diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/docbook/manpages/smb.conf.5.sgml | 94 | ||||
| -rw-r--r-- | docs/docbook/manpages/smbpasswd.8.sgml | 61 |
2 files changed, 83 insertions, 72 deletions
diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 7aa9ea3b9c..a464643234 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -594,6 +594,7 @@ <listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem> <listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem> <listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem> + <listitem><para><link linkend="AUTHMETHODS"><parameter>auth methods</parameter></link></para></listitem> <listitem><para><link linkend="AUTOSERVICES"><parameter>auto services</parameter></link></para></listitem> <listitem><para><link linkend="BINDINTERFACESONLY"><parameter>bind interfaces only</parameter></link></para></listitem> <listitem><para><link linkend="BROWSELIST"><parameter>browse list</parameter></link></para></listitem> @@ -679,8 +680,8 @@ <listitem><para><link linkend="NETBIOSNAME"><parameter>netbios name</parameter></link></para></listitem> <listitem><para><link linkend="NETBIOSSCOPE"><parameter>netbios scope</parameter></link></para></listitem> <listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem> + <listitem><para><link linkend="NONUNIXACCOUNTRANGE"><parameter>non unix account range</parameter></link></para></listitem> <listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem> - <listitem><para><link linkend="NTSMBSUPPORT"><parameter>nt smb support</parameter></link></para></listitem> <listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem> <listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem> <listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem> @@ -688,6 +689,7 @@ <listitem><para><link linkend="OS2DRIVERMAP"><parameter>os2 driver map</parameter></link></para></listitem> <listitem><para><link linkend="PAMPASSWORDCHANGE"><parameter>pam password change</parameter></link></para></listitem> <listitem><para><link linkend="PANICACTION"><parameter>panic action</parameter></link></para></listitem> + <listitem><para><link linkend="PASSDBBACKEND"><parameter>passdb backend</parameter></link></para></listitem> <listitem><para><link linkend="PASSWDCHAT"><parameter>passwd chat</parameter></link></para></listitem> <listitem><para><link linkend="PASSWDCHATDEBUG"><parameter>passwd chat debug</parameter></link></para></listitem> <listitem><para><link linkend="PASSWDPROGRAM"><parameter>passwd program</parameter></link></para></listitem> @@ -1206,6 +1208,24 @@ <varlistentry> + <term><anchor id="AUTHMETHODS">auth methods (G)</term> + <listitem><para>This option allows the administrator to chose what + authentication methods <command>smbd</command> will use when authenticating + a user. This option defaults to sensible values based on <link linkend="SECURITY"><parameter> + security</parameter></link>. + + Each entry in the list attempts to authenticate the user in turn, until + the user authenticates. In practice only one method will ever actually + be able to complete the authentication. + </para> + + <para>Default: <command>auth methods = <empty string></command></para> + <para>Example: <command>auth methods = guest sam ntdomain</command></para> + </listitem> + </varlistentry> + + + <varlistentry> <term><anchor id="AVAILABLE">available (S)</term> <listitem><para>This parameter lets you "turn off" a service. If <parameter>available = no</parameter>, then <emphasis>ALL</emphasis> @@ -2490,7 +2510,7 @@ </filename></ulink> file (see the <ulink url="smbpasswd.8.html"><command> smbpasswd(8)</command></ulink> program for information on how to set up and maintain this file), or set the <link - linkend="SECURITY">security = [server|domain]</link> parameter which + linkend="SECURITY">security = [server|domain|ads]</link> parameter which causes <command>smbd</command> to authenticate against another server.</para> @@ -4919,6 +4939,40 @@ <varlistentry> + <term><anchor id="NONUNIXACCOUNTRANGE">non unix account range (G)</term> + <listitem><para>The non unix account range parameter specifies + the range of 'user ids' that are allocated by the various 'non unix + account' passdb backends. These backends allow + the storage of passwords for users who don't exist in /etc/passwd. + This is most often used for machine account creation. + This range of ids should have no existing local or NIS users within + it as strange conflicts can occur otherwise.</para> + + <para>NOTE: These userids never appear on the system and Samba will never + 'become' these users. They are used only to ensure that the algorithmic + RID mapping does not conflict with normal users. + + <para>Default: <command>non unix account range = <empty string> + </command></para> + + <para>Example: <command>non unix account range = 10000-20000</command></para> + </listitem> + </varlistentry> + + + <listitem><para>This boolean parameter controls whether + <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map + UNIX permissions into Windows NT access control lists. + This parameter was formally a global parameter in releases + prior to 2.2.2.