', but pushing it 'out of the way' should - resolve the issues. Users and groups can then be assigned 'low' RIDs - in arbitary-rid supporting backends. </para> - - <para>Default: <command moreinfo="none">algorithmic rid base = 1000</command></para> - - <para>Example: <command moreinfo="none">algorithmic rid base = 100000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/allowhosts.xml b/docs/docbook/smbdotconf/security/allowhosts.xml deleted file mode 100644 index 7fd2f426f8..0000000000 --- a/docs/docbook/smbdotconf/security/allowhosts.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ALLOWHOSTS"/>allow hosts (S)</term> - <listitem><para>Synonym for <link linkend="HOSTSALLOW"> - <parameter moreinfo="none">hosts allow</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml deleted file mode 100644 index 35dcd76cbd..0000000000 --- a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml +++ /dev/null @@ -1,22 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ALLOWTRUSTEDDOMAINS"/>allow trusted domains (G)</term> - <listitem><para>This option only takes effect when the <link linkend="SECURITY"><parameter moreinfo="none">security</parameter></link> option is set to - <constant>server</constant> or <constant>domain</constant>. - If it is set to no, then attempts to connect to a resource from - a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running - in will fail, even if that domain is trusted by the remote server - doing the authentication.</para> - - <para>This is useful if you only want your Samba server to - serve resources to users in the domain it is a member of. As - an example, suppose that there are two domains DOMA and DOMB. DOMB - is trusted by DOMA, which contains the Samba server. Under normal - circumstances, a user with an account in DOMB can then access the - resources of a UNIX account with the same account name on the - Samba server even if they do not have an account in DOMA. This - can make implementing a security boundary difficult.</para> - - <para>Default: <command moreinfo="none">allow trusted domains = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/authmethods.xml b/docs/docbook/smbdotconf/security/authmethods.xml deleted file mode 100644 index 2e569558a0..0000000000 --- a/docs/docbook/smbdotconf/security/authmethods.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="AUTHMETHODS"/>auth methods (G)</term> - <listitem><para>This option allows the administrator to chose what - authentication methods <command moreinfo="none">smbd</command> will use when authenticating - a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link>. - - Each entry in the list attempts to authenticate the user in turn, until - the user authenticates. In practice only one method will ever actually - be able to complete the authentication. - </para> - - <para>Default: <command moreinfo="none">auth methods = <empty string></command></para> - <para>Example: <command moreinfo="none">auth methods = guest sam ntdomain</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/createmask.xml b/docs/docbook/smbdotconf/security/createmask.xml deleted file mode 100644 index 9a197bf7c3..0000000000 --- a/docs/docbook/smbdotconf/security/createmask.xml +++ /dev/null @@ -1,39 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CREATEMASK"/>create mask (S)</term> - <listitem><para>A synonym for this parameter is - <link linkend="CREATEMODE"><parameter moreinfo="none">create mode</parameter> - </link>.</para> - - <para>When a file is created, the necessary permissions are - calculated according to the mapping from DOS modes to UNIX - permissions, and the resulting UNIX mode is then bit-wise 'AND'ed - with this parameter. This parameter may be thought of as a bit-wise - MASK for the UNIX modes of a file. Any bit <emphasis>not</emphasis> - set here will be removed from the modes set on a file when it is - created.</para> - - <para>The default value of this parameter removes the - 'group' and 'other' write and execute bits from the UNIX modes.</para> - - <para>Following this Samba will bit-wise 'OR' the UNIX mode created - from this parameter with the value of the <link linkend="FORCECREATEMODE"><parameter moreinfo="none">force create mode</parameter></link> - parameter which is set to 000 by default.</para> - - <para>This parameter does not affect directory modes. See the - parameter <link linkend="DIRECTORYMODE"><parameter moreinfo="none">directory mode - </parameter></link> for details.</para> - - <para>See also the <link linkend="FORCECREATEMODE"><parameter moreinfo="none">force - create mode</parameter></link> parameter for forcing particular mode - bits to be set on created files. See also the <link linkend="DIRECTORYMODE"> - <parameter moreinfo="none">directory mode</parameter></link> parameter for masking - mode bits on created directories. See also the <link linkend="INHERITPERMISSIONS"> - <parameter moreinfo="none">inherit permissions</parameter></link> parameter.</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link linkend="SECURITYMASK"><parameter moreinfo="none">security mask</parameter></link>.</para> - - <para>Default: <command moreinfo="none">create mask = 0744</command></para> - <para>Example: <command moreinfo="none">create mask = 0775</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/createmode.xml b/docs/docbook/smbdotconf/security/createmode.xml deleted file mode 100644 index 7e78ab0181..0000000000 --- a/docs/docbook/smbdotconf/security/createmode.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CREATEMODE"/>create mode (S)</term> - <listitem><para>This is a synonym for <link linkend="CREATEMASK"><parameter moreinfo="none"> - create mask</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/denyhosts.xml b/docs/docbook/smbdotconf/security/denyhosts.xml deleted file mode 100644 index f50fb33d33..0000000000 --- a/docs/docbook/smbdotconf/security/denyhosts.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DENYHOSTS"/>deny hosts (S)</term> - <listitem><para>Synonym for <link linkend="HOSTSDENY"><parameter moreinfo="none">hosts - deny</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/directorymask.xml b/docs/docbook/smbdotconf/security/directorymask.xml deleted file mode 100644 index 0844733ede..0000000000 --- a/docs/docbook/smbdotconf/security/directorymask.xml +++ /dev/null @@ -1,43 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DIRECTORYMASK"/>directory mask (S)</term> - <listitem><para>This parameter is the octal modes which are - used when converting DOS modes to UNIX modes when creating UNIX - directories.</para> - - <para>When a directory is created, the necessary permissions are - calculated according to the mapping from DOS modes to UNIX permissions, - and the resulting UNIX mode is then bit-wise 'AND'ed with this - parameter. This parameter may be thought of as a bit-wise MASK for - the UNIX modes of a directory. Any bit <emphasis>not</emphasis> set - here will be removed from the modes set on a directory when it is - created.</para> - - <para>The default value of this parameter removes the 'group' - and 'other' write bits from the UNIX mode, allowing only the - user who owns the directory to modify it.</para> - - <para>Following this Samba will bit-wise 'OR' the UNIX mode - created from this parameter with the value of the <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force directory mode - </parameter></link> parameter. This parameter is set to 000 by - default (i.e. no extra mode bits are added).</para> - - <para>Note that this parameter does not apply to permissions - set by Windows NT/2000 ACL editors. If the administrator wishes to enforce - a mask on access control lists also, they need to set the <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory security mask</parameter></link>.</para> - - <para>See the <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force - directory mode</parameter></link> parameter to cause particular mode - bits to always be set on created directories.</para> - - <para>See also the <link linkend="CREATEMODE"><parameter moreinfo="none">create mode - </parameter></link> parameter for masking mode bits on created files, - and the <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory - security mask</parameter></link> parameter.</para> - - <para>Also refer to the <link linkend="INHERITPERMISSIONS"><parameter moreinfo="none"> - inherit permissions</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">directory mask = 0755</command></para> - <para>Example: <command moreinfo="none">directory mask = 0775</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/directorymode.xml b/docs/docbook/smbdotconf/security/directorymode.xml deleted file mode 100644 index 9678cd91ad..0000000000 --- a/docs/docbook/smbdotconf/security/directorymode.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DIRECTORYMODE"/>directory mode (S)</term> - <listitem><para>Synonym for <link linkend="DIRECTORYMASK"><parameter moreinfo="none"> - directory mask</parameter></link></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/directorysecuritymask.xml b/docs/docbook/smbdotconf/security/directorysecuritymask.xml deleted file mode 100644 index 76d153f6f4..0000000000 --- a/docs/docbook/smbdotconf/security/directorysecuritymask.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DIRECTORYSECURITYMASK"/>directory security mask (S)</term> - <listitem><para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog - box.</para> - - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> - - <para>If not set explicitly this parameter is set to 0777 - meaning a user is allowed to modify all the user/group/world - permissions on a directory.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it as the default of <constant>0777</constant>.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none"> - force directory security mode</parameter></link>, <link linkend="SECURITYMASK"><parameter moreinfo="none">security mask</parameter></link>, - <link linkend="FORCESECURITYMODE"><parameter moreinfo="none">force security mode - </parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">directory security mask = 0777</command></para> - <para>Example: <command moreinfo="none">directory security mask = 0700</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/encryptpasswords.xml b/docs/docbook/smbdotconf/security/encryptpasswords.xml deleted file mode 100644 index d7ceb8d598..0000000000 --- a/docs/docbook/smbdotconf/security/encryptpasswords.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ENCRYPTPASSWORDS"/>encrypt passwords (G)</term> - <listitem><para>This boolean controls whether encrypted passwords - will be negotiated with the client. Note that Windows NT 4.0 SP3 and - above and also Windows 98 will by default expect encrypted passwords - unless a registry entry is changed. To use encrypted passwords in - Samba see the file ENCRYPTION.txt in the Samba documentation - directory <filename moreinfo="none">docs/</filename> shipped with the source code.</para> - - <para>In order for encrypted passwords to work correctly - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> must either - have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program for information on how to set up - and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which - causes <command moreinfo="none">smbd</command> to authenticate against another - server.</para> - - <para>Default: <command moreinfo="none">encrypt passwords = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcecreatemode.xml b/docs/docbook/smbdotconf/security/forcecreatemode.xml deleted file mode 100644 index 238340d7c5..0000000000 --- a/docs/docbook/smbdotconf/security/forcecreatemode.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCECREATEMODE"/>force create mode (S)</term> - <listitem><para>This parameter specifies a set of UNIX mode bit - permissions that will <emphasis>always</emphasis> be set on a - file created by Samba. This is done by bitwise 'OR'ing these bits onto - the mode bits of a file that is being created or having its - permissions changed. The default for this parameter is (in octal) - 000. The modes in this parameter are bitwise 'OR'ed onto the file - mode after the mask set in the <parameter moreinfo="none">create mask</parameter> - parameter is applied.</para> - - <para>See also the parameter <link linkend="CREATEMASK"><parameter moreinfo="none">create - mask</parameter></link> for details on masking mode bits on files.</para> - - <para>See also the <link linkend="INHERITPERMISSIONS"><parameter moreinfo="none">inherit - permissions</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">force create mode = 000</command></para> - <para>Example: <command moreinfo="none">force create mode = 0755</command></para> - - <para>would force all created files to have read and execute - permissions set for 'group' and 'other' as well as the - read/write/execute bits set for the 'user'.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcedirectorymode.xml b/docs/docbook/smbdotconf/security/forcedirectorymode.xml deleted file mode 100644 index 460a7fc6f2..0000000000 --- a/docs/docbook/smbdotconf/security/forcedirectorymode.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEDIRECTORYMODE"/>force directory mode (S)</term> - <listitem><para>This parameter specifies a set of UNIX mode bit - permissions that will <emphasis>always</emphasis> be set on a directory - created by Samba. This is done by bitwise 'OR'ing these bits onto the - mode bits of a directory that is being created. The default for this - parameter is (in octal) 0000 which will not add any extra permission - bits to a created directory. This operation is done after the mode - mask in the parameter <parameter moreinfo="none">directory mask</parameter> is - applied.</para> - - <para>See also the parameter <link linkend="DIRECTORYMASK"><parameter moreinfo="none"> - directory mask</parameter></link> for details on masking mode bits - on created directories.</para> - - <para>See also the <link linkend="INHERITPERMISSIONS"><parameter moreinfo="none"> - inherit permissions</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">force directory mode = 000</command></para> - <para>Example: <command moreinfo="none">force directory mode = 0755</command></para> - - <para>would force all created directories to have read and execute - permissions set for 'group' and 'other' as well as the - read/write/execute bits set for the 'user'.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcedirectorysecuritymode.xml b/docs/docbook/smbdotconf/security/forcedirectorysecuritymode.xml deleted file mode 100644 index a01b297b05..0000000000 --- a/docs/docbook/smbdotconf/security/forcedirectorysecuritymode.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEDIRECTORYSECURITYMODE"/>force directory security mode (S)</term> - <listitem><para>This parameter controls what UNIX permission bits - can be modified when a Windows NT client is manipulating the UNIX - permission on a directory using the native NT security dialog box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a directory, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is 000, which - allows a user to modify all the user/group/world permissions on a - directory without restrictions.</para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - it set as 0000.</para> - - <para>See also the <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none"> - directory security mask</parameter></link>, <link linkend="SECURITYMASK"> - <parameter moreinfo="none">security mask</parameter></link>, - <link linkend="FORCESECURITYMODE"><parameter moreinfo="none">force security mode - </parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">force directory security mode = 0</command></para> - <para>Example: <command moreinfo="none">force directory security mode = 700</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcegroup.xml b/docs/docbook/smbdotconf/security/forcegroup.xml deleted file mode 100644 index abfec79e03..0000000000 --- a/docs/docbook/smbdotconf/security/forcegroup.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEGROUP"/>force group (S)</term> - <listitem><para>This specifies a UNIX group name that will be - assigned as the default primary group for all users connecting - to this service. This is useful for sharing files by ensuring - that all access to files on service will use the named group for - their permissions checking. Thus, by assigning permissions for this - group to the files and directories within this service the Samba - administrator can restrict or allow sharing of these files.</para> - - <para>In Samba 2.0.5 and above this parameter has extended - functionality in the following way. If the group name listed here - has a '+' character prepended to it then the current user accessing - the share only has the primary group default assigned to this group - if they are already assigned as a member of that group. This allows - an administrator to decide that only users who are already in a - particular group will create files with group ownership set to that - group. This gives a finer granularity of ownership assignment. For - example, the setting <filename moreinfo="none">force group = +sys</filename> means - that only users who are already in group sys will have their default - primary group assigned to sys when accessing this Samba share. All - other users will retain their ordinary primary group.</para> - - <para>If the <link linkend="FORCEUSER"><parameter moreinfo="none">force user - </parameter></link> parameter is also set the group specified in - <parameter moreinfo="none">force group</parameter> will override the primary group - set in <parameter moreinfo="none">force user</parameter>.</para> - - <para>See also <link linkend="FORCEUSER"><parameter moreinfo="none">force - user</parameter></link>.</para> - - <para>Default: <emphasis>no forced group</emphasis></para> - <para>Example: <command moreinfo="none">force group = agroup</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forcesecuritymode.xml b/docs/docbook/smbdotconf/security/forcesecuritymode.xml deleted file mode 100644 index 2db50f1ce3..0000000000 --- a/docs/docbook/smbdotconf/security/forcesecuritymode.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCESECURITYMODE"/>force security mode (S)</term> - <listitem><para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security dialog - box.</para> - - <para>This parameter is applied as a mask (OR'ed with) to the - changed permission bits, thus forcing any bits in this mask that - the user may have modified to be on. Essentially, one bits in this - mask may be treated as a set of bits that, when modifying security - on a file, the user has always set to be 'on'.</para> - - <para>If not set explicitly this parameter is set to 0, - and allows a user to modify all the user/group/world permissions on a file, - with no restrictions.</para> - - <para><emphasis>Note</emphasis> that users who can access - the Samba server through other means can easily bypass this restriction, - so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to leave - this set to 0000.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"><parameter moreinfo="none"> - force directory security mode</parameter></link>, - <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory security - mask</parameter></link>, <link linkend="SECURITYMASK"><parameter moreinfo="none"> - security mask</parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">force security mode = 0</command></para> - <para>Example: <command moreinfo="none">force security mode = 700</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/forceuser.xml b/docs/docbook/smbdotconf/security/forceuser.xml deleted file mode 100644 index 4747db13fe..0000000000 --- a/docs/docbook/smbdotconf/security/forceuser.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="FORCEUSER"/>force user (S)</term> - <listitem><para>This specifies a UNIX user name that will be - assigned as the default user for all users connecting to this service. - This is useful for sharing files. You should also use it carefully - as using it incorrectly can cause security problems.</para> - - <para>This user name only gets used once a connection is established. - Thus clients still need to connect as a valid user and supply a - valid password. Once connected, all file operations will be performed - as the "forced user", no matter what username the client connected - as. This can be very useful.</para> - - <para>In Samba 2.0.5 and above this parameter also causes the - primary group of the forced user to be used as the primary group - for all file activity. Prior to 2.0.5 the primary group was left - as the primary group of the connecting user (this was a bug).