From e90b65284812aaa5ff9e9935ce9bbad7791cbbcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Jul 2002 10:35:28 +0000 Subject: updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) --- docs/htmldocs/Samba-HOWTO-Collection.html | 98 +++--- docs/htmldocs/nmbd.8.html | 85 +++--- docs/htmldocs/pdbedit.8.html | 39 ++- docs/htmldocs/smb.conf.5.html | 489 ++++++++++++++++++++++++++---- docs/htmldocs/smbclient.1.html | 105 +++++-- docs/htmldocs/smbcontrol.1.html | 36 ++- docs/htmldocs/smbd.8.html | 27 +- docs/htmldocs/smbmount.8.html | 2 +- docs/htmldocs/smbsh.1.html | 229 +++++++++++++- docs/htmldocs/wbinfo.1.html | 78 ++++- docs/htmldocs/winbindd.8.html | 47 ++- 11 files changed, 998 insertions(+), 237 deletions(-) (limited to 'docs/htmldocs') diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 5b44d17968..5175bd4c8d 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -878,29 +878,29 @@ HREF="#AEN2015" >
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.5.3.1. Configure and compile SAMBA
11.5.3.2. Configure nsswitch.conf
11.5.3.3. Configure smb.conf
11.5.3.4. Join the SAMBA server to the PDC domain
11.5.3.5. Start up the winbindd daemon and test it!
11.5.3.6. Fix the /etc/rc.d/init.d/smb
11.5.3.7. Configure Winbind and PAM
11.6. Limitations
11.7. Conclusion
12.1. FAQs
12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?
12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?
12.1.3. Are there any other issues when OS/2 (any version) is used as a client?
12.1.4. How do I get printer driver download working for OS/2 clients?
13.1. Introduction
13.2. CVS Access to samba.org
13.2.1. Access via CVSweb
13.2.2. Access via cvs
Index
As a result of these defeciencies, a more robust means of storing user attributes used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb -API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. This HOWTO describes how to get winbind services up and running to control access and authenticate users on your Linux box using the winbind services which come with SAMBA 2.2.2.

There is also some Solaris specific information in +docs/textdocs/Solaris-Winbind-HOWTO.txt. +Future revisions of this document will incorporate that +information.

11.5.1. Introduction

11.5.2. Requirements

11.5.3. Testing Things Out

11.5.3.1. Configure and compile SAMBA

11.5.3.2. Configure nsswitch.conf

11.5.3.3. Configure smb.conf

11.5.3.4. Join the SAMBA server to the PDC domain

11.5.3.5. Start up the winbindd daemon and test it!

11.5.3.6. Fix the /etc/rc.d/init.d/smb

11.5.3.7. Configure Winbind and PAM

11.6. Limitations

11.7. Conclusion

12.1. FAQs

12.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?

12.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?

12.1.3. Are there any other issues when OS/2 (any version) is used as a client?

12.1.4. How do I get printer driver download working for OS/2 clients?

13.1. Introduction

13.2. CVS Access to samba.org

13.2.1. Access via CVSweb

13.2.2. Access via cvs

Index

nmbd server.

The default log directory is compiled into Samba +> server. The default log directory is compiled into Samba as part of the build process. Common defaults are /usr/local/samba/var/log.nmb/var/log/log.nmb.

. Beware: + If the directory specified does not exist, nmbd + will log to the default debug log location defined at compile time. +

-n <primary NetBIOS name>

UDP port number is a positive integer value. - This option changes the default UDP port number (normally 137) + This option changes the default UDP port number (normally 137) that nmbd responds to name queries on. Don't - use this option unless you are an expert, in which case you +> responds to name queries on. Don't + use this option unless you are an expert, in which case you won't need help!

-s <configuration file>

The default configuration file name +>The default configuration file name is set at build time, typically as /usr/local/samba/lib/smb.conf, but this may be changed when Samba is autoconfigured.

The file specified contains the configuration details +>The file specified contains the configuration details required by the server. See - smb.conf(5)

FILES

If the server is to be run by the +>If the server is to be run by the inetd meta-daemon, this file - must contain suitable startup information for the +> meta-daemon, this file + must contain suitable startup information for the meta-daemon. See the

or whatever initialization script your +>or whatever initialization script your system uses).

