diff options
Diffstat (limited to 'docs/manpages')
| -rw-r--r-- | docs/manpages/pdbedit.8 | 54 | ||||
| -rw-r--r-- | docs/manpages/rpcclient.1 | 2 | ||||
| -rw-r--r-- | docs/manpages/samba.7 | 405 | ||||
| -rw-r--r-- | docs/manpages/smb.conf.5 | 570 | ||||
| -rw-r--r-- | docs/manpages/smbmount.8 | 11 | ||||
| -rw-r--r-- | docs/manpages/wbinfo.1 | 4 |
6 files changed, 576 insertions, 470 deletions
diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index 51dcf44bf0..ff0fc1244b 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -23,9 +23,9 @@ pdbedit \- manage the SAM database .SH "SYNOPSIS" .nf -\fBpdbedit\fR [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S +\fBpdbedit\fR [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] - [-g] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] + [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] [-C value] .fi @@ -46,11 +46,11 @@ There are five main ways to use pdbedit: adding a user account, removing a user .SH "OPTIONS" .TP --l +-L This option lists all the user accounts present in the users database\&. This option prints a list of user/uid pairs separated by the ':' character\&. -Example: \fBpdbedit -l\fR +Example: \fBpdbedit -L\fR .nf @@ -65,7 +65,7 @@ samba:45:Test User This option enables the verbose listing format\&. It causes pdbedit to list the users in the database, printing out the account fields in a descriptive format\&. -Example: \fBpdbedit -l -v\fR +Example: \fBpdbedit -L -v\fR .nf @@ -96,7 +96,7 @@ Profile Path: \\\\BERSERKER\\profile This option sets the "smbpasswd" listing format\&. It will make pdbedit list the users in the database, printing out the account fields in a format compatible with the \fIsmbpasswd\fR file format\&. (see the \fBsmbpasswd\fR(5) for details) -Example: \fBpdbedit -l -w\fR +Example: \fBpdbedit -L -w\fR sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: @@ -148,6 +148,30 @@ Example: \fB-p "\\\\BERSERKER\\netlogon"\fR .TP +-G SID|rid +This option can be used while adding or modifying a user account\&. It will specify the users' new primary group SID (Security Identifier) or rid\&. + + +Example: \fB-G S-1-5-21-2447931902-1787058256-3961074038-1201\fR + + +.TP +-U SID|rid +This option can be used while adding or modifying a user account\&. It will specify the users' new SID (Security Identifier) or rid\&. + + +Example: \fB-U S-1-5-21-2447931902-1787058256-3961074038-5004\fR + + +.TP +-c account-control +This option can be used while adding or modifying a user account\&. It will specify the users' account control property\&. Possible flags that can be set are: N, D, H, L, X\&. + + +Example: \fB-c "[X ]"\fR + + +.TP -a This option is used to add a user into the database\&. This command needs a user name specified with the -u switch\&. When adding a new user, pdbedit will also ask for the password to be used\&. @@ -161,6 +185,11 @@ retype new password .TP +-r +This option is used to modify an existing user in the database\&. This command needs a user name specified with the -u switch\&. Other options can be specified to modify the properties of the specified user\&. This flag is kept for backwards compatibility, but it is no longer necessary to specify it\&. + + +.TP -m This option may only be used in conjunction with the \fI-a\fR option\&. It will make pdbedit to add a machine trust account instead of a user account (-u username will provide the machine name)\&. @@ -207,14 +236,6 @@ This option will ease migration from one passdb backend to another and will ease .TP --g -If you specify \fI-g\fR, then \fI-i in-backend -e out-backend\fR applies to the group mapping instead of the user database\&. - - -This option will ease migration from one passdb backend to another and will ease backing up\&. - - -.TP -b passdb-backend Use a different default passdb backend\&. @@ -296,7 +317,7 @@ This command may be used only by root\&. .SH "VERSION" .PP -This man page is correct for version 2\&.2 of the Samba suite\&. +This man page is correct for version 3\&.0 of the Samba suite\&. .SH "SEE ALSO" @@ -308,6 +329,3 @@ This man page is correct for version 2\&.2 of the Samba suite\&. .PP The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. -.PP -The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&. - diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 7655d6c312..34cb6a1fa5 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -457,7 +457,7 @@ Execute an EnumPrinterDrivers() call\&. This lists the various installed printer .TP enumprinters [level] -Execute an EnumPrinters() call\&. This lists the various installed and share printers\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 0, 1, and 2\&. +Execute an EnumPrinters() call\&. This lists the various installed and share printers\&. Refer to the MS Platform SDK documentation for more details of the various flags and calling options\&. Currently supported info levels are 1, 2 and 5\&. .TP diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index 9f01169a5a..50665c700b 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -1,230 +1,221 @@ -.\" This manpage has been automatically generated by docbook2man -.\" from a DocBook document. This tool can be found at: -.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> -.\" Please send any bug reports, improvements, comments, patches, -.\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SAMBA" "7" "19 april 2003" "" "" - +.\"Generated by db2man.xsl. Don't modify this, modify the source. +.de Sh \" Subsection +.br +.if t .Sp +.ne 5 +.PP +\fB\\$1\fR +.PP +.. +.de Sp \" Vertical space (when we can't use .PP) +.if t .sp .5v +.if n .sp +.. +.de Ip \" List item +.br +.ie \\n(.$>=3 .ne \\$3 +.el .ne 3 +.IP "\\$1" \\$2 +.. +.TH "SAMBA" 7 "" "" "" .SH NAME -Samba \- A Windows SMB/CIFS fileserver for UNIX -.SH SYNOPSIS +samba \- A Windows SMB/CIFS fileserver for UNIX +.SH "SYNOPSIS" -\fBSamba\fR +.nf +\fBSamba\fR +.fi .SH "DESCRIPTION" + .PP -The Samba software suite is a collection of programs -that implements the Server Message Block (commonly abbreviated -as SMB) protocol for UNIX systems. This protocol is sometimes -also referred to as the Common Internet File System (CIFS). For a -more thorough description, see http://www.ubiqx.org/cifs/ <URL:http://www.ubiqx.org/cifs/>. Samba also implements the NetBIOS -protocol in nmbd. -.TP -\fBsmbd(8)\fR -The \fBsmbd\fR daemon provides the file and print services to -SMB clients, such as Windows 95/98, Windows NT, Windows -for Workgroups or LanManager. The configuration file -for this daemon is described in \fBsmb.conf\fR(5) -.TP -\fBnmbd(8)\fR -The \fBnmbd\fR -daemon provides NetBIOS nameservice and browsing -support. The configuration file for this daemon -is described in \fBsmb.conf\fR(5) -.TP -\fBsmbclient(1)\fR -The \fBsmbclient\fR -program implements a simple ftp-like client. This -is useful for accessing SMB shares on other compatible -servers (such as Windows NT), and can also be used -to allow a UNIX box to print to a printer attached to -any SMB server (such as a PC running Windows NT). -.TP -\fBtestparm(1)\fR -The \fBtestparm\fR -utility is a simple syntax checker for Samba's \fBsmb.conf\fR(5) configuration file. -.TP -\fBtestprns(1)\fR -The \fBtestprns\fR -utility supports testing printer names defined -in your \fIprintcap\fR file used -by Samba. -.TP -\fBsmbstatus(1)\fR -The \fBsmbstatus\fR -tool provides access to information about the -current connections to \fBsmbd\fR. -.TP -\fBnmblookup(1)\fR -The \fBnmblookup\fR -tools allows NetBIOS name queries to be made -from a UNIX host. -.TP -\fBsmbgroupedit(8)\fR -The \fBsmbgroupedit\fR -tool allows for mapping unix groups to NT Builtin, -Domain, or Local groups. Also it allows setting -priviledges for that group, such as saAddUser, etc. -.TP -\fBsmbpasswd(8)\fR -The \fBsmbpasswd\fR -command is a tool for changing LanMan and Windows NT -password hashes on Samba and Windows NT servers. -.TP -\fBsmbcacls(1)\fR -The \fBsmbcacls\fR command is -a tool to set ACL's on remote CIFS servers. -.TP -\fBsmbsh(1)\fR -The \fBsmbsh\fR command is -a program that allows you to run a unix shell with -with an overloaded VFS. -.TP -\fBsmbtree(1)\fR -The \fBsmbtree\fR command -is a text-based network neighborhood tool. -.TP -\fBsmbtar(1)\fR -The \fBsmbtar\fR can make -backups of data on CIFS/SMB servers. -.TP -\fBsmbspool(8)\fR -\fBsmbspool\fR is a -helper utility for printing on printers connected -to CIFS servers. -.TP -\fBsmbcontrol(1)\fR -\fBsmbcontrol\fR is a utility -that can change the behaviour of running samba daemons. -.TP -\fBrpcclient(1)\fR -\fBrpcclient\fR is a utility -that can be used to execute RPC commands on remote -CIFS servers. -.TP -\fBpdbedit(8)\fR -The \fBpdbedit\fR command -can be used to maintain the local user database on -a samba server. -.TP -\fBfindsmb(1)\fR -The \fBfindsmb\fR