</para> - - <para>See also <link linkend="FORCEGROUP"><parameter moreinfo="none">force group - </parameter></link></para> - - <para>Default: <emphasis>no forced user</emphasis></para> - <para>Example: <command moreinfo="none">force user = auser</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/group.xml b/docs/docbook/smbdotconf/security/group.xml deleted file mode 100644 index afc410ce34..0000000000 --- a/docs/docbook/smbdotconf/security/group.xml +++ /dev/null @@ -1,5 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GROUP"/>group (S)</term> - <listitem><para>Synonym for <link linkend="FORCEGROUP"><parameter moreinfo="none">force - group</parameter></link>.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/guestaccount.xml b/docs/docbook/smbdotconf/security/guestaccount.xml deleted file mode 100644 index ab15c4460d..0000000000 --- a/docs/docbook/smbdotconf/security/guestaccount.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GUESTACCOUNT"/>guest account (S)</term> - <listitem><para>This is a username which will be used for access - to services which are specified as <link linkend="GUESTOK"><parameter moreinfo="none"> - guest ok</parameter></link> (see below). Whatever privileges this - user has will be available to any client connecting to the guest service. - Typically this user will exist in the password file, but will not - have a valid login. The user account "ftp" is often a good choice - for this parameter. If a username is specified in a given service, - the specified username overrides this one.</para> - - <para>One some systems the default guest account "nobody" may not - be able to print. Use another account in this case. You should test - this by trying to log in as your guest user (perhaps by using the - <command moreinfo="none">su -</command> command) and trying to print using the - system print command such as <command moreinfo="none">lpr(1)</command> or <command moreinfo="none"> - lp(1)</command>.</para> - - <para>This parameter does not accept % macros, because - many parts of the system require this value to be - constant for correct operation.</para> - - <para>Default: <emphasis>specified at compile time, usually - "nobody"</emphasis></para> - - <para>Example: <command moreinfo="none">guest account = ftp</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/guestok.xml b/docs/docbook/smbdotconf/security/guestok.xml deleted file mode 100644 index 2b7a8cee8a..0000000000 --- a/docs/docbook/smbdotconf/security/guestok.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GUESTOK"/>guest ok (S)</term> - <listitem><para>If this parameter is <constant>yes</constant> for - a service, then no password is required to connect to the service. - Privileges will be those of the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> - guest account</parameter></link>.</para> - - <para>This paramater nullifies the benifits of setting - <link linkend="RESTRICTANONYMOUS"><parameter moreinfo="none">restrict - anonymous</parameter></link> = 2</para> - - <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link> for more information about this option. - </para> - - <para>Default: <command moreinfo="none">guest ok = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/guestonly.xml b/docs/docbook/smbdotconf/security/guestonly.xml deleted file mode 100644 index ac7f62ad68..0000000000 --- a/docs/docbook/smbdotconf/security/guestonly.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GUESTONLY"/>guest only (S)</term> - <listitem><para>If this parameter is <constant>yes</constant> for - a service, then only guest connections to the service are permitted. - This parameter will have no effect if <link linkend="GUESTOK"> - <parameter moreinfo="none">guest ok</parameter></link> is not set for the service.</para> - - <para>See the section below on <link linkend="SECURITY"><parameter moreinfo="none"> - security</parameter></link> for more information about this option. - </para> - - <para>Default: <command moreinfo="none">guest only = no</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/hostsallow.xml b/docs/docbook/smbdotconf/security/hostsallow.xml deleted file mode 100644 index ea91b73903..0000000000 --- a/docs/docbook/smbdotconf/security/hostsallow.xml +++ /dev/null @@ -1,60 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSALLOW"/>hosts allow (S)</term> - <listitem><para>A synonym for this parameter is <parameter moreinfo="none">allow - hosts</parameter>.</para> - - <para>This parameter is a comma, space, or tab delimited - set of hosts which are permitted to access a service.</para> - - <para>If specified in the [global] section then it will - apply to all services, regardless of whether the individual - service has a different setting.</para> - - <para>You can specify the hosts by name or IP number. For - example, you could restrict access to only the hosts on a - Class C subnet with something like <command moreinfo="none">allow hosts = 150.203.5. - </command>. The full syntax of the list is described in the man - page <filename moreinfo="none">hosts_access(5)</filename>. Note that this man - page may not be present on your system, so a brief description will - be given here also.</para> - - <para>Note that the localhost address 127.0.0.1 will always - be allowed access unless specifically denied by a <link linkend="HOSTSDENY"><parameter moreinfo="none">hosts deny</parameter></link> option.</para> - - <para>You can also specify hosts by network/netmask pairs and - by netgroup names if your system supports netgroups. The - <emphasis>EXCEPT</emphasis> keyword can also be used to limit a - wildcard list. The following examples may provide some help:</para> - - <para>Example 1: allow all IPs in 150.203.*.*; except one</para> - - <para><command moreinfo="none">hosts allow = 150.203. EXCEPT 150.203.6.66</command></para> - - <para>Example 2: allow hosts that match the given network/netmask</para> - - <para><command moreinfo="none">hosts allow = 150.203.15.0/255.255.255.0</command></para> - - <para>Example 3: allow a couple of hosts</para> - - <para><command moreinfo="none">hosts allow = lapland, arvidsjaur</command></para> - - <para>Example 4: allow only hosts in NIS netgroup "foonet", but - deny access from one particular host</para> - - <para><command moreinfo="none">hosts allow = @foonet</command></para> - - <para><command moreinfo="none">hosts deny = pirate</command></para> - - <para>Note that access still requires suitable user-level passwords.</para> - - <para>See <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry> for a way of testing your host access - to see if it does what you expect.</para> - - <para>Default: <emphasis>none (i.e., all hosts permitted access) - </emphasis></para> - - <para>Example: <command moreinfo="none">allow hosts = 150.203.5. myhost.mynet.edu.au - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/hostsdeny.xml b/docs/docbook/smbdotconf/security/hostsdeny.xml deleted file mode 100644 index f37e2b7e4d..0000000000 --- a/docs/docbook/smbdotconf/security/hostsdeny.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSDENY"/>hosts deny (S)</term> - <listitem><para>The opposite of <parameter moreinfo="none">hosts allow</parameter> - - hosts listed here are <emphasis>NOT</emphasis> permitted access to - services unless the specific services have their own lists to override - this one. Where the lists conflict, the <parameter moreinfo="none">allow</parameter> - list takes precedence.</para> - - <para>Default: <emphasis>none (i.e., no hosts specifically excluded) - </emphasis></para> - - <para>Example: <command moreinfo="none">hosts deny = 150.203.4. badhost.mynet.edu.au - </command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/hostsequiv.xml b/docs/docbook/smbdotconf/security/hostsequiv.xml deleted file mode 100644 index 084d8268ef..0000000000 --- a/docs/docbook/smbdotconf/security/hostsequiv.xml +++ /dev/null @@ -1,26 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTSEQUIV"/>hosts equiv (G)</term> - <listitem><para>If this global parameter is a non-null string, - it specifies the name of a file to read for the names of hosts - and users who will be allowed access without specifying a password. - </para> - - <para>This is not be confused with <link linkend="HOSTSALLOW"> - <parameter moreinfo="none">hosts allow</parameter></link> which is about hosts - access to services and is more useful for guest services. <parameter moreinfo="none"> - hosts equiv</parameter> may be useful for NT clients which will - not supply passwords to Samba.</para> - - <note><para>The use of <parameter moreinfo="none">hosts equiv - </parameter> can be a major security hole. This is because you are - trusting the PC to supply the correct username. It is very easy to - get a PC to supply a false username. I recommend that the - <parameter moreinfo="none">hosts equiv</parameter> option be only used if you really - know what you are doing, or perhaps on a home network where you trust - your spouse and kids. And only if you <emphasis>really</emphasis> trust - them :-).</para></note> - - <para>Default: <emphasis>no host equivalences</emphasis></para> - <para>Example: <command moreinfo="none">hosts equiv = /etc/hosts.equiv</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/inheritacls.xml b/docs/docbook/smbdotconf/security/inheritacls.xml deleted file mode 100644 index f70c0d9165..0000000000 --- a/docs/docbook/smbdotconf/security/inheritacls.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INHERITACLS"/>inherit acls (S)</term> - <listitem><para>This parameter can be used to ensure - that if default acls exist on parent directories, - they are always honored when creating a subdirectory. - The default behavior is to use the mode specified - when creating the directory. Enabling this option - sets the mode to 0777, thus guaranteeing that - default directory acls are propagated. - </para> - - <para>Default: <command moreinfo="none">inherit acls = no</command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/inheritpermissions.xml b/docs/docbook/smbdotconf/security/inheritpermissions.xml deleted file mode 100644 index 34fade33d0..0000000000 --- a/docs/docbook/smbdotconf/security/inheritpermissions.xml +++ /dev/null @@ -1,36 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INHERITPERMISSIONS"/>inherit permissions (S)</term> - <listitem><para>The permissions on new files and directories - are normally governed by <link linkend="CREATEMASK"><parameter moreinfo="none"> - create mask</parameter></link>, <link linkend="DIRECTORYMASK"> - <parameter moreinfo="none">directory mask</parameter></link>, <link linkend="FORCECREATEMODE"><parameter moreinfo="none">force create mode</parameter> - </link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force - directory mode</parameter></link> but the boolean inherit - permissions parameter overrides this.</para> - - <para>New directories inherit the mode of the parent directory, - including bits such as setgid.</para> - - <para>New files inherit their read/write bits from the parent - directory. Their execute bits continue to be determined by - <link linkend="MAPARCHIVE"><parameter moreinfo="none">map archive</parameter> - </link>, <link linkend="MAPHIDDEN"><parameter moreinfo="none">map hidden</parameter> - </link> and <link linkend="MAPSYSTEM"><parameter moreinfo="none">map system</parameter> - </link> as usual.</para> - - <para>Note that the setuid bit is <emphasis>never</emphasis> set via - inheritance (the code explicitly prohibits this).</para> - - <para>This can be particularly useful on large systems with - many users, perhaps several thousand, to allow a single [homes] - share to be used flexibly by each user.</para> - - <para>See also <link linkend="CREATEMASK"><parameter moreinfo="none">create mask - </parameter></link>, <link linkend="DIRECTORYMASK"><parameter moreinfo="none"> - directory mask</parameter></link>, <link linkend="FORCECREATEMODE"> - <parameter moreinfo="none">force create mode</parameter></link> and <link linkend="FORCEDIRECTORYMODE"><parameter moreinfo="none">force directory mode</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">inherit permissions = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/invalidusers.xml b/docs/docbook/smbdotconf/security/invalidusers.xml deleted file mode 100644 index 34e534ff28..0000000000 --- a/docs/docbook/smbdotconf/security/invalidusers.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="INVALIDUSERS"/>invalid users (S)</term> - <listitem><para>This is a list of users that should not be allowed - to login to this service. This is really a <emphasis>paranoid</emphasis> - check to absolutely ensure an improper setting does not breach - your security.</para> - - <para>A name starting with a '@' is interpreted as an NIS - netgroup first (if your system supports NIS), and then as a UNIX - group if the name was not found in the NIS netgroup database.</para> - - <para>A name starting with '+' is interpreted only - by looking in the UNIX group database. A name starting with - '&' is interpreted only by looking in the NIS netgroup database - (this requires NIS to be working on your system). The characters - '+' and '&' may be used at the start of the name in either order - so the value <parameter moreinfo="none">+&group</parameter> means check the - UNIX group database, followed by the NIS netgroup database, and - the value <parameter moreinfo="none">&+group</parameter> means check the NIS - netgroup database, followed by the UNIX group database (the - same as the '@' prefix).</para> - - <para>The current servicename is substituted for <parameter moreinfo="none">%S</parameter>. - This is useful in the [homes] section.</para> - - <para>See also <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users - </parameter></link>.</para> - - <para>Default: <emphasis>no invalid users</emphasis></para> - <para>Example: <command moreinfo="none">invalid users = root fred admin @wheel - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/lanmanauth.xml b/docs/docbook/smbdotconf/security/lanmanauth.xml deleted file mode 100644 index 851b1ae4ac..0000000000 --- a/docs/docbook/smbdotconf/security/lanmanauth.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="LANMANAUTH"/>lanman auth (G)</term> - <listitem><para>This parameter determines whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will attempt to authenticate users - using the LANMAN password hash. If disabled, only clients which support NT - password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not - Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> - - <para>Default : <command moreinfo="none">lanman auth = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/maptoguest.xml b/docs/docbook/smbdotconf/security/maptoguest.xml deleted file mode 100644 index 966260a9b1..0000000000 --- a/docs/docbook/smbdotconf/security/maptoguest.xml +++ /dev/null @@ -1,53 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAPTOGUEST"/>map to guest (G)</term> - <listitem><para>This parameter is only useful in <link linkend="SECURITY"> - security</link> modes other than <parameter moreinfo="none">security = share</parameter> - - i.e. <constant>user</constant>, <constant>server</constant>, - and <constant>domain</constant>.</para> - - <para>This parameter can take three different values, which tell - <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> what to do with user - login requests that don't match a valid UNIX user in some way.</para> - - <para>The three settings are :</para> - - <itemizedlist> - <listitem><para><constant>Never</constant> - Means user login - requests with an invalid password are rejected. This is the - default.</para></listitem> - - <listitem><para><constant>Bad User</constant> - Means user - logins with an invalid password are rejected, unless the username - does not exist, in which case it is treated as a guest login and - mapped into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none"> - guest account</parameter></link>.</para></listitem> - - <listitem><para><constant>Bad Password</constant> - Means user logins - with an invalid password are treated as a guest login and mapped - into the <link linkend="GUESTACCOUNT">guest account</link>. Note that - this can cause problems as it means that any user incorrectly typing - their password will be silently logged on as "guest" - and - will not know the reason they cannot access files they think - they should - there will have been no message given to them - that they got their password wrong. Helpdesk services will - <emphasis>hate</emphasis> you if you set the <parameter moreinfo="none">map to - guest</parameter> parameter this way :-).</para></listitem> - </itemizedlist> - - <para>Note that this parameter is needed to set up "Guest" - share services when using <parameter moreinfo="none">security</parameter> modes other than - share. This is because in these modes the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client so the server - cannot make authentication decisions at the correct time (connection - to the share) for "Guest" shares.</para> - - <para>For people familiar with the older Samba releases, this - parameter maps to the old compile-time setting of the <constant> - GUEST_SESSSETUP</constant> value in local.h.</para> - - <para>Default: <command moreinfo="none">map to guest = Never</command></para> - <para>Example: <command moreinfo="none">map to guest = Bad User</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/minpasswdlength.xml b/docs/docbook/smbdotconf/security/minpasswdlength.xml deleted file mode 100644 index 8e52b923fb..0000000000 --- a/docs/docbook/smbdotconf/security/minpasswdlength.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPASSWDLENGTH"/>min passwd length (G)</term> - <listitem><para>Synonym for <link linkend="MINPASSWORDLENGTH"> - <parameter moreinfo="none">min password length</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/minpasswordlength.xml b/docs/docbook/smbdotconf/security/minpasswordlength.xml deleted file mode 100644 index da1e65a55b..0000000000 --- a/docs/docbook/smbdotconf/security/minpasswordlength.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPASSWORDLENGTH"/>min password length (G)</term> - <listitem><para>This option sets the minimum length in characters - of a plaintext password that <command moreinfo="none">smbd</command> will accept when performing - UNIX password changing.</para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix - password sync</parameter></link>, <link linkend="PASSWDPROGRAM"> - <parameter moreinfo="none">passwd program</parameter></link> and <link linkend="PASSWDCHATDEBUG"><parameter moreinfo="none">passwd chat debug</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">min password length = 5</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/nonunixaccountrange.xml b/docs/docbook/smbdotconf/security/nonunixaccountrange.xml deleted file mode 100644 index baa9a783b0..0000000000 --- a/docs/docbook/smbdotconf/security/nonunixaccountrange.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NONUNIXACCOUNTRANGE"/>non unix account range (G)</term> - <listitem><para>The non unix account range parameter specifies - the range of 'user ids' that are allocated by the various 'non unix - account' passdb backends. These backends allow - the storage of passwords for users who don't exist in /etc/passwd. - This is most often used for machine account creation. - This range of ids should have no existing local or NIS users within - it as strange conflicts can occur otherwise.</para> - - <note><para>These userids never appear on the system and Samba will never - 'become' these users. They are used only to ensure that the algorithmic - RID mapping does not conflict with normal users. - </para></note> - - <para>Default: <command moreinfo="none">non unix account range = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">non unix account range = 10000-20000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/ntlmauth.xml b/docs/docbook/smbdotconf/security/ntlmauth.xml deleted file mode 100644 index a3b8caf062..0000000000 --- a/docs/docbook/smbdotconf/security/ntlmauth.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NTLMAUTH"/>ntlm auth (G)</term> - <listitem><para>This parameter determines - whether or not <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> will - attempt to authenticate users using the NTLM password hash. - If disabled, only the lanman password hashes will be used. - </para> - - <para>Please note that at least this option or <command moreinfo="none">lanman auth</command> should - be enabled in order to be able to log in. - </para> - - <para>Default : <command moreinfo="none">ntlm auth = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/nullpasswords.xml b/docs/docbook/smbdotconf/security/nullpasswords.xml deleted file mode 100644 index 40b687fceb..0000000000 --- a/docs/docbook/smbdotconf/security/nullpasswords.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NULLPASSWORDS"/>null passwords (G)</term> - <listitem><para>Allow or disallow client access to accounts - that have null passwords. </para> - - <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>.</para> - - <para>Default: <command moreinfo="none">null passwords = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/obeypamrestrictions.xml b/docs/docbook/smbdotconf/security/obeypamrestrictions.xml deleted file mode 100644 index 92a6bce22d..0000000000 --- a/docs/docbook/smbdotconf/security/obeypamrestrictions.