diff options
Diffstat (limited to 'docs')
22 files changed, 50 insertions, 63 deletions
diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml index b19609a093..62aec85f16 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml @@ -224,7 +224,7 @@ LDAP based user and machine account back end. <para> New to Samba-3 is the ability to use a back-end database that holds the same type of data as the NT4 style SAM (Security Account Manager) database (one of the registry files). -<footnote>See also <link linkend="passdb"/>.</footnote> +<footnote><para>See also <link linkend="passdb"/>.</para></footnote> </para> <para> @@ -388,7 +388,7 @@ A Domain Controller is an SMB/CIFS server that: For Samba to provide these is rather easy to configure. Each Samba Domain Controller must provide the NETLOGON service which Samba calls the <smbconfoption><name>domain logons</name></smbconfoption> functionality (after the name of the parameter in the &smb.conf; file). Additionally, one (1) server in a Samba-3 -Domain must advertise itself as the domain master browser<footnote>See also <link linkend="NetworkBrowsing"/></footnote>. This causes the Primary Domain Controller +Domain must advertise itself as the domain master browser<footnote><para>See also <link linkend="NetworkBrowsing"/></para></footnote>. This causes the Primary Domain Controller to claim domain specific NetBIOS name that identifies it as a domain master browser for its given domain/workgroup. Local master browsers in the same domain/workgroup on broadcast-isolated subnets then ask for a complete copy of the browse list for the whole wide area network. Browser clients diff --git a/docs/docbook/projdoc/passdb.xml b/docs/docbook/projdoc/passdb.xml index ab7c9932fb..4bc2634528 100644 --- a/docs/docbook/projdoc/passdb.xml +++ b/docs/docbook/projdoc/passdb.xml @@ -1313,7 +1313,7 @@ Refer to the <command>logon home</command> parameter in the &smb.conf; man page <varlistentry> <term>only</term> - <listitem><para>Only update the LDAP password and let the LDAP server worry about the other fields. This option is only available on some LDAP servers. <footnote>Only when the LDAP server supports LDAP_EXOP_X_MODIFY_PASSWD</footnote></para></listitem> + <listitem><para>Only update the LDAP password and let the LDAP server worry about the other fields. This option is only available on some LDAP servers. <footnote><para>Only when the LDAP server supports LDAP_EXOP_X_MODIFY_PASSWD</para></footnote></para></listitem> </varlistentry> </variablelist> diff --git a/docs/docbook/smbdotconf/base/netbiosaliases.xml b/docs/docbook/smbdotconf/base/netbiosaliases.xml index a62fb8f7d6..ac8ffaf2b9 100644 --- a/docs/docbook/smbdotconf/base/netbiosaliases.xml +++ b/docs/docbook/smbdotconf/base/netbiosaliases.xml @@ -3,7 +3,7 @@ advanced="1" wizard="1" developer="1" xmlns:samba="http://samba.org/common"> <listitem> - <para>This is a list of NetBIOS names that <ulink url="nmbd.8.html">nmbd(8)</ulink> will + <para>This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml index 06017fce59..7caf3058c9 100644 --- a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml +++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml @@ -5,8 +5,8 @@ <listitem> <para>If a Samba server is a member of a Windows NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>) - parameter) then periodically a running <ulink url="smbd.8.html"> - smbd(8)</ulink> process will try and change the MACHINE ACCOUNT + parameter) then periodically a running smbd + process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb </filename>. This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml index 34d3e7ea58..42f7b04563 100644 --- a/docs/docbook/smbdotconf/logon/adduserscript.xml +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -11,7 +11,7 @@ created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users + Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para> <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle> diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml index 65b6253c0c..a1e8e0c03b 100644 --- a/docs/docbook/smbdotconf/logon/logonscript.xml +++ b/docs/docbook/smbdotconf/logon/logonscript.xml @@ -22,8 +22,8 @@ suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET /YES</command>, to force every machine to synchronize clocks with the same time server. Another use would be to add <command moreinfo="none">NET USE - U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none"> - NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para> + U: \\SERVER\UTILS</command> for commonly used utilities, or <screen> + <userinput>NET USE Q: \\SERVER\ISO9001_QA</userinput></screen> for example.