diff options
Diffstat (limited to 'docs')
46 files changed, 2248 insertions, 3331 deletions
diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf index e9e530034f..2d9a2009ac 100644 --- a/docs/Samba-HOWTO-Collection.pdf +++ b/docs/Samba-HOWTO-Collection.pdf @@ -1,6 +1,6 @@ %PDF-1.2 % -1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020508150805Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj +1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020401145915Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj @@ -403,33 +403,33 @@ 283 0 obj[282 0 R ]endobj 284 0 obj<</S/URI/URI(http://samba.org/)>>endobj -285 0 obj<</Subtype/Link/Rect[196.9 345.8 308.1 358.8]/Border[0 0 0]/A 284 0 R>>endobj +285 0 obj<</Subtype/Link/Rect[196.9 385.4 308.1 398.4]/Border[0 0 0]/A 284 0 R>>endobj 286 0 obj[285 0 R ]endobj 287 0 obj<</S/URI/URI(winbindd.8.html)>>endobj -288 0 obj<</Subtype/Link/Rect[311.8 142.2 366.1 155.2]/Border[0 0 0]/A 287 0 R>>endobj +288 0 obj<</Subtype/Link/Rect[311.8 208.2 366.1 221.2]/Border[0 0 0]/A 287 0 R>>endobj 289 0 obj<</S/URI/URI(#WINBINDSEPARATOR)>>endobj -290 0 obj<</Subtype/Link/Rect[100.0 71.2 191.8 82.2]/Border[0 0 0]/A 289 0 R>>endobj -291 0 obj[288 0 R +290 0 obj<</Subtype/Link/Rect[100.0 137.2 191.8 148.2]/Border[0 0 0]/A 289 0 R>>endobj +291 0 obj<</S/URI/URI(#WINBINDUID)>>endobj +292 0 obj<</Subtype/Link/Rect[100.0 115.6 159.4 126.6]/Border[0 0 0]/A 291 0 R>>endobj +293 0 obj<</S/URI/URI(#WINBINDGID)>>endobj +294 0 obj<</Subtype/Link/Rect[100.0 94.0 159.4 105.0]/Border[0 0 0]/A 293 0 R>>endobj +295 0 obj<</S/URI/URI(#WINBINDENUMUSERS)>>endobj +296 0 obj<</Subtype/Link/Rect[100.0 72.4 197.2 83.4]/Border[0 0 0]/A 295 0 R>>endobj +297 0 obj<</S/URI/URI(#WINBINDENUMGROUP)>>endobj +298 0 obj<</Subtype/Link/Rect[100.0 61.6 202.6 72.6]/Border[0 0 0]/A 297 0 R>>endobj +299 0 obj[288 0 R 290 0 R +292 0 R +294 0 R +296 0 R +298 0 R ]endobj -292 0 obj<</S/URI/URI(#WINBINDUID)>>endobj -293 0 obj<</Subtype/Link/Rect[100.0 722.0 159.4 733.0]/Border[0 0 0]/A 292 0 R>>endobj -294 0 obj<</S/URI/URI(#WINBINDGID)>>endobj -295 0 obj<</Subtype/Link/Rect[100.0 700.4 159.4 711.4]/Border[0 0 0]/A 294 0 R>>endobj -296 0 obj<</S/URI/URI(#WINBINDENUMUSERS)>>endobj -297 0 obj<</Subtype/Link/Rect[100.0 678.8 197.2 689.8]/Border[0 0 0]/A 296 0 R>>endobj -298 0 obj<</S/URI/URI(#WINBINDENUMGROUP)>>endobj -299 0 obj<</Subtype/Link/Rect[100.0 668.0 202.6 679.0]/Border[0 0 0]/A 298 0 R>>endobj 300 0 obj<</S/URI/URI(#TEMPLATEHOMEDIR)>>endobj -301 0 obj<</Subtype/Link/Rect[100.0 646.4 186.4 657.4]/Border[0 0 0]/A 300 0 R>>endobj +301 0 obj<</Subtype/Link/Rect[100.0 711.2 186.4 722.2]/Border[0 0 0]/A 300 0 R>>endobj 302 0 obj<</S/URI/URI(#TEMPLATESHELL)>>endobj -303 0 obj<</Subtype/Link/Rect[100.0 635.6 175.6 646.6]/Border[0 0 0]/A 302 0 R>>endobj -304 0 obj[293 0 R -295 0 R -297 0 R -299 0 R -301 0 R +303 0 obj<</Subtype/Link/Rect[100.0 700.4 175.6 711.4]/Border[0 0 0]/A 302 0 R>>endobj +304 0 obj[301 0 R 303 0 R ]endobj 305 0 obj<</S/URI/URI(http://carol.wins.uva.nl/~leeuw/samba/warp.html)>>endobj @@ -677,11 +677,11 @@ 449 0 obj<</Subtype/Link/Rect[108.0 248.4 274.8 261.4]/Border[0 0 0]/Dest[846 0 R/XYZ null 673 0]>>endobj 450 0 obj<</Subtype/Link/Rect[108.0 235.2 208.5 248.2]/Border[0 0 0]/Dest[846 0 R/XYZ null 483 0]>>endobj 451 0 obj<</Subtype/Link/Rect[108.0 222.0 265.4 235.0]/Border[0 0 0]/Dest[846 0 R/XYZ null 332 0]>>endobj -452 0 obj<</Subtype/Link/Rect[108.0 208.8 195.4 221.8]/Border[0 0 0]/Dest[846 0 R/XYZ null 181 0]>>endobj -453 0 obj<</Subtype/Link/Rect[108.0 195.6 202.1 208.6]/Border[0 0 0]/Dest[849 0 R/XYZ null 541 0]>>endobj -454 0 obj<</Subtype/Link/Rect[108.0 182.4 226.6 195.4]/Border[0 0 0]/Dest[849 0 R/XYZ null 258 0]>>endobj -455 0 obj<</Subtype/Link/Rect[108.0 169.2 183.5 182.2]/Border[0 0 0]/Dest[864 0 R/XYZ null 278 0]>>endobj -456 0 obj<</Subtype/Link/Rect[108.0 156.0 182.9 169.0]/Border[0 0 0]/Dest[867 0 R/XYZ null 726 0]>>endobj +452 0 obj<</Subtype/Link/Rect[108.0 208.8 195.4 221.8]/Border[0 0 0]/Dest[846 0 R/XYZ null 221 0]>>endobj +453 0 obj<</Subtype/Link/Rect[108.0 195.6 202.1 208.6]/Border[0 0 0]/Dest[849 0 R/XYZ null 581 0]>>endobj +454 0 obj<</Subtype/Link/Rect[108.0 182.4 226.6 195.4]/Border[0 0 0]/Dest[849 0 R/XYZ null 298 0]>>endobj +455 0 obj<</Subtype/Link/Rect[108.0 169.2 183.5 182.2]/Border[0 0 0]/Dest[864 0 R/XYZ null 355 0]>>endobj +456 0 obj<</Subtype/Link/Rect[108.0 156.0 182.9 169.0]/Border[0 0 0]/Dest[867 0 R/XYZ null 768 0]>>endobj 457 0 obj<</Subtype/Link/Rect[72.0 129.6 228.8 142.6]/Border[0 0 0]/Dest[870 0 R/XYZ null 798 0]>>endobj 458 0 obj<</Subtype/Link/Rect[108.0 116.4 159.0 129.4]/Border[0 0 0]/Dest[870 0 R/XYZ null 730 0]>>endobj 459 0 obj<</Subtype/Link/Rect[108.0 103.2 499.0 116.2]/Border[0 0 0]/Dest[870 0 R/XYZ null 700 0]>>endobj @@ -749,7 +749,7 @@ ]endobj 471 0 obj<</Dests 472 0 R>>endobj 472 0 obj<</Kids[473 0 R]>>endobj -473 0 obj<</Limits[(aen1056)(winbind)]/Names[(aen1056)474 0 R(aen1061)475 0 R(aen1094)476 0 R(aen1100)477 0 R(aen1139)478 0 R(aen1182)479 0 R(aen119)480 0 R(aen1201)481 0 R(aen1236)482 0 R(aen1245)483 0 R(aen1260)484 0 R(aen1308)485 0 R(aen135)486 0 R(aen1352)487 0 R(aen144)488 0 R(aen1466)489 0 R(aen1492)490 0 R(aen1511)491 0 R(aen1519)492 0 R(aen1527)493 0 R(aen1535)494 0 R(aen1542)495 0 R(aen1578)496 0 R(aen1591)497 0 R(aen1594)498 0 R(aen160)499 0 R(aen1604)500 0 R(aen1640)501 0 R(aen1644)502 0 R(aen1652)503 0 R(aen1655)504 0 R(aen1658)505 0 R(aen1661)506 0 R(aen1665)507 0 R(aen1681)508 0 R(aen1702)509 0 R(aen1722)510 0 R(aen174)511 0 R(aen1751)512 0 R(aen1756)513 0 R(aen1768)514 0 R(aen1770)515 0 R(aen1787)516 0 R(aen179)517 0 R(aen1815)518 0 R(aen1820)519 0 R(aen183)520 0 R(aen1840)521 0 R(aen186)522 0 R(aen1910)523 0 R(aen1918)524 0 R(aen1947)525 0 R(aen195)526 0 R(aen1951)527 0 R(aen1964)528 0 R(aen1971)529 0 R(aen1975)530 0 R(aen1980)531 0 R(aen1984)532 0 R(aen199)533 0 R(aen20)534 0 R(aen2000)535 0 R(aen2008)536 0 R(aen2012)537 0 R(aen2015)538 0 R(aen2022)539 0 R(aen2035)540 0 R(aen2049)541 0 R(aen2060)542 0 R(aen2079)543 0 R(aen209)544 0 R(aen2104)545 0 R(aen212)546 0 R(aen2120)547 0 R(aen2131)548 0 R(aen2167)549 0 R(aen2189)550 0 R(aen2236)551 0 R(aen2246)552 0 R(aen226)553 0 R(aen2260)554 0 R(aen2262)555 0 R(aen2277)556 0 R(aen2286)557 0 R(aen2290)558 0 R(aen2306)559 0 R(aen2311)560 0 R(aen2314)561 0 R(aen2319)562 0 R(aen2347)563 0 R(aen248)564 0 R(aen264)565 0 R(aen28)566 0 R(aen280)567 0 R(aen291)568 0 R(aen299)569 0 R(aen311)570 0 R(aen323)571 0 R(aen328)572 0 R(aen336)573 0 R(aen341)574 0 R(aen344)575 0 R(aen356)576 0 R(aen366)577 0 R(aen394)578 0 R(aen4)579 0 R(aen402)580 0 R(aen419)581 0 R(aen426)582 0 R(aen431)583 0 R(aen436)584 0 R(aen457)585 0 R(aen501)586 0 R(aen508)587 0 R(aen528)588 0 R(aen56)589 0 R(aen563)590 0 R(aen583)591 0 R(aen592)592 0 R(aen60)593 0 R(aen603)594 0 R(aen623)595 0 R(aen638)596 0 R(aen652)597 0 R(aen659)598 0 R(aen681)599 0 R(aen74)600 0 R(aen745)601 0 R(aen766)602 0 R(aen788)603 0 R(aen799)604 0 R(aen8)605 0 R(aen80)606 0 R(aen834)607 0 R(aen851)608 0 R(aen862)609 0 R(aen887)610 0 R(aen895)611 0 R(aen899)612 0 R(aen90)613 0 R(aen909)614 0 R(aen912)615 0 R(aen916)616 0 R(aen938)617 0 R(aen992)618 0 R(body.html)619 0 R(cvs-access)620 0 R(domain-security)621 0 R(install)622 0 R(integrate-ms-networks)623 0 R(migration)624 0 R(msdfs)625 0 R(os2)626 0 R(pam)627 0 R(printing)628 0 R(samba-bdc)629 0 R(samba-ldap-howto)630 0 R(samba-pdc)631 0 R(samba-project-documentation)632 0 R(unix-permissions)633 0 R(winbind)634 0 R]>>endobj +473 0 obj<</Limits[(aen1056)(winbind)]/Names[(aen1056)474 0 R(aen1061)475 0 R(aen1094)476 0 R(aen1100)477 0 R(aen1139)478 0 R(aen1182)479 0 R(aen119)480 0 R(aen1201)481 0 R(aen1236)482 0 R(aen1245)483 0 R(aen1260)484 0 R(aen1308)485 0 R(aen135)486 0 R(aen1352)487 0 R(aen144)488 0 R(aen1466)489 0 R(aen1492)490 0 R(aen1511)491 0 R(aen1519)492 0 R(aen1527)493 0 R(aen1535)494 0 R(aen1542)495 0 R(aen1578)496 0 R(aen1591)497 0 R(aen1594)498 0 R(aen160)499 0 R(aen1604)500 0 R(aen1640)501 0 R(aen1644)502 0 R(aen1652)503 0 R(aen1655)504 0 R(aen1658)505 0 R(aen1661)506 0 R(aen1665)507 0 R(aen1681)508 0 R(aen1702)509 0 R(aen1722)510 0 R(aen174)511 0 R(aen1751)512 0 R(aen1756)513 0 R(aen1768)514 0 R(aen1770)515 0 R(aen1787)516 0 R(aen179)517 0 R(aen1815)518 0 R(aen1820)519 0 R(aen183)520 0 R(aen1840)521 0 R(aen186)522 0 R(aen1910)523 0 R(aen1918)524 0 R(aen1947)525 0 R(aen195)526 0 R(aen1951)527 0 R(aen1964)528 0 R(aen1971)529 0 R(aen1975)530 0 R(aen1980)531 0 R(aen1984)532 0 R(aen199)533 0 R(aen20)534 0 R(aen2000)535 0 R(aen2008)536 0 R(aen2012)537 0 R(aen2015)538 0 R(aen2020)539 0 R(aen2033)540 0 R(aen2047)541 0 R(aen2058)542 0 R(aen2077)543 0 R(aen209)544 0 R(aen2102)545 0 R(aen2118)546 0 R(aen212)547 0 R(aen2129)548 0 R(aen2165)549 0 R(aen2187)550 0 R(aen2234)551 0 R(aen2244)552 0 R(aen2258)553 0 R(aen226)554 0 R(aen2260)555 0 R(aen2275)556 0 R(aen2284)557 0 R(aen2288)558 0 R(aen2304)559 0 R(aen2309)560 0 R(aen2312)561 0 R(aen2317)562 0 R(aen2345)563 0 R(aen248)564 0 R(aen264)565 0 R(aen28)566 0 R(aen280)567 0 R(aen291)568 0 R(aen299)569 0 R(aen311)570 0 R(aen323)571 0 R(aen328)572 0 R(aen336)573 0 R(aen341)574 0 R(aen344)575 0 R(aen356)576 0 R(aen366)577 0 R(aen394)578 0 R(aen4)579 0 R(aen402)580 0 R(aen419)581 0 R(aen426)582 0 R(aen431)583 0 R(aen436)584 0 R(aen457)585 0 R(aen501)586 0 R(aen508)587 0 R(aen528)588 0 R(aen56)589 0 R(aen563)590 0 R(aen583)591 0 R(aen592)592 0 R(aen60)593 0 R(aen603)594 0 R(aen623)595 0 R(aen638)596 0 R(aen652)597 0 R(aen659)598 0 R(aen681)599 0 R(aen74)600 0 R(aen745)601 0 R(aen766)602 0 R(aen788)603 0 R(aen799)604 0 R(aen8)605 0 R(aen80)606 0 R(aen834)607 0 R(aen851)608 0 R(aen862)609 0 R(aen887)610 0 R(aen895)611 0 R(aen899)612 0 R(aen90)613 0 R(aen909)614 0 R(aen912)615 0 R(aen916)616 0 R(aen938)617 0 R(aen992)618 0 R(body.html)619 0 R(cvs-access)620 0 R(domain-security)621 0 R(install)622 0 R(integrate-ms-networks)623 0 R(migration)624 0 R(msdfs)625 0 R(os2)626 0 R(pam)627 0 R(printing)628 0 R(samba-bdc)629 0 R(samba-ldap-howto)630 0 R(samba-pdc)631 0 R(samba-project-documentation)632 0 R(unix-permissions)633 0 R(winbind)634 0 R]>>endobj 474 0 obj<</D[744 0 R/XYZ null 383 null]>>endobj 475 0 obj<</D[744 0 R/XYZ null 166 null]>>endobj 476 0 obj<</D[750 0 R/XYZ null 706 null]>>endobj @@ -815,22 +815,22 @@ 536 0 obj<</D[843 0 R/XYZ null 673 null]>>endobj 537 0 obj<</D[843 0 R/XYZ null 483 null]>>endobj 538 0 obj<</D[843 0 R/XYZ null 332 null]>>endobj -539 0 obj<</D[843 0 R/XYZ null 181 null]>>endobj -540 0 obj<</D[846 0 R/XYZ null 541 null]>>endobj -541 0 obj<</D[846 0 R/XYZ null 258 null]>>endobj -542 0 obj<</D[849 0 R/XYZ null 753 null]>>endobj -543 0 obj<</D[849 0 R/XYZ null 552 null]>>endobj +539 0 obj<</D[843 0 R/XYZ null 221 null]>>endobj +540 0 obj<</D[846 0 R/XYZ null 581 null]>>endobj +541 0 obj<</D[846 0 R/XYZ null 298 null]>>endobj +542 0 obj<</D[846 0 R/XYZ null 132 null]>>endobj +543 0 obj<</D[849 0 R/XYZ null 619 null]>>endobj 544 0 obj<</D[654 0 R/XYZ null 768 null]>>endobj -545 0 obj<</D[849 0 R/XYZ null 213 null]>>endobj -546 0 obj<</D[654 0 R/XYZ null 683 null]>>endobj -547 0 obj<</D[852 0 R/XYZ null 626 null]>>endobj -548 0 obj<</D[852 0 R/XYZ null 465 null]>>endobj -549 0 obj<</D[855 0 R/XYZ null 404 null]>>endobj -550 0 obj<</D[858 0 R/XYZ null 452 null]>>endobj -551 0 obj<</D[861 0 R/XYZ null 278 null]>>endobj -552 0 obj<</D[864 0 R/XYZ null 726 null]>>endobj -553 0 obj<</D[657 0 R/XYZ null 706 null]>>endobj -554 0 obj<</D[867 0 R/XYZ null 730 null]>>endobj +545 0 obj<</D[849 0 R/XYZ null 279 null]>>endobj +546 0 obj<</D[852 0 R/XYZ null 691 null]>>endobj +547 0 obj<</D[654 0 R/XYZ null 683 null]>>endobj +548 0 obj<</D[852 0 R/XYZ null 530 null]>>endobj +549 0 obj<</D[855 0 R/XYZ null 467 null]>>endobj +550 0 obj<</D[858 0 R/XYZ null 511 null]>>endobj +551 0 obj<</D[861 0 R/XYZ null 355 null]>>endobj +552 0 obj<</D[864 0 R/XYZ null 768 null]>>endobj +553 0 obj<</D[867 0 R/XYZ null 730 null]>>endobj +554 0 obj<</D[657 0 R/XYZ null 706 null]>>endobj 555 0 obj<</D[867 0 R/XYZ null 700 null]>>endobj 556 0 obj<</D[867 0 R/XYZ null 348 null]>>endobj 557 0 obj<</D[870 0 R/XYZ null 768 null]>>endobj @@ -1794,16 +1794,18 @@ endobj endobj 816 0 obj<</Type/Page/Parent 635 0 R/Contents 817 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 247 0 R>>endobj 817 0 obj<</Length 818 0 R/Filter/FlateDecode>>stream -xXMsWte*(7qڝtHHBL\F>Bd;1E -W5=ѢCx>2d -('WgRX9N{U{bI!,bMpad5h5sޙ!V$ -"Xua~[TT/@%q4P|Y";Q^+HO S=BB.24kcb`4Đ(0]w6HX/gr 'Vϐҫ!EBȋ -Y+]tҘ7!XQ -F~{zl5BR:k892}CЗFmX -;QkTjPY +xXMsWte*)7qڝtHPBL\F>Bd;1E ++#SuMl<.6>QZSkjmӇq*5-%LeҦFmSh0 wsQcD8Qw8f'ɖZX֣rUȈ[p0:ѸF-ǁvkh#J6ʐ3:Kuʺ*6yQ"ׁ
UТz@JmImP.̙IaPj
Bᔴc)c#sB9. +gg,vڈOiuhrE<EsZ&7
˷SAόIs_jY9Mzzh4_~i,.2QGl˝?X>}H;TMa +Fڝ"Kx:/{X
UOdsہ}eU6T2Ju9=f1KGM(xq;siWHᮤJqg%G7'TSOP\m(ֈ)`mUnmdIwY*eѳhulکt5'G1qMB vpe)8K䮐If&Z~5):ƛ-Łj_I;Yy[0%j0 h=HgYNqZ{ӄ{e/V_N)-6zV"U>鶖?m=sDc7B,uEڢX<'ƙrˏ"|??Q-KE
{5[S F&p
`9Js1788W;n1C2o]?p28ҏ$G)ge~h,=tГ7ӛ6`õ?w5icUVؘÃyr{leof +佰0j7b"{`-p,5 +%W͎)A -7.L,GN6;ZjחDA=nP=w +_Rh$OCT?Wd'ȫ.@w)^sJ~wTHH߅ނ}#]@k{210Đ(0]w6HX2/g2 'ϐ1EnBȋ +iL$f!%MzW8wDld]Guk<GӬLq# "kfXuvX.dQBYuŸoJףx}y$܉bkw.VD)ЩYU5a#C~ "#,ӡw+WAJwB
ȋ
Ԡ x3!t9 a``H9#?HrUK@5Vgj32,Ӿ=qvP==D<Mp}HzLq?A~ET\'pw>@,J)EX+]tҘ7!XdA +~{z4BR:?2]CЗ9S6. endobj 818 0 obj -2085 +2086 endobj 819 0 obj<</Type/Page/Parent 635 0 R/Contents 820 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 256 0 R>>endobj 820 0 obj<</Length 821 0 R/Filter/FlateDecode>>stream @@ -1928,98 +1930,95 @@ endobj endobj 846 0 obj<</Type/Page/Parent 635 0 R/Contents 847 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 283 0 R>>endobj 847 0 obj<</Length 848 0 R/Filter/FlateDecode>>stream -xWr6}W[dْuⶹ4V&}L"! 6 0 -չ$w*W5V&UqҵNHٌ'C:]$c2p>>9{5N*T'XWYf -&mp~cpt<}3vabVawJ*BZgH.tw9>kPm4H
4ZPY8A7oQao>#8+>\oIxe۾c9ЃF1Ke_@+ep0O@_$̦}bYvMId::hL_;nw$1>}\|o+Ȩ{-bdn\Jb* - -,Qx`3XeA(9j!"{c)\^4X3sXW-(\ġuU{lL۷" *w`Tkj#Oqo6a3娽m>`zTi)P-ͭlTԞôdwrLleX4Dfԉ3GGz,G -$ -ѫZ\6/jJ,Du_Np!e:s2R 8^1q` RVm8f!踟wx2:J= EqHo]5 Zl4;g/!4%毜+xh|gܣ=u.;:8+<bJtXRupOl`?5 -[0xMXӠTAn$;d7U1s+c'2
}`1}^^yWHS5PeE`V%gE㋑%nּʍ8e2e(#noBY<~69Wtre:d;?O endstream +xWr6}W웕(ْMⶹ4Q&}L"! 6 ( +M\WڗjڭUEBp*W5L*,ek=9+w_Ot>')8kМ'Ki*<7vdo8h58t0pD?#UZs$H;w~_|`ʿwt\Er`@l s{tV{S/vSgŧ;@y]譲5Q\U52vgo6QaDbgJ"$̯Іq2l(e4D]ή'< ~:l2W_'p(J.2^Kz?)\=8Y )oQi4mۋHpD0uU)7˥|/PdkZ++Mn72q^ iCJsװ8<\*_S@nѽhDjC\앤{p,1ynF~ۥY9 +jԨebEyg Xk^Ŝシ 1ch%v,MB,0bO,P:
5v(6r'!6j.DUڏ
NI$*<*foԾ+=s__d98˄>IJekduFlnA&J +'ЏZo@ʹyTv? //KlsmeT%X +焱v?clPhŞ0wz`p/PkjA2[8dc>1@HUvZTQM|{1# ,G=nKNMjin-eE'+&cb|4(:|``- +ItmF<ztb~dLZ,@,5n@a m?8PS`!r-I)\ݎ=ss +y?u{".uȼY@7JWΰZٕqioXMcg!ڣ+$ejO[?=T>?8 P7XX3MQ h<}.חɈ!X˫-c9le3hԐ}|0i*@2Q<й27jS"hs,؈v~qdM
U]( +EA$BQ`8UX5 ^j;.4dցN#HkNea0XfI̤8 +)
E(k/ PX:MY88'/PZbbcIz qx=k^t+.2N=+pOS}L+a
endstream endobj 848 0 obj -1766 +1782 endobj 849 0 obj<</Type/Page/Parent 635 0 R/Contents 850 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F6 9 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 286 0 R>>endobj 850 0 obj<</Length 851 0 R/Filter/FlateDecode>>stream -xXMs6WH(˖3=t4i3nN.$$!& w iuzdK&>w=毳Xj!WgogDzJ̣֙|.t'}[N9I.PMeQ~W,e]u:͓b6"Gۈ4Δ[Qw8\Irzl."Z oOZj+('ĵl -}ة6?p0pAztjSFfhIvGq;|*Fpaq+|Tۃ!}}{#*+LɬUm+t~[#_&UM -N;y}͔OZN6G6n$24W$hM$ҙA;)ܢ!Ewz٠3*MmS}P!3XzUԖ+/=WvM4V#)+v)ig%2aM85A)0ʯ -Y -oԢ,/WՉqt-"jLN EP&m<,r-%-7f۠ -[P fIIBKї:Q4ͻOq-tx>9{qt$*}fϊLuUegG 䰂l -#9Hl~'hRf$TGt{(ݷeoz}05Tuw*ȋz4E2S0'PΔ:}]<ҫ:B.}qɱ`5g8I]E@Us
@?&2nG'桇#`+58~uDM1!/VH~<JAg[g`)}W WPh!xŔ6^OjQ7DYSL0%?_~;\sLB(k}!S%!#
:іYF,xzqŃ?Qmc*`vrtloXS -JYi!LӃJbQQavBjWnJUUAeTY\){h)T'1_E*SM]Ka7 <Z-gExkM(!YnCYt49r~ҹsGQ^Q,<C{ZD;ҡ`5v pQ#HI#0Zy4Hn6dO9%Nfmʒn|j
0i.T鲛H7)_:D
9 ߸Dxuh(@z<~"2n,G)txu2X2SUb{+P
vv&݉kX|Dǣys of_c]!VIƖ{aRDr0mO1Ci+9Ux' +xXMs6WHH˒==t4i3n/$$"JVƹt2%xxvY(seRRP>Z^d<N&AlVy*Ɍv%ݮ*u:y+/KE`kl7ooD)mjT5Ϩu~tKDXY6&QB'+>L}sAij{'9#Rm$ +ehumތ$ʭ:WzbNOf'$ڲҳ.%}OCVٍ5V).p0iNT[- sb37rZQ1.tp~%Oa*S1Y25ʨ5
2wAivM]t*ƇfvS5ذ3ՈU&`9?ontLV.BW#źi +Zy._~?Ep-sY!e[._s|
{:UJsFHTKQ`z\>^H^8;^,d/8q]lP.ν3|*cȃĒl7 +n8DvulR@8>x}M<Nvyݺ6M h6XV7F2g\r}zQ<ӃV:yJ?bxh0tܕVAVU6ct?5 +"~Q6%nMN2s.PwEmر: g=wak33aqm
w4$Г1iGL䮞_š+*
)1`OZ>k +鄫.DylpAX5nXr,q8Մ~S 'yy ^.GG6B˻f
0a!v2SkҘYL_(%Z)?;][pU3
+7ZK"t#¾;aU^$ޝ<0.UۅGf~lKb +E__Aendstream endobj 851 0 obj -1951 +1989 endobj -852 0 obj<</Type/Page/Parent 635 0 R/Contents 853 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 291 0 R>>endobj +852 0 obj<</Type/Page/Parent 635 0 R/Contents 853 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 299 0 R>>endobj 853 0 obj<</Length 854 0 R/Filter/FlateDecode>>stream -xW]o6}ϯ@ꢱlɎۀv]>-@IF=Rk`?~璢,iv)Z&yy?9ꯋ2ق4Za6xRcZj-H*k<lrXgWwn?pZ(hBmZuNvt.&78YDs;9(]g]x,l66{aJm)A,U@n(|,JZfZa˝sUoV6[iHw[ڊ>(@iJ*Z%mC5)qr#4Z7Obg V|$Fs'gn}ƼK+qRjT]Ld[MW8MB%{lQ#7:ơjۈ6ƠYx -1
KPhD*rU'CףZ>FGP9o8)p!i:P-e.&.h*\rpjoD؍#F-7E7N4לE^(t'Q(pXݚLNvG+t +o|ݢAANsRJu2$un5s3^~s|wzIg @ԳD6YG\9QRk
*#5+탲P]r}=-Zߣl #^sR_AN\Xz吺~ۭ~?~ѥC=3|lcin" ,PPNgU +[]@4EB4FBs,R@-?6!7Bn+ck)mT!X2t7b0s]?eu=#X僕[/cĢNB04~QY:
oqיlbqj -} -x>q_"d]i&7 +xWnF}W(EA[ i"IZouQȕĄ\Ҏ~|rI!`H̙9s"_D˘J7_g`Q18cZ`A-Nh:-MVbrZpTpPNeyBdTS?{x^Fn|TSĔ[܊8
B}ҔZ**d Q^ tRh<=&+oȦ}YJ[<w2fELh/}gn<?z>G7E2 +[ITZUlԱQ@WZST(vRR4.kUglKwsGSV5zk +}pέm-IЦTTNIISMI)٦RUm VHLh"\s//ZOa|zQ@
gYgF>}P{y#AN|ڱ3s~ZRv^Jp:T,o,2 ƬCebIsϞ5ND +1 vL#fП d#QxԶj6,umd]PwPH|8.\]e~۽JpFqGhX7KTPvg'WW/nuE3#f%
[GXSP9ÈKɁREmE\Uy[umPCnSRE#.)sE\hk4V`ʆw4}Yև=0]K
r\:粽lX +/f:|tch5XvΤC!")`omRe*RD;Msɽ_0~[wᑲ9yO2VcQ +f۶Qfe7tnkoK_lT7Yp~Ŕ{ ~zlr#trs7(SHzO_>?we^}/@}K$2Hޯ1ȟS^ȸ١$H/ű85YV㘏e8od5A͌U+GA@9_¿CCww.1#xJGU\'#S:BU?N?Ϛ%tExuȹG1'3є闏S枔KL |]]s~G$:2HD%|ێAkmyA=҇Fzl9CٔK&Тeendstream endobj 854 0 obj -1516 +1521 endobj -855 0 obj<</Type/Page/Parent 635 0 R/Contents 856 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 304 0 R>>endobj +855 0 obj<</Type/Page/Parent 635 0 R/Contents 856 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>/Annots 304 0 R>>endobj 856 0 obj<</Length 857 0 R/Filter/FlateDecode>>stream -xVێ6}߯&k[(6lri /y%FZ@?gHɷx
w![ə9g|)_LcJ׳7bhN'9b$-4UoܼM{T=\b"5lnrFtE%S,,F4K;kUUQlGtn2npRj+i2K&PJZ]WOL!!G# -SnJț#<P@50T\-X6tI纨jv9&W5~0-2-G4e tlXd}< -3EQF~-HkARS+F[CT|#n>e ~:+K]!_4|Y c GERT29
Lv6x JFQnYoiqIl%TŢ!#1qrA9kxC9ϼ#B/H2EC9$sۧ[gڷ1?^^ҝ۶ض`?PRF1־z4;P3ym26{o +xVkoF_MXA$Jԃ
ہ$NkA|9'6cRwdE6q@ziܧADq~~zr5= zx'c< ZS#D0k #e} BGg4#ѧ4n{Mt%iH2RPdd2[Kن +)P:'Z +2+%ҘooN|M!gǓ>O9!'2clvH?1'le^fJZ\&xW.*le}O$!$c"b" +-KL.!AB~FlJ~tMnbug˼sg2&^8:Bi +JJ)Uag,U%4edjļI:МθǼ=!\,:Q@wVhKUJ)D\NVKyL+YJd٦ +֢N*I<p8D3NK7DeJ6pX59]TM%5*iVq2&e]Ia&Yڦ|jc)36Z~hV?YFnNsZlPТPiRF6ST=F@WE +PGHZ
ɳiNydhŤ%S1Q&'볬iiyЃF띻Oj`ޤ1RoiW18ܠHLbrCX5Z}sU,lSYmH2DC~hZ{6YH˿Nz٦W/=j`qǭN4MZn|"*l7G?؎p:Q>ġp| +d'tϗlʰkK[kBqSTtF#ÎN]/c, +Dp"&!20K#[hܗ\*hYN_G}Ѓkh:zxk-|
qStzGՃ-]u#xU'ES͋ʱ5!7q<88ne endstream endobj 857 0 obj -1317 +1268 endobj -858 0 obj<</Type/Page/Parent 635 0 R/Contents 859 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F2 5 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj +858 0 obj<</Type/Page/Parent 635 0 R/Contents 859 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F1 4 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj 859 0 obj<</Length 860 0 R/Filter/FlateDecode>>stream -xWmoFίt@9TStMHUba/.]^{gwmUZL3;/<3yjo -+ Pp2|LD+ÏK峜D
R7A$7#U}sp b-2t@'
#1VX։#JRYb)Ll
xTHa# - ٜOuu6\fW5K̙It]˼`:}.v$LŨC.))2
H,S55].*K%wCBA֖i"t;8v
[XzS.*Z^34|T*]PH'eͺ#^2s˔r,8҅g4Qb텹3f<j!H| @bʌtɶcMӄr-98qXKI6sƟvq_G˖]IBd}*()
Z6GaVr -c +xVmo6_qHbɒ;)PŖ-چaY#6T<c)َke@tGssc'0 a8F3`P20hBb0GW\?ze:<>FO9Fuz +_ ~ endobj 860 0 obj -1218 +1172 endobj 861 0 obj<</Type/Page/Parent 635 0 R/Contents 862 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj 862 0 obj<</Length 863 0 R/Filter/FlateDecode>>stream -xWioF_1pD$R-)ihs4ZUQȥVovIL~HQ=xـdH1%ٳًY?Nia
Gј|)YIj|
8 -[0]x}Rep<Nh>͒l)+!eNJe4-#AVѩw$uiTr˪l4JN{H\)ƬQV=}<_;Pox@gi;KO7@Ao?92Yi8Ju7wQ=SW*$Ezo~|r>pb+_[oHJ@ϊ ~^D~P,O`yO4VFقzƹIVnbDa} --JaKYuݸ.4T8:uÔ -Y^QTyJIb
Akx($D
%/')Tb+y]7&ȩDl"nW y
/dm4
Hm0Q4{3uWZMgɻ6r9<X{IH%L -v'X# f|E3MddnԡTY\l |@u< -g)7?jD=2k -N]]'tckn;ĬUG9#V-?