If running the server as a daemon at startup, - this file will need to contain an appropriate startup +>If running the server as a daemon at startup, + this file will need to contain an appropriate startup sequence for the server. See the

If running the server via the +>If running the server via the meta-daemon inetd, this file - must contain a mapping of service name (e.g., netbios-ssn) - to service port (e.g., 139) and protocol type (e.g., tcp). +>, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). See the

This is the default location of the +>This is the default location of the smb.conf - server configuration file. Other common places that systems + server configuration file. Other common places that systems install this file are /usr/samba/lib/smb.conf +> and /etc/smb.conf.

When run as a WINS server (see the +>When run as a WINS server (see the wins.dat +> in the var/locks directory configured under +> directory configured under wherever Samba was configured to install itself.

If

SIGNALS

To shut down an nmbd process it is recommended +> process it is recommended that SIGKILL (-9) NOT be used, except as a last - resort, as this may leave the name database in an inconsistent state. +> be used, except as a last + resort, as this may leave the name database in an inconsistent state. The correct way to terminate nmbd is to send it +> is to send it a SIGTERM (-15) signal and wait for it to die on its own.

nmbd will accept SIGHUP, which will cause +> will accept SIGHUP, which will cause it to dump out its namelists into the file namelist.debug @@ -562,12 +567,12 @@ CLASS="FILENAME" > in the /usr/local/samba/var/locks +> directory (or the var/locks directory configured - under wherever Samba was configured to install itself). This will also +> directory configured + under wherever Samba was configured to install itself). This will also cause nmbd

VERSION

SEE ALSO

AUTHOR

pdbedit [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i file]

[-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] [-D debuglevel]

DESCRIPTION

OPTIONS

-i file
-i passdb-backend

This command is used to import a smbpasswd - file into the database.

Use a different passdb backend to retrieve users than the one specified in smb.conf.

This option will ease migration from the plain smbpasswd - file database to more powerful backend databases like tdb and - ldap.

This option will ease migration from one passdb backend to another. +

Example: pdbedit -i /etc/smbpasswd.oldpdbedit -i smbpasswd:/etc/smbpasswd.old -e tdbsam:/etc/samba/passwd.tdb

-e passdb-backend

Export all currently available users to the specified password database backend.

This option will ease migration from one passdb backend to another and will ease backupping

Example: pdbedit -e smbpasswd:/root/samba-users.backup

NOTES

VERSION

SEE ALSO

AUTHOR

Section and parameter names are not case sensitive.

Only the first equals sign in a parameter is significant. - Whitespace before or after the first equals sign is discarded. + Whitespace before or after the first equals sign is discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value @@ -140,7 +140,7 @@ NAME="AEN28" >

Sections may be designated guest services, +> services, in which case no password is required to access them. A specified UNIX guest account%d

The process id of the current server +>The process id of the current server process.

short preserve case = yes/no

controls if new files which conform to 8.3 syntax, +>controls if new files which conform to 8.3 syntax, that is all in upper case and of suitable length, are created upper case, or if they are forced to be the "default" case. This option can be use with "preserve case = yes" @@ -785,8 +785,9 @@ NAME="AEN236" steps fail, then the connection request is rejected. However, if one of the steps succeeds, then the following steps are not checked.

If the service is marked "guest only = yes" then - steps 1 to 5 are skipped.

If the service is marked "guest only = yes" and the + server is running with share-level security ("security = share") + then steps 1 to 5 are skipped.

  1. algorithmic rid base

  3. lock spin count

  4. lock spin time

  5. pid directory

  7. nt status support

  8. COMPLETE LIST OF SERVICE PARAMETERS

  9. csc policy

  11. inherit acls

  13. share modes

  14. EXPLANATION OF EACH PARAMETER

algorithmic rid base (G)

This determines how Samba will use its + algorithmic mapping from uids/gid to the RIDs needed to construct + NT Security Identifiers.