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="OBEYPAMRESTRICTIONS"/>obey pam restrictions (G)</term> - <listitem><para>When Samba 2.2 is configured to enable PAM support - (i.e. --with-pam), this parameter will control whether or not Samba - should obey PAM's account and session management directives. The - default behavior is to use PAM for clear text authentication only - and to ignore any account or session management. Note that Samba - always ignores PAM for authentication in the case of <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypt passwords = yes</parameter> - </link>. The reason is that PAM modules cannot support the challenge/response - authentication mechanism needed in the presence of SMB password encryption. - </para> - - <para>Default: <command moreinfo="none">obey pam restrictions = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/onlyguest.xml b/docs/docbook/smbdotconf/security/onlyguest.xml deleted file mode 100644 index 018fa1a0b5..0000000000 --- a/docs/docbook/smbdotconf/security/onlyguest.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ONLYGUEST"/>only guest (S)</term> - <listitem><para>A synonym for <link linkend="GUESTONLY"><parameter moreinfo="none"> - guest only</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/onlyuser.xml b/docs/docbook/smbdotconf/security/onlyuser.xml deleted file mode 100644 index d0bbac7541..0000000000 --- a/docs/docbook/smbdotconf/security/onlyuser.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ONLYUSER"/>only user (S)</term> - <listitem><para>This is a boolean option that controls whether - connections with usernames not in the <parameter moreinfo="none">user</parameter> - list will be allowed. By default this option is disabled so that a - client can supply a username to be used by the server. Enabling - this parameter will force the server to only use the login - names from the <parameter moreinfo="none">user</parameter> list and is only really - useful in <link linkend="SECURITYEQUALSSHARE">share level</link> - security.</para> - - <para>Note that this also means Samba won't try to deduce - usernames from the service name. This can be annoying for - the [homes] section. To get around this you could use <command moreinfo="none">user = - %S</command> which means your <parameter moreinfo="none">user</parameter> list - will be just the service name, which for home directories is the - name of the user.</para> - - <para>See also the <link linkend="USER"><parameter moreinfo="none">user</parameter> - </link> parameter.</para> - - <para>Default: <command moreinfo="none">only user = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/pampasswordchange.xml b/docs/docbook/smbdotconf/security/pampasswordchange.xml deleted file mode 100644 index 8f0e91ae2d..0000000000 --- a/docs/docbook/smbdotconf/security/pampasswordchange.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PAMPASSWORDCHANGE"/>pam password change (G)</term> - <listitem><para>With the addition of better PAM support in Samba 2.2, - this parameter, it is possible to use PAM's password change control - flag for Samba. If enabled, then PAM will be used for password - changes when requested by an SMB client instead of the program listed in - <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter></link>. - It should be possible to enable this without changing your - <link linkend="PASSWDCHAT"><parameter moreinfo="none">passwd chat</parameter></link> - parameter for most setups. - </para> - - <para>Default: <command moreinfo="none">pam password change = no</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passdbbackend.xml b/docs/docbook/smbdotconf/security/passdbbackend.xml deleted file mode 100644 index 918c802e78..0000000000 --- a/docs/docbook/smbdotconf/security/passdbbackend.xml +++ /dev/null @@ -1,91 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSDBBACKEND"/>passdb backend (G)</term> - <listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. - Multiple backends can be specified, separated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. - Experimental backends must still be selected - (eg --with-tdbsam) at configure time. - </para> - - <para>This parameter is in two parts, the backend's name, and a 'location' - string that has meaning only to that particular backed. These are separated - by a : character.</para> - - <para>Available backends can include: - <itemizedlist> - <listitem><para><command moreinfo="none">smbpasswd</command> - The default smbpasswd - backend. Takes a path to the smbpasswd file as an optional argument.</para></listitem> - - <listitem><para><command moreinfo="none">smbpasswd_nua</command> - The smbpasswd - backend, but with support for 'not unix accounts'. - Takes a path to the smbpasswd file as an optional argument.</para> - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para></listitem> - - <listitem><para><command moreinfo="none">tdbsam</command> - The TDB based password storage - backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter moreinfo="none">private dir</parameter></link> directory.</para></listitem> - - <listitem><para><command moreinfo="none">tdbsam_nua</command> - The TDB based password storage - backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb - in the <link linkend="PRIVATEDIR"> - <parameter moreinfo="none">private dir</parameter></link> directory.</para> - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account range</parameter></link></para></listitem> - - <listitem><para><command moreinfo="none">ldapsam</command> - The LDAP based passdb - backend. Takes an LDAP URL as an optional argument (defaults to - <command moreinfo="none">ldap://localhost</command>)</para></listitem> - - <listitem><para><command moreinfo="none">ldapsam_nua</command> - The LDAP based passdb - backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to - <command moreinfo="none">ldap://localhost</command>)</para> - - <para>Note: In this module, any account without a matching POSIX account is regarded - as 'non unix'. </para> - - <para>See also <link linkend="NONUNIXACCOUNTRANGE"> - <parameter moreinfo="none">non unix account - range</parameter></link></para> - - <para>LDAP connections should be secured where - possible. This may be done using either - Start-TLS (see <link linkend="LDAPSSL"> - <parameter moreinfo="none">ldap ssl</parameter></link>) or by - specifying <parameter moreinfo="none">ldaps://</parameter> in - the URL argument. - </para></listitem> - - <listitem><para><command moreinfo="none">nisplussam</command> - The NIS+ based passdb backend. Takes name NIS domain as an optional argument. Only works with sun NIS+ servers. </para></listitem> - - <listitem><para><command moreinfo="none">plugin</command> - Allows Samba to load an - arbitary passdb backend from the .so specified as a compulsary argument. - </para> - - <para>Any characters after the (optional) second : are passed to the plugin - for its own processing</para> - </listitem> - - <listitem><para><command moreinfo="none">unixsam</command> - Allows samba to map all (other) available unix users</para> - - <para>This backend uses the standard unix database for retrieving users. Users included - in this pdb are NOT listed in samba user listings and users included in this pdb won't be - able to login. The use of this backend is to always be able to display the owner of a file - on the samba server - even when the user doesn't have a 'real' samba account in one of the - other passdb backends. - </para> - - <para>This backend should always be the last backend listed, since it contains all users in - the unix passdb and might 'override' mappings if specified earlier. It's meant to only return - accounts for users that aren't covered by the previous backends.</para> - </listitem> - </itemizedlist> - </para> - - <para>Default: <command moreinfo="none">passdb backend = smbpasswd unixsam</command></para> - <para>Example: <command moreinfo="none">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam</command></para> - <para>Example: <command moreinfo="none">passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam</command></para> - <para>Example: <command moreinfo="none">passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdchat.xml b/docs/docbook/smbdotconf/security/passwdchat.xml deleted file mode 100644 index 922f1a878c..0000000000 --- a/docs/docbook/smbdotconf/security/passwdchat.xml +++ /dev/null @@ -1,58 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWDCHAT"/>passwd chat (G)</term> - <listitem><para>This string controls the <emphasis>"chat"</emphasis> - conversation that takes places between <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> and the local password changing - program to change the user's password. The string describes a - sequence of response-receive pairs that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> uses to determine what to send to the - <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter> - </link> and what to expect back. If the expected output is not - received then the password is not changed.</para> - - <para>This chat sequence is often quite site specific, depending - on what local methods are used for password control (such as NIS - etc).</para> - <para>Note that this parameter only is only used if the <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix - password sync</parameter></link> parameter is set to <constant>yes</constant>. This - sequence is then called <emphasis>AS ROOT</emphasis> when the SMB password - in the smbpasswd file is being changed, without access to the old - password cleartext. This means that root must be able to reset the user's password - without knowing the text of the previous password. In the presence of NIS/YP, - this means that the <link linkend="PASSWDPROGRAM">passwd program</link> must be - executed on the NIS master. - </para> - - - <para>The string can contain the macro <parameter moreinfo="none">%n</parameter> which is substituted - for the new password. The chat sequence can also contain the standard - macros <constant>\\n</constant>, <constant>\\r</constant>, <constant> - \\t</constant> and <constant>\\s</constant> to give line-feed, - carriage-return, tab and space. The chat sequence string can also contain - a '*' which matches any sequence of characters. - Double quotes can be used to collect strings with spaces - in them into a single string.</para> - - <para>If the send string in any part of the chat sequence - is a full stop ".", then no string is sent. Similarly, - if the expect string is a full stop then no string is expected.</para> - - <para>If the <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam - password change</parameter></link> parameter is set to <constant>yes</constant>, the chat pairs - may be matched in any order, and success is determined by the PAM result, - not any particular output. The \n macro is ignored for PAM conversions. - </para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix password - sync</parameter></link>, <link linkend="PASSWDPROGRAM"><parameter moreinfo="none"> - passwd program</parameter></link> ,<link linkend="PASSWDCHATDEBUG"> - <parameter moreinfo="none">passwd chat debug</parameter></link> and <link linkend="PAMPASSWORDCHANGE"> - <parameter moreinfo="none">pam password change</parameter></link>.</para> - - <para>Default: <command moreinfo="none">passwd chat = *new*password* %n\\n - *new*password* %n\\n *changed*</command></para> - <para>Example: <command moreinfo="none">passwd chat = "*Enter OLD password*" %o\\n - "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password - changed*"</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdchatdebug.xml b/docs/docbook/smbdotconf/security/passwdchatdebug.xml deleted file mode 100644 index a5771b72d2..0000000000 --- a/docs/docbook/smbdotconf/security/passwdchatdebug.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWDCHATDEBUG"/>passwd chat debug (G)</term> - <listitem><para>This boolean specifies if the passwd chat script - parameter is run in <emphasis>debug</emphasis> mode. In this mode the - strings passed to and received from the passwd chat are printed - in the <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> log with a - <link linkend="DEBUGLEVEL"><parameter moreinfo="none">debug level</parameter></link> - of 100. This is a dangerous option as it will allow plaintext passwords - to be seen in the <command moreinfo="none">smbd</command> log. It is available to help - Samba admins debug their <parameter moreinfo="none">passwd chat</parameter> scripts - when calling the <parameter moreinfo="none">passwd program</parameter> and should - be turned off after this has been done. This option has no effect if the - <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam password change</parameter></link> - paramter is set. This parameter is off by default.</para> - - - <para>See also <link linkend="PASSWDCHAT"><parameter moreinfo="none">passwd chat</parameter> - </link>, <link linkend="PAMPASSWORDCHANGE"><parameter moreinfo="none">pam password change</parameter> - </link>, <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd program</parameter> - </link>.</para> - - <para>Default: <command moreinfo="none">passwd chat debug = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdprogram.xml b/docs/docbook/smbdotconf/security/passwdprogram.xml deleted file mode 100644 index dae24e22a1..0000000000 --- a/docs/docbook/smbdotconf/security/passwdprogram.xml +++ /dev/null @@ -1,35 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWDPROGRAM"/>passwd program (G)</term> - <listitem><para>The name of a program that can be used to set - UNIX user passwords. Any occurrences of <parameter moreinfo="none">%u</parameter> - will be replaced with the user name. The user name is checked for - existence before calling the password changing program.</para> - - <para>Also note that many passwd programs insist in <emphasis>reasonable - </emphasis> passwords, such as a minimum length, or the inclusion - of mixed case chars and digits. This can pose a problem as some clients - (such as Windows for Workgroups) uppercase the password before sending - it.</para> - - <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix - password sync</parameter> parameter is set to <constant>yes - </constant> then this program is called <emphasis>AS ROOT</emphasis> - before the SMB password in the <ulink url="smbpasswd.5.html">smbpasswd(5) - </ulink> file is changed. If this UNIX password change fails, then - <command moreinfo="none">smbd</command> will fail to change the SMB password also - (this is by design).</para> - - <para>If the <parameter moreinfo="none">unix password sync</parameter> parameter - is set this parameter <emphasis>MUST USE ABSOLUTE PATHS</emphasis> - for <emphasis>ALL</emphasis> programs called, and must be examined - for security implications. Note that by default <parameter moreinfo="none">unix - password sync</parameter> is set to <constant>no</constant>.</para> - - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix - password sync</parameter></link>.</para> - - <para>Default: <command moreinfo="none">passwd program = /bin/passwd</command></para> - <para>Example: <command moreinfo="none">passwd program = /sbin/npasswd %u</command> - </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwordlevel.xml b/docs/docbook/smbdotconf/security/passwordlevel.xml deleted file mode 100644 index 408082f838..0000000000 --- a/docs/docbook/smbdotconf/security/passwordlevel.xml +++ /dev/null @@ -1,40 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWORDLEVEL"/>password level (G)</term> - <listitem><para>Some client/server combinations have difficulty - with mixed-case passwords. One offending client is Windows for - Workgroups, which for some reason forces passwords to upper - case when using the LANMAN1 protocol, but leaves them alone when - using COREPLUS! Another problem child is the Windows 95/98 - family of operating systems. These clients upper case clear - text passwords even when NT LM 0.12 selected by the protocol - negotiation request/response.</para> - - <para>This parameter defines the maximum number of characters - that may be upper case in passwords.</para> - - <para>For example, say the password given was "FRED". If <parameter moreinfo="none"> - password level</parameter> is set to 1, the following combinations - would be tried if "FRED" failed:</para> - - <para>"Fred", "fred", "fRed", "frEd","freD"</para> - - <para>If <parameter moreinfo="none">password level</parameter> was set to 2, - the following combinations would also be tried: </para> - - <para>"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..</para> - - <para>And so on.</para> - - <para>The higher value this parameter is set to the more likely - it is that a mixed case password will be matched against a single - case password. However, you should be aware that use of this - parameter reduces security and increases the time taken to - process a new connection.</para> - - <para>A value of zero will cause only two attempts to be - made - the password as is and the password in all-lower case.</para> - - <para>Default: <command moreinfo="none">password level = 0</command></para> - <para>Example: <command moreinfo="none">password level = 4</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwordserver.xml b/docs/docbook/smbdotconf/security/passwordserver.xml deleted file mode 100644 index b803816d88..0000000000 --- a/docs/docbook/smbdotconf/security/passwordserver.xml +++ /dev/null @@ -1,92 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PASSWORDSERVER"/>password server (G)</term> - <listitem><para>By specifying the name of another SMB server (such - as a WinNT box) with this option, and using <command moreinfo="none">security = domain - </command> or <command moreinfo="none">security = server</command> you can get Samba - to do all its username/password validation via a remote server.</para> - - <para>This option sets the name of the password server to use. - It must be a NetBIOS name, so if the machine's NetBIOS name is - different from its Internet name then you may have to add its NetBIOS - name to the lmhosts file which is stored in the same directory - as the <filename moreinfo="none">smb.conf</filename> file.</para> - - <para>The name of the password server is looked up using the - parameter <link linkend="NAMERESOLVEORDER"><parameter moreinfo="none">name - resolve order</parameter></link> and so may resolved - by any method and order described in that parameter.</para> - - <para>The password server must be a machine capable of using - the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in - user level security mode.</para> - - <note><para>Using a password server - means your UNIX box (running Samba) is only as secure as your - password server. <emphasis>DO NOT CHOOSE A PASSWORD SERVER THAT - YOU DON'T COMPLETELY TRUST</emphasis>.</para></note> - - <para>Never point a Samba server at itself for password - serving. This will cause a loop and could lock up your Samba - server!</para> - - <para>The name of the password server takes the standard - substitutions, but probably the only useful one is <parameter moreinfo="none">%m - </parameter>, which means the Samba server will use the incoming - client as the password server. If you use this then you better - trust your clients, and you had better restrict them with hosts allow!</para> - - <para>If the <parameter moreinfo="none">security</parameter> parameter is set to - <constant>domain</constant>, then the list of machines in this - option must be a list of Primary or Backup Domain controllers for the - Domain or the character '*', as the Samba server is effectively - in that domain, and will use cryptographically authenticated RPC calls - to authenticate the user logging on. The advantage of using <command moreinfo="none"> - security = domain</command> is that if you list several hosts in the - <parameter moreinfo="none">password server</parameter> option then <command moreinfo="none">smbd - </command> will try each in turn till it finds one that responds. This - is useful in case your primary server goes down.</para> - - <para>If the <parameter moreinfo="none">password server</parameter> option is set - to the character '*', then Samba will attempt to auto-locate the - Primary or Backup Domain controllers to authenticate against by - doing a query for the name <constant>WORKGROUP<1C></constant> - and then contacting each server returned in the list of IP - addresses from the name resolution source. </para> - - <para>If the list of servers contains both names and the '*' - character, the list is treated as a list of preferred - domain controllers, but an auto lookup of all remaining DC's - will be added to the list as well. Samba will not attempt to optimize - this list by locating the closest DC.