diff options
Diffstat (limited to 'docs/manpages')
-rw-r--r-- | docs/manpages/Samba.7 | 5 | ||||
-rw-r--r-- | docs/manpages/log2pcap.1 | 116 | ||||
-rw-r--r-- | docs/manpages/mount.cifs.8 | 186 | ||||
-rw-r--r-- | docs/manpages/net.8 | 11 | ||||
-rw-r--r-- | docs/manpages/nmbd.8 | 14 | ||||
-rw-r--r-- | docs/manpages/nmblookup.1 | 8 | ||||
-rw-r--r-- | docs/manpages/ntlm_auth.1 | 4 | ||||
-rw-r--r-- | docs/manpages/pdbedit.8 | 8 | ||||
-rw-r--r-- | docs/manpages/rpcclient.1 | 8 | ||||
-rw-r--r-- | docs/manpages/samba.7 | 5 | ||||
-rw-r--r-- | docs/manpages/smb.conf.5 | 499 | ||||
-rw-r--r-- | docs/manpages/smbcacls.1 | 4 | ||||
-rw-r--r-- | docs/manpages/smbclient.1 | 22 | ||||
-rw-r--r-- | docs/manpages/smbcontrol.1 | 7 | ||||
-rw-r--r-- | docs/manpages/smbcquotas.1 | 4 | ||||
-rw-r--r-- | docs/manpages/smbd.8 | 12 | ||||
-rw-r--r-- | docs/manpages/smbpasswd.8 | 2 | ||||
-rw-r--r-- | docs/manpages/smbsh.1 | 10 | ||||
-rw-r--r-- | docs/manpages/smbstatus.1 | 4 | ||||
-rw-r--r-- | docs/manpages/smbtree.1 | 4 | ||||
-rw-r--r-- | docs/manpages/swat.8 | 4 | ||||
-rw-r--r-- | docs/manpages/vfstest.1 | 4 | ||||
-rw-r--r-- | docs/manpages/wbinfo.1 | 96 | ||||
-rw-r--r-- | docs/manpages/winbindd.8 | 22 |
24 files changed, 851 insertions, 208 deletions
diff --git a/docs/manpages/Samba.7 b/docs/manpages/Samba.7 index bd0cfa3d48..591e4ca28a 100644 --- a/docs/manpages/Samba.7 +++ b/docs/manpages/Samba.7 @@ -209,7 +209,10 @@ If you have patches to submit, visithttp://devel\&.samba\&.org/ for information .SH "CONTRIBUTORS" .PP -Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users\&. To see a full list, look at the\fIchange-log\fR in the source package for the pre-CVS changes and at http://cvs\&.samba\&.org/ for the contributors to Samba post-CVS\&. CVS is the Open Source source code control system used by the Samba Team to develop Samba\&. The project would have been unmanageable without it\&. +Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users\&. To see a full list, look at ftp://samba\&.org/pub/samba/alpha/change-log for the pre-CVS changes and at ftp://samba\&.org/pub/samba/alpha/cvs\&.log for the contributors to Samba post-CVS\&. CVS is the Open Source source code control system used by the Samba Team to develop Samba\&. The project would have been unmanageable without it\&. + +.PP +In addition, several commercial organizations now help fund the Samba Team with money and equipment\&. For details see the Samba Web pages at http://samba\&.org/samba/samba-thanks\&.html\&. .SH "AUTHOR" diff --git a/docs/manpages/log2pcap.1 b/docs/manpages/log2pcap.1 new file mode 100644 index 0000000000..60df066260 --- /dev/null +++ b/docs/manpages/log2pcap.1 @@ -0,0 +1,116 @@ +.\"Generated by db2man.xsl. Don't modify this, modify the source. +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "LOG2PCAP" 1 "" "" "" +.SH NAME +log2pcap \- Extract network traces from Samba log files +.SH "SYNOPSIS" + +.nf +\fBlog2pcap\fR [-h] [-q] [logfile] [pcap_file] +.fi + +.SH "DESCRIPTION" + +.PP +This tool is part of the \fBSamba\fR(7) suite\&. + +.PP +\fBlog2pcap\fR reads in a samba log file and generates a pcap file (readable by most sniffers, such as ethereal or tcpdump) based on the packet dumps in the log file\&. + +.PP +The log file must have a \fIlog level\fR of at least \fB5\fR to get the SMB header/parameters right, \fB10\fR to get the first 512 data bytes of the packet and \fB50\fR to get the whole packet\&. + +.SH "OPTIONS" + +.TP +-h +If this parameter is specified the output file will be a hex dump, in a format that is readable by the text2pcap utility\&. + + +.TP +-q +Be quiet\&. No warning messages about missing or incomplete data will be given\&. + + +.TP +logfile +Samba log file\&. log2pcap will try to read the log from stdin if the log file is not specified\&. + + +.TP +pcap_file +Name of the output file to write the pcap (or hexdump) data to\&. If this argument is not specified, output data will be written to stdout\&. + + +.TP +-h|--help +Print a summary of command line options\&. + + +.SH "EXAMPLES" + +.PP +Extract all network traffic from all samba log files: + +.PP + +.nf + + $ cat /var/log/* | log2pcap > trace\&.pcap + .fi + + +.PP +Convert to pcap using text2pcap: + +.PP + +.nf + + $ log2pcap -h samba\&.log | text2pcap -T 139,139 - trace\&.pcap + .fi + + +.SH "VERSION" + +.PP +This man page is correct for version 3\&.0 of the Samba suite\&. + +.SH "BUGS" + +.PP +Only SMB data is extracted from the samba logs, no LDAP, NetBIOS lookup or other data\&. + +.PP +The generated TCP and IP headers don't contain a valid checksum\&. + +.SH "SEE ALSO" + +.PP +\fBtext2pcap\fR(1), \fBethereal\fR(1) + +.SH "AUTHOR" + +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. + +.PP +This manpage was written by Jelmer Vernooij\&. + diff --git a/docs/manpages/mount.cifs.8 b/docs/manpages/mount.cifs.8 new file mode 100644 index 0000000000..9fcabf38a7 --- /dev/null +++ b/docs/manpages/mount.cifs.8 @@ -0,0 +1,186 @@ +.\"Generated by db2man.xsl. Don't modify this, modify the source. +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "MOUNT.CIFS" 8 "" "" "" +.SH NAME +mount.cifs \- mount using the Common Internet File System (CIFS) +.SH "SYNOPSIS" + +.nf +\fBmount.cifs\fR {service} {mount-point} [-o options] +.fi + +.SH "DESCRIPTION" + +.PP +This tool is part of the \fBSamba\fR(7) suite\&. + +.PP +mount\&.cifs mounts a Linux CIFS filesystem\&. It is usually invoked indirectly by the \fBmount\fR(8) command when using the "-t cifs" option\&. This command only works in Linux, and the kernel must support the cifs filesystem\&. The CIFS protocol is the successor to the SMB protocol and is supported by most Windows servers and many other commercial servers and Network Attached Storage appliances as well as by the popular Open Source server Samba\&. + +.PP +The mount\&.cifs utility attaches the UNC name (exported network resource) to the local directory \fBmount-point\fR\&. It is possible to set the mode for mount\&.cifs to setuid root to allow non-root users to mount shares to directories for which they have write permission\&. + +.PP +Options to \fBmount\&.cifs\fR are specified as a comma-separated list of key=value pairs\&. It is possible to send options other than those listed here, assuming that cifs supports them\&. If you get mount failures, check your kernel log for errors on unknown options\&. + +.PP +\fBmount\&.cifs\fR is a daemon\&. After mounting it keeps running until the mounted resource is unmounted (usually via the umount utility) + +.SH "OPTIONS" + +.TP +username=\fIarg\fR +specifies the username to connect as\&. If this is not given, then the environment variable \fBUSER\fR is used\&. This option can also take the form "user%password" or "user/workgroup" or "user/workgroup%password" to allow the password and workgroup to be specified as part of the username\&. + + +.TP +password=\fIarg\fR +specifies the CIFS password\&. If this option is not given then the environment variable \fBPASSWD\fR is used\&. If it can find no password \fBmount\&.cifs\fR will prompt for a passeword, unless the guest option is given\&. + + +Note that password which contain the arguement delimiter character (i\&.e\&. a comma ',') will failed to be parsed correctly on the command line\&. However, the same password defined in the PASSWD environment variable or a credentials file (see below) will be read correctly\&. + + +.TP +credentials=\fIfilename\fR +specifies a file that contains a username and/or password\&. The format of the file is: + + + +.nf + username = value + password = value +.fi +This is preferred over having passwords in plaintext in a shared file, such as \fI/etc/fstab\fR\&. Be sure to protect any credentials file properly\&. + + +.TP +uid=\fIarg\fR +sets the uid that will own all files on the mounted filesystem\&. It may be specified as either a username or a numeric uid\&. This parameter is ignored when the target server supports the CIFS Unix extensions\&. + + +.TP +gid=\fIarg\fR +sets the gid that will own all files on the mounted filesystem\&. It may be specified as either a groupname or a numeric gid\&. This parameter is ignored when the target server supports the CIFS Unix extensions\&. + + +.TP +port=\fIarg\fR +sets the port number on the server to attempt to contact to negotiate CIFS support\&. If the CIFS server is not listening on this port or if it is not specified, the default ports will be tried i\&.e\&. port 445 is tried and if no response then port 139 is tried\&. + + +.TP +file_mode=\fIarg\fR +If the server does not support the CIFS Unix extensions this overrides default file mode which will be used locally\&. + + +.TP +dir_mode=\fIarg\fR +If the server