From 99bde6889d3d8b7a9e950c86c30e82662e1dacdd Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 9 Sep 2003 02:58:53 +0000 Subject: syncing files from 3.0 into HEAD again (This used to be commit bca0bba209255d0effbae6a3d3b6d298f0952c3a) --- docs/docbook/smbdotconf/base/netbiosaliases.xml | 2 +- .../smbdotconf/domain/machinepasswordtimeout.xml | 4 +- docs/docbook/smbdotconf/filename/mangleprefix.xml | 4 ++ docs/docbook/smbdotconf/filename/manglingchar.xml | 2 +- docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml | 14 ++++++ docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml | 15 +++++++ docs/docbook/smbdotconf/ldap/ldapusersuffix.xml | 3 +- docs/docbook/smbdotconf/locking/lockspincount.xml | 2 +- docs/docbook/smbdotconf/logon/adduserscript.xml | 2 +- docs/docbook/smbdotconf/logon/logonscript.xml | 4 +- docs/docbook/smbdotconf/logon/shutdownscript.xml | 2 +- .../docbook/smbdotconf/misc/kernelchangenotify.xml | 17 +++++++ docs/docbook/smbdotconf/misc/remoteannounce.xml | 3 +- docs/docbook/smbdotconf/printing/os2drivermap.xml | 5 +-- .../smbdotconf/protocol/clientusespnego.xml | 3 ++ .../smbdotconf/protocol/nameresolveorder.xml | 2 +- docs/docbook/smbdotconf/protocol/profileacls.xml | 13 ++++-- .../docbook/smbdotconf/protocol/unixextensions.xml | 2 +- .../smbdotconf/security/allowtrusteddomains.xml | 2 +- .../smbdotconf/security/clientntlmv2auth.xml | 6 +++ .../smbdotconf/security/clientplaintextauth.xml | 12 +++++ .../docbook/smbdotconf/security/clientschannel.xml | 19 ++++++++ docs/docbook/smbdotconf/security/clientsigning.xml | 19 ++++++++ docs/docbook/smbdotconf/security/passdbbackend.xml | 13 ++---- docs/docbook/smbdotconf/security/passwdprogram.xml | 5 +-- .../docbook/smbdotconf/security/preloadmodules.xml | 3 -- docs/docbook/smbdotconf/security/serversigning.xml | 19 ++++++++ docs/docbook/smbdotconf/tuning/deadtime.xml | 2 +- docs/docbook/smbdotconf/vfs/aclcompatibility.xml | 17 +++++++ docs/docbook/smbdotconf/vfs/getquotacommand.xml | 52 ++++++++++++++++++++++ docs/docbook/smbdotconf/vfs/hostmsdfs.xml | 10 ++--- docs/docbook/smbdotconf/vfs/msdfsroot.xml | 18 ++++---- docs/docbook/smbdotconf/vfs/setquotacommand.xml | 42 +++++++++++++++++ docs/docbook/smbdotconf/winbind/idmapbackend.xml | 18 ++++++++ .../smbdotconf/winbind/winbindcachetime.xml | 2 +- docs/docbook/smbdotconf/wins/winsserver.xml | 2 +- 36 files changed, 303 insertions(+), 57 deletions(-) create mode 100644 docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml create mode 100644 docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml create mode 100644 docs/docbook/smbdotconf/misc/kernelchangenotify.xml create mode 100644 docs/docbook/smbdotconf/security/clientplaintextauth.xml create mode 100644 docs/docbook/smbdotconf/security/clientschannel.xml create mode 100644 docs/docbook/smbdotconf/security/clientsigning.xml create mode 100644 docs/docbook/smbdotconf/security/serversigning.xml create mode 100644 docs/docbook/smbdotconf/vfs/aclcompatibility.xml create mode 100644 docs/docbook/smbdotconf/vfs/getquotacommand.xml create mode 100644 docs/docbook/smbdotconf/vfs/setquotacommand.xml create mode 100644 docs/docbook/smbdotconf/winbind/idmapbackend.xml (limited to 'docs/docbook/smbdotconf') diff --git a/docs/docbook/smbdotconf/base/netbiosaliases.xml b/docs/docbook/smbdotconf/base/netbiosaliases.xml index a62fb8f7d6..ac8ffaf2b9 100644 --- a/docs/docbook/smbdotconf/base/netbiosaliases.xml +++ b/docs/docbook/smbdotconf/base/netbiosaliases.xml @@ -3,7 +3,7 @@ advanced="1" wizard="1" developer="1" xmlns:samba="http://samba.org/common"> - This is a list of NetBIOS names that nmbd(8) will + This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml index 06017fce59..7caf3058c9 100644 --- a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml +++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml @@ -5,8 +5,8 @@ If a Samba server is a member of a Windows NT Domain (see the security = domain) - parameter) then periodically a running - smbd(8) process will try and change the MACHINE ACCOUNT + parameter) then periodically a running smbd + process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb . This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml index cbd41f973d..eff1f2b8fe 100644 --- a/docs/docbook/smbdotconf/filename/mangleprefix.xml +++ b/docs/docbook/smbdotconf/filename/mangleprefix.xml @@ -9,6 +9,10 @@ hash and therefore more name collisions. The minimum value is 1 and the maximum value is 6. + + mangle prefix is effective only when mangling method is hash2. + + Default: mangle prefix = 1 Example: mangle prefix = 4 diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml index 57c4fa2acd..de5f620fd9 100644 --- a/docs/docbook/smbdotconf/filename/manglingchar.xml +++ b/docs/docbook/smbdotconf/filename/manglingchar.xml @@ -5,7 +5,7 @@ This controls what character is used as the magic character in name mangling. The default is a '~' but this may interfere with some software. Use this option to set - it to whatever you prefer. + it to whatever you prefer. This is effective only when mangling method is hash. Default: mangling char = ~ diff --git a/docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml new file mode 100644 index 0000000000..5e6b9cc886 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml @@ -0,0 +1,14 @@ + + + This parameters specifies the suffix that is + used for groups when these are added to the LDAP directory. + If this parameter is unset, the value of ldap suffix will be used instead. + + Default: none + + Example: dc=samba,ou=Groups + + diff --git a/docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml new file mode 100644 index 0000000000..f826183c33 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml @@ -0,0 +1,15 @@ + + + This parameters specifies the suffix that is + used when storing idmap mappings. If this parameter + is unset, the value of ldap suffix + will be used instead. + + Default: none + + Example: dc=samba,ou=Idmap + + diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml index 731fba3420..93d450b5e4 100644 --- a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml +++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml @@ -3,7 +3,8 @@ advanced="1" developer="1" xmlns:samba="http://samba.org/common"> - It specifies where users are added to the tree. + This parameter specifies where users are added to the tree. + If this parameter is not specified, the value from ldap suffix. Default: none diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml index d308f5d845..eb5862699a 100644 --- a/docs/docbook/smbdotconf/locking/lockspincount.xml +++ b/docs/docbook/smbdotconf/locking/lockspincount.xml @@ -12,6 +12,6 @@ and FoxPro. - Default: lock spin count = 2 + Default: lock spin count = 3 diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml index 34d3e7ea58..42f7b04563 100644 --- a/docs/docbook/smbdotconf/logon/adduserscript.xml +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -11,7 +11,7 @@ created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users + Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users ON DEMAND when a user accesses the Samba server. In order to use this option, smbd diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml index 65b6253c0c..a1e8e0c03b 100644 --- a/docs/docbook/smbdotconf/logon/logonscript.xml +++ b/docs/docbook/smbdotconf/logon/logonscript.xml @@ -22,8 +22,8 @@ suggested command would be to add NET TIME \\SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE - U: \\SERVER\UTILS for commonly used utilities, or - NET USE Q: \\SERVER\ISO9001_QA for example. + U: \\SERVER\UTILS for commonly used utilities, or + NET USE Q: \\SERVER\ISO9001_QA for example. Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml index 0eaffea747..8935714307 100644 --- a/docs/docbook/smbdotconf/logon/shutdownscript.xml +++ b/docs/docbook/smbdotconf/logon/shutdownscript.xml @@ -38,7 +38,7 @@ Default: None. - Example: abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f + Example: shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f Shutdown script example: diff --git a/docs/docbook/smbdotconf/misc/kernelchangenotify.xml b/docs/docbook/smbdotconf/misc/kernelchangenotify.xml new file mode 100644 index 0000000000..c6dc215b94 --- /dev/null +++ b/docs/docbook/smbdotconf/misc/kernelchangenotify.xml @@ -0,0 +1,17 @@ + + + This parameter specifies whether Samba should ask the + kernel for change notifications in directories so that + SMB clients can refresh whenever the data on the server changes. + + + This parameter is only usd when your kernel supports + change notification to user programs, using the F_NOTIFY fcntl. + + + Default: Yes + + diff --git a/docs/docbook/smbdotconf/misc/remoteannounce.xml b/docs/docbook/smbdotconf/misc/remoteannounce.xml index 019cc306a7..d03ea8b0e2 100644 --- a/docs/docbook/smbdotconf/misc/remoteannounce.xml +++ b/docs/docbook/smbdotconf/misc/remoteannounce.xml @@ -27,8 +27,7 @@ addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable. - See the documentation file BROWSING - in the docs/ directory. + See . Default: remote announce = <empty string> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml index 478031c7b9..ffaa58fe2a 100644 --- a/docs/docbook/smbdotconf/printing/os2drivermap.xml +++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml @@ -14,9 +14,8 @@ LaserJet 5L. The need for the file is due to the printer driver namespace - problem described in the Samba - Printing HOWTO. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation. + problem described in . For more details on OS/2 clients, please + refer to . Default: os2 driver map = <empty string> diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml index df25fbfb20..ce187a36fa 100644 --- a/docs/docbook/smbdotconf/protocol/clientusespnego.xml +++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml @@ -6,6 +6,9 @@ This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism. + SPNEGO client support for SMB Signing is currently broken, so + you might want to turn this option off when operating with + Windows 2003 domain controllers in particular. Default: client use spnego = yes diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml index 4e88495489..45bc98843f 100644 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml @@ -18,7 +18,7 @@ lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + noescape="1" url="lmhosts.5.html">lmhosts(5) for details) then any name type matches for lookup. diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml index 6f2b3ec510..505f371809 100644 --- a/docs/docbook/smbdotconf/protocol/profileacls.xml +++ b/docs/docbook/smbdotconf/protocol/profileacls.xml @@ -10,7 +10,10 @@ Windows XP clients. New versions of Windows 2000 or Windows XP service packs do security ACL checking on the owner and ability to write of the profile directory stored on a local workstation when copied from a Samba - share. When not in domain mode with winbindd then the security info copied + share. + + +When not in domain mode with winbindd then the security info copied onto the local workstation has no meaning to the logged in user (SID) on that workstation so the profile storing fails. Adding this parameter onto a share used for profile storage changes two things about the @@ -19,15 +22,17 @@ BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to every returned ACL. This will allow any Windows 2000 or XP workstation - user to access the profile. Note that if you have multiple users logging + user to access the profile. + + Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access each others profiles you must remove the "Bypass traverse checking" advanced user right. This will prevent access to other users profile directories as the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory tree to the owning user. - - + + Default: profile acls = no diff --git a/docs/docbook/smbdotconf/protocol/unixextensions.xml b/docs/docbook/smbdotconf/protocol/unixextensions.xml index 2f68b9605e..e62ca1a2d4 100644 --- a/docs/docbook/smbdotconf/protocol/unixextensions.xml +++ b/docs/docbook/smbdotconf/protocol/unixextensions.xml @@ -10,6 +10,6 @@ These extensions require a similarly enabled client, and are of no current use to Windows clients. - Default: unix extensions = no + Default: unix extensions = yes diff --git a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml index 63363d2607..8354f8b8da 100644 --- a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml +++ b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml @@ -7,7 +7,7 @@ security option is set to server or domain. If it is set to no, then attempts to connect to a resource from - a domain or workgroup other than the one which smbd is running + a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication. diff --git a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml index 0bf196488b..611ebcd094 100644 --- a/docs/docbook/smbdotconf/security/clientntlmv2auth.xml +++ b/docs/docbook/smbdotconf/security/clientntlmv2auth.xml @@ -13,6 +13,12 @@ (including NT4 < SP4, Win9x and Samba 2.2) are not compatible with NTLMv2. + Similarly, if enabled, NTLMv1, client lanman auth and client plaintext auth + authentication will be disabled. This also disables share-level + authentication. + If disabled, an NTLM response (and possibly a LANMAN response) will be sent by the client, depending on the value of client lanman auth. diff --git a/docs/docbook/smbdotconf/security/clientplaintextauth.xml b/docs/docbook/smbdotconf/security/clientplaintextauth.xml new file mode 100644 index 0000000000..ac90ef9fe5 --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientplaintextauth.xml @@ -0,0 +1,12 @@ + + + Specifies whether a client should send a plaintext + password if the server does not support encrypted passwords. + + Default: client plaintext auth = yes + + + diff --git a/docs/docbook/smbdotconf/security/clientschannel.xml b/docs/docbook/smbdotconf/security/clientschannel.xml new file mode 100644 index 0000000000..f3ad682517 --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientschannel.xml @@ -0,0 +1,19 @@ + + + + This controls whether the client offers or even + demands the use of the netlogon schannel. + client schannel = no does not + offer the schannel, server schannel = + auto offers the schannel but does not + enforce it, and server schannel = + yes denies access if the server is not + able to speak netlogon schannel. + + Default: client schannel = auto + Example: client schannel = yes + + diff --git a/docs/docbook/smbdotconf/security/clientsigning.xml b/docs/docbook/smbdotconf/security/clientsigning.xml new file mode 100644 index 0000000000..e006dc71ab --- /dev/null +++ b/docs/docbook/smbdotconf/security/clientsigning.xml @@ -0,0 +1,19 @@ + + + + This controls whether the client offers or requires + the server it talks to to use SMB signing. Possible values + are auto, mandatory + and disabled. + + + When set to auto, SMB signing is offered, but not enforced. + When set to mandatory, SMB signing is required and if set + to disabled, SMB signing is not offered either. + + Default: client signing = auto + + diff --git a/docs/docbook/smbdotconf/security/passdbbackend.xml b/docs/docbook/smbdotconf/security/passdbbackend.xml index 1a3a83946a..8c64299dd4 100644 --- a/docs/docbook/smbdotconf/security/passdbbackend.xml +++ b/docs/docbook/smbdotconf/security/passdbbackend.xml @@ -55,22 +55,15 @@ details. - - guest - - Very simple backend that only provides one user: the guest user. - Only maps the NT guest user to the guest account. - Required in pretty much all situations. - - Default: passdb backend = smbpasswd - Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest + Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd - Example: passdb backend = ldapsam:ldaps://ldap.example.com guest + Example: passdb backend = ldapsam:ldaps://ldap.example.com - Example: passdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest + Example: passdb backend = mysql:my_plugin_args tdbsam diff --git a/docs/docbook/smbdotconf/security/passwdprogram.xml b/docs/docbook/smbdotconf/security/passwdprogram.xml index dbcc261ce4..db02670158 100644 --- a/docs/docbook/smbdotconf/security/passwdprogram.xml +++ b/docs/docbook/smbdotconf/security/passwdprogram.xml @@ -17,9 +17,8 @@ Note that if the unix password sync parameter is set to yes then this program is called AS ROOT - before the SMB password in the - smbpasswd5 - file is changed. If this UNIX password change fails, then + before the SMB password in the smbpasswd + file is changed. If this UNIX password change fails, then