</para> <para>Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission diff --git a/docs/docbook/smbdotconf/misc/remoteannounce.xml b/docs/docbook/smbdotconf/misc/remoteannounce.xml index 019cc306a7..d03ea8b0e2 100644 --- a/docs/docbook/smbdotconf/misc/remoteannounce.xml +++ b/docs/docbook/smbdotconf/misc/remoteannounce.xml @@ -27,8 +27,7 @@ addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable.</para> - <para>See the documentation file <ulink url="improved-browsing.html">BROWSING</ulink> - in the <filename moreinfo="none">docs/</filename> directory.</para> + <para>See <link linkend="NetworkBrowsing"/>.</para> <para>Default: <command moreinfo="none">remote announce = <empty string></command></para> </listitem> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml index 478031c7b9..ffaa58fe2a 100644 --- a/docs/docbook/smbdotconf/printing/os2drivermap.xml +++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml @@ -14,9 +14,8 @@ LaserJet 5L</command>.</para> <para>The need for the file is due to the printer driver namespace - problem described in the <ulink url="printing.html">Samba - Printing HOWTO</ulink>. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation.</para> + problem described in <link linkiend="printing"/>. For more details on OS/2 clients, please + refer to <link linkend="Other-Clients"/>.</para> <para>Default: <command moreinfo="none">os2 driver map = <empty string></command></para> </listitem> diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml index df25fbfb20..ce187a36fa 100644 --- a/docs/docbook/smbdotconf/protocol/clientusespnego.xml +++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml @@ -6,6 +6,9 @@ <para> This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism. + SPNEGO client support for SMB Signing is currently broken, so + you might want to turn this option off when operating with + Windows 2003 domain controllers in particular. </para> <para>Default: <emphasis>client use spnego = yes</emphasis></para> diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml index 4e88495489..45bc98843f 100644 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml @@ -18,7 +18,7 @@ <para><constant>lmhosts</constant> : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has no name type attached to the NetBIOS name (see the <ulink - url="lmhosts.5.html">lmhosts(5)</ulink> for details) then + noescape="1" url="lmhosts.5.html">lmhosts(5)</ulink> for details) then any name type matches for lookup.</para> </listitem> diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml index 6f2b3ec510..505f371809 100644 --- a/docs/docbook/smbdotconf/protocol/profileacls.xml +++ b/docs/docbook/smbdotconf/protocol/profileacls.xml @@ -10,7 +10,10 @@ Windows XP clients. New versions of Windows 2000 or Windows XP service packs do security ACL checking on the owner and ability to write of the profile directory stored on a local workstation when copied from a Samba - share. When not in domain mode with winbindd then the security info copied + share. +</para> + +<para>When not in domain mode with winbindd then the security info copied onto the local workstation has no meaning to the logged in user (SID) on that workstation so the profile storing fails. Adding this parameter onto a share used for profile storage changes two things about the @@ -19,15 +22,17 @@ BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to every returned ACL. This will allow any Windows 2000 or XP workstation - user to access the profile. Note that if you have multiple users logging + user to access the profile.</para> + + <para>Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access each others profiles you must remove the "Bypass traverse checking" advanced user right. This will prevent access to other users profile directories as the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory tree to the owning user. - </para> - +</para> + <para>Default: <command moreinfo="none">profile acls = no</command></para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml index 63363d2607..8354f8b8da 100644 --- a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml +++ b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml @@ -7,7 +7,7 @@ <parameter moreinfo="none">security</parameter></link> option is set to <constant>server</constant> or <constant>domain</constant>. If it is set to no, then attempts to connect to a resource from - a domain or workgroup other than the one which <ulink url="smbd.8.html">smbd</ulink> is running + a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication.</para> diff --git a/docs/docbook/smbdotconf/security/guestaccount.xml b/docs/docbook/smbdotconf/security/guestaccount.xml index f9192748f9..9db3b6362d 100644 --- a/docs/docbook/smbdotconf/security/guestaccount.xml +++ b/docs/docbook/smbdotconf/security/guestaccount.xml @@ -1,5 +1,5 @@ <samba:parameter name="guest account" - context="G" + context="G,S" basic="1" advanced="1" developer="1" xmlns:samba="http://samba.org/common"> <listitem> @@ -13,7 +13,7 @@ the specified username overrides this one. </para> - <para>On some systems the default guest account "nobody" may not + <para>One some systems the default guest account "nobody" may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the <command moreinfo="none">su -</command> command) and trying to print using the diff --git a/docs/docbook/smbdotconf/security/passdbbackend.xml b/docs/docbook/smbdotconf/security/passdbbackend.xml index 1a3a83946a..8c64299dd4 100644 --- a/docs/docbook/smbdotconf/security/passdbbackend.xml +++ b/docs/docbook/smbdotconf/security/passdbbackend.xml @@ -55,22 +55,15 @@ details. </para></listitem> - <listitem> - <para><command moreinfo="none">guest</command> - - Very simple backend that only provides one user: the guest user. - Only maps the NT guest user to the <parameter>guest account</parameter>. - Required in pretty much all situations. - </para></listitem> - </itemizedlist> </para> <para>Default: <command moreinfo="none">passdb backend = smbpasswd</command></para> - <para>Example: <command moreinfo="none">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest</command></para> + <para>Example: <command moreinfo="none">passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd</command></para> - <para>Example: <command moreinfo="none">passdb backend = ldapsam:ldaps://ldap.example.com guest</command></para> + <para>Example: <command moreinfo="none">passdb backend = ldapsam:ldaps://ldap.example.com</command></para> - <para>Example: <command moreinfo="none">passdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest</command></para> + <para>Example: <command moreinfo="none">passdb backend = mysql:my_plugin_args tdbsam</command></para> </listitem> </samba:parameter> diff --git a/docs/docbook/smbdotconf/security/passwdprogram.xml b/docs/docbook/smbdotconf/security/passwdprogram.xml index 22235322c8..db02670158 100644 --- a/docs/docbook/smbdotconf/security/passwdprogram.xml +++ b/docs/docbook/smbdotconf/security/passwdprogram.xml @@ -17,9 +17,8 @@ <para><emphasis>Note</emphasis> that if the <parameter moreinfo="none">unix password sync</parameter> parameter is set to <constant>yes </constant> then this program is called <emphasis>AS ROOT</emphasis> - before the SMB password in the <ulink url="smbpasswd.5.html"><citerefentry> - <refentrytitle>smbpasswd</refentrytitle><manvolnum>5</manvolnum></citerefentry> - </ulink> file is changed. If this UNIX password change fails, then + before the SMB password in the smbpasswd + file is changed. If this UNIX password change fails, then <command moreinfo="none">smbd</command> will fail to change the SMB password also (this is by design).</para> @@ -29,13 +28,6 @@ for security implications. Note that by default <parameter moreinfo="none">unix password sync</parameter> is set to <constant>no</constant>.</para> - <para>Not that this program is only invoked when a password change is - done via the smbd program, not when smbpasswd is used locally as root to - change a password. This means that you cannot run "smbpasswd USERNAME" as - root on the SMB server in order to test this parameter, but should run the - command "smbpasswd -r SMBMACHINE" as a non-root user instead if you want - to test the invocation of this program.</para> - <para>See also <link linkend="UNIXPASSWORDSYNC"><parameter moreinfo="none">unix password sync</parameter></link>.</para> diff --git a/docs/docbook/smbdotconf/security/security.xml b/docs/docbook/smbdotconf/security/security.xml index 389e8dd009..030abc1de1 100644 --- a/docs/docbook/smbdotconf/security/security.xml +++ b/docs/docbook/smbdotconf/security/security.xml @@ -19,8 +19,8 @@ Windows NT.</para> <para>The alternatives are <command moreinfo="none">security = share</command>, - <command moreinfo="none">security = server</command>, <command moreinfo="none">security = domain - </command>, or <command moreinfo="none">security = ads</command>.</para> + <command moreinfo="none">security = server</command> or <command moreinfo="none">security = domain + </command>.