does not support the CIFS Unix extensions this overrides the default mode for directories\&. + + +.TP +ip=\fIarg\fR +sets the destination host or IP address\&. + + +.TP +domain=\fIarg\fR +sets the domain (workgroup) of the user + + +.TP +guest +don't prompt for a password + + +.TP +ro +mount read-only + + +.TP +rw +mount read-write + + +.TP +rsize +default network read size + + +.TP +wsize +default network write size + + +.SH "ENVIRONMENT VARIABLES" + +.PP +The variable \fBUSER\fR may contain the username of the person using the client\&. This information is used only if the protocol level is high enough to support session-level passwords\&. The variable can be used to set both username and password by using the format username%password\&. + +.PP +The variable \fBPASSWD\fR may contain the password of the person using the client\&. This information is used only if the protocol level is high enough to support session-level passwords\&. + +.PP +The variable \fBPASSWD_FILE\fR may contain the pathname of a file to read the password from\&. A single line of input is read and used as the password\&. + +.SH "NOTES" + +.PP +This command may be used only by root\&. + +.SH "CONFIGURATION" + +.PP +The primary mechanism for making configuration changes and for reading debug information for the cifs vfs is via the Linux /proc filesystem\&. In the directory /proc/fs/cifs are various configuration files and pseudo files which can display debug information\&. For more information see the kernel file fs/cifs/README + +.SH "BUGS" + +.PP +Passwords and other options containing , can not be handled\&. For passwords an alternative way of passing them is in a credentials file or in the PASSWD environment\&. + +.PP +The credentials file does not handle usernames or passwords with leading space\&. + +.PP +Note that the typical response to a bug report is suggestion to try the latest version first\&. So please try doing that first, and always include which versions you use of relevant software when reporting bugs (minimum: samba, kernel, distribution) + +.SH "VERSION" + +.PP +This man page is correct for version 3\&.0 of the Samba suite\&. + +.SH "SEE ALSO" + +.PP +Documentation/filesystems/cifs\&.txt and fs/cifs/README in the linux kernel source tree may contain additional options and information\&. + +.SH "AUTHOR" + +.PP +Steve French + +.PP +The syntax and manpage were loosely based on that of smbmount\&. It was converted to Docbook/XML by Jelmer Vernooij\&. + +.PP +The current maintainer of the Linux cifs vfs and the userspace tool \fBmount\&.cifs\fR is Steve French\&. The SAMBA Mailing list is the preferred place to ask questions regarding these programs\&. + diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index d473503792..70a6090792 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -70,12 +70,12 @@ Port on the target server to connect to (usually 139 or 445)\&. Defaults to tryi .TP -n <primary NetBIOS name> -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -104,11 +104,16 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .SH "COMMANDS" +.SS "CHANGESECRETPW" + +.PP +This command allows the Samba machine account password to be set from an external application to a machine account password that has already been stored in Active Directory\&. DO NOT USE this command unless you know exactly what you are doing\&. The use of this command requires that the force flag (-f) be used also\&. There will be NO command prompt\&. Whatever information is piped into stdin, either by typing at the command line or otherwise, will be stored as the literal machine password\&. Do NOT use this without care and attention as it will overwrite a legitimate machine password without warning\&. YOU HAVE BEEN WARNED\&. + .SS "TIME" .PP diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 096876bfde..0b63e77ee2 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -89,7 +89,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -103,7 +103,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -120,7 +120,7 @@ UDP port number is a positive integer value\&. This option changes the default U .TP \fI/etc/inetd\&.conf\fR -If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the install document for details\&. +If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. .TP @@ -128,12 +128,12 @@ If the server is to be run by the \fBinetd\fR meta-daemon, this file must contai or whatever initialization script your system uses)\&. -If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. .TP \fI/etc/services\fR -If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. .TP @@ -141,10 +141,10 @@ If running the server via the meta-daemon \fBinetd\fR, this file must contain a This is the default location of the \fBsmb.conf\fR(5) server configuration file\&. Other common places that systems install this file are \fI/usr/samba/lib/smb\&.conf\fR and \fI/etc/samba/smb\&.conf\fR\&. -When run as a WINS server (see the \fBwins support\fR parameter in the \fBsmb.conf\fR(5) man page), \fBnmbd\fR will store the WINS database in the file \fIwins\&.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. +When run as a WINS server (see the \fIwins support\fR parameter in the \fBsmb.conf\fR(5) man page), \fBnmbd\fR will store the WINS database in the file \fIwins\&.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. -If \fBnmbd\fR is acting as a \fB browse master\fR (see the \fBlocal master\fR parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse\&.dat \fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. +If \fBnmbd\fR is acting as a \fB browse master\fR (see the \fIlocal master\fR parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse\&.dat \fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. .SH "SIGNALS" diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index 2f16025593..5cc590ae11 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -65,7 +65,7 @@ Interpret \fIname\fR as an IP Address and do a node status query on this address .TP -n <primary NetBIOS name> -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP @@ -80,7 +80,7 @@ Set the SMB domain of the username\&. This overrides the default domain which is .TP -O socket options -TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&. +TCP socket options to set on the client socket\&. See the socket options parameter in the \fIsmb\&.conf\fR manual page for the list of valid options\&. .TP @@ -105,7 +105,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -119,7 +119,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/ntlm_auth.1 b/docs/manpages/ntlm_auth.1 index 082d9422c8..e234ad7fb8 100644 --- a/docs/manpages/ntlm_auth.1 +++ b/docs/manpages/ntlm_auth.1 @@ -93,7 +93,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -107,7 +107,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index ff0fc1244b..75a655a7e7 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -24,9 +24,9 @@ pdbedit \- manage the SAM database .nf \fBpdbedit\fR [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S - script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] + script] [-p profile] [-a] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] - [-C value] + [-C value] [-c account-control] .fi .SH "DESCRIPTION" @@ -287,7 +287,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -301,7 +301,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 34cb6a1fa5..0684d74197 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -66,7 +66,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -80,7 +80,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -133,7 +133,7 @@ Be cautious about including passwords in scripts\&. Also, on many systems the co .TP -n <primary NetBIOS name> -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP @@ -148,7 +148,7 @@ Set the SMB domain of the username\&. This overrides the default domain which is .TP -O socket options -TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&. +TCP socket options to set on the client socket\&. See the socket options parameter in the \fIsmb\&.conf\fR manual page for the list of valid options\&. .TP diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index 50665c700b..3fddca285d 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -152,6 +152,11 @@ The \fBnet\fR command is supposed to work similar to the DOS/Windows NET\&.EXE c .TP +\fBlog2pcap\fR(1) +\fBlog2pcap\fR is a utility for generating pcap trace files from Samba log files\&. + + +.TP \fBvfstest\fR(1) \fBvfstest\fR is a utility that can be used to test vfs modules\&. diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 3e0bc555ea..55fdc8be44 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -500,6 +500,26 