From c5981f6db057401c232baf1f01fb53ec9dbd4bb9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 30 May 2005 16:50:32 +0000 Subject: r7117: Move more manpages to the source repository (This used to be commit b00355bf0ce241a1223dbdbb2f3b5059a2bb4204) --- source4/build/pidl/pidl.1.xml | 518 +++++++++++++++++++++++++++++++++++ source4/gtk/man/gregedit.1.xml | 86 ++++++ source4/torture/man/gentest.1.xml | 158 +++++++++++ source4/torture/man/locktest.1.xml | 157 +++++++++++ source4/torture/man/masktest.1.xml | 139 ++++++++++ source4/torture/man/smbtorture.1.xml | 172 ++++++++++++ source4/utils/man/ndrdump.1.xml | 83 ++++++ source4/utils/man/ntlm_auth.1.xml | 269 ++++++++++++++++++ 8 files changed, 1582 insertions(+) create mode 100644 source4/build/pidl/pidl.1.xml create mode 100644 source4/gtk/man/gregedit.1.xml create mode 100644 source4/torture/man/gentest.1.xml create mode 100644 source4/torture/man/locktest.1.xml create mode 100644 source4/torture/man/masktest.1.xml create mode 100644 source4/torture/man/smbtorture.1.xml create mode 100644 source4/utils/man/ndrdump.1.xml create mode 100644 source4/utils/man/ntlm_auth.1.xml (limited to 'source4') diff --git a/source4/build/pidl/pidl.1.xml b/source4/build/pidl/pidl.1.xml new file mode 100644 index 0000000000..18ef97772b --- /dev/null +++ b/source4/build/pidl/pidl.1.xml @@ -0,0 +1,518 @@ + + + + + + pidl + 1 + + + + pidl + IDL Compiler written in Perl + + + + + pidl + --help + --output OUTNAME + --parse + --dump + --header + --parser + --server + --template + --eth-parser + --eth-header + --diff + --keep + idlfile + + + + + DESCRIPTION + + pidl is an IDL compiler written in Perl that aims to be somewhat + compatible with the midl compiler. IDL stands for + "Interface Definition Language". + + pidl can generate stubs for DCE/RPC server code, DCE/RPC + client code and ethereal dissectors for DCE/RPC traffic. + + IDL compilers like pidl take a description + of an interface as their input and use it to generate C + (though support for other languages may be added later) code that + can use these interfaces, pretty print data sent + using these interfaces, or even generate ethereal + dissectors that can parse data sent over the + wire by these interfaces. + + pidl takes IDL files in the same format that is used by midl, + converts it to a .pidl file (which contains pidl's internal representation of the interface) and can then generate whatever output you need. + .pidl files should be used for debugging purposes only. Write your + interface definitions in (midl) .idl format. + + + + The goal of pidl is to implement a IDL compiler that can be used + while developing the RPC subsystem in Samba (for + both marshalling/un-marshalling and debugging purposes). + + + + + OPTIONS + + + + --help + + Show list of available options. + + + + --output OUTNAME + Write output files to OUTNAME.*, e.g. + OUTNAME.pidl. If --output is not used, the name of + the input IDL file is used without the extension and the dot + before the extension. + + + + + --parse + + Tell pidl the files specified are (midl-style) IDL files. + + + + + --dump + + Convert .pidl files to (midl-style) IDL files. FIle will be named OUTNAME.idl. + + + + + --header + + Generate a C header file for the specified interface. File will be named OUTNAME.h. + + + + + --parser + + Generate a C file capable of parsing data sent using the interface. + File will be named OUTNAME.c. + + + + + + --server + + Generate boilerplate for the RPC server that implements + the interface. Generates OUTNAME_s.c + + + + + --template + + Generate stubs for a RPC server that implements + the interface. Output will be written to stdout. + + + + + + --eth-parser + + Generate an Ethereal dissector (in C) for the interface. Output will + be written to packet-dcerpc-OUTNAME.c. + + + + + --eth-header + + Generate a header file for the Ethereal dissector. Output will + be written to packet-dcerpc-OUTNAME.h. + + + + + --diff + + Convert an IDL file to a pidl file and then back to a + IDL file and see if there are any differences with the + original IDL file. Useful for