From f62eaeb1a5add34ee7353d0d95db3c84a5c71c22 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 13 Aug 2003 06:07:10 +0000 Subject: regenerate (This used to be commit 75a8a906e8031b50e6583f2e0354073a8aa7f5f3) --- docs/manpages/net.8 | 6 +- docs/manpages/nmbd.8 | 14 +- docs/manpages/nmblookup.1 | 8 +- docs/manpages/ntlm_auth.1 | 4 +- docs/manpages/pdbedit.8 | 8 +- docs/manpages/rpcclient.1 | 8 +- docs/manpages/smb.conf.5 | 463 +++++++++++++++++++++++---------------------- docs/manpages/smbcacls.1 | 4 +- docs/manpages/smbclient.1 | 8 +- docs/manpages/smbcontrol.1 | 2 +- docs/manpages/smbcquotas.1 | 4 +- docs/manpages/smbd.8 | 12 +- docs/manpages/smbpasswd.8 | 2 +- docs/manpages/smbsh.1 | 8 +- docs/manpages/smbstatus.1 | 4 +- docs/manpages/smbtree.1 | 4 +- docs/manpages/swat.8 | 4 +- docs/manpages/vfstest.1 | 4 +- docs/manpages/wbinfo.1 | 96 +++++++--- docs/manpages/winbindd.8 | 12 +- 20 files changed, 360 insertions(+), 315 deletions(-) (limited to 'docs/manpages') diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 index d473503792..3f3f9340be 100644 --- a/docs/manpages/net.8 +++ b/docs/manpages/net.8 @@ -70,12 +70,12 @@ Port on the target server to connect to (usually 139 or 445)\&. Defaults to tryi .TP -n -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -104,7 +104,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .SH "COMMANDS" diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index 096876bfde..0b63e77ee2 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -89,7 +89,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -103,7 +103,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -120,7 +120,7 @@ UDP port number is a positive integer value\&. This option changes the default U .TP \fI/etc/inetd\&.conf\fR -If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the install document for details\&. +If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. .TP @@ -128,12 +128,12 @@ If the server is to be run by the \fBinetd\fR meta-daemon, this file must contai or whatever initialization script your system uses)\&. -If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. .TP \fI/etc/services\fR -If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. .TP @@ -141,10 +141,10 @@ If running the server via the meta-daemon \fBinetd\fR, this file must contain a This is the default location of the \fBsmb.conf\fR(5) server configuration file\&. Other common places that systems install this file are \fI/usr/samba/lib/smb\&.conf\fR and \fI/etc/samba/smb\&.conf\fR\&. -When run as a WINS server (see the \fBwins support\fR parameter in the \fBsmb.conf\fR(5) man page), \fBnmbd\fR will store the WINS database in the file \fIwins\&.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. +When run as a WINS server (see the \fIwins support\fR parameter in the \fBsmb.conf\fR(5) man page), \fBnmbd\fR will store the WINS database in the file \fIwins\&.dat\fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. -If \fBnmbd\fR is acting as a \fB browse master\fR (see the \fBlocal master\fR parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse\&.dat \fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. +If \fBnmbd\fR is acting as a \fB browse master\fR (see the \fIlocal master\fR parameter in the \fBsmb.conf\fR(5) man page, \fBnmbd\fR will store the browsing database in the file \fIbrowse\&.dat \fR in the \fIvar/locks\fR directory configured under wherever Samba was configured to install itself\&. .SH "SIGNALS" diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index 2f16025593..5cc590ae11 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -65,7 +65,7 @@ Interpret \fIname\fR as an IP Address and do a node status query on this address .TP -n -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP @@ -80,7 +80,7 @@ Set the SMB domain of the username\&. This overrides the default domain which is .TP -O socket options -TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&. +TCP socket options to set on the client socket\&. See the socket options parameter in the \fIsmb\&.conf\fR manual page for the list of valid options\&. .TP @@ -105,7 +105,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -119,7 +119,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/ntlm_auth.1 b/docs/manpages/ntlm_auth.1 index 082d9422c8..e234ad7fb8 100644 --- a/docs/manpages/ntlm_auth.1 +++ b/docs/manpages/ntlm_auth.1 @@ -93,7 +93,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -107,7 +107,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index ff0fc1244b..75a655a7e7 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -24,9 +24,9 @@ pdbedit \- manage the SAM database .nf \fBpdbedit\fR [-L] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-D drive] [-S - script] [-p profile] [-a] [-m] [-x] [-i passdb-backend] [-e passdb-backend] + script] [-p profile] [-a] [-m] [-r] [-x] [-i passdb-backend] [-e passdb-backend] [-b passdb-backend] [-g] [-d debuglevel] [-s configfile] [-P account-policy] - [-C value] + [-C value] [-c account-control] .fi .SH "DESCRIPTION" @@ -287,7 +287,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -301,7 +301,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 34cb6a1fa5..0684d74197 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -66,7 +66,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -80,7 +80,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -133,7 +133,7 @@ Be cautious about including passwords in scripts\&. Also, on many systems the co .TP -n -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP @@ -148,7 +148,7 @@ Set the SMB domain of the username\&. This overrides the default domain which is .TP -O socket options -TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&. +TCP socket options to set on the client socket\&. See the socket options parameter in the \fIsmb\&.conf\fR manual page for the list of valid options\&. .TP diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index ec77102365..3bc6f8ad49 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -516,7 +516,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIdead time\fR +\fIdeadtime\fR .TP \(bu @@ -540,11 +540,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIdefault\fR +\fIdefault service\fR .TP \(bu -\fIdefault service\fR +\fIdefault\fR .TP \(bu @@ -642,6 +642,10 @@ Here is a list of all global parameters\&. See the section of each parameter for \(bu \fIhosts equiv\fR +.TP +\(bu +\fIidmap backend\fR + .TP \(bu \fIidmap gid\fR @@ -736,11 +740,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIlock dir\fR +\fIlock directory\fR .TP \(bu -\fIlock directory\fR +\fIlock dir\fR .TP \(bu @@ -928,11 +932,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIpasswd chat\fR +\fIpasswd chat debug\fR .TP \(bu -\fIpasswd chat debug\fR +\fIpasswd chat\fR .TP \(bu @@ -960,11 +964,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIpreload\fR +\fIpreload modules\fR .TP \(bu -\fIpreload modules\fR +\fIpreload\fR .TP \(bu @@ -1008,7 +1012,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIroot\fR +\fIroot directory\fR .TP \(bu @@ -1016,7 +1020,7 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIroot directory\fR +\fIroot\fR .TP \(bu @@ -1072,11 +1076,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIsyslog\fR +\fIsyslog only\fR .TP \(bu -\fIsyslog only\fR +\fIsyslog\fR .TP \(bu @@ -1102,10 +1106,6 @@ Here is a list of all global parameters\&. See the section of each parameter for \(bu \fItimestamp logs\fR -.TP -\(bu -\fItotal print jobs\fR - .TP \(bu \fIunicode\fR @@ -1144,11 +1144,11 @@ Here is a list of all global parameters\&. See the section of each parameter for .TP \(bu -\fIutmp\fR +\fIutmp directory\fR .TP \(bu -\fIutmp directory\fR +\fIutmp\fR .TP \(bu @@ -1301,10 +1301,6 @@ Here is a list of all service parameters\&. See the section on each parameter fo \(bu \fIdeny hosts\fR -.TP -\(bu -\fIdirectory\fR - .TP \(bu \fIdirectory mask\fR @@ -1317,6 +1313,10 @@ Here is a list of all service parameters\&. See the section on each parameter fo \(bu \fIdirectory security mask\fR +.TP +\(bu +\fIdirectory\fR + .TP \(bu \fIdont descend\fR @@ -1381,10 +1381,6 @@ Here is a list of all service parameters\&. See the section on each parameter fo \(bu \fIgroup\fR -.TP -\(bu -\fIguest account\fR - .TP \(bu \fIguest ok\fR @@ -1555,11 +1551,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIpreexec\fR +\fIpreexec close\fR .TP \(bu -\fIpreexec close\fR +\fIpreexec\fR .TP \(bu @@ -1579,15 +1575,15 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIprinter\fR +\fIprinter admin\fR .TP \(bu -\fIprinter admin\fR +\fIprinter name\fR .TP \(bu -\fIprinter name\fR +\fIprinter\fR .TP \(bu @@ -1627,11 +1623,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIroot preexec\fR +\fIroot preexec close\fR .TP \(bu -\fIroot preexec close\fR +\fIroot preexec\fR .TP \(bu @@ -1671,15 +1667,15 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIuser\fR +\fIusername\fR .TP \(bu -\fIusername\fR +\fIusers\fR .TP \(bu -\fIusers\fR +\fIuser\fR .TP \(bu @@ -1687,11 +1683,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fI-valid\fR +\fIvalid users\fR .TP \(bu -\fIvalid users\fR +\fI-valid\fR .TP \(bu @@ -1703,11 +1699,11 @@ Here is a list of all service parameters\&. See the section on each parameter fo .TP \(bu -\fIvfs object\fR +\fIvfs objects\fR .TP \(bu -\fIvfs objects\fR +\fIvfs object\fR .TP \(bu @@ -2242,7 +2238,7 @@ Example: \fBcsc policy = programs\fR .TP -dead time (G) +deadtime (G) The value of the parameter (a decimal integer) represents the number of minutes of inactivity before a connection is considered dead, and it is disconnected\&. The deadtime only takes effect if the number of open files is zero\&. @@ -2310,11 +2306,6 @@ Note that the parameter \fI debug timestamp\fR must be on for this to have an ef Default: \fBdebug uid = no\fR -.TP -default (G) -A synonym for \fI default service\fR\&. - - .TP default case (S) See the section on NAME MANGLING\&. Also note the \fIshort preserve case\fR parameter\&. @@ -2370,6 +2361,11 @@ Example: .fi +.TP +default (G) +A synonym for \fI default service\fR\&. + + .TP delete group script (G) This is the full pathname to a script that will be run \fBAS ROOT\fR \fBsmbd\fR(8) when a group is requested to be deleted\&. It will expand any \fI%g\fR to the group name passed\&. This script is only useful for installations using the Windows NT domain administration tools\&. @@ -2526,11 +2522,6 @@ or perhaps (on Sys V based systems): Note that you may have to replace the command names with full path names on some systems\&. -.TP -directory (S) -Synonym for \fIpath\fR\&. - - .TP directory mask (S) This parameter is the octal modes which are used when converting DOS modes to UNIX modes when creating UNIX directories\&. @@ -2591,6 +2582,11 @@ Default: \fBdirectory security mask = 0777\fR Example: \fBdirectory security mask = 0700\fR +.TP +directory (S) +Synonym for \fIpath\fR\&. + + .TP disable netbios (G) Enabling this parameter will disable netbios support in Samba\&. Netbios is the only available form of browsing in all windows versions except for 2000 and XP\&. @@ -2959,11 +2955,11 @@ Synonym for \fIforce group\fR\&. .TP -guest account (G,S) +guest account (G) This is a username which will be used for access to services which are specified as \fI guest ok\fR (see below)\&. Whatever privileges this user has will be available to any client connecting to the guest service\&. Typically this user will exist in the password file, but will not have a valid login\&. The user account "ftp" is often a good choice for this parameter\&. If a username is specified in a given service, the specified username overrides this one\&. -One some systems the default guest account "nobody" may not be able to print\&. Use another account in this case\&. You should test this by trying to log in as your guest user (perhaps by using the \fBsu -\fR command) and trying to print using the system print command such as \fBlpr(1)\fR or \fB lp(1)\fR\&. +On some systems the default guest account "nobody" may not be able to print\&. Use another account in this case\&. You should test this by trying to log in as your guest user (perhaps by using the \fBsu -\fR command) and trying to print using the system print command such as \fBlpr(1)\fR or \fB lp(1)\fR\&. This parameter does not accept % macros, because many parts of the system require this value to be constant for correct operation\&. @@ -3093,7 +3089,7 @@ Example: \fBhomedir map = amd.homedir\fR .TP host msdfs (G) -This boolean parameter is only available if Samba has been configured and compiled with the \fB --with-msdfs\fR option\&. If set to \fByes\fR, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server\&. +If set to \fByes\fR, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server\&. See also the \fI msdfs root\fR share level parameter\&. For more information on setting up a Dfs tree on Samba, refer to msdfs_setup\&.html\&. @@ -3198,9 +3194,20 @@ Default: \fBno host equivalences\fR Example: \fBhosts equiv = /etc/hosts.equiv\fR +.TP +idmap backend (G) +The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common LDAP backend\&. This way all domain members and controllers will have the same UID and GID to SID mappings\&. This avoids the risk of UID / GID inconsistencies across UNIX / Linux systems that are sharing information over protocols other than SMB/CIFS (ie: NFS)\&. + + +Default: \fBidmap backend = \fR + + +Example: \fBidmap backend = ldapsam://ldapslave.example.com\fR + + .TP idmap gid (G) -The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&. +The idmap gid parameter specifies the range of group ids that are allocated for the purpose of mapping UNIX groups to NT group SIDs\&. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise\&. The availability of an idmap gid range is essential for correct operation of all group mapping\&. @@ -3575,11 +3582,6 @@ Setting this value to \fBno\fR will cause \fBnmbd\fR \fBnever\fR to become a loc Default: \fBlocal master = yes\fR -.TP -lock dir (G) -Synonym for \fI lock directory\fR\&. - - .TP lock directory (G) This option specifies the directory where lock files will be placed\&. The lock files are used to implement the \fImax connections\fR option\&. @@ -3591,6 +3593,11 @@ Default: \fBlock directory = ${prefix}/var/locks\fR Example: \fBlock directory = /var/run/samba/locks\fR +.TP +lock dir (G) +Synonym for \fI lock directory\fR\&. + + .TP locking (S) This controls whether or not locking will be performed by the server in response to lock requests from the client\&. @@ -3616,7 +3623,7 @@ lock spin count (G) This parameter controls the number of times that smbd should attempt to gain a byte range lock on the behalf of a client request\&. Experiments have shown that Windows 2k servers do not reply with a failure if the lock could not be immediately granted, but try a few more times in case the lock could later be aquired\&. This behavior is used to support PC database formats such as MS Access and FoxPro\&. -Default: \fBlock spin count = 2\fR +Default: \fBlock spin count = 3\fR .TP @@ -4033,6 +4040,9 @@ mangle prefix (G) controls the number of prefix characters from the original name used when generating the mangled names\&. A larger value will give a weaker hash and therefore more name collisions\&. The minimum value is 1 and the maximum value is 6\&. +mangle prefix is effective only when mangling method is hash2\&. + + Default: \fBmangle prefix = 1\fR @@ -4041,7 +4051,7 @@ Example: \fBmangle prefix = 4\fR .TP mangling char (S) -This controls what character is used as the \fBmagic\fR character in name mangling\&. The default is a '~' but this may interfere with some software\&. Use this option to set it to whatever you prefer\&. +This controls what character is used as the \fBmagic\fR character in name mangling\&. The default is a '~' but this may interfere with some software\&. Use this option to set it to whatever you prefer\&. This is effective only when mangling method is hash\&. Default: \fBmangling char = ~\fR @@ -4409,7 +4419,7 @@ Example: \fBmsdfs proxy = \\\\otherserver\\someshare\fR .TP msdfs root (S) -This boolean parameter is only available if Samba is configured and compiled with the \fB --with-msdfs\fR option\&. If set to \fByes\fR, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory\&. Dfs links are specified in the share directory by symbolic links of the form \fImsdfs:serverA\\\\shareA,serverB\\\\shareB\fR and so on\&. For more information on setting up a Dfs tree on Samba, refer to "Hosting a Microsoft Distributed File System tree on Samba" document\&. +If set to \fByes\fR, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory\&. Dfs links are specified in the share directory by symbolic links of the form \fImsdfs:serverA\\\\shareA,serverB\\\\shareB\fR and so on\&. For more information on setting up a Dfs tree on Samba, refer to "Hosting a Microsoft Distributed File System tree on Samba" document\&. See also \fIhost msdfs\fR @@ -4712,6 +4722,17 @@ Example: \fBpassdb backend = ldapsam:ldaps://ldap.example.com guest\fR Example: \fBpassdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest\fR +.TP +passwd chat debug (G) +This boolean specifies if the passwd chat script parameter is run in \fBdebug\fR mode\&. In this mode the strings passed to and received from the passwd chat are printed in the \fBsmbd\fR(8) log with a \fIdebug level\fR of 100\&. This is a dangerous option as it will allow plaintext passwords to be seen in the \fBsmbd\fR log\&. It is available to help Samba admins debug their \fIpasswd chat\fR scripts when calling the \fIpasswd program\fR and should be turned off after this has been done\&. This option has no effect if the \fIpam password change\fR paramter is set\&. This parameter is off by default\&. + + +See also \fIpasswd chat\fR , \fIpam password change\fR , \fIpasswd program\fR \&. + + +Default: \fBpasswd chat debug = no\fR + + .TP passwd chat (G) This string controls the \fB"chat"\fR conversation that takes places between \fBsmbd\fR(8) and the local password changing program to change the user's password\&. The string describes a sequence of response-receive pairs that \fBsmbd\fR(8) uses to determine what to send to the \fIpasswd program\fR and what to expect back\&. If the expected output is not received then the password is not changed\&. @@ -4741,17 +4762,6 @@ Default: \fBpasswd chat = *new*password* %n\\n *new*password* %n\\n *changed*\fR Example: \fBpasswd chat = "*Enter OLD password*" %o\\n "*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password changed*"\fR -.TP -passwd chat debug (G) -This boolean specifies if the passwd chat script parameter is run in \fBdebug\fR mode\&. In this mode the strings passed to and received from the passwd chat are printed in the \fBsmbd\fR(8) log with a \fIdebug level\fR of 100\&. This is a dangerous option as it will allow plaintext passwords to be seen in the \fBsmbd\fR log\&. It is available to help Samba admins debug their \fIpasswd chat\fR scripts when calling the \fIpasswd program\fR and should be turned off after this has been done\&. This option has no effect if the \fIpam password change\fR paramter is set\&. This parameter is off by default\&. - - -See also \fIpasswd chat\fR , \fIpam password change\fR , \fIpasswd program\fR \&. - - -Default: \fBpasswd chat debug = no\fR - - .TP passwd program (G) The name of a program that can be used to set UNIX user passwords\&. Any occurrences of \fI%u\fR will be replaced with the user name\&. The user name is checked for existence before calling the password changing program\&. @@ -4766,6 +4776,9 @@ Also note that many passwd programs insist in \fBreasonable \fR passwords, such If the \fIunix password sync\fR parameter is set this parameter \fBMUST USE ABSOLUTE PATHS\fR for \fBALL\fR programs called, and must be examined for security implications\&. Note that by default \fIunix password sync\fR is set to \fBno\fR\&. +Not that this program is only invoked when a password change is done via the smbd program, not when smbpasswd is used locally as root to change a password\&. This means that you cannot run "smbpasswd USERNAME" as root on the SMB server in order to test this parameter, but should run the command "smbpasswd -r SMBMACHINE" as a non-root user instead if you want to test the invocation of this program\&. + + See also \fIunix password sync\fR\&. @@ -4922,6 +4935,14 @@ Default: \fBnone (no command executed)\fR Example: \fBpostexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log\fR +.TP +preexec close (S) +This boolean option controls whether a non-zero return code from \fIpreexec \fR should close the service being connected to\&. + + +Default: \fBpreexec close = no\fR + + .TP preexec (S) This option specifies a command to be run whenever the service is connected to\&. It takes the usual substitutions\&. @@ -4945,14 +4966,6 @@ Default: \fBnone (no command executed)\fR Example: \fBpreexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log\fR -.TP -preexec close (S) -This boolean option controls whether a non-zero return code from \fIpreexec \fR should close the service being connected to\&. - - -Default: \fBpreexec close = no\fR - - .TP prefered master (G) Synonym for \fI preferred master\fR for people who cannot spell :-)\&. @@ -4976,31 +4989,31 @@ Default: \fBpreferred master = auto\fR .TP -preload (G) -This is a list of services that you want to be