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIclient lanman auth\fR + +.TP +\(bu +\fIclient ntlmv2 auth\fR + +.TP +\(bu +\fIclient plaintext auth\fR + +.TP +\(bu +\fIclient schannel\fR + +.TP +\(bu +\fIclient signing\fR + +.TP +\(bu \fIclient use spnego\fR .TP @@ -508,7 +528,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIdead time\fR +\fIdeadtime\fR .TP \(bu @@ -516,7 +536,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIdebug level\fR +\fIdebuglevel\fR .TP \(bu @@ -592,6 +612,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIenable rid algorithm\fR + +.TP +\(bu \fIencrypt passwords\fR .TP @@ -604,6 +628,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIget quota command\fR + +.TP +\(bu \fIgetwd cache\fR .TP @@ -632,6 +660,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIidmap backend\fR + +.TP +\(bu \fIidmap gid\fR .TP @@ -652,6 +684,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIkernel change notify\fR + +.TP +\(bu \fIkernel oplocks\fR .TP @@ -676,6 +712,14 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIldap group suffix\fR + +.TP +\(bu +\fIldap idmap suffix\fR + +.TP +\(bu \fIldap machine suffix\fR .TP @@ -700,10 +744,6 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIldap trust ids\fR - -.TP -\(bu \fIldap user suffix\fR .TP @@ -772,11 +812,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fImangling stack\fR +\fImangled stack\fR .TP \(bu -\fImangling prefix\fR +\fImangle prefix\fR .TP \(bu @@ -868,10 +908,6 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fInon unix account range\fR - -.TP -\(bu \fIntlm auth\fR .TP @@ -1020,6 +1056,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIserver signing\fR + +.TP +\(bu \fIserver string\fR .TP @@ -1028,6 +1068,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIset quota command\fR + +.TP +\(bu \fIshow add printer wizard\fR .TP @@ -1060,10 +1104,6 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIstat cache size\fR - -.TP -\(bu \fIstrip dot\fR .TP @@ -1080,6 +1120,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fItemplate primary group\fR + +.TP +\(bu \fItemplate shell\fR .TP @@ -1096,10 +1140,6 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fItotal print jobs\fR - -.TP -\(bu \fIunicode\fR .TP @@ -1148,6 +1188,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIwinbind enable local accounts\fR + +.TP +\(bu \fIwinbind enum groups\fR .TP @@ -1164,11 +1208,15 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIwinbind trusted domains only\fR + +.TP +\(bu \fIwinbind uid\fR .TP \(bu -\fIwinbind used default domain\fR +\fIwinbind use default domain\fR .TP \(bu @@ -1176,7 +1224,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIwins partner\fR +\fIwins partners\fR .TP \(bu @@ -1211,6 +1259,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP 3 \(bu +\fIacl compatibility\fR + +.TP +\(bu \fIadmin users\fR .TP @@ -1583,6 +1635,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu +\fIprofile acls\fR + +.TP +\(bu \fIpublic\fR .TP @@ -1736,6 +1792,17 @@ Example: \fBabort shutdown script = /sbin/shutdown -c\fR .TP +acl compatibility (S) +This parameter specifies what OS ACL semantics should be compatible with\&. Possible values are \fBwinnt\fR for Windows NT 4, \fBwin2k\fR for Windows 2000 and above and \fBauto\fR\&. If you specify \fBauto\fR, the value for this parameter will be based upon the version of the client\&. There should be no reason to change this parameter from the default\&. + + +Default: \fBacl compatibility = Auto\fR + + +Example: \fBacl compatibility = win2k\fR + + +.TP add group script (G) This is the full pathname to a script that will be run \fBAS ROOT\fR by \fBsmbd\fR(8) when a new group is requested\&. It will expand any \fI%g\fR to the group name passed\&. This script is only useful for installations using the Windows NT domain administration tools\&. The script is free to create a group with an arbitrary name to circumvent unix group name restrictions\&. In that case the script must print the numeric gid of the created group on stdout\&. @@ -2084,8 +2151,72 @@ Example: \fBchange share command = /usr/local/bin/addshare\fR .TP +client lanman auth (G) +This parameter determines whether or not \fBsmbclient\fR(8) and other samba client tools will attempt to authenticate itself to servers using the weaker LANMAN password hash\&. If disabled, only server which support NT password hashes (e\&.g\&. Windows NT/2000, Samba, etc\&.\&.\&. but not Windows 95/98) will be able to be connected from the Samba client\&. + + +The LANMAN encrypted response is easily broken, due to it's case-insensitive nature, and the choice of algorithm\&. Clients without Windows 95/98 servers are advised to disable this option\&. + + +Disabling this option will also disable the \fBclient plaintext auth\fR option + + +Likewise, if the \fBclient ntlmv2 auth\fR parameter is enabled, then only NTLMv2 logins will be attempted\&. Not all servers support NTLMv2, and most will require special configuration to us it\&. + + +Default : \fBclient lanman auth = yes\fR + + +.TP +client ntlmv2 auth (G) +This parameter determines whether or not \fBsmbclient\fR(8) will attempt to authenticate itself to servers using the NTLMv2 encrypted password response\&. + + +If enabled, only an NTLMv2 and LMv2 response (both much more secure than earlier versions) will be sent\&. Many servers (including NT4 < SP4, Win9x and Samba 2\&.2) are not compatible with NTLMv2\&. + + +If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of \fBclient lanman auth\fR\&. + + +Note that some sites (particularly those following 'best practice' security polices) only allow NTLMv2 responses, and not the weaker LM or NTLM\&. + + +Default : \fBclient ntlmv2 auth = no\fR + + +.TP +client plaintext auth (G) +Specifies whether a client should send a plaintext password if the server does not support encrypted passwords\&. + + +Default: \fBclient plaintext auth = yes\fR + + +.TP +client schannel (G) +This controls whether the client offers or even demands the use of the netlogon schannel\&. \fIclient schannel = no\fR does not offer the schannel, \fIserver schannel = auto\fR offers the schannel but does not enforce it, and \fIserver schannel = yes\fR denies access if the server is not able to speak netlogon schannel\&. + + +Default: \fBclient schannel = auto\fR + + +Example: \fBclient schannel = yes\fR + + +.TP +client signing (G) +This controls whether the client offers or requires the server it talks to to use SMB signing\&. Possible values are \fBauto\fR, \fBmandatory\fR and \fBdisabled\fR\&. + + +When set to auto, SMB signing is offered, but not enforced\&. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either\&. + + +Default: \fBclient signing = auto\fR + + +.TP client use spnego (G) -This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism\&. SPNEGO client support with Sign and Seal is currently broken, so you might want to turn this option off when doing joins to Windows 2003 domains\&. +This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism\&. SPNEGO client support for SMB Signing is currently broken, so you might want to turn this option off when operating with Windows 2003 domain controllers in particular\&. Default: \fBclient use spnego = yes\fR @@ -2188,7 +2319,7 @@ Example: \fBcsc policy = programs\fR .TP -dead time (G) +deadtime (G) The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected\&. The deadtime only takes effect if the number of open files is zero\&. @@ -2222,7 +2353,7 @@ Default: \fBdebug hires timestamp = no\fR .TP -debug level (G) +debuglevel (G) Synonym for \fI log level\fR\&. @@ -2661,6 +2792,14 @@ Default: \fBdos filetimes = no\fR .TP +enable rid algorithm (G) +This option is used to control whether or not smbd in Samba 3\&.0 should fallback to the algorithm used by Samba 2\&.2 to generate user and group RIDs\&. The longterm development goal is to remove the algorithmic mappings of RIDs altogether, but this has proved to be difficult\&. This parameter is mainly provided so that developers can turn the algorithm on and off and see what breaks\&. This parameter should not be disabled by non-developers because certain features in Samba will fail to work without it\&. + + +Default: \fBenable rid algorithm = <yes>\fR + + +.TP encrypt passwords (G) This boolean controls whether encrypted passwords will be negotiated with the client\&. Note that Windows NT 4\&.