From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 10:09:40 -0500 Subject: Moving docs tree to docs-xml to make room for generated docs in the release tarball. (This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14) --- .../smbdotconf/protocol/aclcheckpermissions.xml | 30 ++++++++++ docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml | 17 ++++++ docs-xml/smbdotconf/protocol/announceas.xml | 21 +++++++ docs-xml/smbdotconf/protocol/announceversion.xml | 14 +++++ docs-xml/smbdotconf/protocol/clientusespnego.xml | 15 +++++ .../smbdotconf/protocol/defersharingviolations.xml | 26 ++++++++ docs-xml/smbdotconf/protocol/disablenetbios.xml | 16 +++++ docs-xml/smbdotconf/protocol/easupport.xml | 17 ++++++ docs-xml/smbdotconf/protocol/enableasusupport.xml | 17 ++++++ docs-xml/smbdotconf/protocol/eventloglist.xml | 22 +++++++ docs-xml/smbdotconf/protocol/largereadwrite.xml | 18 ++++++ docs-xml/smbdotconf/protocol/mapaclinherit.xml | 17 ++++++ docs-xml/smbdotconf/protocol/maxmux.xml | 13 ++++ docs-xml/smbdotconf/protocol/maxprotocol.xml | 48 +++++++++++++++ docs-xml/smbdotconf/protocol/maxttl.xml | 14 +++++ docs-xml/smbdotconf/protocol/maxwinsttl.xml | 17 ++++++ docs-xml/smbdotconf/protocol/maxxmit.xml | 16 +++++ docs-xml/smbdotconf/protocol/minprotocol.xml | 22 +++++++ .../smbdotconf/protocol/minreceivefilesize.xml | 22 +++++++ docs-xml/smbdotconf/protocol/minwinsttl.xml | 16 +++++ docs-xml/smbdotconf/protocol/nameresolveorder.xml | 70 ++++++++++++++++++++++ docs-xml/smbdotconf/protocol/ntaclsupport.xml | 17 ++++++ docs-xml/smbdotconf/protocol/ntpipesupport.xml | 16 +++++ docs-xml/smbdotconf/protocol/ntstatussupport.xml | 18 ++++++ docs-xml/smbdotconf/protocol/profileacls.xml | 41 +++++++++++++ docs-xml/smbdotconf/protocol/readraw.xml | 26 ++++++++ docs-xml/smbdotconf/protocol/smbports.xml | 11 ++++ docs-xml/smbdotconf/protocol/svcctllist.xml | 22 +++++++ docs-xml/smbdotconf/protocol/timeserver.xml | 13 ++++ docs-xml/smbdotconf/protocol/unixextensions.xml | 16 +++++ docs-xml/smbdotconf/protocol/usespnego.xml | 19 ++++++ docs-xml/smbdotconf/protocol/writeraw.xml | 13 ++++ 32 files changed, 680 insertions(+) create mode 100644 docs-xml/smbdotconf/protocol/aclcheckpermissions.xml create mode 100644 docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml create mode 100644 docs-xml/smbdotconf/protocol/announceas.xml create mode 100644 docs-xml/smbdotconf/protocol/announceversion.xml create mode 100644 docs-xml/smbdotconf/protocol/clientusespnego.xml create mode 100644 docs-xml/smbdotconf/protocol/defersharingviolations.xml create mode 100644 docs-xml/smbdotconf/protocol/disablenetbios.xml create mode 100644 docs-xml/smbdotconf/protocol/easupport.xml create mode 100644 docs-xml/smbdotconf/protocol/enableasusupport.xml create mode 100644 docs-xml/smbdotconf/protocol/eventloglist.xml create mode 100644 docs-xml/smbdotconf/protocol/largereadwrite.xml create mode 100644 docs-xml/smbdotconf/protocol/mapaclinherit.xml create mode 100644 docs-xml/smbdotconf/protocol/maxmux.xml create mode 100644 docs-xml/smbdotconf/protocol/maxprotocol.xml create mode 100644 docs-xml/smbdotconf/protocol/maxttl.xml create mode 100644 docs-xml/smbdotconf/protocol/maxwinsttl.xml create mode 100644 docs-xml/smbdotconf/protocol/maxxmit.xml create mode 100644 docs-xml/smbdotconf/protocol/minprotocol.xml create mode 100644 docs-xml/smbdotconf/protocol/minreceivefilesize.xml create mode 100644 docs-xml/smbdotconf/protocol/minwinsttl.xml create mode 100644 docs-xml/smbdotconf/protocol/nameresolveorder.xml create mode 100644 docs-xml/smbdotconf/protocol/ntaclsupport.xml create mode 100644 docs-xml/smbdotconf/protocol/ntpipesupport.xml create mode 100644 docs-xml/smbdotconf/protocol/ntstatussupport.xml create mode 100644 docs-xml/smbdotconf/protocol/profileacls.xml create mode 100644 docs-xml/smbdotconf/protocol/readraw.xml create mode 100644 docs-xml/smbdotconf/protocol/smbports.xml create mode 100644 docs-xml/smbdotconf/protocol/svcctllist.xml create mode 100644 docs-xml/smbdotconf/protocol/timeserver.xml create mode 100644 docs-xml/smbdotconf/protocol/unixextensions.xml create mode 100644 docs-xml/smbdotconf/protocol/usespnego.xml create mode 100644 docs-xml/smbdotconf/protocol/writeraw.xml (limited to 'docs-xml/smbdotconf/protocol') diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml new file mode 100644 index 0000000000..6916261759 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml @@ -0,0 +1,30 @@ + + + This boolean parameter