command -can be used to find SMB servers on the local network. -.TP -\fBnet(8)\fR -The \fBnet\fR command -is supposed to work similar to the DOS/Windows -NET.EXE command. -.TP -\fBswat(8)\fR -\fBswat\fR is a web-based -interface to configuring \fIsmb.conf\fR. -.TP -\fBwinbindd(8)\fR -\fBwinbindd\fR is a daemon -that is used for integrating authentication and -the user database into unix. -.TP -\fBwbinfo(1)\fR -\fBwbinfo\fR is a utility -that retrieves and stores information related to winbind. -.TP -\fBeditreg(1)\fR -\fBeditreg\fR is a command-line -utility that can edit windows registry files. -.TP -\fBprofiles(1)\fR -\fBprofiles\fR is a command-line -utility that can be used to replace all occurences of -a certain SID with another SID. -.TP -\fBvfstest(1)\fR -\fBvfstest\fR is a utility -that can be used to test vfs modules. -.TP -\fBntlm_auth(1)\fR -\fBntlm_auth\fR is a helper-utility -for external programs wanting to do NTLM-authentication. -.TP -\fBsmbmount(8), smbumount(8), smbmount(8)\fR -\fBsmbmount\fR,\fBsmbmnt\fR and \fBsmbmnt\fR are commands that can be used to -mount CIFS/SMB shares on Linux. -.TP -\fBsmbcquotas(1)\fR -\fBsmbcquotas\fR is a tool that -can set remote QUOTA's on server with NTFS 5. +The Samba software suite is a collection of programs that implements the Server Message Block (commonly abbreviated as SMB) protocol for UNIX systems\&. This protocol is sometimes also referred to as the Common Internet File System (CIFS)\&. For a more thorough description, see http://www\&.ubiqx\&.org/cifs/\&. Samba also implements the NetBIOS protocol in nmbd\&. + +.TP +\fBsmbd\fR(8) +The \fBsmbd\fR daemon provides the file and print services to SMB clients, such as Windows 95/98, Windows NT, Windows for Workgroups or LanManager\&. The configuration file for this daemon is described in \fBsmb.conf\fR(5) + + +.TP +\fBnmbd\fR(8) +The \fBnmbd\fR daemon provides NetBIOS nameservice and browsing support\&. The configuration file for this daemon is described in \fBsmb.conf\fR(5) + + +.TP +\fBsmbclient\fR(1) +The \fBsmbclient\fR program implements a simple ftp-like client\&. This is useful for accessing SMB shares on other compatible servers (such as Windows NT), and can also be used to allow a UNIX box to print to a printer attached to any SMB server (such as a PC running Windows NT)\&. + + +.TP +\fBtestparm\fR(1) +The \fBtestparm\fR utility is a simple syntax checker for Samba's \fBsmb.conf\fR(5) configuration file\&. + + +.TP +\fBtestprns\fR(1) +The \fBtestprns\fR utility supports testing printer names defined in your \fIprintcap\fR file used by Samba\&. + + +.TP +\fBsmbstatus\fR(1) +The \fBsmbstatus\fR tool provides access to information about the current connections to \fBsmbd\fR\&. + + +.TP +\fBnmblookup\fR(1) +The \fBnmblookup\fR tools allows NetBIOS name queries to be made from a UNIX host\&. + + +.TP +\fBsmbgroupedit\fR(8) +The \fBsmbgroupedit\fR tool allows for mapping unix groups to NT Builtin, Domain, or Local groups\&. Also it allows setting priviledges for that group, such as saAddUser, etc\&. + + +.TP +\fBsmbpasswd\fR(8) +The \fBsmbpasswd\fR command is a tool for changing LanMan and Windows NT password hashes on Samba and Windows NT servers\&. + + +.TP +\fBsmbcacls\fR(1) +The \fBsmbcacls\fR command is a tool to set ACL's on remote CIFS servers\&. + + +.TP +\fBsmbsh\fR(1) +The \fBsmbsh\fR command is a program that allows you to run a unix shell with with an overloaded VFS\&. + + +.TP +\fBsmbtree\fR(1) +The \fBsmbtree\fR command is a text-based network neighborhood tool\&. + + +.TP +\fBsmbtar\fR(1) +The \fBsmbtar\fR can make backups of data on CIFS/SMB servers\&. + + +.TP +\fBsmbspool\fR(8) +\fBsmbspool\fR is a helper utility for printing on printers connected to CIFS servers\&. + + +.TP +\fBsmbcontrol\fR(1) +\fBsmbcontrol\fR is a utility that can change the behaviour of running samba daemons\&. + + +.TP +\fBrpcclient\fR(1) +\fBrpcclient\fR is a utility that can be used to execute RPC commands on remote CIFS servers\&. + + +.TP +\fBpdbedit\fR(8) +The \fBpdbedit\fR command can be used to maintain the local user database on a samba server\&. + + +.TP +\fBfindsmb\fR(1) +The \fBfindsmb\fR command can be used to find SMB servers on the local network\&. + + +.TP +\fBnet\fR(8) +The \fBnet\fR command is supposed to work similar to the DOS/Windows NET\&.EXE command\&. + + +.TP +\fBswat\fR(8) +\fBswat\fR is a web-based interface to configuring \fIsmb\&.conf\fR\&. + + +.TP +\fBwinbindd\fR(8) +\fBwinbindd\fR is a daemon that is used for integrating authentication and the user database into unix\&. + + +.TP +\fBwbinfo\fR(1) +\fBwbinfo\fR is a utility that retrieves and stores information related to winbind\&. + + +.TP +\fBeditreg\fR(1) +\fBeditreg\fR is a command-line utility that can edit windows registry files\&. + + +.TP +\fBprofiles\fR(1) +\fBprofiles\fR is a command-line utility that can be used to replace all occurences of a certain SID with another SID\&. + + +.TP +\fBvfstest\fR(1) +\fBvfstest\fR is a utility that can be used to test vfs modules\&. + + +.TP +\fBntlm_auth\fR(1) +\fBntlm_auth\fR is a helper-utility for external programs wanting to do NTLM-authentication\&. + + +.TP +\fBsmbmount\fR(8), \fBsmbumount\fR(8), \fBsmbmount\fR(8) +\fBsmbmount\fR,\fBsmbmnt\fR and \fBsmbmnt\fR are commands that can be used to mount CIFS/SMB shares on Linux\&. + + +.TP +\fBsmbcquotas\fR(1) +\fBsmbcquotas\fR is a tool that can set remote QUOTA's on server with NTFS 5\&. + + .SH "COMPONENTS" + .PP -The Samba suite is made up of several components. Each -component is described in a separate manual page. It is strongly -recommended that you read the documentation that comes with Samba -and the manual pages of those components that you use. If the -manual pages and documents aren't clear enough then please visit -http://devel.samba.org <URL:http://devel.samba.org/> -for information on how to file a bug report or submit a patch. +The Samba suite is made up of several components\&. Each component is described in a separate manual page\&. It is strongly recommended that you read the documentation that comes with Samba and the manual pages of those components that you use\&. If the manual pages and documents aren't clear enough then please visithttp://devel\&.samba\&.org for information on how to file a bug report or submit a patch\&. + .PP -If you require help, visit the Samba webpage at -http://www.samba.org/ <URL:http://samba.org/> and -explore the many option available to you. +If you require help, visit the Samba webpage athttp://www\&.samba\&.org/ and explore the many option available to you\&. + .SH "AVAILABILITY" + .PP -The Samba software suite is licensed under the -GNU Public License(GPL). A copy of that license should -have come with the package in the file COPYING. You are -encouraged to distribute copies of the Samba suite, but -please obey the terms of this license. +The Samba software suite is licensed under the GNU Public License(GPL)\&. A copy of that license should have come with the package in the file COPYING\&. You are encouraged to distribute copies of the Samba suite, but please obey the terms of this license\&. + .PP -The latest version of the Samba suite can be -obtained via anonymous ftp from samba.org in the -directory pub/samba/. It is also available on several -mirror sites worldwide. +The latest version of the Samba suite can be obtained via anonymous ftp from samba\&.org in the directory pub/samba/\&. It is also available on several mirror sites worldwide\&. + .PP -You may also find useful information about Samba -on the newsgroup comp.protocol.smb <URL:news:comp.protocols.smb> and the Samba mailing -list. Details on how to join the mailing list are given in -the README file that comes with Samba. +You may also find useful information about Samba on the newsgroup comp\&.protocol\&.smb and the Samba mailing list\&. Details on how to join the mailing list are given in the README file that comes with Samba\&. + .PP -If you have access to a WWW viewer (such as Mozilla -or Konqueror) then you will also find lots of useful information, -including back issues of the Samba mailing list, at -http://lists.samba.org <URL:http://lists.samba.org/>. +If you have access to a WWW viewer (such as Mozilla or Konqueror) then you will also find lots of useful information, including back issues of the Samba mailing list, athttp://lists\&.samba\&.org\&. + .SH "VERSION" + .PP -This man page is correct for version 3.0 of the -Samba suite. +This man page is correct for version 3\&.0 of the Samba suite\&. + .SH "CONTRIBUTIONS" + .PP -If you wish to contribute to the Samba project, -then I suggest you join the Samba mailing list at -http://lists.samba.org <URL:http://lists.samba.org/>. +If you wish to contribute to the Samba project, then I suggest you join the Samba mailing list