Setting this option to a larger value could be useful to sites + transitioning from WinNT and Win2k, as existing user and + group rids would otherwise clash with sytem users etc. +

All UIDs and GIDs must be able to be resolved into SIDs for + the correct operation of ACLs on the server. As such the algorithmic + mapping can't be 'turned off', but pushing it 'out of the way' should + resolve the issues. Users and groups can then be assigned 'low' RIDs + in arbitary-rid supporting backends.

Default: algorithmic rid base = 1000

Example: algorithmic rid base = 100000

allow trusted domains (G)
csc policy (S)

This stands for client-side caching + policy, and specifies how clients capable of offline + caching will cache the files in the share. The valid values + are: manual, documents, programs, disable.

These values correspond to those used on Windows + servers.

For example, shares containing roaming profiles can have + offline caching disabled using csc policy = disable + .

Default: csc policy = manual

Example: csc policy = programs

deadtime (G)
inherit acls (S)

This parameter can be used to ensure + that if default acls exist on parent directories, + they are always honored when creating a subdirectory. + The default behavior is to use the mode specified + when creating the directory. Enabling this option + sets the mode to 0777, thus guaranteeing that + default directory acls are propagated. +

Default: inherit acls = no +

inherit permissions (S)
lock spin count (G)

This parameter controls the number of times + that smbd should attempt to gain a byte range lock on the + behalf of a client request. Experiments have shown that + Windows 2k servers do not reply with a failure if the lock + could not be immediately granted, but try a few more times + in case the lock could later be aquired. This behavior + is used to support PC database formats such as MS Access + and FoxPro. +

Default: lock spin count = 2 +

lock spin time (G)

The time in microseconds that smbd should + pause before attempting to gain a failed lock. See + lock spin + count for more details. +

Default: lock spin time = 10 +

locking (S)

Currently eight styles of printer status information - are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. +>Currently nine styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX, CUPS, and SOFTQ. This covers most UNIX systems. You control which type is expected using the $PATH may not be available to the server.

may not be available to the server. When compiled with + the CUPS libraries, no lpq command is + needed because smbd will make a library call to obtain the + print queue listing.

See also the

nt status support (G)

This boolean parameter controls whether smbd(8) will negotiate NT specific status + support with Windows NT/2k/XP clients. This is a developer + debugging option and should be left alone. + If this option is set to no then Samba offers + exactly the same DOS error codes that versions prior to Samba 2.2.3 + reported.

You should not need to ever disable this parameter.

Default: nt status support = yes

null passwords (G)
passdb backend (G)

This option allows the administrator to chose what - backend in which to store passwords. This allows (for example) both - smbpasswd and tdbsam to be used without a recompile. Only one can - be used at a time however, and experimental backends must still be selected +>This option allows the administrator to chose which backends to retrieve and store passwords with. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. + Multiple backends can be specified, seperated by spaces. The backends will be searched in the order they are specified. New users are always added to the first backend specified. + Experimental backends must still be selected (eg --with-tdbsam) at configure time.

Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdbpassdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd

Example:

Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_argspassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb

pid directory (G)

This option specifies the directory where pid + files will be placed.

Default: pid directory = ${prefix}/var/locks

Example: pid directory = /var/run/ +

posix locking (S)

The print command is simply a text string. It will be used - verbatim, with two exceptions: All occurrences of %s - and %f will be replaced by the - appropriate spool file name, and all occurrences of %p - will be replaced by the appropriate printer name. The - spool file name is generated automatically by the server. The - %J macro can be used to access the job + verbatim after macro substitutions have been made:

s, %p - the path to the spool + file name

%p - the appropriate printer + name

%J - the job name as transmitted by the client.

%c - The number of printed pages + of the spooled job (if known).

%z - the size of the spooled + print job (in bytes)

The print command MUST contain at least @@ -13923,6 +14204,25 @@ CLASS="COMMAND" >print command = lp -d%p -s %s; rm %s

For printing = CUPS : If SAMBA is compiled against + libcups, then printcap = cups + uses the CUPS API to + submit jobs, etc. Otherwise it maps to the System V + commands with the -oraw option for printing, i.e. it + uses lp -c -d%p -oraw; rm %s. + With printing = cups, + and if SAMBA is compiled against libcups, any manually + set print command will be ignored.

