summaryrefslogtreecommitdiff
path: root/docs/smbdotconf
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf')
-rw-r--r--docs/smbdotconf/logon/logonpath.xml13
-rw-r--r--docs/smbdotconf/security/minpasswordlength.xml17
-rw-r--r--docs/smbdotconf/security/usernamemap.xml7
-rw-r--r--docs/smbdotconf/security/usernamemapscript.xml19
4 files changed, 31 insertions, 25 deletions
diff --git a/docs/smbdotconf/logon/logonpath.xml b/docs/smbdotconf/logon/logonpath.xml
index 77466c1960..6b14116e0c 100644
--- a/docs/smbdotconf/logon/logonpath.xml
+++ b/docs/smbdotconf/logon/logonpath.xml
@@ -5,7 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are
+ This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are
stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming
profiles. To find out how to handle roaming profiles for Win 9X system, see the
<smbconfoption name="logon home"/> parameter.
@@ -22,10 +22,7 @@
<para>
The share and the path must be readable by the user for the preferences and directories to be loaded onto the
Windows NT client. The share must be writeable when the user logs in for the first time, in order that the
- Windows NT client can create the NTuser.dat and other directories.
- </para>
-
- <para>
+ Windows NT client can create the NTuser.dat and other directories.
Thereafter, the directories and any of the contents can, if required, be made read-only. It is not advisable
that the NTuser.dat file be made read-only - rename it to NTuser.man to achieve the desired effect (a
<emphasis>MAN</emphasis>datory profile).
@@ -34,7 +31,7 @@
<para>
Windows clients can sometimes maintain a connection to the [homes] share, even though there is no user logged
in. Therefore, it is vital that the logon path does not include a reference to the homes share (i.e. setting
- this parameter to \%N\%U\profile_path will cause problems).
+ this parameter to \%N\homes\profile_path will cause problems).
</para>
<para>
@@ -43,7 +40,7 @@
<warning>
<para>
- Do not quote the value. Setting this as <quote>\\%N\profile\%U</quote>
+ Do not quote the value. Setting this as <quote>\\%N\profile\%U</quote>
will break profile handling. Where the tdbsam or ldapsam passdb backend
is used, at the time the user account is created the value configured
for this parameter is written to the passdb backend and that value will
@@ -54,7 +51,7 @@
</para>
</warning>
- <para>Note that this option is only useful if Samba is set up as a logon server.</para>
+ <para>Note that this option is only useful if Samba is set up as a domain controller.</para>
<para>
Disable the use of roaming profiles by setting the value of this parameter to the empty string. For
diff --git a/docs/smbdotconf/security/minpasswordlength.xml b/docs/smbdotconf/security/minpasswordlength.xml
deleted file mode 100644
index 3009ffb3ea..0000000000
--- a/docs/smbdotconf/security/minpasswordlength.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<samba:parameter name="min password length"
- context="G"
- type="integer"
- advanced="1" developer="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<synonym>min passwd length</synonym>
-<description>
- <para>This option sets the minimum length in characters of a
- plaintext password that <command moreinfo="none">smbd</command> will
- accept when performing UNIX password changing.</para>
-</description>
-
-<related>unix password sync</related>
-<related>passwd program</related>
-<related>passwd char debug</related>
-<value type="default">5</value>
-</samba:parameter>
diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml
index ef4291733e..7b939f6956 100644
--- a/docs/smbdotconf/security/usernamemap.xml
+++ b/docs/smbdotconf/security/usernamemap.xml
@@ -10,6 +10,13 @@
that users use on DOS or Windows machines to those that the UNIX
box uses. The other is to map multiple users to a single username
so that they can more easily share files.</para>
+
+ <para>Please note that for user or share mode security, the
+ username map is applied prior to validating the user credentials.
+ Domain member servers (domain or ads) apply the username map
+ after the user has been successfully authenticated by the domain
+ controller and require fully qualified enties in the map table
+ (e.g. biddle = DOMAIN\foo).</para>
<para>The map file is parsed line by line. Each line should
contain a single UNIX username on the left then a '=' followed
diff --git a/docs/smbdotconf/security/usernamemapscript.xml b/docs/smbdotconf/security/usernamemapscript.xml
new file mode 100644
index 0000000000..6df134c257
--- /dev/null
+++ b/docs/smbdotconf/security/usernamemapscript.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="username map script"
+ context="G"
+ type="string"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This script is a mutually exclusive alternative to the
+ <smbconfoption name="username map"/> parameter. This parameter
+ specifies and external program or script that must accept a single
+ command line option (the username transmitted in the authentication
+ request) and return a line line on standard output (the name to which
+ the account should mapped). In this way, it is possible to store
+ username map tables in an LDAP or NIS directory services.
+ </para>
+</description>
+
+<value type="default"/>
+<value type="example">/etc/samba/scripts/mapusers.sh</value>
+</samba:parameter>