summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/docbook/manpages/smb.conf.5.sgml94
-rw-r--r--docs/docbook/manpages/smbpasswd.8.sgml61
2 files changed, 83 insertions, 72 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml
index 7aa9ea3b9c..a464643234 100644
--- a/docs/docbook/manpages/smb.conf.5.sgml
+++ b/docs/docbook/manpages/smb.conf.5.sgml
@@ -594,6 +594,7 @@
<listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem>
<listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem>
<listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem>
+ <listitem><para><link linkend="AUTHMETHODS"><parameter>auth methods</parameter></link></para></listitem>
<listitem><para><link linkend="AUTOSERVICES"><parameter>auto services</parameter></link></para></listitem>
<listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem>
<listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem>
@@ -679,8 +680,8 @@
<listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem>
<listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem>
<listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem>
+ <listitem><para><link linkend="NONUNIXACCOUNTRANGE"><parameter>non unix account range</parameter></link></para></listitem>
<listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem>
- <listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem>
<listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem>
<listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem>
<listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem>
@@ -688,6 +689,7 @@
<listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem>
<listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem>
<listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem>
+ <listitem><para><link linkend="PASSDBBACKEND"><parameter>passdb backend</parameter></link></para></listitem>
<listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem>
<listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem>
<listitem><para><link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link></para></listitem>
@@ -1206,6 +1208,24 @@
<varlistentry>
+ <term><anchor id="AUTHMETHODS">auth methods (G)</term>
+ <listitem><para>This option allows the administrator to chose what
+ authentication methods <command>smbd</command> will use when authenticating
+ a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter>
+ security</parameter></link>.
+
+ Each entry in the list attempts to authenticate the user in turn, until
+ the user authenticates. In practice only one method will ever actually
+ be able to complete the authentication.
+ </para>
+
+ <para>Default: <command>auth methods = &lt;empty string&gt;</command></para>
+ <para>Example: <command>auth methods = guest sam ntdomain</command></para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
<term><anchor id="AVAILABLE">available (S)</term>
<listitem><para>This parameter lets you "turn off" a service. If
<parameter>available = no</parameter>, then <emphasis>ALL</emphasis>
@@ -2490,7 +2510,7 @@
</filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command>
smbpasswd(8)</command></ulink> program for information on how to set up
and maintain this file), or set the <link
- linkend="SECURITY">security = [server|domain]</link> parameter which
+ linkend="SECURITY">security = [server|domain|ads]</link> parameter which
causes <command>smbd</command> to authenticate against another
server.</para>
@@ -4919,6 +4939,40 @@
<varlistentry>
+ <term><anchor id="NONUNIXACCOUNTRANGE">non unix account range (G)</term>
+ <listitem><para>The non unix account range parameter specifies
+ the range of 'user ids' that are allocated by the various 'non unix
+ account' passdb backends. These backends allow
+ the storage of passwords for users who don't exist in /etc/passwd.
+ This is most often used for machine account creation.
+ This range of ids should have no existing local or NIS users within
+ it as strange conflicts can occur otherwise.</para>
+
+ <para>NOTE: These userids never appear on the system and Samba will never
+ 'become' these users. They are used only to ensure that the algorithmic
+ RID mapping does not conflict with normal users.
+
+ <para>Default: <command>non unix account range = &lt;empty string&gt;
+ </command></para>
+
+ <para>Example: <command>non unix account range = 10000-20000</command></para>
+ </listitem>
+ </varlistentry>
+
+
+ <listitem><para>This boolean parameter controls whether
+ <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map
+ UNIX permissions into Windows NT access control lists.
+ This parameter was formally a global parameter in releases
+ prior to 2.2.2.</para>
+
+ <para>Default: <command>nt acl support = yes</command></para>
+ </listitem>
+ </varlistentry>
+
+
+
+ <varlistentry>
<term><anchor id="NTACLSUPPORT">nt acl support (S)</term>
<listitem><para>This boolean parameter controls whether
<ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map
@@ -4947,27 +5001,6 @@
<varlistentry>
- <term><anchor id="NTSMBSUPPORT">nt smb support (G)</term>
- <listitem><para>This boolean parameter controls whether <ulink
- url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific SMB
- support with Windows NT clients. Although this is a developer
- debugging option and should be left alone, benchmarking has discovered
- that Windows NT clients give faster performance with this option
- set to <constant>no</constant>. This is still being investigated.
- If this option is set to <constant>no</constant> then Samba offers
- exactly the same SMB calls that versions prior to Samba 2.0 offered.