debugging pidl. + + + + + --keep + + Tell pidl to keep the pidl files (used as intermediate files + between the IDL files and the parser/server/etc code). Useful + for debugging pidl. + + + + + + SYNTAX + + IDL files are always preprocessed using the C preprocessor. + + Each IDL file describes exactly one interface. Interfaces + can contain several C-like function definitions. + + Pretty much everything in an interface (the interface itself, + functions, parameters) can have attributes (or properties + whatever name you give them). Attributes + always prepend the element they apply to and are surrounded + by square brackets ([]). Multiple attributes + are separated by comma's; arguments to attributes are + specified between parentheses. + + See the section COMPATIBILITY for the list of attributes that + pidl supports. + + C-style comments can be used. + + + + + MIDL TYPES + + +pidl uses slightly different types to midl by default. The following +defines in your MS IDL may make things easier to use the same IDL on +both platforms. + + + +#define unistr [string] wchar_t * +#define uint8 char +#define uint16 short +#define uint32 long +#define HYPER_T hyper + + + + Let's look at the multiple ways you can encode an array. + + + + CONFORMANT ARRAYS + + +A conformant array is one with that ends in [*] or []. The strange +things about conformant arrays are: + + + + they can only appear as the last element of a structure + the array size appears before the structure itself on the wire. + + + + So, in this example: + + + + typedef struct { + long abc; + long count; + long foo; + [size_is(count)] long s[*]; + } Struct1; + + + +it appears like this: + + + +[size_is] [abc] [count] [foo] [s...] + + + +the first [size_is] field is the allocation size of the array, and +occurs before the array elements and even before the structure +alignment. + + + +Note that size_is() can refer to a constant, but that doesn't change +the wire representation. It does not make the array a fixed array. + + + +midl.exe would write the above array as the following C header: + + + + typedef struct { + long abc; + long count; + long foo; + long s[1]; + } Struct1; + + + +pidl takes a different approach, and writes it like this: + + + + typedef struct { + long abc; + long count; + long foo; + long *s; + } Struct1; + + + + + + VARYING ARRAYS + + + +A varying array looks like this: + + + + typedef struct { + long abc; + long count; + long foo; + [size_is(count)] long *s; + } Struct1; + + + +This will look like this on the wire: + + + +[abc] [count] [foo] [PTR_s] [count] [s...] + + + + + + FIXED ARRAYS + + +A fixed array looks like this: + + + + typedef struct { + long s[10]; + } Struct1; + + + +The NDR representation looks just like 10 separate long +declarations. The array size is not encoded on the wire. + + + +pidl also supports "inline" arrays, which are not part of the IDL/NDR +standard. These are declared like this: + + + + typedef struct { + uint32 foo; + uint32 count; + uint32 bar; + long s[count]; + } Struct1; + + + +This appears like this: + + + +[foo] [count] [bar] [s...] + + + +Fixed arrays are an extension added to support some of the strange +embedded structures in security descriptors and spoolss. + + + + + + + COMPATIBILITY WITH MIDL + + + Asynchronous communication + + + + + + Typelibs (.tlb files) + + + + + + strings + + Strings in pidl are a data type rather then an attribute. + + + + + Pointers + + Pidl does not support "full" pointers in the DCE meaning of the word. However, its "unique" pointer is compatible with MIDL's full ("ptr") pointer support. + + + + Datagram support + + ncadg is not supported yet. + + + + Supported properties (attributes is the MIDL term) + + +in, out, ref, length_is, switch_is, size_is, uuid, case, default, string, unique, ptr, pointer_default, v1_enum, object, helpstring, range, local, call_as, endpoint, switch_type, progid, coclass, iid_is. + + + + + + PIDL Specific properties + + + public + +The [public] property on a structure or union is a pidl extension that +forces the generated pull/push functions to be non-static. This