From 7a959e81d42bdff1269589b7d17a12ab0b3243be Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 8 May 2002 15:37:14 +0000 Subject: merging some changes from SAMBA_2_2 (This used to be commit e8ede079b5af4187573f1b8ed0d94b6f03cbbd22) --- docs/htmldocs/Samba-HOWTO-Collection.html | 98 ++++++----- docs/htmldocs/nmbd.8.html | 85 +++++----- docs/htmldocs/smb.conf.5.html | 265 ++++++++++++++++++++++++------ docs/htmldocs/smbclient.1.html | 105 +++++++++--- docs/htmldocs/smbcontrol.1.html | 36 ++-- docs/htmldocs/smbd.8.html | 27 +-- docs/htmldocs/smbmount.8.html | 2 +- docs/htmldocs/smbsh.1.html | 229 +++++++++++++++++++++++++- docs/htmldocs/wbinfo.1.html | 78 +++++++-- docs/htmldocs/winbindd.8.html | 47 ++++-- 10 files changed, 758 insertions(+), 214 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 5b44d17968..5175bd4c8d 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -878,29 +878,29 @@ HREF="#AEN2015" >
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.5.3.1. Configure and compile SAMBA
11.5.3.2. Configure nsswitch.conf
11.5.3.3. Configure smb.conf
11.5.3.4. Join the SAMBA server to the PDC domain
11.5.3.5. Start up the winbindd daemon and test it!
11.5.3.6. Fix the /etc/rc.d/init.d/smb
11.5.3.7. Configure Winbind and PAM
11.6. Limitations
11.7. Conclusion
12.1. FAQs
12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
12.1.3. Are there any other issues when OS/2 (any version) is used as a client?
12.1.4. How do I get printer driver download working for OS/2 clients?
13.1. Introduction
13.2. CVS Access to samba.org
13.2.1. Access via CVSweb
13.2.2. Access via cvs
Index
As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2.

There is also some Solaris specific information in +docs/textdocs/Solaris-Winbind-HOWTO.txt. +Future revisions of this document will incorporate that +information.

11.5.1. Introduction

11.5.2. Requirements

11.5.3. Testing Things Out

11.5.3.1. Configure and compile SAMBA

11.5.3.2. Configure nsswitch.conf

11.5.3.3. Configure smb.conf

11.5.3.4. Join the SAMBA server to the PDC domain

11.5.3.5. Start up the winbindd daemon and test it!

11.5.3.6. Fix the /etc/rc.d/init.d/smb

11.5.3.7. Configure Winbind and PAM

11.6. Limitations

11.7. Conclusion

12.1. FAQs

12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

12.1.3. Are there any other issues when OS/2 (any version) is used as a client?

12.1.4. How do I get printer driver download working for OS/2 clients?

13.1. Introduction

13.2. CVS Access to samba.org

13.2.1. Access via CVSweb

13.2.2. Access via cvs

Index

nmbd server.

The default log directory is compiled into Samba +> server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb/var/log/log.nmb.

. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. +

-n <primary NetBIOS name>

UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) + This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't - use this option unless you are an expert, in which case you +> responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help!

-s <configuration file>

The default configuration file name +>The default configuration file name is set at build time, typically as /usr/local/samba/lib/smb.conf, but this may be changed when Samba is autoconfigured.

The file specified contains the configuration details +>The file specified contains the configuration details required by the server. See - smb.conf(5)

FILES

If the server is to be run by the +>If the server is to be run by the inetd meta-daemon, this file - must contain suitable startup information for the +> meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the

or whatever initialization script your +>or whatever initialization script your system uses).

If running the server as a daemon at startup, - this file will need to contain an appropriate startup +>If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the

If running the server via the +>If running the server via the meta-daemon inetd, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). +>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the

This is the default location of the +>This is the default location of the smb.conf - server configuration file. Other common places that systems + server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf +> and /etc/smb.conf.

When run as a WINS server (see the +>When run as a WINS server (see the wins.dat +> in the var/locks directory configured under +> directory configured under wherever Samba was configured to install itself.

