diff options
Diffstat (limited to 'docs/smbdotconf/winbind')
-rw-r--r-- | docs/smbdotconf/winbind/enableridalgorithm.xml | 18 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/idmapbackend.xml | 18 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/idmapgid.xml | 19 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/idmapuid.xml | 15 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/templatehomedir.xml | 18 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/templateprimarygroup.xml | 15 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/templateshell.xml | 14 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindcachetime.xml | 15 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindenablelocalaccounts.xml | 17 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindenumgroups.xml | 20 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindenumusers.xml | 23 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindseparator.xml | 21 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml | 17 | ||||
-rw-r--r-- | docs/smbdotconf/winbind/winbindusedefaultdomain.xml | 19 |
14 files changed, 249 insertions, 0 deletions
diff --git a/docs/smbdotconf/winbind/enableridalgorithm.xml b/docs/smbdotconf/winbind/enableridalgorithm.xml new file mode 100644 index 0000000000..1b32afe0dc --- /dev/null +++ b/docs/smbdotconf/winbind/enableridalgorithm.xml @@ -0,0 +1,18 @@ +<samba:parameter name="enable rid algorithm" + context="G" + advanced="1" developer="1" hide="1" + type="boolean" + xmlns:samba="http://samba.org/common"> +<description> + <para>This option is used to control whether or not smbd in Samba 3.0 should fallback + to the algorithm used by Samba 2.2 to generate user and group RIDs. The longterm + development goal is to remove the algorithmic mappings of RIDs altogether, but + this has proved to be difficult. This parameter is mainly provided so that + developers can turn the algorithm on and off and see what breaks. This parameter + should not be disabled by non-developers because certain features in Samba will fail + to work without it. + </para> + +</description> +<value type="default">yes</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/idmapbackend.xml b/docs/smbdotconf/winbind/idmapbackend.xml new file mode 100644 index 0000000000..0c22c4a44b --- /dev/null +++ b/docs/smbdotconf/winbind/idmapbackend.xml @@ -0,0 +1,18 @@ +<samba:parameter name="idmap backend" + context="G" + type="string" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<description> + <para> + The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap + tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common + LDAP backend. This way all domain members and controllers will have the same UID and GID + to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux + systems that are sharing information over protocols other than SMB/CIFS (ie: NFS). + </para> +</description> + +<value type="default"></value> +<value type="example">ldap:ldap://ldapslave.example.com</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/idmapgid.xml b/docs/smbdotconf/winbind/idmapgid.xml new file mode 100644 index 0000000000..a55d733327 --- /dev/null +++ b/docs/smbdotconf/winbind/idmapgid.xml @@ -0,0 +1,19 @@ +<samba:parameter name="idmap gid" + context="G" + type="string" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> + <synonym>winbind gid</synonym> +<description> + + <para>The idmap gid parameter specifies the range of group ids that are allocated for + the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can occur otherwise.</para> + + <para>The availability of an idmap gid range is essential for correct operation of + all group mapping.</para> +</description> + +<value type="default"></value> +<value type="example">10000-20000</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/idmapuid.xml b/docs/smbdotconf/winbind/idmapuid.xml new file mode 100644 index 0000000000..0168873894 --- /dev/null +++ b/docs/smbdotconf/winbind/idmapuid.xml @@ -0,0 +1,15 @@ +<samba:parameter name="idmap uid" + type="string" + context="G" + advanced="1" developer="1" hide="1" + xmlns:samba="http://samba.org/common"> +<synonym>winbind uid</synonym> +<description> + <para>The idmap uid parameter specifies the range of user ids that are allocated for use + in mapping UNIX users to NT user SIDs. This range of ids should have no existing local + or NIS users within it as strange conflicts can occur otherwise.</para> +</description> + +<value type="default"></value> +<value type="example">10000-20000</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/templatehomedir.xml b/docs/smbdotconf/winbind/templatehomedir.xml new file mode 100644 index 0000000000..b898ef0c09 --- /dev/null +++ b/docs/smbdotconf/winbind/templatehomedir.xml @@ -0,0 +1,18 @@ +<samba:parameter name="template homedir" + context="G" + advanced="1" developer="1" + type="string" + xmlns:samba="http://samba.org/common"> +<description> + <para>When filling out the user information for a Windows NT + user, the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon uses this + parameter to fill in the home directory for that user. If the + string <parameter moreinfo="none">%D</parameter> is present it + is substituted with the user's Windows NT domain name. If the + string <parameter moreinfo="none">%U</parameter> is present it + is substituted with the user's Windows NT user name.</para> +</description> + +<value type="default">/home/%D/%U</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/templateprimarygroup.xml b/docs/smbdotconf/winbind/templateprimarygroup.xml new file mode 100644 index 0000000000..954dfe99a5 --- /dev/null +++ b/docs/smbdotconf/winbind/templateprimarygroup.xml @@ -0,0 +1,15 @@ +<samba:parameter name="template primary group" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>This option defines the default primary group for + each user created by <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>'s local account management + functions (similar to the 'add user script'). + </para> +</description> + +<value type="default">nobody</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/templateshell.xml b/docs/smbdotconf/winbind/templateshell.xml new file mode 100644 index 0000000000..ad79c821cf --- /dev/null +++ b/docs/smbdotconf/winbind/templateshell.xml @@ -0,0 +1,14 @@ +<samba:parameter name="template shell" + context="G" + type="string" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>When filling out the user information for a Windows NT + user, the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon uses this + parameter to fill in the login shell for that user.