allows +you to declare types that can be used between modules. If you don't +specify [public] then pull/push functions for other than top-level +functions are declared static. + + + + noprint + +The [noprint] property is a pidl extension that allows you to specify +that pidl should not generate a ndr_print_*() function for that +structure or union. This is used when you wish to define your own +print function that prints a structure in a nicer manner. A good +example is the use of [noprint] on dom_sid, which allows the +pretty-printing of SIDs. + + + + value + +The [value(expression)] property is a pidl extension that allows you +to specify the value of a field when it is put on the wire. This +allows fields that always have a well-known value to be automatically +filled in, thus making the API more programmer friendly. The +expression can be any C expression, although if you refer to variables +in the current structure you will need to dereference them with +r->. See samr_Name as a good example. + + + + relative + +The [relative] property can be supplied on a pointer. When it is used +it declares the pointer as a spoolss style "relative" pointer, which +means it appears on the wire as an offset within the current +encapsulating structure. This is not part of normal IDL/NDR, but it is +a very useful extension as it avoids the manual encoding of many +complex structures. + + + + subcontext(length) + + Specifies that a size of length + bytes should be read, followed by a blob of that size, + which will be parsed as NDR. + + + + flag + + Specify boolean options, mostly used for + low-level NDR options. Several options + can be specified using the | character. + Note that flags are inherited by substructures! + + + + nodiscriminant + +The [nodiscriminant] property on a union means that the usual uint16 +discriminent field at the start of the union on the wire is +omitted. This is not normally allowed in IDL/NDR, but is used for some +spoolss structures. + + + + align + + Force the alignment of the field this attribute is placed + on to the number of bytes specified. + + + + + + + Unsupported MIDL properties + +aggregatable, appobject, async_uuid, bindable, control, cpp_quote, defaultbind, defaultcollelem, defaultvalue, defaultvtable, dispinterface, displaybind, dual, entry, first_is, helpcontext, helpfile, helpstringcontext, helpstringdll, hidden, idl_module, idl_quote, id, immediatebind, importlib, import, include, includelib, last_is, lcid, licensed, max_is, module, ms_union, no_injected_text, nonbrowsable, noncreatable, nonextensible, odl, oleautomation, optional, pragma, propget, propputref, propput, readonly, requestedit, restricted, retval, source, transmit_as, uidefault, usesgetlasterror, vararg, vi_progid, wire_marshal. + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + Field Attributes [Remote Procedure Call], ethereal + + + + + AUTHOR + + &man.credits.samba; + + pidl was written by Andrew Tridgell, Stefan Metzmacher, Tim + Potter and Jelmer Vernooij. + + This manpage was written by Andrew Tridgell and Jelmer Vernooij. + + + + diff --git a/source4/gtk/man/gregedit.1.xml b/source4/gtk/man/gregedit.1.xml new file mode 100644 index 0000000000..c89a7df520 --- /dev/null +++ b/source4/gtk/man/gregedit.1.xml @@ -0,0 +1,86 @@ + + + + + + + gregedit + 1 + + + + + gregedit + Windows registry file viewer for GTK+ + + + + + gregedit + --help + --backend=BACKEND + --credentials=CREDENTIALS + location + + + + + DESCRIPTION + + gregedit is a GTK+ frontend to the Windows registry file support + in Samba4. It currently supports NT4 file, 9x file, gconf, remote + Windows registries and a file system backend. + + + gregedit tries to imitate the Windows regedit.exe program as much + as possible. + + + + + + OPTIONS + + + + --help + + Show list of available options. + + + + --backend BACKEND + Name of backend to load. Possible values are: + w95, nt4, gconf, dir and rpc. The default is dir. + + + + + --credentials=CREDENTIALS + + Credentials to use, if any. Password should be separated from user name by a percent