From 7a959e81d42bdff1269589b7d17a12ab0b3243be Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 8 May 2002 15:37:14 +0000 Subject: merging some changes from SAMBA_2_2 (This used to be commit e8ede079b5af4187573f1b8ed0d94b6f03cbbd22) --- docs/docbook/manpages/nmbd.8.sgml | 85 ++++++++--------- docs/docbook/manpages/smb.conf.5.sgml | 142 ++++++++++++++++++++++++----- docs/docbook/manpages/smbclient.1.sgml | 89 +++++++++++++++--- docs/docbook/manpages/smbcontrol.1.sgml | 21 ++--- docs/docbook/manpages/smbd.8.sgml | 4 +- docs/docbook/manpages/smbmount.8.sgml | 2 +- docs/docbook/manpages/smbsh.1.sgml | 130 ++++++++++++++++++++++++++ docs/docbook/manpages/wbinfo.1.sgml | 45 ++++++++- docs/docbook/manpages/winbindd.8.sgml | 15 +++ docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml | 7 +- docs/docbook/projdoc/winbind.sgml | 8 ++ 11 files changed, 449 insertions(+), 99 deletions(-) (limited to 'docs/docbook') diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml index 46f36834df..d5c89064e7 100644 --- a/docs/docbook/manpages/nmbd.8.sgml +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -177,13 +177,14 @@ The -l parameter specifies a directory into which the "log.nmbd" log file will be created for operational data from the running - nmbd server. - - The default log directory is compiled into Samba + nmbd server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb, /usr/samba/var/log.nmb or - /var/log/log.nmb. + /var/log/log.nmb. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. + @@ -198,25 +199,25 @@ smb.conf. - + -p <UDP port number> UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) - that nmbd responds to name queries on. Don't - use this option unless you are an expert, in which case you + This option changes the default UDP port number (normally 137) + that nmbd responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help! - + -s <configuration file> - The default configuration file name + The default configuration file name is set at build time, typically as /usr/local/samba/lib/smb.conf, but this may be changed when Samba is autoconfigured. - The file specified contains the configuration details - required by the server. See + The file specified contains the configuration details + required by the server. See smb.conf(5) for more information. @@ -229,55 +230,55 @@ /etc/inetd.conf - If the server is to be run by the - inetd meta-daemon, this file - must contain suitable startup information for the + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the UNIX_INSTALL.html document for details. - + /etc/rc - or whatever initialization script your + or whatever initialization script your system uses). - If running the server as a daemon at startup, - this file will need to contain an appropriate startup + If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the UNIX_INSTALL.html document for details. - + /etc/services - If running the server via the - meta-daemon inetd, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the UNIX_INSTALL.html document for details. - + /usr/local/samba/lib/smb.conf - This is the default location of the + This is the default location of the smb.conf - server configuration file. Other common places that systems - install this file are /usr/samba/lib/smb.conf + server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf and /etc/smb.conf. - - When run as a WINS server (see the + + When run as a WINS server (see the wins support parameter in the smb.conf(5) man page), nmbd - will store the WINS database in the file wins.dat - in the var/locks directory configured under + will store the WINS database in the file wins.dat + in the var/locks directory configured under wherever Samba was configured to install itself. If nmbd is acting as a - browse master (see the (see the local master parameter in the smb.conf(5) man page, nmbd @@ -292,20 +293,20 @@ SIGNALS - To shut down an nmbd process it is recommended - that SIGKILL (-9) NOT be used, except as a last - resort, as this may leave the name database in an inconsistent state. - The correct way to terminate nmbd is to send it + To shut down an nmbd process it is recommended + that SIGKILL (-9) NOT be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate nmbd is to send it a SIGTERM (-15) signal and wait for it to die on its own. - nmbd will accept SIGHUP, which will cause + nmbd will accept SIGHUP, which will cause it to dump out its namelists into the file namelist.debug - in the /usr/local/samba/var/locks - directory (or the var/locks directory configured - under wherever Samba was configured to install itself). This will also + in the /usr/local/samba/var/locks + directory (or the var/locks directory configured + under wherever Samba was configured to install itself). This will also cause nmbd to dump out its server database in the log.nmb file. - + The debug log level of nmbd may be raised or lowered using smbcontrol(1) (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml index 4a6de97f92..e8846e4b26 100644 --- a/docs/docbook/manpages/smb.conf.5.sgml +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -542,8 +542,10 @@ steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked. - If