Example: print command = /usr/local/samba/bin/myprintscript @@ -14013,6 +14313,23 @@ HREF="#AEN79" > section above for reasons why you might want to do this.

To use the CUPS printing interface set printcap name = cups + . This should be supplemented by an addtional setting + printing = cups in the [global] + section. printcap name = cups will use the + "dummy" printcap created by CUPS, as specified in your CUPS + configuration file. +

On System V systems that use lpstat

share modes (S)

This enables or disables the honoring of + the share modes during a file open. These + modes are used by clients to gain exclusive read or write access + to a file.

These open modes are not directly supported by UNIX, so + they are simulated using shared memory, or lock files if your + UNIX doesn't support shared memory (almost all do).

The share modes that are enabled by this option are + DENY_DOS, DENY_ALL, + DENY_READ, DENY_WRITE, + DENY_NONE and DENY_FCB. +

This option gives full share compatibility and enabled + by default.

You should NEVER turn this parameter + off as many Windows applications will break if you do so.

Default: share modes = yes

short preserve case (S)
winbind cache timewinbind cache time (G)

This parameter specifies the number of seconds the @@ -18279,8 +18654,7 @@ CLASS="COMMAND" >winbind enum - userswinbind enum users (G)

On large installations using @@ -18331,8 +18705,7 @@ CLASS="COMMAND" >winbind enum - groupswinbind enum groups (G)

On large installations using @@ -18382,7 +18755,7 @@ CLASS="COMMAND" >winbind gidwinbind gid (G)

The winbind gid parameter specifies the range of group @@ -18409,7 +18782,7 @@ CLASS="COMMAND" >winbind separatorwinbind separator (G)

This parameter allows an admin to define the character @@ -18439,21 +18812,21 @@ CLASS="FILENAME" with group membership at least on glibc systems, as the character + is used as a special character for NIS in /etc/group.

Example: Default: winbind separator = \\winbind separator = '\'

Example: winbind separator = /winbind separator = +

winbind uid
winbind uid (G)

The winbind gid parameter specifies the range of group @@ -18873,7 +19246,7 @@ CLASS="COMMAND" >

WARNINGS

VERSION

SEE ALSO

AUTHOR

-W WORKGROUP

Override the default workgroup specified in the - workgroup parameter of the Override the default workgroup (domain) specified + in the workgroup parameter of the smb.conf file - for this connection. This may be needed to connect to some +> + file for this connection. This may be needed to connect to some servers.

altname file

The client will request that the server return + the "alternate" name (the 8.3 name) for a file or directory. +

cancel jobid0 [jobid1] ... [jobidN]

The client will request that the server cancel + the printjobs identified by the given numeric print job ids. +

chmod file mode in octal

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX permissions to the given octal mode, in standard UNIX format. +

chown file uid gid

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + change the UNIX user and group ownership to the given decimal values. Note there is + currently no way to remotely look up the UNIX uid and gid values for a given name. + This may be addressed in future versions of the CIFS UNIX extensions. +

cd [directory name]

link source destination

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a hard link between the source and destination files. The source file + must not exist. +

lowercase

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set + file permissions. For example:

setmode myfile +r

would make myfile read only.

symlink source destination

This command depends on the server supporting the CIFS + UNIX extensions and will fail if the server does not. The client requests that the server + create a symbolic hard link between the source and destination files. The source file + must not exist. Note that the server will not create a link to any path that lies + outside the currently connected share. This is enforced by the Samba server. +

tar <c|x>[IXbgNa]

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set - file permissions. For example:

setmode myfile +r

would make myfile read only.

NOTES

ENVIRONMENT VARIABLES

INSTALLATION

DIAGNOSTICS

VERSION

AUTHOR

Name

smbcontrol -- send messages to smbd or nmbd processes
smbcontrol -- send messages to smbd, nmbd or winbindd processes
smbd(8) or +>, an nmbd(8) daemon running on the - system.

+ or a winbindd(8) + daemon running on the system.

OPTIONS

smbd

The message-type sends a "request profile level" message. The current profile level setting is returned by a "profilelevel" message. This can be sent - to any of the destinations.

The smbd.