athttp://lists\&.samba\&.org\&. + .PP -If you have patches to submit, visit -http://devel.samba.org/ <URL:http://devel.samba.org/> -for information on how to do it properly. We prefer patches -in \fBdiff -u\fR format. +If you have patches to submit, visithttp://devel\&.samba\&.org/ for information on how to do it properly\&. We prefer patches in \fBdiff -u\fR format\&. + .SH "CONTRIBUTORS" + .PP -Contributors to the project are now too numerous -to mention here but all deserve the thanks of all Samba -users. To see a full list, look at ftp://samba.org/pub/samba/alpha/change-log <URL:ftp://samba.org/pub/samba/alpha/change-log> -for the pre-CVS changes and at ftp://samba.org/pub/samba/alpha/cvs.log <URL:ftp://samba.org/pub/samba/alpha/cvs.log> -for the contributors to Samba post-CVS. CVS is the Open Source -source code control system used by the Samba Team to develop -Samba. The project would have been unmanageable without it. -.PP -In addition, several commercial organizations now help -fund the Samba Team with money and equipment. For details see -the Samba Web pages at http://samba.org/samba/samba-thanks.html +Contributors to the project are now too numerous to mention here but all deserve the thanks of all Samba users\&. To see a full list, look at the\fIchange-log\fR in the source package for the pre-CVS changes and at http://cvs\&.samba\&.org/ for the contributors to Samba post-CVS\&. CVS is the Open Source source code control system used by the Samba Team to develop Samba\&. The project would have been unmanageable without it\&. + .SH "AUTHOR" + .PP -The original Samba software and related utilities -were created by Andrew Tridgell. Samba is now developed -by the Samba Team as an Open Source project similar -to the way the Linux kernel is developed. +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. + .PP -The original Samba man pages were written by Karl Auer. -The man page sources were converted to YODL format (another -excellent piece of Open Source software, available at ftp://ftp.icce.rug.nl/pub/unix/ <URL:ftp://ftp.icce.rug.nl/pub/unix/>) and updated for the Samba 2.0 -release by Jeremy Allison. The conversion to DocBook for -Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML -4.2 for Samba 3.0 was done by Alexander Bokovoy. +The original Samba man pages were written by Karl Auer\&. The man page sources were converted to YODL format (another excellent piece of Open Source software, available at ftp://ftp\&.icce\&.rug\&.nl/pub/unix/) and updated for the Samba 2\&.0 release by Jeremy Allison\&. The conversion to DocBook for Samba 2\&.2 was done by Gerald Carter\&. The conversion to DocBook XML 4\&.2 for Samba 3\&.0 was done by Alexander Bokovoy\&. + diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 74716bf1bd..3e0bc555ea 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -460,10 +460,6 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIads server\fR - -.TP -\(bu \fIalgorithmic rid base\fR .TP @@ -504,6 +500,10 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIclient use spnego\fR + +.TP +\(bu \fIconfig file\fR .TP @@ -532,11 +532,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIdefault service\fR +\fIdefault\fR .TP \(bu -\fIdefault\fR +\fIdefault service\fR .TP \(bu @@ -632,6 +632,14 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu +\fIidmap gid\fR + +.TP +\(bu +\fIidmap uid\fR + +.TP +\(bu \fIinclude\fR .TP @@ -716,11 +724,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIlock directory\fR +\fIlock dir\fR .TP \(bu -\fIlock dir\fR +\fIlock directory\fR .TP \(bu @@ -912,11 +920,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIpasswd chat debug\fR +\fIpasswd chat\fR .TP \(bu -\fIpasswd chat\fR +\fIpasswd chat debug\fR .TP \(bu @@ -944,11 +952,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIpreload modules\fR +\fIpreload\fR .TP \(bu -\fIpreload\fR +\fIpreload modules\fR .TP \(bu @@ -992,7 +1000,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIroot directory\fR +\fIroot\fR .TP \(bu @@ -1000,7 +1008,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIroot\fR +\fIroot directory\fR .TP \(bu @@ -1048,11 +1056,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIstat cache size\fR +\fIstat cache\fR .TP \(bu -\fIstat cache\fR +\fIstat cache size\fR .TP \(bu @@ -1060,11 +1068,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIsyslog only\fR +\fIsyslog\fR .TP \(bu -\fIsyslog\fR +\fIsyslog only\fR .TP \(bu @@ -1128,11 +1136,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIutmp directory\fR +\fIutmp\fR .TP \(bu -\fIutmp\fR +\fIutmp directory\fR .TP \(bu @@ -1279,19 +1287,19 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIdirectory mask\fR +\fIdirectory\fR .TP \(bu -\fIdirectory mode\fR +\fIdirectory mask\fR .TP \(bu -\fIdirectory security mask\fR +\fIdirectory mode\fR .TP \(bu -\fIdirectory\fR +\fIdirectory security mask\fR .TP \(bu @@ -1459,6 +1467,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu +\fImap acl inherit\fR + +.TP +\(bu \fImap archive\fR .TP @@ -1479,6 +1491,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu +\fImax reported print jobs\fR + +.TP +\(bu \fImin print space\fR .TP @@ -1523,11 +1539,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIpreexec close\fR +\fIpreexec\fR .TP \(bu -\fIpreexec\fR +\fIpreexec close\fR .TP \(bu @@ -1547,15 +1563,15 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIprinter admin\fR +\fIprinter\fR .TP \(bu -\fIprinter name\fR +\fIprinter admin\fR .TP \(bu -\fIprinter\fR +\fIprinter name\fR .TP \(bu @@ -1591,11 +1607,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIroot preexec close\fR +\fIroot preexec\fR .TP \(bu -\fIroot preexec\fR +\fIroot preexec close\fR .TP \(bu @@ -1635,6 +1651,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu +\fIuser\fR + +.TP +\(bu \fIusername\fR .TP @@ -1643,11 +1663,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIuser\fR +\fIuse sendfile\fR .TP \(bu -\fIuse sendfile\fR +\fI-valid\fR .TP \(bu @@ -1667,11 +1687,7 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIvfs options\fR - -.TP -\(bu -\fIvfs path\fR +\fIvfs objects\fR .TP \(bu @@ -1859,17 +1875,6 @@ Example: \fBadmin users = jason\fR .TP -ads server (G) -If this option is specified, samba does not try to figure out what ads server to use itself, but uses the specified ads server\&. Either one DNS name or IP address can be used\&. - - -Default: \fBads server = \fR - - -Example: \fBads server = 192.168.1.2\fR - - -.TP algorithmic rid base (G) This determines how Samba will use its algorithmic mapping from uids/gid to the RIDs needed to construct NT Security Identifiers\&. @@ -1926,16 +1931,19 @@ Example: \fBannounce version = 2.0\fR .TP auth methods (G) -This option allows the administrator to chose what authentication methods \fBsmbd\fR will use when authenticating a user\&. This option defaults to sensible values based on \fIsecurity\fR\&. +This option allows the administrator to chose what authentication methods \fBsmbd\fR will use when authenticating a user\&. This option defaults to sensible values based on \fIsecurity\fR\&. This should be considered a developer option and used only in rare circumstances\&. In the majority (if not all) of production servers, the default setting should be adequate\&. Each entry in the list attempts to authenticate the user in turn, until the user authenticates\&. In practice only one method will ever actually be able to complete the authentication\&. +Possible options include \fBguest\fR (anonymous access), \fBsam\fR (lookups in local list of accounts based on netbios name or domain name), \fBwinbind\fR (relay authentication requests for remote users through winbindd), \fBntdomain\fR (pre-winbindd method of authentication for remote domain users; deprecated in favour of winbind method), \fBtrustdomain\fR (authenticate trusted users by contacting the remote DC directly from smbd; deprecated in favour of winbind method)\&. + + Default: \fBauth methods = <empty string>\fR -Example: \fBauth methods = guest sam ntdomain\fR +Example: \fBauth methods = guest sam winbind\fR .TP @@ -2076,6 +2084,14 @@ Example: \fBchange share command = /usr/local/bin/addshare\fR .TP +client use spnego (G) +This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism\&. SPNEGO client support with Sign and Seal is currently broken, so you might want to turn this option off when doing joins to Windows 2003 domains\&. + + +Default: \fBclient use spnego = yes\fR + + +.TP comment (S) This is a text field that is seen next to a share when a client does a queries the server, either via the network neighborhood or via \fBnet view\fR to list what shares are available\&. @@ -2241,6 +2257,11 @@ Default: \fBdebug uid = no\fR .TP +default (G) +A synonym for \fI default service\fR\&. + + +.TP default case (S) See the section on NAME MANGLING\&. Also