sign. + + + + +&man.registry.backends; + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + + + + AUTHOR + + This manpage and gregedit were written by Jelmer Vernooij. + + + + diff --git a/source4/torture/man/gentest.1.xml b/source4/torture/man/gentest.1.xml new file mode 100644 index 0000000000..377d2f2e96 --- /dev/null +++ b/source4/torture/man/gentest.1.xml @@ -0,0 +1,158 @@ + + + + + + + gentest + 1 + + + + + gentest + Run random generic SMB operations against two SMB servers + and show the differences in behavior + + + + + gentest + //server1/share1 + //server2/share2 + -U user%pass + -U user%pass + -s seed + -o numops + -a + -A + -i FILE + -O + -S FILE + -L + -F + -C + -X + + + + + + DESCRIPTION + + gentest is a utility for + detecting differences in behaviour between SMB servers. + It will run a random set of generic operations against + //server1/share1 and then the same + random set against //server2/share2 + and display the differences in the responses it gets. + + + + This utility is used by the Samba team to find differences in + behaviour between Samba and Windows servers. + + + + + + OPTIONS + + + + -U user%pass + + Specify the user and password to use when logging on + on the shares. This parameter is mandatory and has to + be specified twice. + + + + + -s seed + + Seed the random number generator with the specified value. + + + + + -o numops + Set the number of operations to perform. + + + + -a + Print the operations that are performed. + + + + -A + Backtrack to find minimal number of operations + required to make the response to a certain call differ. + + + + + -i FILE + + Specify a file containing the names of fields that + have to be ignored (such as time fields). See + below for a description of the file format. + + + + + -O + Enable oplocks. + + + + -S FILE + Set preset seeds file. The default is gentest_seeds.dat. + + + + -L + Use preset seeds + + + + -F + Fast reconnect (just close files) + + + + -C + Continuous analysis mode + + + + -X + Analyse even when the test succeeded. + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + Samba + + + + + AUTHOR + + gentest was written by Andrew Tridgell. + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/source4/torture/man/locktest.1.xml b/source4/torture/man/locktest.1.xml new file mode 100644 index 0000000000..5b386fdeb2 --- /dev/null +++ b/source4/torture/man/locktest.1.xml @@ -0,0 +1,157 @@ + + + + + + locktest + 1 + + + + + locktest + Find differences in locking between two SMB servers + + + + + locktest + //server1/share1 + //server2/share2 + -U user%pass + -U user%pass + -s seed + -o numops + -a + -O + -E + -Z + -R range + -B base + -M min + + + + + + DESCRIPTION + + locktest is a utility for + detecting differences in behaviour in locking between SMB servers. + It will run a random set of locking operations against + //server1/share1 and then the same + random set against //server2/share2 + and display the differences in the responses it gets. + + + + This utility is used by the Samba team to find differences in + behaviour between Samba and Windows servers. + + + + + + OPTIONS + + + + -U user%pass + + Specify the user and password to use when logging on + on the shares. This parameter can be specified twice + (once for the first server, once for the second). + + + + + -s seed + + Seed the random number generator with the specified value. + + + + + -o numops + Set the number of operations to perform. + + + + -a + Print the operations that are performed. + + + + -A + Backtrack to find minimal number of operations + required to make the response to a certain call differ. + + + + + -O + Enable oplocks. + + + + -u + Hide unlock fails. + + + + -E + enable exact error code checking + + + + -Z + enable the zero/zero lock + + + + -R range + set lock range + + + + -B base + set lock base + + + + -M min + set min lock length + + + + -k + Use kerberos + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + Samba + + + + + AUTHOR + + &man.credits.samba; + + locktest was written by Andrew Tridgell. + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/source4/torture/man/masktest.1.xml