smbd will fail to change the SMB password also (this is by design). diff --git a/docs/docbook/smbdotconf/security/preloadmodules.xml b/docs/docbook/smbdotconf/security/preloadmodules.xml index 7b4e57cff1..101d9606fa 100644 --- a/docs/docbook/smbdotconf/security/preloadmodules.xml +++ b/docs/docbook/smbdotconf/security/preloadmodules.xml @@ -7,9 +7,6 @@ be loaded into smbd before a client connects. This improves the speed of smbd when reacting to new connections somewhat. - It is recommended to only use this option on heavy-performance - servers. - Default: preload modules = Example: preload modules = /usr/lib/samba/passdb/mysql.so+++ diff --git a/docs/docbook/smbdotconf/security/serversigning.xml b/docs/docbook/smbdotconf/security/serversigning.xml new file mode 100644 index 0000000000..5108918d84 --- /dev/null +++ b/docs/docbook/smbdotconf/security/serversigning.xml @@ -0,0 +1,19 @@ + + + + This controls whether the server offers or requires + the client it talks to to use SMB signing. Possible values + are auto, mandatory + and disabled. + + + When set to auto, SMB signing is offered, but not enforced. + When set to mandatory, SMB signing is required and if set + to disabled, SMB signing is not offered either. + + Default: client signing = False + + diff --git a/docs/docbook/smbdotconf/tuning/deadtime.xml b/docs/docbook/smbdotconf/tuning/deadtime.xml index cbbf751862..938f354b9a 100644 --- a/docs/docbook/smbdotconf/tuning/deadtime.xml +++ b/docs/docbook/smbdotconf/tuning/deadtime.xml @@ -1,4 +1,4 @@ - diff --git a/docs/docbook/smbdotconf/vfs/aclcompatibility.xml b/docs/docbook/smbdotconf/vfs/aclcompatibility.xml new file mode 100644 index 0000000000..ca3f39512d --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/aclcompatibility.xml @@ -0,0 +1,17 @@ + + + This parameter specifies what OS ACL semantics should + be compatible with. Possible values are winnt for Windows NT 4, + win2k for Windows 2000 and above and auto. + If you specify auto, the value for this parameter + will be based upon the version of the client. There should + be no reason to change this parameter from the default. + + Default: acl compatibility = Auto + + Example: acl compatibility = win2k + + diff --git a/docs/docbook/smbdotconf/vfs/getquotacommand.xml b/docs/docbook/smbdotconf/vfs/getquotacommand.xml new file mode 100644 index 0000000000..93c9089519 --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/getquotacommand.xml @@ -0,0 +1,52 @@ + + + The get quota command should only be used + whenever there is no operating system API available from the OS that + samba can use. + + This parameter should specify the path to a script that + queries the quota information for the specified + user/group for the partition that + the specified directory is on. + + Such a script should take 3 arguments: + + + directory + type of query + uid of user or gid of group + + + The type of query can be one of : + + + 1 - user quotas + 2 - user default quotas (uid = -1) + 3 - group quotas + 4 - group default quotas (gid = -1) + + + This script should print its output according to the following format: + + + Line 1 - quota flags (0 = no quotas, 1 = quotas enabled, 2 = quotas enabled and enforced) + Line 2 - number of currently used blocks + Line 3 - the softlimit number of blocks + Line 4 - the hardlimit number of blocks + Line 5 - currently used number of inodes + Line 6 - the softlimit number of inodes + Line 7 - the hardlimit number of inodes + Line 8(optional) - the number of bytes in a block(default is 1024) + + + See also the set quota command parameter. + + + Default: get quota command = + + Example: get quota command = /usr/local/sbin/query_quota + + diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml index c843969e50..d2b64cc68f 100644 --- a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml +++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml @@ -3,16 +3,14 @@ advanced="1" developer="1" xmlns:samba="http://samba.org/common"> - This boolean parameter is only available - if Samba has been configured and compiled with the - --with-msdfs option. If set to yes, - Samba will act as a Dfs server, and