歓IeU+[Ɩ\ʢx|!8W1t:pb51nlڷA_eyac[ٔLR;FtKA\s5B'+
?Ti;J$Tz9$}=&#x`8rQYM?^%Fhdm%Pbric7.7;kO@k hi9'|% -EYF|\jW "
Lj?BJ?WfG놧f8ϣ%n~DFڵP
5NɕJ`I*idlrxR.>jpnps:7UuiJ49d
n^?w|WsTzxo2]i~O>~'̖tjr5S觳 +xWko6_qؒďtm`caXX$:w.IɲgluIDCG4df;|h\l-iCxE45&Q0ۛG{)S@zH/hD5O!ueb2"9= Bvϗ^y/:o.O?}zdҠg_VUY%jlIF4%o/+w[Z,"9Vyf@ރQ/Y9+s,)|:TM0;O ZF]29h1nSmJK*Wܫi{j*!Q$ݍm[)2W!)6*-ʾMͬT%$RQBة8ߺsWBXKM\2_`keJ^O][a*?`VW1ҩE"G{.cE88ezW'n3VXIH$u(0HZhP[<ҥ +Yb`gXDtmV=Ɂoa4Zl^8:t + Ӻwoѱthqo=C~BAHNJ:(RW1Kߜ;@,[#Ѫ&Cj^Cs'=oҵJZ{Ύ%rhj5?Lkwzh2Q0r}+_ިa+wMt:I߀h;%_E+<
}!{_Pc]뗓mqendstream endobj 863 0 obj -1422 +1385 endobj 864 0 obj<</Type/Page/Parent 635 0 R/Contents 865 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F5 8 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>>>endobj 865 0 obj<</Length 866 0 R/Filter/FlateDecode>>stream -xW[o6~ϯ8<Xn=(hHJRqbq]0R׳)M7ՌK˳6ghf1dh^trVR'x3'ZFr&~iس\/=8nX -K $ayBx$H6_7NՋ)]̖ -3L%|.-Q.$)ԢDY{cJq8ޢĔBia$@8PJ40'ԞH{N8!΅dܔ8АeU5C2=@[MDabi+I -@tւi.CGF㨎(+m]|cex
Uw`v,}<D%c0vR\h# -uϤ*cϩXp qc'*pD> - -lV|H?υgcؙ־Nw'2WAp`h<ăbq -9dJ߈%7\l59RrnB[G?.#+ -{އ987eًsbϻ!x[+gGP/, -pIy # nyA.W՚"s;9k)ZꝔ4X+NX,heoQGz受;OzI9lc2X)lX[WxtޚF&'c߁}ͻ<̮ː=apĽ]n?A +xX]o6}ϯIlg@vExDIl$R%;lq){8̗)M3Ō'oV'N&rI7[ÄΗ~\}:Jfd%xxBeK紘ϰð74V9ϗZea}Bttk,!'J#ohc54V)u*3!|)-Q)%)GLYzcq8Bija|29Ye#QY)椓ړ?ҞNHK-MzyY7X3$Z=`_hr&!ZLд$SU4<U-( \NR툊ʬaa؎g+ǀ6'#fҧFI6c)W6XKU
k)xvB4rV +5ZBκQlł퉒-<[Kp߈XV?'g\^QiYWqwC< +xK?_N2$r;mԣ#qCVedrZ0]Eiו<n|}Crl
hzv;hM{XdF⋄~F/]XԎEN ^#dx]vQne͇Oa +< C6Cw`c0]a/!<{A,{|Jy +"nf7aaî<*79j" endobj 866 0 obj -1592 +1577 endobj 867 0 obj<</Type/Page/Parent 635 0 R/Contents 868 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F4 7 0 R/F8 10 0 R/F9 11 0 R>>>>>>endobj 868 0 obj<</Length 869 0 R/Filter/FlateDecode>>stream -xmRю0|+1 -cJ}H6Tc6IﻆHN'@;3; _)=Uǯ9U>U$N\Xr*+7i8h/ksqUYC}"BQq|]rc L iL\1i\x6Zc +xmRn0+ +~J4+Րcvf~FY=IBȋ@+o2or<X#5W(˹j 6(>и@蝍]_B{;1Zpt!vx +uKqh:QW:qx}ͬ<a`ɀG+!\/gr}x+|8*z endobj 869 0 obj -445 +399 endobj 870 0 obj<</Type/Page/Parent 635 0 R/Contents 871 0 R/Resources<</ProcSet[/PDF/Text]/Font<</F0 3 0 R/F4 7 0 R/F8 10 0 R/F9 11 0 R/Fc 12 0 R>>>>/Annots 313 0 R>>endobj 871 0 obj<</Length 872 0 R/Filter/FlateDecode>>stream @@ -2307,11 +2306,11 @@ endobj 1016 0 obj<</Parent 1007 0 R/Title(11.4.4. User and Group ID Allocation)/Dest[846 0 R/XYZ null 669 null]/Prev 1015 0 R/Next 1017 0 R>>endobj 1017 0 obj<</Parent 1007 0 R/Title(11.4.5. Result Caching)/Dest[846 0 R/XYZ null 479 null]/Prev 1016 0 R/Next 1018 0 R>>endobj 1018 0 obj<</Parent 1007 0 R/Title(11.5. Installation and Configuration)/Dest[846 0 R/XYZ null 328 null]/Prev 1017 0 R/Next 1019 0 R>>endobj -1019 0 obj<</Parent 1007 0 R/Title(11.5.1. Introduction)/Dest[846 0 R/XYZ null 177 null]/Prev 1018 0 R/Next 1020 0 R>>endobj -1020 0 obj<</Parent 1007 0 R/Title(11.5.2. Requirements)/Dest[849 0 R/XYZ null 537 null]/Prev 1019 0 R/Next 1021 0 R>>endobj -1021 0 obj<</Parent 1007 0 R/Title(11.5.3. Testing Things Out)/Dest[849 0 R/XYZ null 254 null]/Prev 1020 0 R/Next 1022 0 R>>endobj -1022 0 obj<</Parent 1007 0 R/Title(11.6. Limitations)/Dest[864 0 R/XYZ null 274 null]/Prev 1021 0 R/Next 1023 0 R>>endobj -1023 0 obj<</Parent 1007 0 R/Title(11.7. Conclusion)/Dest[867 0 R/XYZ null 722 null]/Prev 1022 0 R>>endobj +1019 0 obj<</Parent 1007 0 R/Title(11.5.1. Introduction)/Dest[846 0 R/XYZ null 217 null]/Prev 1018 0 R/Next 1020 0 R>>endobj +1020 0 obj<</Parent 1007 0 R/Title(11.5.2. Requirements)/Dest[849 0 R/XYZ null 577 null]/Prev 1019 0 R/Next 1021 0 R>>endobj +1021 0 obj<</Parent 1007 0 R/Title(11.5.3. Testing Things Out)/Dest[849 0 R/XYZ null 294 null]/Prev 1020 0 R/Next 1022 0 R>>endobj +1022 0 obj<</Parent 1007 0 R/Title(11.6. Limitations)/Dest[864 0 R/XYZ null 351 null]/Prev 1021 0 R/Next 1023 0 R>>endobj +1023 0 obj<</Parent 1007 0 R/Title(11.7. Conclusion)/Dest[867 0 R/XYZ null 750 null]/Prev 1022 0 R>>endobj 1024 0 obj<</Parent 894 0 R/Count -5/First 1025 0 R/Last 1029 0 R/Title(Chapter 12. OS2 Client HOWTO)/Dest[870 0 R/XYZ null 750 null]/Prev 1007 0 R/Next 1030 0 R>>endobj 1025 0 obj<</Parent 1024 0 R/Title(12.1. FAQs)/Dest[870 0 R/XYZ null 726 null]/Next 1026 0 R>>endobj 1026 0 obj<</Parent 1024 0 R/Title(12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?)/Dest[870 0 R/XYZ null 696 null]/Prev 1025 0 R/Next 1027 0 R>>endobj @@ -2618,754 +2617,754 @@ xref 0000020690 00000 n 0000020777 00000 n 0000020826 00000 n -0000020911 00000 n -0000020945 00000 n -0000020988 00000 n -0000021075 00000 n -0000021118 00000 n -0000021205 00000 n -0000021254 00000 n -0000021341 00000 n -0000021390 00000 n -0000021477 00000 n -0000021525 00000 n -0000021612 00000 n -0000021658 00000 n -0000021745 00000 n -0000021811 00000 n -0000021890 00000 n -0000021977 00000 n -0000022059 00000 n -0000022145 00000 n -0000022220 00000 n -0000022307 00000 n -0000022380 00000 n -0000022467 00000 n -0000022517 00000 n -0000022595 00000 n -0000022682 00000 n -0000022708 00000 n -0000022771 00000 n -0000022858 00000 n -0000022921 00000 n -0000023008 00000 n -0000023062 00000 n -0000023149 00000 n -0000023191 00000 n -0000023232 00000 n -0000023319 00000 n -0000023345 00000 n -0000023450 00000 n -0000023556 00000 n -0000023662 00000 n -0000023768 00000 n -0000023874 00000 n -0000023980 00000 n -0000024086 00000 n -0000024192 00000 n -0000024298 00000 n -0000024404 00000 n -0000024510 00000 n -0000024616 00000 n -0000024722 00000 n -0000024828 00000 n -0000024934 00000 n -0000025040 00000 n -0000025146 00000 n -0000025252 00000 n -0000025358 00000 n -0000025464 00000 n -0000025569 00000 n -0000025675 00000 n -0000025781 00000 n -0000025887 00000 n -0000025993 00000 n -0000026099 00000 n -0000026205 00000 n -0000026311 00000 n -0000026417 00000 n -0000026523 00000 n -0000026629 00000 n -0000026735 00000 n -0000026841 00000 n -0000026947 00000 n -0000027053 00000 n -0000027159 00000 n -0000027265 00000 n -0000027371 00000 n -0000027477 00000 n -0000027582 00000 n -0000027688 00000 n -0000027794 00000 n -0000027900 00000 n -0000028003 00000 n -0000028107 00000 n -0000028485 00000 n -0000028591 00000 n -0000028696 00000 n -0000028802 00000 n -0000028908 00000 n -0000029014 00000 n -0000029120 00000 n -0000029226 00000 n -0000029332 00000 n -0000029438 00000 n -0000029544 00000 n -0000029650 00000 n -0000029755 00000 n -0000029861 00000 n -0000029967 00000 n -0000030073 00000 n -0000030179 00000 n -0000030285 00000 n -0000030391 00000 n -0000030497 00000 n -0000030603 00000 n -0000030709 00000 n -0000030815 00000 n -0000030921 00000 n -0000031027 00000 n -0000031133 00000 n -0000031238 00000 n -0000031344 00000 n -0000031450 00000 n -0000031556 00000 n -0000031661 00000 n -0000031767 00000 n -0000031873 00000 n -0000031979 00000 n -0000032085 00000 n -0000032191 00000 n -0000032297 00000 n -0000032403 00000 n -0000032509 00000 n -0000032615 00000 n -0000032721 00000 n -0000032827 00000 n -0000032932 00000 n -0000033036 00000 n -0000033140 00000 n -0000033510 00000 n -0000033615 00000 n -0000033721 00000 n -0000033827 00000 n -0000033933 00000 n -0000034039 00000 n -0000034145 00000 n -0000034251 00000 n -0000034357 00000 n -0000034463 00000 n -0000034568 00000 n -0000034674 00000 n -0000034780 00000 n -0000034886 00000 n -0000034992 00000 n -0000035098 00000 n -0000035204 00000 n -0000035310 00000 n -0000035416 00000 n -0000035522 00000 n -0000035628 00000 n -0000035734 00000 n -0000035840 00000 n -0000035945 00000 n -0000036051 00000 n -0000036157 00000 n -0000036263 00000 n -0000036369 00000 n -0000036475 00000 n -0000036581 00000 n -0000036687 00000 n -0000036793 00000 n -0000036899 00000 n -0000037005 00000 n -0000037111 00000 n -0000037217 00000 n -0000037323 00000 n -0000037429 00000 n -0000037535 00000 n -0000037641 00000 n -0000037746 00000 n -0000037852 00000 n -0000037958 00000 n -0000038063 00000 n -0000038167 00000 n -0000038271 00000 n -0000038649 00000 n -0000038754 00000 n -0000038860 00000 n -0000038966 00000 n -0000039072 00000 n -0000039178 00000 n -0000039282 00000 n -0000039348 00000 n -0000039382 00000 n -0000039416 00000 n -0000042029 00000 n -0000042078 00000 n -0000042127 00000 n -0000042176 00000 n -0000042225 00000 n -0000042274 00000 n -0000042323 00000 n -0000042372 00000 n -0000042421 00000 n -0000042470 00000 n -0000042519 00000 n -0000042568 00000 n -0000042617 00000 n -0000042666 00000 n -0000042715 00000 n -0000042764 00000 n -0000042813 00000 n -0000042862 00000 n -0000042911 00000 n -0000042960 00000 n -0000043009 00000 n -0000043058 00000 n -0000043107 00000 n -0000043156 00000 n -0000043205 00000 n -0000043254 00000 n -0000043303 00000 n -0000043352 00000 n -0000043401 00000 n -0000043450 00000 n -0000043499 00000 n -0000043548 00000 n -0000043597 00000 n -0000043646 00000 n -0000043695 00000 n -0000043744 00000 n -0000043793 00000 n -0000043842 00000 n -0000043891 00000 n -0000043940 00000 n -0000043989 00000 n -0000044038 00000 n -0000044087 00000 n -0000044136 00000 n -0000044185 00000 n -0000044234 00000 n -0000044283 00000 n -0000044332 00000 n -0000044381 00000 n -0000044430 00000 n -0000044479 00000 n -0000044528 00000 n -0000044577 00000 n -0000044626 00000 n -0000044675 00000 n -0000044724 00000 n -0000044773 00000 n -0000044822 00000 n -0000044871 00000 n -0000044920 00000 n -0000044969 00000 n -0000045018 00000 n -0000045067 00000 n -0000045116 00000 n -0000045165 00000 n -0000045214 00000 n -0000045263 00000 n -0000045312 00000 n -0000045361 00000 n -0000045410 00000 n -0000045459 00000 n -0000045508 00000 n -0000045557 00000 n -0000045606 00000 n -0000045655 00000 n -0000045704 00000 n -0000045753 00000 n -0000045802 00000 n -0000045851 00000 n -0000045900 00000 n -0000045949 00000 n -0000045998 00000 n -0000046047 00000 n -0000046096 00000 n -0000046145 00000 n -0000046194 00000 n -0000046243 00000 n -0000046292 00000 n -0000046341 00000 n -0000046390 00000 n -0000046439 00000 n -0000046488 00000 n -0000046537 00000 n -0000046586 00000 n -0000046635 00000 n -0000046684 00000 n -0000046733 00000 n -0000046782 00000 n -0000046831 00000 n -0000046880 00000 n -0000046929 00000 n -0000046978 00000 n -0000047027 00000 n -0000047076 00000 n -0000047125 00000 n -0000047174 00000 n -0000047223 00000 n -0000047272 00000 n -0000047321 00000 n -0000047370 00000 n -0000047419 00000 n -0000047468 00000 n -0000047517 00000 n -0000047566 00000 n -0000047615 00000 n -0000047664 00000 n -0000047713 00000 n -0000047762 00000 n -0000047811 00000 n -0000047860 00000 n -0000047909 00000 n -0000047958 00000 n -0000048007 00000 n -0000048056 00000 n -0000048105 00000 n -0000048154 00000 n -0000048203 00000 n -0000048252 00000 n -0000048301 00000 n -0000048350 00000 n -0000048399 00000 n -0000048448 00000 n -0000048497 00000 n -0000048546 00000 n -0000048595 00000 n -0000048644 00000 n -0000048693 00000 n -0000048742 00000 n -0000048791 00000 n -0000048840 00000 n -0000048889 00000 n -0000048938 00000 n -0000048987 00000 n -0000049036 00000 n -0000049085 00000 n -0000049134 00000 n -0000049183 00000 n -0000049232 00000 n -0000049281 00000 n -0000049330 00000 n -0000049379 00000 n -0000049428 00000 n -0000049477 00000 n -0000049526 00000 n -0000049575 00000 n -0000049624 00000 n -0000049673 00000 n -0000049722 00000 n -0000049771 00000 n -0000049820 00000 n -0000049869 00000 n -0000049918 00000 n -0000050675 00000 n -0000050831 00000 n -0000051554 00000 n -0000051575 00000 n -0000051749 00000 n -0000052911 00000 n -0000052933 00000 n -0000053084 00000 n -0000054590 00000 n -0000054612 00000 n -0000054772 00000 n -0000056208 00000 n -0000056230 00000 n -0000056408 00000 n -0000057668 00000 n -0000057690 00000 n -0000057832 00000 n -0000059416 00000 n -0000059438 00000 n -0000059571 00000 n -0000061406 00000 n -0000061428 00000 n -0000061561 00000 n -0000062084 00000 n -0000062105 00000 n -0000062266 00000 n -0000063550 00000 n -0000063572 00000 n -0000063733 00000 n -0000065488 00000 n -0000065510 00000 n -0000065670 00000 n -0000067315 00000 n -0000067337 00000 n -0000067479 00000 n -0000069549 00000 n -0000069571 00000 n -0000069713 00000 n -0000071525 00000 n -0000071547 00000 n -0000071689 00000 n -0000073414 00000 n -0000073436 00000 n -0000073587 00000 n -0000075351 00000 n -0000075373 00000 n -0000075548 00000 n -0000077655 00000 n -0000077677 00000 n -0000077837 00000 n -0000079433 00000 n -0000079455 00000 n -0000079630 00000 n -0000081125 00000 n -0000081147 00000 n -0000081299 00000 n -0000082106 00000 n -0000082127 00000 n -0000082278 00000 n -0000083916 00000 n -0000083938 00000 n -0000084103 00000 n -0000085875 00000 n -0000085897 00000 n -0000086062 00000 n -0000086955 00000 n -0000086976 00000 n -0000087150 00000 n -0000088755 00000 n -0000088777 00000 n -0000088920 00000 n -0000089678 00000 n -0000089699 00000 n -0000089882 00000 n -0000091750 00000 n -0000091772 00000 n -0000091941 00000 n -0000093795 00000 n -0000093817 00000 n -0000093977 00000 n -0000095661 00000 n -0000095683 00000 n -0000095856 00000 n -0000097585 00000 n -0000097607 00000 n -0000097758 00000 n -0000098682 00000 n -0000098703 00000 n -0000098887 00000 n -0000100712 00000 n -0000100734 00000 n -0000100908 00000 n -0000103081 00000 n -0000103103 00000 n -0000103296 00000 n -0000105223 00000 n -0000105245 00000 n -0000105429 00000 n -0000107339 00000 n -0000107361 00000 n -0000107537 00000 n -0000109338 00000 n -0000109360 00000 n -0000109530 00000 n -0000111128 00000 n -0000111150 00000 n -0000111335 00000 n -0000112811 00000 n -0000112833 00000 n -0000113026 00000 n -0000114597 00000 n -0000114619 00000 n -0000114794 00000 n -0000116574 00000 n -0000116596 00000 n -0000116752 00000 n -0000118313 00000 n -0000118335 00000 n -0000118520 00000 n -0000120372 00000 n -0000120394 00000 n -0000120560 00000 n -0000122207 00000 n -0000122229 00000 n -0000122414 00000 n -0000124363 00000 n -0000124385 00000 n -0000124569 00000 n -0000126296 00000 n -0000126318 00000 n -0000126488 00000 n -0000128093 00000 n -0000128115 00000 n -0000128284 00000 n -0000130157 00000 n -0000130179 00000 n -0000130364 00000 n -0000132228 00000 n -0000132250 00000 n -0000132426 00000 n -0000134516 00000 n -0000134538 00000 n -0000134713 00000 n -0000136653 00000 n -0000136675 00000 n -0000136851 00000 n -0000139167 00000 n -0000139189 00000 n -0000139341 00000 n -0000141321 00000 n -0000141343 00000 n -0000141503 00000 n -0000143370 00000 n -0000143392 00000 n -0000143543 00000 n -0000145295 00000 n -0000145317 00000 n -0000145449 00000 n -0000147323 00000 n -0000147345 00000 n -0000147487 00000 n -0000149558 00000 n -0000149580 00000 n -0000149731 00000 n -0000151525 00000 n -0000151547 00000 n -0000151679 00000 n -0000153472 00000 n -0000153494 00000 n -0000153617 00000 n -0000154071 00000 n -0000154092 00000 n -0000154249 00000 n -0000155883 00000 n -0000155905 00000 n -0000156057 00000 n -0000157717 00000 n -0000157739 00000 n -0000157881 00000 n -0000158764 00000 n -0000158785 00000 n -0000158970 00000 n -0000161126 00000 n -0000161148 00000 n -0000161324 00000 n -0000163509 00000 n -0000163531 00000 n -0000163682 00000 n -0000164783 00000 n -0000164805 00000 n -0000164981 00000 n -0000166481 00000 n -0000166503 00000 n -0000166688 00000 n -0000168540 00000 n -0000168562 00000 n -0000168747 00000 n -0000170654 00000 n -0000170676 00000 n -0000170833 00000 n -0000171764 00000 n -0000171785 00000 n -0000171937 00000 n -0000173678 00000 n -0000173700 00000 n -0000173842 00000 n -0000175604 00000 n -0000175626 00000 n -0000175777 00000 n -0000177668 00000 n -0000177690 00000 n -0000177847 00000 n -0000179684 00000 n -0000179706 00000 n -0000179900 00000 n -0000181922 00000 n -0000181944 00000 n -0000182119 00000 n -0000183706 00000 n -0000183728 00000 n -0000183903 00000 n -0000185291 00000 n -0000185313 00000 n -0000185482 00000 n -0000186771 00000 n -0000186793 00000 n -0000186944 00000 n -0000188437 00000 n -0000188459 00000 n -0000188620 00000 n -0000190283 00000 n -0000190305 00000 n -0000190438 00000 n -0000190954 00000 n -0000190975 00000 n -0000191142 00000 n -0000192810 00000 n -0000192832 00000 n -0000192989 00000 n -0000194177 00000 n -0000194199 00000 n -0000194356 00000 n -0000195908 00000 n -0000195930 00000 n -0000196114 00000 n -0000196919 00000 n -0000196940 00000 n -0000197097 00000 n -0000202520 00000 n -0000202542 00000 n -0000202699 00000 n -0000207993 00000 n -0000208015 00000 n -0000208172 00000 n -0000213389 00000 n -0000213411 00000 n -0000213568 00000 n -0000214338 00000 n -0000214359 00000 n -0000214416 00000 n -0000214521 00000 n -0000214699 00000 n -0000214818 00000 n +0000020913 00000 n +0000020956 00000 n +0000021043 00000 n +0000021086 00000 n +0000021172 00000 n +0000021221 00000 n +0000021306 00000 n +0000021355 00000 n +0000021440 00000 n +0000021506 00000 n +0000021554 00000 n +0000021641 00000 n +0000021687 00000 n +0000021774 00000 n +0000021808 00000 n +0000021887 00000 n +0000021974 00000 n +0000022056 00000 n +0000022142 00000 n +0000022217 00000 n +0000022304 00000 n +0000022377 00000 n +0000022464 00000 n +0000022514 00000 n +0000022592 00000 n +0000022679 00000 n +0000022705 00000 n +0000022768 00000 n +0000022855 00000 n +0000022918 00000 n +0000023005 00000 n +0000023059 00000 n +0000023146 00000 n +0000023188 00000 n +0000023229 00000 n +0000023316 00000 n +0000023342 00000 n +0000023447 00000 n +0000023553 00000 n +0000023659 00000 n +0000023765 00000 n +0000023871 00000 n +0000023977 00000 n +0000024083 00000 n +0000024189 00000 n +0000024295 00000 n +0000024401 00000 n +0000024507 00000 n +0000024613 00000 n +0000024719 00000 n +0000024825 00000 n +0000024931 00000 n +0000025037 00000 n +0000025143 00000 n +0000025249 00000 n +0000025355 00000 n +0000025461 00000 n +0000025566 00000 n +0000025672 00000 n +0000025778 00000 n +0000025884 00000 n +0000025990 00000 n +0000026096 00000 n +0000026202 00000 n +0000026308 00000 n +0000026414 00000 n +0000026520 00000 n +0000026626 00000 n +0000026732 00000 n +0000026838 00000 n +0000026944 00000 n +0000027050 00000 n +0000027156 00000 n +0000027262 00000 n +0000027368 00000 n +0000027474 00000 n +0000027579 00000 n +0000027685 00000 n +0000027791 00000 n +0000027897 00000 n +0000028000 00000 n +0000028104 00000 n +0000028482 00000 n +0000028588 00000 n +0000028693 00000 n +0000028799 00000 n +0000028905 00000 n +0000029011 00000 n +0000029117 00000 n +0000029223 00000 n +0000029329 00000 n +0000029435 00000 n +0000029541 00000 n +0000029647 00000 n +0000029752 00000 n +0000029858 00000 n +0000029964 00000 n +0000030070 00000 n +0000030176 00000 n +0000030282 00000 n +0000030388 00000 n +0000030494 00000 n +0000030600 00000 n +0000030706 00000 n +0000030812 00000 n +0000030918 00000 n +0000031024 00000 n +0000031130 00000 n +0000031235 00000 n +0000031341 00000 n +0000031447 00000 n +0000031553 00000 n +0000031658 00000 n +0000031764 00000 n +0000031870 00000 n +0000031976 00000 n +0000032082 00000 n +0000032188 00000 n +0000032294 00000 n +0000032400 00000 n +0000032506 00000 n +0000032612 00000 n +0000032718 00000 n +0000032824 00000 n +0000032929 00000 n +0000033033 00000 n +0000033137 00000 n +0000033507 00000 n +0000033612 00000 n +0000033718 00000 n +0000033824 00000 n +0000033930 00000 n +0000034036 00000 n +0000034142 00000 n +0000034248 00000 n +0000034354 00000 n +0000034460 00000 n +0000034565 00000 n +0000034671 00000 n +0000034777 00000 n +0000034883 00000 n +0000034989 00000 n +0000035095 00000 n +0000035201 00000 n +0000035307 00000 n +0000035413 00000 n +0000035519 00000 n +0000035625 00000 n +0000035731 00000 n +0000035837 00000 n +0000035942 00000 n +0000036048 00000 n +0000036154 00000 n +0000036260 00000 n +0000036366 00000 n +0000036472 00000 n +0000036578 00000 n +0000036684 00000 n +0000036790 00000 n +0000036896 00000 n +0000037002 00000 n +0000037108 00000 n +0000037214 00000 n +0000037320 00000 n +0000037426 00000 n +0000037532 00000 n +0000037638 00000 n +0000037743 00000 n +0000037849 00000 n +0000037955 00000 n +0000038060 00000 n +0000038164 00000 n +0000038268 00000 n +0000038646 00000 n +0000038751 00000 n +0000038857 00000 n +0000038963 00000 n +0000039069 00000 n +0000039175 00000 n +0000039279 00000 n +0000039345 00000 n +0000039379 00000 n +0000039413 00000 n +0000042026 00000 n +0000042075 00000 n +0000042124 00000 n +0000042173 00000 n +0000042222 00000 n +0000042271 00000 n +0000042320 00000 n +0000042369 00000 n +0000042418 00000 n +0000042467 00000 n +0000042516 00000 n +0000042565 00000 n +0000042614 00000 n +0000042663 00000 n +0000042712 00000 n +0000042761 00000 n +0000042810 00000 n +0000042859 00000 n +0000042908 00000 n +0000042957 00000 n +0000043006 00000 n +0000043055 00000 n +0000043104 00000 n +0000043153 00000 n +0000043202 00000 n +0000043251 00000 n +0000043300 00000 n +0000043349 00000 n +0000043398 00000 n +0000043447 00000 n +0000043496 00000 n +0000043545 00000 n +0000043594 00000 n +0000043643 00000 n +0000043692 00000 n +0000043741 00000 n +0000043790 00000 n +0000043839 00000 n +0000043888 00000 n +0000043937 00000 n +0000043986 00000 n +0000044035 00000 n +0000044084 00000 n +0000044133 00000 n +0000044182 00000 n +0000044231 00000 n +0000044280 00000 n +0000044329 00000 n +0000044378 00000 n +0000044427 00000 n +0000044476 00000 n +0000044525 00000 n +0000044574 00000 n +0000044623 00000 n +0000044672 00000 n +0000044721 00000 n +0000044770 00000 n +0000044819 00000 n +0000044868 00000 n +0000044917 00000 n +0000044966 00000 n +0000045015 00000 n +0000045064 00000 n +0000045113 00000 n +0000045162 00000 n +0000045211 00000 n +0000045260 00000 n +0000045309 00000 n +0000045358 00000 n +0000045407 00000 n +0000045456 00000 n +0000045505 00000 n +0000045554 00000 n +0000045603 00000 n +0000045652 00000 n +0000045701 00000 n +0000045750 00000 n +0000045799 00000 n +0000045848 00000 n +0000045897 00000 n +0000045946 00000 n +0000045995 00000 n +0000046044 00000 n +0000046093 00000 n +0000046142 00000 n +0000046191 00000 n +0000046240 00000 n +0000046289 00000 n +0000046338 00000 n +0000046387 00000 n +0000046436 00000 n +0000046485 00000 n +0000046534 00000 n +0000046583 00000 n +0000046632 00000 n +0000046681 00000 n +0000046730 00000 n +0000046779 00000 n +0000046828 00000 n +0000046877 00000 n +0000046926 00000 n +0000046975 00000 n +0000047024 00000 n +0000047073 00000 n +0000047122 00000 n +0000047171 00000 n +0000047220 00000 n +0000047269 00000 n +0000047318 00000 n +0000047367 00000 n +0000047416 00000 n +0000047465 00000 n +0000047514 00000 n +0000047563 00000 n +0000047612 00000 n +0000047661 00000 n +0000047710 00000 n +0000047759 00000 n +0000047808 00000 n +0000047857 00000 n +0000047906 00000 n +0000047955 00000 n +0000048004 00000 n +0000048053 00000 n +0000048102 00000 n +0000048151 00000 n +0000048200 00000 n +0000048249 00000 n +0000048298 00000 n +0000048347 00000 n +0000048396 00000 n +0000048445 00000 n +0000048494 00000 n +0000048543 00000 n +0000048592 00000 n +0000048641 00000 n +0000048690 00000 n +0000048739 00000 n +0000048788 00000 n +0000048837 00000 n +0000048886 00000 n +0000048935 00000 n +0000048984 00000 n +0000049033 00000 n +0000049082 00000 n +0000049131 00000 n +0000049180 00000 n +0000049229 00000 n +0000049278 00000 n +0000049327 00000 n +0000049376 00000 n +0000049425 00000 n +0000049474 00000 n +0000049523 00000 n +0000049572 00000 n +0000049621 00000 n +0000049670 00000 n +0000049719 00000 n +0000049768 00000 n +0000049817 00000 n +0000049866 00000 n +0000049915 00000 n +0000050672 00000 n +0000050828 00000 n +0000051551 00000 n +0000051572 00000 n +0000051746 00000 n +0000052908 00000 n +0000052930 00000 n +0000053081 00000 n +0000054587 00000 n +0000054609 00000 n +0000054769 00000 n +0000056205 00000 n +0000056227 00000 n +0000056405 00000 n +0000057665 00000 n +0000057687 00000 n +0000057829 00000 n +0000059413 00000 n +0000059435 00000 n +0000059568 00000 n +0000061403 00000 n +0000061425 00000 n +0000061558 00000 n +0000062081 00000 n +0000062102 00000 n +0000062263 00000 n +0000063547 00000 n +0000063569 00000 n +0000063730 00000 n +0000065485 00000 n +0000065507 00000 n +0000065667 00000 n +0000067312 00000 n +0000067334 00000 n +0000067476 00000 n +0000069546 00000 n +0000069568 00000 n +0000069710 00000 n +0000071522 00000 n +0000071544 00000 n +0000071686 00000 n +0000073411 00000 n +0000073433 00000 n +0000073584 00000 n +0000075348 00000 n +0000075370 00000 n +0000075545 00000 n +0000077652 00000 n +0000077674 00000 n +0000077834 00000 n +0000079430 00000 n +0000079452 00000 n +0000079627 00000 n +0000081122 00000 n +0000081144 00000 n +0000081296 00000 n +0000082103 00000 n +0000082124 00000 n +0000082275 00000 n +0000083913 00000 n +0000083935 00000 n +0000084100 00000 n +0000085872 00000 n +0000085894 00000 n +0000086059 00000 n +0000086952 00000 n +0000086973 00000 n +0000087147 00000 n +0000088752 00000 n +0000088774 00000 n +0000088917 00000 n +0000089675 00000 n +0000089696 00000 n +0000089879 00000 n +0000091747 00000 n +0000091769 00000 n +0000091938 00000 n +0000093792 00000 n +0000093814 00000 n +0000093974 00000 n +0000095658 00000 n +0000095680 00000 n +0000095853 00000 n +0000097582 00000 n +0000097604 00000 n +0000097755 00000 n +0000098679 00000 n +0000098700 00000 n +0000098884 00000 n +0000100709 00000 n +0000100731 00000 n +0000100905 00000 n +0000103078 00000 n +0000103100 00000 n +0000103293 00000 n +0000105220 00000 n +0000105242 00000 n +0000105426 00000 n +0000107336 00000 n +0000107358 00000 n +0000107534 00000 n +0000109335 00000 n +0000109357 00000 n +0000109527 00000 n +0000111125 00000 n +0000111147 00000 n +0000111332 00000 n +0000112808 00000 n +0000112830 00000 n +0000113023 00000 n +0000114594 00000 n +0000114616 00000 n +0000114791 00000 n +0000116571 00000 n +0000116593 00000 n +0000116749 00000 n +0000118310 00000 n +0000118332 00000 n +0000118517 00000 n +0000120369 00000 n +0000120391 00000 n +0000120557 00000 n +0000122204 00000 n +0000122226 00000 n +0000122411 00000 n +0000124360 00000 n +0000124382 00000 n +0000124566 00000 n +0000126293 00000 n +0000126315 00000 n +0000126485 00000 n +0000128090 00000 n +0000128112 00000 n +0000128281 00000 n +0000130154 00000 n +0000130176 00000 n +0000130361 00000 n +0000132225 00000 n +0000132247 00000 n +0000132423 00000 n +0000134513 00000 n +0000134535 00000 n +0000134710 00000 n +0000136650 00000 n +0000136672 00000 n +0000136848 00000 n +0000139164 00000 n +0000139186 00000 n +0000139338 00000 n +0000141318 00000 n +0000141340 00000 n +0000141500 00000 n +0000143367 00000 n +0000143389 00000 n +0000143540 00000 n +0000145292 00000 n +0000145314 00000 n +0000145446 00000 n +0000147320 00000 n +0000147342 00000 n +0000147484 00000 n +0000149555 00000 n +0000149577 00000 n +0000149728 00000 n +0000151522 00000 n +0000151544 00000 n +0000151676 00000 n +0000153469 00000 n +0000153491 00000 n +0000153614 00000 n +0000154068 00000 n +0000154089 00000 n +0000154246 00000 n +0000155880 00000 n +0000155902 00000 n +0000156054 00000 n +0000157714 00000 n +0000157736 00000 n +0000157878 00000 n +0000158761 00000 n +0000158782 00000 n +0000158967 00000 n +0000161124 00000 n +0000161146 00000 n +0000161322 00000 n +0000163507 00000 n +0000163529 00000 n +0000163680 00000 n +0000164781 00000 n +0000164803 00000 n +0000164979 00000 n +0000166479 00000 n +0000166501 00000 n +0000166686 00000 n +0000168538 00000 n +0000168560 00000 n +0000168745 00000 n +0000170652 00000 n +0000170674 00000 n +0000170831 00000 n +0000171762 00000 n +0000171783 00000 n +0000171935 00000 n +0000173676 00000 n +0000173698 00000 n +0000173840 00000 n +0000175602 00000 n +0000175624 00000 n +0000175775 00000 n +0000177666 00000 n +0000177688 00000 n +0000177845 00000 n +0000179698 00000 n +0000179720 00000 n +0000179914 00000 n +0000181974 00000 n +0000181996 00000 n +0000182171 00000 n +0000183763 00000 n +0000183785 00000 n +0000183969 00000 n +0000185308 00000 n +0000185330 00000 n +0000185490 00000 n +0000186733 00000 n +0000186755 00000 n +0000186906 00000 n +0000188362 00000 n +0000188384 00000 n +0000188545 00000 n +0000190193 00000 n +0000190215 00000 n +0000190348 00000 n +0000190818 00000 n +0000190839 00000 n +0000191006 00000 n +0000192674 00000 n +0000192696 00000 n +0000192853 00000 n +0000194041 00000 n +0000194063 00000 n +0000194220 00000 n +0000195772 00000 n +0000195794 00000 n +0000195978 00000 n +0000196783 00000 n +0000196804 00000 n +0000196961 00000 n +0000202384 00000 n +0000202406 00000 n +0000202563 00000 n +0000207857 00000 n +0000207879 00000 n +0000208036 00000 n +0000213253 00000 n +0000213275 00000 n +0000213432 00000 n +0000214202 00000 n +0000214223 00000 n +0000214280 00000 n +0000214385 00000 n +0000214563 00000 n +0000214682 00000 n +0000214817 00000 n 0000214953 00000 n -0000215089 00000 n -0000215237 00000 n -0000215387 00000 n -0000215527 00000 n -0000215668 00000 n -0000215821 00000 n -0000215983 00000 n -0000216132 00000 n -0000216320 00000 n -0000216453 00000 n -0000216581 00000 n +0000215101 00000 n +0000215251 00000 n +0000215391 00000 n +0000215532 00000 n +0000215685 00000 n +0000215847 00000 n +0000215996 00000 n +0000216184 00000 n +0000216317 00000 n +0000216445 00000 n +0000216563 00000 n 0000216699 00000 n -0000216835 00000 n -0000216977 00000 n -0000217093 00000 n -0000217219 00000 n -0000217335 00000 n -0000217526 00000 n -0000217625 00000 n -0000217773 00000 n -0000217891 00000 n -0000218015 00000 n -0000218137 00000 n -0000218263 00000 n -0000218421 00000 n -0000218551 00000 n -0000218675 00000 n -0000218793 00000 n -0000218911 00000 n -0000219030 00000 n -0000219220 00000 n -0000219406 00000 n -0000219559 00000 n -0000219722 00000 n -0000219873 00000 n -0000219977 00000 n -0000220194 00000 n -0000220300 00000 n -0000220432 00000 n -0000220554 00000 n -0000220759 00000 n -0000220864 00000 n -0000220964 00000 n -0000221168 00000 n -0000221329 00000 n -0000221477 00000 n -0000221605 00000 n -0000221748 00000 n -0000221872 00000 n -0000222001 00000 n -0000222146 00000 n -0000222311 00000 n -0000222463 00000 n -0000222643 00000 n -0000222748 00000 n -0000222867 00000 n -0000222992 00000 n -0000223137 00000 n -0000223279 00000 n -0000223429 00000 n -0000223560 00000 n -0000223686 00000 n -0000223811 00000 n -0000223951 00000 n -0000224078 00000 n -0000224209 00000 n -0000224340 00000 n -0000224518 00000 n +0000216841 00000 n +0000216957 00000 n +0000217083 00000 n +0000217199 00000 n +0000217390 00000 n +0000217489 00000 n +0000217637 00000 n +0000217755 00000 n +0000217879 00000 n +0000218001 00000 n +0000218127 00000 n +0000218285 00000 n +0000218415 00000 n +0000218539 00000 n +0000218657 00000 n +0000218775 00000 n +0000218894 00000 n +0000219084 00000 n +0000219270 00000 n +0000219423 00000 n +0000219586 00000 n +0000219737 00000 n +0000219841 00000 n +0000220058 00000 n +0000220164 00000 n +0000220296 00000 n +0000220418 00000 n +0000220623 00000 n +0000220728 00000 n +0000220828 00000 n +0000221032 00000 n +0000221193 00000 n +0000221341 00000 n +0000221469 00000 n +0000221612 00000 n +0000221736 00000 n +0000221865 00000 n +0000222010 00000 n +0000222175 00000 n +0000222327 00000 n +0000222507 00000 n +0000222612 00000 n +0000222731 00000 n +0000222856 00000 n +0000223001 00000 n +0000223143 00000 n +0000223293 00000 n +0000223424 00000 n +0000223550 00000 n +0000223675 00000 n +0000223815 00000 n +0000223942 00000 n +0000224073 00000 n +0000224204 00000 n +0000224382 00000 n +0000224510 00000 n 0000224646 00000 n -0000224782 00000 n -0000224917 00000 n -0000225123 00000 n -0000225236 00000 n -0000225352 00000 n -0000225497 00000 n -0000225668 00000 n -0000225817 00000 n -0000225972 00000 n -0000226112 00000 n -0000226244 00000 n -0000226378 00000 n -0000226510 00000 n -0000226648 00000 n -0000226798 00000 n -0000226966 00000 n -0000227113 00000 n -0000227337 00000 n -0000227450 00000 n -0000227566 00000 n -0000227722 00000 n -0000227880 00000 n -0000228011 00000 n -0000228157 00000 n -0000228291 00000 n -0000228424 00000 n -0000228645 00000 n -0000228746 00000 n -0000228865 00000 n -0000228994 00000 n -0000229153 00000 n -0000229288 00000 n -0000229421 00000 n -0000229550 00000 n -0000229690 00000 n -0000229825 00000 n -0000229977 00000 n -0000230126 00000 n -0000230231 00000 n -0000230441 00000 n -0000230546 00000 n -0000230669 00000 n -0000230801 00000 n -0000230925 00000 n -0000231053 00000 n -0000231198 00000 n -0000231330 00000 n -0000231475 00000 n -0000231616 00000 n -0000231743 00000 n -0000231884 00000 n -0000232009 00000 n -0000232134 00000 n -0000232265 00000 n -0000232387 00000 n -0000232494 00000 n -0000232664 00000 n -0000232765 00000 n -0000232954 00000 n -0000233148 00000 n -0000233335 00000 n -0000233497 00000 n -0000233689 00000 n -0000233798 00000 n -0000233932 00000 n -0000234062 00000 n -0000234175 00000 n -0000234270 00000 n +0000224781 00000 n +0000224987 00000 n +0000225100 00000 n +0000225216 00000 n +0000225361 00000 n +0000225532 00000 n +0000225681 00000 n +0000225836 00000 n +0000225976 00000 n +0000226108 00000 n +0000226242 00000 n +0000226374 00000 n +0000226512 00000 n +0000226662 00000 n +0000226830 00000 n +0000226977 00000 n +0000227201 00000 n +0000227314 00000 n +0000227430 00000 n +0000227586 00000 n +0000227744 00000 n +0000227875 00000 n +0000228021 00000 n +0000228155 00000 n +0000228288 00000 n +0000228509 00000 n +0000228610 00000 n +0000228729 00000 n +0000228858 00000 n +0000229017 00000 n +0000229152 00000 n +0000229285 00000 n +0000229414 00000 n +0000229554 00000 n +0000229689 00000 n +0000229841 00000 n +0000229990 00000 n +0000230095 00000 n +0000230305 00000 n +0000230410 00000 n +0000230533 00000 n +0000230665 00000 n +0000230789 00000 n +0000230917 00000 n +0000231062 00000 n +0000231194 00000 n +0000231339 00000 n +0000231480 00000 n +0000231607 00000 n +0000231748 00000 n +0000231873 00000 n +0000231998 00000 n +0000232129 00000 n +0000232251 00000 n +0000232358 00000 n +0000232528 00000 n +0000232629 00000 n +0000232818 00000 n +0000233012 00000 n +0000233199 00000 n +0000233361 00000 n +0000233553 00000 n +0000233662 00000 n +0000233796 00000 n +0000233926 00000 n +0000234039 00000 n +0000234134 00000 n trailer -<</Size 1037/Root 1036 0 R/Info 1 0 R/ID[<57917625c1363da5bb6b71712e14ebaf><57917625c1363da5bb6b71712e14ebaf>]>> +<</Size 1037/Root 1036 0 R/Info 1 0 R/ID[<59d643d3d56fb4ff0981d084417582f1><59d643d3d56fb4ff0981d084417582f1>]>> startxref -234485 +234349 %%EOF diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index d5c89064e7..46f36834df 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -177,14 +177,13 @@ <listitem><para>The -l parameter specifies a directory into which the "log.nmbd" log file will be created for operational data from the running - <command>nmbd</command> server. The default log directory is compiled into Samba + <command>nmbd</command> server.