From 21794b0dd28a80b149342b3218d7ebb4c8791e09 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 29 Sep 2009 14:34:16 +0200 Subject: s3: Document the "share:fake_fscaps" parameter, fix bug 6765 --- docs-xml/smbdotconf/protocol/sharefakefscaps.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 docs-xml/smbdotconf/protocol/sharefakefscaps.xml (limited to 'docs-xml') diff --git a/docs-xml/smbdotconf/protocol/sharefakefscaps.xml b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml new file mode 100644 index 0000000000..713b95bda7 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/sharefakefscaps.xml @@ -0,0 +1,20 @@ + + + + + This is needed to support some special application that makes + QFSINFO calls to check whether we set the SPARSE_FILES bit + (0x40). If this bit is not set that particular application + refuses to work against + Samba. With 64 + the SPARSE_FILES file system capability flag is set. Use other + decimal values to specify the bitmask you need to fake. + + + +0 + -- cgit From 2aacca010da59c2521bddda3e004271008fe2b6f Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Fri, 2 Oct 2009 17:55:50 +0200 Subject: s3:doc: add some detail about lanman auth parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add interesting detail: lm passwords will be removed from databaѕe with lanman auth = no --- docs-xml/smbdotconf/security/lanmanauth.xml | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs-xml') diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml index 4e68c5e03a..e055bd35f1 100644 --- a/docs-xml/smbdotconf/security/lanmanauth.xml +++ b/docs-xml/smbdotconf/security/lanmanauth.xml @@ -16,6 +16,13 @@ case-insensitive nature, and the choice of algorithm. Servers without Windows 95/98/ME or MS DOS clients are advised to disable this option. + + When this parameter is set to no this + will also result in sambaLMPassword in Samba's passdb being + blanked after the next password change. As a result of that + lanman clients won't be able to authenticate, even if lanman + auth is reenabled later on. + Unlike the encrypt passwords option, this parameter cannot alter client -- cgit From fb7096a55bb7873965797feee72ceef2404d689d Mon Sep 17 00:00:00 2001 From: John H Terpstra Date: Thu, 8 Oct 2009 08:27:21 -0500 Subject: Fix typos. Thank-you PC Oota. --- docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'docs-xml') diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml index 33e2697bd3..2c59aa7420 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml @@ -93,7 +93,6 @@ idmap uid idmap gid idmap backend -LDAP Winbind maintains a database called winbind_idmap.tdb in which it stores mappings between UNIX UIDs, GIDs, and NT SIDs. This mapping is used only for users and groups that do not have a local UID/GID. It stores the UID/GID @@ -210,7 +209,7 @@ Users on the UNIX machine can then use NT user and group names as they would native UNIX names. They can chown files so they are owned by NT domain users or even login to the - UNIX machine and run a UNIX X-Window session as a domain user. + UNIX machine and run a UNIX X Window session as a domain user. domain controller @@ -571,7 +570,7 @@ is for you. PAM back up -boot disk` +boot disk If you have a Samba configuration file that you are currently using, BACK IT UP! If your system already uses PAM, back up the /etc/pam.d directory contents! If you haven't already made a boot disk, MAKE ONE NOW! @@ -602,7 +601,7 @@ instructions on downloading the source code. development libraries To allow domain users the ability to access Samba shares and files, as well as potentially other services provided by your Samba machine, PAM must be set up properly on your -machine. In order to compile the Winbind modules, you should have at least the PAM development libraries installed +machine. In order to compile the Winbind modules, the PAM development libraries should be installed on your system. Please refer to the PAM Web site . @@ -976,9 +975,6 @@ The same thing can be done for groups with the command: /etc/init.d/smb /etc/init.d/samba /usr/local/samba/bin - - - The &winbindd; daemon needs to start up after the &smbd; and &nmbd; daemons are running. To accomplish this task, you need to modify the startup scripts of your system. They are located at /etc/init.d/smb in Red Hat Linux and in /etc/init.d/samba in Debian @@ -1119,7 +1115,7 @@ usually only starts smbd and nmbd but should now start winbindd, too. If you hav -Again, if you would like to run Samba in dual daemon mode, replace: +Again, if you would like to run winbindd in dual daemon mode, replace: /usr/local/samba/sbin/winbindd @@ -1234,7 +1230,7 @@ pre-create the directories of users to make sure users can log in on UNIX with t Winbind ftp access The /etc/pam.d/ftp file can be changed to allow Winbind ftp access in a manner similar to -the samba file. My /etc/pam.d/ftp file was changed to look like this: +the /etc/pam.d/samba file. My /etc/pam.d/ftp file was changed to look like this: auth required /lib/security/pam_listfile.so item=user sense=deny \ file=/etc/ftpusers onerr=succeed -- cgit From 8283affee6fb0bb0347aa6fcd3033a61eaf6c27d Mon Sep 17 00:00:00 2001 From: John H Terpstra Date: Fri, 9 Oct 2009 07:00:11 -0500 Subject: Change recommended bu PC Oota. --- docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs-xml') diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml index 2c59aa7420..b7eaa06b53 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-Winbind.xml @@ -602,7 +602,7 @@ instructions on downloading the source code. To allow domain users the ability to access Samba shares and files, as well as potentially other services provided by your Samba machine, PAM must be set up properly on your machine. In order to compile the Winbind modules, the PAM development libraries should be installed -on your system. Please refer to the PAM Web site . +on your system. Please refer to the PAM Web Site. @@ -1230,7 +1230,7 @@ pre-create the directories of users to make sure users can log in on UNIX with t Winbind ftp access The /etc/pam.d/ftp file can be changed to allow Winbind ftp access in a manner similar to -the /etc/pam.d/samba file. My /etc/pam.d/ftp file was changed to look like this: +the /etc/pam.d/sambaSamba file. My /etc/pam.d/ftp file was changed to look like this: auth required /lib/security/pam_listfile.so item=user sense=deny \ file=/etc/ftpusers onerr=succeed -- cgit From c5d5969e24913ea544590dd16378f7e071b07c4b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 12 Oct 2009 11:34:58 +0200 Subject: s3/smbldap: add option to disable following LDAP refs Fix bug #6717. --- docs-xml/smbdotconf/ldap/ldapreffollow.