automatically added to the browse lists\&. This is most useful for homes and printers services that would otherwise not be visible\&. +preload modules (G) +This is a list of paths to modules that should be loaded into smbd before a client connects\&. This improves the speed of smbd when reacting to new connections somewhat\&. -Note that if you just want all printers in your printcap file loaded then the \fIload printers\fR option is easier\&. +It is recommended to only use this option on heavy-performance servers\&. -Default: \fBno preloaded services\fR +Default: \fBpreload modules = \fR -Example: \fBpreload = fred lp colorlp\fR +Example: \fBpreload modules = /usr/lib/samba/passdb/mysql.so+++ \fR .TP -preload modules (G) -This is a list of paths to modules that should be loaded into smbd before a client connects\&. This improves the speed of smbd when reacting to new connections somewhat\&. +preload (G) +This is a list of services that you want to be automatically added to the browse lists\&. This is most useful for homes and printers services that would otherwise not be visible\&. -It is recommended to only use this option on heavy-performance servers\&. +Note that if you just want all printers in your printcap file loaded then the \fIload printers\fR option is easier\&. -Default: \fBpreload modules = \fR +Default: \fBno preloaded services\fR -Example: \fBpreload modules = /usr/lib/samba/passdb/mysql.so+++ \fR +Example: \fBpreload = fred lp colorlp\fR .TP @@ -5025,11 +5038,6 @@ Note that a printable service will ALWAYS allow writing to the service path (use Default: \fBprintable = no\fR -.TP -printcap (G) -Synonym for \fI printcap name\fR\&. - - .TP printcap name (S) This parameter may be used to override the compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR)\&. See the discussion of the [printers] section above for reasons why you might want to do this\&. @@ -5065,6 +5073,11 @@ Default: \fBprintcap name = /etc/printcap\fR Example: \fBprintcap name = /etc/myprintcap\fR +.TP +printcap (G) +Synonym for \fI printcap name\fR\&. + + .TP print command (S) After a print job has finished spooling to a service, this command will be used via a \fBsystem()\fR call to process the spool file\&. Typically the command specified will submit the spool file to the host's printing subsystem, but there is no requirement that this be the case\&. The server will not remove the spool file, so whatever command you specify should remove the spool file when it has been processed, otherwise you will need to manually remove old spool files\&. @@ -5133,11 +5146,6 @@ For printing = CUPS : If SAMBA is compiled against libcups, then printcap = cups Example: \fBprint command = /usr/local/samba/bin/myprintscript %p %s\fR -.TP -printer (S) -Synonym for \fI printer name\fR\&. - - .TP printer admin (S) This is a list of users that can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation)\&. Note that the root user always has admin rights\&. @@ -5163,6 +5171,11 @@ Default: \fBnone (but may be \fBlp\fR on many systems)\fR Example: \fBprinter name = laserwriter\fR +.TP +printer (S) +Synonym for \fI printer name\fR\&. + + .TP printing (S) This parameters controls how printer status information is interpreted on your system\&. It also affects the default values for the \fIprint command\fR, \fIlpq command\fR, \fIlppause command \fR, \fIlpresume command\fR, and \fIlprm command\fR if specified in the [global] section\&. @@ -5400,16 +5413,6 @@ The security advantage of using restrict anonymous = 2 is removed by setting \fI Default: \fBrestrict anonymous = 0\fR -.TP -root (G) -Synonym for \fIroot directory"\fR\&. - - -.TP -root dir (G) -Synonym for \fIroot directory"\fR\&. - - .TP root directory (G) The server will \fBchroot()\fR (i\&.e\&. Change its root directory) to this directory on startup\&. This is not strictly necessary for secure operation\&. Even without it the server will deny access to files not in one of the service entries\&. It may also check for, and deny access to, soft links to other parts of the filesystem, or attempts to use "\&.\&." in file names to access other directories (depending on the setting of the \fIwide links\fR parameter)\&. @@ -5424,6 +5427,11 @@ Default: \fBroot directory = /\fR Example: \fBroot directory = /homes/smb\fR +.TP +root dir (G) +Synonym for \fIroot directory"\fR\&. + + .TP root postexec (S) This is the same as the \fIpostexec\fR parameter except that the command is run as root\&. This is useful for unmounting filesystems (such as CDROMs) after a connection is closed\&. @@ -5435,6 +5443,17 @@ See also \fI postexec\fR\&. Default: \fBroot postexec = \fR +.TP +root preexec close (S) +This is the same as the \fIpreexec close \fR parameter except that the command is run as root\&. + + +See also \fI preexec\fR and \fIpreexec close\fR\&. + + +Default: \fBroot preexec close = no\fR + + .TP root preexec (S) This is the same as the \fIpreexec\fR parameter except that the command is run as root\&. This is useful for mounting filesystems (such as CDROMs) when a connection is opened\&. @@ -5447,14 +5466,31 @@ Default: \fBroot preexec = \fR .TP -root preexec close (S) -This is the same as the \fIpreexec close \fR parameter except that the command is run as root\&. +root (G) +Synonym for \fIroot directory"\fR\&. -See also \fI preexec\fR and \fIpreexec close\fR\&. +.TP +security mask (S) +This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box\&. -Default: \fBroot preexec close = no\fR +This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not in this mask from being modified\&. Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change\&. + + +If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file\&. + + +\fBNote\fR that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems\&. Administrators of most normal systems will probably want to leave it set to \fB0777\fR\&. + + +See also the \fIforce directory security mode\fR, \fIdirectory security mask\fR, \fIforce security mode\fR parameters\&. + + +Default: \fBsecurity mask = 0777\fR + + +Example: \fBsecurity mask = 0770\fR .TP @@ -5468,7 +5504,7 @@ The option sets the "security mode bit" in replies to protocol negotiations with The default is \fBsecurity = user\fR, as this is the most common setting needed when talking to Windows 98 and Windows NT\&. -The alternatives are \fBsecurity = share\fR, \fBsecurity = server\fR or \fBsecurity = domain \fR\&. +The alternatives are \fBsecurity = share\fR, \fBsecurity = server\fR, \fBsecurity = domain \fR, or \fBsecurity = ads\fR\&. In versions of Samba prior to 2\&.0\&.0, the default was \fBsecurity = share\fR mainly because that was the only option at one stage\&. @@ -5601,29 +5637,6 @@ Default: \fBsecurity = USER\fR Example: \fBsecurity = DOMAIN\fR -.TP -security mask (S) -This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a file using the native NT security dialog box\&. - - -This parameter is applied as a mask (AND'ed with) to the changed permission bits, thus preventing any bits not in this mask from being modified\&. Essentially, zero bits in this mask may be treated as a set of bits the user is