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed\&. To use encrypted passwords in Samba see the chapter "User Database" in the Samba HOWTO Collection\&. @@ -2884,6 +3023,62 @@ Example: \fBfstype = Samba\fR .TP +get quota command (G) +The \fBget quota command\fR should only be used whenever there is no operating system API available from the OS that samba can use\&. + + +This parameter should specify the path to a script that queries the quota information for the specified user/group for the partition that the specified directory is on\&. + + +Such a script should take 3 arguments: + + +directory + +type of query + +uid of user or gid of group + +The type of query can be one of : + + +1 - user quotas + +2 - user default quotas (uid = -1) + +3 - group quotas + +4 - group default quotas (gid = -1) + +This script should print its output according to the following format: + + +Line 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced) + +Line 2 - number of currently used blocks + +Line 3 - the softlimit number of blocks + +Line 4 - the hardlimit number of blocks + +Line 5 - currently used number of inodes + +Line 6 - the softlimit number of inodes + +Line 7 - the hardlimit number of inodes + +Line 8(optional) - the number of bytes in a block(default is 1024) + +See also the \fIset quota command\fR parameter\&. + + +Default: \fBget quota command = \fR + + +Example: \fBget quota command = /usr/local/sbin/query_quota\fR + + +.TP getwd cache (G) This is a tuning option\&. When this is enabled a caching algorithm will be used to reduce the time taken for getwd() calls\&. This can have a significant impact on performance, especially when the \fIwide links\fR parameter is set to \fBno\fR\&. @@ -3034,7 +3229,7 @@ host msdfs (G) This boolean parameter is only available if Samba has been configured and compiled with the \fB --with-msdfs\fR option\&. If set to \fByes\fR, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server\&. -See also the \fI msdfs root\fR share level parameter\&. For more information on setting up a Dfs tree on Samba, refer to msdfs_setup\&.html\&. +See also the \fI msdfs root\fR share level parameter\&. For more information on setting up a Dfs tree on Samba, refer to ???\&. Default: \fBhost msdfs = no\fR @@ -3137,6 +3332,17 @@ Example: \fBhosts equiv = /etc/hosts.equiv\fR .TP +idmap backend (G) +The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common LDAP backend\&. This way all domain members and controllers will have the same UID and GID to SID mappings\&. This avoids the risk of UID / GID inconsistencies across UNIX / Linux systems that are sharing information over protocols other than SMB/CIFS (ie: NFS)\&. + + +Default: \fBidmap backend = <empty string>\fR + + +Example: \fBidmap backend = ldap:ldap://ldapslave.example.com\fR + + +.TP idmap gid (G) The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&. @@ -3281,6 +3487,17 @@ Example: \fBkeepalive = 600\fR .TP +kernel change notify (G) +This parameter specifies whether Samba should ask the kernel for change notifications in directories so that SMB clients can refresh whenever the data on the server changes\&. + + +This parameter is only usd when your kernel supports change notification to user programs, using the F_NOTIFY fcntl\&. + + +Default: \fBYes\fR + + +.TP kernel oplocks (G) For UNIXes that support kernel based \fIoplocks\fR (currently only IRIX and the Linux 2\&.4 kernel), this parameter allows the use of them to be turned on or off\&. @@ -3344,6 +3561,28 @@ Default: \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR .TP +ldap group suffix (G) +This parameters specifies the suffix that is used for groups when these are added to the LDAP directory\&. If this parameter is unset, the value of \fIldap suffix\fR will be used instead\&. + + +Default: \fBnone\fR + + +Example: \fBdc=samba,ou=Groups\fR + + +.TP +ldap idmap suffix (G) +This parameters specifies the suffix that is used when storing idmap mappings\&. If this parameter is unset, the value of \fIldap suffix\fR will be used instead\&. + + +Default: \fBnone\fR + + +Example: \fBdc=samba,ou=Idmap\fR + + +.TP ldap machine suffix (G) It specifies where machines should be added to the ldap tree\&. @@ -3422,19 +3661,8 @@ Default: \fBnone\fR .TP -ldap trust ids (G) -Normally, Samba validates each entry in the LDAP server against getpwnam()\&. This allows LDAP to be used for Samba with the unix system using NIS (for example) and also ensures that Samba does not present accounts that do not otherwise exist\&. - - -This option is used to disable this functionality, and instead to rely on the presence of the appropriate attributes in LDAP directly, which can result in a significant performance boost in some situations\&. Setting this option to yes effectivly assumes that the local machine is running \fBnss_ldap\fR against the same LDAP server\&. - - -Default: \fBldap trust ids = No\fR - - -.TP ldap user suffix (G) -It specifies where users are added to the tree\&. +This parameter specifies where users are added to the tree\&. If this parameter is not specified, the value from \fBldap suffix\fR\&. Default: \fBnone\fR @@ -3554,7 +3782,7 @@ lock spin count (G) This parameter controls the number of times that smbd should attempt to gain a byte range lock on the behalf of a client request\&. Experiments have shown that Windows 2k servers do not reply with a failure if the lock could not be immediately granted, but try a few more times in case the lock could later be aquired\&. This behavior is used to support PC database formats such as MS Access and FoxPro\&. -Default: \fBlock spin count = 2\fR +Default: \fBlock spin count = 3\fR .TP @@ -3676,8 +3904,14 @@ The script must be a relative path to the [netlogon] service\&. If the [netlogon \fI/usr/local/samba/netlogon/STARTUP\&.BAT\fR -The contents of the batch file are entirely your choice\&. A suggested command would be to add \fBNET TIME \\SERVER /SET /YES\fR, to force every machine to synchronize clocks with the same time server\&. Another use would be to add \fBNET USE U: \\SERVER\UTILS\fR for commonly used utilities, or \fB NET USE Q: \\SERVER\ISO9001_QA\fR for example\&. +The contents of the batch file are entirely your choice\&. A + suggested command would be to add \fBNET TIME \\SERVER /SET + /YES\fR, to force every machine to synchronize clocks with + the same time server\&. Another use would be to add \fBNET USE + U: \\SERVER\UTILS\fR for commonly used utilities, or .nf + \fBNET USE Q: \\\\SERVER\\ISO9001_QA\fR.fi + for example\&. Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission on the batch files in a secure environment, as this would allow the batch files to be arbitrarily modified and security to be breached\&. @@ -3838,7 +4072,7 @@ Example 2: \fBlprm command = /usr/bin/cancel %p-%j\fR .TP machine password timeout (G) -If a Samba server is a member of a Windows NT Domain (see the security = domain) parameter) then periodically a running smbd(8) process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called \fIprivate/secrets\&.tdb \fR\&. This parameter specifies how often this password will be changed, in seconds\&. The default is one week (expressed in seconds), the same as a Windows NT Domain member server\&. +If a Samba server is a member of a Windows NT Domain (see the security = domain) parameter) then periodically a running smbd process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called \fIprivate/secrets\&.tdb \fR\&. This parameter specifies how often this password will be changed, in seconds\&. The default is one week (expressed in seconds), the same as a Windows NT Domain member server\&. See also \fBsmbpasswd\fR(8), and the security = domain) parameter\&. @@ -3947,7 +4181,7 @@ Default: \fBmangled names = yes\fR .TP -mangling stack (G) +mangled stack (G) This parameter controls the number of mangled names that should be cached in the Samba server \fBsmbd\fR(8)\&. @@ -3967,10 +4201,13 @@ Example: \fBmangled stack = 100\fR .TP -mangling prefix (G) +mangle prefix (G) controls the number of prefix characters from the original name used when generating the mangled names\&. A larger value will give a weaker hash and therefore more name collisions\&. The minimum value is 1 and the maximum value is 6\&. +mangle prefix is effective only when mangling method is hash2\&. + + Default: \fBmangle prefix = 1\fR @@ -3979,7 +4216,7 @@ Example: \fBmangle prefix = 4\fR .TP mangling char (S) -This controls what character is used as the \fBmagic\fR character in name mangling\&. The default is a '~' but this may interfere with some software\&. Use this option to set it to whatever you prefer\&. +This controls what character is used as the \fBmagic\fR character in name mangling\&. The default is a '~' but this may interfere with some software\&. Use this option to set it to whatever you prefer\&. This is effective only when mangling method is hash\&. Default: \fBmangling char = ~\fR @@ -4347,7 +4584,7 @@ Example: \fBmsdfs proxy = \\\\otherserver\\someshare\fR .TP msdfs root (S) -This boolean parameter is only available if Samba is configured and compiled with the \fB --with-msdfs\fR option\&. If set to \fByes\fR, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory\&. Dfs links are specified in the share directory by symbolic links of the form \fImsdfs:serverA\\\\shareA,serverB\\\\shareB\fR and so on\&. For more information on setting up a Dfs tree on Samba, refer to "Hosting a Microsoft Distributed File System tree on Samba" document\&. +This boolean parameter is only available if Samba is configured and compiled with the \fB --with-msdfs\fR option\&. If set to \fByes\fR, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory\&. Dfs links are specified in the share directory by symbolic links of the form \fImsdfs:serverA\\\\shareA,serverB\\\\shareB\fR and so on\&. For more information on setting up a Dfs tree on Samba, refer to ???