the service is marked "guest only = yes" then - steps 1 to 5 are skipped. + If the service is marked "guest only = yes" and the + server is running with share-level security ("security = share") + then steps 1 to 5 are skipped. + If the client has passed a username/password @@ -653,6 +655,9 @@ local master lock dir lock directory + lock spin count + lock spin time + pid directory log file log level logon drive @@ -833,6 +838,7 @@ hosts allow hosts deny include + inherit acls inherit permissions invalid users level2 oplocks @@ -3093,6 +3099,24 @@ + + inherit acls (S) + This parameter can be used to ensure + that if default acls exist on parent directories, + they are always honored when creating a subdirectory. + The default behavior is to use the mode specified + when creating the directory. Enabling this option + sets the mode to 0777, thus guaranteeing that + default directory acls are propagated. + + + Default: inherit acls = no + + + + + + inherit permissions (S) The permissions on new files and directories @@ -3600,6 +3624,39 @@ + + lock spin count (G) + This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. + + + Default: lock spin count = 2 + + + + + + + + lock spin time (G) + The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + lock spin + count for more details. + + + Default: lock spin time = 10 + + + + + locking (S) This controls whether or not locking will be @@ -3889,8 +3946,8 @@ takes a printer name as its only parameter and outputs printer status information. - Currently eight styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. + Currently nine styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. This covers most UNIX systems. You control which type is expected using the printing = option. @@ -3906,7 +3963,10 @@ Note that it is good practice to include the absolute path in the lpq command as the $PATH - may not be available to the server. + may not be available to the server. When compiled with + the CUPS libraries, no lpq command is + needed because smbd will make a library call to obtain the + print queue listing. See also the printing parameter. @@ -5478,6 +5538,18 @@ + + pid directory (G) + This option specifies the directory where pid + files will be placed. + + Default: pid directory = ${prefix}/var/locks + Example: pid directory = /var/run/ + + + + + posix locking (S) The smbd(8) @@ -5657,14 +5729,23 @@ manually remove old spool files. The print command is simply a text string. It will be used - verbatim, with two exceptions: All occurrences of %s - and %f will be replaced by the - appropriate spool file name, and all occurrences of %p - will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server. The - %J macro can be used to access the job + verbatim after macro substitutions have been made: + + s, %p - the path to the spool + file name + + %p - the appropriate printer + name + + %J - the job name as transmitted by the client. + %c - The number of printed pages + of the spooled job (if known). + + %z - the size of the spooled + print job (in bytes) + The print command MUST contain at least one occurrence of %s or %f - the %p is optional. At the time @@ -5708,6 +5789,17 @@ For printing = SOFTQ : print command = lp -d%p -s %s; rm %s + For printing = CUPS : If SAMBA is compiled against + libcups, then printcap = cups + uses the CUPS API to + submit jobs, etc. Otherwise it maps to the System V + commands with the -oraw option for printing, i.e. it + uses lp -c -d%p -oraw; rm %s. + With printing = cups, + and if SAMBA is compiled against libcups, any manually + set print command will be ignored. + + Example: print command = /usr/local/samba/bin/myprintscript %p %s @@ -5762,7 +5854,13 @@ why you might want to do this. To use the CUPS printing interface set printcap name = cups - . + . This should be supplemented by an addtional setting + printing = cups in the [global] + section. printcap name = cups will use the + "dummy" printcap created by CUPS, as specified in your CUPS + configuration file. + + On System V systems that use lpstat to list available printers you can use printcap name = lpstat to automatically obtain lists of available printers. This @@ -8089,7 +8187,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind cache time + winbind cache time (G) This parameter specifies the number of seconds the winbindd(8) daemon will cache user and group information before querying a Windows NT server @@ -8101,8 +8199,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind enum - users On large installations using + winbind enum users (G) + On large installations using winbindd(8) it may be necessary to suppress the enumeration of users through the setpwent(), @@ -8123,8 +8221,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind enum - groups On large installations using + winbind enum groups (G) + On large installations using winbindd(8) it may be necessary to suppress the enumeration of groups through the setgrent(), @@ -8144,7 +8242,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind gid + winbind gid (G) The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8) daemon. This range