</para> - - <para>If the <parameter moreinfo="none">security</parameter> parameter is - set to <constant>server</constant>, then there are different - restrictions that <command moreinfo="none">security = domain</command> doesn't - suffer from:</para> - - <itemizedlist> - <listitem><para>You may list several password servers in - the <parameter moreinfo="none">password server</parameter> parameter, however if an - <command moreinfo="none">smbd</command> makes a connection to a password server, - and then the password server fails, no more users will be able - to be authenticated from this <command moreinfo="none">smbd</command>. This is a - restriction of the SMB/CIFS protocol when in <command moreinfo="none">security = server - </command> mode and cannot be fixed in Samba.</para></listitem> - - <listitem><para>If you are using a Windows NT server as your - password server then you will have to ensure that your users - are able to login from the Samba server, as when in <command moreinfo="none"> - security = server</command> mode the network logon will appear to - come from there rather than from the users workstation.</para></listitem> - </itemizedlist> - - <para>See also the <link linkend="SECURITY"><parameter moreinfo="none">security - </parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">password server = <empty string></command> - </para> - <para>Example: <command moreinfo="none">password server = NT-PDC, NT-BDC1, NT-BDC2, * - </command></para> - <para>Example: <command moreinfo="none">password server = *</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/printeradmin.xml b/docs/docbook/smbdotconf/security/printeradmin.xml deleted file mode 100644 index 7037facca0..0000000000 --- a/docs/docbook/smbdotconf/security/printeradmin.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRINTERADMIN"/>printer admin (S)</term> - <listitem><para>This is a list of users that can do anything to - printers via the remote administration interfaces offered by MS-RPC - (usually using a NT workstation). Note that the root user always - has admin rights.</para> - - <para>Default: <command moreinfo="none">printer admin = <empty string></command> - </para> - <para>Example: <command moreinfo="none">printer admin = admin, @staff</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/privatedir.xml b/docs/docbook/smbdotconf/security/privatedir.xml deleted file mode 100644 index ca22089122..0000000000 --- a/docs/docbook/smbdotconf/security/privatedir.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PRIVATEDIR"/>private dir (G)</term> - <listitem><para>This parameters defines the directory - smbd will use for storing such files as <filename moreinfo="none">smbpasswd</filename> - and <filename moreinfo="none">secrets.tdb</filename>. - </para> - - <para>Default :<command moreinfo="none">private dir = ${prefix}/private</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/public.xml b/docs/docbook/smbdotconf/security/public.xml deleted file mode 100644 index a1f6a1ee29..0000000000 --- a/docs/docbook/smbdotconf/security/public.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PUBLIC"/>public (S)</term> - <listitem><para>Synonym for <link linkend="GUESTOK"><parameter moreinfo="none">guest - ok</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/readlist.xml b/docs/docbook/smbdotconf/security/readlist.xml deleted file mode 100644 index 15d135d54e..0000000000 --- a/docs/docbook/smbdotconf/security/readlist.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READLIST"/>read list (S)</term> - <listitem><para>This is a list of users that are given read-only - access to a service. If the connecting user is in this list then - they will not be given write access, no matter what the <link linkend="READONLY"><parameter moreinfo="none">read only</parameter></link> - option is set to. The list can include group names using the - syntax described in the <link linkend="INVALIDUSERS"><parameter moreinfo="none"> - invalid users</parameter></link> parameter.</para> - - <para>See also the <link linkend="WRITELIST"><parameter moreinfo="none"> - write list</parameter></link> parameter and the <link linkend="INVALIDUSERS"><parameter moreinfo="none">invalid users</parameter> - </link> parameter.</para> - - <para>Default: <command moreinfo="none">read list = <empty string></command></para> - <para>Example: <command moreinfo="none">read list = mary, @students</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/readonly.xml b/docs/docbook/smbdotconf/security/readonly.xml deleted file mode 100644 index 02721935de..0000000000 --- a/docs/docbook/smbdotconf/security/readonly.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READONLY"/>read only (S)</term> - <listitem><para>An inverted synonym is <link linkend="WRITEABLE"> - <parameter moreinfo="none">writeable</parameter></link>.</para> - - <para>If this parameter is <constant>yes</constant>, then users - of a service may not create or modify files in the service's - directory.</para> - - <para>Note that a printable service (<command moreinfo="none">printable = yes</command>) - will <emphasis>ALWAYS</emphasis> allow writing to the directory - (user privileges permitting), but only via spooling operations.</para> - - <para>Default: <command moreinfo="none">read only = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/restrictanonymous.xml b/docs/docbook/smbdotconf/security/restrictanonymous.xml deleted file mode 100644 index 4b09b7d2bc..0000000000 --- a/docs/docbook/smbdotconf/security/restrictanonymous.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="RESTRICTANONYMOUS"/>restrict anonymous (G)</term> - <listitem><para>This is a integer parameter, and - mirrors as much as possible the functinality the - <constant>RestrictAnonymous</constant> - registry key does on NT/Win2k. </para> - - <para>Default: <command moreinfo="none">restrict anonymous = 0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/root.xml b/docs/docbook/smbdotconf/security/root.xml deleted file mode 100644 index f69c1a1ae1..0000000000 --- a/docs/docbook/smbdotconf/security/root.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOT"/>root (G)</term> - <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> - <parameter moreinfo="none">root directory"</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/rootdir.xml b/docs/docbook/smbdotconf/security/rootdir.xml deleted file mode 100644 index 1f543aed6a..0000000000 --- a/docs/docbook/smbdotconf/security/rootdir.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTDIR"/>root dir (G)</term> - <listitem><para>Synonym for <link linkend="ROOTDIRECTORY"> - <parameter moreinfo="none">root directory"</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/rootdirectory.xml b/docs/docbook/smbdotconf/security/rootdirectory.xml deleted file mode 100644 index 9efc11e3c6..0000000000 --- a/docs/docbook/smbdotconf/security/rootdirectory.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="ROOTDIRECTORY"/>root directory (G)</term> - <listitem><para>The server will <command moreinfo="none">chroot()</command> (i.e. - Change its root directory) to this directory on startup. This is - not strictly necessary for secure operation. Even without it the - server will deny access to files not in one of the service entries. - It may also check for, and deny access to, soft links to other - parts of the filesystem, or attempts to use ".." in file names - to access other directories (depending on the setting of the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter></link> - parameter).</para> - - <para>Adding a <parameter moreinfo="none">root directory</parameter> entry other - than "/" adds an extra level of security, but at a price. It - absolutely ensures that no access is given to files not in the - sub-tree specified in the <parameter moreinfo="none">root directory</parameter> - option, <emphasis>including</emphasis> some files needed for - complete operation of the server. To maintain full operability - of the server you will need to mirror some system files - into the <parameter moreinfo="none">root directory</parameter> tree. In particular - you will need to mirror <filename moreinfo="none">/etc/passwd</filename> (or a - subset of it), and any binaries or configuration files needed for - printing (if required). The set of files that must be mirrored is - operating system dependent.</para> - - <para>Default: <command moreinfo="none">root directory = /</command></para> - <para>Example: <command moreinfo="none">root directory = /homes/smb</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/security.xml b/docs/docbook/smbdotconf/security/security.xml deleted file mode 100644 index 8e97d8721f..0000000000 --- a/docs/docbook/smbdotconf/security/security.xml +++ /dev/null @@ -1,237 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SECURITY"/>security (G)</term> - <listitem><para>This option affects how clients respond to - Samba and is one of the most important settings in the <filename moreinfo="none"> - smb.conf</filename> file.</para> - - <para>The option sets the "security mode bit" in replies to - protocol negotiations with <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> to turn share level security on or off. Clients decide - based on this bit whether (and how) to transfer user and password - information to the server.</para> - - - <para>The default is <command moreinfo="none">security = user</command>, as this is - the most common setting needed when talking to Windows 98 and - Windows NT.</para> - - <para>The alternatives are <command moreinfo="none">security = share</command>, - <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain - </command>.</para> - - <para>In versions of Samba prior to 2.0.0, the default was - <command moreinfo="none">security = share</command> mainly because that was - the only option at one stage.</para> - - <para>There is a bug in WfWg that has relevance to this - setting. When in user or server level security a WfWg client - will totally ignore the password you type in the "connect - drive" dialog box. This makes it very difficult (if not impossible) - to connect to a Samba service as anyone except the user that - you are logged into WfWg as.</para> - - <para>If your PCs use usernames that are the same as their - usernames on the UNIX machine then you will want to use - <command moreinfo="none">security = user</command>. If you mostly use usernames - that don't exist on the UNIX box then use <command moreinfo="none">security = - share</command>.</para> - - <para>You should also use <command moreinfo="none">security = share</command> if you - want to mainly setup shares without a password (guest shares). This - is commonly used for a shared printer server. It is more difficult - to setup guest shares with <command moreinfo="none">security = user</command>, see - the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link>parameter for details.</para> - - <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis> - hybrid mode</emphasis> where it is offers both user and share - level security under different <link linkend="NETBIOSALIASES"> - <parameter moreinfo="none">NetBIOS aliases</parameter></link>. </para> - - <para>The different settings will now be explained.</para> - - - <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE - </emphasis></para> - - <para>When clients connect to a share level security server they - need not log onto the server with a valid username and password before - attempting to connect to a shared resource (although modern clients - such as Windows 95/98 and Windows NT will send a logon request with - a username but no password when talking to a <command moreinfo="none">security = share - </command> server). Instead, the clients send authentication information - (passwords) on a per-share basis, at the time they attempt to connect - to that share.</para> - - <para>Note that <command moreinfo="none">smbd</command> <emphasis>ALWAYS</emphasis> - uses a valid UNIX user to act on behalf of the client, even in - <command moreinfo="none">security = share</command> level security.</para> - - <para>As clients are not required to send a username to the server - in share level security, <command moreinfo="none">smbd</command> uses several - techniques to determine the correct UNIX user to use on behalf - of the client.</para> - - <para>A list of possible UNIX usernames to match with the given - client password is constructed using the following methods :</para> - - <itemizedlist> - <listitem><para>If the <link linkend="GUESTONLY"><parameter moreinfo="none">guest - only</parameter></link> parameter is set, then all the other - stages are missed and only the <link linkend="GUESTACCOUNT"> - <parameter moreinfo="none">guest account</parameter></link> username is checked. - </para></listitem> - - <listitem><para>Is a username is sent with the share connection - request, then this username (after mapping - see <link linkend="USERNAMEMAP"><parameter moreinfo="none">username map</parameter></link>), - is added as a potential username.</para></listitem> - - <listitem><para>If the client did a previous <emphasis>logon - </emphasis> request (the SessionSetup SMB call) then the - username sent in this SMB will be added as a potential username. - </para></listitem> - - <listitem><para>The name of the service the client requested is - added as a potential username.</para></listitem> - - <listitem><para>The NetBIOS name of the client is added to - the list as a potential username.</para></listitem> - - <listitem><para>Any users on the <link linkend="USER"><parameter moreinfo="none"> - user</parameter></link> list are added as potential usernames. - </para></listitem> - </itemizedlist> - - <para>If the <parameter moreinfo="none">guest only</parameter> parameter is - not set, then this list is then tried with the supplied password. - The first user for whom the password matches will be used as the - UNIX user.</para> - - <para>If the <parameter moreinfo="none">guest only</parameter> parameter is - set, or no username can be determined then if the share is marked - as available to the <parameter moreinfo="none">guest account</parameter>, then this - guest user will be used, otherwise access is denied.</para> - - <para>Note that it can be <emphasis>very</emphasis> confusing - in share-level security as to which UNIX username will eventually - be used in granting access.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSUSER"/><emphasis>SECURITY = USER - </emphasis></para> - - <para>This is the default security setting in Samba 3.0. - With user-level security a client must first "log-on" with a - valid username and password (which can be mapped using the <link linkend="USERNAMEMAP"><parameter moreinfo="none">username map</parameter></link> - parameter). Encrypted passwords (see the <link linkend="ENCRYPTPASSWORDS"> - <parameter moreinfo="none">encrypted passwords</parameter></link> parameter) can also - be used in this security mode. Parameters such as <link linkend="USER"> - <parameter moreinfo="none">user</parameter></link> and <link linkend="GUESTONLY"> - <parameter moreinfo="none">guest only</parameter></link> if set are then applied and - may change the UNIX user to use on this connection, but only after - the user has been successfully authenticated.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para><anchor id="SECURITYEQUALSDOMAIN"/><emphasis>SECURITY = DOMAIN - - </emphasis></para> - - <para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has been used to add this - machine into a Windows NT Domain. It expects the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter to be set to <constant>yes</constant>. In this - mode Samba will try to validate the username/password by passing - it to a Windows NT Primary or Backup Domain Controller, in exactly - the same way that a Windows NT Server would do.</para> - - <para><emphasis>Note</emphasis> that a valid UNIX user must still - exist as well as the account on the Domain Controller to allow - Samba to have a valid UNIX account to map file access to.</para> - - <para><emphasis>Note</emphasis> that from the client's point - of view <command moreinfo="none">security = domain</command> is the same as <command moreinfo="none">security = user - </command>. It only affects how the server deals with the authentication, - it does not in any way affect what the client sees.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password - server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter.</para> - - <para><anchor id="SECURITYEQUALSSERVER"/><emphasis>SECURITY = SERVER - </emphasis></para> - - <para>In this mode Samba will try to validate the username/password - by passing it to another SMB server, such as an NT box. If this - fails it will revert to <command moreinfo="none">security = - user</command>. It expects the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter to be set to - <constant>yes</constant>, unless the remote server - does not support them. However note - that if encrypted passwords have been negotiated then Samba cannot - revert back to checking the UNIX password file, it must have a valid - <filename moreinfo="none">smbpasswd</filename> file to check users against. See the - documentation file in the <filename moreinfo="none">docs/</filename> directory - <filename moreinfo="none">ENCRYPTION.txt</filename> for details on how to set this - up.</para> - - <para><emphasis>Note</emphasis> this mode of operation - has significant pitfalls, due to the fact that is - activly initiates a man-in-the-middle attack on the - remote SMB server. In particular, this mode of - operation can cause significant resource consuption on - the PDC, as it must maintain an active connection for - the duration of the user's session. Furthermore, if - this connection is lost, there is no way to - reestablish it, and futher authenticaions to the Samba - server may fail. (From a single client, till it - disconnects). </para> - - <para><emphasis>Note</emphasis> that from the client's point of - view <command moreinfo="none">security = server</command> is the same as <command moreinfo="none"> - security = user</command>. It only affects how the server deals - with the authentication, it does not in any way affect what the - client sees.</para> - - <para><emphasis>Note</emphasis> that the name of the resource being - requested is <emphasis>not</emphasis> sent to the server until after - the server has successfully authenticated the client. This is why - guest shares don't work in user level security without allowing - the server to automatically map unknown users into the <link linkend="GUESTACCOUNT"><parameter moreinfo="none">guest account</parameter></link>. - See the <link linkend="MAPTOGUEST"><parameter moreinfo="none">map to guest</parameter> - </link> parameter for details on doing this.</para> - - <para>See also the section <link linkend="VALIDATIONSECT"> - NOTE ABOUT USERNAME/PASSWORD VALIDATION</link>.</para> - - <para>See also the <link linkend="PASSWORDSERVER"><parameter moreinfo="none">password - server</parameter></link> parameter and the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypted passwords</parameter> - </link> parameter.</para> - - <para>Default: <command moreinfo="none">security = USER</command></para> - <para>Example: <command moreinfo="none">security = DOMAIN</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/securitymask.xml b/docs/docbook/smbdotconf/security/securitymask.xml deleted file mode 100644 index 9ed0adcbf4..0000000000 --- a/docs/docbook/smbdotconf/security/securitymask.xml +++ /dev/null @@ -1,33 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SECURITYMASK"/>security mask (S)</term> - <listitem><para>This parameter controls what UNIX permission - bits can be modified when a Windows NT client is manipulating - the UNIX permission on a file using the native NT security - dialog box.</para> - - <para>This parameter is applied as a mask (AND'ed with) to - the changed permission bits, thus preventing any bits not in - this mask from being modified. Essentially, zero bits in this - mask may be treated as a set of bits the user is not allowed - to change.</para> - - <para>If not set explicitly this parameter is 0777, allowing - a user to modify all the user/group/world permissions on a file. - </para> - - <para><emphasis>Note</emphasis> that users who can access the - Samba server through other means can easily bypass this - restriction, so it is primarily useful for standalone - "appliance" systems. Administrators of most normal systems will - probably want to leave it set to <constant>0777</constant>.</para> - - <para>See also the <link linkend="FORCEDIRECTORYSECURITYMODE"> - <parameter moreinfo="none">force directory security mode</parameter></link>, - <link linkend="DIRECTORYSECURITYMASK"><parameter moreinfo="none">directory - security mask</parameter></link>, <link linkend="FORCESECURITYMODE"> - <parameter moreinfo="none">force security mode</parameter></link> parameters.