summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/winbind
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/winbind')
-rw-r--r--docs/smbdotconf/winbind/enableridalgorithm.xml18
-rw-r--r--docs/smbdotconf/winbind/idmapbackend.xml18
-rw-r--r--docs/smbdotconf/winbind/idmapgid.xml19
-rw-r--r--docs/smbdotconf/winbind/idmapuid.xml15
-rw-r--r--docs/smbdotconf/winbind/templatehomedir.xml18
-rw-r--r--docs/smbdotconf/winbind/templateprimarygroup.xml15
-rw-r--r--docs/smbdotconf/winbind/templateshell.xml14
-rw-r--r--docs/smbdotconf/winbind/winbindcachetime.xml15
-rw-r--r--docs/smbdotconf/winbind/winbindenablelocalaccounts.xml17
-rw-r--r--docs/smbdotconf/winbind/winbindenumgroups.xml20
-rw-r--r--docs/smbdotconf/winbind/winbindenumusers.xml23
-rw-r--r--docs/smbdotconf/winbind/winbindseparator.xml21
-rw-r--r--docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml17
-rw-r--r--docs/smbdotconf/winbind/winbindusedefaultdomain.xml19
14 files changed, 249 insertions, 0 deletions
diff --git a/docs/smbdotconf/winbind/enableridalgorithm.xml b/docs/smbdotconf/winbind/enableridalgorithm.xml
new file mode 100644
index 0000000000..1b32afe0dc
--- /dev/null
+++ b/docs/smbdotconf/winbind/enableridalgorithm.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="enable rid algorithm"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ type="boolean"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This option is used to control whether or not smbd in Samba 3.0 should fallback
+ to the algorithm used by Samba 2.2 to generate user and group RIDs. The longterm
+ development goal is to remove the algorithmic mappings of RIDs altogether, but
+ this has proved to be difficult. This parameter is mainly provided so that
+ developers can turn the algorithm on and off and see what breaks. This parameter
+ should not be disabled by non-developers because certain features in Samba will fail
+ to work without it.
+ </para>
+
+</description>
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/idmapbackend.xml b/docs/smbdotconf/winbind/idmapbackend.xml
new file mode 100644
index 0000000000..0c22c4a44b
--- /dev/null
+++ b/docs/smbdotconf/winbind/idmapbackend.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="idmap backend"
+ context="G"
+ type="string"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>
+ The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
+ tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common
+ LDAP backend. This way all domain members and controllers will have the same UID and GID
+ to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
+ systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
+ </para>
+</description>
+
+<value type="default"></value>
+<value type="example">ldap:ldap://ldapslave.example.com</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/idmapgid.xml b/docs/smbdotconf/winbind/idmapgid.xml
new file mode 100644
index 0000000000..a55d733327
--- /dev/null
+++ b/docs/smbdotconf/winbind/idmapgid.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="idmap gid"
+ context="G"
+ type="string"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+ <synonym>winbind gid</synonym>
+<description>
+
+ <para>The idmap gid parameter specifies the range of group ids that are allocated for
+ the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no
+ existing local or NIS groups within it as strange conflicts can occur otherwise.</para>
+
+ <para>The availability of an idmap gid range is essential for correct operation of
+ all group mapping.</para>
+</description>
+
+<value type="default"></value>
+<value type="example">10000-20000</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/idmapuid.xml b/docs/smbdotconf/winbind/idmapuid.xml
new file mode 100644
index 0000000000..0168873894
--- /dev/null
+++ b/docs/smbdotconf/winbind/idmapuid.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="idmap uid"
+ type="string"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<synonym>winbind uid</synonym>
+<description>
+ <para>The idmap uid parameter specifies the range of user ids that are allocated for use
+ in mapping UNIX users to NT user SIDs. This range of ids should have no existing local
+ or NIS users within it as strange conflicts can occur otherwise.</para>
+</description>
+
+<value type="default"></value>
+<value type="example">10000-20000</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/templatehomedir.xml b/docs/smbdotconf/winbind/templatehomedir.xml
new file mode 100644
index 0000000000..b898ef0c09
--- /dev/null
+++ b/docs/smbdotconf/winbind/templatehomedir.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="template homedir"
+ context="G"
+ advanced="1" developer="1"
+ type="string"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>When filling out the user information for a Windows NT
+ user, the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon uses this
+ parameter to fill in the home directory for that user. If the
+ string <parameter moreinfo="none">%D</parameter> is present it
+ is substituted with the user's Windows NT domain name. If the
+ string <parameter moreinfo="none">%U</parameter> is present it
+ is substituted with the user's Windows NT user name.</para>
+</description>
+
+<value type="default">/home/%D/%U</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/templateprimarygroup.xml b/docs/smbdotconf/winbind/templateprimarygroup.xml
new file mode 100644
index 0000000000..954dfe99a5
--- /dev/null
+++ b/docs/smbdotconf/winbind/templateprimarygroup.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="template primary group"
+ context="G"
+ type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This option defines the default primary group for
+ each user created by <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>'s local account management
+ functions (similar to the 'add user script').