</para> + + <para>The default log directory is compiled into Samba as part of the build process. Common defaults are <filename> /usr/local/samba/var/log.nmb</filename>, <filename> /usr/samba/var/log.nmb</filename> or - <filename>/var/log/log.nmb</filename>. <emphasis>Beware:</emphasis> - If the directory specified does not exist, <command>nmbd</command> - will log to the default debug log location defined at compile time. - </para></listitem> + <filename>/var/log/log.nmb</filename>.</para></listitem> </varlistentry> @@ -199,25 +198,25 @@ <filename>smb.conf</filename>.</para></listitem> </varlistentry> - + <varlistentry> <term>-p <UDP port number></term> <listitem><para>UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) - that <command>nmbd</command> responds to name queries on. Don't - use this option unless you are an expert, in which case you + This option changes the default UDP port number (normally 137) + that <command>nmbd</command> responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help!</para></listitem> </varlistentry> - + <varlistentry> <term>-s <configuration file></term> - <listitem><para>The default configuration file name + <listitem><para>The default configuration file name is set at build time, typically as <filename> /usr/local/samba/lib/smb.conf</filename>, but this may be changed when Samba is autoconfigured.</para> - <para>The file specified contains the configuration details - required by the server. See <ulink url="smb.conf.5.html"> + <para>The file specified contains the configuration details + required by the server. See <ulink url="smb.conf.5.html"> <filename>smb.conf(5)</filename></ulink> for more information. </para></listitem> </varlistentry> @@ -230,55 +229,55 @@ <variablelist> <varlistentry> <term><filename>/etc/inetd.conf</filename></term> - <listitem><para>If the server is to be run by the - <command>inetd</command> meta-daemon, this file - must contain suitable startup information for the + <listitem><para>If the server is to be run by the + <command>inetd</command> meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details. </para></listitem> </varlistentry> - + <varlistentry> <term><filename>/etc/rc</filename></term> - <listitem><para>or whatever initialization script your + <listitem><para>or whatever initialization script your system uses).</para> - <para>If running the server as a daemon at startup, - this file will need to contain an appropriate startup + <para>If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> - + <varlistentry> <term><filename>/etc/services</filename></term> - <listitem><para>If running the server via the - meta-daemon <command>inetd</command>, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). + <listitem><para>If running the server via the + meta-daemon <command>inetd</command>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the <ulink url="UNIX_INSTALL.html">UNIX_INSTALL.html</ulink> document for details.</para></listitem> </varlistentry> - + <varlistentry> <term><filename>/usr/local/samba/lib/smb.conf</filename></term> - <listitem><para>This is the default location of the + <listitem><para>This is the default location of the <ulink url="smb.conf.5.html"><filename>smb.conf</filename></ulink> - server configuration file. Other common places that systems - install this file are <filename>/usr/samba/lib/smb.conf</filename> + server configuration file. Other common places that systems + install this file are <filename>/usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf</filename>.</para> - - <para>When run as a WINS server (see the + + <para>When run as a WINS server (see the <ulink url="smb.conf.5.html#WINSSUPPORT">wins support</ulink> parameter in the <filename>smb.conf(5)</filename> man page), <command>nmbd</command> - will store the WINS database in the file <filename>wins.dat</filename> - in the <filename>var/locks</filename> directory configured under + will store the WINS database in the file <filename>wins.dat</filename> + in the <filename>var/locks</filename> directory configured under wherever Samba was configured to install itself.</para> <para>If <command>nmbd</command> is acting as a <emphasis> - browse master</emphasis> (see the <ulink + browse master</emphasis> (see the <ulink url="smb.conf.5.html#LOCALMASTER">local master</ulink> parameter in the <filename>smb.conf(5)</filename> man page, <command>nmbd</command> @@ -293,20 +292,20 @@ <refsect1> <title>SIGNALS</title> - <para>To shut down an <command>nmbd</command> process it is recommended - that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last - resort, as this may leave the name database in an inconsistent state. - The correct way to terminate <command>nmbd</command> is to send it + <para>To shut down an <command>nmbd</command> process it is recommended + that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate <command>nmbd</command> is to send it a SIGTERM (-15) signal and wait for it to die on its own.</para> - <para><command>nmbd</command> will accept SIGHUP, which will cause + <para><command>nmbd</command> will accept SIGHUP, which will cause it to dump out its namelists into the file <filename>namelist.debug - </filename> in the <filename>/usr/local/samba/var/locks</filename> - directory (or the <filename>var/locks</filename> directory configured - under wherever Samba was configured to install itself). This will also + </filename> in the <filename>/usr/local/samba/var/locks</filename> + directory (or the <filename>var/locks</filename> directory configured + under wherever Samba was configured to install itself). This will also cause <command>nmbd</command> to dump out its server database in the <filename>log.nmb</filename> file.</para> - + <para>The debug log level of nmbd may be raised or lowered using <ulink url="smbcontrol.1.html"><command>smbcontrol(1)</command> </ulink> (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml index 3f6023d16f..eeb1fb0d2c 100644 --- a/docs/docbook/manpages/pdbedit.8.sgml +++ b/docs/docbook/manpages/pdbedit.8.sgml @@ -27,9 +27,7 @@ <arg choice="opt">-a</arg> <arg choice="opt">-m</arg> <arg choice="opt">-x</arg> - <arg choice="opt">-i passdb-backend</arg> - <arg choice="opt">-e passdb-backend</arg> - <arg choice="opt">-D debuglevel</arg> + <arg choice="opt">-i file</arg> </cmdsynopsis> </refsynopsisdiv> @@ -235,26 +233,18 @@ <varlistentry> - <term>-i passdb-backend</term> - <listitem><para>Use a different passdb backend to retrieve users than the one specified in smb.conf.</para> + <term>-i file</term> + <listitem><para>This command is used to import a smbpasswd + file into the database.</para> - <para>This option will ease migration from one passdb backend to another. - </para> + <para>This option will ease migration from the plain smbpasswd + file database to more powerful backend databases like tdb and + ldap.</para> - <para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb</command> + <para>Example: <command>pdbedit -i /etc/smbpasswd.old</command> </para> </listitem> </varlistentry> - - <varlistentry> - <term>-e passdb-backend</term> - <listitem><para>Export all currently available users to the specified password database backend.</para> - - <para>This option will ease migration from one passdb backend to another and will ease backupping</para> - - <para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para> - </listitem> - </varlistentry> </variablelist> </refsect1> diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml index f1ba474cfb..9205439b01 100644 --- a/docs/docbook/manpages/rpcclient.1.sgml +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -26,7 +26,6 @@ <arg choice="opt">-U username[%password]</arg> <arg choice="opt">-W workgroup</arg> <arg choice="opt">-N</arg> - <arg choice="opt">-I destinationIP</arg> <arg choice="req">server</arg> </cmdsynopsis> </refsynopsisdiv> @@ -105,23 +104,6 @@ </varlistentry> - <varlistentry> - <term>-I IP-address</term> - <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to. - It should be specified in standard "a.b.c.d" notation. </para> - - <para>Normally the client would attempt to locate a named - SMB/CIFS server by looking it up via the NetBIOS name resolution - mechanism described above in the <parameter>name resolve order</parameter> - parameter above. Using this parameter will force the client - to assume that the server is on the machine with the specified IP - address and the NetBIOS name component of the resource being - connected to will be ignored. </para> - - <para>There is no default for this parameter. If not supplied, - it will be determined automatically by the client as described - above. </para></listitem> - </varlistentry> <varlistentry> diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 641e36f57a..3cea2d51bc 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -41,7 +41,7 @@ <para>Section and parameter names are not case sensitive.</para> <para>Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. + Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -84,7 +84,7 @@ printable services (used by the client to access print services on the host running the server).</para> - <para>Sections may be designated <emphasis>guest</emphasis> services, + <para>Sections may be designated <emphasis>guest</emphasis> services, in which case no password is required to access them. A specified UNIX <emphasis>guest account</emphasis> is used to define access privileges in this case.</para> @@ -213,7 +213,7 @@ the [homes] section will hide the [homes] share but make any auto home directories visible.</para> </refsect2> - + <refsect2> <title id="PRINTERSSECT">The [printers] section</title> @@ -433,7 +433,7 @@ <varlistentry> <term>%d</term> - <listitem><para>The process id of the current server + <listitem><para>The process id of the current server process.</para></listitem> </varlistentry> @@ -519,7 +519,7 @@ <varlistentry> <term>short preserve case = yes/no</term> - <listitem><para>controls if new files which conform to 8.3 syntax, + <listitem><para>controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -542,10 +542,8 @@ steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked.</para> - <para>If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") - then steps 1 to 5 are skipped.</para> - + <para>If the service is marked "guest only = yes" then + steps 1 to 5 are skipped.</para> <orderedlist numeration="Arabic"> <listitem><para>If the client has passed a username/password @@ -598,7 +596,6 @@ <listitem><para><link linkend="ADDSHARECOMMAND"><parameter>add share command</parameter></link></para></listitem> <listitem><para><link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter></link></para></listitem> <listitem><para><link linkend="ADDMACHINESCRIPT"><parameter>add machine script</parameter></link></para></listitem> - <listitem><para><link linkend="ALGORITHMICRIDBASE"><parameter>algorithmic rid base</parameter></link></para></listitem> <listitem><para><link linkend="ALLOWTRUSTEDDOMAINS"><parameter>allow trusted domains</parameter></link></para></listitem> <listitem><para><link linkend="ANNOUNCEAS"><parameter>announce as</parameter></link></para></listitem> <listitem><para><link linkend="ANNOUNCEVERSION"><parameter>announce version</parameter></link></para></listitem> @@ -644,10 +641,10 @@ <listitem><para><link linkend="LDAPADMINDN"><parameter>ldap admin dn</parameter></link></para></listitem> <listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPPORT"><parameter>ldap port</parameter></link></para></listitem> + <listitem><para><link linkend="LDAPSERVER"><parameter>ldap server</parameter></link></para></listitem> <listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem> <listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPUSERSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem> - <listitem><para><link linkend="LDAPMACHINESUFFIX"><parameter>ldap suffix</parameter></link></para></listitem> <listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem> <listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem> @@ -655,9 +652,6 @@ <listitem><para><link linkend="LOCALMASTER"><parameter>local master</parameter></link></para></listitem> <listitem><para><link linkend="LOCKDIR"><parameter>lock dir</parameter></link></para></listitem> <listitem><para><link linkend="LOCKDIRECTORY"><parameter>lock directory</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKSPINCOUNT"><parameter>lock spin count</parameter></link></para></listitem> - <listitem><para><link linkend="LOCKSPINTIME"><parameter>lock spin time</parameter></link></para></listitem> - <listitem><para><link linkend="PIDDIRECTORY"><parameter>pid directory</parameter></link></para></listitem> <listitem><para><link linkend="LOGFILE"><parameter>log file</parameter></link></para></listitem> <listitem><para><link linkend="LOGLEVEL"><parameter>log level</parameter></link></para></listitem> <listitem><para><link linkend="LOGONDRIVE"><parameter>logon drive</parameter></link></para></listitem> @@ -689,7 +683,6 @@ <listitem><para><link linkend="NISHOMEDIR"><parameter>nis homedir</parameter></link></para></listitem> <listitem><para><link linkend="NONUNIXACCOUNTRANGE"><parameter>non unix account range</parameter></link></para></listitem> <listitem><para><link linkend="NTPIPESUPPORT"><parameter>nt pipe support</parameter></link></para></listitem> - <listitem><para><link linkend="NTSTATUSSUPPORT"><parameter>nt status support</parameter></link></para></listitem> <listitem><para><link linkend="NULLPASSWORDS"><parameter>null passwords</parameter></link></para></listitem> <listitem><para><link linkend="OBEYPAMRESTRICTIONS"><parameter>obey pam restrictions</parameter></link></para></listitem> <listitem><para><link linkend="OPLOCKBREAKWAITTIME"><parameter>oplock break wait time</parameter></link></para></listitem> @@ -729,6 +722,24 @@ <listitem><para><link linkend="SOCKETOPTIONS"><parameter>socket options</parameter></link></para></listitem> <listitem><para><link linkend="SOURCEENVIRONMENT"><parameter>source environment</parameter></link></para></listitem> + <listitem><para><link linkend="SSL"><parameter>ssl</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCACERTFILE"><parameter>ssl CA certFile</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCIPHERS"><parameter>ssl ciphers</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCLIENTCERT"><parameter>ssl client cert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCLIENTKEY"><parameter>ssl client key</parameter></link></para></listitem> + <listitem><para><link linkend="SSLCOMPATIBILITY"><parameter>ssl compatibility</parameter></link></para></listitem> + <listitem><para><link linkend="SSLEGDSOCKET"><parameter>ssl egd socket</parameter></link></para></listitem> + <listitem><para><link linkend="SSLENTROPYBYTES"><parameter>ssl entropy bytes</parameter></link></para></listitem> + <listitem><para><link linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link></para></listitem> + <listitem><para><link linkend="SSLHOSTS"><parameter>ssl hosts</parameter></link></para></listitem> + <listitem><para><link linkend="SSLHOSTSRESIGN"><parameter>ssl hosts resign</parameter></link></para></listitem> + <listitem><para><link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require clientcert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLREQUIRESERVERCERT"><parameter>ssl require servercert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLSERVERCERT"><parameter>ssl server cert</parameter></link></para></listitem> + <listitem><para><link linkend="SSLSERVERKEY"><parameter>ssl server key</parameter></link></para></listitem> + <listitem><para><link linkend="SSLVERSION"><parameter>ssl version</parameter></link></para></listitem> + <listitem><para><link linkend="STATCACHE"><parameter>stat cache</parameter></link></para></listitem> <listitem><para><link linkend="STATCACHESIZE"><parameter>stat cache size</parameter></link></para></listitem> <listitem><para><link linkend="STRIPDOT"><parameter>strip dot</parameter></link></para></listitem> @@ -785,8 +796,6 @@ <listitem><para><link linkend="COPY"><parameter>copy</parameter></link></para></listitem> <listitem><para><link linkend="CREATEMASK"><parameter>create mask</parameter></link></para></listitem> <listitem><para><link linkend="CREATEMODE"><parameter>create mode</parameter></link></para></listitem> - <listitem><para><link linkend="CSCPOLICY"><parameter>csc policy</parameter></link></para></listitem> - <listitem><para><link linkend="DEFAULTCASE"><parameter>default case</parameter></link></para></listitem> <listitem><para><link linkend="DEFAULTDEVMODE"><parameter>default devmode</parameter></link></para></listitem> <listitem><para><link linkend="DELETEREADONLY"><parameter>delete readonly</parameter></link></para></listitem> @@ -820,7 +829,6 @@ <listitem><para><link linkend="HOSTSALLOW"><parameter>hosts allow</parameter></link></para></listitem> <listitem><para><link linkend="HOSTSDENY"><parameter>hosts deny</parameter></link></para></listitem> <listitem><para><link linkend="INCLUDE"><parameter>include</parameter></link></para></listitem> - <listitem><para><link linkend="INHERITACLS"><parameter>inherit acls</parameter></link></para></listitem> <listitem><para><link linkend="INHERITPERMISSIONS"><parameter>inherit permissions</parameter></link></para></listitem> <listitem><para><link linkend="INVALIDUSERS"><parameter>invalid users</parameter></link></para></listitem> <listitem><para><link linkend="LEVEL2OPLOCKS"><parameter>level2 oplocks</parameter></link></para></listitem> @@ -873,7 +881,6 @@ <listitem><para><link linkend="ROOTPREEXECCLOSE"><parameter>root preexec close</parameter></link></para></listitem> <listitem><para><link linkend="SECURITYMASK"><parameter>security mask</parameter></link></para></listitem> <listitem><para><link linkend="SETDIRECTORY"><parameter>set directory</parameter></link></para></listitem> - <listitem><para><link linkend="SHAREMODES"><parameter>share modes</parameter></link></para></listitem> <listitem><para><link linkend="SHORTPRESERVECASE"><parameter>short preserve case</parameter></link></para></listitem> <listitem><para><link linkend="STATUS"><parameter>status</parameter></link></para></listitem> <listitem><para><link linkend="STRICTALLOCATE"><parameter>strict allocate</parameter></link></para></listitem> @@ -1129,29 +1136,8 @@ <parameter>hosts allow</parameter></link>.</para></listitem> </varlistentry> - <varlistentry> - <term><anchor id="ALGORITHMICRIDBASE">algorithmic rid base (G)</term> - <listitem><para>This determines how Samba will use its - algorithmic mapping from uids/gid to the RIDs needed to construct - NT Security Identifiers.</para> - - <para>Setting this option to a larger value could be useful to sites - transitioning from WinNT and Win2k, as existing user and - group rids would otherwise clash with sytem users etc. - </para> - <para>All UIDs and GIDs must be able to be resolved into SIDs for - the correct operation of ACLs on the server. As such the algorithmic - mapping can't be 'turned off', but pushing it 'out of the way' should - resolve the issues. Users and groups can then be assigned 'low' RIDs - in arbitary-rid supporting backends. </para> - <para>Default: <command>algorithmic rid base = 1000</command></para> - - <para>Example: <command>algorithmic rid base = 100000</command></para> - </listitem> - </varlistentry> - <varlistentry> <term><anchor id="ALLOWTRUSTEDDOMAINS">allow trusted domains (G)</term> <listitem><para>This option only takes effect when the <link @@ -1584,24 +1570,6 @@ </varlistentry> - <varlistentry> - <term><anchor id="CSCPOLICY">csc policy (S)</term> - <listitem><para>This stands for <emphasis>client-side caching - policy</emphasis>, and specifies how clients capable of offline - caching will cache the files in the share. The valid values - are: manual, documents, programs, disable.</para> - - <para>These values correspond to those used on Windows - servers.</para> - - <para>For example, shares containing roaming profiles can have - offline caching disabled using <command>csc policy = disable - </command>.</para> - - <para>Default: <command>csc policy = manual</command></para> - <para>Example: <command>csc policy = programs</command></para> - </listitem> - </varlistentry> <varlistentry> <term><anchor id="DEADTIME">deadtime (G)</term> @@ -1903,16 +1871,47 @@ <varlistentry> <term><anchor id="DELETEUSERSCRIPT">delete user script (G)</term> <listitem><para>This is the full pathname to a script that will - be run by <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> - when managing user's with remote RPC (NT) tools. - </para> + be run <emphasis>AS ROOT</emphasis> by <ulink url="smbd.8.html"> + <command>smbd(8)</command></ulink> under special circumstances + described below.</para> - <para>This script is called when a remote client removes a user - from the server, normally using 'User Manager for Domains' or - <command>rpcclient</command>. + <para>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <command> + smbd</command> to delete the required UNIX users <emphasis>ON + DEMAND</emphasis> when a user accesses the Samba server and the + Windows NT user no longer exists.</para> + + <para>In order to use this option, <command>smbd</command> must be + set to <parameter>security = domain</parameter> or <parameter>security = + user</parameter> and <parameter>delete user script</parameter> + must be set to a full pathname for a script + that will delete a UNIX user given one argument of <parameter>%u</parameter>, + which expands into the UNIX user name to delete.</para> - <para>This script should delete the given UNIX username. - </para> + <para>When the Windows user attempts to access the Samba server, + at <emphasis>login</emphasis> (session setup in the SMB protocol) + time, <command>smbd</command> contacts the <link linkend="PASSWORDSERVER"> + <parameter>password server</parameter></link> and attempts to authenticate + the given user with the given password. If the authentication fails + with the specific Domain error code meaning that the user no longer + exists then <command>smbd</command> attempts to find a UNIX user in + the UNIX password database that matches the Windows user account. If + this lookup succeeds, and <parameter>delete user script</parameter> is + set then <command>smbd</command> will all the specified script + <emphasis>AS ROOT</emphasis>, expanding any <parameter>%u</parameter> + argument to be the user name to delete.</para> + + <para>This script should delete the given UNIX username. In this way, + UNIX users are dynamically deleted to match existing Windows NT + accounts.</para> + + <para>See also <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>, + <link linkend="PASSWORDSERVER"><parameter>password server</parameter> + </link>, <link linkend="ADDUSERSCRIPT"><parameter>add user script</parameter> + </link>.</para> <para>Default: <command>delete user script = <empty string> </command></para> @@ -3051,24 +3050,6 @@ <varlistentry> - <term><anchor id="INHERITACLS">inherit acls (S)</term> - <listitem><para>This parameter can be used to ensure - that if default acls exist on parent directories, - they are always honored when creating a subdirectory. - The default behavior is to use the mode specified - when creating the directory. Enabling this option - sets the mode to 0777, thus guaranteeing that - default directory acls are propagated. - </para> - - <para>Default: <command>inherit acls = no</command> - </para></listitem> - </varlistentry> - - - - - <varlistentry> <term><anchor id="INHERITPERMISSIONS">inherit permissions (S)</term> <listitem><para>The permissions on new files and directories are normally governed by <link linkend="CREATEMASK"><parameter> @@ -3281,6 +3262,12 @@ <varlistentry> <term><anchor id="LDAPADMINDN">ldap admin dn (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + <para> The <parameter>ldap admin dn</parameter> defines the Distinguished Name (DN) name used by Samba to contact the <link linkend="LDAPSERVER">ldap @@ -3301,6 +3288,12 @@ <varlistentry> <term><anchor id="LDAPFILTER">ldap filter (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + <para> This parameter specifies the RFC 2254 compliant LDAP search filter. The default is to match the login name with the <constant>uid</constant> @@ -3314,28 +3307,26 @@ </varlistentry> + + <varlistentry> - <term><anchor id="LDAPSSL">ldap ssl (G)</term> - <para> - This option is used to define whether or not Samba should - use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap - server</parameter></link>. This is <emphasis>NOT</emphasis> related to - Samba's previous SSL support which was enabled by specifying the - <command>--with-ssl</command> option to the <filename>configure</filename> - script. + <term><anchor id="LDAPPORT">ldap port (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. </para> <para> - The <parameter>ldap ssl</parameter> can be set to one of three values: - (a) <constant>on</constant> - Always use SSL when contacting the - <parameter>ldap server</parameter>, (b) <constant>off</constant> - - Never use SSL when querying the directory, or (c) <constant>start_tls</constant> - - Use the LDAPv3 StartTLS extended operation - (RFC2830) for communicating with the directory server. + This option is used to control the tcp port number used to contact + the <link linkend="LDAPSERVER"><parameter>ldap server</parameter></link>. + The default is to use the stand LDAPS port 636. + </para> + + <para>See Also: <link linkend="LDAPSSL">ldap ssl</link> </para> - - <para>Default : <command>ldap ssl = on</command></para> + <para>Default : <command>ldap port = 636</command></para> </listitem> </varlistentry> @@ -3343,31 +3334,67 @@ <varlistentry> - <term><anchor id="LDAPSUFFIX">ldap suffix (G)</term> - <listitem> - <para>Default : <emphasis>none</emphasis></para> + <term><anchor id="LDAPSERVER">ldap server (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. + </para> + + <para> + This parameter should contains the FQDN of the ldap directory + server which should be queried to locate user account information. + </para> + + + + <para>Default : <command>ldap server = localhost</command></para> </listitem> </varlistentry> + <varlistentry> - <term><anchor id="LDAPUSERSUFFIX">ldap user suffix (G)</term> - <listitem><para>It specifies where users are added to the tree. + <term><anchor id="LDAPSSL">ldap ssl (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. </para> - + <para> + This option is used to define whether or not Samba should + use SSL when connecting to the <link linkend="LDAPSERVER"><parameter>ldap + server</parameter></link>. This is <emphasis>NOT</emphasis> related to + Samba SSL support which is enabled by specifying the + <command>--with-ssl</command> option to the <filename>configure</filename> + script (see <link linkend="SSL"><parameter>ssl</parameter></link>). + </para> - <para>Default : <emphasis>none</emphasis></para> + <para> + The <parameter>ldap ssl</parameter> can be set to one of three values: + (a) <constant>on</constant> - Always use SSL when contacting the + <parameter>ldap server</parameter>, (b) <constant>off</constant> - + Never use SSL when querying the directory, or (c) <constant>start_tls</constant> + - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. + </para> + + + <para>Default : <command>ldap ssl = on</command></para> </listitem> </varlistentry> + <varlistentry> - <term><anchor id="LDAPSUFFIX">ldap machine suffix (G)</term> - <listitem><para>It specifies where machines should be - added to the ldap tree. + <term><anchor id="LDAPSUFFIX">ldap suffix (G)</term> + <listitem><para>This parameter is only available if Samba has been + configure to include the <command>--with-ldapsam</command> option + at compile time. This option should be considered experimental and + under active development. </para> @@ -3530,39 +3557,6 @@ <varlistentry> - <term><anchor id="LOCKSPINCOUNT">lock spin count (G)</term> - <listitem><para>This parameter controls the number of times - that smbd should attempt to gain a byte range lock on the - behalf of a client request. Experiments have shown that - Windows 2k servers do not reply with a failure if the lock - could not be immediately granted, but try a few more times - in case the lock could later be aquired. This behavior - is used to support PC database formats such as MS Access - and FoxPro. - </para> - - <para>Default: <command>lock spin count = 2</command> - </para></listitem> - </varlistentry> - - - - - <varlistentry> - <term><anchor id="LOCKSPINTIME">lock spin time (G)</term> - <listitem><para>The time in microseconds that smbd should - pause before attempting to gain a failed lock. See - <link linkend="LOCKSPINCOUNT"><parameter>lock spin - count</parameter></link> for more details. - </para> - - <para>Default: <command>lock spin time = 10</command> - </para></listitem> - </varlistentry> - - - - <varlistentry> <term><anchor id="LOCKING">locking (S)</term> <listitem><para>This controls whether or not locking will be performed by the server in response to lock requests from the @@ -3851,8 +3845,8 @@ takes a printer name as its only parameter and outputs printer status information.</para> - <para>Currently nine styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. + <para>Currently eight styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. This covers most UNIX systems. You control which type is expected using the <parameter>printing =</parameter> option.</para> @@ -3868,10 +3862,7 @@ <para>Note that it is good practice to include the absolute path in the <parameter>lpq command</parameter> as the <envar>$PATH - </envar> may not be available to the server. When compiled with - the CUPS libraries, no <parameter>lpq command</parameter> is - needed because smbd will make a library call to obtain the - print queue listing.</para> + </envar> may not be available to the server.</para> <para>See also the <link linkend="PRINTING"><parameter>printing </parameter></link> parameter.</para> @@ -4848,23 +4839,6 @@ <varlistentry> - <term><anchor id="NTSTATUSSUPPORT">nt status support (G)</term> - <listitem><para>This boolean parameter controls whether <ulink - url="smbd.8.html">smbd(8)</ulink> will negotiate NT specific status - support with Windows NT/2k/XP clients. This is a developer - debugging option and should be left alone. - If this option is set to <constant>no</constant> then Samba offers - exactly the same DOS error codes that versions prior to Samba 2.2.3 - reported.