not allowed to change\&. - - -If not set explicitly this parameter is 0777, allowing a user to modify all the user/group/world permissions on a file\&. - - -\fBNote\fR that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems\&. Administrators of most normal systems will probably want to leave it set to \fB0777\fR\&. - - -See also the \fIforce directory security mode\fR, \fIdirectory security mask\fR, \fIforce security mode\fR parameters\&. - - -Default: \fBsecurity mask = 0777\fR - - -Example: \fBsecurity mask = 0770\fR - - .TP server schannel (G) This controls whether the server offers or even demands the use of the netlogon schannel\&. \fIserver schannel = no\fR does not offer the schannel, \fIserver schannel = auto\fR offers the schannel but does not enforce it, and \fIserver schannel = yes\fR denies access if the client is not able to speak netlogon schannel\&. This is only the case for Windows NT4 before SP4\&. @@ -5964,22 +5977,22 @@ Default: \fBsync always = no\fR .TP -syslog (G) -This parameter maps how Samba debug messages are logged onto the system syslog logging levels\&. Samba debug level zero maps onto syslog \fBLOG_ERR\fR, debug level one maps onto \fBLOG_WARNING\fR, debug level two maps onto \fBLOG_NOTICE\fR, debug level three maps onto LOG_INFO\&. All higher levels are mapped to \fB LOG_DEBUG\fR\&. +syslog only (G) +If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files\&. -This parameter sets the threshold for sending messages to syslog\&. Only messages with debug level less than this value will be sent to syslog\&. +Default: \fBsyslog only = no\fR -Default: \fBsyslog = 1\fR +.TP +syslog (G) +This parameter maps how Samba debug messages are logged onto the system syslog logging levels\&. Samba debug level zero maps onto syslog \fBLOG_ERR\fR, debug level one maps onto \fBLOG_WARNING\fR, debug level two maps onto \fBLOG_NOTICE\fR, debug level three maps onto LOG_INFO\&. All higher levels are mapped to \fB LOG_DEBUG\fR\&. -.TP -syslog only (G) -If this parameter is set then Samba debug messages are logged into the system syslog only, and not to the debug log files\&. +This parameter sets the threshold for sending messages to syslog\&. Only messages with debug level less than this value will be sent to syslog\&. -Default: \fBsyslog only = no\fR +Default: \fBsyslog = 1\fR .TP @@ -6030,17 +6043,6 @@ timestamp logs (G) Synonym for \fI debug timestamp\fR\&. -.TP -total print jobs (G) -This parameter accepts an integer value which defines a limit on the maximum number of print jobs that will be accepted system wide at any given time\&. If a print job is submitted by a client which will exceed this number, then \fBsmbd\fR(8) will return an error indicating that no space is available on the server\&. The default value of 0 means that no such limit exists\&. This parameter can be used to prevent a server from exceeding its capacity and is designed as a printing throttle\&. See also \fImax print jobs\fR\&. - - -Default: \fBtotal print jobs = 0\fR - - -Example: \fBtotal print jobs = 5000\fR - - .TP unicode (G) Specifies whether Samba should try to use unicode on the wire by default\&. Note: This does NOT mean that samba will assume that the unix machine uses unicode! @@ -6118,49 +6120,6 @@ This global parameter determines if the tdb internals of Samba can depend on mma Default: \fBuse mmap = yes\fR -.TP -user (S) -Synonym for \fIusername\fR\&. - - -.TP -username (S) -Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&. - - -The \fIusername\fR line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \\\\server\\share%user syntax instead\&. - - -The \fIusername\fR line is not a great solution in many cases as it means Samba will try to validate the supplied password against each of the usernames in the \fIusername\fR line in turn\&. This is slow and a bad idea for lots of users in case of duplicate passwords\&. You may get timeouts or security breaches using this parameter unwisely\&. - - -Samba relies on the underlying UNIX security\&. This parameter does not restrict who can login, it just offers hints to the Samba server as to what usernames might correspond to the supplied password\&. Users can login as whoever they please and they will be able to do no more damage than if they started a telnet session\&. The daemon runs as the user that they log in as, so they cannot do anything that user cannot do\&. - - -To restrict a service to a particular set of users you can use the \fIvalid users \fR parameter\&. - - -If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users in the group of that name\&. - - -If any of the usernames begin with a '+' then the name will be looked up only in the UNIX groups database and will expand to a list of all users in the group of that name\&. - - -If any of the usernames begin with a '&' then the name will be looked up only in the NIS netgroups database (if Samba is compiled with netgroup support) and will expand to a list of all users in the netgroup group of that name\&. - - -Note that searching though a groups database can take quite some time, and some clients may time out during the search\&. - - -See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more information on how this parameter determines access to the services\&. - - -Default: \fBThe guest account if a guest service, else .\fR - - -Examples:\fBusername = fred, mary, jack, jane, @users, @pcgroup\fR - - .TP username level (G) This option helps Samba to try and 'guess' at the real UNIX username, as many DOS clients send an all-uppercase username\&. By default Samba tries all lowercase, followed by the username with the first letter capitalized, and fails if the username is not found on the UNIX machine\&. @@ -6242,38 +6201,67 @@ Example: \fBusername map = /usr/local/samba/lib/users.map\fR .TP -users (S) -Synonym for \fI username\fR\&. +username (S) +Multiple users may be specified in a comma-delimited list, in which case the supplied password will be tested against each username in turn (left to right)\&. -.TP -use sendfile (S) -If this parameter is \fByes\fR, and Samba was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked\&. This may make more efficient use of the system CPU's and cause Samba to be faster\&. This is off by default as it's effects are unknown as yet\&. +The \fIusername\fR line is needed only when the PC is unable to supply its own username\&. This is the case for the COREPLUS protocol or where your users have different WfWg usernames to UNIX usernames\&. In both these cases you may also be better using the \\\\server\\share%user syntax instead\&. -Default: \fBuse sendfile = no\fR +The \fIusername\fR line is not a great solution in many cases as it means Samba will try to validate the supplied password against each of the usernames in the \fIusername\fR line in turn\&. This is slow and a bad idea for lots of users in case of duplicate passwords\&. You may get timeouts or security breaches using this parameter unwisely\&. + + +Samba relies on the underlying UNIX security\&. This parameter does not restrict who can login, it just offers hints to the Samba server as to what