\&. See also \fIhost msdfs\fR @@ -4403,7 +4640,7 @@ DC lookups will still be done via DNS, but fallbacks to netbios names will not i .TP netbios aliases (G) -This is a list of NetBIOS names that nmbd(8) will advertise as additional names by which the Samba server is known\&. This allows one machine to appear in browse lists under multiple names\&. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon servers, only the primary name of the machine will be advertised with these capabilities\&. +This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known\&. This allows one machine to appear in browse lists under multiple names\&. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon servers, only the primary name of the machine will be advertised with these capabilities\&. See also \fInetbios name\fR\&. @@ -4452,19 +4689,6 @@ Default: \fBnis homedir = no\fR .TP -non unix account range (G) -The non unix account range parameter specifies the range of 'user ids' that are allocated by the various 'non unix account' passdb backends\&. These backends allow the storage of passwords for users who don't exist in /etc/passwd\&. This is most often used for machine account creation\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&. - - -These userids never appear on the system and Samba will never 'become' these users\&. They are used only to ensure that the algorithmic RID mapping does not conflict with normal users\&. - -Default: \fBnon unix account range = <empty string>\fR - - -Example: \fBnon unix account range = 10000-20000\fR - - -.TP nt acl support (S) This boolean parameter controls whether \fBsmbd\fR(8) will attempt to map UNIX permissions into Windows NT access control lists\&. This parameter was formally a global parameter in releases prior to 2\&.2\&.2\&. @@ -4590,7 +4814,7 @@ The parameter is used to define the absolute path to a file containing a mapping For example, a valid entry using the HP LaserJet 5 printer driver would appear as \fBHP LaserJet 5L = LASERJET.HP LaserJet 5L\fR\&. -The need for the file is due to the printer driver namespace problem described in the Samba Printing HOWTO\&. For more details on OS/2 clients, please refer to the OS2-Client-HOWTO containing in the Samba documentation\&. +The need for the file is due to the printer driver namespace problem described in ???\&. For more details on OS/2 clients, please refer to ???\&. Default: \fBos2 driver map = <empty string>\fR @@ -4648,19 +4872,19 @@ This option allows the administrator to chose which backends to retrieve and sto This parameter is in two parts, the backend's name, and a 'location' string that has meaning only to that particular backed\&. These are separated by a : character\&. -Available backends can include: .TP 3 \(bu \fBsmbpasswd\fR - The default smbpasswd backend\&. Takes a path to the smbpasswd file as an optional argument\&. .TP \(bu \fBtdbsam\fR - The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the \fIprivate dir\fR directory\&. .TP \(bu \fBldapsam\fR - The LDAP based passdb backend\&. Takes an LDAP URL as an optional argument (defaults to \fBldap://localhost\fR) LDAP connections should be secured where possible\&. This may be done using either Start-TLS (see \fIldap ssl\fR) or by specifying \fIldaps://\fR in the URL argument\&. .TP \(bu \fBnisplussam\fR - The NIS+ based passdb backend\&. Takes name NIS domain as an optional argument\&. Only works with sun NIS+ servers\&. .TP \(bu \fBmysql\fR - The MySQL based passdb backend\&. Takes an identifier as argument\&. Read the Samba HOWTO Collection for configuration details\&. .TP \(bu \fBguest\fR - Very simple backend that only provides one user: the guest user\&. Only maps the NT guest user to the \fIguest account\fR\&. Required in pretty much all situations\&. .LP +Available backends can include: .TP 3 \(bu \fBsmbpasswd\fR - The default smbpasswd backend\&. Takes a path to the smbpasswd file as an optional argument\&. .TP \(bu \fBtdbsam\fR - The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the \fIprivate dir\fR directory\&. .TP \(bu \fBldapsam\fR - The LDAP based passdb backend\&. Takes an LDAP URL as an optional argument (defaults to \fBldap://localhost\fR) LDAP connections should be secured where possible\&. This may be done using either Start-TLS (see \fIldap ssl\fR) or by specifying \fIldaps://\fR in the URL argument\&. .TP \(bu \fBnisplussam\fR - The NIS+ based passdb backend\&. Takes name NIS domain as an optional argument\&. Only works with sun NIS+ servers\&. .TP \(bu \fBmysql\fR - The MySQL based passdb backend\&. Takes an identifier as argument\&. Read the Samba HOWTO Collection for configuration details\&. .LP Default: \fBpassdb backend = smbpasswd\fR -Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest\fR +Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd\fR -Example: \fBpassdb backend = ldapsam:ldaps://ldap.example.com guest\fR +Example: \fBpassdb backend = ldapsam:ldaps://ldap.example.com\fR -Example: \fBpassdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest\fR +Example: \fBpassdb backend = mysql:my_plugin_args tdbsam\fR .TP @@ -4711,7 +4935,7 @@ The name of a program that can be used to set UNIX user passwords\&. Any occurre Also note that many passwd programs insist in \fBreasonable \fR passwords, such as a minimum length, or the inclusion of mixed case chars and digits\&. This can pose a problem as some clients (such as Windows for Workgroups) uppercase the password before sending it\&. -\fBNote\fR that if the \fIunix password sync\fR parameter is set to \fByes \fR then this program is called \fBAS ROOT\fR before the SMB password in the \fBsmbpasswd\fR(5) file is changed\&. If this UNIX password change fails, then \fBsmbd\fR will fail to change the SMB password also (this is by design)\&. +\fBNote\fR that if the \fIunix password sync\fR parameter is set to \fByes \fR then this program is called \fBAS ROOT\fR before the SMB password in the smbpasswd file is changed\&. If this UNIX password change fails, then \fBsmbd\fR will fail to change the SMB password also (this is by design)\&. If the \fIunix password sync\fR parameter is set this parameter \fBMUST USE ABSOLUTE PATHS\fR for \fBALL\fR programs called, and must be examined for security implications\&. Note that by default \fIunix password sync\fR is set to \fBno\fR\&. @@ -4945,9 +5169,6 @@ preload modules (G) This is a list of paths to modules that should be loaded into smbd before a client connects\&. This improves the speed of smbd when reacting to new connections somewhat\&. -It is recommended to only use this option on heavy-performance servers\&. - - Default: \fBpreload modules = \fR @@ -5145,6 +5366,20 @@ Default :\fBprivate dir = ${prefix}/private\fR .TP +profile acls (S) +This boolean parameter controls whether \fBsmbd\fR(8) This boolean parameter was added to fix the problems that people have been having with storing user profiles on Samba shares from Windows 2000 or Windows XP clients\&. New versions of Windows 2000 or Windows XP service packs do security ACL checking on the owner and ability to write of the profile directory stored on a local workstation when copied from a Samba share\&. + + +When not in domain mode with winbindd then the security info copied onto the local workstation has no meaning to the logged in user (SID) on that workstation so the profile storing fails\&. Adding this parameter onto a share used for profile storage changes two things about the returned Windows ACL\&. Firstly it changes the owner and group owner of all reported files and directories to be BUILTIN\\\\Administrators, BUILTIN\\\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545)\&. Secondly it adds an ACE entry of "Full Control" to the SID BUILTIN\\\\Users to every returned ACL\&. This will allow any Windows 2000 or XP workstation user to access the profile\&. + + +Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access each others profiles you must remove the "Bypass traverse checking" advanced user right\&. This will prevent access to other users profile directories as the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory tree to the owning user\&. + + +Default: \fBprofile acls = no\fR + + +.TP protocol (G) Synonym for \fImax protocol\fR\&. @@ -5301,7 +5536,7 @@ the above line would cause \fBnmbd\fR to announce itself to the two given IP add The IP addresses you choose would normally be the broadcast addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable\&. -See the documentation file BROWSING in the \fIdocs/\fR directory\&. +See ???