</para> - - <para>You should not need to ever disable this parameter.</para> - - <para>Default: <command>nt status support = yes</command></para> - </listitem> - </varlistentry> - - - <varlistentry> <term><anchor id="NULLPASSWORDS">null passwords (G)</term> <listitem><para>Allow or disallow client access to accounts that have null passwords. </para> @@ -5090,10 +5064,10 @@ <varlistentry> <term><anchor id="PASSDBBACKEND">passdb backend (G)</term> - <listitem><para>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. - Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. - Experimental backends must still be selected + <listitem><para>This option allows the administrator to chose what + backend in which to store passwords. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. Only one can + be used at a time however, and experimental backends must still be selected (eg --with-tdbsam) at configure time. </para> @@ -5141,27 +5115,14 @@ <para>Any characters after the (optional) second : are passed to the plugin for its own processing</para> </listitem> - - <listitem><para><command>unixsam</command> - Allows samba to map all (other) available unix users</para> - - <para>This backend uses the standard unix database for retrieving users. Users included - in this pdb are NOT listed in samba user listings and users included in this pdb won't be - able to login. The use of this backend is to always be able to display the owner of a file - on the samba server - even when the user doesn't have a 'real' samba account in one of the - other passdb backends. - </para> - - <para>This backend should always be the last backend listed, since it contains all users in - the unix passdb and might 'override' mappings if specified earlier. It's meant to only return - accounts for users that aren't covered by the previous backends.</para> - </listitem> + </itemizedlist> </para> - <para>Default: <command>passdb backend = smbpasswd unixsam</command></para> - <para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd unixsam</command></para> - <para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com unixsam</command></para> - <para>Example: <command>passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</command></para> + <para>Default: <command>passdb backend = smbpasswd</command></para> + <para>Example: <command>passdb backend = tdbsam:/etc/samba/private/passdb.tdb</command></para> + <para>Example: <command>passdb backend = ldapsam_nua:ldaps://ldap.example.com</command></para> + <para>Example: <command>passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args</command></para> </listitem> </varlistentry> @@ -5457,18 +5418,6 @@ <varlistentry> - <term><anchor id="PIDDIRECTORY">pid directory (G)</term> - <listitem><para>This option specifies the directory where pid - files will be placed. </para> - - <para>Default: <command>pid directory = ${prefix}/var/locks</command></para> - <para>Example: <command>pid directory = /var/run/</command> - </para></listitem> - </varlistentry> - - - - <varlistentry> <term><anchor id="POSIXLOCKING">posix locking (S)</term> <listitem><para>The <ulink url="smbd.8.html"><command>smbd(8)</command></ulink> daemon maintains an database of file locks obtained by SMB clients. @@ -5647,23 +5596,14 @@ manually remove old spool files.</para> <para>The print command is simply a text string. It will be used - verbatim after macro substitutions have been made:</para> - - <para>s, %p - the path to the spool - file name</para> - - <para>%p - the appropriate printer - name</para> - - <para>%J - the job + verbatim, with two exceptions: All occurrences of <parameter>%s + </parameter> and <parameter>%f</parameter> will be replaced by the + appropriate spool file name, and all occurrences of <parameter>%p + </parameter> will be replaced by the appropriate printer name. The + spool file name is generated automatically by the server. The + <parameter>%J</parameter> macro can be used to access the job name as transmitted by the client.</para> - <para>%c - The number of printed pages - of the spooled job (if known).</para> - - <para>%z - the size of the spooled - print job (in bytes)</para> - <para>The print command <emphasis>MUST</emphasis> contain at least one occurrence of <parameter>%s</parameter> or <parameter>%f </parameter> - the <parameter>%p</parameter> is optional. At the time @@ -5707,17 +5647,6 @@ <para>For <command>printing = SOFTQ :</command></para> <para><command>print command = lp -d%p -s %s; rm %s</command></para> - <para>For printing = CUPS : If SAMBA is compiled against - libcups, then <link linkend="PRINTING">printcap = cups</link> - uses the CUPS API to - submit jobs, etc. Otherwise it maps to the System V - commands with the -oraw option for printing, i.e. it - uses <command>lp -c -d%p -oraw; rm %s</command>. - With <command>printing = cups</command>, - and if SAMBA is compiled against libcups, any manually - set print command will be ignored.</para> - - <para>Example: <command>print command = /usr/local/samba/bin/myprintscript %p %s</command></para> </listitem> @@ -5771,14 +5700,6 @@ linkend="PRINTERSSECT">[printers]</link> section above for reasons why you might want to do this.</para> - <para>To use the CUPS printing interface set <command>printcap name = cups - </command>. This should be supplemented by an addtional setting - <link linkend="PRINTING">printing = cups</link> in the [global] - section. <command>printcap name = cups</command> will use the - "dummy" printcap created by CUPS, as specified in your CUPS - configuration file. - </para> - <para>On System V systems that use <command>lpstat</command> to list available printers you can use <command>printcap name = lpstat </command> to automatically obtain lists of available printers. This @@ -6701,33 +6622,6 @@ - <varlistentry> - <term><anchor id="SHAREMODES">share modes (S)</term> - <listitem><para>This enables or disables the honoring of - the <parameter>share modes</parameter> during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.</para> - - <para>These open modes are not directly supported by UNIX, so - they are simulated using shared memory, or lock files if your - UNIX doesn't support shared memory (almost all do).</para> - - <para>The share modes that are enabled by this option are - <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>, - <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>, - <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>. - </para> - - <para>This option gives full share compatibility and enabled - by default.</para> - - <para>You should <emphasis>NEVER</emphasis> turn this parameter - off as many Windows applications will break if you do so.</para> - - <para>Default: <command>share modes = yes</command></para> - </listitem> - </varlistentry> - <varlistentry> @@ -6961,6 +6855,348 @@ </varlistentry> + + <varlistentry> + <term><anchor id="SSL">ssl (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable enables or disables the entire SSL mode. If + it is set to <constant>no</constant>, the SSL-enabled Samba behaves + exactly like the non-SSL Samba. If set to <constant>yes</constant>, + it depends on the variables <link linkend="SSLHOSTS"><parameter> + ssl hosts</parameter></link> and <link linkend="SSLHOSTSRESIGN"> + <parameter>ssl hosts resign</parameter></link> whether an SSL + connection will be required.</para> + + <para>Default: <command>ssl = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCACERTDIR">ssl CA certDir (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable defines where to look up the Certification + Authorities. The given directory should contain one file for + each CA that Samba will trust. The file name must be the hash + value over the "Distinguished Name" of the CA. How this directory + is set up is explained later in this document. All files within the + directory that don't fit into this naming scheme are ignored. You + don't need this variable if you don't verify client certificates.</para> + + <para>Default: <command>ssl CA certDir = /usr/local/ssl/certs + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCACERTFILE">ssl CA certFile (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable is a second way to define the trusted CAs. + The certificates of the trusted CAs are collected in one big + file and this variable points to the file. You will probably + only use one of the two ways to define your CAs. The first choice is + preferable if you have many CAs or want to be flexible, the second + is preferable if you only have one CA and want to keep things + simple (you won't need to create the hashed file names). You + don't need this variable if you don't verify client certificates.</para> + + <para>Default: <command>ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCIPHERS">ssl ciphers (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable defines the ciphers that should be offered + during SSL negotiation. You should not set this variable unless + you know what you are doing.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLCLIENTCERT">ssl client cert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>The certificate in this file is used by <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink> if it exists. It's needed + if the server requires a client certificate.</para> + + <para>Default: <command>ssl client cert = /usr/local/ssl/certs/smbclient.pem + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCLIENTKEY">ssl client key (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This is the private key for <ulink url="smbclient.1.html"> + <command>smbclient(1)</command></ulink>. It's only needed if the + client should have a certificate. </para> + + <para>Default: <command>ssl client key = /usr/local/ssl/private/smbclient.pem + </command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLCOMPATIBILITY">ssl compatibility (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This variable defines whether OpenSSL should be configured + for bug compatibility with other SSL implementations. This is + probably not desirable because currently no clients with SSL + implementations other than OpenSSL exist.</para> + + <para>Default: <command>ssl compatibility = no</command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLEGDSOCKET">ssl egd socket (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This option is used to define the location of the communiation socket of + an EGD or PRNGD daemon, from which entropy can be retrieved. This option + can be used instead of or together with the <link + linkend="SSLENTROPYFILE"><parameter>ssl entropy file</parameter></link> + directive. 255 bytes of entropy will be retrieved from the daemon. + </para> + + <para>Default: <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLENTROPYBYTES">ssl entropy bytes (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This parameter is used to define the number of bytes which should + be read from the <link linkend="SSLENTROPYFILE"><parameter>ssl entropy + file</parameter></link> If a -1 is specified, the entire file will + be read. + </para> + + <para>Default: <command>ssl entropy bytes = 255</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLENTROPYFILE">ssl entropy file (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para> + This parameter is used to specify a file from which processes will + read "random bytes" on startup. In order to seed the internal pseudo + random number generator, entropy must be provided. On system with a + <filename>/dev/urandom</filename> device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. + </para> + + <para>Default: <emphasis>none</emphasis></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLHOSTS">ssl hosts (G)</term> + <listitem><para>See <link linkend="SSLHOSTSRESIGN"><parameter> + ssl hosts resign</parameter></link>.</para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLHOSTSRESIGN">ssl hosts resign (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>These two variables define whether Samba will go + into SSL mode or not. If none of them is defined, Samba will + allow only SSL connections. If the <link linkend="SSLHOSTS"> + <parameter>ssl hosts</parameter></link> variable lists + hosts (by IP-address, IP-address range, net group or name), + only these hosts will be forced into SSL mode. If the <parameter> + ssl hosts resign</parameter> variable lists hosts, only these + hosts will <emphasis>NOT</emphasis> be forced into SSL mode. The syntax for these two + variables is the same as for the <link linkend="HOSTSALLOW"><parameter> + hosts allow</parameter></link> and <link linkend="HOSTSDENY"> + <parameter>hosts deny</parameter></link> pair of variables, only + that the subject of the decision is different: It's not the access + right but whether SSL is used or not. </para> + + <para>The example below requires SSL connections from all hosts + outside the local net (which is 192.168.*.*).</para> + + <para>Default: <command>ssl hosts = <empty string></command></para> + <para><command>ssl hosts resign = <empty string></command></para> + + <para>Example: <command>ssl hosts resign = 192.168.</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLREQUIRECLIENTCERT">ssl require clientcert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>If this variable is set to <constant>yes</constant>, the + server will not tolerate connections from clients that don't + have a valid certificate. The directory/file given in <link + linkend="SSLCACERTDIR"><parameter>ssl CA certDir</parameter> + </link> and <link linkend="SSLCACERTFILE"><parameter>ssl CA certFile + </parameter></link> will be used to look up the CAs that issued + the client's certificate. If the certificate can't be verified + positively, the connection will be terminated. If this variable + is set to <constant>no</constant>, clients don't need certificates. + Contrary to web applications you really <emphasis>should</emphasis> + require client certificates. In the web environment the client's + data is sensitive (credit card numbers) and the server must prove + to be trustworthy. In a file server environment the server's data + will be sensitive and the clients must prove to be trustworthy.</para> + + <para>Default: <command>ssl require clientcert = no</command></para> + </listitem> + </varlistentry> + + + + <varlistentry> + <term><anchor id="SSLREQUIRESERVERCERT">ssl require servercert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>If this variable is set to <constant>yes</constant>, the + <ulink url="smbclient.1.html"><command>smbclient(1)</command> + </ulink> will request a certificate from the server. Same as + <link linkend="SSLREQUIRECLIENTCERT"><parameter>ssl require + clientcert</parameter></link> for the server.</para> + + <para>Default: <command>ssl require servercert = no</command> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term><anchor id="SSLSERVERCERT">ssl server cert (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This is the file containing the server's certificate. + The server <emphasis>must</emphasis> have a certificate. The + file may also contain the server's private key. See later for + how certificates and private keys are created.</para> + + <para>Default: <command>ssl server cert = <empty string> + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLSERVERKEY">ssl server key (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This file contains the private key of the server. If + this variable is not defined, the key is looked up in the + certificate file (it may be appended to the certificate). + The server <emphasis>must</emphasis> have a private key + and the certificate <emphasis>must</emphasis> + match this private key.</para> + + <para>Default: <command>ssl server key = <empty string> + </command></para> + </listitem> + </varlistentry> + + + <varlistentry> + <term><anchor id="SSLVERSION">ssl version (G)</term> + <listitem><para>This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option <command>--with-ssl</command> was + given at configure time.</para> + + <para>This enumeration variable defines the versions of the + SSL protocol that will be used. <constant>ssl2or3</constant> allows + dynamic negotiation of SSL v2 or v3, <constant>ssl2</constant> results + in SSL v2, <constant>ssl3</constant> results in SSL v3 and + <constant>tls1</constant> results in TLS v1. TLS (Transport Layer + Security) is the new standard for SSL.</para> + + <para>Default: <command>ssl version = "ssl2or3"</command></para> + </listitem> + </varlistentry> + + + <varlistentry> <term><anchor id="STATCACHE">stat cache (G)</term> <listitem><para>This parameter determines if <ulink @@ -7222,9 +7458,9 @@ <varlistentry> <term><anchor id="UNIXEXTENSIONS">unix extensions(G)</term> <listitem><para>This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. - These extensions enable Samba to better serve UNIX CIFS clients - by supporting features such as symbolic links, hard links, etc... + implments the CIFS UNIX extensions, as defined by HP. These + extensions enable CIFS to server UNIX clients to UNIX servers + better, and allow such things as symbolic links, hard links etc. These extensions require a similarly enabled client, and are of no current use to Windows clients.</para> @@ -7763,7 +7999,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDCACHETIME">winbind cache time (G)</term> + <term><anchor id="WINBINDCACHETIME">winbind cache time</term> <listitem><para>This parameter specifies the number of seconds the <ulink url="winbindd.8.html">winbindd(8)</ulink> daemon will cache user and group information before querying a Windows NT server @@ -7775,8 +8011,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDENUMUSERS">winbind enum users (G)</term> - <listitem><para>On large installations using + <term><anchor id="WINBINDENUMUSERS">winbind enum + users</term> <listitem><para>On large installations using <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be necessary to suppress the enumeration of users through the <command> setpwent()</command>, @@ -7797,8 +8033,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ </varlistentry> <varlistentry> - <term><anchor id="WINBINDENUMGROUPS">winbind enum groups (G)</term> - <listitem><para>On large installations using + <term><anchor id="WINBINDENUMGROUPS">winbind enum + groups</term> <listitem><para>On large installations using <ulink url="winbindd.8.html">winbindd(8)</ulink> it may be necessary to suppress the enumeration of groups through the <command> setgrent()</command>, @@ -7818,7 +8054,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDGID">winbind gid (G)</term> + <term><anchor id="WINBINDGID">winbind gid</term> <listitem><para>The winbind gid parameter specifies the range of group ids that are allocated by the <ulink url="winbindd.8.html"> winbindd(8)</ulink> daemon. This range of group ids should have no @@ -7834,7 +8070,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDSEPARATOR">winbind separator (G)</term> + <term><anchor id="WINBINDSEPARATOR">winbind separator</term> <listitem><para>This parameter allows an admin to define the character used when listing a username of the form of <replaceable>DOMAIN </replaceable>\<replaceable>user</replaceable>. This parameter @@ -7846,8 +8082,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group.</para> - <para>Default: <command>winbind separator = '\'</command></para> - <para>Example: <command>winbind separator = +</command></para> + <para>Example: <command>winbind separator = \\</command></para> + <para>Example: <command>winbind separator = /</command></para> </listitem> </varlistentry> @@ -7855,7 +8091,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ <varlistentry> - <term><anchor id="WINBINDUID">winbind uid (G)</term> + <term><anchor id="WINBINDUID">winbind uid</term> <listitem><para>The winbind gid parameter specifies the range of group ids that are allocated by the <ulink url="winbindd.8.html"> winbindd(8)</ulink> daemon. This range of ids should have no diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml index 31031dafc4..4f36de1576 100644 --- a/docs/docbook/manpages/smbclient.1.sgml +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -434,9 +434,9 @@ domain = <value> <varlistentry> <term>-W WORKGROUP</term> - <listitem><para>Override the default workgroup (domain) specified - in the workgroup parameter of the <filename>smb.conf</filename> - file for this connection. This may be needed to connect to some + <listitem><para>Override the default workgroup specified in the + workgroup parameter of the <filename>smb.conf</filename> file + for this connection. This may be needed to connect to some servers. </para></listitem> </varlistentry> @@ -634,44 +634,6 @@ domain = <value> </varlistentry> - <varlistentry> - <term>altname file</term> - <listitem><para>The client will request that the server return - the "alternate" name (the 8.3 name) for a file or directory. - </para></listitem> - </varlistentry> - - - <varlistentry> - <term>cancel jobid0 [jobid1] ... [jobidN]</term> - <listitem><para>The client will request that the server cancel - the printjobs identified by the given numeric print job ids. - </para></listitem> - </varlistentry> - - - - <varlistentry> - <term>chmod file mode in octal</term> - <listitem><para>This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - change the UNIX permissions to the given octal mode, in standard UNIX format. - </para></listitem> - </varlistentry> - - - - <varlistentry> - <term>chown file uid gid</term> - <listitem><para>This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - change the UNIX user and group ownership to the given decimal values. Note there is - currently no way to remotely look up the UNIX uid and gid values for a given name. - This may be addressed in future versions of the CIFS UNIX extensions. - </para></listitem> - </varlistentry> - - <varlistentry> <term>cd [directory name]</term> @@ -739,17 +701,6 @@ domain = <value> <varlistentry> - <term>link source destination</term> - <listitem><para>This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - create a hard link between the source and destination files. The source file - must not exist. - </para></listitem> - </varlistentry> - - - - <varlistentry> <term>lowercase</term> <listitem><para>Toggle lowercasing of filenames for the get and mget commands. </para> @@ -927,30 +878,6 @@ domain = <value> <varlistentry> - <term>setmode <filename> <perm=[+|\-]rsha></term> - <listitem><para>A version of the DOS attrib command to set - file permissions. For example: </para> - - <para><command>setmode myfile +r </command></para> - - <para>would make myfile read only. </para></listitem> - </varlistentry> - - - - <varlistentry> - <term>symlink source destination</term> - <listitem><para>This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - create a symbolic hard link between the source and destination files. The source file - must not exist. Note that the server will not create a link to any path that lies - outside the currently connected share. This is enforced by the Samba server. - </para></listitem> - </varlistentry> - - - - <varlistentry> <term>tar <c|x>[IXbgNa]</term> <listitem><para>Performs a tar operation - see the <parameter>-T </parameter> command line option above. Behavior may be affected @@ -980,6 +907,16 @@ domain = <value> </varlistentry> + <varlistentry> + <term>setmode <filename> <perm=[+|\-]rsha></term> + <listitem><para>A version of the DOS attrib command to set + file permissions. For example: </para> + + <para><command>setmode myfile +r </command></para> + + <para>would make myfile read only. </para></listitem> + </varlistentry> + </variablelist> </refsect1> diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 517e2ca41f..05e05f4a6a 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -9,7 +9,7 @@ <refnamediv> <refname>smbcontrol</refname> - <refpurpose>send messages to smbd, nmbd or winbindd processes</refpurpose> + <refpurpose>send messages to smbd or nmbd processes</refpurpose> </refnamediv> <refsynopsisdiv> @@ -33,10 +33,9 @@ Samba</ulink> suite.</para> <para><command>smbcontrol</command> is a very small program, which - sends messages to an <ulink url="smbd.8.html">smbd(8)</ulink>, - an <ulink url="nmbd.8.html">nmbd(8)</ulink> - or a <ulink url="winbindd.8.html">winbindd(8)</ulink> - daemon running on the system.</para> + sends messages to an <ulink url="smbd.8.html">smbd(8)</ulink> or + an <ulink url="nmbd.8.html">nmbd(8)</ulink> daemon running on the + system.</para> </refsect1> @@ -82,9 +81,8 @@ message to smbd which will then close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the - share name for which client connections will be closed, or the + share name for which client connections will be close, or the "*" character which will close all currently open shares. - This may be useful if you made changes to the access controls on the share. This message can only be sent to <constant>smbd</constant>.</para> <para>The <constant>debug</constant> message-type allows @@ -107,7 +105,7 @@ collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can - be sent to any smbd or nmbd destinations.</para> + be sent to any of the destinations.</para> <para>The <constant>debuglevel</constant> message-type sends a "request debug level" message. The current debug level setting @@ -117,13 +115,18 @@ <para>The <constant>profilelevel</constant> message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any smbd or nmbd destinations.</para> + to any of the destinations.</para> <para>The <constant>printer-notify</constant> message-type sends a message to smbd which in turn sends a printer notify message to any Windows NT clients connected to a printer. This message-type takes an argument of the printer name to send notify messages to. This message can only be sent to <constant>smbd</constant>.</para> + + <para>The <constant>close-share</constant> message-type sends a + message to smbd which forces smbd to close the share that was + specified as an argument. This may be useful if you made changes + to the access controls on the share. </para> </listitem> </varlistentry> diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml index 509007c4bc..824ae20241 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.sgml @@ -176,9 +176,7 @@ its size may be controlled by the <ulink url="smb.conf.5.html#maxlogsize">max log size</ulink> option in the <ulink url="smb.conf.5.html"><filename> - smb.conf(5)</filename></ulink> file. <emphasis>Beware:</emphasis> - If the directory specified does not exist, <command>smbd</command> - will log to the default debug log location defined at compile time. + smb.conf(5)</filename></ulink> file. </para> <para>The default log directory is specified at diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml index ec4dbbaff1..b4a77e51c9 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -14,7 +14,7 @@ <refsynopsisdiv> <cmdsynopsis> - <command>smbmount</command> + <command>smbumount</command> <arg choice="req">service</arg> <arg choice="req">mount-point</arg> <arg choice="opt">-o options</arg> diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index 82efb334ba..46adac6b79 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -16,13 +16,6 @@ <refsynopsisdiv> <cmdsynopsis> <command>smbsh</command> - <arg choice="opt">-W workgroup</arg> - <arg choice="opt">-U username</arg> - <arg choice="opt">-P prefix</arg> - <arg choice="opt">-R <name resolve order></arg> - <arg choice="opt">-d <debug level></arg> - <arg choice="opt">-l logfile</arg> - <arg choice="opt">-L libdir</arg> </cmdsynopsis> </refsynopsisdiv> @@ -37,129 +30,6 @@ egrep</command>, and <command>rcp</command>. You must use a shell that is dynamically linked in order for <command>smbsh</command> to work correctly.</para> -</refsect1> - -<refsect1> - <title>OPTIONS</title> - - <variablelist> - <varlistentry> - <term>-W WORKGROUP</term> - <listitem><para>Override the default workgroup specified in the - workgroup parameter of the <filename>smb.conf</filename> file - for this session. This may be needed to connect to some - servers. </para></listitem> - </varlistentry> - - <varlistentry> - <term>-U username[%pass]</term> - <listitem><para>Sets the SMB username or username and password. - If this option is not specified, the user will be prompted for - both the username and the password. If %pass is not specified, - the user will be prompted for the password. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-P prefix</term><listitem><para>This option allows - the user to set the directory prefix for SMB access. The - default value if this option is not specified is - <emphasis>smb</emphasis>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-R <name resolve order></term> - <listitem><para>This option is used to determine what naming - services and in what order to resolve - host names to IP addresses. The option takes a space-separated - string of different name resolution options.</para> - - <para>The options are :"lmhosts", "host", "wins" and "bcast". - They cause names to be resolved as follows :</para> - - <itemizedlist> - <listitem><para><constant>lmhosts</constant> : - Lookup an IP address in the Samba lmhosts file. If the - line in lmhosts has no name type attached to the - NetBIOS name - (see the <ulink url="lmhosts.5.html">lmhosts(5)</ulink> - for details) then any name type matches for lookup. - </para></listitem> - - <listitem><para><constant>host</constant> : - Do a standard host name to IP address resolution, using - the system <filename>/etc/hosts</filename>, NIS, or DNS - lookups. This method of name resolution is operating - system dependent, for instance on IRIX or Solaris this - may be controlled by the <filename>/etc/nsswitch.conf - </filename> file). Note that this method is only used - if the NetBIOS name type being queried is the 0x20 - (server) name type, otherwise it is ignored. - </para></listitem> - - <listitem><para><constant>wins</constant> : - Query a name with the IP address listed in the - <parameter>wins server</parameter> parameter. If no - WINS server has been specified this method will be - ignored. - </para></listitem> - - <listitem><para><constant>bcast</constant> : - Do a broadcast on each of the known local interfaces - listed in the <parameter>interfaces</parameter> - parameter. This is the least reliable of the name - resolution methods as it depends on the target host - being on a locally connected subnet. - </para></listitem> - </itemizedlist> - - <para>If this parameter is not set then the name resolve order - defined in the <filename>smb.conf</filename> file parameter - (name resolve order) will be used. </para> - - <para>The default order is lmhosts, host, wins, bcast. Without - this parameter or any entry in the <parameter>name resolve order - </parameter> parameter of the <filename>smb.conf</filename> - file, the name resolution methods will be attempted in this - order. </para></listitem> - </varlistentry> - - <varlistentry> - <term>-d <debug level></term> - <listitem><para>debug level is an integer from 0 to 10.</para> - - <para>The default value if this parameter is not specified - is zero.</para> - - <para>The higher this value, the more detail will be logged - about the activities of <command>nmblookup</command>. At level - 0, only critical errors and serious warnings will be logged. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-l logfilename</term> - <listitem><para>If specified causes all debug messages to be - written to the file specified by <replaceable>logfilename - </replaceable>. If not specified then all messages will be - written to<replaceable>stderr</replaceable>. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>-L libdir</term> - <listitem><para>This parameter specifies the location of the - shared libraries used by <command>smbsh</command>. The default - value is specified at compile time. - </para></listitem> - </varlistentry> - - </variablelist> -</refsect1> - -<refsect1> - <title>EXAMPLES</title> <para>To use the <command>smbsh</command> command, execute <command> smbsh</command> from the prompt and enter the username and password diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml index f1461b07b9..7f2c4624a9 100644 --- a/docs/docbook/manpages/wbinfo.1.sgml +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -17,8 +17,6 @@ <command>wbinfo</command> <arg choice="opt">-u</arg> <arg choice="opt">-g</arg> - <arg choice="opt">-h name</arg> - <arg choice="opt">-i ip</arg> <arg choice="opt">-n name</arg> <arg choice="opt">-s sid</arg> <arg choice="opt">-U uid</arg> @@ -27,9 +25,8 @@ <arg choice="opt">-Y sid</arg> <arg choice="opt">-t</arg> <arg choice="opt">-m</arg> - <arg choice="opt">-r user</arg> <arg choice="opt">-a user%password</arg> - <arg choice="opt">-A user%password</arg> + <arg choice="opt">-p</arg> </cmdsynopsis> </refsynopsisdiv> @@ -74,26 +71,6 @@ <varlistentry> - <term>-h name</term> - <listitem><para>The <parameter>-h</parameter> option - queries <command>winbindd(8)</command> to query the WINS - server for the IP address associated with the NetBIOS name - specified by the <parameter>name</parameter> parameter. - </para></listitem> - </varlistentry> - - - <varlistentry> - <term>-i ip</term> - <listitem><para>The <parameter>-i</parameter> option - queries <command>winbindd(8)</command> to send a node status - request to get the NetBIOS name associated with the IP address - specified by the <parameter>ip</parameter> parameter. - </para></listitem> - </varlistentry> - - - <varlistentry> <term>-n name</term> <listitem><para>The <parameter>-n</parameter> option queries <command>winbindd(8)</command> for the SID @@ -166,16 +143,6 @@ </para></listitem> </varlistentry> - - <varlistentry> - <term>-r username</term> - <listitem><para>Try to obtain the list of UNIX group ids - to which the user belongs. This only works for users - defined on a Domain Controller. - </para></listitem> - </varlistentry> - - <varlistentry> <term>-a username%password</term> <listitem><para>Attempt to authenticate a user via winbindd. @@ -183,14 +150,10 @@ </para></listitem> </varlistentry> - <varlistentry> - <term>-A username%password</term> - <listitem><para>Store username and password used by winbindd - during session setup to a domain controller. This enables - winbindd to operate in a Windows 2000 domain with Restrict - Anonymous turned on (a.k.a. Permissions compatiable with - Windows 2000 servers only). + <term>-p</term> + <listitem><para>Attempt a simple 'ping' check that the winbindd + is indeed alive. </para></listitem> </varlistentry> </variablelist> diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index 0325f9bfe1..bd1dafa07e 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -57,15 +57,6 @@ <variablelist> <varlistentry> - <term>hosts</term> - <listitem><para>User information traditionally stored in - the <filename>hosts(5)</filename> file and used by - <command>gethostbyname(3)</command> functions. Names are - resolved through the WINS server or by broadcast. - </para></listitem> - </varlistentry> - - <varlistentry> <term>passwd</term> <listitem><para>User information traditionally stored in the <filename>passwd(5)</filename> file and used by @@ -90,12 +81,6 @@ passwd: files winbind group: files winbind </programlisting></para> - - <para>The following simple configuration in the - <filename>/etc/nsswitch.conf</filename> file can be used to initially - resolve hostnames from <filename>/etc/hosts</filename> and then from the - WINS server.</para> - </refsect1> diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml index 701e48678c..0b6abaf80f 100644 --- a/docs/docbook/projdoc/Integrating-with-Windows.sgml +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -132,7 +132,7 @@ by the TCP/IP configuration control files. The file <para> When the IP address of the destination interface has been -determined a protocol called ARP/RARP is used to identify +determined a protocol called ARP/RARP isused to identify the MAC address of the target interface. ARP stands for Address Resolution Protocol, and is a broadcast oriented method that uses UDP (User Datagram Protocol) to send a request to all @@ -335,7 +335,7 @@ architecture of the MS Windows network. The term "workgroup" indicates that the primary nature of the network environment is that of a peer-to-peer design. In a WORKGROUP all machines are responsible for their own security, and generally such security is limited to use of -just a password (known as SHARE MODE security). In most situations +just a password (known as SHARE MORE security). In most situations with peer-to-peer networking the users who control their own machines will simply opt to have no security at all. It is possible to have USER MODE security in a WORKGROUP environment, thus requiring use @@ -366,8 +366,8 @@ limited to this area. <para> All MS Windows machines employ an in memory buffer in which is -stored the NetBIOS names and IP addresses for all external -machines that that machine has communicated with over the +stored the NetBIOS names and their IP addresses for all external +machines that that the local machine has communicated with over the past 10-15 minutes. It is more efficient to obtain an IP address for a machine from the local cache than it is to go through all the configured name resolution mechanisms. @@ -377,7 +377,7 @@ configured name resolution mechanisms. If a machine whose name is in the local name cache has been shut down before the name had been expired and flushed from the cache, then an attempt to exchange a message with that machine will be subject -to time-out delays. i.e.: Its name is in the cache, so a name resolution +to time-out delays. ie: It's name is in the cache, so a name resolution lookup will succeed, but the machine can not respond. This can be frustrating for users - but it is a characteristic of the protocol. </para> @@ -563,7 +563,7 @@ dependable browsing using Samba</title> <para> As stated above, MS Windows machines register their NetBIOS names -(i.e.: the machine name for each service type in operation) on start +(ie: the machine name for each service type in operation) on start up. Also, as stated above, the exact method by which this name registration takes place is determined by whether or not the MS Windows client/server has been given a WINS server address, whether or not LMHOSTS lookup @@ -594,7 +594,7 @@ Instead, the domain master browser serves the role of contacting each local master browser (found by asking WINS or from LMHOSTS) and exchanging browse list contents. This way every master browser will eventually obtain a complete list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By the nature of +is held to determine which machine will be the master browser. By nature of the election criteria used, the machine with the highest uptime, or the most senior protocol version, or other criteria, will win the election as domain master browser. @@ -679,8 +679,8 @@ these versions no longer support plain text passwords by default. <para> MS Windows clients have a habit of dropping network mappings that have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped, the client -re-establishes the connection using +use the mapped drive connection that has been dropped the SMB protocol +has a mechanism by which the connection can be re-established using a cached copy of the password. </para> @@ -835,7 +835,7 @@ this HOWTO collection. <para> This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as an +Unix/Linux system both a Unix style account as well as and smbpasswd entry for the user. The Unix system account can be locked if required as only the encrypted password will be used for SMB client authentication. diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml index c6c04ccab8..21d2c55ec7 100644 --- a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml @@ -13,8 +13,8 @@ <address><email>olem@IDEALX.org</email></address> </affiliation> </author> - - + + <pubdate> (13 Jan 2002) </pubdate> </chapterinfo> @@ -98,7 +98,7 @@ Identified (RID). As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. <parameter>--with-ldapsam</parameter> or <parameter>--with-tdbsam</parameter>) requires compile time support. </para> @@ -515,6 +515,7 @@ something other than the default (e.g. \\MOBY\becky). + <sect1> <title>Example LDIF Entries for a sambaAccount</title> diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml index aab193c451..90d4843577 100644 --- a/docs/docbook/projdoc/UNIX_INSTALL.sgml +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -231,7 +231,7 @@ <para><prompt>$ </prompt><userinput>smbclient -L <replaceable>yourhostname</replaceable></userinput></para> - <para>You should get back a list of shares available on + <para>Your should get back a list of shares available on your server. If you don't then something is incorrectly setup. Note that this method can also be used to see what shares are available on other LanManager clients (such as WfWg).</para> @@ -316,8 +316,8 @@ <para>By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will - need to use the 'netbios scope' smb.conf option. - All your PCs will need to have the same setting for + need to use the -i <scope> option to nmbd, smbd, and + smbclient. All your PCs will need to have the same setting for this to work. I do not recommend scope IDs.</para> </sect2> @@ -421,6 +421,12 @@ its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility modes called DENY_FCB and DENY_DOS.</para> + + <para>You can disable share modes using "share modes = no". + This may be useful on a heavily loaded server as the share + modes code is very slow. See also the FAST_SHARE_MODES + option in the Makefile for a way to do full share modes + very fast using shared memory (if your OS supports it).</para> </sect2> <sect2> @@ -431,5 +437,15 @@ See the smb.conf man page for details.</para> </sect2> + <sect2> + <title>Other Character Sets</title> + + <para>If you have problems using filenames with accented + characters in them (like the German, French or Scandinavian + character sets) then I recommend you look at the "valid chars" + option in smb.conf and also take a look at the validchars + package in the examples directory.</para> + </sect2> + </sect1> </chapter> diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml index 62e065914b..fc8d8d52a1 100644 --- a/docs/docbook/projdoc/winbind.sgml +++ b/docs/docbook/projdoc/winbind.sgml @@ -324,14 +324,6 @@ to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2. </para> -<para> -There is also some Solaris specific information in -<filename>docs/textdocs/Solaris-Winbind-HOWTO.txt</filename>. -Future revisions of this document will incorporate that -information. -</para> - - <sect2> <title>Introduction</title> diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml index eddad19e25..da6b50f99e 100644 --- a/docs/faq/Samba-Server-FAQ.sgml +++ b/docs/faq/Samba-Server-FAQ.sgml @@ -296,7 +296,7 @@ to somewhere on your network to see if TCP/IP is functioning OK. If it is, the problem is most likely name resolution. If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Lan Manager +hosts IP and the name you want to use. For example, with Man Manager or Windows for Workgroups you would put a suitable entry in the file LMHOSTS. If this works, the problem is in the communication between your client and the netbios name server. If it does not work, then @@ -319,7 +319,7 @@ the name you gave. The first step is to check the exact name of the service you are trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's docs on how +exists and you specified it correctly (read your client's doco on how to specify a service name correctly), read on: <itemize> diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml index 17ed7059fd..333ac55f67 100644 --- a/docs/faq/sambafaq.sgml +++ b/docs/faq/sambafaq.sgml @@ -371,7 +371,7 @@ to somewhere on your network to see if TCP/IP is functioning OK. If it is, the problem is most likely name resolution. If your client has a facility to do so, hardcode a mapping between the -hosts IP and the name you want to use. For example, with Lan Manager +hosts IP and the name you want to use. For example, with Man Manager or Windows for Workgroups you would put a suitable entry in the file LMHOSTS. If this works, the problem is in the communication between your client and the netbios name server. If it does not work, then @@ -394,7 +394,7 @@ the name you gave. The first step is to check the exact name of the service you are trying to connect to (consult your system administrator). Assuming it -exists and you specified it correctly (read your client's docs on how +exists and you specified it correctly (read your client's doco on how to specify a service name correctly), read on: <itemize> diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 5175bd4c8d..5b44d17968 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -878,29 +878,29 @@ HREF="#AEN2015" ><DL ><DT >11.5.1. <A -HREF="#AEN2022" +HREF="#AEN2020" >Introduction</A ></DT ><DT >11.5.2. <A -HREF="#AEN2035" +HREF="#AEN2033" >Requirements</A ></DT ><DT >11.5.3. <A -HREF="#AEN2049" +HREF="#AEN2047" >Testing Things Out</A ></DT ><DD ><DL ><DT >11.5.3.1. <A -HREF="#AEN2060" +HREF="#AEN2058" >Configure and compile SAMBA</A ></DT ><DT >11.5.3.2. <A -HREF="#AEN2079" +HREF="#AEN2077" >Configure <TT CLASS="FILENAME" >nsswitch.conf</TT @@ -909,22 +909,22 @@ winbind libraries</A ></DT ><DT >11.5.3.3. <A -HREF="#AEN2104" +HREF="#AEN2102" >Configure smb.conf</A ></DT ><DT >11.5.3.4. <A -HREF="#AEN2120" +HREF="#AEN2118" >Join the SAMBA server to the PDC domain</A ></DT ><DT >11.5.3.5. <A -HREF="#AEN2131" +HREF="#AEN2129" >Start up the winbindd daemon and test it!</A ></DT ><DT >11.5.3.6. <A -HREF="#AEN2167" +HREF="#AEN2165" >Fix the <TT CLASS="FILENAME" >/etc/rc.d/init.d/smb</TT @@ -932,7 +932,7 @@ CLASS="FILENAME" ></DT ><DT >11.5.3.7. <A -HREF="#AEN2189" +HREF="#AEN2187" >Configure Winbind and PAM</A ></DT ></DL @@ -941,12 +941,12 @@ HREF="#AEN2189" ></DD ><DT >11.6. <A -HREF="#AEN2236" +HREF="#AEN2234" >Limitations</A ></DT ><DT >11.7. <A -HREF="#AEN2246" +HREF="#AEN2244" >Conclusion</A ></DT ></DL @@ -960,32 +960,32 @@ HREF="#OS2" ><DL ><DT >12.1. <A -HREF="#AEN2260" +HREF="#AEN2258" >FAQs</A ></DT ><DD ><DL ><DT >12.1.1. <A -HREF="#AEN2262" +HREF="#AEN2260" >How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></DT ><DT >12.1.2. <A -HREF="#AEN2277" +HREF="#AEN2275" >How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></DT ><DT >12.1.3. <A -HREF="#AEN2286" +HREF="#AEN2284" >Are there any other issues when OS/2 (any version) is used as a client?</A ></DT ><DT >12.1.4. <A -HREF="#AEN2290" +HREF="#AEN2288" >How do I get printer driver download working for OS/2 clients?</A ></DT @@ -1002,24 +1002,24 @@ HREF="#CVS-ACCESS" ><DL ><DT >13.1. <A -HREF="#AEN2306" +HREF="#AEN2304" >Introduction</A ></DT ><DT >13.2. <A -HREF="#AEN2311" +HREF="#AEN2309" >CVS Access to samba.org</A ></DT ><DD ><DL ><DT >13.2.1. <A -HREF="#AEN2314" +HREF="#AEN2312" >Access via CVSweb</A ></DT ><DT >13.2.2. <A -HREF="#AEN2319" +HREF="#AEN2317" >Access via cvs</A ></DT ></DL @@ -1028,7 +1028,7 @@ HREF="#AEN2319" ></DD ><DT ><A -HREF="#AEN2347" +HREF="#AEN2345" >Index</A ></DT ></DL @@ -8347,7 +8347,7 @@ Identified (RID).</P >As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. <TT CLASS="PARAMETER" ><I @@ -9535,20 +9535,12 @@ for providing the HOWTO for this section.</P >This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2.</P -><P ->There is also some Solaris specific information in -<TT -CLASS="FILENAME" ->docs/textdocs/Solaris-Winbind-HOWTO.txt</TT ->. -Future revisions of this document will incorporate that -information.</P ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2022" +NAME="AEN2020" >11.5.1. Introduction</A ></H2 ><P @@ -9599,7 +9591,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2035" +NAME="AEN2033" >11.5.2. Requirements</A ></H2 ><P @@ -9657,7 +9649,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2049" +NAME="AEN2047" >11.5.3. Testing Things Out</A ></H2 ><P @@ -9702,7 +9694,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2060" +NAME="AEN2058" >11.5.3.1. Configure and compile SAMBA</A ></H3 ><P @@ -9777,7 +9769,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2079" +NAME="AEN2077" >11.5.3.2. Configure <TT CLASS="FILENAME" >nsswitch.conf</TT @@ -9867,7 +9859,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2104" +NAME="AEN2102" >11.5.3.3. Configure smb.conf</A ></H3 ><P @@ -9951,7 +9943,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2120" +NAME="AEN2118" >11.5.3.4. Join the SAMBA server to the PDC domain</A ></H3 ><P @@ -9997,7 +9989,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2131" +NAME="AEN2129" >11.5.3.5. Start up the winbindd daemon and test it!</A ></H3 ><P @@ -10138,7 +10130,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2167" +NAME="AEN2165" >11.5.3.6. Fix the <TT CLASS="FILENAME" >/etc/rc.d/init.d/smb</TT @@ -10268,7 +10260,7 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN2189" +NAME="AEN2187" >11.5.3.7. Configure Winbind and PAM</A ></H3 ><P @@ -10490,7 +10482,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN2236" +NAME="AEN2234" >11.6. Limitations</A ></H1 ><P @@ -10531,7 +10523,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN2246" +NAME="AEN2244" >11.7. Conclusion</A ></H1 ><P @@ -10555,7 +10547,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2260" +NAME="AEN2258" >12.1. FAQs</A ></H1 ><DIV @@ -10563,7 +10555,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN2262" +NAME="AEN2260" >12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></H2 @@ -10622,7 +10614,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2277" +NAME="AEN2275" >12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></H2 @@ -10675,7 +10667,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2286" +NAME="AEN2284" >12.1.3. Are there any other issues when OS/2 (any version) is used as a client?</A ></H2 @@ -10697,7 +10689,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2290" +NAME="AEN2288" >12.1.4. How do I get printer driver download working for OS/2 clients?</A ></H2 @@ -10753,7 +10745,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN2306" +NAME="AEN2304" >13.1. Introduction</A ></H1 ><P @@ -10775,7 +10767,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN2311" +NAME="AEN2309" >13.2. CVS Access to samba.org</A ></H1 ><P @@ -10788,7 +10780,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2314" +NAME="AEN2312" >13.2.1. Access via CVSweb</A ></H2 ><P @@ -10809,7 +10801,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN2319" +NAME="AEN2317" >13.2.2. Access via cvs</A ></H2 ><P @@ -10915,7 +10907,7 @@ CLASS="COMMAND" ></DIV ><HR><H1 ><A -NAME="AEN2347" +NAME="AEN2345" >Index</A ></H1 ><DL diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html index 76fd5de6ba..4e5993f3bc 100644 --- a/docs/htmldocs/nmbd.8.html +++ b/docs/htmldocs/nmbd.8.html @@ -295,7 +295,9 @@ CLASS="FILENAME" <B CLASS="COMMAND" >nmbd</B -> server. The default log directory is compiled into Samba +> server.</P +><P +>The default log directory is compiled into Samba as part of the build process. Common defaults are <TT CLASS="FILENAME" > /usr/local/samba/var/log.nmb</TT @@ -306,15 +308,7 @@ CLASS="FILENAME" <TT CLASS="FILENAME" >/var/log/log.nmb</TT ->. <EM ->Beware:</EM -> - If the directory specified does not exist, <B -CLASS="COMMAND" ->nmbd</B -> - will log to the default debug log location defined at compile time. - </P +>.</P ></DD ><DT >-n <primary NetBIOS name></DT @@ -346,30 +340,31 @@ CLASS="FILENAME" ><DD ><P >UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) + This option changes the default UDP port number (normally 137) that <B CLASS="COMMAND" >nmbd</B -> responds to name queries on. Don't - use this option unless you are an expert, in which case you +> responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help!</P ></DD ><DT >-s <configuration file></DT ><DD ><P ->The default configuration file name +>The default configuration file name is set at build time, typically as <TT CLASS="FILENAME" > /usr/local/samba/lib/smb.conf</TT >, but this may be changed when Samba is autoconfigured.</P ><P ->The file specified contains the configuration details +>The file specified contains the configuration details required by the server. See <A HREF="smb.conf.5.html" TARGET="_top" -> <TT +> + <TT CLASS="FILENAME" >smb.conf(5)</TT ></A @@ -382,7 +377,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN131" +NAME="AEN130" ></A ><H2 >FILES</H2 @@ -398,12 +393,12 @@ CLASS="FILENAME" ></DT ><DD ><P ->If the server is to be run by the +>If the server is to be run by the <B CLASS="COMMAND" >inetd</B -> meta-daemon, this file - must contain suitable startup information for the +> meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the <A HREF="UNIX_INSTALL.html" TARGET="_top" @@ -419,11 +414,11 @@ CLASS="FILENAME" ></DT ><DD ><P ->or whatever initialization script your +>or whatever initialization script your system uses).</P ><P ->If running the server as a daemon at startup, - this file will need to contain an appropriate startup +>If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the <A HREF="UNIX_INSTALL.html" TARGET="_top" @@ -438,13 +433,13 @@ CLASS="FILENAME" ></DT ><DD ><P ->If running the server via the +>If running the server via the meta-daemon <B CLASS="COMMAND" >inetd</B ->, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). +>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the <A HREF="UNIX_INSTALL.html" TARGET="_top" @@ -459,7 +454,7 @@ CLASS="FILENAME" ></DT ><DD ><P ->This is the default location of the +>This is the default location of the <A HREF="smb.conf.5.html" TARGET="_top" @@ -468,17 +463,17 @@ CLASS="FILENAME" >smb.conf</TT ></A > - server configuration file. Other common places that systems + server configuration file. Other common places that systems install this file are <TT CLASS="FILENAME" >/usr/samba/lib/smb.conf</TT -> +> and <TT CLASS="FILENAME" >/etc/smb.conf</TT >.</P ><P ->When run as a WINS server (see the +>When run as a WINS server (see the <A HREF="smb.conf.5.html#WINSSUPPORT" TARGET="_top" @@ -495,11 +490,11 @@ CLASS="COMMAND" will store the WINS database in the file <TT CLASS="FILENAME" >wins.dat</TT -> +> in the <TT CLASS="FILENAME" >var/locks</TT -> directory configured under +> directory configured under wherever Samba was configured to install itself.</P ><P >If <B @@ -537,7 +532,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN178" +NAME="AEN177" ></A ><H2 >SIGNALS</H2 @@ -545,21 +540,21 @@ NAME="AEN178" >To shut down an <B CLASS="COMMAND" >nmbd</B -> process it is recommended +> process it is recommended that SIGKILL (-9) <EM >NOT</EM -> be used, except as a last - resort, as this may leave the name database in an inconsistent state. +> be used, except as a last + resort, as this may leave the name database in an inconsistent state. The correct way to terminate <B CLASS="COMMAND" >nmbd</B -> is to send it +> is to send it a SIGTERM (-15) signal and wait for it to die on its own.</P ><P ><B CLASS="COMMAND" >nmbd</B -> will accept SIGHUP, which will cause +> will accept SIGHUP, which will cause it to dump out its namelists into the file <TT CLASS="FILENAME" >namelist.debug @@ -567,12 +562,12 @@ CLASS="FILENAME" > in the <TT CLASS="FILENAME" >/usr/local/samba/var/locks</TT -> +> directory (or the <TT CLASS="FILENAME" >var/locks</TT -> directory configured - under wherever Samba was configured to install itself). This will also +> directory configured + under wherever Samba was configured to install itself). This will also cause <B CLASS="COMMAND" >nmbd</B @@ -598,7 +593,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN194" +NAME="AEN193" ></A ><H2 >VERSION</H2 @@ -609,7 +604,7 @@ NAME="AEN194" ><DIV CLASS="REFSECT1" ><A -NAME="AEN197" +NAME="AEN196" ></A ><H2 >SEE ALSO</H2 @@ -674,7 +669,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN214" +NAME="AEN213" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/pdbedit.8.html b/docs/htmldocs/pdbedit.8.html index b1a1dea679..9609664af0 100644 --- a/docs/htmldocs/pdbedit.8.html +++ b/docs/htmldocs/pdbedit.8.html @@ -36,12 +36,12 @@ NAME="AEN8" ><B CLASS="COMMAND" >pdbedit</B -> [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-D debuglevel]</P +> [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i file]</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN26" +NAME="AEN24" ></A ><H2 >DESCRIPTION</H2 @@ -67,7 +67,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN33" +NAME="AEN31" ></A ><H2 >OPTIONS</H2 @@ -337,40 +337,29 @@ CLASS="COMMAND" ></P ></DD ><DT ->-i passdb-backend</DT +>-i file</DT ><DD ><P ->Use a different passdb backend to retrieve users than the one specified in smb.conf.</P +>This command is used to import a smbpasswd + file into the database.</P ><P ->This option will ease migration from one passdb backend to another. - </P +>This option will ease migration from the plain smbpasswd + file database to more powerful backend databases like tdb and + ldap.</P ><P >Example: <B CLASS="COMMAND" ->pdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb</B +>pdbedit -i /etc/smbpasswd.old</B > </P ></DD -><DT ->-e passdb-backend</DT -><DD -><P ->Export all currently available users to the specified password database backend.</P -><P ->This option will ease migration from one passdb backend to another and will ease backupping</P -><P ->Example: <B -CLASS="COMMAND" ->pdbedit -e smbpasswd:/root/samba-users.backup</B -></P -></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN133" +NAME="AEN124" ></A ><H2 >NOTES</H2 @@ -380,7 +369,7 @@ NAME="AEN133" ><DIV CLASS="REFSECT1" ><A -NAME="AEN136" +NAME="AEN127" ></A ><H2 >VERSION</H2 @@ -391,7 +380,7 @@ NAME="AEN136" ><DIV CLASS="REFSECT1" ><A -NAME="AEN139" +NAME="AEN130" ></A ><H2 >SEE ALSO</H2 @@ -411,7 +400,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN144" +NAME="AEN135" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html index d329c25d65..91161af142 100644 --- a/docs/htmldocs/smb.conf.5.html +++ b/docs/htmldocs/smb.conf.5.html @@ -89,7 +89,7 @@ CLASS="REPLACEABLE" >Section and parameter names are not case sensitive.</P ><P >Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. + Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -140,7 +140,7 @@ NAME="AEN28" ><P >Sections may be designated <EM >guest</EM -> services, +> services, in which case no password is required to access them. A specified UNIX <EM >guest account</EM @@ -632,7 +632,7 @@ CLASS="VARIABLELIST" >%d</DT ><DD ><P ->The process id of the current server +>The process id of the current server process.</P ></DD ><DT @@ -756,7 +756,7 @@ CLASS="VARIABLELIST" >short preserve case = yes/no</DT ><DD ><P ->controls if new files which conform to 8.3 syntax, +>controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -785,9 +785,8 @@ NAME="AEN236" steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked.</P ><P ->If the service is marked "guest only = yes" and the - server is running with share-level security ("security = share") - then steps 1 to 5 are skipped.</P +>If the service is marked "guest only = yes" then + steps 1 to 5 are skipped.</P ><P ></P ><OL @@ -925,18 +924,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#ALGORITHMICRIDBASE" -><TT -CLASS="PARAMETER" -><I ->algorithmic rid base</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#ALLOWTRUSTEDDOMAINS" ><TT CLASS="PARAMETER" @@ -1585,42 +1572,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#LOCKSPINCOUNT" -><TT -CLASS="PARAMETER" -><I ->lock spin count</I -></TT -></A -></P -></LI -><LI -><P -><A -HREF="#LOCKSPINTIME" -><TT -CLASS="PARAMETER" -><I ->lock spin time</I -></TT -></A -></P -></LI -><LI -><P -><A -HREF="#PIDDIRECTORY" -><TT -CLASS="PARAMETER" -><I ->pid directory</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#LOGFILE" ><TT CLASS="PARAMETER" @@ -1993,18 +1944,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#NTSTATUSSUPPORT" -><TT -CLASS="PARAMETER" -><I ->nt status support</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#NULLPASSWORDS" ><TT CLASS="PARAMETER" @@ -3063,7 +3002,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN991" +NAME="AEN971" ></A ><H2 >COMPLETE LIST OF SERVICE PARAMETERS</H2 @@ -3220,18 +3159,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#CSCPOLICY" -><TT -CLASS="PARAMETER" -><I ->csc policy</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#DEFAULTCASE" ><TT CLASS="PARAMETER" @@ -3628,18 +3555,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#INHERITACLS" -><TT -CLASS="PARAMETER" -><I ->inherit acls</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#INHERITPERMISSIONS" ><TT CLASS="PARAMETER" @@ -4264,18 +4179,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#SHAREMODES" -><TT -CLASS="PARAMETER" -><I ->share modes</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#SHORTPRESERVECASE" ><TT CLASS="PARAMETER" @@ -4542,7 +4445,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN1483" +NAME="AEN1451" ></A ><H2 >EXPLANATION OF EACH PARAMETER</H2 @@ -5116,38 +5019,6 @@ CLASS="PARAMETER" ></DD ><DT ><A -NAME="ALGORITHMICRIDBASE" -></A ->algorithmic rid base (G)</DT -><DD -><P ->This determines how Samba will use its - algorithmic mapping from uids/gid to the RIDs needed to construct - NT Security Identifiers.</P -><P ->Setting this option to a larger value could be useful to sites - transitioning from WinNT and Win2k, as existing user and - group rids would otherwise clash with sytem users etc. - </P -><P ->All UIDs and GIDs must be able to be resolved into SIDs for - the correct operation of ACLs on the server. As such the algorithmic - mapping can't be 'turned off', but pushing it 'out of the way' should - resolve the issues. Users and groups can then be assigned 'low' RIDs - in arbitary-rid supporting backends. </P -><P ->Default: <B -CLASS="COMMAND" ->algorithmic rid base = 1000</B -></P -><P ->Example: <B -CLASS="COMMAND" ->algorithmic rid base = 100000</B -></P -></DD -><DT -><A NAME="ALLOWTRUSTEDDOMAINS" ></A >allow trusted domains (G)</DT @@ -6056,40 +5927,6 @@ CLASS="PARAMETER" ></DD ><DT ><A -NAME="CSCPOLICY" -></A ->csc policy (S)</DT -><DD -><P ->This stands for <EM ->client-side caching - policy</EM ->, and specifies how clients capable of offline - caching will cache the files in the share. The valid values - are: manual, documents, programs, disable.</P -><P ->These values correspond to those used on Windows - servers.</P -><P ->For example, shares containing roaming profiles can have - offline caching disabled using <B -CLASS="COMMAND" ->csc policy = disable - </B ->.</P -><P ->Default: <B -CLASS="COMMAND" ->csc policy = manual</B -></P -><P ->Example: <B -CLASS="COMMAND" ->csc policy = programs</B -></P -></DD -><DT -><A NAME="DEADTIME" ></A >deadtime (G)</DT @@ -8976,28 +8813,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="INHERITACLS" -></A ->inherit acls (S)</DT -><DD -><P ->This parameter can be used to ensure - that if default acls exist on parent directories, - they are always honored when creating a subdirectory. - The default behavior is to use the mode specified - when creating the directory. Enabling this option - sets the mode to 0777, thus guaranteeing that - default directory acls are propagated. - </P -><P ->Default: <B -CLASS="COMMAND" ->inherit acls = no</B -> - </P -></DD -><DT -><A NAME="INHERITPERMISSIONS" ></A >inherit permissions (S)</DT @@ -10016,56 +9831,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="LOCKSPINCOUNT" -></A ->lock spin count (G)</DT -><DD -><P ->This parameter controls the number of times - that smbd should attempt to gain a byte range lock on the - behalf of a client request. Experiments have shown that - Windows 2k servers do not reply with a failure if the lock - could not be immediately granted, but try a few more times - in case the lock could later be aquired. This behavior - is used to support PC database formats such as MS Access - and FoxPro. - </P -><P ->Default: <B -CLASS="COMMAND" ->lock spin count = 2</B -> - </P -></DD -><DT -><A -NAME="LOCKSPINTIME" -></A ->lock spin time (G)</DT -><DD -><P ->The time in microseconds that smbd should - pause before attempting to gain a failed lock. See - <A -HREF="#LOCKSPINCOUNT" -><TT -CLASS="PARAMETER" -><I ->lock spin - count</I -></TT -></A -> for more details. - </P -><P ->Default: <B -CLASS="COMMAND" ->lock spin time = 10</B -> - </P -></DD -><DT -><A NAME="LOCKING" ></A >locking (S)</DT @@ -10595,8 +10360,8 @@ CLASS="COMMAND" takes a printer name as its only parameter and outputs printer status information.