b/source4/torture/man/masktest.1.xml new file mode 100644 index 0000000000..3dad70bb04 --- /dev/null +++ b/source4/torture/man/masktest.1.xml @@ -0,0 +1,139 @@ + + + + + + masktest + 1 + + + + + masktest + Find differences in wildcard matching between + Samba's implementation and that of a remote server. + + + + + masktest + //server/share + -U user%pass + -d debuglevel + -W workgroup + -n numloops + -s seed + -a + -E + -M max protocol + -f filechars + -m maskchars + -v + + + + + + DESCRIPTION + + masktest is a utility for + detecting differences in behaviour between Samba's + own implementation and that of a remote server. + It will run generate random filenames/masks and + check if these match the same files they do on the remote file as + they do on the local server. It will display any differences it finds. + + + + This utility is used by the Samba team to find differences in + behaviour between Samba and Windows servers. + + + + + + OPTIONS + + + + -U user%pass + + Specify the user and password to use when logging on + on the shares. This parameter can be specified twice + (once for the first server, once for the second). + + + + + -s seed + + Seed the random number generator with the specified value. + + + + + -n numops + Set the number of operations to perform. + + + + -a + Print the operations that are performed. + + + + -M max_protocol + + Maximum protocol to use. + + + + + -f + Specify characters that can be used + when generating file names. Default: abcdefghijklm. + + + + -E + Abort when difference in behaviour is found. + + + + -m maskchars + Specify characters used for wildcards. + + + + -v + Be verbose + + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + Samba + + + + + AUTHOR + + &man.credits.samba; + + masktest was written by Andrew Tridgell. + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/source4/torture/man/smbtorture.1.xml b/source4/torture/man/smbtorture.1.xml new file mode 100644 index 0000000000..1c0ac9485f --- /dev/null +++ b/source4/torture/man/smbtorture.1.xml @@ -0,0 +1,172 @@ + + + + + + smbtorture + 1 + + + + + smbtorture + Run a series of tests against a SMB server + + + + + smbtorture + + + + smbtorture + //server/share + -d debuglevel + -U user%pass + -k + -N numprocs + -n netbios_name + -W workgroup + -o num_operations + -e num files(entries) + -O socket_options + -m maximum_protocol + -L + -c CLIENT.TXT + -t timelimit + -C filename + -A + -p port + -s seed + -f max_failures + -X + TEST1 TEST2 ... + + + + + + DESCRIPTION + + smbtorture is a testsuite that runs several tests + against a SMB server. All tests are known to succeed + against a Windows 2003 server (?). Smbtorture's primary + goal is finding differences in implementations of the SMB protocol + and testing SMB servers. + + + Any number of tests can be specified + on the command-line. If no tests are specified, all tests + are run. + + If no arguments are specified at all, all available options + and tests are listed. + + + + + + OPTIONS + + + -d debuglevel + Use the specified Samba debug level. A higher debug level + means more output. + + -U user%pass + Use the specified username/password combination when logging in to a remote server. + + -k + Use kerberos when authenticating. + + -W workgroup + Use specified name as our workgroup name. + + -n netbios_name + Use specified name as our NetBIOS name. + + + -O socket_options + Use specified socket options, equivalent of the smb.conf option socket options. See the smb.conf(5) manpage for details. + + + -m max_protocol + Specify the maximum SMB dialect that should be used. Possible values are: CORE, COREPLUS, LANMAN1, LANMAN2, NT1 + + + -s seed + Initialize the randomizer using seed as seed. + + + -L + Use oplocks. + + + -X + Enable dangerous tests. Use with care! This might crash your server... + + + -t timelimit + Specify the NBENCH time limit in seconds. Defaults to 600. + + + -p ports + Specify ports to connect to. + + + -c file + Read NBENCH commands from file instead of from CLIENT.TXT. + + + -A + Show not just OK or FAILED but more detailed + output. Used only by DENY test at the