\&. Default: \fBremote announce = <empty string>\fR @@ -5510,11 +5745,9 @@ See also the \fIpassword server\fR parameter and the \fIencrypted passwords\fR p In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to \fBsecurity = user\fR\&. It expects the \fIencrypted passwords\fR parameter to be set to \fByes\fR, unless the remote server does not support them\&. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid \fIsmbpasswd\fR file to check users against\&. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up\&. -\fBNote\fR this mode of operation has significant pitfalls, due to the fact that is activly initiates a man-in-the-middle attack on the remote SMB server\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user's session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authenticaions to the Samba server may fail\&. (From a single client, till it disconnects)\&. - - -\fBNote\fR that from the client's point of view \fBsecurity = server\fR is the same as \fBsecurity = user\fR\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&. +This mode of operation has significant pitfalls, due to the fact that is activly initiates a man-in-the-middle attack on the remote SMB server\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user's session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authenticaions to the Samba server may fail\&. (From a single client, till it disconnects)\&. +From the client's point of view \fBsecurity = server\fR is the same as \fBsecurity = user\fR\&. It only affects how the server deals with the authentication, it does not in any way affect what the client sees\&. \fBNote\fR that the name of the resource being requested is \fBnot\fR sent to the server until after the server has successfully authenticated the client\&. This is why guest shares don't work in user level security without allowing the server to automatically map unknown users into the \fIguest account\fR\&. See the \fImap to guest\fR parameter for details on doing this\&. @@ -5525,6 +5758,21 @@ See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION\&. See also the \fIpassword server\fR parameter and the \fIencrypted passwords\fR parameter\&. +\fBSECURITY = ADS\fR + + +In this mode, Samba will act as a domain member in an ADS realm\&. To operate in this mode, the machine running Samba will need to have Kerberos installed and configured and Samba will need to be joined to the ADS realm using the net utility\&. + + +Note that this mode does NOT make Samba operate as a Active Directory Domain Controller\&. + + +Read the chapter about Domain Membership in the HOWTO for details\&. + + +See also the \fIads server \fR parameter, the \fIrealm \fR paramter and the \fIencrypted passwords\fR parameter\&. + + Default: \fBsecurity = USER\fR @@ -5569,6 +5817,17 @@ Example: \fBserver schannel = yes\fR .TP +server signing (G) +This controls whether the server offers or requires the client it talks to to use SMB signing\&. Possible values are \fBauto\fR, \fBmandatory\fR and \fBdisabled\fR\&. + + +When set to auto, SMB signing is offered, but not enforced\&. When set to mandatory, SMB signing is required and if set to disabled, SMB signing is not offered either\&. + + +Default: \fBclient signing = False\fR + + +.TP server string (G) This controls what string will show up in the printer comment box in print manager and next to the IPC connection in \fBnet view\fR\&. It can be any string that you wish to show to your users\&. @@ -5611,6 +5870,45 @@ Example: \fBset primary group script = /usr/sbin/usermod -g '%g' '%u'\fR .TP +set quota command (G) +The \fBset quota command\fR should only be used whenever there is no operating system API available from the OS that samba can use\&. + + +This parameter should specify the path to a script that can set quota for the specified arguments\&. + + +The specified script should take the following arguments: + + +1 - quota type .TP 3 \(bu 1 - user quotas .TP \(bu 2 - user default quotas (uid = -1) .TP \(bu 3 - group quotas .TP \(bu 4 - group default quotas (gid = -1) .LP + +2 - id (uid for user, gid for group, -1 if N/A) + +3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce) + +4 - block softlimit + +5 - block hardlimit + +6 - inode softlimit + +7 - inode hardlimit + +8(optional) - block size, defaults to 1024 + +The script should output at least one line of data\&. + + +See also the \fIget quota command\fR parameter\&. + + +Default: \fBset quota command = \fR + + +Example: \fBset quota command = /usr/local/sbin/set_quota\fR + + +.TP share modes (S) This enables or disables the honoring of the \fIshare modes\fR during a file open\&. These modes are used by clients to gain exclusive read or write access to a file\&. @@ -5680,7 +5978,7 @@ This command will be run as the user connected to the server\&. Default: \fBNone\fR\&. -Example: \fBabort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f\fR +Example: \fBshutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f\fR Shutdown script example: @@ -5836,14 +6134,6 @@ Default: \fBstat cache = yes\fR .TP -stat cache size (G) -This parameter determines the number of entries in the \fIstat cache\fR\&. You should never need to change this parameter\&. - - -Default: \fBstat cache size = 50\fR - - -.TP strict allocate (S) This is a boolean that controls the handling of disk space allocation in the server\&. When this is set to \fByes\fR the server will change from UNIX behaviour of not committing real disk storage blocks when a file is extended to the Windows behaviour of actually forcing the disk system to allocate real storage blocks when a file is created or extended to be a given size\&. In UNIX terminology this means that Samba will stop creating sparse files\&. This can be slow on some systems\&. @@ -5929,6 +6219,14 @@ Default: \fBtemplate homedir = /home/%D/%U\fR .TP +template primary group (G) +This option defines the default primary group for each user created by \fBwinbindd\fR(8)'s local account management functions (similar to the 'add user script')\&. + + +Default: \fBtemplate primary group = nobody\fR + + +.TP template shell (G) When filling out the user information for a Windows NT user, the \fBwinbindd\fR(8) daemon uses this parameter to fill in the login shell for that user\&. @@ -5961,17 +6259,6 @@ Synonym for \fI debug timestamp\fR\&. .TP -total print jobs (G) -This parameter accepts an integer value which defines a limit on the maximum number of print jobs that will be accepted system wide at any given time\&. If a print job is submitted by a client which will exceed this number, then \fBsmbd\fR(8) will return an error indicating that no space is available on the server\&. The default value of 0 means that no such limit exists\&. This parameter can be used to prevent a server from exceeding its capacity and is designed as a printing throttle\&. See also \fImax print jobs\fR\&. - - -Default: \fBtotal print jobs = 0\fR - - -Example: \fBtotal print jobs = 5000\fR - - -.TP unicode (G) Specifies whether Samba should try to use unicode on the wire by default\&. Note: This does NOT mean that samba will assume that the unix machine uses unicode! @@ -5995,7 +6282,7 @@ unix extensions (G) This boolean parameter controls whether Samba implments the CIFS UNIX extensions, as defined by HP\&. These extensions enable Samba to better serve UNIX CIFS clients by supporting features such as symbolic links, hard links, etc\&.\&.\&. These extensions require a similarly enabled client, and are of no current use to Windows clients\&. -Default: \fBunix extensions = no\fR +Default: \fBunix extensions = yes\fR .TP @@ -6339,7 +6626,15 @@ winbind cache time (G) This parameter specifies the number of seconds the \fBwinbindd\fR(8) daemon will cache user and group information before querying a Windows NT server again\&. -Default: \fBwinbind cache type = 15\fR +Default: \fBwinbind cache type = 300\fR + + +.TP +winbind enable local accounts (G) +This parameter controls whether or not winbindd will act as a stand in replacement for the various account management hooks in smb\&.conf (e\&.g\&. 