From 992f1e6b8f86b346fddd266b04d29cde69585633 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 7 Apr 2004 10:15:11 +0000 Subject: Add all the source files from the old CVS tree, add the 5 missing chapters from the HOWTO and add jht's Samba by Example book. (This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100) --- docs/smbdotconf/logon/abortshutdownscript.xml | 17 +++++++ docs/smbdotconf/logon/addgroupscript.xml | 18 +++++++ docs/smbdotconf/logon/addmachinescript.xml | 20 ++++++++ docs/smbdotconf/logon/adduserscript.xml | 50 +++++++++++++++++++ docs/smbdotconf/logon/addusertogroupscript.xml | 17 +++++++ docs/smbdotconf/logon/deletegroupscript.xml | 15 ++++++ .../smbdotconf/logon/deleteuserfromgroupscript.xml | 17 +++++++ docs/smbdotconf/logon/deleteuserscript.xml | 22 +++++++++ docs/smbdotconf/logon/domainlogons.xml | 15 ++++++ docs/smbdotconf/logon/logondrive.xml | 17 +++++++ docs/smbdotconf/logon/logonhome.xml | 45 +++++++++++++++++ docs/smbdotconf/logon/logonpath.xml | 48 ++++++++++++++++++ docs/smbdotconf/logon/logonscript.xml | 43 ++++++++++++++++ docs/smbdotconf/logon/setprimarygroupscript.xml | 20 ++++++++ docs/smbdotconf/logon/shutdownscript.xml | 57 ++++++++++++++++++++++ 15 files changed, 421 insertions(+) create mode 100644 docs/smbdotconf/logon/abortshutdownscript.xml create mode 100644 docs/smbdotconf/logon/addgroupscript.xml create mode 100644 docs/smbdotconf/logon/addmachinescript.xml create mode 100644 docs/smbdotconf/logon/adduserscript.xml create mode 100644 docs/smbdotconf/logon/addusertogroupscript.xml create mode 100644 docs/smbdotconf/logon/deletegroupscript.xml create mode 100644 docs/smbdotconf/logon/deleteuserfromgroupscript.xml create mode 100644 docs/smbdotconf/logon/deleteuserscript.xml create mode 100644 docs/smbdotconf/logon/domainlogons.xml create mode 100644 docs/smbdotconf/logon/logondrive.xml create mode 100644 docs/smbdotconf/logon/logonhome.xml create mode 100644 docs/smbdotconf/logon/logonpath.xml create mode 100644 docs/smbdotconf/logon/logonscript.xml create mode 100644 docs/smbdotconf/logon/setprimarygroupscript.xml create mode 100644 docs/smbdotconf/logon/shutdownscript.xml (limited to 'docs/smbdotconf/logon') diff --git a/docs/smbdotconf/logon/abortshutdownscript.xml b/docs/smbdotconf/logon/abortshutdownscript.xml new file mode 100644 index 0000000000..f4e399a759 --- /dev/null +++ b/docs/smbdotconf/logon/abortshutdownscript.xml @@ -0,0 +1,17 @@ + + + This parameter only exists in the HEAD cvs branch + This a full path name to a script called by smbd + 8 that + should stop a shutdown procedure issued by the + shutdown script. + + This command will be run as user. + + +/sbin/shutdown -c + diff --git a/docs/smbdotconf/logon/addgroupscript.xml b/docs/smbdotconf/logon/addgroupscript.xml new file mode 100644 index 0000000000..38da0f79ef --- /dev/null +++ b/docs/smbdotconf/logon/addgroupscript.xml @@ -0,0 +1,18 @@ + + + This is the full pathname to a script that will be run + AS ROOT by + smbd8 + when a new group is requested. It will expand any %g to the group name passed. This + script is only useful for installations using the Windows NT + domain administration tools. The script is free to create a + group with an arbitrary name to circumvent unix group name + restrictions. In that case the script must print the numeric gid + of the created group on stdout. + + diff --git a/docs/smbdotconf/logon/addmachinescript.xml b/docs/smbdotconf/logon/addmachinescript.xml new file mode 100644 index 0000000000..bd76d00a6c --- /dev/null +++ b/docs/smbdotconf/logon/addmachinescript.xml @@ -0,0 +1,20 @@ + + + This is the full pathname to a script that will be run by + smbd + 8 when a machine is added + to it's domain using the administrator username and password + method. + + This option is only required when using sam back-ends tied + to the Unix uid method of RID calculation such as smbpasswd. + This option is only available in Samba 3.0. + + + +/usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u + diff --git a/docs/smbdotconf/logon/adduserscript.xml b/docs/smbdotconf/logon/adduserscript.xml new file mode 100644 index 0000000000..d1d3ef118e --- /dev/null +++ b/docs/smbdotconf/logon/adduserscript.xml @@ -0,0 +1,50 @@ + + + This is the full pathname to a script that will + be run AS ROOT by smbd + 8 under special circumstances described below. + + Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users + ON DEMAND