summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/security
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/security')
-rw-r--r--docs/smbdotconf/security/minpasswordlength.xml17
-rw-r--r--docs/smbdotconf/security/usernamemap.xml7
-rw-r--r--docs/smbdotconf/security/usernamemapscript.xml19
3 files changed, 26 insertions, 17 deletions
diff --git a/docs/smbdotconf/security/minpasswordlength.xml b/docs/smbdotconf/security/minpasswordlength.xml
deleted file mode 100644
index 3009ffb3ea..0000000000
--- a/docs/smbdotconf/security/minpasswordlength.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<samba:parameter name="min password length"
- context="G"
- type="integer"
- advanced="1" developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<synonym>min passwd length</synonym>
-<description>
- <para>This option sets the minimum length in characters of a
- plaintext password that <command moreinfo="none">smbd</command> will
- accept when performing UNIX password changing.</para>
-</description>
-
-<related>unix password sync</related>
-<related>passwd program</related>
-<related>passwd char debug</related>
-<value type="default">5</value>
-</samba:parameter>
diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml
index ef4291733e..7b939f6956 100644
--- a/docs/smbdotconf/security/usernamemap.xml
+++ b/docs/smbdotconf/security/usernamemap.xml
@@ -10,6 +10,13 @@
that users use on DOS or Windows machines to those that the UNIX
box uses. The other is to map multiple users to a single username
so that they can more easily share files.</para>
+
+ <para>Please note that for user or share mode security, the
+ username map is applied prior to validating the user credentials.
+ Domain member servers (domain or ads) apply the username map
+ after the user has been successfully authenticated by the domain
+ controller and require fully qualified enties in the map table
+ (e.g. biddle = DOMAIN\foo).</para>
<para>The map file is parsed line by line. Each line should
contain a single UNIX username on the left then a '=' followed
diff --git a/docs/smbdotconf/security/usernamemapscript.xml b/docs/smbdotconf/security/usernamemapscript.xml
new file mode 100644
index 0000000000..6df134c257
--- /dev/null
+++ b/docs/smbdotconf/security/usernamemapscript.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="username map script"
+ context="G"
+ type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This script is a mutually exclusive alternative to the
+ <smbconfoption name="username map"/> parameter. This parameter
+ specifies and external program or script that must accept a single
+ command line option (the username transmitted in the authentication
+ request) and return a line line on standard output (the name to which
+ the account should mapped). In this way, it is possible to store
+ username map tables in an LDAP or NIS directory services.
+ </para>
+</description>
+
+<value type="default"/>
+<value type="example">/etc/samba/scripts/mapusers.sh</value>
+</samba:parameter>