</P ><P ->Currently nine styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. +>Currently eight styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. This covers most UNIX systems. You control which type is expected using the <TT CLASS="PARAMETER" @@ -10630,15 +10395,7 @@ CLASS="PARAMETER" CLASS="ENVAR" >$PATH </TT -> may not be available to the server. When compiled with - the CUPS libraries, no <TT -CLASS="PARAMETER" -><I ->lpq command</I -></TT -> is - needed because smbd will make a library call to obtain the - print queue listing.</P +> may not be available to the server.</P ><P >See also the <A HREF="#PRINTING" @@ -12473,34 +12230,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="NTSTATUSSUPPORT" -></A ->nt status support (G)</DT -><DD -><P ->This boolean parameter controls whether <A -HREF="smbd.8.html" -TARGET="_top" ->smbd(8)</A -> will negotiate NT specific status - support with Windows NT/2k/XP clients. This is a developer - debugging option and should be left alone. - If this option is set to <TT -CLASS="CONSTANT" ->no</TT -> then Samba offers - exactly the same DOS error codes that versions prior to Samba 2.2.3 - reported.</P -><P ->You should not need to ever disable this parameter.</P -><P ->Default: <B -CLASS="COMMAND" ->nt status support = yes</B -></P -></DD -><DT -><A NAME="NULLPASSWORDS" ></A >null passwords (G)</DT @@ -12926,10 +12655,10 @@ NAME="PASSDBBACKEND" >passdb backend (G)</DT ><DD ><P ->This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. - Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. - Experimental backends must still be selected +>This option allows the administrator to chose what + backend in which to store passwords. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. Only one can + be used at a time however, and experimental backends must still be selected (eg --with-tdbsam) at configure time. </P ><P @@ -13069,7 +12798,7 @@ CLASS="COMMAND" ><P >Example: <B CLASS="COMMAND" ->passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd</B +>passdb backend = tdbsam:/etc/samba/private/passdb.tdb</B ></P ><P >Example: <B @@ -13079,7 +12808,7 @@ CLASS="COMMAND" ><P >Example: <B CLASS="COMMAND" ->passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb</B +>passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args</B ></P ></DD ><DT @@ -13732,27 +13461,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="PIDDIRECTORY" -></A ->pid directory (G)</DT -><DD -><P ->This option specifies the directory where pid - files will be placed. </P -><P ->Default: <B -CLASS="COMMAND" ->pid directory = ${prefix}/var/locks</B -></P -><P ->Example: <B -CLASS="COMMAND" ->pid directory = /var/run/</B -> - </P -></DD -><DT -><A NAME="POSIXLOCKING" ></A >posix locking (S)</DT @@ -14081,23 +13789,34 @@ CLASS="COMMAND" manually remove old spool files.</P ><P >The print command is simply a text string. It will be used - verbatim after macro substitutions have been made:</P -><P ->s, %p - the path to the spool - file name</P -><P ->%p - the appropriate printer - name</P -><P ->%J - the job + verbatim, with two exceptions: All occurrences of <TT +CLASS="PARAMETER" +><I +>%s + </I +></TT +> and <TT +CLASS="PARAMETER" +><I +>%f</I +></TT +> will be replaced by the + appropriate spool file name, and all occurrences of <TT +CLASS="PARAMETER" +><I +>%p + </I +></TT +> will be replaced by the appropriate printer name. The + spool file name is generated automatically by the server. The + <TT +CLASS="PARAMETER" +><I +>%J</I +></TT +> macro can be used to access the job name as transmitted by the client.</P ><P ->%c - The number of printed pages - of the spooled job (if known).</P -><P ->%z - the size of the spooled - print job (in bytes)</P -><P >The print command <EM >MUST</EM > contain at least @@ -14204,25 +13923,6 @@ CLASS="COMMAND" >print command = lp -d%p -s %s; rm %s</B ></P ><P ->For printing = CUPS : If SAMBA is compiled against - libcups, then <A -HREF="#PRINTING" ->printcap = cups</A -> - uses the CUPS API to - submit jobs, etc. Otherwise it maps to the System V - commands with the -oraw option for printing, i.e. it - uses <B -CLASS="COMMAND" ->lp -c -d%p -oraw; rm %s</B ->. - With <B -CLASS="COMMAND" ->printing = cups</B ->, - and if SAMBA is compiled against libcups, any manually - set print command will be ignored.</P -><P >Example: <B CLASS="COMMAND" >print command = /usr/local/samba/bin/myprintscript @@ -14313,23 +14013,6 @@ HREF="#AEN79" > section above for reasons why you might want to do this.</P ><P ->To use the CUPS printing interface set <B -CLASS="COMMAND" ->printcap name = cups - </B ->. This should be supplemented by an addtional setting - <A -HREF="#PRINTING" ->printing = cups</A -> in the [global] - section. <B -CLASS="COMMAND" ->printcap name = cups</B -> will use the - "dummy" printcap created by CUPS, as specified in your CUPS - configuration file. - </P -><P >On System V systems that use <B CLASS="COMMAND" >lpstat</B @@ -16171,64 +15854,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="SHAREMODES" -></A ->share modes (S)</DT -><DD -><P ->This enables or disables the honoring of - the <TT -CLASS="PARAMETER" -><I ->share modes</I -></TT -> during a file open. These - modes are used by clients to gain exclusive read or write access - to a file.</P -><P ->These open modes are not directly supported by UNIX, so - they are simulated using shared memory, or lock files if your - UNIX doesn't support shared memory (almost all do).</P -><P ->The share modes that are enabled by this option are - <TT -CLASS="CONSTANT" ->DENY_DOS</TT ->, <TT -CLASS="CONSTANT" ->DENY_ALL</TT ->, - <TT -CLASS="CONSTANT" ->DENY_READ</TT ->, <TT -CLASS="CONSTANT" ->DENY_WRITE</TT ->, - <TT -CLASS="CONSTANT" ->DENY_NONE</TT -> and <TT -CLASS="CONSTANT" ->DENY_FCB</TT ->. - </P -><P ->This option gives full share compatibility and enabled - by default.</P -><P ->You should <EM ->NEVER</EM -> turn this parameter - off as many Windows applications will break if you do so.</P -><P ->Default: <B -CLASS="COMMAND" ->share modes = yes</B -></P -></DD -><DT -><A NAME="SHORTPRESERVECASE" ></A >short preserve case (S)</DT @@ -18633,7 +18258,7 @@ CLASS="COMMAND" ><A NAME="WINBINDCACHETIME" ></A ->winbind cache time (G)</DT +>winbind cache time</DT ><DD ><P >This parameter specifies the number of seconds the @@ -18654,7 +18279,8 @@ CLASS="COMMAND" ><A NAME="WINBINDENUMUSERS" ></A ->winbind enum users (G)</DT +>winbind enum + users</DT ><DD ><P >On large installations using @@ -18705,7 +18331,8 @@ CLASS="COMMAND" ><A NAME="WINBINDENUMGROUPS" ></A ->winbind enum groups (G)</DT +>winbind enum + groups</DT ><DD ><P >On large installations using @@ -18755,7 +18382,7 @@ CLASS="COMMAND" ><A NAME="WINBINDGID" ></A ->winbind gid (G)</DT +>winbind gid</DT ><DD ><P >The winbind gid parameter specifies the range of group @@ -18782,7 +18409,7 @@ CLASS="COMMAND" ><A NAME="WINBINDSEPARATOR" ></A ->winbind separator (G)</DT +>winbind separator</DT ><DD ><P >This parameter allows an admin to define the character @@ -18812,21 +18439,21 @@ CLASS="FILENAME" with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group.</P ><P ->Default: <B +>Example: <B CLASS="COMMAND" ->winbind separator = '\'</B +>winbind separator = \\</B ></P ><P >Example: <B CLASS="COMMAND" ->winbind separator = +</B +>winbind separator = /</B ></P ></DD ><DT ><A NAME="WINBINDUID" ></A ->winbind uid (G)</DT +>winbind uid</DT ><DD ><P >The winbind gid parameter specifies the range of group @@ -19246,7 +18873,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6101" +NAME="AEN5974" ></A ><H2 >WARNINGS</H2 @@ -19276,7 +18903,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6107" +NAME="AEN5980" ></A ><H2 >VERSION</H2 @@ -19287,7 +18914,7 @@ NAME="AEN6107" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6110" +NAME="AEN5983" ></A ><H2 >SEE ALSO</H2 @@ -19366,7 +18993,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN6130" +NAME="AEN6003" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html index 4c770f9eb2..6c15873787 100644 --- a/docs/htmldocs/smbclient.1.html +++ b/docs/htmldocs/smbclient.1.html @@ -673,12 +673,12 @@ CLASS="COMMAND" >-W WORKGROUP</DT ><DD ><P ->Override the default workgroup (domain) specified - in the workgroup parameter of the <TT +>Override the default workgroup specified in the + workgroup parameter of the <TT CLASS="FILENAME" >smb.conf</TT -> - file for this connection. This may be needed to connect to some +> file + for this connection. This may be needed to connect to some servers. </P ></DD ><DT @@ -1051,42 +1051,6 @@ CLASS="REPLACEABLE" </P ></DD ><DT ->altname file</DT -><DD -><P ->The client will request that the server return - the "alternate" name (the 8.3 name) for a file or directory. - </P -></DD -><DT ->cancel jobid0 [jobid1] ... [jobidN]</DT -><DD -><P ->The client will request that the server cancel - the printjobs identified by the given numeric print job ids. - </P -></DD -><DT ->chmod file mode in octal</DT -><DD -><P ->This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - change the UNIX permissions to the given octal mode, in standard UNIX format. - </P -></DD -><DT ->chown file uid gid</DT -><DD -><P ->This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - change the UNIX user and group ownership to the given decimal values. Note there is - currently no way to remotely look up the UNIX uid and gid values for a given name. - This may be addressed in future versions of the CIFS UNIX extensions. - </P -></DD -><DT >cd [directory name]</DT ><DD ><P @@ -1175,16 +1139,6 @@ CLASS="REPLACEABLE" </P ></DD ><DT ->link source destination</DT -><DD -><P ->This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - create a hard link between the source and destination files. The source file - must not exist. - </P -></DD -><DT >lowercase</DT ><DD ><P @@ -1398,31 +1352,6 @@ CLASS="REPLACEABLE" privileges permitting) from the server. </P ></DD ><DT ->setmode <filename> <perm=[+|\-]rsha></DT -><DD -><P ->A version of the DOS attrib command to set - file permissions. For example: </P -><P -><B -CLASS="COMMAND" ->setmode myfile +r </B -></P -><P ->would make myfile read only. </P -></DD -><DT ->symlink source destination</DT -><DD -><P ->This command depends on the server supporting the CIFS - UNIX extensions and will fail if the server does not. The client requests that the server - create a symbolic hard link between the source and destination files. The source file - must not exist. Note that the server will not create a link to any path that lies - outside the currently connected share. This is enforced by the Samba server. - </P -></DD -><DT >tar <c|x>[IXbgNa]</DT ><DD ><P @@ -1462,13 +1391,27 @@ CLASS="REPLACEABLE" tar will reset the archive bit on all files it backs up (implies read/write share). </P ></DD +><DT +>setmode <filename> <perm=[+|\-]rsha></DT +><DD +><P +>A version of the DOS attrib command to set + file permissions. For example: </P +><P +><B +CLASS="COMMAND" +>setmode myfile +r </B +></P +><P +>would make myfile read only. </P +></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN501" +NAME="AEN477" ></A ><H2 >NOTES</H2 @@ -1489,7 +1432,7 @@ NAME="AEN501" ><DIV CLASS="REFSECT1" ><A -NAME="AEN506" +NAME="AEN482" ></A ><H2 >ENVIRONMENT VARIABLES</H2 @@ -1522,7 +1465,7 @@ CLASS="ENVAR" ><DIV CLASS="REFSECT1" ><A -NAME="AEN514" +NAME="AEN490" ></A ><H2 >INSTALLATION</H2 @@ -1560,7 +1503,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN524" +NAME="AEN500" ></A ><H2 >DIAGNOSTICS</H2 @@ -1576,7 +1519,7 @@ NAME="AEN524" ><DIV CLASS="REFSECT1" ><A -NAME="AEN528" +NAME="AEN504" ></A ><H2 >VERSION</H2 @@ -1587,7 +1530,7 @@ NAME="AEN528" ><DIV CLASS="REFSECT1" ><A -NAME="AEN531" +NAME="AEN507" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html index 5dc9854a84..c824a7cd09 100644 --- a/docs/htmldocs/smbcontrol.1.html +++ b/docs/htmldocs/smbcontrol.1.html @@ -24,7 +24,7 @@ NAME="AEN5" ></A ><H2 >Name</H2 ->smbcontrol -- send messages to smbd, nmbd or winbindd processes</DIV +>smbcontrol -- send messages to smbd or nmbd processes</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A @@ -65,23 +65,18 @@ CLASS="COMMAND" HREF="smbd.8.html" TARGET="_top" >smbd(8)</A ->, +> or an <A HREF="nmbd.8.html" TARGET="_top" >nmbd(8)</A -> - or a <A -HREF="winbindd.8.html" -TARGET="_top" ->winbindd(8)</A -> - daemon running on the system.</P +> daemon running on the + system.</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN26" +NAME="AEN25" ></A ><H2 >OPTIONS</H2 @@ -180,9 +175,8 @@ CLASS="CONSTANT" message to smbd which will then close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the - share name for which client connections will be closed, or the + share name for which client connections will be close, or the "*" character which will close all currently open shares. - This may be useful if you made changes to the access controls on the share. This message can only be sent to <TT CLASS="CONSTANT" >smbd</TT @@ -226,7 +220,7 @@ CLASS="CONSTANT" collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can - be sent to any smbd or nmbd destinations.</P + be sent to any of the destinations.</P ><P >The <TT CLASS="CONSTANT" @@ -242,7 +236,7 @@ CLASS="CONSTANT" > message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any smbd or nmbd destinations.</P + to any of the destinations.</P ><P >The <TT CLASS="CONSTANT" @@ -255,6 +249,14 @@ CLASS="CONSTANT" CLASS="CONSTANT" >smbd</TT >.</P +><P +>The <TT +CLASS="CONSTANT" +>close-share</TT +> message-type sends a + message to smbd which forces smbd to close the share that was + specified as an argument. This may be useful if you made changes + to the access controls on the share. </P ></DD ><DT >parameters</DT @@ -268,7 +270,7 @@ CLASS="CONSTANT" ><DIV CLASS="REFSECT1" ><A -NAME="AEN81" +NAME="AEN82" ></A ><H2 >VERSION</H2 @@ -279,7 +281,7 @@ NAME="AEN81" ><DIV CLASS="REFSECT1" ><A -NAME="AEN84" +NAME="AEN85" ></A ><H2 >SEE ALSO</H2 @@ -305,7 +307,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN91" +NAME="AEN92" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html index 6a4996d938..72fc10e2e4 100644 --- a/docs/htmldocs/smbd.8.html +++ b/docs/htmldocs/smbd.8.html @@ -272,14 +272,7 @@ TARGET="_top" CLASS="FILENAME" > smb.conf(5)</TT ></A -> file. <EM ->Beware:</EM -> - If the directory specified does not exist, <B -CLASS="COMMAND" ->smbd</B -> - will log to the default debug log location defined at compile time. +> file. </P ><P >The default log directory is specified at @@ -361,7 +354,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN122" +NAME="AEN120" ></A ><H2 >FILES</H2 @@ -473,7 +466,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN158" +NAME="AEN156" ></A ><H2 >LIMITATIONS</H2 @@ -492,7 +485,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN162" +NAME="AEN160" ></A ><H2 >ENVIRONMENT VARIABLES</H2 @@ -523,7 +516,7 @@ CLASS="CONSTANT" ><DIV CLASS="REFSECT1" ><A -NAME="AEN171" +NAME="AEN169" ></A ><H2 >PAM INTERACTION</H2 @@ -568,7 +561,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN182" +NAME="AEN180" ></A ><H2 >VERSION</H2 @@ -579,7 +572,7 @@ NAME="AEN182" ><DIV CLASS="REFSECT1" ><A -NAME="AEN185" +NAME="AEN183" ></A ><H2 >DIAGNOSTICS</H2 @@ -602,7 +595,7 @@ NAME="AEN185" ><DIV CLASS="REFSECT1" ><A -NAME="AEN190" +NAME="AEN188" ></A ><H2 >SIGNALS</H2 @@ -667,7 +660,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN207" +NAME="AEN205" ></A ><H2 >SEE ALSO</H2 @@ -733,7 +726,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN224" +NAME="AEN222" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbmount.8.html b/docs/htmldocs/smbmount.8.html index 9d620f1397..b7263ebf83 100644 --- a/docs/htmldocs/smbmount.8.html +++ b/docs/htmldocs/smbmount.8.html @@ -35,7 +35,7 @@ NAME="AEN8" ><P ><B CLASS="COMMAND" ->smbmount</B +>smbumount</B > {service} {mount-point} [-o options]</P ></DIV ><DIV diff --git a/docs/htmldocs/smbsh.1.html b/docs/htmldocs/smbsh.1.html index ba2cc7b492..66081bbe22 100644 --- a/docs/htmldocs/smbsh.1.html +++ b/docs/htmldocs/smbsh.1.html @@ -37,12 +37,12 @@ NAME="AEN8" ><B CLASS="COMMAND" >smbsh</B -> [-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logfile] [-L libdir]</P +> </P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN18" +NAME="AEN11" ></A ><H2 >DESCRIPTION</H2 @@ -72,223 +72,6 @@ CLASS="COMMAND" >smbsh</B > to work correctly.</P -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN28" -></A -><H2 ->OPTIONS</H2 -><P -></P -><DIV -CLASS="VARIABLELIST" -><DL -><DT ->-W WORKGROUP</DT -><DD -><P ->Override the default workgroup specified in the - workgroup parameter of the <TT -CLASS="FILENAME" ->smb.conf</TT -> file - for this session. This may be needed to connect to some - servers. </P -></DD -><DT ->-U username[%pass]</DT -><DD -><P ->Sets the SMB username or username and password. - If this option is not specified, the user will be prompted for - both the username and the password. If %pass is not specified, - the user will be prompted for the password. - </P -></DD -><DT ->-P prefix</DT -><DD -><P ->This option allows - the user to set the directory prefix for SMB access. The - default value if this option is not specified is - <EM ->smb</EM ->. - </P -></DD -><DT ->-R <name resolve order></DT -><DD -><P ->This option is used to determine what naming - services and in what order to resolve - host names to IP addresses. The option takes a space-separated - string of different name resolution options.</P -><P ->The options are :"lmhosts", "host", "wins" and "bcast". - They cause names to be resolved as follows :</P -><P -></P -><UL -><LI -><P -><TT -CLASS="CONSTANT" ->lmhosts</TT -> : - Lookup an IP address in the Samba lmhosts file. If the - line in lmhosts has no name type attached to the - NetBIOS name - (see the <A -HREF="lmhosts.5.html" -TARGET="_top" ->lmhosts(5)</A -> - for details) then any name type matches for lookup. - </P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->host</TT -> : - Do a standard host name to IP address resolution, using - the system <TT -CLASS="FILENAME" ->/etc/hosts</TT ->, NIS, or DNS - lookups. This method of name resolution is operating - system dependent, for instance on IRIX or Solaris this - may be controlled by the <TT -CLASS="FILENAME" ->/etc/nsswitch.conf - </TT -> file). Note that this method is only used - if the NetBIOS name type being queried is the 0x20 - (server) name type, otherwise it is ignored. - </P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->wins</TT -> : - Query a name with the IP address listed in the - <TT -CLASS="PARAMETER" -><I ->wins server</I -></TT -> parameter. If no - WINS server has been specified this method will be - ignored. - </P -></LI -><LI -><P -><TT -CLASS="CONSTANT" ->bcast</TT -> : - Do a broadcast on each of the known local interfaces - listed in the <TT -CLASS="PARAMETER" -><I ->interfaces</I -></TT -> - parameter. This is the least reliable of the name - resolution methods as it depends on the target host - being on a locally connected subnet. - </P -></LI -></UL -><P ->If this parameter is not set then the name resolve order - defined in the <TT -CLASS="FILENAME" ->smb.conf</TT -> file parameter - (name resolve order) will be used. </P -><P ->The default order is lmhosts, host, wins, bcast. Without - this parameter or any entry in the <TT -CLASS="PARAMETER" -><I ->name resolve order - </I -></TT -> parameter of the <TT -CLASS="FILENAME" ->smb.conf</TT -> - file, the name resolution methods will be attempted in this - order. </P -></DD -><DT ->-d <debug level></DT -><DD -><P ->debug level is an integer from 0 to 10.</P -><P ->The default value if this parameter is not specified - is zero.</P -><P ->The higher this value, the more detail will be logged - about the activities of <B -CLASS="COMMAND" ->nmblookup</B ->. At level - 0, only critical errors and serious warnings will be logged. - </P -></DD -><DT ->-l logfilename</DT -><DD -><P ->If specified causes all debug messages to be - written to the file specified by <TT -CLASS="REPLACEABLE" -><I ->logfilename - </I -></TT ->. If not specified then all messages will be - written to<TT -CLASS="REPLACEABLE" -><I ->stderr</I -></TT ->. - </P -></DD -><DT ->-L libdir</DT -><DD -><P ->This parameter specifies the location of the - shared libraries used by <B -CLASS="COMMAND" ->smbsh</B ->. The default - value is specified at compile time. - </P -></DD -></DL -></DIV -></DIV -><DIV -CLASS="REFSECT1" -><A -NAME="AEN91" -></A -><H2 ->EXAMPLES</H2 ><P >To use the <B CLASS="COMMAND" @@ -375,7 +158,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN112" +NAME="AEN40" ></A ><H2 >VERSION</H2 @@ -386,7 +169,7 @@ NAME="AEN112" ><DIV CLASS="REFSECT1" ><A -NAME="AEN115" +NAME="AEN43" ></A ><H2 >BUGS</H2 @@ -419,7 +202,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN124" +NAME="AEN52" ></A ><H2 >SEE ALSO</H2 @@ -442,7 +225,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN130" +NAME="AEN58" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html index fe218a8f67..4cc0ef423f 100644 --- a/docs/htmldocs/wbinfo.1.html +++ b/docs/htmldocs/wbinfo.1.html @@ -36,12 +36,12 @@ NAME="AEN8" ><B CLASS="COMMAND" >wbinfo</B -> [-u] [-g] [-h name] [-i ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password]</P +> [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p]</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN26" +NAME="AEN23" ></A ><H2 >DESCRIPTION</H2 @@ -78,7 +78,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN37" +NAME="AEN34" ></A ><H2 >OPTIONS</H2 @@ -122,52 +122,6 @@ CLASS="COMMAND" >. </P ></DD ><DT ->-h name</DT -><DD -><P ->The <TT -CLASS="PARAMETER" -><I ->-h</I -></TT -> option - queries <B -CLASS="COMMAND" ->winbindd(8)</B -> to query the WINS - server for the IP address associated with the NetBIOS name - specified by the <TT -CLASS="PARAMETER" -><I ->name</I -></TT -> parameter. - </P -></DD -><DT ->-i ip</DT -><DD -><P ->The <TT -CLASS="PARAMETER" -><I ->-i</I -></TT -> option - queries <B -CLASS="COMMAND" ->winbindd(8)</B -> to send a node status - request to get the NetBIOS name associated with the IP address - specified by the <TT -CLASS="PARAMETER" -><I ->ip</I -></TT -> parameter. - </P -></DD -><DT >-n name</DT ><DD ><P @@ -274,15 +228,6 @@ CLASS="COMMAND" </P ></DD ><DT ->-r username</DT -><DD -><P ->Try to obtain the list of UNIX group ids - to which the user belongs. This only works for users - defined on a Domain Controller. - </P -></DD -><DT >-a username%password</DT ><DD ><P @@ -291,14 +236,11 @@ CLASS="COMMAND" </P ></DD ><DT ->-A username%password</DT +>-p</DT ><DD ><P ->Store username and password used by winbindd - during session setup to a domain controller. This enables - winbindd to operate in a Windows 2000 domain with Restrict - Anonymous turned on (a.k.a. Permissions compatiable with - Windows 2000 servers only). +>Attempt a simple 'ping' check that the winbindd + is indeed alive. </P ></DD ></DL @@ -307,7 +249,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN119" +NAME="AEN98" ></A ><H2 >EXIT STATUS</H2 @@ -326,7 +268,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN124" +NAME="AEN103" ></A ><H2 >VERSION</H2 @@ -337,7 +279,7 @@ NAME="AEN124" ><DIV CLASS="REFSECT1" ><A -NAME="AEN127" +NAME="AEN106" ></A ><H2 >SEE ALSO</H2 @@ -355,7 +297,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN132" +NAME="AEN111" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html index 1ecb08cdb4..51a70042b1 100644 --- a/docs/htmldocs/winbindd.8.html +++ b/docs/htmldocs/winbindd.8.html @@ -109,22 +109,6 @@ CLASS="FILENAME" CLASS="VARIABLELIST" ><DL ><DT ->hosts</DT -><DD -><P ->User information traditionally stored in - the <TT -CLASS="FILENAME" ->hosts(5)</TT -> file and used by - <B -CLASS="COMMAND" ->gethostbyname(3)</B -> functions. Names are - resolved through the WINS server or by broadcast. - </P -></DD -><DT >passwd</DT ><DD ><P @@ -185,22 +169,11 @@ group: files winbind ></TR ></TABLE ></P -><P ->The following simple configuration in the - <TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -> file can be used to initially - resolve hostnames from <TT -CLASS="FILENAME" ->/etc/hosts</TT -> and then from the - WINS server.</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN57" +NAME="AEN48" ></A ><H2 >OPTIONS</H2 @@ -239,7 +212,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN70" +NAME="AEN61" ></A ><H2 >NAME AND ID RESOLUTION</H2 @@ -270,7 +243,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN76" +NAME="AEN67" ></A ><H2 >CONFIGURATION</H2 @@ -559,7 +532,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN167" +NAME="AEN158" ></A ><H2 >EXAMPLE SETUP</H2 @@ -737,7 +710,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN206" +NAME="AEN197" ></A ><H2 >NOTES</H2 @@ -795,7 +768,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN222" +NAME="AEN213" ></A ><H2 >SIGNALS</H2 @@ -846,7 +819,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN239" +NAME="AEN230" ></A ><H2 >FILES</H2 @@ -922,7 +895,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN268" +NAME="AEN259" ></A ><H2 >VERSION</H2 @@ -933,7 +906,7 @@ NAME="AEN268" ><DIV CLASS="REFSECT1" ><A -NAME="AEN271" +NAME="AEN262" ></A ><H2 >SEE ALSO</H2 @@ -961,7 +934,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN278" +NAME="AEN269" ></A ><H2 >AUTHOR</H2 diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 875de31f42..18168220e4 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "NMBD" "8" "08 May 2002" "" "" +.TH "NMBD" "8" "28 January 2002" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS @@ -126,11 +126,11 @@ parameter in the \fI smb.conf\fRfile. The -l parameter specifies a directory into which the "log.nmbd" log file will be created for operational data from the running -\fBnmbd\fR server. The default log directory is compiled into Samba +\fBnmbd\fR server. + +The default log directory is compiled into Samba as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or -\fI/var/log/log.nmb\fR. \fBBeware:\fR -If the directory specified does not exist, \fBnmbd\fR -will log to the default debug log location defined at compile time. +\fI/var/log/log.nmb\fR. .TP \fB-n <primary NetBIOS name>\fR This option allows you to override @@ -142,57 +142,58 @@ line setting will take precedence over settings in .TP \fB-p <UDP port number>\fR UDP port number is a positive integer value. -This option changes the default UDP port number (normally 137) -that \fBnmbd\fR responds to name queries on. Don't -use this option unless you are an expert, in which case you +This option changes the default UDP port number (normally 137) +that \fBnmbd\fR responds to name queries on. Don't +use this option unless you are an expert, in which case you won't need help! .TP \fB-s <configuration file>\fR -The default configuration file name +The default configuration file name is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but this may be changed when Samba is autoconfigured. -The file specified contains the configuration details -required by the server. See \fIsmb.conf(5)\fRfor more information. +The file specified contains the configuration details +required by the server. See +\fIsmb.conf(5)\fRfor more information. .SH "FILES" .TP \fB\fI/etc/inetd.conf\fB\fR -If the server is to be run by the -\fBinetd\fR meta-daemon, this file -must contain suitable startup information for the +If the server is to be run by the +\fBinetd\fR meta-daemon, this file +must contain suitable startup information for the meta-daemon. See the UNIX_INSTALL.htmldocument for details. .TP \fB\fI/etc/rc\fB\fR -or whatever initialization script your +or whatever initialization script your system uses). -If running the server as a daemon at startup, -this file will need to contain an appropriate startup +If running the server as a daemon at startup, +this file will need to contain an appropriate startup sequence for the server. See the UNIX_INSTALL.htmldocument for details. .TP \fB\fI/etc/services\fB\fR -If running the server via the -meta-daemon \fBinetd\fR, this file -must contain a mapping of service name (e.g., netbios-ssn) -to service port (e.g., 139) and protocol type (e.g., tcp). +If running the server via the +meta-daemon \fBinetd\fR, this file +must contain a mapping of service name (e.g., netbios-ssn) +to service port (e.g., 139) and protocol type (e.g., tcp). See the UNIX_INSTALL.html document for details. .TP \fB\fI/usr/local/samba/lib/smb.conf\fB\fR -This is the default location of the +This is the default location of the \fIsmb.conf\fR -server configuration file. Other common places that systems -install this file are \fI/usr/samba/lib/smb.conf\fR +server configuration file. Other common places that systems +install this file are \fI/usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf\fR. -When run as a WINS server (see the +When run as a WINS server (see the wins support parameter in the \fIsmb.conf(5)\fR man page), \fBnmbd\fR -will store the WINS database in the file \fIwins.dat\fR -in the \fIvar/locks\fR directory configured under +will store the WINS database in the file \fIwins.dat\fR +in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself. If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master @@ -203,17 +204,17 @@ will store the browsing database in the file \fIbrowse.dat configured under wherever Samba was configured to install itself. .SH "SIGNALS" .PP -To shut down an \fBnmbd\fR process it is recommended -that SIGKILL (-9) \fBNOT\fR be used, except as a last -resort, as this may leave the name database in an inconsistent state. -The correct way to terminate \fBnmbd\fR is to send it +To shut down an \fBnmbd\fR process it is recommended +that SIGKILL (-9) \fBNOT\fR be used, except as a last +resort, as this may leave the name database in an inconsistent state. +The correct way to terminate \fBnmbd\fR is to send it a SIGTERM (-15) signal and wait for it to die on its own. .PP -\fBnmbd\fR will accept SIGHUP, which will cause +\fBnmbd\fR will accept SIGHUP, which will cause it to dump out its namelists into the file \fInamelist.debug -\fRin the \fI/usr/local/samba/var/locks\fR -directory (or the \fIvar/locks\fR directory configured -under wherever Samba was configured to install itself). This will also +\fRin the \fI/usr/local/samba/var/locks\fR +directory (or the \fIvar/locks\fR directory configured +under wherever Samba was configured to install itself). This will also cause \fBnmbd\fR to dump out its server database in the \fIlog.nmb\fR file. .PP diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index e2f5531d5d..7a8661c30b 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "PDBEDIT" "8" "24 April 2002" "" "" +.TH "PDBEDIT" "8" "28 January 2002" "" "" .SH NAME pdbedit \- manage the SAM database .SH SYNOPSIS .sp -\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i passdb-backend\fR ] [ \fB-e passdb-backend\fR ] [ \fB-D debuglevel\fR ] +\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i file\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -160,19 +160,15 @@ from the database. It need the username be specified with the Example: \fBpdbedit -x -u bob\fR .TP -\fB-i passdb-backend\fR -Use a different passdb backend to retrieve users than the one specified in smb.conf. +\fB-i file\fR +This command is used to import a smbpasswd +file into the database. -This option will ease migration from one passdb backend to another. +This option will ease migration from the plain smbpasswd +file database to more powerful backend databases like tdb and +ldap. -Example: \fBpdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb\fR -.TP -\fB-e passdb-backend\fR -Export all currently available users to the specified password database backend. - -This option will ease migration from one passdb backend to another and will ease backupping - -Example: \fBpdbedit -e smbpasswd:/root/samba-users.backup\fR +Example: \fBpdbedit -i /etc/smbpasswd.old\fR .SH "NOTES" .PP This command may be used only by root. diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 692530334b..d19f9ef6f9 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMB.CONF" "5" "08 May 2002" "" "" +.TH "SMB.CONF" "5" "16 April 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -30,7 +30,7 @@ line represents either a comment, a section name or a parameter. Section and parameter names are not case sensitive. .PP Only the first equals sign in a parameter is significant. -Whitespace before or after the first equals sign is discarded. +Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -70,7 +70,7 @@ client as an extension