</para> <para>In versions of Samba prior to 2.0.0, the default was <command moreinfo="none">security = share</command> mainly because that was diff --git a/docs/docbook/smbdotconf/tuning/usesendfile.xml b/docs/docbook/smbdotconf/tuning/usesendfile.xml index e8b8213ec3..6bbd651549 100644 --- a/docs/docbook/smbdotconf/tuning/usesendfile.xml +++ b/docs/docbook/smbdotconf/tuning/usesendfile.xml @@ -2,11 +2,13 @@ context="S" xmlns:samba="http://samba.org/common"> <listitem> - <para>If this parameter is <constant>yes</constant>, and the underlying operating + <para>If this parameter is <constant>yes</constant>, and Samba + was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked. This may make more efficient use of the system CPU's - and cause Samba to be faster.</para> + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet.</para> <para>Default: <command moreinfo="none">use sendfile = no</command></para> </listitem> diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml index c76c3b6c1d..4e8dfe7a79 100644 --- a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml +++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml @@ -3,14 +3,16 @@ advanced="1" developer="1" xmlns:samba="http://samba.org/common"> <listitem> - <para>If set to <constant>yes</constant>, + <para>This boolean parameter is only available + if Samba has been configured and compiled with the <command moreinfo="none"> + --with-msdfs</command> option. If set to <constant>yes</constant>, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server.</para> <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none"> msdfs root</parameter></link> share level parameter. For more information on setting up a Dfs tree on Samba, - refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>. + refer to <link linkend="msdfs"/>. </para> <para>Default: <command moreinfo="none">host msdfs = no</command></para> diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml index eaed6f68e9..e72bf89b1f 100644 --- a/docs/docbook/smbdotconf/vfs/msdfsroot.xml +++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml @@ -2,14 +2,15 @@ context="S" xmlns:samba="http://samba.org/common"> <listitem> - <para>If set to <constant>yes</constant>, + <para>This boolean parameter is only available if + Samba is configured and compiled with the <command moreinfo="none"> + --with-msdfs</command> option. If set to <constant>yes</constant>, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename> and so on. For more information on setting up a Dfs tree - on Samba, refer to <ulink url="msdfs.html">"Hosting a Microsoft - Distributed File System tree on Samba"</ulink> document.</para> + on Samba, refer to <link linkend="msdfs"/>.</para> <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para> diff --git a/docs/docbook/smbdotconf/vfs/vfsobjects.xml b/docs/docbook/smbdotconf/vfs/vfsobjects.xml index 85f5016401..32a10b5bd6 100644 --- a/docs/docbook/smbdotconf/vfs/vfsobjects.xml +++ b/docs/docbook/smbdotconf/vfs/vfsobjects.xml @@ -2,19 +2,10 @@ context="S" xmlns:samba="http://samba.org/common"> <listitem> - <para>This parameter specifies the backend module names which + <para>This parameter specifies the backend names which are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects. </para> - - <para>Options for a given VFS module are specified one per line - smb.conf perfaced by the module name and a colon (:). Such as</para> - - <para>foo:bar=biddle</para> - - <para>where 'foo' is the name of VFS module, 'bar' is a parameter supported - by ;foo;, and 'biddle' is the value of the option 'bar'. Refer to the - manpage for a given VFS modules regarding the options supported by that module.</para> <para>Default: <emphasis>no value</emphasis></para> diff --git a/docs/docbook/smbdotconf/winbind/idmapgid.xml b/docs/docbook/smbdotconf/winbind/idmapgid.xml index 43a8e34fad..8bd46a80c6 100644 --- a/docs/docbook/smbdotconf/winbind/idmapgid.xml +++ b/docs/docbook/smbdotconf/winbind/idmapgid.xml @@ -5,7 +5,7 @@ <listitem> <para>The idmap gid parameter specifies the range of group ids that are allocated for - the purpose of mapping UNIX groups to NT group SIDs. This range of group ids should have no + the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise.</para> <para>The availability of an idmap gid range is essential for correct operation of diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml index 12ee635acd..577a130ff1 100644 --- a/docs/docbook/smbdotconf/wins/winsserver.xml +++ b/docs/docbook/smbdotconf/wins/winsserver.xml @@ -21,7 +21,7 @@ to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly.</para></note> - <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para> + <para>See the <link linkend="NetworkBrowsing"/>.</para> <para>Default: <emphasis>not enabled</emphasis></para> |