If

SIGNALS

To shut down an nmbd process it is recommended +> process it is recommended that SIGKILL (-9) NOT be used, except as a last - resort, as this may leave the name database in an inconsistent state. +> be used, except as a last + resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmbd is to send it +> is to send it a SIGTERM (-15) signal and wait for it to die on its own.

nmbd will accept SIGHUP, which will cause +> will accept SIGHUP, which will cause it to dump out its namelists into the file namelist.debug @@ -562,12 +567,12 @@ CLASS="FILENAME" > in the /usr/local/samba/var/locks +> directory (or the var/locks directory configured - under wherever Samba was configured to install itself). This will also +> directory configured + under wherever Samba was configured to install itself). This will also cause nmbd

VERSION

SEE ALSO

AUTHOR

If the service is marked "guest only = yes" then - steps 1 to 5 are skipped.

If the service is marked "guest only = yes" and the + server is running with share-level security ("security = share") + then steps 1 to 5 are skipped.

  1. lock spin count

  2. lock spin time

  3. pid directory

  4. COMPLETE LIST OF SERVICE PARAMETERS

  5. inherit acls

  6. EXPLANATION OF EACH PARAMETER

inherit acls (S)

This parameter can be used to ensure + that if default acls exist on parent directories, + they are always honored when creating a subdirectory. + The default behavior is to use the mode specified + when creating the directory. Enabling this option + sets the mode to 0777, thus guaranteeing that + default directory acls are propagated. +

Default: inherit acls = no +

inherit permissions (S)
lock spin count (G)

This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. +

Default: lock spin count = 2 +

lock spin time (G)

The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + lock spin + count for more details. +

Default: lock spin time = 10 +

locking (S)

Currently eight styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. +>Currently nine styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. This covers most UNIX systems. You control which type is expected using the $PATH may not be available to the server.

may not be available to the server. When compiled with + the CUPS libraries, no lpq command is + needed because smbd will make a library call to obtain the + print queue listing.

See also the

pid directory (G)

This option specifies the directory where pid + files will be placed.

Default: pid directory = ${prefix}/var/locks

Example: pid directory = /var/run/ +

posix locking (S)

The print command is simply a text string. It will be used - verbatim, with two exceptions: All occurrences of %s - and %f will be replaced by the - appropriate spool file name, and all occurrences of %p - will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server. The - %J macro can be used to access the job + verbatim after macro substitutions have been made:

s, %p - the path to the spool + file name

%p - the appropriate printer + name

%J - the job name as transmitted by the client.

%c - The number of printed pages + of the spooled job (if known).

%z - the size of the spooled + print job (in bytes)

The print command MUST contain at least @@ -14065,6 +14204,25 @@ CLASS="COMMAND" >print command = lp -d%p -s %s; rm %s

For printing = CUPS : If SAMBA is compiled against + libcups, then printcap = cups + uses the CUPS API to + submit jobs, etc. Otherwise it maps to the System V + commands with the -oraw option for printing, i.e. it + uses lp -c -d%p -oraw; rm %s. + With printing = cups, + and if SAMBA is compiled against libcups, any manually + set print command will be ignored.

Example: print command = /usr/local/samba/bin/myprintscript @@ -14159,7 +14317,18 @@ HREF="#AEN79" CLASS="COMMAND" >printcap name = cups .

. This should be supplemented by an addtional setting + printing = cups in the [global] + section. printcap name = cups will use the + "dummy" printcap created by CUPS, as specified in your CUPS + configuration file. +

On System V systems that use winbind cache timewinbind cache time (G)

This parameter specifies the number of seconds the @@ -18485,8 +18654,7 @@ CLASS="COMMAND" >winbind enum - userswinbind enum users (G)

On large installations using @@ -18537,8 +18705,7 @@ CLASS="COMMAND" >winbind enum - groupswinbind enum groups (G)

On large installations using @@ -18588,7 +18755,7 @@ CLASS="COMMAND" >winbind gidwinbind gid (G)

The winbind gid parameter specifies the range of group @@ -18615,7 +18782,7 @@ CLASS="COMMAND" >winbind separatorwinbind separator (G)

This parameter allows an admin to define the character @@ -18645,21 +18812,21 @@ CLASS="FILENAME" with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group.