</para> - - <para>Default: <command moreinfo="none">security mask = 0777</command></para> - <para>Example: <command moreinfo="none">security mask = 0770</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/smbpasswdfile.xml b/docs/docbook/smbdotconf/security/smbpasswdfile.xml deleted file mode 100644 index 2efbd12169..0000000000 --- a/docs/docbook/smbdotconf/security/smbpasswdfile.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SMBPASSWDFILE"/>smb passwd file (G)</term> - <listitem><para>This option sets the path to the encrypted - smbpasswd file. By default the path to the smbpasswd file - is compiled into Samba.</para> - - <para>Default: <command moreinfo="none">smb passwd file = ${prefix}/private/smbpasswd - </command></para> - - <para>Example: <command moreinfo="none">smb passwd file = /etc/samba/smbpasswd - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/unixpasswordsync.xml b/docs/docbook/smbdotconf/security/unixpasswordsync.xml deleted file mode 100644 index 41c6d983d0..0000000000 --- a/docs/docbook/smbdotconf/security/unixpasswordsync.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UNIXPASSWORDSYNC"/>unix password sync (G)</term> - <listitem><para>This boolean parameter controls whether Samba - attempts to synchronize the UNIX password with the SMB password - when the encrypted SMB password in the smbpasswd file is changed. - If this is set to <constant>yes</constant> the program specified in the <parameter moreinfo="none">passwd - program</parameter>parameter is called <emphasis>AS ROOT</emphasis> - - to allow the new UNIX password to be set without access to the - old UNIX password (as the SMB password change code has no - access to the old password cleartext, only the new).</para> - - <para>See also <link linkend="PASSWDPROGRAM"><parameter moreinfo="none">passwd - program</parameter></link>, <link linkend="PASSWDCHAT"><parameter moreinfo="none"> - passwd chat</parameter></link>.</para> - - <para>Default: <command moreinfo="none">unix password sync = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/updateencrypted.xml b/docs/docbook/smbdotconf/security/updateencrypted.xml deleted file mode 100644 index 45c66e0de2..0000000000 --- a/docs/docbook/smbdotconf/security/updateencrypted.xml +++ /dev/null @@ -1,28 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="UPDATEENCRYPTED"/>update encrypted (G)</term> - <listitem><para>This boolean parameter allows a user logging - on with a plaintext password to have their encrypted (hashed) - password in the smbpasswd file to be updated automatically as - they log on. This option allows a site to migrate from plaintext - password authentication (users authenticate with plaintext - password over the wire, and are checked against a UNIX account - database) to encrypted password authentication (the SMB - challenge/response authentication mechanism) without forcing - all users to re-enter their passwords via smbpasswd at the time the - change is made. This is a convenience option to allow the change over - to encrypted passwords to be made over a longer period. Once all users - have encrypted representations of their passwords in the smbpasswd - file this parameter should be set to <constant>no</constant>.</para> - - <para>In order for this parameter to work correctly the <link linkend="ENCRYPTPASSWORDS"><parameter moreinfo="none">encrypt passwords</parameter> - </link> parameter must be set to <constant>no</constant> when - this parameter is set to <constant>yes</constant>.</para> - - <para>Note that even when this parameter is set a user - authenticating to <command moreinfo="none">smbd</command> must still enter a valid - password in order to connect correctly, and to update their hashed - (smbpasswd) passwords.</para> - - <para>Default: <command moreinfo="none">update encrypted = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/user.xml b/docs/docbook/smbdotconf/security/user.xml deleted file mode 100644 index 9c0502061b..0000000000 --- a/docs/docbook/smbdotconf/security/user.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USER"/>user (S)</term> - <listitem><para>Synonym for <link linkend="USERNAME"><parameter moreinfo="none"> - username</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/username.xml b/docs/docbook/smbdotconf/security/username.xml deleted file mode 100644 index 779f24170b..0000000000 --- a/docs/docbook/smbdotconf/security/username.xml +++ /dev/null @@ -1,62 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAME"/>username (S)</term> - <listitem><para>Multiple users may be specified in a comma-delimited - list, in which case the supplied password will be tested against - each username in turn (left to right).</para> - - <para>The <parameter moreinfo="none">username</parameter> line is needed only when - the PC is unable to supply its own username. This is the case - for the COREPLUS protocol or where your users have different WfWg - usernames to UNIX usernames. In both these cases you may also be - better using the \\server\share%user syntax instead.</para> - - <para>The <parameter moreinfo="none">username</parameter> line is not a great - solution in many cases as it means Samba will try to validate - the supplied password against each of the usernames in the - <parameter moreinfo="none">username</parameter> line in turn. This is slow and - a bad idea for lots of users in case of duplicate passwords. - You may get timeouts or security breaches using this parameter - unwisely.</para> - - <para>Samba relies on the underlying UNIX security. This - parameter does not restrict who can login, it just offers hints - to the Samba server as to what usernames might correspond to the - supplied password. Users can login as whoever they please and - they will be able to do no more damage than if they started a - telnet session. The daemon runs as the user that they log in as, - so they cannot do anything that user cannot do.</para> - - <para>To restrict a service to a particular set of users you - can use the <link linkend="VALIDUSERS"><parameter moreinfo="none">valid users - </parameter></link> parameter.</para> - - <para>If any of the usernames begin with a '@' then the name - will be looked up first in the NIS netgroups list (if Samba - is compiled with netgroup support), followed by a lookup in - the UNIX groups database and will expand to a list of all users - in the group of that name.</para> - - <para>If any of the usernames begin with a '+' then the name - will be looked up only in the UNIX groups database and will - expand to a list of all users in the group of that name.</para> - - <para>If any of the usernames begin with a '&' then the name - will be looked up only in the NIS netgroups database (if Samba - is compiled with netgroup support) and will expand to a list - of all users in the netgroup group of that name.</para> - - <para>Note that searching though a groups database can take - quite some time, and some clients may time out during the - search.</para> - - <para>See the section <link linkend="VALIDATIONSECT">NOTE ABOUT - USERNAME/PASSWORD VALIDATION</link> for more information on how - this parameter determines access to the services.</para> - - <para>Default: <command moreinfo="none">The guest account if a guest service, - else <empty string>.</command></para> - - <para>Examples:<command moreinfo="none">username = fred, mary, jack, jane, - @users, @pcgroup</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/usernamelevel.xml b/docs/docbook/smbdotconf/security/usernamelevel.xml deleted file mode 100644 index a4deff3bf9..0000000000 --- a/docs/docbook/smbdotconf/security/usernamelevel.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAMELEVEL"/>username level (G)</term> - <listitem><para>This option helps Samba to try and 'guess' at - the real UNIX username, as many DOS clients send an all-uppercase - username. By default Samba tries all lowercase, followed by the - username with the first letter capitalized, and fails if the - username is not found on the UNIX machine.</para> - - <para>If this parameter is set to non-zero the behavior changes. - This parameter is a number that specifies the number of uppercase - combinations to try while trying to determine the UNIX user name. The - higher the number the more combinations will be tried, but the slower - the discovery of usernames will be. Use this parameter when you have - strange usernames on your UNIX machine, such as <constant>AstrangeUser - </constant>.</para> - - <para>Default: <command moreinfo="none">username level = 0</command></para> - <para>Example: <command moreinfo="none">username level = 5</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/usernamemap.xml b/docs/docbook/smbdotconf/security/usernamemap.xml deleted file mode 100644 index 37ee72c235..0000000000 --- a/docs/docbook/smbdotconf/security/usernamemap.xml +++ /dev/null @@ -1,90 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERNAMEMAP"/>username map (G)</term> - <listitem><para>This option allows you to specify a file containing - a mapping of usernames from the clients to the server. This can be - used for several purposes. The most common is to map usernames - that users use on DOS or Windows machines to those that the UNIX - box uses. The other is to map multiple users to a single username - so that they can more easily share files.</para> - - <para>The map file is parsed line by line. Each line should - contain a single UNIX username on the left then a '=' followed - by a list of usernames on the right. The list of usernames on the - right may contain names of the form @group in which case they - will match any UNIX username in that group. The special client - name '*' is a wildcard and matches any name. Each line of the - map file may be up to 1023 characters long.</para> - - <para>The file is processed on each line by taking the - supplied username and comparing it with each username on the right - hand side of the '=' signs. If the supplied name matches any of - the names on the right hand side then it is replaced with the name - on the left. Processing then continues with the next line.</para> - - <para>If any line begins with a '#' or a ';' then it is - ignored</para> - - <para>If any line begins with an '!' then the processing - will stop after that line if a mapping was done by the line. - Otherwise mapping continues with every line being processed. - Using '!' is most useful when you have a wildcard mapping line - later in the file.</para> - - <para>For example to map from the name <constant>admin</constant> - or <constant>administrator</constant> to the UNIX name <constant> - root</constant> you would use:</para> - - <para><command moreinfo="none">root = admin administrator</command></para> - - <para>Or to map anyone in the UNIX group <constant>system</constant> - to the UNIX name <constant>sys</constant> you would use:</para> - - <para><command moreinfo="none">sys = @system</command></para> - - <para>You can have as many mappings as you like in a username - map file.</para> - - - <para>If your system supports the NIS NETGROUP option then - the netgroup database is checked before the <filename moreinfo="none">/etc/group - </filename> database for matching groups.</para> - - <para>You can map Windows usernames that have spaces in them - by using double quotes around the name. For example:</para> - - <para><command moreinfo="none">tridge = "Andrew Tridgell"</command></para> - - <para>would map the windows username "Andrew Tridgell" to the - unix username "tridge".</para> - - <para>The following example would map mary and fred to the - unix user sys, and map the rest to guest. Note the use of the - '!' to tell Samba to stop processing if it gets a match on - that line.</para> - -<para><programlisting format="linespecific"> -!sys = mary fred -guest = * -</programlisting></para> - - <para>Note that the remapping is applied to all occurrences - of usernames. Thus if you connect to \\server\fred and <constant> - fred</constant> is remapped to <constant>mary</constant> then you - will actually be connecting to \\server\mary and will need to - supply a password suitable for <constant>mary</constant> not - <constant>fred</constant>. The only exception to this is the - username passed to the <link linkend="PASSWORDSERVER"><parameter moreinfo="none"> - password server</parameter></link> (if you have one). The password - server will receive whatever username the client supplies without - modification.</para> - - <para>Also note that no reverse mapping is done. The main effect - this has is with printing. Users who have been mapped may have - trouble deleting print jobs as PrintManager under WfWg will think - they don't own the print job.</para> - - <para>Default: <emphasis>no username map</emphasis></para> - <para>Example: <command moreinfo="none">username map = /usr/local/samba/lib/users.map - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/users.xml b/docs/docbook/smbdotconf/security/users.xml deleted file mode 100644 index e78d259f62..0000000000 --- a/docs/docbook/smbdotconf/security/users.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USERS"/>users (S)</term> - <listitem><para>Synonym for <link linkend="USERNAME"><parameter moreinfo="none"> - username</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/validusers.xml b/docs/docbook/smbdotconf/security/validusers.xml deleted file mode 100644 index 5155a5ef34..0000000000 --- a/docs/docbook/smbdotconf/security/validusers.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VALIDUSERS"/>valid users (S)</term> - <listitem><para>This is a list of users that should be allowed - to login to this service. Names starting with '@', '+' and '&' - are interpreted using the same rules as described in the - <parameter moreinfo="none">invalid users</parameter> parameter.</para> - - <para>If this is empty (the default) then any user can login. - If a username is in both this list and the <parameter moreinfo="none">invalid - users</parameter> list then access is denied for that user.</para> - - <para>The current servicename is substituted for <parameter moreinfo="none">%S - </parameter>. This is useful in the [homes] section.</para> - - <para>See also <link linkend="INVALIDUSERS"><parameter moreinfo="none">invalid users - </parameter></link></para> - - <para>Default: <emphasis>No valid users list (anyone can login) - </emphasis></para> - - <para>Example: <command moreinfo="none">valid users = greg, @pcusers</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writable.xml b/docs/docbook/smbdotconf/security/writable.xml deleted file mode 100644 index 66ba44cc44..0000000000 --- a/docs/docbook/smbdotconf/security/writable.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITABLE"/>writable (S)</term> - <listitem><para>Synonym for <link linkend="WRITEABLE"><parameter moreinfo="none"> - writeable</parameter></link> for people who can't spell :-).</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writeable.xml b/docs/docbook/smbdotconf/security/writeable.xml deleted file mode 100644 index b963410374..0000000000 --- a/docs/docbook/smbdotconf/security/writeable.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITEABLE"/>writeable (S)</term> - <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter moreinfo="none"> - read only</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writelist.xml b/docs/docbook/smbdotconf/security/writelist.xml deleted file mode 100644 index 76ee56c93a..0000000000 --- a/docs/docbook/smbdotconf/security/writelist.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITELIST"/>write list (S)</term> - <listitem><para>This is a list of users that are given read-write - access to a service. If the connecting user is in this list then - they will be given write access, no matter what the <link linkend="READONLY"><parameter moreinfo="none">read only</parameter></link> - option is set to. The list can include group names using the - @group syntax.</para> - - <para>Note that if a user is in both the read list and the - write list then they will be given write access.</para> - - <para>See also the <link linkend="READLIST"><parameter moreinfo="none">read list - </parameter></link> option.</para> - - <para>Default: <command moreinfo="none">write list = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">write list = admin, root, @staff - </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/writeok.xml b/docs/docbook/smbdotconf/security/writeok.xml deleted file mode 100644 index 103c2be993..0000000000 --- a/docs/docbook/smbdotconf/security/writeok.xml +++ /dev/null @@ -1,6 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITEOK"/>write ok (S)</term> - <listitem><para>Inverted synonym for <link linkend="READONLY"><parameter moreinfo="none"> - read only</parameter></link>.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/smb.conf.5.xml b/docs/docbook/smbdotconf/smb.conf.5.xml deleted file mode 100644 index edb94573df..0000000000 --- a/docs/docbook/smbdotconf/smb.conf.5.xml +++ /dev/null @@ -1,685 +0,0 @@ -<?xml version="1.0" encoding="iso8859-1"?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" - "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [ - -<!ENTITY % globalentities SYSTEM './../global.ent'> %globalentities; -]> -<refentry id="smb.conf.5"> - -<refmeta> - <refentrytitle>smb.conf</refentrytitle> - <manvolnum>5</manvolnum> -</refmeta> - - -<refnamediv> - <refname>smb.conf</refname> - <refpurpose>The configuration file for the Samba suite</refpurpose> -</refnamediv> - -<refsect1> - <title>SYNOPSIS</title> - - <para>The <filename moreinfo="none">smb.conf</filename> file is a configuration - file for the Samba suite. <filename moreinfo="none">smb.conf</filename> contains - runtime configuration information for the Samba programs. The <filename moreinfo="none">smb.conf</filename> file - is designed to be configured and administered by the <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> program. The complete - description of the file format and possible parameters held within - are here for reference purposes.</para> </refsect1> - -<refsect1> - <title id="FILEFORMATSECT">FILE FORMAT</title> - - <para>The file consists of sections and parameters. A section - begins with the name of the section in square brackets and continues - until the next section begins. Sections contain parameters of the - form</para> - - <para><replaceable>name</replaceable> = <replaceable>value - </replaceable></para> - - <para>The file is line-based - that is, each newline-terminated - line represents either a comment, a section name or a parameter.</para> - - <para>Section and parameter names are not case sensitive.</para> - - <para>Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. - Leading, trailing and internal whitespace in section and parameter - names is irrelevant. Leading and trailing whitespace in a parameter - value is discarded. Internal whitespace within a parameter value - is retained verbatim.</para> - - <para>Any line beginning with a semicolon (';') or a hash ('#') - character is ignored, as are lines containing only whitespace.</para> - - <para>Any line ending in a '\' is continued - on the next line in the customary UNIX fashion.</para> - - <para>The values following the equals sign in parameters are all - either a string (no quotes needed) or a boolean, which may be given - as yes/no, 0/1 or true/false. Case is not significant in boolean - values, but is preserved in string values. Some items such as - create modes are numeric.</para> -</refsect1> - -<refsect1> - <title>SECTION DESCRIPTIONS</title> - - <para>Each section in the configuration file (except for the - [global] section) describes a shared resource (known - as a "share"). The section name is the name of the - shared resource and the parameters within the section define - the shares attributes.</para> - - <para>There are three special sections, [global], - [homes] and [printers], which are - described under <emphasis>special sections</emphasis>. The - following notes apply to ordinary section descriptions.</para> - - <para>A share consists of a directory to which access is being - given plus a description of the access rights which are granted - to the user of the service. Some housekeeping options are - also specifiable.</para> - - <para>Sections are either file share services (used by the - client as an extension of their native file systems) or - printable services (used by the client to access print services - on the host running the server).</para> - - <para>Sections may be designated <emphasis>guest</emphasis> services, - in which case no password is required to access them. A specified - UNIX <emphasis>guest account</emphasis> is used to define access - privileges in this case.</para> - - <para>Sections other than guest services will require a password - to access them. The client provides the username. As older clients - only provide passwords and not usernames, you may specify a list - of usernames to check against the password using the "user =" - option in the share definition. For modern clients such as - Windows 95/98/ME/NT/2000, this should not be necessary.