From 3469866334d06d089cc334e0d610577a001e33de Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 11 Jan 2002 00:41:27 +0000 Subject: commit some changes for ab, and keep working on the smbgroupedit manpage. (This used to be commit a10cdbfbed4e04609f511cbbf976df4b4d391729) --- docs/docbook/Makefile.in | 2 +- docs/docbook/manpages/smbgroupedit.8.sgml | 243 +++++++++++++++++++--- docs/htmldocs/smbgroupedit.8.html | 325 +++++++++++++++++++++++++++--- docs/htmldocs/wbinfo.1.html | 30 ++- docs/manpages/smbgroupedit.8 | 145 +++++++++++-- docs/manpages/wbinfo.1 | 12 +- 6 files changed, 683 insertions(+), 74 deletions(-) (limited to 'docs') diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in index 10d3802c54..ef261b3bad 100644 --- a/docs/docbook/Makefile.in +++ b/docs/docbook/Makefile.in @@ -52,7 +52,7 @@ SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \ manpages/smb.conf.5.sgml manpages/pdbedit.8.sgml \ manpages/wbinfo.1.sgml manpages/smbcacls.1.sgml \ manpages/smbsh.1.sgml manpages/winbindd.8.sgml \ - manpages/make_unicodemap.1.sgml manpages./smbgroupedit.8.sgml \ + manpages/make_unicodemap.1.sgml manpages/smbgroupedit.8.sgml \ manpages/net.8.sgml HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \ diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml index f1b5f30ddc..b9607312ff 100644 --- a/docs/docbook/manpages/smbgroupedit.8.sgml +++ b/docs/docbook/manpages/smbgroupedit.8.sgml @@ -7,21 +7,42 @@ + smbgroupedit - Tool for mapping UNIX groups to Windows groups + Query/set/change UNIX - Windows NT group mapping smbroupedit - -v + -v [l|s] + -a UNIX-groupname [-d NT-groupname|-p prividge| + + + - DESCRIPTION - This program is part of the Samba suite. + +DESCRIPTION + + +This program is part of the Samba +suite. + + + +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc. + @@ -30,47 +51,217 @@ - -v - Print the current set of UNIX to Windows - group mappings. - + -v[l|s] + This option will list all groups available + in the Windows NT domain in which samba is operating. + + + + + -l + give a long listing, of the format: + + +"NT Group Name" + SID : + Unix group : + Group type : + Comment : + Privilege : + + +For examples, + +Users + SID : S-1-5-32-545 + Unix group: -1 + Group type: Local group + Comment : + Privilege : No privilege + + + + + + + -s + display a short listing of the format: + + +NTGroupName(SID) -> UnixGroupName + + +For example, + + +Users (S-1-5-32-545) -> -1 + + + + + + + + + + - FILES +FILES - + + + + - VERSION - This man page is incomplete for version 3.0 of - the Samba suite. +EXIT STATUS + + +smbgroupedit returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure. + + + + + + - SEE ALSO - - samba(7) + +EXAMPLES + + + +To make a subset of your samba PDC users members of +the 'Domain Admins' Global group: + + + + + create a unix group (usually in + /etc/group), let's call it domadm. + + + add to this group the users that you want to be + domain administrators. For example if you want joe, john and mary, + your entry in /etc/group will look like: + + domadm:x:502:joe,john,mary + + + map this domadm group to the 'domain admins' group: + + + Get the SID for the Windows NT "Domain Admins" + group: + + +root# smbgroupedit -vs | grep "Domain Admins" +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 + + + + map the unix domadm group to the Windows NT + "Domain Admins" group, by running the command: + + + +root# smbgroupedit \ +-c S-1-5-21-1108995562-3116817432-1375597819-512 \ +-u domadm + + + + warning: don't copy and paste this sample, the + Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. + + + + + + + +To verify that you mapping has taken effect: + + + +root# smbgroupedit -vs|grep "Domain Admins" +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm + + + +To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group: + + + +root# smbgroupedit -a unixgroup -td + + + + + + + + + + +VERSION + + +This man page is correct for the 3.0alpha releases of +the Samba suite. + + + + + + +SEE ALSO + + +smb.conf(5) + + + + + + + - AUTHOR - - The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. - - The original Samba man pages were written by Karl Auer. - The current set of manpages and documentation is maintained - by the Samba Team in the same fashion as the Samba source code. +AUTHOR + + +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. + + + +smbgroupedit was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code. diff --git a/docs/htmldocs/smbgroupedit.8.html b/docs/htmldocs/smbgroupedit.8.html index 616067273a..4af49672ca 100644 --- a/docs/htmldocs/smbgroupedit.8.html +++ b/docs/htmldocs/smbgroupedit.8.html @@ -24,7 +24,7 @@ NAME="AEN5" >