allow Dfs-aware clients - to browse Dfs trees hosted on the server. + If set to yes, Samba will act as a Dfs + server, and allow Dfs-aware clients to browse Dfs trees hosted + on the server. See also the msdfs root share level parameter. For more information on setting up a Dfs tree on Samba, - refer to msdfs_setup.html. + refer to . Default: host msdfs = no diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml index 35142ff037..059ffff9a0 100644 --- a/docs/docbook/smbdotconf/vfs/msdfsroot.xml +++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml @@ -2,16 +2,14 @@ context="S" xmlns:samba="http://samba.org/common"> - This boolean parameter is only available if - Samba is configured and compiled with the - --with-msdfs option. If set to yes, - Samba treats the share as a Dfs root and allows clients to browse - the distributed file system tree rooted at the share directory. - Dfs links are specified in the share directory by symbolic - links of the form msdfs:serverA\\shareA,serverB\\shareB - and so on. For more information on setting up a Dfs tree - on Samba, refer to "Hosting a Microsoft - Distributed File System tree on Samba" document. + If set to yes, Samba treats the + share as a Dfs root and allows clients to browse the + distributed file system tree rooted at the share directory. + Dfs links are specified in the share directory by symbolic + links of the form msdfs:serverA\\shareA,serverB\\shareB + and so on. For more information on setting up a Dfs tree on + Samba, refer to . See also host msdfs diff --git a/docs/docbook/smbdotconf/vfs/setquotacommand.xml b/docs/docbook/smbdotconf/vfs/setquotacommand.xml new file mode 100644 index 0000000000..b4b7303a0d --- /dev/null +++ b/docs/docbook/smbdotconf/vfs/setquotacommand.xml @@ -0,0 +1,42 @@ + + + The set quota command should only be used + whenever there is no operating system API available from the OS that + samba can use. + + This parameter should specify the path to a script that + can set quota for the specified arguments. + + The specified script should take the following arguments: + + + 1 - quota type + + 1 - user quotas + 2 - user default quotas (uid = -1) + 3 - group quotas + 4 - group default quotas (gid = -1) + + + 2 - id (uid for user, gid for group, -1 if N/A) + 3 - quota state (0 = disable, 1 = enable, 2 = enable and enforce) + 4 - block softlimit + 5 - block hardlimit + 6 - inode softlimit + 7 - inode hardlimit + 8(optional) - block size, defaults to 1024 + + + The script should output at least one line of data. + + See also the get quota command parameter. + + + Default: set quota command = + + Example: set quota command = /usr/local/sbin/set_quota + + diff --git a/docs/docbook/smbdotconf/winbind/idmapbackend.xml b/docs/docbook/smbdotconf/winbind/idmapbackend.xml new file mode 100644 index 0000000000..bc725b589f --- /dev/null +++ b/docs/docbook/smbdotconf/winbind/idmapbackend.xml @@ -0,0 +1,18 @@ + + + + The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap + tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common + LDAP backend. This way all domain members and controllers will have the same UID and GID + to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux + systems that are sharing information over protocols other than SMB/CIFS (ie: NFS). + + + Default: idmap backend = <empty string> + + Example: idmap backend = ldap:ldap://ldapslave.example.com + + diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml index 3080adc7c8..cd063f8daa 100644 --- a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml +++ b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml @@ -9,6 +9,6 @@ user and group information before querying a Windows NT server again. - Default: winbind cache type = 15 + Default: winbind cache type = 300 diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml index 12ee635acd..577a130ff1 100644 --- a/docs/docbook/smbdotconf/wins/winsserver.xml +++ b/docs/docbook/smbdotconf/wins/winsserver.xml @@ -21,7 +21,7 @@ to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly. - See the documentation file Browsing in the samba howto collection. + See the . Default: not enabled -- cgit