usernames might correspond to the supplied password\&. Users can login as whoever they please and they will be able to do no more damage than if they started a telnet session\&. The daemon runs as the user that they log in as, so they cannot do anything that user cannot do\&. + + +To restrict a service to a particular set of users you can use the \fIvalid users \fR parameter\&. + + +If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users in the group of that name\&. + + +If any of the usernames begin with a '+' then the name will be looked up only in the UNIX groups database and will expand to a list of all users in the group of that name\&. + + +If any of the usernames begin with a '&' then the name will be looked up only in the NIS netgroups database (if Samba is compiled with netgroup support) and will expand to a list of all users in the netgroup group of that name\&. + + +Note that searching though a groups database can take quite some time, and some clients may time out during the search\&. + + +See the section NOTE ABOUT USERNAME/PASSWORD VALIDATION for more information on how this parameter determines access to the services\&. + + +Default: \fBThe guest account if a guest service, else .\fR + + +Examples:\fBusername = fred, mary, jack, jane, @users, @pcgroup\fR .TP -use spnego (G) -This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&. +users (S) +Synonym for \fI username\fR\&. -Default: \fBuse spnego = yes\fR +.TP +user (S) +Synonym for \fIusername\fR\&. .TP -utmp (G) -This boolean parameter is only available if Samba has been configured and compiled with the option \fB --with-utmp\fR\&. If set to \fByes\fR then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server\&. Sites may use this to record the user connecting to a Samba share\&. +use sendfile (S) +If this parameter is \fByes\fR, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked\&. This may make more efficient use of the system CPU's and cause Samba to be faster\&. -Due to the requirements of the utmp record, we are required to create a unique identifier for the incoming user\&. Enabling this option creates an n^2 algorithm to find this number\&. This may impede performance on large installations\&. +Default: \fBuse sendfile = no\fR -See also the \fI utmp directory\fR parameter\&. +.TP +use spnego (G) +This variable controls controls whether samba will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 clients to agree upon an authentication mechanism\&. Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled\&. -Default: \fButmp = no\fR +Default: \fBuse spnego = yes\fR .TP @@ -6288,14 +6276,17 @@ Example: \fButmp directory = /var/run/utmp\fR .TP --valid (S) -This parameter indicates whether a share is valid and thus can be used\&. When this parameter is set to false, the share will be in no way visible nor accessible\&. +utmp (G) +This boolean parameter is only available if Samba has been configured and compiled with the option \fB --with-utmp\fR\&. If set to \fByes\fR then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server\&. Sites may use this to record the user connecting to a Samba share\&. -This option should not be used by regular users but might be of help to developers\&. Samba uses this option internally to mark shares as deleted\&. +Due to the requirements of the utmp record, we are required to create a unique identifier for the incoming user\&. Enabling this option creates an n^2 algorithm to find this number\&. This may impede performance on large installations\&. -Default: \fBTrue\fR +See also the \fI utmp directory\fR parameter\&. + + +Default: \fButmp = no\fR .TP @@ -6318,6 +6309,17 @@ Default: \fBNo valid users list (anyone can login) \fR Example: \fBvalid users = greg, @pcusers\fR +.TP +-valid (S) +This parameter indicates whether a share is valid and thus can be used\&. When this parameter is set to false, the share will be in no way visible nor accessible\&. + + +This option should not be used by regular users but might be of help to developers\&. Samba uses this option internally to mark shares as deleted\&. + + +Default: \fBTrue\fR + + .TP veto files (S) This is a list of files and directories that are neither visible nor accessible\&. Each entry in the list must be separated by a '/', which allows spaces to be included in the entry\&. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards\&. @@ -6370,13 +6372,17 @@ Example: \fBveto oplock files = /*.SEM/\fR .TP -vfs object (S) -Synonym for \fIvfs objects\fR \&. +vfs objects (S) +This parameter specifies the backend module names which are used for Samba VFS I/O operations\&. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects\&. -.TP -vfs objects (S) -This parameter specifies the backend names which are used for Samba VFS I/O operations\&. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects\&. +Options for a given VFS module are specified one per line smb\&.conf perfaced by the module name and a colon (:)\&. Such as + + +foo:bar=biddle + + +where 'foo' is the name of VFS module, 'bar' is a parameter supported by ;foo;, and 'biddle' is the value of the option 'bar'\&. Refer to the manpage for a given VFS modules regarding the options supported by that module\&. Default: \fBno value\fR @@ -6385,6 +6391,11 @@ Default: \fBno value\fR Example: \fBvfs objects = extd_audit recycle\fR +.TP +vfs object (S) +Synonym for \fIvfs objects\fR \&. + + .TP volume (S) This allows you to override the volume label returned for a share\&. Useful for CDROMs with installation programs that insist on a particular volume label\&. diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index 9df06dff9b..cb9fcfb884 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -103,7 +103,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -117,7 +117,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 3f5718a2fa..167447b2b9 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -176,7 +176,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -190,7 +190,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -243,7 +243,7 @@ Be cautious about including passwords in scripts\&. Also, on many systems the co .TP -n -This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fINetBIOS name\fR parameter in the \fBsmb.conf\fR(5) file\&. However, a command line setting will take precedence over settings in \fBsmb.conf\fR(5)\&. +This option allows you to override the NetBIOS name that Samba uses for itself\&. This is identical to setting the \fInetbios name\fR parameter in the \fIsmb\&.conf\fR file\&. However, a command line setting will take precedence over settings in \fIsmb\&.conf\fR\&. .TP @@ -258,7 +258,7 @@ Set the SMB domain of the username\&. This overrides the default domain which is .TP -O socket options -TCP socket options to set on the client socket\&. See the socket options parameter in the \fBsmb.conf\fR(5) manual page for the list of valid options\&. +TCP socket options to set on the client socket\&. See the socket options parameter in the \fIsmb\&.conf\fR manual page for the list of valid options\&. .TP diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index 