Name

smbgroupedit -- Tool for mapping UNIX groups to Windows groupssmbgroupedit -- Query/set/change UNIX - Windows NT group mapping
smbroupedit [-v]

[-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p prividge|]

DESCRIPTION

This program is part of the Samba suite.

This program is part of the Samba +suite.

The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc.

OPTIONS

-v
-v[l|s]

Print the current set of UNIX to Windows - group mappings. +>This option will list all groups available + in the Windows NT domain in which samba is operating.

-l

give a long listing, of the format:

"NT Group Name"
+    SID            :
+    Unix group     :
+    Group type     :
+    Comment        :
+    Privilege      :

For examples,

Users
+    SID : S-1-5-32-545
+    Unix group: -1
+    Group type: Local group
+    Comment :
+    Privilege : No privilege

-s

display a short listing of the format:

NTGroupName(SID) -> UnixGroupName

For example,

Users (S-1-5-32-545) -> -1

FILES

EXIT STATUS

smbgroupedit returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure.

EXAMPLES

To make a subset of your samba PDC users members of +the 'Domain Admins' Global group:

  1. create a unix group (usually in + /etc/group), let's call it domadm. +

  2. add to this group the users that you want to be + domain administrators. For example if you want joe, john and mary, + your entry in /etc/group will look like: +

    domadm:x:502:joe,john,mary

  3. map this domadm group to the 'domain admins' group: +

    1. Get the SID for the Windows NT "Domain Admins" + group:

      root# smbgroupedit -vs | grep "Domain Admins"
      +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1

    2. map the unix domadm group to the Windows NT + "Domain Admins" group, by running the command: +

      root# smbgroupedit \
      +-c S-1-5-21-1108995562-3116817432-1375597819-512 \
      +-u domadm

      warning: don't copy and paste this sample, the + Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. +

To verify that you mapping has taken effect:

root# smbgroupedit -vs|grep "Domain Admins"
+Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm

To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group:

root# smbgroupedit -a unixgroup -td

VERSION

This man page is incomplete for version 3.0 of - the Samba suite.

This man page is correct for the 3.0alpha releases of +the Samba suite.

SEE ALSO

samba(7) -

smb.conf(5)

AUTHOR

The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed.

The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. - The current set of manpages and documentation is maintained - by the Samba Team in the same fashion as the Samba source code.

smbgroupedit was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code.

wbinfo [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m]

[-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p]