of their native file systems) or printable services (used by the client to access print services on the host running the server). .PP -Sections may be designated \fBguest\fR services, +Sections may be designated \fBguest\fR services, in which case no password is required to access them. A specified UNIX \fBguest account\fR is used to define access privileges in this case. @@ -384,7 +384,7 @@ protocol negotiation. It can be one of CORE, COREPLUS, LANMAN1, LANMAN2 or NT1. .TP \fB%d\fR -The process id of the current server +The process id of the current server process. .TP \fB%a\fR @@ -445,7 +445,7 @@ case that the client passes, or if they are forced to be the "default" case. Default \fByes\fR. .TP \fBshort preserve case = yes/no\fR -controls if new files which conform to 8.3 syntax, +controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -463,9 +463,8 @@ if it will allow a connection to a specified service. If all the steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked. .PP -If the service is marked "guest only = yes" and the -server is running with share-level security ("security = share") -then steps 1 to 5 are skipped. +If the service is marked "guest only = yes" then +steps 1 to 5 are skipped. .IP 1. If the client has passed a username/password pair and that username/password pair is validated by the UNIX @@ -522,9 +521,6 @@ each parameter for details. Note that some are synonyms. \fIadd machine script\fR .TP 0.2i \(bu -\fIalgorithmic rid base\fR -.TP 0.2i -\(bu \fIallow trusted domains\fR .TP 0.2i \(bu @@ -687,15 +683,6 @@ each parameter for details. Note that some are synonyms. \fIlock directory\fR .TP 0.2i \(bu -\fIlock spin count\fR -.TP 0.2i -\(bu -\fIlock spin time\fR -.TP 0.2i -\(bu -\fIpid directory\fR -.TP 0.2i -\(bu \fIlog file\fR .TP 0.2i \(bu @@ -789,9 +776,6 @@ each parameter for details. Note that some are synonyms. \fInt pipe support\fR .TP 0.2i \(bu -\fInt status support\fR -.TP 0.2i -\(bu \fInull passwords\fR .TP 0.2i \(bu @@ -1096,9 +1080,6 @@ each parameter for details. Note that some are synonyms. \fIcreate mode\fR .TP 0.2i \(bu -\fIcsc policy\fR -.TP 0.2i -\(bu \fIdefault case\fR .TP 0.2i \(bu @@ -1198,9 +1179,6 @@ each parameter for details. Note that some are synonyms. \fIinclude\fR .TP 0.2i \(bu -\fIinherit acls\fR -.TP 0.2i -\(bu \fIinherit permissions\fR .TP 0.2i \(bu @@ -1357,9 +1335,6 @@ each parameter for details. Note that some are synonyms. \fIset directory\fR .TP 0.2i \(bu -\fIshare modes\fR -.TP 0.2i -\(bu \fIshort preserve case\fR .TP 0.2i \(bu @@ -1622,25 +1597,6 @@ Example: \fBadmin users = jason\fR \fBallow hosts (S)\fR Synonym for \fIhosts allow\fR. .TP -\fBalgorithmic rid base (G)\fR -This determines how Samba will use its -algorithmic mapping from uids/gid to the RIDs needed to construct -NT Security Identifiers. - -Setting this option to a larger value could be useful to sites -transitioning from WinNT and Win2k, as existing user and -group rids would otherwise clash with sytem users etc. - -All UIDs and GIDs must be able to be resolved into SIDs for -the correct operation of ACLs on the server. As such the algorithmic -mapping can't be 'turned off', but pushing it 'out of the way' should -resolve the issues. Users and groups can then be assigned 'low' RIDs -in arbitary-rid supporting backends. - -Default: \fBalgorithmic rid base = 1000\fR - -Example: \fBalgorithmic rid base = 100000\fR -.TP \fBallow trusted domains (G)\fR This option only takes effect when the \fIsecurity\fR option is set to server or domain. @@ -1957,23 +1913,6 @@ Example: \fBcreate mask = 0775\fR \fBcreate mode (S)\fR This is a synonym for \fI create mask\fR. .TP -\fBcsc policy (S)\fR -This stands for \fBclient-side caching -policy\fR, and specifies how clients capable of offline -caching will cache the files in the share. The valid values -are: manual, documents, programs, disable. - -These values correspond to those used on Windows -servers. - -For example, shares containing roaming profiles can have -offline caching disabled using \fBcsc policy = disable -\fR\&. - -Default: \fBcsc policy = manual\fR - -Example: \fBcsc policy = programs\fR -.TP \fBdeadtime (G)\fR The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection @@ -3115,17 +3054,6 @@ Default: \fBno file included\fR Example: \fBinclude = /usr/local/samba/lib/admin_smb.conf \fR.TP -\fBinherit acls (S)\fR -This parameter can be used to ensure -that if default acls exist on parent directories, -they are always honored when creating a subdirectory. -The default behavior is to use the mode specified -when creating the directory. Enabling this option -sets the mode to 0777, thus guaranteeing that -default directory acls are propagated. - -Default: \fBinherit acls = no\fR -.TP \fBinherit permissions (S)\fR The permissions on new files and directories are normally governed by \fI create mask\fR, \fIdirectory mask\fR, \fIforce create mode\fR @@ -3493,26 +3421,6 @@ Default: \fBlock directory = ${prefix}/var/locks\fR Example: \fBlock directory = /var/run/samba/locks\fR .TP -\fBlock spin count (G)\fR -This parameter controls the number of times -that smbd should attempt to gain a byte range lock on the -behalf of a client request. Experiments have shown that -Windows 2k servers do not reply with a failure if the lock -could not be immediately granted, but try a few more times -in case the lock could later be aquired. This behavior -is used to support PC database formats such as MS Access -and FoxPro. - -Default: \fBlock spin count = 2\fR -.TP -\fBlock spin time (G)\fR -The time in microseconds that smbd should -pause before attempting to gain a failed lock. See -\fIlock spin -count\fR for more details. - -Default: \fBlock spin time = 10\fR -.TP \fBlocking (S)\fR This controls whether or not locking will be performed by the server in response to lock requests from the @@ -3756,8 +3664,8 @@ This command should be a program or script which takes a printer name as its only parameter and outputs printer status information. -Currently nine styles of printer status information -are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. +Currently eight styles of printer status information +are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. This covers most UNIX systems. You control which type is expected using the \fIprinting =\fR option. @@ -3773,10 +3681,7 @@ command. Note that it is good practice to include the absolute path in the \fIlpq command\fR as the \fB$PATH -\fRmay not be available to the server. When compiled with -the CUPS libraries, no \fIlpq command\fR is -needed because smbd will make a library call to obtain the -print queue listing. +\fRmay not be available to the server. See also the \fIprinting \fRparameter. @@ -4564,18 +4469,6 @@ alone. Default: \fBnt pipe support = yes\fR .TP -\fBnt status support (G)\fR -This boolean parameter controls whether smbd(8)will negotiate NT specific status -support with Windows NT/2k/XP clients. This is a developer -debugging option and should be left alone. -If this option is set to no then Samba offers -exactly the same DOS error codes that versions prior to Samba 2.2.3 -reported. - -You should not need to ever disable this parameter. - -Default: \fBnt status support = yes\fR -.TP \fBnull passwords (G)\fR Allow or disallow client access to accounts that have null passwords. @@ -4736,10 +4629,10 @@ Default: \fBpanic action = <empty string>\fR Example: \fBpanic action = "/bin/sleep 90000"\fR .TP \fBpassdb backend (G)\fR -This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both -smbpasswd and tdbsam to be used without a recompile. -Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. -Experimental backends must still be selected +This option allows the administrator to chose what +backend in which to store passwords. This allows (for example) both +smbpasswd and tdbsam to be used without a recompile. Only one can +be used at a time however, and experimental backends must still be selected (eg --with-tdbsam) at configure time. This paramater is in two parts, the backend's name, and a 'location' @@ -4795,11 +4688,11 @@ for its own processing Default: \fBpassdb backend = smbpasswd\fR -Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd\fR +Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb\fR Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com\fR -Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb\fR +Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args\fR .TP \fBpasswd chat (G)\fR This string controls the \fB"chat"\fR @@ -5055,14 +4948,6 @@ Default: \fBnone\fR Example: \fBpath = /home/fred\fR .TP -\fBpid directory (G)\fR -This option specifies the directory where pid -files will be placed. - -Default: \fBpid directory = ${prefix}/var/locks\fR - -Example: \fBpid directory = /var/run/\fR -.TP \fBposix locking (S)\fR The \fBsmbd(8)\fR daemon maintains an database of file locks obtained by SMB clients. @@ -5192,23 +5077,14 @@ spool file when it has been processed, otherwise you will need to manually remove old spool files. The print command is simply a text string. It will be used -verbatim after macro substitutions have been made: - -s, %p - the path to the spool -file name - -%p - the appropriate printer -name - -%J - the job +verbatim, with two exceptions: All occurrences of \fI%s +\fRand \fI%f\fR will be replaced by the +appropriate spool file name, and all occurrences of \fI%p +\fRwill be replaced by the appropriate printer name. The +spool file name is generated automatically by the server. The +\fI%J\fR macro can be used to access the job name as transmitted by the client. -%c - The number of printed pages -of the spooled job (if known). - -%z - the size of the spooled -print job (in bytes) - The print command \fBMUST\fR contain at least one occurrence of \fI%s\fR or \fI%f \fR- the \fI%p\fR is optional. At the time @@ -5253,16 +5129,6 @@ For \fBprinting = SOFTQ :\fR \fBprint command = lp -d%p -s %s; rm %s\fR -For printing = CUPS : If SAMBA is compiled against -libcups, then printcap = cups -uses the CUPS API to -submit jobs, etc. Otherwise it maps to the System V -commands with the -oraw option for printing, i.e. it -uses \fBlp -c -d%p -oraw; rm %s\fR. -With \fBprinting = cups\fR, -and if SAMBA is compiled against libcups, any manually -set print command will be ignored. - Example: \fBprint command = /usr/local/samba/bin/myprintscript %p %s\fR .TP @@ -5290,13 +5156,6 @@ This parameter may be used to override the compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR). See the discussion of the [printers] section above for reasons why you might want to do this. -To use the CUPS printing interface set \fBprintcap name = cups -\fR\&. This should be supplemented by an addtional setting -printing = cups in the [global] -section. \fBprintcap name = cups\fR will use the -"dummy" printcap created by CUPS, as specified in your CUPS -configuration file. - On System V systems that use \fBlpstat\fR to list available printers you can use \fBprintcap name = lpstat \fRto automatically obtain lists of available printers. This @@ -6027,29 +5886,6 @@ for details. Default: \fBset directory = no\fR .TP -\fBshare modes (S)\fR -This enables or disables the honoring of -the \fIshare modes\fR during a file open. These -modes are used by clients to gain exclusive read or write access -to a file. - -These open modes are not directly supported by UNIX, so -they are simulated using shared memory, or lock files if your -UNIX doesn't support shared memory (almost all do). - -The share modes that are enabled by this option are -DENY_DOS, DENY_ALL, -DENY_READ, DENY_WRITE, -DENY_NONE and DENY_FCB. - -This option gives full share compatibility and enabled -by default. - -You should \fBNEVER\fR turn this parameter -off as many Windows applications will break if you do so. - -Default: \fBshare modes = yes\fR -.TP \fBshort preserve case (S)\fR This boolean parameter controls if new files which conform to 8.3 syntax, that is all in upper case and of @@ -7120,7 +6956,7 @@ that Samba has to do in order to perform the link checks. Default: \fBwide links = yes\fR .TP -\fBwinbind cache time (G)\fR +\fBwinbind cache time\fR This parameter specifies the number of seconds the winbindd(8)daemon will cache user and group information before querying a Windows NT server @@ -7128,7 +6964,7 @@ again. Default: \fBwinbind cache type = 15\fR .TP -\fBwinbind enum users (G)\fR +\fBwinbind enum users\fR On large installations using winbindd(8)it may be necessary to suppress the enumeration of users through the @@ -7147,7 +6983,7 @@ usernames. Default: \fBwinbind enum users = yes \fR .TP -\fBwinbind enum groups (G)\fR +\fBwinbind enum groups\fR On large installations using winbindd(8)it may be necessary to suppress the enumeration of groups through the @@ -7163,7 +6999,7 @@ enumeration may cause some programs to behave oddly. Default: \fBwinbind enum groups = yes \fR .TP -\fBwinbind gid (G)\fR +\fBwinbind gid\fR The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8)daemon. This range of group ids should have no existing local or NIS groups within it as strange conflicts can @@ -7173,7 +7009,7 @@ Default: \fBwinbind gid = <empty string> \fR Example: \fBwinbind gid = 10000-20000\fR .TP -\fBwinbind separator (G)\fR +\fBwinbind separator\fR This parameter allows an admin to define the character used when listing a username of the form of \fIDOMAIN \fR\\\fIuser\fR. This parameter @@ -7184,11 +7020,11 @@ Please note that setting this parameter to + causes problems with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group. -Default: \fBwinbind separator = '\\'\fR +Example: \fBwinbind separator = \\\\\fR -Example: \fBwinbind separator = +\fR +Example: \fBwinbind separator = /\fR .TP -\fBwinbind uid (G)\fR +\fBwinbind uid\fR The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8)daemon. This range of ids should have no existing local or NIS users within it as strange conflicts can diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 641f2d4a9f..8b969ce4d1 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCLIENT" "1" "08 May 2002" "" "" +.TH "SMBCLIENT" "1" "28 January 2002" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS @@ -327,9 +327,9 @@ is 65520 bytes. Setting this value smaller (to 1200 bytes) has been observed to speed up file transfers to and from a Win9x server. .TP \fB-W WORKGROUP\fR -Override the default workgroup (domain) specified -in the workgroup parameter of the \fIsmb.conf\fR -file for this connection. This may be needed to connect to some +Override the default workgroup specified in the +workgroup parameter of the \fIsmb.conf\fR file +for this connection. This may be needed to connect to some servers. .TP \fB-T tar options\fR @@ -513,26 +513,6 @@ If \fIshell command\fR is specified, the ! command will execute a shell locally and run the specified shell command. If no command is specified, a local shell will be run. .TP -\fBaltname file\fR -The client will request that the server return -the "alternate" name (the 8.3 name) for a file or directory. -.TP -\fBcancel jobid0 [jobid1] ... [jobidN]\fR -The client will request that the server cancel -the printjobs identified by the given numeric print job ids. -.TP -\fBchmod file mode in octal\fR -This command depends on the server supporting the CIFS -UNIX extensions and will fail if the server does not. The client requests that the server -change the UNIX permissions to the given octal mode, in standard UNIX format. -.TP -\fBchown file uid gid\fR -This command depends on the server supporting the CIFS -UNIX extensions and will fail if the server does not. The client requests that the server -change the UNIX user and group ownership to the given decimal values. Note there is -currently no way to remotely look up the UNIX uid and gid values for a given name. -This may be addressed in future versions of the CIFS UNIX extensions. -.TP \fBcd [directory name]\fR If "directory name" is specified, the current working directory on the server will be changed to the directory @@ -575,12 +555,6 @@ reason the specified directory is inaccessible. If no directory name is specified, the name of the current working directory on the local machine will be reported. .TP -\fBlink source destination\fR -This command depends on the server supporting the CIFS -UNIX extensions and will fail if the server does not. The client requests that the server -create a hard link between the source and destination files. The source file -must not exist. -.TP \fBlowercase\fR Toggle lowercasing of filenames for the get and mget commands. @@ -700,21 +674,6 @@ working directory on the server. Remove the specified directory (user access privileges permitting) from the server. .TP -\fBsetmode <filename> <perm=[+|\\-]rsha>\fR -A version of the DOS attrib command to set -file permissions. For example: - -\fBsetmode myfile +r \fR - -would make myfile read only. -.TP -\fBsymlink source destination\fR -This command depends on the server supporting the CIFS -UNIX extensions and will fail if the server does not. The client requests that the server -create a symbolic hard link between the source and destination files. The source file -must not exist. Note that the server will not create a link to any path that lies -outside the currently connected share. This is enforced by the Samba server. -.TP \fBtar <c|x>[IXbgNa]\fR Performs a tar operation - see the \fI-T \fRcommand line option above. Behavior may be affected @@ -734,6 +693,14 @@ archive bit setting (this is the default mode). In incremental mode, tar will only back up files with the archive bit set. In reset mode, tar will reset the archive bit on all files it backs up (implies read/write share). +.TP +\fBsetmode <filename> <perm=[+|\\-]rsha>\fR +A version of the DOS attrib command to set +file permissions. For example: + +\fBsetmode myfile +r \fR + +would make myfile read only. .SH "NOTES" .PP Some servers are fussy about the case of supplied usernames, diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index f3e6c843b5..f341b563e1 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -3,9 +3,9 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCONTROL" "1" "08 May 2002" "" "" +.TH "SMBCONTROL" "1" "28 January 2002" "" "" .SH NAME -smbcontrol \- send messages to smbd, nmbd or winbindd processes +smbcontrol \- send messages to smbd or nmbd processes .SH SYNOPSIS .sp \fBsmbcontrol\fR [ \fB-i\fR ] @@ -16,10 +16,9 @@ smbcontrol \- send messages to smbd, nmbd or winbindd processes This tool is part of the Sambasuite. .PP \fBsmbcontrol\fR is a very small program, which -sends messages to an smbd(8), -an nmbd(8) -or a winbindd(8) -daemon running on the system. +sends messages to an smbd(8)or +an nmbd(8)daemon running on the +system. .SH "OPTIONS" .TP \fB-i\fR @@ -53,9 +52,8 @@ The close-share message-type sends a message to smbd which will then close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the -share name for which client connections will be closed, or the +share name for which client connections will be close, or the "*" character which will close all currently open shares. -This may be useful if you made changes to the access controls on the share. This message can only be sent to smbd. The debug message-type allows @@ -78,7 +76,7 @@ parameter. The parameter can be "on" to turn on profile stats collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can -be sent to any smbd or nmbd destinations. +be sent to any of the destinations. The debuglevel message-type sends a "request debug level" message. The current debug level setting @@ -88,13 +86,18 @@ sent to any of the destinations. The profilelevel message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent -to any smbd or nmbd destinations. +to any of the destinations. The printer-notify message-type sends a message to smbd which in turn sends a printer notify message to any Windows NT clients connected to a printer. This message-type takes an argument of the printer name to send notify messages to. This message can only be sent to smbd. + +The close-share message-type sends a +message to smbd which forces smbd to close the share that was +specified as an argument. This may be useful if you made changes +to the access controls on the share. .TP \fBparameters\fR any parameters required for the message-type diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index 83483c8835..f534a59bf3 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBD" "8" "08 May 2002" "" "" +.TH "SMBD" "8" "28 January 2002" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS @@ -124,9 +124,7 @@ file will be created for informational and debug messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size -option in the \fI smb.conf(5)\fRfile. \fBBeware:\fR -If the directory specified does not exist, \fBsmbd\fR -will log to the default debug log location defined at compile time. +option in the \fI smb.conf(5)\fRfile. The default log directory is specified at compile time. diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index 0d4a7fc870..1cef431e47 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBMOUNT" "8" "08 May 2002" "" "" +.TH "SMBMOUNT" "8" "28 January 2002" "" "" .SH NAME smbmount \- mount an smbfs filesystem .SH SYNOPSIS .sp -\fBsmbmount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] +\fBsmbumount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] .SH "DESCRIPTION" .PP \fBsmbmount\fR mounts a Linux SMB filesystem. It diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 774607c3a2..130df3582b 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSH" "1" "08 May 2002" "" "" +.TH "SMBSH" "1" "28 January 2002" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands .SH SYNOPSIS .sp -\fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-d <debug level>\fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ] +\fBsmbsh\fR .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -17,104 +17,6 @@ This tool is part of the Sambasuite. using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a shell that is dynamically linked in order for \fBsmbsh\fR to work correctly. -.SH "OPTIONS" -.TP -\fB-W WORKGROUP\fR -Override the default workgroup specified in the -workgroup parameter of the \fIsmb.conf\fR file -for this session. This may be needed to connect to some -servers. -.TP -\fB-U username[%pass]\fR -Sets the SMB username or username and password. -If this option is not specified, the user will be prompted for -both the username and the password. If %pass is not specified, -the user will be prompted for the password. -.TP -\fB-P prefix\fR -This option allows -the user to set the directory prefix for SMB access. The -default value if this option is not specified is -\fBsmb\fR. -.TP -\fB-R <name resolve order>\fR -This option is used to determine what naming -services and in what order to resolve -host names to IP addresses. The option takes a space-separated -string of different name resolution options. - -The options are :"lmhosts", "host", "wins" and "bcast". -They cause names to be resolved as follows : -.RS -.TP 0.2i -\(bu -lmhosts : -Lookup an IP address in the Samba lmhosts file. If the -line in lmhosts has no name type attached to the -NetBIOS name -(see the lmhosts(5) -for details) then any name type matches for lookup. -.TP 0.2i -\(bu -host : -Do a standard host name to IP address resolution, using -the system \fI/etc/hosts\fR, NIS, or DNS -lookups. This method of name resolution is operating -system dependent, for instance on IRIX or Solaris this -may be controlled by the \fI/etc/nsswitch.conf -\fRfile). Note that this method is only used -if the NetBIOS name type being queried is the 0x20 -(server) name type, otherwise it is ignored. -.TP 0.2i -\(bu -wins : -Query a name with the IP address listed in the -\fIwins server\fR parameter. If no -WINS server has been specified this method will be -ignored. -.TP 0.2i -\(bu -bcast : -Do a broadcast on each of the known local interfaces -listed in the \fIinterfaces\fR -parameter. This is the least reliable of the name -resolution methods as it depends on the target host -being on a locally connected subnet. -.RE -.PP -If this parameter is not set then the name resolve order -defined in the \fIsmb.conf\fR file parameter -(name resolve order) will be used. -.PP -.PP -The default order is lmhosts, host, wins, bcast. Without -this parameter or any entry in the \fIname resolve order -\fRparameter of the \fIsmb.conf\fR -file, the name resolution methods will be attempted in this -order. -.PP -.TP -\fB-d <debug level>\fR -debug level is an integer from 0 to 10. - -The default value if this parameter is not specified -is zero. - -The higher this value, the more detail will be logged -about the activities of \fBnmblookup\fR. At level -0, only critical errors and serious warnings will be logged. -.TP -\fB-l logfilename\fR -If specified causes all debug messages to be -written to the file specified by \fIlogfilename -\fR\&. If not specified then all messages will be -written to\fIstderr\fR. -.TP -\fB-L libdir\fR -This parameter specifies the location of the -shared libraries used by \fBsmbsh\fR. The default -value is specified at compile time. -.SH "EXAMPLES" .PP To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password that authenticates you to the machine running the Windows NT diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 57aaf98b62..9537af287b 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -3,12 +3,12 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WBINFO" "1" "08 May 2002" "" "" +.TH "WBINFO" "1" "28 January 2002" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS .sp -\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-h name\fR ] [ \fB-i ip\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] +\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-a user%password\fR ] [ \fB-p\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -37,18 +37,6 @@ will also be listed. Note that this operation does not assign group ids to any groups that have not already been seen by \fBwinbindd(8)\fR. .TP -\fB-h name\fR -The \fI-h\fR option -queries \fBwinbindd(8)\fR to query the WINS -server for the IP address associated with the NetBIOS name -specified by the \fIname\fR parameter. -.TP -\fB-i ip\fR -The \fI-i\fR option -queries \fBwinbindd(8)\fR to send a node status -request to get the NetBIOS name associated with the IP address -specified by the \fIip\fR parameter. -.TP \fB-n name\fR The \fI-n\fR option queries \fBwinbindd(8)\fR for the SID @@ -95,21 +83,13 @@ Windows NT server \fBwinbindd(8)\fR contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. .TP -\fB-r username\fR -Try to obtain the list of UNIX group ids -to which the user belongs. This only works for users -defined on a Domain Controller. -.TP \fB-a username%password\fR Attempt to authenticate a user via winbindd. This checks both authenticaion methods and reports its results. .TP -\fB-A username%password\fR -Store username and password used by winbindd -during session setup to a domain controller. This enables -winbindd to operate in a Windows 2000 domain with Restrict -Anonymous turned on (a.k.a. Permissions compatiable with -Windows 2000 servers only). +\fB-p\fR +Attempt a simple 'ping' check that the winbindd +is indeed alive. .SH "EXIT STATUS" .PP The wbinfo program returns 0 if the operation diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index ca0c87bd08..cca62f25e4 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WINBINDD" "8" "08 May 2002" "" "" +.TH "WINBINDD" "8" "28 January 2002" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers .SH SYNOPSIS @@ -38,12 +38,6 @@ installed, this should always suceed. The following nsswitch databases are implemented by the winbindd service: .TP -\fBhosts\fR -User information traditionally stored in -the \fIhosts(5)\fR file and used by -\fBgethostbyname(3)\fR functions. Names are -resolved through the WINS server or by broadcast. -.TP \fBpasswd\fR User information traditionally stored in the \fIpasswd(5)\fR file and used by @@ -69,12 +63,6 @@ group: files winbind .sp .fi .PP -.PP -The following simple configuration in the -\fI/etc/nsswitch.conf\fR file can be used to initially -resolve hostnames from \fI/etc/hosts\fR and then from the -WINS server. -.PP .SH "OPTIONS" .TP \fB-d debuglevel\fR diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt index 2ca41e5624..ad12d4c722 100644 --- a/docs/textdocs/BROWSING.txt +++ b/docs/textdocs/BROWSING.txt @@ -7,14 +7,10 @@ Summary: This describes how to configure Samba for improved browsing. OVERVIEW: ========= - SMB networking provides a mechanism by which clients can access a list -of machines in a network, a so-called "browse list". This list -contains machines that are ready to offer file and/or print services -to other machines within the network. Thus it does not include -machines which aren't currently able to do server tasks. The browse -list is heavily used by all SMB clients. Configuration of SMB -browsing has been problematic for some Samba users, hence this +of machines that are available within the network. This list is called +the browse list and is heavily used by all SMB clients. Configuration +of SMB browsing has been problematic for some Samba users, hence this document. Browsing will NOT work if name resolution from NetBIOS names to IP @@ -63,10 +59,9 @@ browsing on another subnet. It is recommended that this option is only used for 'unusual' purposes: announcements over the internet, for example. See "remote announce" in the smb.conf man page. -If something doesn't work then hopefully the log.nmb file will help -you track down the problem. Try a debug level of 2 or 3 for finding -problems. Also note that the current browse list usually gets stored -in text form in a file called browse.dat. +If something doesn't work then hopefully the log.nmb file will +help you track down the problem. Try a debug level of 2 or 3 for +finding problems. Note that if it doesn't work for you, then you should still be able to type the server name as \\SERVER in filemanager then hit enter and diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt index 877640108c..75114557fe 100644 --- a/docs/textdocs/HINTS.txt +++ b/docs/textdocs/HINTS.txt @@ -49,9 +49,6 @@ windows. Just drag your file onto the icon and it converts the file. Get it from ftp://samba.org/pub/samba/contributed/fixcrlf.zip -The utilities unix2dos and dos2unix(in the mtools package) should do -the job under unix. - ---------------------- HINT: Use the "username map" option diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt index 2c50e5f4fe..b47120eaba 100644 --- a/docs/textdocs/Printing.txt +++ b/docs/textdocs/Printing.txt @@ -3,7 +3,7 @@ Revised by: Patrick Powell <papowell@lprng.org> Date: August 11, 2000 Status: Current -Subject: Debugging Printing Problems +Subject: Dubugging Printing Problems ============================================================================= This is a short description of how to debug printing problems with diff --git a/docs/textdocs/Samba-OpenSSL.txt b/docs/textdocs/Samba-OpenSSL.txt new file mode 100644 index 0000000000..e1b54b1a03 --- /dev/null +++ b/docs/textdocs/Samba-OpenSSL.txt @@ -0,0 +1,405 @@ +Contributor: Christian Starkjohann <cs@obdev.at> +Date: May 29, 1998 +Status: + +Comment: Updated by Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> +Date: July 16, 2001 + +Subject: Compiling and using samba with SSL support +============================================================================ + +What is SSL and SSLeay/OpenSSL? +=============================== +SSL (Secure Socket Layer) is a protocol for encrypted and authenticated data +transport. It is used by secure web servers for shopping malls, telebanking +and things like that. + +SSLeay is a free implementation of the SSL protocol. The successor of it is +OpenSSL, available from + + http://www.openssl.org/ + +The current version while these lines are written is 0.9.6b. In some countries +encryption is plagued by legal problems, even though things have relaxed a +lot in the last years. + +To compile samba with SSL support, you must first compile and install OpenSSL. +At least version 0.9.5 of OpenSSL is required. Version 0.9.6b is the latest +version and is strongly recommended. +OpenSSL consists of a library (which can be linked to other applications like +samba) and several utility programs needed for key generation, certification +etc. OpenSSL installs to /usr/local/ssl/ by default. + + +Compiling samba with OpenSSL +============================ +1. Get and install OpenSSL. The rest of this documentation assumes that you + have installed it at the default location, which is /usr/local/ssl/. +2. Call "configure" with the "--with-ssl" flag. If OpenSSL is not installed in + the default directory, you can use the "--with-sslinc" and "--with-ssllib" + flags to specify the location. +3. Compile and install as usual. + + +Configuring SSL in samba +======================== +Before you configure SSL, you should know the basics of cryptography and how +SSL relates to all of this. A basic introduction can be found further down in +this document. The following variables in the "[global]" section of the +configuration file are used to configure SSL: + +ssl = yes + This variable enables or disables the entire SSL mode. If it is set to + "no", the SSL enabled samba behaves exactly like the non-SSL samba. If set + to "yes", it depends on the variables "ssl hosts" and "ssl hosts resign" + whether an SSL connection will be required. +ssl hosts = +ssl hosts resign = 192.168. + These two variables define whether samba will go into SSL mode or not. If + none of them is defined, samba will allow only SSL connections. If the + "ssl hosts" variable lists hosts (by IP-address, IP-address range, net + group or name), only these hosts will be forced into SSL mode. If the + "ssl hosts resign" variable lists hosts, only these hosts will NOT be + forced into SSL mode. The syntax for these two variables is the same as + for the "hosts allow" and "hosts deny" pair of variables, only that the + subject of the decision is different: It's not the access right but + whether SSL is used or not. See the man page of smb.conf (section about + "allow hosts") for details. The above example requires SSL connections + from all hosts outside the local net (which is 192.168.