note the \fIshort preserve case\fR parameter\&. @@ -2296,11 +2317,6 @@ Example: .TP -default (G) -A synonym for \fI default service\fR\&. - - -.TP delete group script (G) This is the full pathname to a script that will be run \fBAS ROOT\fR \fBsmbd\fR(8) when a group is requested to be deleted\&. It will expand any \fI%g\fR to the group name passed\&. This script is only useful for installations using the Windows NT domain administration tools\&. @@ -2457,6 +2473,11 @@ Note that you may have to replace the command names with full path names on some .TP +directory (S) +Synonym for \fIpath\fR\&. + + +.TP directory mask (S) This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories\&. @@ -2517,11 +2538,6 @@ Example: \fBdirectory security mask = 0700\fR .TP -directory (S) -Synonym for \fIpath\fR\&. - - -.TP disable netbios (G) Enabling this parameter will disable netbios support in Samba\&. Netbios is the only available form of browsing in all windows versions except for 2000 and XP\&. @@ -3121,6 +3137,31 @@ Example: \fBhosts equiv = /etc/hosts.equiv\fR .TP +idmap gid (G) +The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&. + + +The availability of an idmap gid range is essential for correct operation of all group mapping\&. + + +Default: \fBidmap gid = <empty string>\fR + + +Example: \fBidmap gid = 10000-20000\fR + + +.TP +idmap uid (G) +The idmap uid parameter specifies the range of user ids that are allocated for use in mapping UNIX users to NT user SIDs\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&. + + +Default: \fBidmap uid = <empty string>\fR + + +Example: \fBidmap uid = 10000-20000\fR + + +.TP include (G) This allows you to include one config file inside another\&. The file is included literally, as though typed in place\&. @@ -3261,6 +3302,15 @@ lanman auth (G) This parameter determines whether or not \fBsmbd\fR(8) will attempt to authenticate users using the LANMAN password hash\&. If disabled, only clients which support NT password hashes (e\&.g\&. Windows NT/2000 clients, smbclient, etc\&.\&.\&. but not Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host\&. +The LANMAN encrypted response is easily broken, due to it's case-insensitive nature, and the choice of algorithm\&. Servers without Windows 95/98 or MS DOS clients are advised to disable this option\&. + + +Unlike the \fBencypt passwords\fR option, this parameter cannot alter client behaviour, and the LANMAN response will still be sent over the network\&. See the \fBclient lanman auth\fR to disable this for Samba's clients (such as smbclient) + + +If this option, and \fBntlm auth\fR are both disabled, then only NTLMv2 logins will be permited\&. Not all clients support NTLMv2, and most will require special configuration to us it\&. + + Default : \fBlanman auth = yes\fR @@ -3464,6 +3514,11 @@ Default: \fBlocal master = yes\fR .TP +lock dir (G) +Synonym for \fI lock directory\fR\&. + + +.TP lock directory (G) This option specifies the directory where lock files will be placed\&. The lock files are used to implement the \fImax connections\fR option\&. @@ -3475,11 +3530,6 @@ Example: \fBlock directory = /var/run/samba/locks\fR .TP -lock dir (G) -Synonym for \fI lock directory\fR\&. - - -.TP locking (S) This controls whether or not locking will be performed by the server in response to lock requests from the client\&. @@ -3950,6 +4000,14 @@ Example: \fBmangling method = hash\fR .TP +map acl inherit (S) +This boolean parameter controls whether \fBsmbd\fR(8) will attempt to map the 'inherit' and 'protected' access control entry flags stored in Windows ACLs into an extended attribute called user\&.SAMBA_PAI\&. This parameter only takes effect if Samba is being run on a platform that supports extended attributes (Linux and IRIX so far) and allows the Windows 2000 ACL editor to correctly use inheritance with the Samba POSIX ACL mapping code\&. + + +Default: \fBmap acl inherit = no\fR + + +.TP map archive (S) This controls whether the DOS archive attribute should be mapped to the UNIX owner execute bit\&. The DOS archive bit is set when a file has been modified since its last backup\&. One motivation for this option it to keep Samba/your PC from making any file it touches from becoming executable under UNIX\&. This can be quite annoying for shared source code, documents, etc\&.\&.\&. @@ -4120,6 +4178,17 @@ Example: \fBmax protocol = LANMAN1\fR .TP +max reported print jobs (S) +This parameter limits the maximum number of jobs displayed in a port monitor for Samba printer queue at any given moment\&. If this number is exceeded, the excess jobs will not be shown\&. A value of zero means there is no limit on the number of print jobs reported\&. See all \fItotal print jobs\fR and \fImax print jobs\fR parameters\&. + + +Default: \fBmax reported print jobs = 0\fR + + +Example: \fBmax reported print jobs = 1000\fR + + +.TP max smbd processes (G) This parameter limits the maximum number of \fBsmbd\fR(8) processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections\&. Remember that under normal operating conditions, each user will have an \fBsmbd\fR(8) associated with him or her to handle connections to all shares from a given host\&. @@ -4300,7 +4369,7 @@ Example: \fBname cache timeout = 0\fR .TP name resolve order (G) -This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses\&. The option takes a space separated string of name resolution options\&. +This option is used by the programs in the Samba suite to determine what naming services to use and in what order to resolve host names to IP addresses\&. Its main purpose to is to control how netbios name resolution is performed\&. The option takes a space separated string of name resolution options\&. The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be resolved as follows: @@ -4308,7 +4377,7 @@ The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be \fBlmhosts\fR : Lookup an IP address in the Samba lmhosts file\&. If the line in lmhosts has no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup\&. -\fBhost\fR : Do a standard host name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fR file\&. Note that this method is only used if the NetBIOS name type being queried is the 0x20 (server) name type, otherwise it is ignored\&. +\fBhost\fR : Do a standard host name to IP address resolution, using the system \fI/etc/hosts \fR, NIS, or DNS lookups\&. This method of name resolution is operating system depended for instance on IRIX or Solaris this may be controlled by the \fI/etc/nsswitch\&.conf\fR file\&. Note that this method is used only if the NetBIOS name type being queried is the 0x20 (server) name type or 0x1c (domain controllers)\&. The latter case is only useful for active directory domains and results in a DNS query for the SRV RR entry matching _ldap\&._tcp\&.domain\&. \fBwins\fR : Query a name with the IP address listed in the \fI wins server\fR parameter\&. If no WINS server has been specified this method will be ignored\&. @@ -4323,6 +4392,15 @@ Example: \fBname resolve order = lmhosts bcast host\fR This will cause the local lmhosts file to be examined first, followed by a broadcast attempt, followed by a normal system hostname lookup\&. +When Samba is functioning in ADS security mode (\fBsecurity = ads\fR) it is advised to use following settings for \fIname resolve order\fR: + + +\fBname resolve order = wins bcast\fR + + +DC lookups will still be done via DNS, but fallbacks to netbios names will not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups\&. + + .TP netbios aliases (G) This is a list of NetBIOS names that nmbd(8) will advertise as additional names by which the Samba server is known\&. This allows one machine to appear in browse lists under multiple names\&. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon servers, only the primary name of the machine will be advertised with these capabilities\&. @@ -4396,10 +4474,10 @@ Default: \fBnt acl support = yes\fR .TP ntlm auth (G) -This parameter determines whether or not \fBsmbd\fR(8) will attempt to authenticate users using the NTLM password hash\&. If disabled, only the lanman password hashes will be used\&. +This parameter determines whether or not \fBsmbd\fR(8) will attempt to authenticate users using the NTLM encrypted password response\&. If disabled, either the lanman password hash or an NTLMv2 response will need to be sent by the client\&. -Please note that at least this option or \fBlanman auth\fR should be enabled in order to be able to log in\&. +If this option, and \fBlanman auth\fR are both disabled, then only NTLMv2 logins will be permited\&. Not all clients support NTLMv2, and most will require special configuration to us it\&. Default : \fBntlm auth = yes\fR @@ -4570,30 +4648,19 @@ This option allows the administrator to chose which backends to retrieve and sto This parameter is in two parts, the backend's name, and a 'location' string that has meaning only to that particular backed\&. These are separated by a : character\&. -Available backends can include: .TP 3 \(bu \fBsmbpasswd\fR - The default smbpasswd backend\&. Takes a path to the smbpasswd file as an optional argument\&. .TP \(bu \fBsmbpasswd_nua\fR - The smbpasswd backend, but with support for 'not unix accounts'\&. Takes a path to the smbpasswd file as an optional argument\&. See also \fInon unix account range\fR .TP \(bu \fBtdbsam\fR - The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the \fIprivate dir\fR directory\&. .TP \(bu \fBtdbsam_nua\fR - The TDB based password storage backend, with non unix account support\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the \fIprivate dir\fR directory\&. See also \fInon unix account range\fR .TP \(bu \fBldapsam\fR - The LDAP based passdb backend\&. Takes an LDAP URL as an optional argument (defaults to \fBldap://localhost\fR) .TP \(bu \fBldapsam_nua\fR - The LDAP based passdb backend, with non unix account support\&. Takes an LDAP URL as an optional argument (defaults to \fBldap://localhost\fR) Note: In this module, any account without a matching POSIX account is regarded as 'non unix'\&. See also \fInon unix account range\fR LDAP connections should be secured where possible\&. This may be done using either Start-TLS (see \fIldap ssl\fR) or by specifying \fIldaps://\fR in the URL argument\&. .TP \(bu \fBnisplussam\fR - The NIS+ based passdb backend\&. Takes name NIS domain as an optional argument\&. Only works with sun NIS+ servers\&. .LP +Available backends can include: .TP 3 \(bu \fBsmbpasswd\fR - The default smbpasswd backend\&. Takes a path to the smbpasswd file as an optional argument\&. .TP \(bu \fBtdbsam\fR - The TDB based password storage backend\&. Takes a path to the TDB as an optional argument (defaults to passdb\&.tdb in the \fIprivate dir\fR directory\&. .TP \(bu \fBldapsam\fR - The LDAP based passdb backend\&. Takes an LDAP URL as an optional argument (defaults to \fBldap://localhost\fR) LDAP connections should be secured where possible\&. This may be done using either Start-TLS (see \fIldap ssl\fR) or by specifying \fIldaps://\fR in the URL argument\&. .TP \(bu \fBnisplussam\fR - The NIS+ based passdb backend\&. Takes name NIS domain as an optional argument\&. Only works with sun NIS+ servers\&. .TP \(bu \fBmysql\fR - The MySQL based passdb backend\&. Takes an identifier as argument\&. Read the Samba HOWTO Collection for configuration details\&. .TP \(bu \fBguest\fR - Very simple backend that only provides one user: the guest user\&. Only maps the NT guest user to the \fIguest account\fR\&. Required in pretty much all situations\&. .LP -Default: \fBpassdb backend = smbpasswd unixsam\fR +Default: \fBpassdb backend = smbpasswd\fR Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest\fR -Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com guest\fR +Example: \fBpassdb backend = ldapsam:ldaps://ldap.example.com guest\fR -Example: \fBpassdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR - - -.TP -passwd chat debug (G) -This boolean specifies if the passwd chat script parameter is run in \fBdebug\fR mode\&. In this mode the strings passed to and received from the passwd chat are printed in the \fBsmbd\fR(8) log with a \fIdebug level\fR of 100\&. This is a dangerous option as it will allow plaintext passwords to be seen in the \fBsmbd\fR log\&. It is available to help Samba admins debug their \fIpasswd chat\fR scripts when calling the \fIpasswd program\fR and should be turned off after this has been done\&. This option has no effect if the \fIpam password change\fR paramter is set\&. This parameter is off by default\&. - - -See also \fIpasswd chat\fR , \fIpam password change\fR , \fIpasswd program\fR \&. - - -Default: \fBpasswd chat debug = no\fR +Example: \fBpassdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest\fR .TP @@ -4626,6 +4693,17 @@ Example: \fBpasswd chat = "*Enter OLD password*" %o\\n "*Enter NEW password*" %n .TP +passwd chat debug (G) +This boolean specifies if the passwd chat script parameter is run in \fBdebug\fR mode\&. In this mode the strings passed to and received from the passwd chat are printed in the \fBsmbd\fR(8) log with a \fIdebug level\fR of 100\&. This is a dangerous option as it will allow plaintext passwords to be seen in the \fBsmbd\fR log\&. It is available to help Samba admins debug their \fIpasswd chat\fR scripts when calling the \fIpasswd program\fR and should be turned off after this has been done\&. This option has no effect if the \fIpam password change\fR paramter is set\&. This parameter is off by default\&. + + +See also \fIpasswd chat\fR , \fIpam password change\fR , \fIpasswd program\fR \&. + + +Default: \fBpasswd chat debug = no\fR + + +.TP passwd program (G) The name of a program that can be used to set UNIX user passwords\&. Any occurrences of \fI%u\fR will be replaced with the user name\&. The user name is checked for existence before calling the password changing program\&. @@ -4685,13 +4763,13 @@ Example: \fBpassword level = 4\fR .TP password server (G) -By specifying the name of another SMB server (such as a WinNT box) with this option, and using \fBsecurity = domain \fR or \fBsecurity = server\fR you can get Samba to do all its username/password validation via a remote server\&. +By specifying the name of another SMB server or Active Directory domain controller with this option, and using \fBsecurity = [ads|domain|server]\fR it is possible to get Samba to to do all its username/password validation using a specific remote server\&. -This option sets the name of the password server to use\&. It must be a NetBIOS name, so if the machine's NetBIOS name is different from its Internet name then you may have to add its NetBIOS name to the lmhosts file which is stored in the same directory as the \fIsmb\&.conf\fR file\&. +This option sets the name or IP address of the password server to use\&. New syntax has been added to support defining the port to use when connecting to the server the case of an ADS realm\&. To define a port other than the default LDAP port of 389, add the port number using a colon after the name or IP address (e\&.g\&. 192\&.168\&.1\&.100:389)\&. If you do not specify a port, Samba will use the standard LDAP port of tcp/389\&. Note that port numbers have no effect on password servers for Windows NT 4\&.0 domains or netbios connections\&. -The name of the password server is looked up using the parameter \fIname resolve order\fR and so may resolved by any method and order described in that parameter\&. +If parameter is a name, it is looked up using the parameter \fIname resolve order\fR and so may resolved by any method and order described in that parameter\&. The password server must be a machine capable of using the "LM1\&.2X002" or the "NT LM 0\&.12" protocol, and it must be in user level security mode\&. @@ -4705,13 +4783,13 @@ Never point a Samba server at itself for password serving\&. This will cause a l The name of the password server takes the standard substitutions, but probably the only useful one is \fI%m \fR, which means the Samba server will use the incoming client as the password server\&. If you use this then you better trust your clients, and you had better restrict them with hosts allow! -If the \fIsecurity\fR parameter is set to \fBdomain\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character '*', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using \fB security = domain\fR is that if you list several hosts in the \fIpassword server\fR option then \fBsmbd \fR will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&. +If the \fIsecurity\fR parameter is set to \fBdomain\fR or \fBads\fR, then the list of machines in this option must be a list of Primary or Backup Domain controllers for the Domain or the character '*', as the Samba server is effectively in that domain, and will use cryptographically authenticated RPC calls to authenticate the user logging on\&. The advantage of using \fB security = domain\fR is that if you list several hosts in the \fIpassword server\fR option then \fBsmbd \fR will try each in turn till it finds one that responds\&. This is useful in case your primary server goes down\&. If the \fIpassword server\fR option is set to the character '*', then Samba will attempt to auto-locate the Primary or Backup Domain controllers to authenticate against by doing a query for the name \fBWORKGROUP<1C>\fR and then contacting each server returned in the list of IP addresses from the name resolution source\&. -If the list of servers contains both names and the '*' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC's will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&. +If