of group ids should have no @@ -8160,7 +8258,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind separator + winbind separator (G) This parameter allows an admin to define the character used when listing a username of the form of DOMAIN \user. This parameter @@ -8172,8 +8270,8 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group. - Example: winbind separator = \\ - Example: winbind separator = / + Default: winbind separator = '\' + Example: winbind separator = + @@ -8181,7 +8279,7 @@ veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ - winbind uid + winbind uid (G) The winbind gid parameter specifies the range of group ids that are allocated by the winbindd(8) daemon. This range of ids should have no diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml index 4f36de1576..31031dafc4 100644 --- a/docs/docbook/manpages/smbclient.1.sgml +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -434,9 +434,9 @@ domain = <value> -W WORKGROUP - Override the default workgroup specified in the - workgroup parameter of the smb.conf file - for this connection. This may be needed to connect to some + Override the default workgroup (domain) specified + in the workgroup parameter of the smb.conf + file for this connection. This may be needed to connect to some servers. @@ -634,6 +634,44 @@ domain = <value> + + altname file + The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. + + + + + + cancel jobid0 [jobid1] ... [jobidN] + The client will request that the server cancel + the printjobs identified by the given numeric print job ids. + + + + + + + chmod file mode in octal + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. + + + + + + + chown file uid gid + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. + + + + cd [directory name] @@ -700,6 +738,17 @@ domain = <value> + + link source destination + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the source and destination files. The source file + must not exist. + + + + + lowercase Toggle lowercasing of filenames for the get and @@ -877,6 +926,30 @@ domain = <value> + + setmode <filename> <perm=[+|\-]rsha> + A version of the DOS attrib command to set + file permissions. For example: + + setmode myfile +r + + would make myfile read only. + + + + + + symlink source destination + This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the source and destination files. The source file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. + + + + + tar <c|x>[IXbgNa] Performs a tar operation - see the -T @@ -907,16 +980,6 @@ domain = <value> - - setmode <filename> <perm=[+|\-]rsha> - A version of the DOS attrib command to set - file permissions. For example: - - setmode myfile +r - - would make myfile read only. - - diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml index 05e05f4a6a..517e2ca41f 100644 --- a/docs/docbook/manpages/smbcontrol.1.sgml +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -9,7 +9,7 @@ smbcontrol - send messages to smbd or nmbd processes + send messages to smbd, nmbd or winbindd processes @@ -33,9 +33,10 @@ Samba suite. smbcontrol is a very small program, which - sends messages to an smbd(8) or - an nmbd(8) daemon running on the - system. + sends messages to an smbd(8), + an nmbd(8) + or a winbindd(8) + daemon running on the system. @@ -81,8 +82,9 @@ message to smbd which will then close the client connections to the named share. Note that this doesn't affect client connections to any other shares. This message-type takes an argument of the - share name for which client connections will be close, or the + share name for which client connections will be closed, or the "*" character which will close all currently open shares. + This may be useful if you made changes to the access controls on the share. This message can only be sent to smbd. The debug message-type allows @@ -105,7 +107,7 @@ collection, "off" to turn off profile stats collection, "count" to enable only collection of count stats (time stats are disabled), and "flush" to zero the current profile stats. This can - be sent to any of the destinations. + be sent to any smbd or nmbd destinations. The debuglevel message-type sends a "request debug level" message. The current debug level setting @@ -115,18 +117,13 @@ The profilelevel message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any of the destinations. + to any smbd or nmbd destinations. The printer-notify message-type sends a message to smbd which in turn sends a printer notify message to any Windows NT clients connected to a printer. This message-type takes an argument of the printer name to send notify messages to. This message can only be sent to smbd. - - The close-share message-type sends a - message to smbd which forces smbd to close the share that was - specified as an argument. This may be useful if you made changes - to the access controls on the share. diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml index 824ae20241..509007c4bc 100644 --- a/docs/docbook/manpages/smbd.8.sgml +++ b/docs/docbook/manpages/smbd.8.sgml @@ -176,7 +176,9 @@ its size may be controlled by the max log size option in the - smb.conf(5) file. + smb.conf(5) file. Beware: + If the directory specified does not exist, smbd + will log to the default debug log location defined at compile time. The default log directory is specified at diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml index b4a77e51c9..ec4dbbaff1 100644 --- a/docs/docbook/manpages/smbmount.8.sgml +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -14,7 +14,7 @@ - smbumount + smbmount service mount-point -o options diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml index 46adac6b79..82efb334ba 100644 --- a/docs/docbook/manpages/smbsh.1.sgml +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -16,6 +16,13 @@ smbsh + -W workgroup + -U username + -P prefix + -R <name resolve order> + -d <debug level> + -l logfile + -L libdir @@ -30,6 +37,129 @@ egrep, and rcp. You must use a shell that is dynamically linked in order for smbsh to work correctly. + + + + OPTIONS + + + + -W WORKGROUP + Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this session. This may be needed to connect to some + servers. + + + + -U username[%pass] + Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. + + + + + -P prefixThis option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. + + + + + -R <name resolve order> + This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options. + + The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows : + + + lmhosts : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the lmhosts(5) + for details) then any name type matches for lookup. + + + host : + Do a standard host name to IP address resolution, using + the system /etc/hosts, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. + + + wins : + Query a name with the IP address listed in the + wins server parameter. If no + WINS server has been specified this method will be + ignored. + + + bcast : + Do a broadcast on each of the known local interfaces + listed in the interfaces + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. + + + + If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used. + + The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the name resolve order + parameter of the smb.conf + file, the name resolution methods will be attempted in this + order. + + + + -d <debug level> + debug level is an integer from 0 to 10. + + The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged. + + + + + -l logfilename + If specified causes all debug messages to be + written to the file specified by logfilename + . If not specified then all messages will be + written tostderr. + + + + + -L libdir + This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. + + + + + + + + EXAMPLES To use the smbsh command, execute smbsh from the prompt and enter the username and password diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml index 7f2c4624a9..f1461b07b9 100644 --- a/docs/docbook/manpages/wbinfo.1.sgml +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -17,6 +17,8 @@ wbinfo -u -g + -h name + -i ip -n name -s sid -U uid @@ -25,8 +27,9 @@ -Y sid -t -m + -r user -a user%password - -p + -A user%password @@ -70,6 +73,26 @@ + + -h name + The -h option + queries winbindd(8) to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. + + + + + + -i ip + The -i option + queries winbindd(8) to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. + + + + -n name The -n option @@ -143,6 +166,16 @@ + + + -r username + Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. + + + + -a username%password Attempt to authenticate a user via winbindd. @@ -150,10 +183,14 @@ + - -p - Attempt a simple 'ping' check that the winbindd - is indeed alive. + -A username%password + Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only). diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml index bd1dafa07e..0325f9bfe1 100644 --- a/docs/docbook/manpages/winbindd.8.sgml +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -56,6 +56,15 @@ the winbindd service: + + hosts + User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. + + + passwd User information traditionally stored in @@ -81,6 +90,12 @@ passwd: files winbind group: files winbind + + The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server. + diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml index 21d2c55ec7..c6c04ccab8 100644 --- a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml +++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml @@ -13,8 +13,8 @@
olem@IDEALX.org
- - + + (13 Jan 2002) @@ -98,7 +98,7 @@ Identified (RID). As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. --with-ldapsam or --with-tdbsam) requires compile time support. @@ -515,7 +515,6 @@ something other than the default (e.g. \\MOBY\becky). - Example LDIF Entries for a sambaAccount diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml index fc8d8d52a1..62e065914b 100644 --- a/docs/docbook/projdoc/winbind.sgml +++ b/docs/docbook/projdoc/winbind.sgml @@ -324,6 +324,14 @@ to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2. + +There is also some Solaris specific information in +docs/textdocs/Solaris-Winbind-HOWTO.txt. +Future revisions of this document will incorporate that +information. + + + Introduction -- cgit