controls what smbd + 8does on receiving a protocol request of "open for delete" + from a Windows client. If a Windows client doesn't have permissions to delete a file then they + expect this to be denied at open time. POSIX systems normally only detect restrictions on delete by + actually attempting to delete the file or directory. As Windows clients can (and do) "back out" a + delete request by unsetting the "delete on close" bit Samba cannot delete the file immediately + on "open for delete" request as we cannot restore such a deleted file. With this parameter set to + true (the default) then smbd checks the file system permissions directly on "open for delete" and denies the + request without actually deleting the file if the file system permissions would seem to deny it. + This is not perfect, as it's possible a user could have deleted a file without Samba being able to + check the permissions correctly, but it is close enough to Windows semantics for mostly correct + behaviour. Samba will correctly check POSIX ACL semantics in this case. + + If this parameter is set to "false" Samba doesn't check permissions on "open for delete" + and allows the open. If the user doesn't have permission to delete the file this will only be + discovered at close time, which is too late for the Windows user tools to display an error message + to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing + on a Windows explorer refersh. This is an extremely advanced protocol option which should not + need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version + with slightly different semantics was introduced in 3.0.20. That older version is not documented here. + + +True + diff --git a/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml new file mode 100644 index 0000000000..c38ac3cfbf --- /dev/null +++ b/docs-xml/smbdotconf/protocol/aclmapfullcontrol.xml @@ -0,0 +1,17 @@ + + + + This boolean parameter controls whether smbd + 8maps a POSIX ACE entry of "rwx" (read/write/execute), the maximum + allowed POSIX permission set, into a Windows ACL of "FULL CONTROL". If this parameter is set to true any POSIX + ACE entry of "rwx" will be returned in a Windows ACL as "FULL CONTROL", is this parameter is set to false any + POSIX ACE entry of "rwx" will be returned as the specific Windows ACL bits representing read, write and + execute. + + +True + diff --git a/docs-xml/smbdotconf/protocol/announceas.xml b/docs-xml/smbdotconf/protocol/announceas.xml new file mode 100644 index 0000000000..8891496194 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/announceas.xml @@ -0,0 +1,21 @@ + + + This specifies what type of server nmbd + 8 will announce itself as, to a network neighborhood browse + list. By default this is set to Windows NT. The valid options + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, + Windows NT Workstation, Windows 95 and Windows for Workgroups + respectively. Do not change this parameter unless you have a + specific need to stop Samba appearing as an NT server as this + may prevent Samba servers from participating as browser servers + correctly. + + +NT Server +Win95 + diff --git a/docs-xml/smbdotconf/protocol/announceversion.xml b/docs-xml/smbdotconf/protocol/announceversion.xml new file mode 100644 index 0000000000..ecdcd4c734 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/announceversion.xml @@ -0,0 +1,14 @@ + + + This specifies the major and minor version numbers + that nmbd will use when announcing itself as a server. The default + is 4.9. Do not change this parameter unless you have a specific + need to set a Samba server to be a downlevel server. + +4.9 +2.0 + diff --git a/docs-xml/smbdotconf/protocol/clientusespnego.xml b/docs-xml/smbdotconf/protocol/clientusespnego.xml new file mode 100644 index 0000000000..c688a656f4 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/clientusespnego.xml @@ -0,0 +1,15 @@ + + + This variable controls whether Samba clients will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + supporting servers (including WindowsXP, Windows2000 and Samba + 3.0) to agree upon an authentication + mechanism. This enables Kerberos authentication in particular. + + +yes + diff --git a/docs-xml/smbdotconf/protocol/defersharingviolations.xml b/docs-xml/smbdotconf/protocol/defersharingviolations.xml new file mode 100644 index 0000000000..f54916c776 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/defersharingviolations.xml @@ -0,0 +1,26 @@ + + + + Windows allows specifying how