the list of servers contains both names/IP's and the '*' character, the list is treated as a list of preferred domain controllers, but an auto lookup of all remaining DC's will be added to the list as well\&. Samba will not attempt to optimize this list by locating the closest DC\&. If the \fIsecurity\fR parameter is set to \fBserver\fR, then there are different restrictions that \fBsecurity = domain\fR doesn't suffer from: @@ -4730,6 +4808,9 @@ Default: \fBpassword server = <empty string>\fR Example: \fBpassword server = NT-PDC, NT-BDC1, NT-BDC2, *\fR +Example: \fBpassword server = windc.mydomain.com:389 192.168.1.101 *\fR + + Example: \fBpassword server = *\fR @@ -4793,14 +4874,6 @@ Example: \fBpostexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log .TP -preexec close (S) -This boolean option controls whether a non-zero return code from \fIpreexec \fR should close the service being connected to\&. - - -Default: \fBpreexec close = no\fR - - -.TP preexec (S) This option specifies a command to be run whenever the service is connected to\&. It takes the usual substitutions\&. @@ -4824,6 +4897,14 @@ Example: \fBpreexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log\fR .TP +preexec close (S) +This boolean option controls whether a non-zero return code from \fIpreexec \fR should close the service being connected to\&. + + +Default: \fBpreexec close = no\fR + + +.TP prefered master (G) Synonym for \fI preferred master\fR for people who cannot spell :-)\&. @@ -4846,31 +4927,31 @@ Default: \fBpreferred master = auto\fR .TP -preload modules (G) -This is a list of paths to modules that should be loaded into smbd before a client connects\&. This improves the speed of smbd when reacting to new connections somewhat\&. +preload (G) +This is a list of services that you want to be automatically added to the browse lists\&. This is most useful for homes and printers services that would otherwise not be visible\&. -It is recommended to only use this option on heavy-performance servers\&. +Note that if you just want all printers in your printcap file loaded then the \fIload printers\fR option is easier\&. -Default: \fBpreload modules = \fR +Default: \fBno preloaded services\fR -Example: \fBpreload modules = /usr/lib/samba/passdb/mysql.so+++ \fR +Example: \fBpreload = fred lp colorlp\fR .TP -preload (G) -This is a list of services that you want to be automatically added to the browse lists\&. This is most useful for homes and printers services that would otherwise not be visible\&. +preload modules (G) +This is a list of paths to modules that should be loaded into smbd before a client connects\&. This improves the speed of smbd when reacting to new connections somewhat\&. -Note that if you just want all printers in your printcap file loaded then the \fIload printers\fR option is easier\&. +It is recommended to only use this option on heavy-performance servers\&. -Default: \fBno preloaded services\fR +Default: \fBpreload modules = \fR -Example: \fBpreload = fred lp colorlp\fR +Example: \fBpreload modules = /usr/lib/samba/passdb/mysql.so+++ \fR .TP @@ -4896,6 +4977,11 @@ Default: \fBprintable = no\fR .TP +printcap (G) +Synonym for \fI printcap name\fR\&. + + +.TP printcap name (S) This parameter may be used to override the compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR)\&. See the discussion of the [printers] section above for reasons why you might want to do this\&. @@ -4931,11 +5017,6 @@ Example: \fBprintcap name = /etc/myprintcap\fR .TP -printcap (G) -Synonym for \fI printcap name\fR\&. - - -.TP print command (S) After a print job has finished spooling to a service, this command will be used via a \fBsystem()\fR call to process the spool file\&. Typically the command specified will submit the spool file to the host's printing subsystem, but there is no requirement that this be the case\&. The server will not remove the spool file, so whatever command you specify should remove the spool file when it has been processed, otherwise you will need to manually remove old spool files\&. @@ -4943,7 +5024,7 @@ After a print job has finished spooling to a service, this command will be used The print command is simply a text string\&. It will be used verbatim after macro substitutions have been made: -%s, %p - the path to the spool file name +%s, %f - the path to the spool file name %p - the appropriate printer name @@ -5004,6 +5085,11 @@ Example: \fBprint command = /usr/local/samba/bin/myprintscript %p %s\fR .TP +printer (S) +Synonym for \fI printer name\fR\&. + + +.TP printer admin (S) This is a list of users that can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation)\&. Note that the root user always has admin rights\&. @@ -5029,11 +5115,6 @@ Example: \fBprinter name = laserwriter\fR .TP -printer (S) -Synonym for \fI printer name\fR\&. - - -.TP printing (S) This parameters controls how printer status information is interpreted on your system\&. It also affects the default values for the \fIprint command\fR, \fIlpq command\fR, \fIlppause command \fR, \fIlpresume command\fR, and \fIlprm command\fR if specified in the [global] section\&. @@ -5251,13 +5332,28 @@ Default: \fBremote browse sync = <empty string>\fR .TP restrict anonymous (G) -This is a integer parameter, and mirrors as much as possible the functinality the \fBRestrictAnonymous\fR registry key does on NT/Win2k\&. +The setting of this parameter determines whether user and group list information is returned for an anonymous connection\&. and mirrors the effects of the \fBHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\LSA\\RestrictAnonymous\fR registry key in Windows 2000 and Windows NT\&. When set to 0, user and group list information is returned to anyone who asks\&. When set to 1, only an authenticated user can retrive user and group list information\&. For the value 2, supported by Windows 2000/XP and Samba, no anonymous connections are allowed at all\&. This can break third party and Microsoft applications which expect to be allowed to perform operations anonymously\&. + + +The security advantage of using restrict anonymous = 1 is dubious, as user and group list information can be obtained using other means\&. + +The security advantage of using restrict anonymous = 2 is removed by setting \fIguest ok\fR = yes on any share\&. Default: \fBrestrict anonymous = 0\fR .TP +root (G) +Synonym for \fIroot directory"\fR\&. + + +.TP +root dir (G) +Synonym for \fIroot directory"\fR\&. + + +.TP root directory (G) The server will \fBchroot()\fR (i\&.e\&. Change its root directory) to this directory on startup\&. This is not strictly necessary for secure operation\&. Even without it the server will deny access to files not in one of the service entries\&. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use "\&.\&." in file names to access other directories (depending on the setting of the \fIwide links\fR parameter)\&. @@ -5272,11 +5368,6 @@ Example: \fBroot directory = /homes/smb\fR .TP -root dir (G) -Synonym for \fIroot directory"\fR\&. - - -.TP root postexec (S) This is the same as the \fIpostexec\fR parameter except that the command is run as root\&. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed\&. @@ -5288,17 +5379,6 @@ Default: \fBroot postexec = <empty string>\fR .TP -root preexec close (S) -This is the same as the \fIpreexec close \fR parameter except that the command is run as root\&. - - -See also \fI preexec\fR and \fIpreexec close\fR\&. - - -Default: \fBroot preexec close = no\fR - - -.TP root preexec (S) This is the same as the \fIpreexec\fR parameter except that the command is run as root\&. This is useful for mounting filesystems (such as CDROMs) when a connection is opened\&. @@ -5310,31 +5390,14 @@ Default: \fBroot preexec = <empty string>\fR .TP -root (G) -Synonym for \fIroot directory"\fR\&. - - -.TP -security mask (S) -This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box\&. - - -This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not in this mask from being modified\&. Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change\&. - - -If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file\&. - - -\fBNote\fR that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems\&. Administrators of most normal systems will probably want to leave it set to \fB0777\fR\&. - - -See also the \fIforce directory security mode\fR, \fIdirectory security mask\fR, \fIforce security mode\fR parameters\&. +root preexec close (S) +This is the same as the \fIpreexec close \fR parameter except that the command is run as root\&. -Default: \fBsecurity mask = 0777\fR +See also \fI preexec\fR and \fIpreexec close\fR\&. -Example: \fBsecurity mask = 0770\fR +Default: \fBroot preexec close = no\fR .TP @@ -5444,7 +5507,7 @@ See also the \fIpassword server\fR parameter and the \fIencrypted passwords\fR p \fBSECURITY = SERVER\fR -In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to \fBsecurity = user\fR\&. It expects the \fIencrypted passwords\fR parameter to be set to \fByes\fR, unless the remote server does not support them\&. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid \fIsmbpasswd\fR file to check users against\&. See the documentation file in the \fIdocs/\fR directory \fIENCRYPTION\&.txt\fR for details on how to set this up\&. +In this mode Samba will try to validate the username/password by passing it to another SMB server, such as an NT box\&. If this fails it will revert to \fBsecurity = user\fR\&. It expects the \fIencrypted passwords\fR parameter to be set to \fByes\fR, unless the remote server does not support them\&. However note that if encrypted passwords have been negotiated then Samba cannot revert back to checking the UNIX password file, it must have a valid \fIsmbpasswd\fR file to check users against\&. See the chapter about the User Database in the Samba HOWTO Collection for details on how to set this up\&. \fBNote\fR this mode of operation has significant pitfalls, due to the fact that is activly initiates a man-in-the-middle attack on the remote SMB server\&. In particular, this mode of operation can cause significant resource consuption on the PDC, as it must maintain an active connection for the duration of the user's session\&. Furthermore, if this connection is lost, there is no way to reestablish it, and futher authenticaions to the Samba server may fail\&. (From a single client, till it disconnects)\&. @@ -5469,6 +5532,29 @@ Example: \fBsecurity = DOMAIN\fR .TP +security mask (S) +This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box\&. + + +This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not in this mask from being modified\&. Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change\&. + + +If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file\&. + + +\fBNote\fR that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems\&. Administrators of most normal systems will probably want to leave it set to \fB0777\fR\&. + + +See also the \fIforce directory security mode\fR, \fIdirectory security mask\fR, \fIforce security mode\fR parameters\&. + + +Default: \fBsecurity mask = 0777\fR + + +Example: \fBsecurity mask = 0770\fR + + +.TP server schannel (G) This controls whether the server offers or even demands the use of the netlogon schannel\&. \fIserver schannel = no\fR does not offer the schannel, \fIserver schannel = auto\fR offers the schannel but does not enforce it, and \fIserver schannel = yes\fR denies access if the client is not able to speak netlogon schannel\&. This is only the case for Windows NT4 before SP4\&. @@ -5742,19 +5828,19 @@ Example: \fBsource environment = /usr/local/smb_env_vars\fR .TP -stat cache size (G) -This parameter determines the number of entries in the \fIstat cache\fR\&. You should never need to change this parameter\&. +stat cache (G) +This parameter determines if \fBsmbd\fR(8) will use a cache in order to speed up case insensitive name mappings\&. You should never need to change this parameter\&. -Default: \fBstat cache size = 50\fR +Default: \fBstat cache = yes\fR .TP -stat cache (G) -This parameter determines if \fBsmbd\fR(8) will use a cache in order to speed up case insensitive name mappings\&. You should never need to change this parameter\&. +stat cache size (G) +This parameter determines the number of entries in the \fIstat cache\fR\&. You should never need to change this parameter\&. -Default: \fBstat cache = yes\fR +Default: \fBstat cache size = 50\fR .TP @@ -5816,14 +5902,6 @@ Default: \fBsync always = no\fR .TP -syslog only (G) -If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files\&. - - -Default: \fBsyslog only = no\fR - - -.TP syslog (G) This parameter maps how Samba debug messages are logged onto the system syslog logging levels\&. Samba debug level zero maps onto syslog \fBLOG_ERR\fR, debug level one maps onto \fBLOG_WARNING\fR, debug level two maps onto \fBLOG_NOTICE\fR, debug level three maps onto LOG_INFO\&. All higher levels are mapped to \fB LOG_DEBUG\fR\&. @@ -5835,6 +5913,14 @@ Default: \fBsyslog = 1\fR .TP +syslog only (G) +If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files\&. + + +Default: \fBsyslog only = no\fR + + +.TP template homedir (G) When filling out the user information for a Windows NT user, the \fBwinbindd\fR(8) daemon uses this parameter to fill in the home directory for that user\&. If the string \fI%D\fR is present it is substituted with the user's Windows NT domain name\&. If the string \fI%U\fR is present it is substituted with the user's Windows NT user name\&. @@ -5939,7 +6025,7 @@ Default: \fBupdate encrypted = no\fR .TP use client driver (S) -This parameter applies only to Windows NT/2000 clients\&. It has no affect on Windows 95/98/ME clients\&. When serving a printer to Windows NT/2000 clients without first installing a valid printer driver on the Samba host, the client will be required to install a local printer driver\&. From this point on, the client will treat the print as a local printer and not a network printer connection\&. This is much the same behavior that will occur when \fBdisable spoolss = yes\fR\&. +This parameter applies only to Windows NT/2000 clients\&. It has no effect on Windows 95/98/ME clients\&. When serving a printer to Windows NT/2000 clients without first installing a valid printer driver on the Samba host, the client will be required to install a local printer driver\&. From this point on, the client will treat the print as a local printer and not a network printer connection\&. This is much the same behavior that will occur when \fBdisable spoolss = yes\fR\&. The differentiating factor is that under normal circumstances, the NT/2000 client will attempt to open the network printer using MS-RPC\&. The problem is that because the client considers the printer to be local, it will attempt to issue the OpenPrinterEx() call requesting access rights associated with the logged on user\&. If the user possesses local administator rights but not root privilegde on the Samba host (often the case), the OpenPrinterEx() call will fail\&. The result is that the client will now display an "Access Denied; Unable to connect" message in the printer queue window (even though jobs may successfully be printed)\&. @@ -5963,6 +6049,49 @@ Default: \fBuse mmap = yes\fR .TP +user (S) +Synonym for \fIusername\fR\&. + + +.TP +username (S) +Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&. + + +The \fIusername\fR line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \\\\server\\share%user syntax instead\&. + + +The \fIusername\fR line is not a great solution in many cases as it means Samba will try to validate the supplied password against each of the usernames in the \fIusername\fR line in turn\&. This is slow and a bad idea for lots of users in case of duplicate passwords\&. You may get timeouts or security breaches using this parameter unwisely\&. + + +Samba relies on the underlying UNIX security\&. This parameter does not restrict who can login, it just offers hints to the Samba server as to what usernames might correspond to the supplied password\&. Users can login as whoever they please and they will be able to do no more damage than if they started a telnet session\&. The daemon runs as the user that they log in as, so they cannot do anything that user cannot do\&. + + +To restrict a service to a particular set of users you can use the \fIvalid users \fR parameter\&. + + +If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users in the group of that name\&. + + +If any of the usernames begin with a '+' then the name will be looked up only in the UNIX groups database and will expand to a list of all users in the group of that name\&. + + +If any of the usernames begin with a '&' then the name will be looked up only in the NIS netgroups database (if Samba is compiled with netgroup support) and will expand to a list of all users in the netgroup group of that name\&. + + +Note that searching though a groups database can take quite some time, and some clients may time out during the search\&. + + +See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more information on how this parameter determines access to the services\&. + + +Default: \fBThe guest account if a guest service, else <empty string>.\fR + + +Examples:\fBusername = fred, mary, jack, jane, @users, @pcgroup\fR + + +.TP username level (G) This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username\&. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the username is not found on the UNIX machine\&. @@ -6043,67 +6172,38 @@ Example: \fBusername map = /usr/local/samba/lib/users.map\fR .TP -username (S) -Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&. - - -The \fIusername\fR line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \\\\server\\share%user syntax instead\&. - - -The \fIusername\fR line is not a great solution in many cases as it means Samba will try to validate the supplied password against each of the usernames in the \fIusername\fR line in turn\&. This is slow and a bad idea for lots of users in case of duplicate passwords\&. You may get timeouts or security breaches using this parameter unwisely\&. - - -Samba relies on the underlying UNIX security\&. This parameter does not restrict who can login, it just offers hints to the Samba server as to what usernames might correspond to the supplied password\&. Users can login as whoever they please and they will be able to do no more damage than if they started a telnet session\&. The daemon runs as the user that they log in as, so they cannot do anything that user cannot do\&. - - -To restrict a service to a particular set of users you can use the \fIvalid users \fR parameter\&. - - -If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users in the group of that name\&. - - -If any of the usernames begin with a '+' then the name will be looked up only in the UNIX groups database and will expand to a list of all users in the group of that name\&. - - -If any of the usernames begin with a '&' then the name will be looked up only in the NIS netgroups database (if Samba is compiled with netgroup support) and will expand to a list of all users in the netgroup group of that name\&. - - -Note that searching though a groups database can take quite some time, and some clients may time out during the search\&. - - -See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more information on how this parameter determines access to the services\&. +users (S) +Synonym for \fI username\fR\&. -Default: \fBThe guest account if a guest service, else <empty string>.\fR +.TP +use sendfile (S) +If this parameter is \fByes\fR, and Samba was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked\&. This may make more efficient use of the system CPU's and cause Samba to be faster\&. This is off by default as it's effects are unknown as yet\&. -Examples:\fBusername = fred, mary, jack, jane, @users, @pcgroup\fR +Default: \fBuse sendfile = no\fR .TP -users (S) -Synonym for \fI username\fR\&. +use spnego (G) +This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&. -.TP -user (S) -Synonym for \fIusername\fR\&. +Default: \fBuse spnego = yes\fR .TP -use sendfile (S) -If this parameter is \fByes\fR, and Samba was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked\&. This may make more efficient use of the system CPU's and cause Samba to be faster\&. This is off by default as it's effects are unknown as yet\&. +utmp (G) +This boolean parameter is only available if Samba has been configured and compiled with the option \fB --with-utmp\fR\&. If set to \fByes\fR then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server\&. Sites may use this to record the user connecting to a Samba share\&. -Default: \fBuse sendfile = no\fR +Due to the requirements of the utmp record, we are required to create a unique identifier for the incoming user\&. Enabling this option creates an n^2 algorithm to find this number\&. This may impede performance on large installations\&. -.TP -use spnego (G) -This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000sp2 clients to agree upon an authentication mechanism\&. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&. +See also the \fI utmp directory\fR parameter\&. -Default: \fBuse spnego = yes\fR +Default: \fButmp = no\fR .TP @@ -6118,17 +6218,14 @@ Example: \fButmp directory = /var/run/utmp\fR .TP -utmp (G) -This boolean parameter is only available if Samba has been configured and compiled with the option \fB --with-utmp\fR\&. If set to \fByes\fR then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server\&. Sites may use this to record the user connecting to a Samba share\&. +-valid (S) +This parameter indicates whether a share is valid and thus can be used\&. When this parameter is set to false, the share will be in no way visible nor accessible\&. -Due to the requirements of the utmp record, we are required to create a unique identifier for the incoming user\&. Enabling this option creates an n^2 algorithm to find this number\&. This may impede performance on large installations\&. +This option should not be used by regular users but might be of help to developers\&. Samba uses this option internally to mark shares as deleted\&. -See also the \fI utmp directory\fR parameter\&. - - -Default: \fButmp = no\fR +Default: \fBTrue\fR .TP @@ -6204,29 +6301,18 @@ Example: \fBveto oplock files = /*.SEM/\fR .TP vfs object (S) -This parameter specifies a shared object files that are used for Samba VFS I/O operations\&. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects\&. - - -Default: \fBno value\fR +Synonym for \fIvfs objects\fR \&. .TP -vfs options (S) -This parameter allows parameters to be passed to the vfs layer at initialization time\&. See also \fI vfs object\fR\&. +vfs objects (S) +This parameter specifies the backend names which are used for Samba VFS I/O operations\&. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects\&. Default: \fBno value\fR -.TP -vfs path (S) -This parameter specifies the directory to look in for vfs modules\&. The name of every \fBvfs object \fR will be prepended by this directory\&. - - -Default: \fBvfs path = \fR - - -Example: \fBvfs path = /usr/lib/samba/vfs\fR +Example: \fBvfs objects = extd_audit recycle\fR .TP @@ -6280,6 +6366,9 @@ Default: \fBwinbind enum users = yes \fR .TP winbind gid (G) +This parameter is now an alias for \fBidmap gid\fR + + The winbind gid parameter specifies the range of group ids that are allocated by the \fBwinbindd\fR(8) daemon\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&. @@ -6305,7 +6394,10 @@ Example: \fBwinbind separator = +\fR .TP winbind uid (G) -The winbind gid parameter specifies the range of group ids that are allocated by the \fBwinbindd\fR(8) daemon\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&. +This parameter is now an alias for \fBidmap uid\fR + + +The winbind gid parameter specifies the range of user ids that are allocated by the \fBwinbindd\fR(8) daemon\&. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise\&. Default: \fBwinbind uid = <empty string>\fR diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index ccb776e7f1..fdf49c0e97 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -37,8 +37,13 @@ Options to \fBsmbmount\fR are specified as a comma-separated list of key=value p .PP \fBsmbmount\fR is a daemon\&. After mounting it keeps running until the mounted smbfs is umounted\&. It will log things that happen when in daemon mode using the "machine name" smbmount, so typically this output will end up in \fIlog\&.smbmount\fR\&. The \fB smbmount\fR process may also be called mount\&.smbfs\&. +.RS +.Sh "Note" + .PP -\fBNOTE:\fR \fBsmbmount\fR calls \fBsmbmnt\fR(8) to do the actual mount\&. You must make sure that \fBsmbmnt\fR is in the path so that it can be found\&. + \fBsmbmount\fR calls \fBsmbmnt\fR(8) to do the actual mount\&. You must make sure that \fBsmbmnt\fR is in the path so that it can be found\&. + +.RE .SH "OPTIONS" @@ -96,12 +101,12 @@ sets the remote SMB port number\&. The default is 139\&. .TP fmask=<arg> -sets the file mask\&. This determines the permissions that remote files have in the local filesystem\&. The default is based on the current umask\&. +sets the file mask\&. This determines the permissions that remote files have in the local filesystem\&. This is not a umask, but the actual permissions for the files\&. The default is based on the current umask\&. .TP dmask=<arg> -Sets the directory mask\&. This determines the permissions that remote directories have in the local filesystem\&. The default is based on the current umask\&. +Sets the directory mask\&. This determines the permissions that remote directories have in the local filesystem\&. This is not a umask, but the actual permissions for the directories\&. The default is based on the current umask\&. .TP diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 0481489078..9bbecb29a4 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -25,7 +25,7 @@ wbinfo \- Query information from winbind daemon .nf \fBwbinfo\fR [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password] - [-A user%password] [--get-auth-user] [-p] + [--set-auth-user user%password] [--get-auth-user] [-p] .fi .SH "DESCRIPTION" @@ -117,7 +117,7 @@ Attempt to authenticate a user via winbindd\&. This checks both authenticaion me .TP --A username%password +--set-auth-user username%password Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&. |