From c4be9cefac2852a2b77a2930032cfe843762def7 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 28 Jul 2005 13:34:07 +0000 Subject: * addminf username map script docs * removing delete parameters * clarifying the usernam map docs and the logon path docs. (This used to be commit 3c097d325346ae4763be29181eda43d986521ef8) --- docs/smbdotconf/logon/logonpath.xml | 13 +++++-------- docs/smbdotconf/security/minpasswordlength.xml | 17 ----------------- docs/smbdotconf/security/usernamemap.xml | 7 +++++++ docs/smbdotconf/security/usernamemapscript.xml | 19 +++++++++++++++++++ 4 files changed, 31 insertions(+), 25 deletions(-) delete mode 100644 docs/smbdotconf/security/minpasswordlength.xml create mode 100644 docs/smbdotconf/security/usernamemapscript.xml diff --git a/docs/smbdotconf/logon/logonpath.xml b/docs/smbdotconf/logon/logonpath.xml index 77466c1960..6b14116e0c 100644 --- a/docs/smbdotconf/logon/logonpath.xml +++ b/docs/smbdotconf/logon/logonpath.xml @@ -5,7 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> - This parameter specifies the home directory where roaming profiles (NTuser.dat etc files for Windows NT) are + This parameter specifies the directory where roaming profiles (Desktop, NTuser.dat, etc) are stored. Contrary to previous versions of these manual pages, it has nothing to do with Win 9X roaming profiles. To find out how to handle roaming profiles for Win 9X system, see the parameter. @@ -22,10 +22,7 @@ The share and the path must be readable by the user for the preferences and directories to be loaded onto the Windows NT client. The share must be writeable when the user logs in for the first time, in order that the - Windows NT client can create the NTuser.dat and other directories. - - - + Windows NT client can create the NTuser.dat and other directories. Thereafter, the directories and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made read-only - rename it to NTuser.man to achieve the desired effect (a MANdatory profile). @@ -34,7 +31,7 @@ Windows clients can sometimes maintain a connection to the [homes] share, even though there is no user logged in. Therefore, it is vital that the logon path does not include a reference to the homes share (i.e. setting - this parameter to \%N\%U\profile_path will cause problems). + this parameter to \%N\homes\profile_path will cause problems). @@ -43,7 +40,7 @@ - Do not quote the value. Setting this as \\%N\profile\%U + Do not quote the value. Setting this as \\%N\profile\%U will break profile handling. Where the tdbsam or ldapsam passdb backend is used, at the time the user account is created the value configured for this parameter is written to the passdb backend and that value will @@ -54,7 +51,7 @@ - Note that this option is only useful if Samba is set up as a logon server. + Note that this option is only useful if Samba is set up as a domain controller. Disable the use of roaming profiles by setting the value of this parameter to the empty string. For diff --git a/docs/smbdotconf/security/minpasswordlength.xml b/docs/smbdotconf/security/minpasswordlength.xml deleted file mode 100644 index 3009ffb3ea..0000000000 --- a/docs/smbdotconf/security/minpasswordlength.xml +++ /dev/null @@ -1,17 +0,0 @@ - -min passwd length - - This option sets the minimum length in characters of a - plaintext password that smbd will - accept when performing UNIX password changing. - - -unix password sync -passwd program -passwd char debug -5 - diff --git a/docs/smbdotconf/security/usernamemap.xml b/docs/smbdotconf/security/usernamemap.xml index ef4291733e..7b939f6956 100644 --- a/docs/smbdotconf/security/usernamemap.xml +++ b/docs/smbdotconf/security/usernamemap.xml @@ -10,6 +10,13 @@ that users use on DOS or Windows machines to those that the UNIX box uses. The other is to map multiple users to a single username so that they can more easily share files. + + Please note that for user or share mode security, the + username map is applied prior to validating the user credentials. + Domain member servers (domain or ads) apply the username map + after the user has been successfully authenticated by the domain + controller and require fully qualified enties in the map table + (e.g. biddle = DOMAIN\foo). The map file is parsed line by line. Each line should contain a single UNIX username on the left then a '=' followed diff --git a/docs/smbdotconf/security/usernamemapscript.xml b/docs/smbdotconf/security/usernamemapscript.xml new file mode 100644 index 0000000000..6df134c257 --- /dev/null +++ b/docs/smbdotconf/security/usernamemapscript.xml @@ -0,0 +1,19 @@ + + + This script is a mutually exclusive alternative to the + parameter. This parameter + specifies and external program or script that must accept a single + command line option (the username transmitted in the authentication + request) and return a line line on standard output (the name to which + the account should mapped). In this way, it is possible to store + username map tables in an LDAP or NIS directory services. + + + + +/etc/samba/scripts/mapusers.sh + -- cgit