a file will be shared with + other processes when it is opened. Sharing violations occur when + a file is opened by a different process using options that violate + the share settings specified by other processes. This parameter causes + smbd to act as a Windows server does, and defer returning a "sharing + violation" error message for up to one second, allowing the client + to close the file causing the violation in the meantime. + + + UNIX by default does not have this behaviour. + + + There should be no reason to turn off this parameter, as it is + designed to enable Samba to more correctly emulate Windows. + + + +True + diff --git a/docs-xml/smbdotconf/protocol/disablenetbios.xml b/docs-xml/smbdotconf/protocol/disablenetbios.xml new file mode 100644 index 0000000000..e78cb8c4f7 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/disablenetbios.xml @@ -0,0 +1,16 @@ + + + Enabling this parameter will disable netbios support + in Samba. Netbios is the only available form of browsing in + all windows versions except for 2000 and XP. + + Clients that only support netbios won't be able to + see your samba server when netbios support is disabled. + + +no + diff --git a/docs-xml/smbdotconf/protocol/easupport.xml b/docs-xml/smbdotconf/protocol/easupport.xml new file mode 100644 index 0000000000..ba210fdac7 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/easupport.xml @@ -0,0 +1,17 @@ + + + This boolean parameter controls whether smbd + 8 will allow clients to attempt to store OS/2 style Extended + attributes on a share. In order to enable this parameter the underlying filesystem exported by + the share must support extended attributes (such as provided on XFS and EXT3 on Linux, with the + correct kernel patches). On Linux the filesystem must have been mounted with the mount + option user_xattr in order for extended attributes to work, also + extended attributes must be compiled into the Linux kernel. + + +no + diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml new file mode 100644 index 0000000000..cd4f30fb8d --- /dev/null +++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml @@ -0,0 +1,17 @@ + + + Hosts running the "Advanced Server for Unix (ASU)" product + require some special accomodations such as creating a builting [ADMIN$] + share that only supports IPC connections. The has been the default + behavior in smbd for many years. However, certain Microsoft applications + such as the Print Migrator tool require that the remote server support + an [ADMIN$} file share. Disabling this parameter allows for creating + an [ADMIN$] file share in smb.conf. + + +no + diff --git a/docs-xml/smbdotconf/protocol/eventloglist.xml b/docs-xml/smbdotconf/protocol/eventloglist.xml new file mode 100644 index 0000000000..e98559bc17 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/eventloglist.xml @@ -0,0 +1,22 @@ + + + This option defines a list of log names that Samba will + report to the Microsoft EventViewer utility. The listed + eventlogs will be associated with tdb file on disk in the + $(lockdir)/eventlog. + + + + The administrator must use an external process to parse the normal + Unix logs such as /var/log/messages + and write then entries to the eventlog tdb files. Refer to the + eventlogadm(8) utility for how to write eventlog entries. + + + + +Security Application Syslog Apache + diff --git a/docs-xml/smbdotconf/protocol/largereadwrite.xml b/docs-xml/smbdotconf/protocol/largereadwrite.xml new file mode 100644 index 0000000000..12be741322 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/largereadwrite.xml @@ -0,0 +1,18 @@ + + + This parameter determines whether or not + smbd + 8 supports the new 64k + streaming read and write varient SMB requests introduced with + Windows 2000. Note that due to Windows 2000 client redirector bugs + this requires Samba to be running on a 64-bit capable operating + system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve + performance by 10% with Windows 2000 clients. Defaults to on. Not as + tested as some other Samba code paths. + +yes + diff --git a/docs-xml/smbdotconf/protocol/mapaclinherit.xml b/docs-xml/smbdotconf/protocol/mapaclinherit.xml new file mode 100644 index 0000000000..ef0b4eb6d6 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/mapaclinherit.xml @@ -0,0 +1,17 @@ + + + This boolean parameter controls whether smbd + 8 will attempt to map the 'inherit' and 'protected' + access control entry flags stored in Windows ACLs into an extended attribute + called user.SAMBA_PAI. This parameter only takes effect if Samba is being run + on a platform that supports extended attributes (Linux and IRIX so far) and + allows the Windows 2000 ACL editor to correctly use inheritance with the Samba + POSIX ACL mapping code. + + +no + diff --git a/docs-xml/smbdotconf/protocol/maxmux.xml b/docs-xml/smbdotconf/protocol/maxmux.xml new file mode 100644 index 0000000000..71998c974f --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxmux.xml @@ -0,0 +1,13 @@ + + + This option controls the maximum number of + outstanding simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this parameter. + + +50 + diff --git a/docs-xml/smbdotconf/protocol/maxprotocol.xml b/docs-xml/smbdotconf/protocol/maxprotocol.xml new file mode 100644 index 0000000000..e785909147 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxprotocol.xml @@ -0,0 +1,48 @@ + + + The value of the parameter (a string) is the highest + protocol level that will be supported by the server. + + Possible values are : + + + CORE: Earliest version. No + concept of user names. + + + + COREPLUS: Slight improvements on + CORE for efficiency. + + + + LANMAN1: First + modern version of the protocol. Long filename + support. + + + + LANMAN2: Updates to Lanman1 protocol. + + + + NT1: Current up to date version of the protocol. + Used by Windows NT. Known as CIFS. + + + + Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol. + + +min protocol +protocol + +NT1 +LANMAN1 + diff --git a/docs-xml/smbdotconf/protocol/maxttl.xml b/docs-xml/smbdotconf/protocol/maxttl.xml new file mode 100644 index 0000000000..00f735d3a9 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxttl.xml @@ -0,0 +1,14 @@ + + + This option tells nmbd + 8 what the default 'time to live' + of NetBIOS names should be (in seconds) when nmbd is + requesting a name using either a broadcast packet or from a WINS server. You should + never need to change this parameter. The default is 3 days. + +259200 + diff --git a/docs-xml/smbdotconf/protocol/maxwinsttl.xml b/docs-xml/smbdotconf/protocol/maxwinsttl.xml new file mode 100644 index 0000000000..09935cdd9b --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxwinsttl.xml @@ -0,0 +1,17 @@ + + + This option tells smbd + 8 when acting as a WINS server + (yes) what the maximum + 'time to live' of NetBIOS names that nmbd + will grant will be (in seconds). You should never need to change this + parameter. The default is 6 days (518400 seconds). + + +min wins ttl +518400 + diff --git a/docs-xml/smbdotconf/protocol/maxxmit.xml b/docs-xml/smbdotconf/protocol/maxxmit.xml new file mode 100644 index 0000000000..3804ae21e3 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/maxxmit.xml @@ -0,0 +1,16 @@ + + + This option controls the maximum packet size + that will be negotiated by Samba. The default is 16644, which + matches the behavior of Windows 2000. A value below 2048 is likely to cause problems. + You should never need to change this parameter from its default value. + + + +16644 +8192 + diff --git a/docs-xml/smbdotconf/protocol/minprotocol.xml b/docs-xml/smbdotconf/protocol/minprotocol.xml new file mode 100644 index 0000000000..0bec282467 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minprotocol.xml @@ -0,0 +1,22 @@ + + + The value of the parameter (a string) is the + lowest SMB protocol dialect than Samba will support. Please refer + to the + parameter for a list of valid protocol names and a brief description + of each. You may also wish to refer to the C source code in + source/smbd/negprot.c for a listing of known protocol + dialects supported by clients. + + If you are viewing this parameter as a security measure, you should + also refer to the parameter. Otherwise, you should never need + to change this parameter. + + +CORE +NT1 + diff --git a/docs-xml/smbdotconf/protocol/minreceivefilesize.xml b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml new file mode 100644 index 0000000000..2df6c178db --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minreceivefilesize.xml @@ -0,0 +1,22 @@ + + +This option changes the behavior of smbd +8 when processing SMBwriteX calls. Any incoming +SMBwriteX call on a non-signed SMB/CIFS connection greater than this value will not be processed in the normal way but will +be passed to any underlying kernel recvfile or splice system call (if there is no such +call Samba will emulate in user space). This allows zero-copy writes directly from network +socket buffers into the filesystem