</para> +</description> + +<value type="string">/bin/false</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindcachetime.xml b/docs/smbdotconf/winbind/winbindcachetime.xml new file mode 100644 index 0000000000..c746086e3b --- /dev/null +++ b/docs/smbdotconf/winbind/winbindcachetime.xml @@ -0,0 +1,15 @@ +<samba:parameter name="winbind cache time" + context="G" + type="integer" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>This parameter specifies the number of + seconds the <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon will cache + user and group information before querying a Windows NT server + again.</para> +</description> + +<value type="default">300</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindenablelocalaccounts.xml b/docs/smbdotconf/winbind/winbindenablelocalaccounts.xml new file mode 100644 index 0000000000..6ee843bfa2 --- /dev/null +++ b/docs/smbdotconf/winbind/winbindenablelocalaccounts.xml @@ -0,0 +1,17 @@ +<samba:parameter name="winbind enable local accounts" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> + <description> + <para>This parameter controls whether or not winbindd + will act as a stand in replacement for the various account + management hooks in smb.conf (e.g. 'add user script'). + If enabled, winbindd will support the creation of local + users and groups as another source of UNIX account information + available via getpwnam() or getgrgid(), etc... + </para> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindenumgroups.xml b/docs/smbdotconf/winbind/winbindenumgroups.xml new file mode 100644 index 0000000000..5c4e00ad78 --- /dev/null +++ b/docs/smbdotconf/winbind/winbindenumgroups.xml @@ -0,0 +1,20 @@ +<samba:parameter name="winbind enum groups" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress + the enumeration of groups through the <command moreinfo="none">setgrent()</command>, + <command moreinfo="none">getgrent()</command> and + <command moreinfo="none">endgrent()</command> group of system calls. If + the <parameter moreinfo="none">winbind enum groups</parameter> parameter is + <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system + call will not return any data. </para> + +<warning><para>Turning off group enumeration may cause some programs to behave oddly. </para></warning> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindenumusers.xml b/docs/smbdotconf/winbind/winbindenumusers.xml new file mode 100644 index 0000000000..cd64f85974 --- /dev/null +++ b/docs/smbdotconf/winbind/winbindenumusers.xml @@ -0,0 +1,23 @@ +<samba:parameter name="winbind enum users" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> it may be + necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>, + <command moreinfo="none">getpwent()</command> and + <command moreinfo="none">endpwent()</command> group of system calls. If + the <parameter moreinfo="none">winbind enum users</parameter> parameter is + <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call + will not return any data. </para> + +<warning><para>Turning off user + enumeration may cause some programs to behave oddly. For + example, the finger program relies on having access to the + full user list when searching for matching + usernames. </para></warning> +</description> + +<value type="default">yes</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindseparator.xml b/docs/smbdotconf/winbind/winbindseparator.xml new file mode 100644 index 0000000000..6d94210697 --- /dev/null +++ b/docs/smbdotconf/winbind/winbindseparator.xml @@ -0,0 +1,21 @@ +<samba:parameter name="winbind separator" + context="G" + advanced="1" developer="1" + type="string" + xmlns:samba="http://samba.org/common"> +<description> + <para>This parameter allows an admin to define the character + used when listing a username of the form of <replaceable>DOMAIN + </replaceable>\<replaceable>user</replaceable>. This parameter + is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename> + and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services. + </para> + + <para>Please note that setting this parameter to + causes problems + with group membership at least on glibc systems, as the character + + is used as a special character for NIS in /etc/group.</para> +</description> + +<value type="default">'\'</value> +<value type="example">+</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml new file mode 100644 index 0000000000..14e932ba94 --- /dev/null +++ b/docs/smbdotconf/winbind/winbindtrusteddomainsonly.xml @@ -0,0 +1,17 @@ +<samba:parameter name="winbind trusted domains only" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>This parameter is designed to allow Samba servers that + are members of a Samba controlled domain to use UNIX accounts + distributed via NIS, rsync, or LDAP as the uid's for winbindd users + in the hosts primary domain. Therefore, the user DOMAIN\user1 would + be mapped to the account user1 in /etc/passwd instead of allocating + a new uid for him or her. +</para> +</description> + +<value type="default">no</value> +</samba:parameter> diff --git a/docs/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/smbdotconf/winbind/winbindusedefaultdomain.xml new file mode 100644 index 0000000000..558c3fa0e6 --- /dev/null +++ b/docs/smbdotconf/winbind/winbindusedefaultdomain.xml @@ -0,0 +1,19 @@ +<samba:parameter name="winbind use default domain" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<description> + <para>This parameter specifies whether the + <citerefentry><refentrytitle>winbindd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> daemon should operate on users + without domain component in their username. Users without a domain + component are treated as is part of the winbindd server's own + domain. While this does not benifit Windows users, it makes SSH, FTP and + e-mail function in a way much closer to the way they + would in a native unix system.</para> +</description> + +<value type="default">no</value> +<value type="example">yes</value> +</samba:parameter> |