+ </para>
+</description>
+
+<value type="default">nobody</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/templateshell.xml b/docs/smbdotconf/winbind/templateshell.xml
new file mode 100644
index 0000000000..ad79c821cf
--- /dev/null
+++ b/docs/smbdotconf/winbind/templateshell.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="template shell"
+ context="G"
+ type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>When filling out the user information for a Windows NT
+ user, the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon uses this
+ parameter to fill in the login shell for that user.</para>
+</description>
+
+<value type="string">/bin/false</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindcachetime.xml b/docs/smbdotconf/winbind/winbindcachetime.xml
new file mode 100644
index 0000000000..c746086e3b
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindcachetime.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="winbind cache time"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This parameter specifies the number of
+ seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon will cache
+ user and group information before querying a Windows NT server
+ again.</para>
+</description>
+
+<value type="default">300</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindenablelocalaccounts.xml b/docs/smbdotconf/winbind/winbindenablelocalaccounts.xml
new file mode 100644
index 0000000000..6ee843bfa2
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindenablelocalaccounts.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="winbind enable local accounts"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+ <description>
+ <para>This parameter controls whether or not winbindd
+ will act as a stand in replacement for the various account
+ management hooks in smb.conf (e.g. 'add user script').
+ If enabled, winbindd will support the creation of local
+ users and groups as another source of UNIX account information
+ available via getpwnam() or getgrgid(), etc...
+ </para>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindenumgroups.xml b/docs/smbdotconf/winbind/winbindenumgroups.xml
new file mode 100644
index 0000000000..5c4e00ad78
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindenumgroups.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="winbind enum groups"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress
+ the enumeration of groups through the <command moreinfo="none">setgrent()</command>,
+ <command moreinfo="none">getgrent()</command> and
+ <command moreinfo="none">endgrent()</command> group of system calls. If
+ the <parameter moreinfo="none">winbind enum groups</parameter> parameter is
+ <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system
+ call will not return any data. </para>
+
+<warning><para>Turning off group enumeration may cause some programs to behave oddly. </para></warning>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindenumusers.xml b/docs/smbdotconf/winbind/winbindenumusers.xml
new file mode 100644
index 0000000000..cd64f85974
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindenumusers.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="winbind enum users"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> it may be
+ necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>,
+ <command moreinfo="none">getpwent()</command> and
+ <command moreinfo="none">endpwent()</command> group of system calls. If
+ the <parameter moreinfo="none">winbind enum users</parameter> parameter is
+ <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call
+ will not return any data. </para>
+
+<warning><para>Turning off user
+ enumeration may cause some programs to behave oddly. For
+ example, the finger program relies on having access to the
+ full user list when searching for matching
+ usernames. </para></warning>
+</description>
+
+<value type="default">yes</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindseparator.xml b/docs/smbdotconf/winbind/winbindseparator.xml
new file mode 100644
index 0000000000..6d94210697
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindseparator.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="winbind separator"
+ context="G"
+ advanced="1" developer="1"
+ type="string"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This parameter allows an admin to define the character
+ used when listing a username of the form of <replaceable>DOMAIN
+ </replaceable>\<replaceable>user</replaceable>. This parameter
+ is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename>
+ and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services.
+ </para>
+
+ <para>Please note that setting this parameter to + causes problems
+ with group membership at least on glibc systems, as the character +
+ is used as a special character for NIS in /etc/group.</para>
+</description>
+
+<value type="default">'\'</value>
+<value type="example">+</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml
new file mode 100644
index 0000000000..14e932ba94
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="winbind trusted domains only"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This parameter is designed to allow Samba servers that
+ are members of a Samba controlled domain to use UNIX accounts
+ distributed via NIS, rsync, or LDAP as the uid's for winbindd users
+ in the hosts primary domain. Therefore, the user DOMAIN\user1 would
+ be mapped to the account user1 in /etc/passwd instead of allocating
+ a new uid for him or her.
+</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/smbdotconf/winbind/winbindusedefaultdomain.xml
new file mode 100644
index 0000000000..558c3fa0e6
--- /dev/null
+++ b/docs/smbdotconf/winbind/winbindusedefaultdomain.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="winbind use default domain"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<description>
+ <para>This parameter specifies whether the
+ <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon should operate on users
+ without domain component in their username. Users without a domain
+ component are treated as is part of the winbindd server's own
+ domain. While this does not benifit Windows users, it makes SSH, FTP and
+ e-mail function in a way much closer to the way they
+ would in a native unix system.</para>
+</description>
+
+<value type="default">no</value>
+<value type="example">yes</value>
+</samba:parameter>