</para> - - <para>Note that the access rights granted by the server are - masked by the access rights granted to the specified or guest - UNIX user by the host system. The server does not grant more - access than the host system grants.</para> - - <para>The following sample section defines a file space share. - The user has write access to the path <filename moreinfo="none">/home/bar</filename>. - The share is accessed via the share name "foo":</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[foo] - path = /home/bar - read only = no -</computeroutput> -</screen> - - <para>The following sample section defines a printable share. - The share is readonly, but printable. That is, the only write - access permitted is via calls to open, write to and close a - spool file. The <emphasis>guest ok</emphasis> parameter means - access will be permitted as the default guest user (specified - elsewhere):</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[aprinter] - path = /usr/spool/public - read only = yes - printable = yes - guest ok = yes -</computeroutput> -</screen> -</refsect1> - -<refsect1> - <title>SPECIAL SECTIONS</title> - - <refsect2> - <title>The [global] section</title> - - <para>parameters in this section apply to the server - as a whole, or are defaults for sections which do not - specifically define certain items. See the notes - under PARAMETERS for more information.</para> - </refsect2> - - <refsect2> - <title id="HOMESECT">The [homes] section</title> - - <para>If a section called homes is included in the - configuration file, services connecting clients to their - home directories can be created on the fly by the server.</para> - - <para>When the connection request is made, the existing - sections are scanned. If a match is found, it is used. If no - match is found, the requested section name is treated as a - user name and looked up in the local password file. If the - name exists and the correct password has been given, a share is - created by cloning the [homes] section.</para> - - <para>Some modifications are then made to the newly - created share:</para> - - <itemizedlist> - <listitem><para>The share name is changed from homes to - the located username.</para></listitem> - - <listitem><para>If no path was given, the path is set to - the user's home directory.</para></listitem> - </itemizedlist> - - <para>If you decide to use a <emphasis>path =</emphasis> line - in your [homes] section then you may find it useful - to use the %S macro. For example :</para> - - <para><userinput moreinfo="none">path = /data/pchome/%S</userinput></para> - - <para>would be useful if you have different home directories - for your PCs than for UNIX access.</para> - - <para>This is a fast and simple way to give a large number - of clients access to their home directories with a minimum - of fuss.</para> - - <para>A similar process occurs if the requested section - name is "homes", except that the share name is not - changed to that of the requesting user. This method of using - the [homes] section works well if different users share - a client PC.</para> - - <para>The [homes] section can specify all the parameters - a normal service section can specify, though some make more sense - than others. The following is a typical and suitable [homes] - section:</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -[homes] - read only = no -</computeroutput> -</screen> - - <para>An important point is that if guest access is specified - in the [homes] section, all home directories will be - visible to all clients <emphasis>without a password</emphasis>. - In the very unlikely event that this is actually desirable, it - would be wise to also specify <emphasis>read only - access</emphasis>.</para> - - <para>Note that the <emphasis>browseable</emphasis> flag for - auto home directories will be inherited from the global browseable - flag, not the [homes] browseable flag. This is useful as - it means setting <emphasis>browseable = no</emphasis> in - the [homes] section will hide the [homes] share but make - any auto home directories visible.</para> - </refsect2> - - <refsect2> - <title id="PRINTERSSECT">The [printers] section</title> - - <para>This section works like [homes], - but for printers.</para> - - <para>If a [printers] section occurs in the - configuration file, users are able to connect to any printer - specified in the local host's printcap file.</para> - - <para>When a connection request is made, the existing sections - are scanned. If a match is found, it is used. If no match is found, - but a [homes] section exists, it is used as described - above. Otherwise, the requested section name is treated as a - printer name and the appropriate printcap file is scanned to see - if the requested section name is a valid printer share name. If - a match is found, a new printer share is created by cloning - the [printers] section.</para> - - <para>A few modifications are then made to the newly created - share:</para> - - <itemizedlist> - <listitem><para>The share name is set to the located printer - name</para></listitem> - - <listitem><para>If no printer name was given, the printer name - is set to the located printer name</para></listitem> - - <listitem><para>If the share does not permit guest access and - no username was given, the username is set to the located - printer name.</para></listitem> - </itemizedlist> - - <para>Note that the [printers] service MUST be - printable - if you specify otherwise, the server will refuse - to load the configuration file.</para> - - <para>Typically the path specified would be that of a - world-writeable spool directory with the sticky bit set on - it. A typical [printers] entry would look like - this:</para> - -<screen format="linespecific"><computeroutput moreinfo="none"> -[printers] - path = /usr/spool/public - guest ok = yes - printable = yes -</computeroutput></screen> - - <para>All aliases given for a printer in the printcap file - are legitimate printer names as far as the server is concerned. - If your printing subsystem doesn't work like that, you will have - to set up a pseudo-printcap. This is a file consisting of one or - more lines like this:</para> - -<screen format="linespecific"> -<computeroutput moreinfo="none"> -alias|alias|alias|alias... -</computeroutput> -</screen> - - <para>Each alias should be an acceptable printer name for - your printing subsystem. In the [global] section, specify - the new file as your printcap. The server will then only recognize - names found in your pseudo-printcap, which of course can contain - whatever aliases you like. The same technique could be used - simply to limit access to a subset of your local printers.</para> - - <para>An alias, by the way, is defined as any component of the - first entry of a printcap record. Records are separated by newlines, - components (if there are more than one) are separated by vertical - bar symbols ('|').</para> - - <note><para>On SYSV systems which use lpstat to determine what - printers are defined on the system you may be able to use - "printcap name = lpstat" to automatically obtain a list - of printers. See the "printcap name" option - for more details.</para></note> - </refsect2> -</refsect1> - -<refsect1> - <title>PARAMETERS</title> - - <para>parameters define the specific attributes of sections.</para> - - <para>Some parameters are specific to the [global] section - (e.g., <emphasis>security</emphasis>). Some parameters are usable - in all sections (e.g., <emphasis>create mode</emphasis>). All others - are permissible only in normal sections. For the purposes of the - following descriptions the [homes] and [printers] - sections will be considered normal. The letter <emphasis>G</emphasis> - in parentheses indicates that a parameter is specific to the - [global] section. The letter <emphasis>S</emphasis> - indicates that a parameter can be specified in a service specific - section. Note that all <emphasis>S</emphasis> parameters can also be specified in - the [global] section - in which case they will define - the default behavior for all services.</para> - - <para>parameters are arranged here in alphabetical order - this may - not create best bedfellows, but at least you can find them! Where - there are synonyms, the preferred synonym is described, others refer - to the preferred synonym.</para> -</refsect1> - -<refsect1> - <title>VARIABLE SUBSTITUTIONS</title> - - <para>Many of the strings that are settable in the config file - can take substitutions. For example the option "path = - /tmp/%u" would be interpreted as "path = - /tmp/john" if the user connected with the username john.</para> - - <para>These substitutions are mostly noted in the descriptions below, - but there are some general substitutions which apply whenever they - might be relevant. These are:</para> - - <variablelist> - <varlistentry> - <term>%U</term> - <listitem><para>session user name (the user name that the client - wanted, not necessarily the same as the one they got).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%G</term> - <listitem><para>primary group name of %U.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%h</term> - <listitem><para>the Internet hostname that Samba is running - on.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%m</term> - <listitem><para>the NetBIOS name of the client machine - (very useful).</para></listitem> - </varlistentry> - - <varlistentry> - <term>%L</term> - <listitem><para>the NetBIOS name of the server. This allows you - to change your config based on what the client calls you. Your - server can have a "dual personality".</para> - - <para>Note that this parameter is not available when Samba listens - on port 445, as clients no longer send this information </para> - </listitem> - - </varlistentry> - - <varlistentry> - <term>%M</term> - <listitem><para>the Internet name of the client machine. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>%R</term> - <listitem><para>the selected protocol level after - protocol negotiation. It can be one of CORE, COREPLUS, - LANMAN1, LANMAN2 or NT1.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%d</term> - <listitem><para>The process id of the current server - process.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%a</term> - <listitem><para>the architecture of the remote - machine. Only some are recognized, and those may not be - 100% reliable. It currently recognizes Samba, WfWg, Win95, - WinNT and Win2k. Anything else will be known as - "UNKNOWN". If it gets it wrong then sending a level - 3 log to <ulink url="mailto:samba@samba.org">samba@samba.org - </ulink> should allow it to be fixed.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%I</term> - <listitem><para>The IP address of the client machine.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%T</term> - <listitem><para>the current date and time.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%D</term> - <listitem><para>Name of the domain or workgroup of the current user.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%$(<replaceable>envvar</replaceable>)</term> - <listitem><para>The value of the environment variable - <replaceable>envar</replaceable>.</para></listitem> - </varlistentry> - </variablelist> - - <para>The following substitutes apply only to some configuration options(only those - that are used when a connection has been established):</para> - - <variablelist> - <varlistentry> - <term>%S</term> - <listitem><para>the name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%P</term> - <listitem><para>the root directory of the current service, - if any.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%u</term> - <listitem><para>user name of the current service, if any.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%g</term> - <listitem><para>primary group name of %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%H</term> - <listitem><para>the home directory of the user given - by %u.</para></listitem> - </varlistentry> - - <varlistentry> - <term>%N</term> - <listitem><para>the name of your NIS home directory server. - This is obtained from your NIS auto.map entry. If you have - not compiled Samba with the <emphasis>--with-automount</emphasis> - option then this value will be the same as %L.</para> - </listitem> - </varlistentry> - - <varlistentry> - <term>%p</term> - <listitem><para>the path of the service's home directory, - obtained from your NIS auto.map entry. The NIS auto.map entry - is split up as "%N:%p".</para></listitem> - </varlistentry> - </variablelist> - - <para>There are some quite creative things that can be done - with these substitutions and other smb.conf options.</para> -</refsect1> - -<refsect1> - <title id="NAMEMANGLINGSECT">NAME MANGLING</title> - - <para>Samba supports "name mangling" so that DOS and - Windows clients can use files that don't conform to the 8.3 format. - It can also be set to adjust the case of 8.3 format filenames.</para> - - <para>There are several options that control the way mangling is - performed, and they are grouped here rather than listed separately. - For the defaults look at the output of the testparm program. </para> - - <para>All of these options can be set separately for each service - (or globally, of course). </para> - - <para>The options are: </para> - - <variablelist> - - <varlistentry> - <term>mangle case = yes/no</term> - <listitem><para> controls if names that have characters that - aren't of the "default" case are mangled. For example, - if this is yes then a name like "Mail" would be mangled. - Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>case sensitive = yes/no</term> - <listitem><para>controls whether filenames are case sensitive. If - they aren't then Samba must do a filename search and match on passed - names. Default <emphasis>no</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>default case = upper/lower</term> - <listitem><para>controls what the default case is for new - filenames. Default <emphasis>lower</emphasis>.</para></listitem> - </varlistentry> - - <varlistentry> - <term>preserve case = yes/no</term> - <listitem><para>controls if new files are created with the - case that the client passes, or if they are forced to be the - "default" case. Default <emphasis>yes</emphasis>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>short preserve case = yes/no</term> - <listitem><para>controls if new files which conform to 8.3 syntax, - that is all in upper case and of suitable length, are created - upper case, or if they are forced to be the "default" - case. This option can be use with "preserve case = yes" - to permit long filenames to retain their case, while short names - are lowercased. Default <emphasis>yes</emphasis>.</para></listitem> - </varlistentry> - </variablelist> - - <para>By default, Samba 3.0 has the same semantics as a Windows - NT server, in that it is case insensitive but case preserving.</para> - -</refsect1> - -<refsect1> - <title id="VALIDATIONSECT">NOTE ABOUT USERNAME/PASSWORD VALIDATION</title> - - <para>There are a number of ways in which a user can connect - to a service. The server uses the following steps in determining - if it will allow a connection to a specified service. If all the - steps fail, then the connection request is rejected. However, if one of the - steps succeeds, then the following steps are not checked.</para> - - <para>If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") - then steps 1 to 5 are skipped.</para> - - - <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic"> - <listitem><para>If the client has passed a username/password - pair and that username/password pair is validated by the UNIX - system's password programs then the connection is made as that - username. Note that this includes the - \\server\service%<replaceable>username</replaceable> method of passing - a username.</para></listitem> - - <listitem><para>If the client has previously registered a username - with the system and now supplies a correct password for that - username then the connection is allowed.</para></listitem> - - <listitem><para>The client's NetBIOS name and any previously - used user names are checked against the supplied password, if - they match then the connection is allowed as the corresponding - user.</para></listitem> - - <listitem><para>If the client has previously validated a - username/password pair with the server and the client has passed - the validation token then that username is used. </para></listitem> - - <listitem><para>If a "user = " field is given in the - <filename moreinfo="none">smb.conf</filename> file for the service and the client - has supplied a password, and that password matches (according to - the UNIX system's password checking) with one of the usernames - from the "user =" field then the connection is made as - the username in the "user =" line. If one - of the username in the "user =" list begins with a - '@' then that name expands to a list of names in - the group of the same name.</para></listitem> - - <listitem><para>If the service is a guest service then a - connection is made as the username given in the "guest - account =" for the service, irrespective of the - supplied password.</para></listitem> - </orderedlist> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF GLOBAL PARAMETERS</title> - - <para>Here is a list of all global parameters. See the section of - each parameter for details. Note that some are synonyms.</para> - - <xi:include href="parameters.global.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>COMPLETE LIST OF SERVICE PARAMETERS</title> - - <para>Here is a list of all service parameters. See the section on - each parameter for details. Note that some are synonyms.</para> - - <xi:include href="parameters.service.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>EXPLANATION OF EACH PARAMETER</title> - - <xi:include href="parameters.all.xml" parse="xml" xmlns:xi="http://www.w3.org/2001/XInclude"/> - -</refsect1> - -<refsect1> - <title>WARNINGS</title> - - <para>Although the configuration file permits service names - to contain spaces, your client software may not. Spaces will - be ignored in comparisons anyway, so it shouldn't be a - problem - but be aware of the possibility.</para> - - <para>On a similar note, many clients - especially DOS clients - - limit service names to eight characters. <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> has no such limitation, but attempts to connect from such - clients will fail if they truncate the service names. For this reason - you should probably keep your service names down to eight characters - in length.</para> - - <para>Use of the [homes] and [printers] special sections make life - for an administrator easy, but the various combinations of default - attributes can be tricky. Take extreme care when designing these - sections. In particular, ensure that the permissions on spool - directories are correct.</para> -</refsect1> - -<refsect1> - <title>VERSION</title> - - <para>This man page is correct for version 3.0 of the Samba suite.</para> -</refsect1> - -<refsect1> - <title>SEE ALSO</title> - <para> - <citerefentry><refentrytitle>samba</refentrytitle> - <manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle> - <manvolnum>1</manvolnum></citerefentry>.</para> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para>The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.</para> - - <para>The original Samba man pages were written by Karl Auer. - The man page sources were converted to YODL format (another - excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/"> - ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 - release by Jeremy Allison. The conversion to DocBook for - Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 - for Samba 3.0 was done by Alexander Bokovoy.</para> -</refsect1> - -</refentry> diff --git a/docs/docbook/smbdotconf/tuning/blocksize.xml b/docs/docbook/smbdotconf/tuning/blocksize.xml deleted file mode 100644 index da42ca9ece..0000000000 --- a/docs/docbook/smbdotconf/tuning/blocksize.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="BLOCKSIZE"/>block size (S)</term> - <listitem><para>This parameter controls the behavior of <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when reporting disk free - sizes. By default, this reports a disk block size of 1024 bytes. - </para> - - <para>Changing this parameter may have some effect on the - efficiency of client writes, this is not yet confirmed. This - parameter was added to allow advanced administrators to change - it (usually to a higher value) and test the effect it has on - client write performance without re-compiling the code. As this - is an experimental option it may be removed in a future release. - </para> - - <para>Changing this option does not change the disk free reporting - size, just the block size unit reported to the client.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/changenotifytimeout.xml b/docs/docbook/smbdotconf/tuning/changenotifytimeout.xml deleted file mode 100644 index 18c8b9a176..0000000000 --- a/docs/docbook/smbdotconf/tuning/changenotifytimeout.