718e7d7b1c..cec003a672 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -47,7 +47,7 @@ Print a summary of command line options\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP diff --git a/docs/manpages/smbcquotas.1 b/docs/manpages/smbcquotas.1 index e8288977f8..e270fe3b4a 100644 --- a/docs/manpages/smbcquotas.1 +++ b/docs/manpages/smbcquotas.1 @@ -88,7 +88,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -102,7 +102,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index c7c0fac777..07b563af5c 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -76,7 +76,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -90,7 +90,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -134,7 +134,7 @@ This parameter is not normally specified except in the above situation\&. .TP \fI/etc/inetd\&.conf\fR -If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. See the "How to Install and Test SAMBA" document for details\&. +If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the meta-daemon\&. .TP @@ -142,12 +142,12 @@ If the server is to be run by the \fBinetd\fR meta-daemon, this file must contai or whatever initialization script your system uses)\&. -If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server as a daemon at startup, this file will need to contain an appropriate startup sequence for the server\&. .TP \fI/etc/services\fR -If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. See the "How to Install and Test SAMBA" document for details\&. +If running the server via the meta-daemon \fBinetd\fR, this file must contain a mapping of service name (e\&.g\&., netbios-ssn) to service port (e\&.g\&., 139) and protocol type (e\&.g\&., tcp)\&. .TP @@ -173,7 +173,7 @@ If no printer name is specified to printable services, most systems will use the .SH "PAM INTERACTION" .PP -Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the \fIobey pam restricions\fR \fBsmb.conf\fR(5) paramater\&. When this is set, the following restrictions apply: +Samba uses PAM for authentication (when presented with a plaintext password), for account checking (is this account disabled?) and for session management\&. The degree too which samba supports PAM is restricted by the limitations of the SMB protocol and the \fIobey pam restrictions\fR \fBsmb.conf\fR(5) paramater\&. When this is set, the following restrictions apply: .TP 3 \(bu diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index a7973871c4..e0c8ca5109 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -197,7 +197,7 @@ This specifies the username for all of the \fBroot only\fR options to operate on Since \fBsmbpasswd\fR works in client-server mode communicating with a local smbd for a non-root user then the smbd daemon must be running for this to work\&. A common problem is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying either \fIallow hosts\fR or \fIdeny hosts\fR entry in the \fBsmb.conf\fR(5) file and neglecting to allow "localhost" access to the smbd\&. .PP -In addition, the smbpasswd command is only useful if Samba has been set up to use encrypted passwords\&. See the document "LanMan and NT Password Encryption in Samba" in the docs directory for details on how to do this\&. +In addition, the smbpasswd command is only useful if Samba has been set up to use encrypted passwords\&. .SH "VERSION" diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 0e2c4a3a85..0788237aca 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -54,7 +54,7 @@ This option allows the user to set the directory prefix for SMB access\&. The de .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -68,7 +68,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -87,10 +87,10 @@ The options are: "lmhosts", "host", "wins" and "bcast"\&. They cause names to be \fBbcast\fR: Do a broadcast on each of the known local interfaces listed in the \fIinterfaces\fR parameter\&. This is the least reliable of the name resolution methods as it depends on the target host being on a locally connected subnet\&. -If this parameter is not set then the name resolve order defined in the \fBsmb.conf\fR(5) file parameter (\fIname resolve order\fR) will be used\&. +If this parameter is not set then the name resolve order defined in the \fIsmb\&.conf\fR file parameter (\fIname resolve order\fR) will be used\&. -The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the \fIname resolve order \fR parameter of the \fBsmb.conf\fR(5) file, the name resolution methods will be attempted in this order\&. +The default order is lmhosts, host, wins, bcast\&. Without this parameter or any entry in the \fIname resolve order\fR parameter of the \fIsmb\&.conf\fR file, the name resolution methods will be attempted in this order\&. .TP diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 7e349dcd19..21b05a2429 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -54,7 +54,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -68,7 +68,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/smbtree.1 b/docs/manpages/smbtree.1 index 0cc984c24a..84c2399c77 100644 --- a/docs/manpages/smbtree.1 +++ b/docs/manpages/smbtree.1 @@ -58,7 +58,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -72,7 +72,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index 36d855e725..26e5376bf6 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -59,7 +59,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -73,7 +73,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/vfstest.1 b/docs/manpages/vfstest.1 index a6d01fba57..3400c6b570 100644 --- a/docs/manpages/vfstest.1 +++ b/docs/manpages/vfstest.1 @@ -58,7 +58,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -72,7 +72,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 9bbecb29a4..6c5ca93e19 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -23,9 +23,8 @@ wbinfo \- Query information from winbind daemon .SH "SYNOPSIS" .nf -\fBwbinfo\fR [-u] [-g] [-N netbios-name] [-I ip] [-n name] [-s sid] [-U uid] [-G gid] - [-S sid] [-Y sid] [-t] [-m] [--sequence] [-r user] [-a user%password] - [--set-auth-user user%password] [--get-auth-user] [-p] +\fBwbinfo\fR [-a user%password] [-c username] [-C groupname] [--domain domain] [-I ip] [-s sid] [-u] [-U uid] [-g] [--get-auth-user] [-G gid] [-m] [-n name] [-N netbios-name] [-o user:group] [-O user:group] [-p] [-r user] [--set-auth-user user%password] [--sequence] [-S sid] [-t] [-x username] [-X groupname] [-Y sid] + .fi .SH "DESCRIPTION" @@ -42,8 +41,23 @@ The \fBwinbindd\fR(8) daemon must be configured and running for the \fBwbinfo\fR .SH "OPTIONS" .TP --u -This option will list all users available in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in\&. Users in all trusted domains will also be listed\&. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd\fR(8) \&. +-a username%password +Attempt to authenticate a user via winbindd\&. This checks both authenticaion methods and reports its results\&. + + +.TP +-c user +Create a local winbind user\&. + + +.TP +-C group +Create a local winbindd group\&. + + +.TP +--domain name +This parameter sets the domain on which any specified operations will performed\&. If special domain name '\&.' is used to represent the current domain to which winbindd belongs\&. Currently only the \fB--sequence\fR, \fB-u\fR, and \fB-g\fR options honor this parameter\&. .TP @@ -52,8 +66,13 @@ This option will list all groups available in the Windows NT domain for which th .TP --N name -The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the \fIname\fR parameter\&. +--get-auth-user +Print username and password used by winbindd during session setup to a domain controller\&. Username and password can be set using '-A'\&. Only available for root\&. + + +.TP +-G gid +Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified does not refer to one within the idmap gid range then the operation will fail\&. .TP @@ -61,44 +80,49 @@ The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the I The \fI-I\fR option queries \fBwinbindd\fR(8) to send a node status request to get the NetBIOS name associated with the IP address specified by the \fIip\fR parameter\&. +.TP +-m +Produce a list of domains trusted by the Windows NT server \fBwinbindd\fR(8) contacts when resolving names\&. This list does not include the Windows NT domain the server is a Primary Domain Controller for\&. + + .TP -n name The \fI-n\fR option queries \fBwinbindd\fR(8) for the SID associated with the name specified\&. Domain names can be specified before the user name by using the winbind separator character\&. For example CWDOM1/Administrator refers to the Administrator user in the domain CWDOM1\&. If no domain is specified then the domain used is the one specified in the \fBsmb.conf\fR(5) \fIworkgroup \fR parameter\&. .TP --s sid -Use \fI-s\fR to resolve a SID to a name\&. This is the inverse of the \fI-n \fR option above\&. SIDs must be specified as ASCII strings in the traditional Microsoft format\&. For example, S-1-5-21-1455342024-3071081365-2475485837-500\&. +-N name +The \fI-N\fR option queries \fBwinbindd\fR(8) to query the WINS server for the IP address associated with the NetBIOS name specified by the \fIname\fR parameter\&. .TP --U uid -Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the winbind uid range then the operation will fail\&. +-o user:group +Add a winbindd local group as a secondary group for the specified winbindd local user\&. .TP --G gid -Try to convert a UNIX group id to a Windows NT SID\&. If the gid specified does not refer to one within the winbind gid range then the operation will fail\&. +-O user:group +Remove a winbindd local group as a secondary group for the specified winbindd local user\&. .TP --S sid -Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail\&. +-p +Check whether winbindd is still alive\&. Prints out either 'succeeded' or 'failed'\&. .TP --Y sid -Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then the operation will fail\&. +-r username +Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&. .TP --t -Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working\&. +-s sid +Use \fI-s\fR to resolve a SID to a name\&. This is the inverse of the \fI-n \fR option above\&. SIDs must be specified as ASCII strings in the traditional Microsoft format\&. For example, S-1-5-21-1455342024-3071081365-2475485837-500\&. .TP --m -Produce a list of domains trusted by the Windows NT server \fBwinbindd\fR(8) contacts when resolving names\&. This list does not include the Windows NT domain the server is a Primary Domain Controller for\&. +--set-auth-user username%password +Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&. .TP @@ -107,28 +131,38 @@ Show sequence numbers of all known domains .TP --r username -Try to obtain the list of UNIX group ids to which the user belongs\&. This only works for users defined on a Domain Controller\&. +-S sid +Convert a SID to a UNIX user id\&. If the SID does not correspond to a UNIX user mapped by \fBwinbindd\fR(8) then the operation will fail\&. .TP --a username%password -Attempt to authenticate a user via winbindd\&. This checks both authenticaion methods and reports its results\&. +-t +Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working\&. .TP ---set-auth-user username%password -Store username and password used by winbindd during session setup to a domain controller\&. This enables winbindd to operate in a Windows 2000 domain with Restrict Anonymous turned on (a\&.k\&.a\&. Permissions compatiable with Windows 2000 servers only)\&. +-u +This option will list all users available in the Windows NT domain for which the \fBwinbindd\fR(8) daemon is operating in\&. Users in all trusted domains will also be listed\&. Note that this operation does not assign user ids to any users that have not already been seen by \fBwinbindd\fR(8) \&. .TP ---get-auth-user -Print username and password used by winbindd during session setup to a domain controller\&. Username and password can be set using '-A'\&. Only available for root\&. +-U uid +Try to convert a UNIX user id to a Windows NT SID\&. If the uid specified does not refer to one within the idmap uid range then the operation will fail\&. .TP --p -Check whether winbindd is still alive\&. Prints out either 'succeeded' or 'failed'\&. +-x user +Delete an existing local winbind user\&. + + +.TP +-X group +Delete an existing local winbindd group\&. + + +.TP +-Y sid +Convert a SID to a UNIX group id\&. If the SID does not correspond to a UNIX group mapped by \fBwinbindd\fR(8) then the operation will fail\&. .TP diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 71322decbe..f0368014c7 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -89,7 +89,7 @@ Prints the version number for \fBsmbd\fR\&. .TP -s -The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fI smb\&.conf(5)\fR for more information\&. The default configuration file name is determined at compile time\&. +The file specified contains the configuration details required by the server\&. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is to provide\&. See \fIsmb\&.conf\fR for more information\&. The default configuration file name is determined at compile time\&. .TP @@ -103,7 +103,7 @@ The higher this value, the more detail will be logged to the log files about the Levels above 1 will generate considerable amounts of log data, and should only be used when investigating a problem\&. Levels above 3 are designed for use only by developers and generate HUGE amounts of log data, most of which is extremely cryptic\&. -Note that specifying this parameter here will override the log level parameter in the \fIsmb\&.conf(5)\fR file\&. +Note that specifying this parameter here will override the \fIlog level\fR parameter in the \fIsmb\&.conf\fR file\&. .TP @@ -153,11 +153,11 @@ Configuration of the \fBwinbindd\fR daemon is done through configuration paramet .TP \(bu -\fIwinbind uid\fR +\fIidmap uid\fR .TP \(bu -\fIwinbind gid\fR +\fIidmap gid\fR .TP \(bu @@ -240,8 +240,8 @@ Finally, setup a \fBsmb.conf\fR(5) containing directives like the following: winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U - winbind uid = 10000-20000 - winbind gid = 10000-20000 + idmap uid = 10000-20000 + idmap gid = 10000-20000 workgroup = DOMAIN security = domain password server = * -- cgit