DESCRIPTION

OPTIONS

-a username%password

Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. +

-p

Attempt a simple 'ping' check that the winbindd + is indeed alive. +

EXIT STATUS

VERSION

SEE ALSO

AUTHOR

.\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBGROUPEDIT" "8" "08 January 2002" "" "" +.TH "SMBGROUPEDIT" "8" "10 January 2002" "" "" .SH NAME -smbgroupedit \- Tool for mapping UNIX groups to Windows groups +smbgroupedit \- Query/set/change UNIX - Windows NT group mapping .SH SYNOPSIS .sp -\fBsmbroupedit\fR [ \fB-v\fR ] +\fBsmbroupedit\fR [ \fB-v [l|s]\fR ] [ \fB-a UNIX-groupname [-d NT-groupname|-p prividge|\fR ] .SH "DESCRIPTION" .PP -This program is part of the Samba suite. +This program is part of the Samba +suite. +.PP +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc. .SH "OPTIONS" .TP -\fB-v\fR -Print the current set of UNIX to Windows -group mappings. +\fB-v[l|s]\fR +This option will list all groups available +in the Windows NT domain in which samba is operating. +.RS +.TP +\fB-l\fR +give a long listing, of the format: + +.sp +.nf +"NT Group Name" + SID : + Unix group : + Group type : + Comment : + Privilege : +.sp +.fi + +For examples, + +.sp +.nf +Users + SID : S-1-5-32-545 + Unix group: -1 + Group type: Local group + Comment : + Privilege : No privilege +.sp +.fi +.TP +\fB-s\fR +display a short listing of the format: + +.sp +.nf +NTGroupName(SID) -> UnixGroupName +.sp +.fi + +For example, + +.sp +.nf +Users (S-1-5-32-545) -> -1 +.sp +.fi +.RE .SH "FILES" .PP +.SH "EXIT STATUS" +.PP +\fBsmbgroupedit\fR returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure. +.SH "EXAMPLES" +.PP +To make a subset of your samba PDC users members of +the 'Domain Admins' Global group: +.IP 1. +create a unix group (usually in +\fI/etc/group\fR), let's call it domadm. +.IP 2. +add to this group the users that you want to be +domain administrators. For example if you want joe, john and mary, +your entry in \fI/etc/group\fR will look like: + +domadm:x:502:joe,john,mary +.IP 3. +map this domadm group to the 'domain admins' group: +.RS +.IP 1. +Get the SID for the Windows NT "Domain Admins" +group: + +.sp +.nf +root# \fBsmbgroupedit -vs | grep "Domain Admins"\fR +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 +.sp +.fi +.IP 2. +map the unix domadm group to the Windows NT +"Domain Admins" group, by running the command: + +.sp +.nf +root# \fBsmbgroupedit \\ +-c S-1-5-21-1108995562-3116817432-1375597819-512 \\ +-u domadm\fR +.sp +.fi + +\fBwarning:\fR don't copy and paste this sample, the +Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. +.RE +.PP +To verify that you mapping has taken effect: +.PP +.PP +.sp +.nf +root# \fBsmbgroupedit -vs|grep "Domain Admins"\fR +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm +.sp +.fi +.PP +.PP +To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group: +.PP +.PP +.sp +.nf +root# \fBsmbgroupedit -a unixgroup -td\fR +.sp +.fi +.PP .SH "VERSION" .PP -This man page is incomplete for version 3.0 of +This man page is correct for the 3.0alpha releases of the Samba suite. .SH "SEE ALSO" .PP -samba(7) +smb.conf(5) .SH "AUTHOR" .PP -The original Samba software and related utilities +The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed -by the Samba Team as an Open Source project similar +by the Samba Team as an Open Source project similar to the way the Linux kernel is developed. .PP -The original Samba man pages were written by Karl Auer. +\fBsmbgroupedit\fR was written by Jean Francois Micouleau. The current set of manpages and documentation is maintained by the Samba Team in the same fashion as the Samba source code. diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index a42a9ca31e..08353b8fd7 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -3,12 +3,12 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WBINFO" "1" "04 January 2002" "" "" +.TH "WBINFO" "1" "10 January 2002" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS .sp -\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] +\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-a user%password\fR ] [ \fB-p\fR ] .SH "DESCRIPTION" .PP This tool is part of the Sambasuite. @@ -82,6 +82,14 @@ Produce a list of domains trusted by the Windows NT server \fBwinbindd(8)\fR contacts when resolving names. This list does not include the Windows NT domain the server is a Primary Domain Controller for. +.TP +\fB-a username%password\fR +Attempt to authenticate a user via winbindd. +This checks both authenticaion methods and reports its results. +.TP +\fB-p\fR +Attempt a simple 'ping' check that the winbindd +is indeed alive. .SH "EXIT STATUS" .PP The wbinfo program returns 0 if the operation -- cgit