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="CHANGENOTIFYTIMEOUT"/>change notify timeout (G)</term> - <listitem><para>This SMB allows a client to tell a server to - "watch" a particular directory for any changes and only reply to - the SMB request when a change has occurred. Such constant scanning of - a directory is expensive under UNIX, hence an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon only performs such a scan - on each requested directory once every <parameter moreinfo="none">change notify - timeout</parameter> seconds.</para> - - <para>Default: <command moreinfo="none">change notify timeout = 60</command></para> - <para>Example: <command moreinfo="none">change notify timeout = 300</command></para> - - <para>Would change the scan time to every 5 minutes.</para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/deadtime.xml b/docs/docbook/smbdotconf/tuning/deadtime.xml deleted file mode 100644 index dbad06f25b..0000000000 --- a/docs/docbook/smbdotconf/tuning/deadtime.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DEADTIME"/>deadtime (G)</term> - <listitem><para>The value of the parameter (a decimal integer) - represents the number of minutes of inactivity before a connection - is considered dead, and it is disconnected. The deadtime only takes - effect if the number of open files is zero.</para> - - <para>This is useful to stop a server's resources being - exhausted by a large number of inactive connections.</para> - - <para>Most clients have an auto-reconnect feature when a - connection is broken so in most cases this parameter should be - transparent to users.</para> - - <para>Using this parameter with a timeout of a few minutes - is recommended for most systems.</para> - - <para>A deadtime of zero indicates that no auto-disconnection - should be performed.</para> - - <para>Default: <command moreinfo="none">deadtime = 0</command></para> - <para>Example: <command moreinfo="none">deadtime = 15</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/getwdcache.xml b/docs/docbook/smbdotconf/tuning/getwdcache.xml deleted file mode 100644 index c797bad414..0000000000 --- a/docs/docbook/smbdotconf/tuning/getwdcache.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="GETWDCACHE"/>getwd cache (G)</term> - <listitem><para>This is a tuning option. When this is enabled a - caching algorithm will be used to reduce the time taken for getwd() - calls. This can have a significant impact on performance, especially - when the <link linkend="WIDELINKS"><parameter moreinfo="none">wide links</parameter> - </link>parameter is set to <constant>no</constant>.</para> - - <para>Default: <command moreinfo="none">getwd cache = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/hostnamelookups.xml b/docs/docbook/smbdotconf/tuning/hostnamelookups.xml deleted file mode 100644 index daad09da8b..0000000000 --- a/docs/docbook/smbdotconf/tuning/hostnamelookups.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTNAMELOOKUPS"/>hostname lookups (G)</term> - <listitem><para>Specifies whether samba should use (expensive) - hostname lookups or use the ip addresses instead. An example place - where hostname lookups are currently used is when checking - the <command moreinfo="none">hosts deny</command> and <command moreinfo="none">hosts allow</command>. - </para> - - <para>Default: <command moreinfo="none">hostname lookups = yes</command></para> - - <para>Example: <command moreinfo="none">hostname lookups = no</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/keepalive.xml b/docs/docbook/smbdotconf/tuning/keepalive.xml deleted file mode 100644 index 746cda929e..0000000000 --- a/docs/docbook/smbdotconf/tuning/keepalive.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="KEEPALIVE"/>keepalive (G)</term> - <listitem><para>The value of the parameter (an integer) represents - the number of seconds between <parameter moreinfo="none">keepalive</parameter> - packets. If this parameter is zero, no keepalive packets will be - sent. Keepalive packets, if sent, allow the server to tell whether - a client is still present and responding.</para> - - <para>Keepalives should, in general, not be needed if the socket - being used has the SO_KEEPALIVE attribute set on it (see <link linkend="SOCKETOPTIONS"><parameter moreinfo="none">socket options</parameter></link>). - Basically you should only use this option if you strike difficulties.</para> - - <para>Default: <command moreinfo="none">keepalive = 300</command></para> - <para>Example: <command moreinfo="none">keepalive = 600</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxconnections.xml b/docs/docbook/smbdotconf/tuning/maxconnections.xml deleted file mode 100644 index 24af886b60..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxconnections.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXCONNECTIONS"/>max connections (S)</term> - <listitem><para>This option allows the number of simultaneous - connections to a service to be limited. If <parameter moreinfo="none">max connections - </parameter> is greater than 0 then connections will be refused if - this number of connections to the service are already open. A value - of zero mean an unlimited number of connections may be made.</para> - - <para>Record lock files are used to implement this feature. The - lock files will be stored in the directory specified by the <link linkend="LOCKDIRECTORY"><parameter moreinfo="none">lock directory</parameter></link> - option.</para> - - <para>Default: <command moreinfo="none">max connections = 0</command></para> - <para>Example: <command moreinfo="none">max connections = 10</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxdisksize.xml b/docs/docbook/smbdotconf/tuning/maxdisksize.xml deleted file mode 100644 index 8aebe91902..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxdisksize.xml +++ /dev/null @@ -1,24 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXDISKSIZE"/>max disk size (G)</term> - <listitem><para>This option allows you to put an upper limit - on the apparent size of disks. If you set this option to 100 - then all shares will appear to be not larger than 100 MB in - size.</para> - - <para>Note that this option does not limit the amount of - data you can put on the disk. In the above case you could still - store much more than 100 MB on the disk, but if a client ever asks - for the amount of free disk space or the total disk size then the - result will be bounded by the amount specified in <parameter moreinfo="none">max - disk size</parameter>.</para> - - <para>This option is primarily useful to work around bugs - in some pieces of software that can't handle very large disks, - particularly disks over 1GB in size.</para> - - <para>A <parameter moreinfo="none">max disk size</parameter> of 0 means no limit.</para> - - <para>Default: <command moreinfo="none">max disk size = 0</command></para> - <para>Example: <command moreinfo="none">max disk size = 1000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxopenfiles.xml b/docs/docbook/smbdotconf/tuning/maxopenfiles.xml deleted file mode 100644 index 85b76a3378..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxopenfiles.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXOPENFILES"/>max open files (G)</term> - <listitem><para>This parameter limits the maximum number of - open files that one <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> file - serving process may have open for a client at any one time. The - default for this parameter is set very high (10,000) as Samba uses - only one bit per unopened file.</para> - - <para>The limit of the number of open files is usually set - by the UNIX per-process file descriptor limit rather than - this parameter so you should never need to touch this parameter.</para> - - <para>Default: <command moreinfo="none">max open files = 10000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/maxsmbdprocesses.xml b/docs/docbook/smbdotconf/tuning/maxsmbdprocesses.xml deleted file mode 100644 index e46f0185ce..0000000000 --- a/docs/docbook/smbdotconf/tuning/maxsmbdprocesses.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MAXSMBDPROCESSES"/>max smbd processes (G)</term> - <listitem><para>This parameter limits the maximum number of - <ulink url="smbd.8.html"><command moreinfo="none">smbd(8)</command></ulink> - processes concurrently running on a system and is intended - as a stopgap to prevent degrading service to clients in the event - that the server has insufficient resources to handle more than this - number of connections. Remember that under normal operating - conditions, each user will have an <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> associated with him or her - to handle connections to all shares from a given host. - </para> - - <para>Default: <command moreinfo="none">max smbd processes = 0</command> ## no limit</para> - <para>Example: <command moreinfo="none">max smbd processes = 1000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/minprintspace.xml b/docs/docbook/smbdotconf/tuning/minprintspace.xml deleted file mode 100644 index acbb65fa41..0000000000 --- a/docs/docbook/smbdotconf/tuning/minprintspace.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MINPRINTSPACE"/>min print space (S)</term> - <listitem><para>This sets the minimum amount of free disk - space that must be available before a user will be able to spool - a print job. It is specified in kilobytes. The default is 0, which - means a user can always spool a print job.</para> - - <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing - </parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">min print space = 0</command></para> - <para>Example: <command moreinfo="none">min print space = 2000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/namecachetimeout.xml b/docs/docbook/smbdotconf/tuning/namecachetimeout.xml deleted file mode 100644 index 0500a75c8d..0000000000 --- a/docs/docbook/smbdotconf/tuning/namecachetimeout.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="NAMECACHETIMEOUT"/>name cache timeout (G)</term> - <listitem><para>Specifies the number of seconds it takes before - entries in samba's hostname resolve cache time out. If - the timeout is set to 0. the caching is disabled. - </para> - - - <para>Default: <command moreinfo="none">name cache timeout = 660</command></para> - <para>Example: <command moreinfo="none">name cache timeout = 0</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/paranoidserversecurity.xml b/docs/docbook/smbdotconf/tuning/paranoidserversecurity.xml deleted file mode 100644 index d60f179176..0000000000 --- a/docs/docbook/smbdotconf/tuning/paranoidserversecurity.xml +++ /dev/null @@ -1,16 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="PARANOIDSERVERSECURITY"/>paranoid server security (G)</term> - <listitem><para>Some version of NT 4.x allow non-guest - users with a bad passowrd. When this option is enabled, samba will not - use a broken NT 4.x server as password server, but instead complain - to the logs and exit. - </para> - - <para>Disabling this option prevents Samba from making - this check, which involves deliberatly attempting a - bad logon to the remote server.</para> - - <para>Default: <command moreinfo="none">paranoid server security = yes</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/readsize.xml b/docs/docbook/smbdotconf/tuning/readsize.xml deleted file mode 100644 index 59c6848c76..0000000000 --- a/docs/docbook/smbdotconf/tuning/readsize.xml +++ /dev/null @@ -1,25 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="READSIZE"/>read size (G)</term> - <listitem><para>The option <parameter moreinfo="none">read size</parameter> - affects the overlap of disk reads/writes with network reads/writes. - If the amount of data being transferred in several of the SMB - commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger - than this value then the server begins writing the data before it - has received the whole packet from the network, or in the case of - SMBreadbraw, it begins writing to the network before all the data - has been read from disk.</para> - - <para>This overlapping works best when the speeds of disk and - network access are similar, having very little effect when the - speed of one is much greater than the other.</para> - - <para>The default value is 16384, but very little experimentation - has been done yet to determine the optimal value, and it is likely - that the best value will vary greatly between systems anyway. - A value over 65536 is pointless and will cause you to allocate - memory unnecessarily.</para> - - <para>Default: <command moreinfo="none">read size = 16384</command></para> - <para>Example: <command moreinfo="none">read size = 8192</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/socketoptions.xml b/docs/docbook/smbdotconf/tuning/socketoptions.xml deleted file mode 100644 index 3acc259083..0000000000 --- a/docs/docbook/smbdotconf/tuning/socketoptions.xml +++ /dev/null @@ -1,69 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SOCKETOPTIONS"/>socket options (G)</term> - <listitem><para>This option allows you to set socket options - to be used when talking with the client.</para> - - <para>Socket options are controls on the networking layer - of the operating systems which allow the connection to be - tuned.</para> - - <para>This option will typically be used to tune your Samba - server for optimal performance for your local network. There is - no way that Samba can know what the optimal parameters are for - your net, so you must experiment and choose them yourself. We - strongly suggest you read the appropriate documentation for your - operating system first (perhaps <command moreinfo="none">man setsockopt</command> - will help).</para> - - <para>You may find that on some systems Samba will say - "Unknown socket option" when you supply an option. This means you - either incorrectly typed it or you need to add an include file - to includes.h for your OS. If the latter is the case please - send the patch to <ulink url="mailto:samba@samba.org"> - samba@samba.org</ulink>.</para> - - <para>Any of the supported socket options may be combined - in any way you like, as long as your OS allows it.</para> - - <para>This is the list of socket options currently settable - using this option:</para> - - <itemizedlist> - <listitem><para>SO_KEEPALIVE</para></listitem> - <listitem><para>SO_REUSEADDR</para></listitem> - <listitem><para>SO_BROADCAST</para></listitem> - <listitem><para>TCP_NODELAY</para></listitem> - <listitem><para>IPTOS_LOWDELAY</para></listitem> - <listitem><para>IPTOS_THROUGHPUT</para></listitem> - <listitem><para>SO_SNDBUF *</para></listitem> - <listitem><para>SO_RCVBUF *</para></listitem> - <listitem><para>SO_SNDLOWAT *</para></listitem> - <listitem><para>SO_RCVLOWAT *</para></listitem> - </itemizedlist> - - <para>Those marked with a <emphasis>'*'</emphasis> take an integer - argument. The others can optionally take a 1 or 0 argument to enable - or disable the option, by default they will be enabled if you - don't specify 1 or 0.</para> - - <para>To specify an argument use the syntax SOME_OPTION = VALUE - for example <command moreinfo="none">SO_SNDBUF = 8192</command>. Note that you must - not have any spaces before or after the = sign.</para> - - <para>If you are on a local network then a sensible option - might be</para> - <para><command moreinfo="none">socket options = IPTOS_LOWDELAY</command></para> - - <para>If you have a local network then you could try:</para> - <para><command moreinfo="none">socket options = IPTOS_LOWDELAY TCP_NODELAY</command></para> - - <para>If you are on a wide area network then perhaps try - setting IPTOS_THROUGHPUT. </para> - - <para>Note that several of the options may cause your Samba - server to fail completely. Use these options with caution!</para> - - <para>Default: <command moreinfo="none">socket options = TCP_NODELAY</command></para> - <para>Example: <command moreinfo="none">socket options = IPTOS_LOWDELAY</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/statcachesize.xml b/docs/docbook/smbdotconf/tuning/statcachesize.xml deleted file mode 100644 index fe7d3a7be2..0000000000 --- a/docs/docbook/smbdotconf/tuning/statcachesize.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STATCACHESIZE"/>stat cache size (G)</term> - <listitem><para>This parameter determines the number of - entries in the <parameter moreinfo="none">stat cache</parameter>. You should - never need to change this parameter.</para> - - <para>Default: <command moreinfo="none">stat cache size = 50</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/strictallocate.xml b/docs/docbook/smbdotconf/tuning/strictallocate.xml deleted file mode 100644 index 7b33ef3fc3..0000000000 --- a/docs/docbook/smbdotconf/tuning/strictallocate.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRICTALLOCATE"/>strict allocate (S)</term> - <listitem><para>This is a boolean that controls the handling of - disk space allocation in the server. When this is set to <constant>yes</constant> - the server will change from UNIX behaviour of not committing real - disk storage blocks when a file is extended to the Windows behaviour - of actually forcing the disk system to allocate real storage blocks - when a file is created or extended to be a given size. In UNIX - terminology this means that Samba will stop creating sparse files. - This can be slow on some systems.</para> - - <para>When strict allocate is <constant>no</constant> the server does sparse - disk block allocation when a file is extended.</para> - - <para>Setting this to <constant>yes</constant> can help Samba return - out of quota messages on systems that are restricting the disk quota - of users.</para> - - <para>Default: <command moreinfo="none">strict allocate = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/strictsync.xml b/docs/docbook/smbdotconf/tuning/strictsync.xml deleted file mode 100644 index b228f7cfcb..0000000000 --- a/docs/docbook/smbdotconf/tuning/strictsync.xml +++ /dev/null @@ -1,23 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="STRICTSYNC"/>strict sync (S)</term> - <listitem><para>Many Windows applications (including the Windows - 98 explorer shell) seem to confuse flushing buffer contents to - disk with doing a sync to disk. Under UNIX, a sync call forces - the process to be suspended until the kernel has ensured that - all outstanding data in kernel disk buffers has been safely stored - onto stable storage. This is very slow and should only be done - rarely. Setting this parameter to <constant>no</constant> (the - default) means that <citerefentry><refentrytitle>smbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> ignores the Windows applications requests for - a sync call. There is only a possibility of losing data if the - operating system itself that Samba is running on crashes, so there is - little danger in this default setting. In addition, this fixes many - performance problems that people have reported with the new Windows98 - explorer shell file copies.</para> - - <para>See also the <link linkend="SYNCALWAYS"><parameter moreinfo="none">sync - always></parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">strict sync = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/syncalways.xml b/docs/docbook/smbdotconf/tuning/syncalways.xml deleted file mode 100644 index c5c32343a7..0000000000 --- a/docs/docbook/smbdotconf/tuning/syncalways.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="SYNCALWAYS"/>sync always (S)</term> - <listitem><para>This is a boolean parameter that controls - whether writes will always be written to stable storage before - the write call returns. If this is <constant>no</constant> then the server will be - guided by the client's request in each write call (clients can - set a bit indicating that a particular write should be synchronous). - If this is <constant>yes</constant> then every write will be followed by a <command moreinfo="none">fsync() - </command> call to ensure the data is written to disk. Note that - the <parameter moreinfo="none">strict sync</parameter> parameter must be set to - <constant>yes</constant> in order for this parameter to have - any affect.</para> - - <para>See also the <link linkend="STRICTSYNC"><parameter moreinfo="none">strict - sync</parameter></link> parameter.</para> - - <para>Default: <command moreinfo="none">sync always = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/usemmap.xml b/docs/docbook/smbdotconf/tuning/usemmap.xml deleted file mode 100644 index 46fa4600de..0000000000 --- a/docs/docbook/smbdotconf/tuning/usemmap.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USEMMAP"/>use mmap (G)</term> - <listitem><para>This global parameter determines if the tdb internals of Samba can - depend on mmap working correctly on the running system. Samba requires a coherent - mmap/read-write system memory cache. Currently only HPUX does not have such a - coherent cache, and so this parameter is set to <constant>no</constant> by - default on HPUX. On all other systems this parameter should be left alone. This - parameter is provided to help the Samba developers track down problems with - the tdb internal code. - </para> - - <para>Default: <command moreinfo="none">use mmap = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/usesendfile.xml b/docs/docbook/smbdotconf/tuning/usesendfile.xml deleted file mode 100644 index 5f2dcb72a9..0000000000 --- a/docs/docbook/smbdotconf/tuning/usesendfile.