The close-share message-type sends a - message to smbd which forces smbd to close the share that was - specified as an argument. This may be useful if you made changes - to the access controls on the share.

parameters

VERSION

SEE ALSO

AUTHOR

smb.conf(5) file. +> file. Beware: + If the directory specified does not exist, smbd + will log to the default debug log location defined at compile time.

The default log directory is specified at @@ -354,7 +361,7 @@ CLASS="FILENAME" >

FILES

LIMITATIONS

ENVIRONMENT VARIABLES

PAM INTERACTION

VERSION

DIAGNOSTICS

SIGNALS

SEE ALSO

AUTHOR

smbumountsmbmount {service} {mount-point} [-o options]

smbsh

[-W workgroup] [-U username] [-P prefix] [-R <name resolve order>] [-d <debug level>] [-l logfile] [-L libdir]

DESCRIPTION

smbsh to work correctly.

OPTIONS

-W WORKGROUP

Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this session. This may be needed to connect to some + servers.

-U username[%pass]

Sets the SMB username or username and password. + If this option is not specified, the user will be prompted for + both the username and the password. If %pass is not specified, + the user will be prompted for the password. +

-P prefix

This option allows + the user to set the directory prefix for SMB access. The + default value if this option is not specified is + smb. +

-R <name resolve order>

This option is used to determine what naming + services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.

The options are :"lmhosts", "host", "wins" and "bcast". + They cause names to be resolved as follows :

  • lmhosts : + Lookup an IP address in the Samba lmhosts file. If the + line in lmhosts has no name type attached to the + NetBIOS name + (see the lmhosts(5) + for details) then any name type matches for lookup. +

  • host : + Do a standard host name to IP address resolution, using + the system /etc/hosts, NIS, or DNS + lookups. This method of name resolution is operating + system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used + if the NetBIOS name type being queried is the 0x20 + (server) name type, otherwise it is ignored. +

  • wins : + Query a name with the IP address listed in the + wins server parameter. If no + WINS server has been specified this method will be + ignored. +

  • bcast : + Do a broadcast on each of the known local interfaces + listed in the interfaces + parameter. This is the least reliable of the name + resolution methods as it depends on the target host + being on a locally connected subnet. +

If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used.

The default order is lmhosts, host, wins, bcast. Without + this parameter or any entry in the name resolve order + parameter of the smb.conf + file, the name resolution methods will be attempted in this + order.

-d <debug level>

debug level is an integer from 0 to 10.

The default value if this parameter is not specified + is zero.

The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged. +

-l logfilename

If specified causes all debug messages to be + written to the file specified by logfilename + . If not specified then all messages will be + written tostderr. +

-L libdir

This parameter specifies the location of the + shared libraries used by smbsh. The default + value is specified at compile time. +

EXAMPLES

To use the

VERSION

BUGS

SEE ALSO

AUTHOR

wbinfo [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p]

[-u] [-g] [-h name] [-i ip] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-r user] [-a user%password] [-A user%password]

DESCRIPTION

OPTIONS

.

-h name

The -h option + queries winbindd(8) to query the WINS + server for the IP address associated with the NetBIOS name + specified by the name parameter. +

-i ip

The -i option + queries winbindd(8) to send a node status + request to get the NetBIOS name associated with the IP address + specified by the ip parameter. +

-n name

-r username

Try to obtain the list of UNIX group ids + to which the user belongs. This only works for users + defined on a Domain Controller. +

-a username%password

-p
-A username%password

Attempt a simple 'ping' check that the winbindd - is indeed alive. +>Store username and password used by winbindd + during session setup to a domain controller. This enables + winbindd to operate in a Windows 2000 domain with Restrict + Anonymous turned on (a.k.a. Permissions compatiable with + Windows 2000 servers only).

EXIT STATUS

VERSION

SEE ALSO

AUTHOR

hosts

User information traditionally stored in + the hosts(5) file and used by + gethostbyname(3) functions. Names are + resolved through the WINS server or by broadcast. +

passwd

The following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve hostnames from /etc/hosts and then from the + WINS server.

OPTIONS

NAME AND ID RESOLUTION

CONFIGURATION

EXAMPLE SETUP

NOTES

SIGNALS

FILES

VERSION

SEE ALSO

AUTHOR