buffer cache, if available. It may improve performance +but user testing is recommended. If set to zero Samba processes SMBwriteX calls in the +normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be +nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k. +Note this option will have NO EFFECT if set on a SMB signed connection. +The default is zero, which diables this option. + + +min receivefile size +0 + diff --git a/docs-xml/smbdotconf/protocol/minwinsttl.xml b/docs-xml/smbdotconf/protocol/minwinsttl.xml new file mode 100644 index 0000000000..38fbd7b0eb --- /dev/null +++ b/docs-xml/smbdotconf/protocol/minwinsttl.xml @@ -0,0 +1,16 @@ + + + This option tells nmbd + 8 + when acting as a WINS server (yes) what the minimum 'time to live' + of NetBIOS names that nmbd will grant will be (in + seconds). You should never need to change this parameter. The default + is 6 hours (21600 seconds). + + +21600 + diff --git a/docs-xml/smbdotconf/protocol/nameresolveorder.xml b/docs-xml/smbdotconf/protocol/nameresolveorder.xml new file mode 100644 index 0000000000..9b1ad075b1 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/nameresolveorder.xml @@ -0,0 +1,70 @@ + + + This option is used by the programs in the Samba + suite to determine what naming services to use and in what order + to resolve host names to IP addresses. Its main purpose to is to + control how netbios name resolution is performed. The option takes a space + separated string of name resolution options. + + The options are: "lmhosts", "host", + "wins" and "bcast". They cause names to be + resolved as follows: + + + + + lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the manpage for lmhosts for details) then + any name type matches for lookup. + + + + + + host : Do a standard host name to IP address resolution, using the system + /etc/hosts , NIS, or DNS lookups. This method of name resolution is + operating system depended for instance on IRIX or Solaris this may be controlled by the /etc/nsswitch.conf file. Note that this method is used only if the NetBIOS name + type being queried is the 0x20 (server) name type or 0x1c (domain controllers). The latter case is only + useful for active directory domains and results in a DNS query for the SRV RR entry matching + _ldap._tcp.domain. + + + + + wins : Query a name with + the IP address listed in the + wins server parameter. If no WINS server has + been specified this method will be ignored. + + + + bcast : Do a broadcast on + each of the known local interfaces listed in the + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet. + + + + The example below will cause the local lmhosts file to be examined + first, followed by a broadcast attempt, followed by a normal + system hostname lookup. + + When Samba is functioning in ADS security mode (security = ads) + it is advised to use following settings for name resolve order: + + name resolve order = wins bcast + + DC lookups will still be done via DNS, but fallbacks to netbios names will + not inundate your DNS servers with needless querys for DOMAIN<0x1c> lookups. + + + +lmhosts host wins bcast +lmhosts bcast host + diff --git a/docs-xml/smbdotconf/protocol/ntaclsupport.xml b/docs-xml/smbdotconf/protocol/ntaclsupport.xml new file mode 100644 index 0000000000..1e9cedf931 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntaclsupport.xml @@ -0,0 +1,17 @@ + + + This boolean parameter controls whether smbd + 8 will attempt to map + UNIX permissions into Windows NT access control lists. The UNIX + permissions considered are the the traditional UNIX owner and + group permissions, as well as POSIX ACLs set on any files or + directories. This parameter was formally a global parameter in + releases prior to 2.2.2. + + +yes + diff --git a/docs-xml/smbdotconf/protocol/ntpipesupport.xml b/docs-xml/smbdotconf/protocol/ntpipesupport.xml new file mode 100644 index 0000000000..7c310846b2 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntpipesupport.xml @@ -0,0 +1,16 @@ + + + This boolean parameter controls whether + smbd + 8 will allow Windows NT + clients to connect to the NT SMB specific IPC$ + pipes. This is a developer debugging option and can be left + alone. + + +yes + diff --git a/docs-xml/smbdotconf/protocol/ntstatussupport.xml b/docs-xml/smbdotconf/protocol/ntstatussupport.xml new file mode 100644 index 0000000000..4dfc142e2e --- /dev/null +++ b/docs-xml/smbdotconf/protocol/ntstatussupport.xml @@ -0,0 +1,18 @@ + + + This boolean parameter controls