- This information may be of use if any users are having problems
- with NT SMB support.</para>
-
- <para>You should not need to ever disable this parameter.</para>
-
- <para>Default: <command>nt smb support = yes</command></para>
- </listitem>
- </varlistentry>
-
-
-
- <varlistentry>
<term><anchor id="NULLPASSWORDS">null passwords (G)</term>
<listitem><para>Allow or disallow client access to accounts
that have null passwords. </para>
@@ -5192,6 +5225,21 @@
<varlistentry>
+ <term><anchor id="PASSDBBACKEND">passdb backend (G)</term>
+ <listitem><para>This option allows the administrator to chose what
+ backend in which to store passwords. This allows (for example) both
+ smbpasswd and tdbsam to be used without a recompile. Only one can
+ be used at a time however, and experimental backends must still be selected
+ (eg --with-tdbsam) at configure time.
+ </para>
+
+ <para>Default: <command>passdb backend = smbpasswd</command></para>
+ <para>Example: <command>passdb backend = tdbsam</command></para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
<term><anchor id="PASSWDCHAT">passwd chat (G)</term>
<listitem><para>This string controls the <emphasis>"chat"</emphasis>
conversation that takes places between <ulink
diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml
index 098e874cc8..3c7a6a5150 100644
--- a/docs/docbook/manpages/smbpasswd.8.sgml
+++ b/docs/docbook/manpages/smbpasswd.8.sgml
@@ -86,9 +86,10 @@
new password typed (type &lt;Enter&gt; for the old password). This
option is ignored if the username following already exists in
the smbpasswd file and it is treated like a regular change
- password command. Note that the user to be added must already exist
- in the system password file (usually <filename>/etc/passwd</filename>)
- else the request to add the user will fail. </para>
+ password command. Note that the default passdb backends require
+ the user to already exist in the system password file (usually
+ <filename>/etc/passwd</filename>), else the request to add the
+ user will fail. </para>
<para>This option is only available when running smbpasswd
as root. </para></listitem>
@@ -119,8 +120,7 @@
<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0
format) there is no space in the user's password entry to write
- this information and so the user is disabled by writing 'X' characters
- into the password space in the smbpasswd file. See <command>smbpasswd(5)
+ this information and the command will FAIL. See <command>smbpasswd(5)
</command> for details on the 'old' and new password file formats.
</para>
@@ -138,10 +138,8 @@
the user will be able to authenticate via SMB once again. </para>
<para>If the smbpasswd file is in the 'old' format, then <command>
- smbpasswd</command> will prompt for a new password for this user,
- otherwise the account will be enabled by removing the <constant>'D'
- </constant> flag from account control space in the <filename>
- smbpasswd</filename> file. See <command>smbpasswd (5)</command> for
+ smbpasswd</command> will FAIL to enable the account.
+ See <command>smbpasswd (5)</command> for
details on the 'old' and new password file formats. </para>
<para>This option is only available when running smbpasswd as root.
@@ -275,45 +273,6 @@
<varlistentry>
- <term>-j DOMAIN</term>
- <listitem><para>This option is used to add a Samba server
- into a Windows NT Domain, as a Domain member capable of authenticating
- user accounts to any Domain Controller in the same way as a Windows
- NT Server. See the <command>security = domain</command> option in
- the <filename>smb.conf(5)</filename> man page. </para>
-
- <para>In order to be used in this way, the Administrator for
- the Windows NT Domain must have used the program "Server Manager
- for Domains" to add the primary NetBIOS name of the Samba server
- as a member of the Domain. </para>
-
- <para>After this has been done, to join the Domain invoke <command>
- smbpasswd</command> with this parameter. smbpasswd will then
- look up the Primary Domain Controller for the Domain (found in
- the <filename>smb.conf</filename> file in the parameter
- <parameter>password server</parameter> and change the machine account
- password used to create the secure Domain communication. This
- password is then stored by smbpasswd in a TDB, writeable only by root,
- called <filename>secrets.tdb</filename> </para>
-
- <para>Once this operation has been performed the <filename>
- smb.conf</filename> file may be updated to set the <command>
- security = domain</command> option and all future logins
- to the Samba server will be authenticated to the Windows NT
- PDC. </para>
-
- <para>Note that even though the authentication is being
- done to the PDC all users accessing the Samba server must still
- have a valid UNIX account on that machine. </para>
-
-
- <para>This option is only available when running smbpasswd as root.
- </para></listitem>
- </varlistentry>
-
-
-
- <varlistentry>
<term>-U username</term>
<listitem><para>This option may only be used in conjunction
with the <parameter>-r</parameter> option. When changing
@@ -395,7 +354,7 @@
<refsect1>
<title>VERSION</title>
- <para>This man page is correct for version 2.2 of
+ <para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
@@ -424,3 +383,7 @@
</refsect1>
</refentry>
+
+
+
+