when a user accesses the Samba server. + + In order to use this option, smbd + 8 must NOT be set to security = share + and add user script + must be set to a full pathname for a script that will create a UNIX + user given one argument of %u, which expands into + the UNIX user name to create. + + When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, smbd + 8 contacts the password server and + attempts to authenticate the given user with the given password. If the + authentication succeeds then smbd + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and add user script + is set then smbd will + call the specified script AS ROOT, expanding + any %u argument to be the user name to create. + + If this script successfully creates the user then smbd + will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts. + + See also + security, + password server, + delete user + script. + + + +/usr/local/samba/bin/add_user %u + diff --git a/docs/smbdotconf/logon/addusertogroupscript.xml b/docs/smbdotconf/logon/addusertogroupscript.xml new file mode 100644 index 0000000000..74ac6071a1 --- /dev/null +++ b/docs/smbdotconf/logon/addusertogroupscript.xml @@ -0,0 +1,17 @@ + + + Full path to the script that will be called when + a user is added to a group using the Windows NT domain administration + tools. It will be run by smbd + 8 AS ROOT. + Any %g will be replaced with the group name and + any %u will be replaced with the user name. + + + +/usr/sbin/adduser %u %g + diff --git a/docs/smbdotconf/logon/deletegroupscript.xml b/docs/smbdotconf/logon/deletegroupscript.xml new file mode 100644 index 0000000000..11c499de35 --- /dev/null +++ b/docs/smbdotconf/logon/deletegroupscript.xml @@ -0,0 +1,15 @@ + + + This is the full pathname to a script that will + be run AS ROOT smbd + 8 when a group is requested to be deleted. + It will expand any %g to the group name passed. + This script is only useful for installations using the Windows NT domain administration tools. + + + + diff --git a/docs/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/smbdotconf/logon/deleteuserfromgroupscript.xml new file mode 100644 index 0000000000..502f98b664 --- /dev/null +++ b/docs/smbdotconf/logon/deleteuserfromgroupscript.xml @@ -0,0 +1,17 @@ + + + Full path to the script that will be called when + a user is removed from a group using the Windows NT domain administration + tools. It will be run by smbd + 8 AS ROOT. + Any %g will be replaced with the group name and + any %u will be replaced with the user name. + + + +/usr/sbin/deluser %u %g + diff --git a/docs/smbdotconf/logon/deleteuserscript.xml b/docs/smbdotconf/logon/deleteuserscript.xml new file mode 100644 index 0000000000..3579f1b21c --- /dev/null +++ b/docs/smbdotconf/logon/deleteuserscript.xml @@ -0,0 +1,22 @@ + + + This is the full pathname to a script that will + be run by smbd + 8 when managing users + with remote RPC (NT) tools. + + + This script is called when a remote client removes a user + from the server, normally using 'User Manager for Domains' or + rpcclient. + + This script should delete the given UNIX username. + + + +/usr/local/samba/bin/del_user %u + diff --git a/docs/smbdotconf/logon/domainlogons.xml b/docs/smbdotconf/logon/domainlogons.xml new file mode 100644 index 0000000000..db694ab32e --- /dev/null +++ b/docs/smbdotconf/logon/domainlogons.xml @@ -0,0 +1,15 @@ + + + If set to yes, the Samba server will serve + Windows 95/98 Domain logons for the + workgroup it is in. Samba 2.2 + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the PDC chapter of the Samba HOWTO Collection. + +no + diff --git a/docs/smbdotconf/logon/logondrive.xml b/docs/smbdotconf/logon/logondrive.xml new file mode 100644 index 0000000000..f69cc62e78 --- /dev/null +++ b/docs/smbdotconf/logon/logondrive.xml @@ -0,0 +1,17 @@ + + + This parameter specifies the local path to + which the home directory will be connected (see + logon home) + and is only used by NT Workstations. + + Note that this option is only useful if Samba is set up as a + logon server. + +z: +h: + diff --git a/docs/smbdotconf/logon/logonhome.xml b/docs/smbdotconf/logon/logonhome.xml new file mode 100644 index 0000000000..6d288e6d7c --- /dev/null +++ b/docs/smbdotconf/logon/logonhome.xml @@ -0,0 +1,45 @@ + + + This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do + + C:\> + NET USE H: /HOME + + + from a command prompt, for example. + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine. + + This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way: + + logon home = \\%N\%U\profile + + This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does net use /home + but use the whole string when dealing with profiles. + + Note that in prior versions of Samba, the + logon path was returned rather than + logon home. This broke net use /home but allowed profiles outside the home directory. + The current implementation is correct, and can be used for profiles if you use + the above trick. + + This option is only useful if Samba is set up as a logon + server. + + +\\%N\%U +\\remote_smb_server\%U + diff --git a/docs/smbdotconf/logon/logonpath.xml b/docs/smbdotconf/logon/logonpath.xml new file mode 100644 index 0000000000..b7c53b7011 --- /dev/null +++ b/docs/smbdotconf/logon/logonpath.xml @@ -0,0 +1,48 @@ + + + This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the + logon home parameter. + + This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (desktop, start menu, + network neighborhood, programs + and other folders, and their contents, are loaded and displayed on + your Windows NT client. + + The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories. + + Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a MANdatory + profile). + + Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems). + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine. + + Note that this option is only useful if Samba is set up + as a logon server. + +\\%N\%U\profile +>\\PROFILESERVER\PROFILE\%U + diff --git a/docs/smbdotconf/logon/logonscript.xml b/docs/smbdotconf/logon/logonscript.xml new file mode 100644 index 0000000000..7e7561ca65 --- /dev/null +++ b/docs/smbdotconf/logon/logonscript.xml @@ -0,0 +1,43 @@ + + + This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended. + + The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a + path of /usr/local/samba/netlogon, and logon script = STARTUP.BAT, then + the file that will be downloaded is: + + /usr/local/samba/netlogon/STARTUP.BAT + + The contents of the batch file are entirely your choice. A + suggested command would be to add NET TIME \\SERVER /SET + /YES, to force every machine to synchronize clocks with + the same time server. Another use would be to add NET USE + U: \\SERVER\UTILS for commonly used utilities, or + NET USE Q: \\SERVER\ISO9001_QA for example. + + Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached. + + This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. + + This option is only useful if Samba is set up as a logon + server. + + +scripts\%U.bat + diff --git a/docs/smbdotconf/logon/setprimarygroupscript.xml b/docs/smbdotconf/logon/setprimarygroupscript.xml new file mode 100644 index 0000000000..08a3d50b4a --- /dev/null +++ b/docs/smbdotconf/logon/setprimarygroupscript.xml @@ -0,0 +1,20 @@ + + + + Thanks to the Posix subsystem in NT a Windows User has a + primary group in addition to the auxiliary groups. This script + sets the primary group in the unix userdatase when an + administrator sets the primary group from the windows user + manager or when fetching a SAM with net rpc + vampire. %u will be replaced + with the user whose primary group is to be set. + %g will be replaced with the group to + set. + + +/usr/sbin/usermod -g '%g' '%u' + diff --git a/docs/smbdotconf/logon/shutdownscript.xml b/docs/smbdotconf/logon/shutdownscript.xml new file mode 100644 index 0000000000..bd86bfd06d --- /dev/null +++ b/docs/smbdotconf/logon/shutdownscript.xml @@ -0,0 +1,57 @@ + + + This parameter only exists in the HEAD cvs branch + This a full path name to a script called by smbd + 8 that should start a shutdown procedure. + + This command will be run as the user connected to the server. + + %m %t %r %f parameters are expanded: + + + + %m will be substituted with the + shutdown message sent to the server. + + + + %t will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure. + + + + %r will be substituted with the + switch -r. It means reboot after shutdown + for NT. + + + + %f will be substituted with the + switch -f. It means force the shutdown + even if applications do not respond for NT. + + + + Shutdown script example: + +#!/bin/bash + +$time=0 +let "time/60" +let "time++" + +/sbin/shutdown $3 $4 +$time $1 & + +Shutdown does not return so we need to launch it in background. + + +abort shutdown script + +/usr/local/samba/sbin/shutdown %m %t %r %f + + -- cgit