whether smbd + 8 will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. + If this option is set to no then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported. + + You should not need to ever disable this parameter. + + +yes + diff --git a/docs-xml/smbdotconf/protocol/profileacls.xml b/docs-xml/smbdotconf/protocol/profileacls.xml new file mode 100644 index 0000000000..1c6f0c9ebf --- /dev/null +++ b/docs-xml/smbdotconf/protocol/profileacls.xml @@ -0,0 +1,41 @@ + + + + This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. + + + + When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\\Administrators, + BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. + + + + Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user. + + + +no + diff --git a/docs-xml/smbdotconf/protocol/readraw.xml b/docs-xml/smbdotconf/protocol/readraw.xml new file mode 100644 index 0000000000..2ca23075ee --- /dev/null +++ b/docs-xml/smbdotconf/protocol/readraw.xml @@ -0,0 +1,26 @@ + + + This parameter controls whether or not the server + will support the raw read SMB requests when transferring data + to clients. + + If enabled, raw reads allow reads of 65535 bytes in + one packet. This typically provides a major performance benefit. + + + However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw reads. + +In general this parameter should be viewed as a system tuning + tool and left severely alone. + + +yes + +write raw + diff --git a/docs-xml/smbdotconf/protocol/smbports.xml b/docs-xml/smbdotconf/protocol/smbports.xml new file mode 100644 index 0000000000..aaf4919db0 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smbports.xml @@ -0,0 +1,11 @@ + + + Specifies which ports the server should listen on for SMB traffic. + + +445 139 + diff --git a/docs-xml/smbdotconf/protocol/svcctllist.xml b/docs-xml/smbdotconf/protocol/svcctllist.xml new file mode 100644 index 0000000000..660a280088 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/svcctllist.xml @@ -0,0 +1,22 @@ + + + This option defines a list of init scripts that smbd + will use for starting and stopping Unix services via the Win32 + ServiceControl API. This allows Windows administrators to + utilize the MS Management Console plug-ins to manage a + Unix server running Samba. + + The administrator must create a directory + name svcctl in Samba's $(libdir) + and create symbolic links to the init scripts in + /etc/init.d/. The name of the links + must match the names given as part of the svcctl list. + + + + +cups postfix portmap httpd + diff --git a/docs-xml/smbdotconf/protocol/timeserver.xml b/docs-xml/smbdotconf/protocol/timeserver.xml new file mode 100644 index 0000000000..93d89183b5 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/timeserver.xml @@ -0,0 +1,13 @@ + + + This parameter determines if nmbd + 8 advertises itself as a time server to Windows +clients. + + +no + diff --git a/docs-xml/smbdotconf/protocol/unixextensions.xml b/docs-xml/smbdotconf/protocol/unixextensions.xml new file mode 100644 index 0000000000..5b4a36a401 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/unixextensions.xml @@ -0,0 +1,16 @@ + + + This boolean parameter controls whether Samba + implments the CIFS UNIX extensions, as defined by HP. + These extensions enable Samba to better serve UNIX CIFS clients + by supporting features such as symbolic links, hard links, etc... + These extensions require a similarly enabled client, and are of + no current use to Windows clients. + + +yes + diff --git a/docs-xml/smbdotconf/protocol/usespnego.xml b/docs-xml/smbdotconf/protocol/usespnego.xml new file mode 100644 index 0000000000..8fb559c177 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/usespnego.xml @@ -0,0 +1,19 @@ + + + This variable controls controls whether samba will try + to use Simple and Protected NEGOciation (as specified by rfc2478) with + WindowsXP and Windows2000 clients to agree upon an authentication mechanism. + + + + Unless further issues are discovered with our SPNEGO + implementation, there is no reason this should ever be + disabled. + + +yes + diff --git a/docs-xml/smbdotconf/protocol/writeraw.xml b/docs-xml/smbdotconf/protocol/writeraw.xml new file mode 100644 index 0000000000..f299fa8483 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/writeraw.xml @@ -0,0 +1,13 @@ + + + This parameter controls whether or not the server + will support raw write SMB's when transferring data from clients. + You should never need to change this parameter. + + +yes + -- cgit