*.*). +ssl CA certDir = /usr/local/ssl/certs + This variable defines where to look up the Certification Autorities. The + given directory should contain one file for each CA that samba will trust. + The file name must be the hash value over the "Distinguished Name" of the + CA. How this directory is set up is explained later in this document. All + files within the directory that don't fit into this naming scheme are + ignored. You don't need this variable if you don't verify client + certificates. +ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem + This variable is a second way to define the trusted CAs. The certificates + of the trusted CAs are collected in one big file and this variable points + to the file. You will probably only use one of the two ways to define your + CAs. The first choice is preferable if you have many CAs or want to be + flexible, the second is perferable if you only have one CA and want to + keep things simple (you won't need to create the hashed file names). You + don't need this variable if you don't verify client certificates. +ssl server cert = /usr/local/ssl/certs/samba.pem + This is the file containing the server's certificate. The server _must_ + have a certificate. The file may also contain the server's private key. + See later for how certificates and private keys are created. +ssl server key = /usr/local/ssl/private/samba.pem + This file contains the private key of the server. If this variable is not + defined, the key is looked up in the certificate file (it may be appended + to the certificate). The server _must_ have a private key and the + certificate _must_ match this private key. +ssl client cert = /usr/local/ssl/certs/smbclient.pem + The certificate in this file is used by smbclient if it exists. It's needed + if the server requires a client certificate. +ssl client key = /usr/local/ssl/private/smbclient.pem + This is the private key for smbclient. It's only needed if the client + should have a certificate. +ssl require clientcert = yes + If this variable is set to "yes", the server will not tolerate connections + from clients that don't have a valid certificate. The directory/file + given in "ssl CA certDir" and "ssl CA certFile" will be used to look up + the CAs that issued the client's certificate. If the certificate can't be + verified positively, the connection will be terminated. + If this variable is set to "no", clients don't need certificates. Contrary + to web applications you really _should_ require client certificates. In + the web environment the client's data is sensitive (credit card numbers) + and the server must prove to be trustworthy. In a file server environment + the server's data will be sensitive and the clients must prove to be + trustworthy. +ssl require servercert = yes + If this variable is set to "yes", the smbclient will request a certificate + from the server. Same as "ssl require clientcert" for the server. +ssl ciphers = ??? + This variable defines the ciphers that should be offered during SSL + negotiation. You should not set this variable unless you know what you do. +ssl version = ssl2or3 + This enumeration variable defines the versions of the SSL protocol that + will be used. "ssl2or3" allows dynamic negotiation of SSL v2 or v3, "ssl2" + results SSL v2, "ssl3" results in SSL v3 and "tls1" results in TLS v1. TLS + (Transport Layer Security) is the (proposed?) new standard for SSL. The + default value is "ssl2or3". +ssl compatibility = no + This variable defines whether SSLeay should be configured for bug + compatibility with other SSL implementations. This is probably not + desirable because currently no clients with SSL implementations other than + SSLeay exist. +ssl entropy file = + Specifies a file from which processes will read "random bytes" on startup. + In order to seed the internal pseudo random number generator, entropy + must be provided. On system with a /dev/urandom device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. +ssl entropy bytes = 256 + Number of bytes that will be read from entropy file. If -1 is given, the + complete file will be read. +ssl egd socket = + Location of the communiation socket of an EGD or PRNGD daemon, from which + entropy can be retrieved. This option can be used instead of or together + with the "ssl entropy file" directive. 255bytes of entropy will be + retrieved from the daemon. + + +Running samba with OpenSSL +========================== +Samba is started as usual. The daemon will ask for the private key's pass +phrase before it goes to background if the private key has been encrypted. +If you start smbd from inetd, this won't work. Therefore you must not encrypt +your private key if you run smbd from inetd. + +Windows clients will try to connect to the SSL enabled samba daemon and they +will fail. This can fill your log with failed SSL negotiation messages. To +avoid this, you can either not run nmbd (if all clients use DNS to look up +the server), which will leave the Windows machine unaware of the server, or +list all (local) Windows machines in the "ssl hosts resign" variable. + + +About certificates +================== +Secure samba servers will not be set up for public use as it is the case with +secure web servers. Most installations will probably use it for distributed +offices that use parts of the internet for their intranet, for access to a +web server that's physically hosted by the provider or simply for teleworking. +All these applications work with a known group of users that can easily agree +on a certification authority. The CA can be operated by the company and the +policy for issuing certificates can be determined by the company. If samba is +configured to verify client certificates, it (currently) only verifies +whether a valid certificate exists. It does not verify any of the data within +the certificate (although it prints some of the data to the log file). + + +Which clients are available that support SSL? +============================================= +Currently there are only smbclient which is part of the samba package and +Sharity. Shariy versions newer than 0.14 in the beta branch and 1.01 in the +main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client +implementation for Unix. It is a commercial product, but it is available in +source code and the demo-mode allows access to the first three layers of the +mounted directory hierarchy. Licenses for universities and students are free. +Sharity is available at + + http://www.obdev.at/Products/Sharity.html + + + +########################################################################### +Basics about Cryptography and SSL(eay) +########################################################################### + +There are many good introductions to cryptography. I assume that the reader +is familiar with the words "encryption", "digital signature" and RSA. If you +don't know these terms, please read the cryptography FAQ part 6 and 7, which +is posted to the usenet newsgroup sci.crypt. It is also available from + + ftp://rtfm.mit.edu/pub/usenet/news.answers/cryptography-faq +and + http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq + +I'll concentrate on the questions specific to SSL and samba here. + + +What is a certificate? +====================== +A certificate is issued by an issuer, usually a "Certification Authority" +(CA), who confirms something by issuing the certificate. The subject of this +confirmation depends on the CA's policy. CAs for secure web servers (used for +shopping malls etc.) usually only attest that the given public key belongs the +the given domain name. Company-wide CAs might attest that you are an employee +of the company, that you have permissions to use a server or whatever. + + +What is an X.509 certificate technically? +========================================= +Technically, the certificate is a block of data signed by the certificate +issuer (the CA). The relevant fields are: + - unique identifier (name) of the certificate issuer + - time range during that the certificate is valid + - unique identifier (name) of the certified subject + - public key of the certified subject + - the issuer's signature over all of the above +If this certificate should be verified, the verifier must have a table of the +names and public keys of trusted CAs. For simplicity, these tables are lists +of certificates issued by the respective CAs for themselves (self-signed +certificates). + + +What are the implications of this certificate structure? +======================================================== + - Because the certificate contains the subject's public key, the + certificate and the private key together are all that's needed to encrypt + and decrypt. + - To verify certificates, you need the certificates of all CAs you trust. + - The simplest form of a dummy-certificate is one that's signed by the + subject itself. + - A CA is needed. The client can't simply issue local certificates for + servers it trusts because the server determines which certificate it + presents. + + + +########################################################################### +Setting up files and directories for OpenSSL +########################################################################### + +The first thing you should do is to change your PATH environment variable to +include the bin directory of OpenSSL. E.g.: + + PATH=$PATH:/usr/local/ssl/bin + +If your system's kernel supports a /dev/urandom device, all OpenSSL operations +will automatically retrieve its entropy from it. If your system does not +support /dev/urandom, you may install an EGD/PRNGD daemon for entropy +supply or can generate seed from reading files (that should contain information +unpredictable/unknown to attackers). Use the "-rand" option to the openssl +commands to specify the entropy source (if /dev/urandom is not available). + +OpenSSL additionally keeps random seed in the $HOME/.rnd file. You can +initialize this file using: + + openssl rand -rand /tmp/rfile.txt > $HOME/.rnd + rm -f /tmp/rfile.txt # nobody must know!! + +or + + openssl rand -rand /path/to/egd-socket > $HOME/.rnd + +How to create a keypair +======================= +This is done with 'genrsa' for RSA keys and 'gendsa' for DSA keys. For an RSA +key with 1024 bits which is written to the file "key.pem" type: + + openssl genrsa -des3 -rand /path/to/source 1024 > key.pem + +You will be asked for a pass phrase to protect this key. If you don't want to +protect your private key with a pass phrase, just omit the parameter "-des3". +If you want a different key size, replace the parameter "1024". You really +should use a pass phrase. + +If you want to remove the pass phrase from a key use: + + openssl rsa -in key.pem -out newkey.pem + +And to add or change a pass phrase: + + openssl rsa -des3 -in key.pem -out newkey.pem + + +How to create a dummy certificate +================================= +If you still have your keypair in the file "key.pem", the command + + openssl req -new -x509 -key key.pem -out cert.pem + +will write a self-signed dummy certificate to the file "cert.pem". This can +be used for testing or if only encryption and no certification is needed. +Please bear in mind that encryption without authentication (certification) +can never be secure. It's open to (at least) "man-in-the-middle" attacks. + + +How to create a certificate signing request +=========================================== +You must not simply send your keypair to the CA for signing because it +contains the private key which _must_ be kept secret. A signing request +consists of your public key and some additional information you want to have +bound to that key by the certificate. If you operate a secure web server, +this additional information will (among other things) contain the URL of +your server in the field "Common Name". The certificate signing request is +created from the keypair with the following command (assuming that the key +pair is still in "key.pem"): + + openssl req -new -key key.pem -out csr.pem + +This command will ask you for the information which must be included in the +certificate and will write the signing request to the file "csr.pem". This +signing request is all the CA needs for signing, at least technically. Most +CAs will demand bureaucratic material and money, too. + + +How to set up a Certification Authority (CA) +============================================ +Being a certification authority requires a database that holds the CA's +keypair, the CA's certificate, a list of all signed certificates and other +information. This database is kept in a directory hierarchy below a +configurable starting point. The starting point must be configured in the +ssleay.conf file. This file is at /usr/local/ssl/lib/ssleay.conf if you have +not changed the default installation path. + +The first thing you should do is to edit this file according to your needs. +Let's assume that you want to hold the CA's database at the directory +"/usr/local/ssl/CA". Change the variable "dir" in section "CA_default" to +this path. You may also want to edit the default settings for some variables, +but the values given should be OK. This path is also contained in the shell +script CA.sh, which should be at "/usr/local/ssl/bin/CA.sh". Change the path +in the shell script: + + CATOP=/usr/local/ssl/CA + CAKEY=./cakey.pem # relative to $CATOP/ + CACERT=./cacert.pem # relative to $CATOP/private/ + +Then create the directory "/usr/local/ssl/CA" and make it writable for the +user that operates the CA. You should also initialize SSLeay as CA user (set +up the random number generator). Now you should call the shell script CA.sh +to set up the initial database: + + CA.sh -newca + +This command will ask you whether you want to use an existing certificate or +create one. Just press enter to create a new key pair and certificate. You +will be asked the usual questions for certificates: the country, state, city, +"Common Name", etc. Enter the appropriate values for the CA. When CA.sh +finishes, it has set up a bunch of directories and files. A CA must publish +it's certificate, which is in the file "/usr/local/ssl/CA/cacert.pem". + + +How to sign a certificate request +================================= +After setting up the CA stuff, you can start signing certificate requests. +Make sure that the SSLeay utilities know where the configuration file is. +The default is compiled in, if you don't use the default location, add the +parameter "-config <cfg-file>". Make also sure that the configuration file +contains the correct path to the CA database. If all this is set up properly, +you can sign the request in the file "csr.pem" with the command: + + openssl ca -policy policy_anything -days 365 -infiles csr.pem >cert.pem + +The resulting certificate (and additional information) will be in "cert.pem". +If you want the certificate to be valid for a period different from 365 days, +simply change the "-days" parameter. + + +How to install a new CA certificate +=================================== +Whereever a certificate must be checked, the CA's certificate must be +available. Let's take the common case where the client verifies the server's +certificate. The case where the server verfies the client's certificate works +the same way. The client receives the server's certificate, which contains +the "Distinguished Name" of the CA. To verify whether the signature in this +certificate is OK, it must look up the public key of that CA. Therefore each +client must hold a database of CAs, indexed by CA name. This database is best +kept in a directory where each file contains the certificate of one CA and is +named after the hashvalue (checksum) of the CA's name. This section describes +how such a database is managed technically. Whether or not to install (and +thereby trust) a CA is a totally different matter. + +The client must know the directory of the CA database. This can be configured. +There may also be a configuration option to set up a CA database file which +contains all CA certs in one file. Let's assume that the CA database is kept +in the directory "/usr/local/ssl/certs". The following example assumes that +the CA's certificate is in the file "cacert.pem" and the CA is known as +"myCA". To install the certificate, do the following: + + cp cacert.pem /usr/local/ssl/cers/myCA.pem + cd /usr/local/ssl/certs + ln -s myCA.pem `openssl x509 -noout -hash < myCA.pem`.0 + +The last command creates a link from the hashed name to the real file. + +From now on all certificates signed by the myCA authority will be accepted by +clients that use the directory "/usr/local/ssl/certs/" as their CA certificate +database. + + + diff --git a/docs/textdocs/Solaris-Winbind-HOWTO.txt b/docs/textdocs/Solaris-Winbind-HOWTO.txt deleted file mode 100644 index a81bacf486..0000000000 --- a/docs/textdocs/Solaris-Winbind-HOWTO.txt +++ /dev/null @@ -1,361 +0,0 @@ -!== -!== Solaris-Winbind-HOWTO.txt -!== -Contributors: Naag Mummaneni <getnag@rediffmail.com> -Updated: May 2, 2002 -Status: Current - -Subject: Installing and Configuring Winbind on Solaris -============================================================================= - -Installation and Configuration of Winbind on Solaris. ------------------------------------------------------ - -This HOWTO describes how to get winbind services up and running to control -access and authenticate users on your Solaris box using the winbind services -which come with SAMBA 2.2.x latest CVS Checkout.Make sure you are using the -latest Samba 2.2.x cvs checkout as other versions come with a lots of bugs -regarding winbind .And even the Latest Samba Stable Release is also not an -exception to this. - -Introduction ------------- - -This HOWTO describes the procedures used to get winbind up and running on a -Solaris system. Winbind is capable of providing access and authentication -control for Windows Domain users through an NT or Win2K PDC for 'regular' -services, such as telnet and ftp, as well for SAMBA services. - -Why should I to this? - -This allows the SAMBA administrator to rely on the authentication mechanisms -on the NT/Win2K PDC for the authentication of domain members. NT/Win2K users -no longer need to have separate accounts on the SAMBA server. - -Who should be reading this document? - -This HOWTO is designed for system administrators. If you are implementing -SAMBA on a file server and wish to (fairly easily) integrate existing -NT/Win2K users from your PDC onto the SAMBA server, this HOWTO is for you. - -Requirements ------------- - -If you have a samba configuration file that you are currently using... BACK -IT UP! If your system already uses PAM, back up the /etc/pam.conf file ! If -you haven't already made a boot disk, MAKEONE NOW! Messing with the pam -configuration file can make it nearly impossible to log in to yourmachine. -That's why you want to be able to boot back into your machine in single user -mode and restore your /etc/pam.conf back to the original state they were in -if you get frustrated with the way things are going. ;-) Please refer to the -main SAMBA web page or, better yet, your closest SAMBA mirror site for -instructions on downloading the source code of Samba 2.2.x from the SAMBA -CVS repository. To allow Domain users the ability to access SAMBA shares and -files, as well as potentially other services provided by your SAMBA machine, -PAM (pluggable authentication modules) must be setup properly on your -machine. In order to compile the winbind modules, you should have at least -the pam libraries resident on your system. Solaris 7/8 has its pam modules -coming with the distribution itself. - -Testing Things Out ------------------- - -Before starting, it is probably best to kill off all the SAMBA related -daemons running on your server. Kill off all smbd, nmbd, and winbindd -processes that may be running. - - -Configure and compile SAMBA ---------------------------- - -The configuration and compilation of SAMBA is pretty straightforward. The -first three steps may not be necessary depending upon whether or not you -have previously built the Samba binaries. - -root# autoconf -root# make clean -root# rm config.cache -root# ./configure --with-winbind --with-pam -root# make -root# make install - -This will, by default, install SAMBA in /usr/local/samba. See the main SAMBA -documentation if you want to install SAMBA somewhere else. It will also -build the winbindd executable and libraries. - -Configure nsswitch.conf and the winbind libraries -------------------------------------------------- - -The libraries needed to run the winbindd daemon through nsswitch need to be -copied to their proper locations, so - -root# cp ../samba/source/nsswitch/libnss_winbind.so /usr/lib - -I also found it necessary to make the following symbolic links: - -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.1 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/libnss_winbind.so.2 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.1 -root# ln -s /usr/lib/libnss_winbind.so /usr/lib/nss_winbind.so.2 - -Now, as root you need to edit /etc/nsswitch.conf to allow user and group -entries to be visible from the winbindd daemon. My /etc/nsswitch.conf file -look like this after editing: - - passwd: files winbind - group: files winbind - - -Configure smb.conf ------------------- - -Several parameters are needed in the smb.conf file to control the behavior -of winbindd. Configure smb.conf These are described in more detail in the -winbindd(8) man page. My smb.conf file was modified to include the following -entries in the [global] section: - -[global] - <...> - # The previous documentation says to - # as the "winbind seperator " directive also but - # it is no longer supported. - - # use uids from 10000 to 20000 for domain users - winbind uid = 10000-20000 - - # use gids from 10000 to 20000 for domain groups - winbind gid = 10000-20000 - - # allow enumeration of winbind users and groups - winbind enum users = yes - winbind enum groups = yes - - # give winbind users a real shell (only needed if - # they have telnet access) - template homedir = /home/winnt/%D/%U - template shell = /bin/bash - - -Join the SAMBA server to the PDC domain ---------------------------------------- - -Enter the following command to make the SAMBA server join the PDC domain, -where DOMAIN is the name of your Windows domain and Administrator is a -domain user who has administrative privileges in the domain. - -root# /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator - -The proper response to the command should be: "Joined the domain DOMAIN" -where DOMAIN is your DOMAIN name. - -Start up the winbindd daemon and test it! - -Eventually, you will want to modify your smb startup script to automatically -invoke the winbindd daemon when the other parts of SAMBA start, but it is -possible to test out just the winbind portion first. To start up winbind -services, enter the following command as root: - -root# /usr/local/samba/bin/winbindd - -I'm always paranoid and like to make sure the daemon is really running... - -root# ps -ae | grep winbindd - -This command should produce output like this, if the daemon is running - - 3025 ? 00:00:00 winbindd - -Now... for the real test, try to get some information about the users on -your PDC - -root# /usr/local/samba/bin/wbinfo -u - -This should echo back a list of users on your Windows users on your PDC. For -example, I get the following response: - -CEO\Administrator -CEO\burdell -CEO\Guest -CEO\jt-ad -CEO\krbtgt -CEO\TsInternetUser - -root# /usr/local/samba/bin/wbinfo -g - -CEO\Domain Admins -CEO\Domain Users -CEO\Domain Guests -CEO\Domain Computers -CEO\Domain Controllers -CEO\Cert Publishers -CEO\Schema Admins -CEO\Enterprise Admins -CEO\Group Policy Creator Owners - -The function 'getent' can now be used to get unified lists of both local and -PDC users and groups. Try the following command: - -root# getent passwd - -You should get a list that looks like your /etc/passwd list followed by the domain users with their new -uids, gids, home directories and default shells. - -The same thing can be done for groups with the command - -root# getent group - -Fix the /etc/rc.d/init.d/samba.server startup files The winbindd daemon -needs to start up after the smbd and nmbd daemons are running. To accomplish -this task, you need to modify the /etc/init.d/samba.server script to add -commands to invoke this daemon in the proper sequence. My -/etc/init.d/samba.server file starts up smbd, nmbd, and winbindd from the -/usr/local/samba/bin directory directly. - -## -## samba.server -## - -if [ ! -d /usr/bin ] -then # /usr not mounted - exit -fi - -killproc() { # kill the named process(es) - pid=`/usr/bin/ps -e | - /usr/bin/grep -w $1 | - /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` - [ "$pid" != "" ] && kill $pid -} - -# Start/stop processes required for samba server - -case "$1" in - -'start') -# -# Edit these lines to suit your installation (paths, workgroup, host) -# -echo Starting SMBD - /usr/local/samba/bin/smbd -D -s \ - /usr/local/samba/smb.conf - -echo Starting NMBD - /usr/local/samba/bin/nmbd -D -l \ - /usr/local/samba/var/log -s /usr/local/samba/smb.conf - -echo Starting Winbind Daemon - /usr/local/samba/bin/winbindd - ;; - -'stop') - killproc nmbd - killproc smbd - killproc winbindd - ;; - -*) - echo "Usage: /etc/init.d/samba.server { start | stop }" - ;; -esac - -If you restart the smbd, nmbd, and winbindd daemons at this point, you -should be able to connect to the samba server as a domain member just as if -you were a local user. - - -Configure Winbind and PAM -------------------------- - -If you have made it this far, you know that winbindd and samba are working -together. If you want to use winbind to provide authentication for other -services, keep reading. The pam configuration file need to be altered in -this step. (Did you remember to make backups of your original /etc/pam.conf -file? If not, do it now.) You will need a pam module to use winbindd with -these other services. This module will be compiled in the ../source/nsswitch -directory by default when we used ./configure --with-pam option. - -root# make nsswitch/pam_winbind.so - -from the ../source directory. The pam_winbind.so file should be copied to -the location of your other pam security modules. On my Solaris 8, this was -the /usr/lib/security directory. - -root# cp ../samba/source/nsswitch/pam_winbind.so /usr/lib/security - -The /etc/pam.conf need to be changed. I changed this file so that my Domain -users can logon both locally as well as telnet.The following are the changes -that I made.You can customize the pam.conf file as per your requirements,but -be sure of those changes because in the worst case it will leave your system -nearly impossible to boot. - -# -#ident "@(#)pam.conf 1.14 99/09/16 SMI" -# -# Copyright (c) 1996-1999, Sun Microsystems, Inc. -# All Rights Reserved. -# -# PAM configuration -# -# Authentication management -# -login auth required /usr/lib/security/pam_winbind.so -login auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1 try_first_pass -# -rlogin auth sufficient /usr/lib/security/pam_winbind.so -rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 -rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -# -dtlogin auth sufficient /usr/lib/security/pam_winbind.so -dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -# -rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1 -other auth sufficient /usr/lib/security/pam_winbind.so -other auth required /usr/lib/security/$ISA/pam_unix.so.1 try_first_pass -# -# Account management -# -login account sufficient /usr/lib/security/pam_winbind.so -login account requisite /usr/lib/security/$ISA/pam_roles.so.1 -login account required /usr/lib/security/$ISA/pam_unix.so.1 -# -dtlogin account sufficient /usr/lib/security/pam_winbind.so -dtlogin account requisite /usr/lib/security/$ISA/pam_roles.so.1 -dtlogin account required /usr/lib/security/$ISA/pam_unix.so.1 -# -other account sufficient /usr/lib/security/pam_winbind.so -other account requisite /usr/lib/security/$ISA/pam_roles.so.1 -other account required /usr/lib/security/$ISA/pam_unix.so.1 -# -# Session management -# -other session required /usr/lib/security/$ISA/pam_unix.so.1 -# -# Password management -# -#other password sufficient /usr/lib/security/pam_winbind.so -other password required /usr/lib/security/$ISA/pam_unix.so.1 -dtsession auth required /usr/lib/security/$ISA/pam_unix.so.1 -# -# Support for Kerberos V5 authentication (uncomment to use Kerberos) -# -#rlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#login auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#dtlogin auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#other auth optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass -#dtlogin account optional /usr/lib/security/$ISA/pam_krb5.so.1 -#other account optional /usr/lib/security/$ISA/pam_krb5.so.1 -#other session optional /usr/lib/security/$ISA/pam_krb5.so.1 -#other password optional /usr/lib/security/$ISA/pam_krb5.so.1 try_first_pass - -I also added a try_first_pass line after the winbind.so line to get rid of -annoying double prompts for passwords. - -Now restart your Samba & try connecting through your application that you -configured in the pam.conf. - - - -!== -!== end of Solaris-Winbind-HOWTO.txt -!== diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt index 6cc1d69258..fd65045abd 100644 --- a/docs/textdocs/Tracing.txt +++ b/docs/textdocs/Tracing.txt @@ -70,7 +70,7 @@ Once you are attached you then can do whatever it is on the client that is causing problems and you will capture all the system calls that smbd makes. -So how do you interpret the results? Generally I search through the +So how do you interpret the results? Generally I search thorugh the output for strings that I know will appear when the problem happens. For example, if I am having touble with permissions on a file I would search for that files name in the strace output and look at diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt index 38705f018a..d6a0a01acc 100644 --- a/docs/textdocs/UNIX_SECURITY.txt +++ b/docs/textdocs/UNIX_SECURITY.txt @@ -32,7 +32,7 @@ directory and do an ls, the UNIX security solution is to change the UNIX file permissions on the users home directories such that the cd and ls would be denied. -Samba tries very hard not to second guess the UNIX administrators +Samba tries very had not to second guess the UNIX administrators security policies, and trusts the UNIX admin to set the policies and permissions he or she desires. |