Example: Default: winbind separator = \\winbind separator = '\'

Example: winbind separator = /winbind separator = +

winbind uid
winbind uid (G)

The winbind gid parameter specifies the range of group @@ -19079,7 +19246,7 @@ CLASS="COMMAND" >

WARNINGS

VERSION

SEE ALSO

AUTHOR

-W WORKGROUP

Override the default workgroup specified in the - workgroup parameter of the Override the default workgroup (domain) specified + in the workgroup parameter of the smb.conf file - for this connection. This may be needed to connect to some +> + file for this connection. This may be needed to connect to some servers.

altname file

The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. +

cancel jobid0 [jobid1] ... [jobidN]

The client will request that the server cancel + the printjobs identified by the given numeric print job ids. +

chmod file mode in octal

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. +

chown file uid gid

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. +

cd [directory name]

link source destination

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the source and destination files. The source file + must not exist. +

lowercase

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set + file permissions. For example:

setmode myfile +r

would make myfile read only.

symlink source destination

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the source and destination files. The source file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. +

tar <c|x>[IXbgNa]

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set - file permissions. For example:

setmode myfile +r

would make myfile read only.

NOTES

ENVIRONMENT VARIABLES

INSTALLATION

DIAGNOSTICS

VERSION

AUTHOR

Name

smbcontrol -- send messages to smbd or nmbd processes
smbcontrol -- send messages to smbd, nmbd or winbindd processes
smbd(8) or +>, an nmbd(8) daemon running on the - system.

+ or a winbindd(8) + daemon running on the system.

OPTIONS

smbd

The message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any of the destinations.

The smbd.

The close-share message-type sends a - message to smbd which forces smbd to close the share that was - specified as an argument. This may be useful if you made changes - to the access controls on the share.

parameters

VERSION

SEE ALSO

AUTHOR

smb.conf(5) file. +> file. Beware: + If the directory specified does not exist, smbd + will log to the default debug log location defined at compile time.

The default log directory is specified at @@ -354,7 +361,7 @@ CLASS="FILENAME" >

FILES

LIMITATIONS

ENVIRONMENT VARIABLES

PAM INTERACTION

VERSION

DIAGNOSTICS

SIGNALS

SEE ALSO

AUTHOR

smbumountsmbmount {service} {mount-point} [-o options]

smbsh

[-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logfile] [-L libdir]

DESCRIPTION

smbsh to work correctly.

OPTIONS

-W WORKGROUP

Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this session. This may be needed to connect to some + servers.

-U username[%pass]

Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. +

-P prefix

This option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. +

-R <name resolve order>

This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.

The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows :

  • lmhosts : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the lmhosts(5) + for details) then any name type matches for lookup. +

  • host : + Do a standard host name to IP address resolution, using + the system /etc/hosts, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. +

  • wins : + Query a name with the IP address listed in the + wins server parameter. If no + WINS server has been specified this method will be + ignored. +

  • bcast : + Do a broadcast on each of the known local interfaces + listed in the interfaces + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. +

If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used.

The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the name resolve order + parameter of the smb.conf + file, the name resolution methods will be attempted in this + order.

-d <debug level>

debug level is an integer from 0 to 10.

The default value if this parameter is not specified + is zero.

The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged. +

-l logfilename

If specified causes all debug messages to be + written to the file specified by logfilename + . If not specified then all messages will be + written tostderr. +

-L libdir

This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. +

EXAMPLES

To use the

VERSION

BUGS

SEE ALSO

AUTHOR

wbinfo [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p]

[-u] [-g] [-h name] [-i ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password]

DESCRIPTION

OPTIONS

.

-h name

The -h option + queries winbindd(8) to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. +

-i ip

The -i option + queries winbindd(8) to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. +

-n name

-r username

Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. +

-a username%password

-p
-A username%password

Attempt a simple 'ping' check that the winbindd - is indeed alive. +>Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only).

EXIT STATUS

VERSION

SEE ALSO

AUTHOR

hosts

User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. +

passwd

The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server.

OPTIONS

NAME AND ID RESOLUTION

CONFIGURATION

EXAMPLE SETUP

NOTES

SIGNALS

FILES

VERSION

SEE ALSO

AUTHOR