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="USESENDFILE"/>use sendfile (S)</term> - <listitem><para>If this parameter is <constant>yes</constant>, and Samba - was built with the --with-sendfile-support option, and the underlying operating - system supports sendfile system call, then some SMB read calls (mainly ReadAndX - and ReadRaw) will use the more efficient sendfile system call for files that - are exclusively oplocked. This may make more efficient use of the system CPU's - and cause Samba to be faster. This is off by default as it's effects are unknown - as yet. - </para> - - <para>Default: <command moreinfo="none">use sendfile = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/tuning/writecachesize.xml b/docs/docbook/smbdotconf/tuning/writecachesize.xml deleted file mode 100644 index b54a0e4fd6..0000000000 --- a/docs/docbook/smbdotconf/tuning/writecachesize.xml +++ /dev/null @@ -1,27 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WRITECACHESIZE"/>write cache size (S)</term> - <listitem><para>If this integer parameter is set to non-zero value, - Samba will create an in-memory cache for each oplocked file - (it does <emphasis>not</emphasis> do this for - non-oplocked files). All writes that the client does not request - to be flushed directly to disk will be stored in this cache if possible. - The cache is flushed onto disk when a write comes in whose offset - would not fit into the cache or when the file is closed by the client. - Reads for the file are also served from this cache if the data is stored - within it.</para> - - <para>This cache allows Samba to batch client writes into a more - efficient write size for RAID disks (i.e. writes may be tuned to - be the RAID stripe size) and can improve performance on systems - where the disk subsystem is a bottleneck but there is free - memory for userspace programs.</para> - - <para>The integer parameter specifies the size of this cache - (per oplocked file) in bytes.</para> - - <para>Default: <command moreinfo="none">write cache size = 0</command></para> - <para>Example: <command moreinfo="none">write cache size = 262144</command></para> - - <para>for a 256k cache size per file.</para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml deleted file mode 100644 index 0496fd7f47..0000000000 --- a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="HOSTMSDFS"/>host msdfs (G)</term> - <listitem><para>This boolean parameter is only available - if Samba has been configured and compiled with the <command moreinfo="none"> - --with-msdfs</command> option. If set to <constant>yes</constant>, - Samba will act as a Dfs server, and allow Dfs-aware clients - to browse Dfs trees hosted on the server.</para> - - <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none"> - msdfs root</parameter></link> share level parameter. For - more information on setting up a Dfs tree on Samba, - refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. - </para> - - <para>Default: <command moreinfo="none">host msdfs = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml deleted file mode 100644 index 41b36cb91b..0000000000 --- a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml +++ /dev/null @@ -1,15 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MSDFSPROXY"/>msdfs proxy (S)</term> - <listitem><para>This parameter indicates that the share is a - stand-in for another CIFS share whose location is specified by - the value of the parameter. When clients attempt to connect to - this share, they are redirected to the proxied share using - the SMB-Dfs protocol.</para> - <para>Only Dfs roots can act as proxy shares. Take a look at the - <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link> - and - <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link> - options to find out how to set up a Dfs root share.</para> - <para>Example: <command moreinfo="none">msdfs proxy = \\\\otherserver\\someshare</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml deleted file mode 100644 index dc50ba5e57..0000000000 --- a/docs/docbook/smbdotconf/vfs/msdfsroot.xml +++ /dev/null @@ -1,19 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="MSDFSROOT"/>msdfs root (S)</term> - <listitem><para>This boolean parameter is only available if - Samba is configured and compiled with the <command moreinfo="none"> - --with-msdfs</command> option. If set to <constant>yes</constant>, - Samba treats the share as a Dfs root and allows clients to browse - the distributed file system tree rooted at the share directory. - Dfs links are specified in the share directory by symbolic - links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename> - and so on. For more information on setting up a Dfs tree - on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft - Distributed File System tree on Samba"</ulink> document.</para> - - <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs - </parameter></link></para> - - <para>Default: <command moreinfo="none">msdfs root = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml deleted file mode 100644 index d334552dae..0000000000 --- a/docs/docbook/smbdotconf/vfs/vfsobject.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VFSOBJECT"/>vfs object (S)</term> - <listitem><para>This parameter specifies a shared object files that - are used for Samba VFS I/O operations. By default, normal - disk I/O operations are used but these can be overloaded - with one or more VFS objects. </para> - - <para>Default : <emphasis>no value</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfsoptions.xml b/docs/docbook/smbdotconf/vfs/vfsoptions.xml deleted file mode 100644 index 28f14a09bf..0000000000 --- a/docs/docbook/smbdotconf/vfs/vfsoptions.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VFSOPTIONS"/>vfs options (S)</term> - <listitem><para>This parameter allows parameters to be passed - to the vfs layer at initialization time. - See also <link linkend="VFSOBJECT"><parameter moreinfo="none"> - vfs object</parameter></link>.</para> - - <para>Default : <emphasis>no value</emphasis></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/vfs/vfspath.xml b/docs/docbook/smbdotconf/vfs/vfspath.xml deleted file mode 100644 index 78c27302a8..0000000000 --- a/docs/docbook/smbdotconf/vfs/vfspath.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="VFSPATH"/>vfs path (S)</term> - <listitem><para>This parameter specifies the directory - to look in for vfs modules. The name of every <command moreinfo="none">vfs object - </command> will be prepended by this directory - </para> - - <para>Default: <command moreinfo="none">vfs path = </command></para> - <para>Example: <command moreinfo="none">vfs path = /usr/lib/samba/vfs</command></para> - - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templatehomedir.xml b/docs/docbook/smbdotconf/winbind/templatehomedir.xml deleted file mode 100644 index a931e9b5a3..0000000000 --- a/docs/docbook/smbdotconf/winbind/templatehomedir.xml +++ /dev/null @@ -1,13 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TEMPLATEHOMEDIR"/>template homedir (G)</term> - <listitem><para>When filling out the user information for a Windows NT - user, the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon - uses this parameter to fill in the home directory for that user. - If the string <parameter moreinfo="none">%D</parameter> is present it is substituted - with the user's Windows NT domain name. If the string <parameter moreinfo="none">%U - </parameter> is present it is substituted with the user's Windows - NT user name.</para> - - <para>Default: <command moreinfo="none">template homedir = /home/%D/%U</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/templateshell.xml b/docs/docbook/smbdotconf/winbind/templateshell.xml deleted file mode 100644 index e0b9f1a2ca..0000000000 --- a/docs/docbook/smbdotconf/winbind/templateshell.xml +++ /dev/null @@ -1,10 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="TEMPLATESHELL"/>template shell (G)</term> - <listitem><para>When filling out the user information for a Windows NT - user, the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon - uses this parameter to fill in the login shell for that user.</para> - - <para>Default: <command moreinfo="none">template shell = /bin/false</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml deleted file mode 100644 index adbb8b12f6..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml +++ /dev/null @@ -1,11 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDCACHETIME"/>winbind cache time (G)</term> - <listitem><para>This parameter specifies the number of - seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon will cache - user and group information before querying a Windows NT server - again.</para> - - <para>Default: <command moreinfo="none">winbind cache type = 15</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml deleted file mode 100644 index 096c280fc2..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml +++ /dev/null @@ -1,18 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDENUMGROUPS"/>winbind enum groups (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress - the enumeration of groups through the <command moreinfo="none">setgrent()</command>, - <command moreinfo="none">getgrent()</command> and - <command moreinfo="none">endgrent()</command> group of system calls. If - the <parameter moreinfo="none">winbind enum groups</parameter> parameter is - <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system - call will not return any data. </para> - - <para><emphasis>Warning:</emphasis> Turning off group - enumeration may cause some programs to behave oddly. - </para> - - <para>Default: <command moreinfo="none">winbind enum groups = yes </command> - </para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml deleted file mode 100644 index 7935755f0c..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml +++ /dev/null @@ -1,20 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDENUMUSERS"/>winbind enum users (G)</term> - <listitem><para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> it may be - necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>, - <command moreinfo="none">getpwent()</command> and - <command moreinfo="none">endpwent()</command> group of system calls. If - the <parameter moreinfo="none">winbind enum users</parameter> parameter is - <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call - will not return any data. </para> - - <para><emphasis>Warning:</emphasis> Turning off user - enumeration may cause some programs to behave oddly. For - example, the finger program relies on having access to the - full user list when searching for matching - usernames. </para> - - <para>Default: <command moreinfo="none">winbind enum users = yes </command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml deleted file mode 100644 index a8a9683b01..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindgid.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDGID"/>winbind gid (G)</term> - <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no - existing local or NIS groups within it as strange conflicts can - occur otherwise.</para> - - <para>Default: <command moreinfo="none">winbind gid = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">winbind gid = 10000-20000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindseparator.xml b/docs/docbook/smbdotconf/winbind/winbindseparator.xml deleted file mode 100644 index 416adcb531..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindseparator.xml +++ /dev/null @@ -1,17 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDSEPARATOR"/>winbind separator (G)</term> - <listitem><para>This parameter allows an admin to define the character - used when listing a username of the form of <replaceable>DOMAIN - </replaceable>\<replaceable>user</replaceable>. This parameter - is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename> - and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services. - </para> - - <para>Please note that setting this parameter to + causes problems - with group membership at least on glibc systems, as the character + - is used as a special character for NIS in /etc/group.</para> - - <para>Default: <command moreinfo="none">winbind separator = '\'</command></para> - <para>Example: <command moreinfo="none">winbind separator = +</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml deleted file mode 100644 index ecd7848f61..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbinduid.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDUID"/>winbind uid (G)</term> - <listitem><para>The winbind gid parameter specifies the range of group - ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no - existing local or NIS users within it as strange conflicts can - occur otherwise.</para> - - <para>Default: <command moreinfo="none">winbind uid = <empty string> - </command></para> - - <para>Example: <command moreinfo="none">winbind uid = 10000-20000</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml deleted file mode 100644 index a6b7bcd7e5..0000000000 --- a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINBINDUSEDEFAULTDOMAIN"/>winbind use default domain (G)</term> - <listitem><para>This parameter specifies whether the <citerefentry><refentrytitle>winbindd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> daemon should operate on users - without domain component in their username. - Users without a domain component are treated as is part of the winbindd server's - own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail - function in a way much closer to the way they would in a native unix system.</para> - - <para>Default: <command moreinfo="none">winbind use default domain = <no> - </command></para> - <para>Example: <command moreinfo="none">winbind use default domain = yes</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/dnsproxy.xml b/docs/docbook/smbdotconf/wins/dnsproxy.xml deleted file mode 100644 index fd53ae7ded..0000000000 --- a/docs/docbook/smbdotconf/wins/dnsproxy.xml +++ /dev/null @@ -1,21 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="DNSPROXY"/>dns proxy (G)</term> - <listitem><para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and - finding that a NetBIOS name has not been registered, should treat the - NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server - for that name on behalf of the name-querying client.</para> - - <para>Note that the maximum length for a NetBIOS name is 15 - characters, so the DNS name (or DNS alias) can likewise only be - 15 characters, maximum.</para> - - <para><command moreinfo="none">nmbd</command> spawns a second copy of itself to do the - DNS name lookup requests, as doing a name lookup is a blocking - action.</para> - - <para>See also the parameter <link linkend="WINSSUPPORT"><parameter moreinfo="none"> - wins support</parameter></link>.</para> - - <para>Default: <command moreinfo="none">dns proxy = yes</command></para></listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winshook.xml b/docs/docbook/smbdotconf/wins/winshook.xml deleted file mode 100644 index e0c4a87c5b..0000000000 --- a/docs/docbook/smbdotconf/wins/winshook.xml +++ /dev/null @@ -1,43 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSHOOK"/>wins hook (G)</term> - <listitem><para>When Samba is running as a WINS server this - allows you to call an external program for all changes to the - WINS database. The primary use for this option is to allow the - dynamic update of external name resolution databases such as - dynamic DNS.</para> - - <para>The wins hook parameter specifies the name of a script - or executable that will be called as follows:</para> - - <para><command moreinfo="none">wins_hook operation name nametype ttl IP_list - </command></para> - - <itemizedlist> - <listitem><para>The first argument is the operation and is one - of "add", "delete", or "refresh". In most cases the operation can - be ignored as the rest of the parameters provide sufficient - information. Note that "refresh" may sometimes be called when the - name has not previously been added, in that case it should be treated - as an add.</para></listitem> - - <listitem><para>The second argument is the NetBIOS name. If the - name is not a legal name then the wins hook is not called. - Legal names contain only letters, digits, hyphens, underscores - and periods.</para></listitem> - - <listitem><para>The third argument is the NetBIOS name - type as a 2 digit hexadecimal number. </para></listitem> - - <listitem><para>The fourth argument is the TTL (time to live) - for the name in seconds.</para></listitem> - - <listitem><para>The fifth and subsequent arguments are the IP - addresses currently registered for that name. If this list is - empty then the name should be deleted.</para></listitem> - </itemizedlist> - - <para>An example script that calls the BIND dynamic DNS update - program <command moreinfo="none">nsupdate</command> is provided in the examples - directory of the Samba source code. </para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml deleted file mode 100644 index 840435ae4e..0000000000 --- a/docs/docbook/smbdotconf/wins/winspartners.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSPARTNERS"/>wins partners (G)</term> - <listitem><para>A space separated list of partners' IP addresses for - WINS replication. WINS partners are always defined as push/pull - partners as defining only one way WINS replication is unreliable. - WINS replication is currently experimental and unreliable between - samba servers. - </para> - - <para>Default: <command moreinfo="none">wins partners = </command></para> - - <para>Example: <command moreinfo="none">wins partners = 192.168.0.1 172.16.1.2</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsproxy.xml b/docs/docbook/smbdotconf/wins/winsproxy.xml deleted file mode 100644 index 31978d3b24..0000000000 --- a/docs/docbook/smbdotconf/wins/winsproxy.xml +++ /dev/null @@ -1,9 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSPROXY"/>wins proxy (G)</term> - <listitem><para>This is a boolean that controls if <ulink url="nmbd.8.html">nmbd(8)</ulink> will respond to broadcast name - queries on behalf of other hosts. You may need to set this - to <constant>yes</constant> for some older clients.</para> - - <para>Default: <command moreinfo="none">wins proxy = no</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml deleted file mode 100644 index ebdb3016c7..0000000000 --- a/docs/docbook/smbdotconf/wins/winsserver.xml +++ /dev/null @@ -1,32 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSSERVER"/>wins server (G)</term> - <listitem><para>This specifies the IP address (or DNS name: IP - address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on - your network then you should set this to the WINS server's IP.</para> - - <para>You should point this at your WINS server if you have a - multi-subnetted network.</para> - - <para>If you want to work in multiple namespaces, you can - give every wins server a 'tag'. For each tag, only one - (working) server will be queried for a name. The tag should be - seperated from the ip address by a colon. - </para> - - <note><para>You need to set up Samba to point - to a WINS server if you have multiple subnets and wish cross-subnet - browsing to work correctly.</para></note> - - <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para> - - <para>Default: <emphasis>not enabled</emphasis></para> - <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para> - <para>For this example when querying a certain name, 192.19.200.1 will - be asked first and if that doesn't respond 192.168.2.61. If either - of those doesn't know the name 192.168.3.199 will be queried. - </para> - - <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para> - </listitem> - </samba:parameter> diff --git a/docs/docbook/smbdotconf/wins/winssupport.xml b/docs/docbook/smbdotconf/wins/winssupport.xml deleted file mode 100644 index 5ad886a9b1..0000000000 --- a/docs/docbook/smbdotconf/wins/winssupport.xml +++ /dev/null @@ -1,12 +0,0 @@ -<samba:parameter xmlns:samba="http://samba.org/common"> - <term><anchor id="WINSSUPPORT"/>wins support (G)</term> - <listitem><para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should - not set this to <constant>yes</constant> unless you have a multi-subnetted network and - you wish a particular <command moreinfo="none">nmbd</command> to be your WINS server. - Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant> - on more than one machine in your network.</para> - - <para>Default: <command moreinfo="none">wins support = no</command></para> - </listitem> - </samba:parameter> |