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 docs-xml/smbdotconf/ldap/ldapreffollow.xml (limited to 'docs-xml') diff --git a/docs-xml/smbdotconf/ldap/ldapreffollow.xml b/docs-xml/smbdotconf/ldap/ldapreffollow.xml new file mode 100644 index 0000000000..f059f15f15 --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapreffollow.xml @@ -0,0 +1,21 @@ + + + + + This option controls whether to follow LDAP referrals or not when + searching for entries in the LDAP database. Possible values are + on to enable following referrals, + off to disable this, and + auto, to use the libldap default settings. + libldap's choice of following referrals or not is set in + /etc/openldap/ldap.conf with the REFERRALS parameter as documented in + ldap.conf(5). + + + +auto +off + + -- cgit From 5eb14b2994b4508156c0760cc4adf4db70eee9cc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 12 Oct 2009 14:28:53 +0200 Subject: s3-docs: remove xml artefact from net.8.xml. Guenther --- docs-xml/manpages-3/net.8.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs-xml') diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 82fd7a57af..af037e0090 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -835,7 +835,7 @@ Force shutting down all applications. Timeout before system will be shut down. An interactive user of the system can use this time to cancel the shutdown. -'> + -C message -- cgit From faad888e1a3bfd339df92d8d749e95034f64c80a Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Mon, 12 Oct 2009 22:37:34 +0200 Subject: ѕ3: fix domain trust documentation confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix some trusted/trusting mixups, make documentation more precise and man page more verbose. --- docs-xml/manpages-3/net.8.xml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'docs-xml') diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index af037e0090..8ab33d58b0 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -748,6 +748,9 @@ such as domain name, domain sid and number of users and groups. Add a interdomain trust account for DOMAIN. This is in fact a Samba account named DOMAIN$ with the account flag 'I' (interdomain trust account). +This is required for incoming trusts to work. It makes Samba be a +trusted domain of the foreign (trusting) domain. +Users of the Samba domain will be made available in the foreign domain. If the command is used against localhost it has the same effect as smbpasswd -a -i DOMAIN. Please note that both commands expect a appropriate UNIX account. @@ -769,8 +772,13 @@ it has the same effect as smbpasswd -x DOMAIN$. RPC TRUSTDOM ESTABLISH <replaceable>DOMAIN</replaceable> -Establish a trust relationship to a trusting domain. +Establish a trust relationship to a trusted domain. Interdomain account must already be created on the remote PDC. +This is required for outgoing trusts to work. It makes Samba be a +trusting domain of a foreign (trusted) domain. +Users of the foreign domain will be made available in our domain. +You'll need winbind and a working idmap config to make them +appear in your system. @@ -784,7 +792,7 @@ Interdomain account must already be created on the remote PDC. RPC TRUSTDOM LIST -List all current interdomain trust relationships. +List all interdomain trust relationships. -- cgit From f394b5bc683d55be066f8565f99d157d9848e169 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 13 Oct 2009 12:24:57 +0200 Subject: docs: document wbinfo -t --domain DOMAIN behavior. Guenther --- docs-xml/manpages-3/wbinfo.1.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'docs-xml') diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml index 7803d1064f..8f83f5e1c0 100644 --- a/docs-xml/manpages-3/wbinfo.1.xml +++ b/docs-xml/manpages-3/wbinfo.1.xml @@ -283,7 +283,9 @@ -t|--check-secret Verify that the workstation trust account created when the Samba server is added to the Windows NT - domain is working. + domain is working. May be used in conjunction with + in order to verify interdomain + trust accounts. -- cgit From 0c37c23869fe8000609c91be3d44ba269ff38f3b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 6 Oct 2009 18:20:23 +0200 Subject: docs: document wbinfo -c. Guenther --- docs-xml/manpages-3/wbinfo.1.xml | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'docs-xml') diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml index 8f83f5e1c0..d6628e7da9 100644 --- a/docs-xml/manpages-3/wbinfo.1.xml +++ b/docs-xml/manpages-3/wbinfo.1.xml @@ -23,6 +23,7 @@ --all-domains --allocate-gid --allocate-uid + -c -D domain --domain domain -g @@ -110,6 +111,14 @@ + + -c|--change-secret + Change the trust account password. May be used + in conjunction with in order to change + interdomain trust account passwords. + + + --domain name This parameter sets the domain on which any specified -- cgit From 6a9e88e08bfa4463ce5bdc57183f6518b524c98c Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Thu, 15 Oct 2009 12:27:24 +0200 Subject: s3/docs: Add missing meta data to man ldbrename. Avoid warnings. Karolin --- docs-xml/manpages-3/ldbrename.1.xml | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs-xml') diff --git a/docs-xml/manpages-3/ldbrename.1.xml b/docs-xml/manpages-3/ldbrename.1.xml index 391ec84ccc..6a134f4268 100644 --- a/docs-xml/manpages-3/ldbrename.1.xml +++ b/docs-xml/manpages-3/ldbrename.1.xml @@ -5,6 +5,9 @@ ldbrename 1 + Samba + User Commands + 3.6 -- cgit