'add user script')\&. If enabled, winbindd will support the creation of local users and groups as another source of UNIX account information available via getpwnam() or getgrgid(), etc\&.\&.\&. + + +Default: \fBwinbind enable local accounts = yes\fR .TP @@ -6393,6 +6688,14 @@ Example: \fBwinbind separator = +\fR .TP +winbind trusted domains only (G) +This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use UNIX accounts distributed vi NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain\&. Therefore, the user 'SAMBA\\user1' would be mapped to the account 'user1' in /etc/passwd instead of allocating a new uid for him or her\&. + + +Default: \fBwinbind trusted domains only = <no>\fR + + +.TP winbind uid (G) This parameter is now an alias for \fBidmap uid\fR @@ -6407,7 +6710,7 @@ Example: \fBwinbind uid = 10000-20000\fR .TP -winbind used default domain (G) +winbind use default domain (G) This parameter specifies whether the \fBwinbindd\fR(8) daemon should operate on users without domain component in their username\&. Users without a domain component are treated as is part of the winbindd server's own domain\&. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system\&. @@ -6442,7 +6745,7 @@ An example script that calls the BIND dynamic DNS update program \fBnsupdate\fR .TP -wins partner (G) +wins partners (G) A space separated list of partners' IP addresses for WINS replication\&. WINS partners are always defined as push/pull partners as defining only one way WINS replication is unreliable\&. WINS replication is currently experimental and unreliable between samba servers\&. @@ -6473,7 +6776,7 @@ If you want to work in multiple namespaces, you can give every wins server a 'ta You need to set up Samba to point to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly\&. -See the documentation file Browsing in the samba howto collection\&. +See the ???\&. Default: \fBnot enabled\fR diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index 9df06dff9b..cb9fcfb884 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -103,7 +103,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -117,7 +117,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 3f5718a2fa..8de0c58a6d 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -114,20 +114,6 @@ This number is the TCP port number that will be used when making connections to .TP --l logfilename -If specified, \fIlogfilename\fR specifies a base filename into which operational data from the running client will be logged\&. - - -The default base name is specified at compile time\&. - - -The base name is used to generate actual log file names\&. For example, if the name specified was "log", the debug file would be \fIlog\&.client\fR\&. - - -The log file generated is never removed by the client\&. - - -.TP -h|--help Print a summary of command line options\&. @@ -176,7 +162,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -190,7 +176,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -243,7 +229,7 @@ Be cautious about including passwords in scripts\&. Also, on many systems the co .TP -n <primary NetBIOS name> -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP @@ -258,7 +244,7 @@ Set the SMB domain of the username\&. This overrides the default domain which is .TP -O socket options -TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&. +TCP socket options to set on the client socket\&. See the socket options parameter in the \fIsmb\&.conf\fR manual page for the list of valid options\&. .TP diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index 44d419f919..cec003a672 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -47,7 +47,7 @@ Print a summary of command line options\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -196,6 +196,11 @@ drvupgrade Force clients of printers using specified driver to update their local version of the driver\&. Can only be sent to smbd\&. +.TP +reload-config +Force daemon to reload smb\&.conf configuration file\&. Can be sent to \fBsmbd\fR, \fBnmbd\fR, or \fBwinbindd\fR\&. + + .SH "VERSION" .PP diff --git a/docs/manpages/smbcquotas.1 b/docs/manpages/smbcquotas.1 index e8288977f8..e270fe3b4a 100644 --- a/docs/manpages/smbcquotas.1 +++ b/docs/manpages/smbcquotas.1 @@ -88,7 +88,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -102,7 +102,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index c7c0fac777..07b563af5c 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -76,7 +76,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -90,7 +90,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -134,7 +134,7 @@ This parameter is not normally specified except in the above situation\&. .TP \fI/etc/inetd\&.conf\fR -If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the "How to Install and Test SAMBA" document for details\&. +If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. .TP @@ -142,12 +142,12 @@ If the server is to be run by the \fBinetd\fR meta-daemon, this file must contai or whatever initialization script your system uses)\&. -If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. .TP \fI/etc/services\fR -If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. .TP @@ -173,7 +173,7 @@ If no printer name is specified to printable services, most systems will use the .SH "PAM INTERACTION" .PP -Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the \fIobey pam restricions\fR \fBsmb.conf\fR(5) paramater\&. When this is set, the following restrictions apply: +Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the \fIobey pam restrictions\fR \fBsmb.conf\fR(5) paramater\&. When this is set, the following restrictions apply: .TP 3 \(bu diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index a7973871c4..e0c8ca5109 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -197,7 +197,7 @@ This specifies the username for all of the \fBroot only\fR options to operate on Since \fBsmbpasswd\fR works in client-server mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work\&. A common problem is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying either \fIallow hosts\fR or \fIdeny hosts\fR entry in the \fBsmb.conf\fR(5) file and neglecting to allow "localhost" access to the smbd\&. .PP -In addition, the smbpasswd command is only useful if Samba has been set up to use encrypted passwords\&. See the document "LanMan and NT Password Encryption in Samba" in the docs directory for details on how to do this\&. +In addition, the smbpasswd command is only useful if Samba has been set up to use encrypted passwords\&. .SH "VERSION" diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 0e2c4a3a85..3b9e507246 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -19,7 +19,7 @@ .. .TH "SMBSH" 1 "" "" "" .SH NAME -smbsh \- Allows access to Windows NT filesystem using UNIX commands +smbsh \- Allows access to remote SMB shares using UNIX commands .SH "SYNOPSIS" .nf @@ -54,7 +54,7 @@ This option allows the user to set the directory prefix for SMB access\&. The de .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -68,7 +68,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -87,10 +87,10 @@ The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be \fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. -If this parameter is not set then the name resolve order defined in the \fBsmb.conf\fR(5) file parameter (\fIname resolve order\fR) will be used\&. +If this parameter is not set then the name resolve order defined in the \fIsmb\&.conf\fR file parameter (\fIname resolve order\fR) will be used\&. -The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the \fIname resolve order \fR parameter of the \fBsmb.conf\fR(5) file, the name resolution methods will be attempted in this order\&. +The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the \fIname resolve order\fR parameter of the \fIsmb\&.conf\fR file, the name resolution methods will be attempted in this order\&. .TP diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 7e349dcd19..21b05a2429 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -54,7 +54,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -68,7 +68,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/smbtree.1 b/docs/manpages/smbtree.1 index 0cc984c24a..84c2399c77 100644 --- a/docs/manpages/smbtree.1 +++ b/docs/manpages/smbtree.1 @@ -58,7 +58,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -72,7 +72,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index 36d855e725..26e5376bf6 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -59,7 +59,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -73,7 +73,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1 index a6d01fba57..3400c6b570 100644 --- a/docs/manpages/vfstest.1 +++ b/docs/manpages/vfstest.1 @@ -58,7 +58,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -72,7 +72,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 9bbecb29a4..6c5ca93e19 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -23,9 +23,8 @@ wbinfo \- Query information from winbind daemon .SH "SYNOPSIS" .nf -\fBwbinfo\fR [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid] - [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password] - [--set-auth-user user%password] [--get-auth-user] [-p] +\fBwbinfo\fR [-a user%password] [-c username] [-C groupname] [--domain domain] [-I ip] [-s sid] [-u] [-U uid] [-g] [--get-auth-user] [-G gid] [-m] [-n name] [-N netbios-name] [-o user:group] [-O user:group] [-p] [-r user] [--set-auth-user user%password] [--sequence] [-S sid] [-t] [-x username] [-X groupname] [-Y sid] + .fi .SH "DESCRIPTION" @@ -42,8 +41,23 @@ The \fBwinbindd\fR(8) daemon must be configured and running for the \fBwbinfo\fR .SH "OPTIONS" .TP --u -This option will list all users available in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in\&. Users in all trusted domains will also be listed\&. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd\fR(8) \&. +-a username%password +Attempt to authenticate a user via winbindd\&. This checks both authenticaion methods and reports its results\&. + + +.TP +-c user +Create a local winbind user\&. + + +.TP +-C group +Create a local winbindd group\&. + + +.TP +--domain name +This parameter sets the domain on which any specified operations will performed\&. If special domain name '\&.' is used to represent the current domain to which winbindd belongs\&. Currently only the \fB--sequence\fR, \fB-u\fR, and \fB-g\fR options honor this parameter\&. .TP @@ -52,8 +66,13 @@ This option will list all groups available in the Windows NT domain for which th .TP --N name -The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the \fIname\fR parameter\&. +--get-auth-user +Print username and password used by winbindd during session setup to a domain controller\&. Username and password can be set using '-A'\&. Only available for root\&. + + +.TP +-G gid +Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified does not refer to one within the idmap gid range then the operation will fail\&. .TP @@ -62,43 +81,48 @@ The \fI-I\fR option queries \fBwinbindd\fR(8) to send a node status request to g .TP +-m +Produce a list of domains trusted by the Windows NT server \fBwinbindd\fR(8) contacts when resolving names\&. This list does not include the Windows NT domain the server is a Primary Domain Controller for\&. + + +.TP -n name The \fI-n\fR option queries \fBwinbindd\fR(8) for the SID associated with the name specified\&. Domain names can be specified before the user name by using the winbind separator character\&. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1\&. If no domain is specified then the domain used is the one specified in the \fBsmb.conf\fR(5) \fIworkgroup \fR parameter\&. .TP --s sid -Use \fI-s\fR to resolve a SID to a name\&. This is the inverse of the \fI-n \fR option above\&. SIDs must be specified as ASCII strings in the traditional Microsoft format\&. For example, S-1-5-21-1455342024-3071081365-2475485837-500\&. +-N name +The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the \fIname\fR parameter\&. .TP --U uid -Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the winbind uid range then the operation will fail\&. +-o user:group +Add a winbindd local group as a secondary group for the specified winbindd local user\&. .TP --G gid -Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified does not refer to one within the winbind gid range then the operation will fail\&. +-O user:group +Remove a winbindd local group as a secondary group for the specified winbindd local user\&. .TP --S sid -Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail\&. +-p +Check whether winbindd is still alive\&. Prints out either 'succeeded' or 'failed'\&. .TP --Y sid -Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then the operation will fail\&. +-r username +Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&. .TP --t -Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working\&. +-s sid +Use \fI-s\fR to resolve a SID to a name\&. This is the inverse of the \fI-n \fR option above\&. SIDs must be specified as ASCII strings in the traditional Microsoft format\&. For example, S-1-5-21-1455342024-3071081365-2475485837-500\&. .TP --m -Produce a list of domains trusted by the Windows NT server \fBwinbindd\fR(8) contacts when resolving names\&. This list does not include the Windows NT domain the server is a Primary Domain Controller for\&. +--set-auth-user username%password +Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&. .TP @@ -107,28 +131,38 @@ Show sequence numbers of all known domains .TP --r username -Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&. +-S sid +Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail\&. .TP --a username%password -Attempt to authenticate a user via winbindd\&. This checks both authenticaion methods and reports its results\&. +-t +Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working\&. .TP ---set-auth-user username%password -Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&. +-u +This option will list all users available in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in\&. Users in all trusted domains will also be listed\&. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd\fR(8) \&. .TP ---get-auth-user -Print username and password used by winbindd during session setup to a domain controller\&. Username and password can be set using '-A'\&. Only available for root\&. +-U uid +Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap uid range then the operation will fail\&. .TP --p -Check whether winbindd is still alive\&. Prints out either 'succeeded' or 'failed'\&. +-x user +Delete an existing local winbind user\&. + + +.TP +-X group +Delete an existing local winbindd group\&. + + +.TP +-Y sid +Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then the operation will fail\&. .TP diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 31ed3ba332..14621e1356 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -23,7 +23,7 @@ winbindd \- Name Service Switch daemon for resolving names from NT servers .SH "SYNOPSIS" .nf -\fBwinbindd\fR [-F] [-S] [-i] [-B] [-d <debug level>] [-s <smb config file>] [-n] +\fBwinbindd\fR [-F] [-S] [-i] [-Y] [-d <debug level>] [-s <smb config file>] [-n] .fi .SH "DESCRIPTION" @@ -89,7 +89,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s <configuration file> -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -103,7 +103,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -127,8 +127,8 @@ Disable caching\&. This means winbindd will always have to wait for a response f .TP --B -Dual daemon mode\&. This means winbindd will run as 2 threads\&. The first will answer all requests from the cache, thus making responses to clients faster\&. The other will update the cache for the query that the first has just responded\&. Advantage of this is that responses stay accurate and are faster\&. +-Y +Single daemon mode\&. This means winbindd will run as a single process (the mode of operation in Samba 2\&.2)\&. Winbindd's default behavior is to launch a child process that is responsible for updating expired cache entries\&. .SH "NAME AND ID RESOLUTION" @@ -153,11 +153,11 @@ Configuration of the \fBwinbindd\fR daemon is done through configuration paramet .TP \(bu -\fIwinbind uid\fR +\fIidmap uid\fR .TP \(bu -\fIwinbind gid\fR +\fIidmap gid\fR .TP \(bu @@ -240,8 +240,8 @@ Finally, setup a \fBsmb.conf\fR(5) containing directives like the following: winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U - winbind uid = 10000-20000 - winbind gid = 10000-20000 + idmap uid = 10000-20000 + idmap gid = 10000-20000 workgroup = DOMAIN security = domain password server = * @@ -279,8 +279,8 @@ Reload the \fBsmb.conf\fR(5) file and apply any parameter changes to the running .TP -SIGUSR1 -The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind log file including information about the number of user and group ids allocated by \fBwinbindd\fR\&. +SIGUSR2 +The SIGUSR2 signal will cause \fB winbindd\fR to write status information to the winbind log file including information about the number of user and group ids allocated by \fBwinbindd\fR\&. Log files are stored in the filename specified by the log file parameter\&. |