</para> + + <para>Default: <command>nt acl support = yes</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> <term><anchor id="NTACLSUPPORT">nt acl support (S)</term> <listitem><para>This boolean parameter controls whether <ulink url="smbd.8.html">smbd(8)</ulink> will attempt to map @@ -4947,27 +5001,6 @@ <varlistentry> - <term><anchor id="NTSMBSUPPORT">nt smb support (G)</term> - <listitem><para>This boolean parameter controls whether <ulink - url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific SMB - support with Windows NT clients. Although this is a developer - debugging option and should be left alone, benchmarking has discovered - that Windows NT clients give faster performance with this option - set to <constant>no</constant>. This is still being investigated. - If this option is set to <constant>no</constant> then Samba offers - exactly the same SMB calls that versions prior to Samba 2.0 offered. - This information may be of use if any users are having problems - with NT SMB support.</para> - - <para>You should not need to ever disable this parameter.</para> - - <para>Default: <command>nt smb support = yes</command></para> - </listitem> - </varlistentry> - - - - <varlistentry> <term><anchor id="NULLPASSWORDS">null passwords (G)</term> <listitem><para>Allow or disallow client access to accounts that have null passwords. </para> @@ -5192,6 +5225,21 @@ <varlistentry> + <term><anchor id="PASSDBBACKEND">passdb backend (G)</term> + <listitem><para>This option allows the administrator to chose what + backend in which to store passwords. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. Only one can + be used at a time however, and experimental backends must still be selected + (eg --with-tdbsam) at configure time. + </para> + + <para>Default: <command>passdb backend = smbpasswd</command></para> + <para>Example: <command>passdb backend = tdbsam</command></para> + </listitem> + </varlistentry> + + + <varlistentry> <term><anchor id="PASSWDCHAT">passwd chat (G)</term> <listitem><para>This string controls the <emphasis>"chat"</emphasis> conversation that takes places between <ulink diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml index 098e874cc8..3c7a6a5150 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -86,9 +86,10 @@ new password typed (type <Enter> for the old password). This option is ignored if the username following already exists in the smbpasswd file and it is treated like a regular change - password command. Note that the user to be added must already exist - in the system password file (usually <filename>/etc/passwd</filename>) - else the request to add the user will fail. </para> + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + <filename>/etc/passwd</filename>), else the request to add the + user will fail. </para> <para>This option is only available when running smbpasswd as root. </para></listitem> @@ -119,8 +120,7 @@ <para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0 format) there is no space in the user's password entry to write - this information and so the user is disabled by writing 'X' characters - into the password space in the smbpasswd file. See <command>smbpasswd(5) + this information and the command will FAIL. See <command>smbpasswd(5) </command> for details on the 'old' and new password file formats. </para> @@ -138,10 +138,8 @@ the user will be able to authenticate via SMB once again. </para> <para>If the smbpasswd file is in the 'old' format, then <command> - smbpasswd</command> will prompt for a new password for this user, - otherwise the account will be enabled by removing the <constant>'D' - </constant> flag from account control space in the <filename> - smbpasswd</filename> file. See <command>smbpasswd (5)</command> for + smbpasswd</command> will FAIL to enable the account. + See <command>smbpasswd (5)</command> for details on the 'old' and new password file formats. </para> <para>This option is only available when running smbpasswd as root. @@ -275,45 +273,6 @@ <varlistentry> - <term>-j DOMAIN</term> - <listitem><para>This option is used to add a Samba server - into a Windows NT Domain, as a Domain member capable of authenticating - user accounts to any Domain Controller in the same way as a Windows - NT Server. See the <command>security = domain</command> option in - the <filename>smb.conf(5)</filename> man page. </para> - - <para>In order to be used in this way, the Administrator for - the Windows NT Domain must have used the program "Server Manager - for Domains" to add the primary NetBIOS name of the Samba server - as a member of the Domain. </para> - - <para>After this has been done, to join the Domain invoke <command> - smbpasswd</command> with this parameter. smbpasswd will then - look up the Primary Domain Controller for the Domain (found in - the <filename>smb.conf</filename> file in the parameter - <parameter>password server</parameter> and change the machine account - password used to create the secure Domain communication. This - password is then stored by smbpasswd in a TDB, writeable only by root, - called <filename>secrets.tdb</filename> </para> - - <para>Once this operation has been performed the <filename> - smb.conf</filename> file may be updated to set the <command> - security = domain</command> option and all future logins - to the Samba server will be authenticated to the Windows NT - PDC. </para> - - <para>Note that even though the authentication is being - done to the PDC all users accessing the Samba server must still - have a valid UNIX account on that machine. </para> - - - <para>This option is only available when running smbpasswd as root. - </para></listitem> - </varlistentry> - - - - <varlistentry> <term>-U username</term> <listitem><para>This option may only be used in conjunction with the <parameter>-r</parameter> option. When changing @@ -395,7 +354,7 @@ <refsect1> <title>VERSION</title> - <para>This man page is correct for version 2.2 of + <para>This man page is correct for version 3.0 of the Samba suite.</para> </refsect1> @@ -424,3 +383,7 @@ </refsect1> </refentry> + + + + |