moment. + + + -C filename + Load a list of UNC names from the specified filename. Smbtorture instances will connect to a random host from this list. + + + -N numprocs + Specify number of smbtorture processes to launch. + + + -o num_operations + Number of times some operations should be tried before assuming they're output is consistent (default:100). + + + -e num_files + Number of entries to use in certain tests (such as creating X files) (default: 1000). + + + -f max_failures + Number of failures before aborting a test (default: 1). + + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + Samba + + + + + AUTHOR + + &man.credits.samba; + + smbtorture was written by Andrew Tridgell. + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/source4/utils/man/ndrdump.1.xml b/source4/utils/man/ndrdump.1.xml new file mode 100644 index 0000000000..55ac95491a --- /dev/null +++ b/source4/utils/man/ndrdump.1.xml @@ -0,0 +1,83 @@ + + + + + + ndrdump + 1 + + + + + ndrdump + DCE/RPC Packet Parser and Dumper + + + + + ndrdump + -c context + pipe + function + in|out + filename + + + ndrdump + pipe + + + ndrdump + + + + + DESCRIPTION + + ndrdump tries to parse the specified filename + using Samba's parser for the specified pipe and function. The + third argument should be + either in or out, depending + on whether the data should be parsed as a request or a reply. + + Running ndrdump without arguments will list the pipes for which + parsers are available. + + Running ndrdump with one argument will list the functions that + Samba can parse for the specified pipe. + + The primary function of ndrdump is debugging Samba's internal + DCE/RPC parsing functions. The file being parsed is usually + one exported by ethereal's Export selected packet bytes + function. + + The context argument can be used to load context data from the request + packet when parsing reply packets (such as array lengths). + + + + + VERSION + + This man page is correct for version 4.0 of the Samba suite. + + + + SEE ALSO + + ethereal, pidl + + + + + AUTHOR + + &man.credits.samba; + + ndrdump was written by Andrew Tridgell. + + This manpage was written by Jelmer Vernooij. + + + + diff --git a/source4/utils/man/ntlm_auth.1.xml b/source4/utils/man/ntlm_auth.1.xml new file mode 100644 index 0000000000..1677500112 --- /dev/null +++ b/source4/utils/man/ntlm_auth.1.xml @@ -0,0 +1,269 @@ + + + + + + ntlm_auth + 1 + + + + + ntlm_auth + tool to allow external access to Winbind's NTLM authentication function + + + + + ntlm_auth + -d debuglevel + -l logdir + -s <smb config file> + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + ntlm_auth is a helper utility that authenticates + users using NT/LM authentication. It returns 0 if the users is authenticated + successfully and 1 if access was denied. ntlm_auth uses winbind to access + the user and authentication data for a domain. This utility + is only indended to be used by other programs (currently squid). + + + + + OPERATIONAL REQUIREMENTS + + + The winbindd + 8 daemon must be operational + for many of these commands to function. + + Some of these commands also require access to the directory + winbindd_privileged in + $LOCKDIR. This should be done either by running + this command as root or providing group access + to the winbindd_privileged directory. For + security reasons, this directory should not be world-accessable. + + + + + + OPTIONS + + + + --helper-protocol=PROTO + + Operate as a stdio-based helper. Valid helper protocols are: + + + + squid-2.4-basic + + Server-side helper for use with Squid 2.4's basic (plaintext) + authentication. + + + + squid-2.5-basic + + Server-side helper for use with Squid 2.5's basic (plaintext) + authentication. + + + + squid-2.5-ntlmssp + + Server-side helper for use with Squid 2.5's NTLMSSP + authentication. + Requires access to the directory + winbindd_privileged in + $LOCKDIR. The protocol used is + described here: http://devel.squid-cache.org/ntlm/squid_helper_protocol.html + + + + + ntlmssp-client-1 + + Cleint-side helper for use with arbitary external + programs that may wish to use Samba's NTLMSSP + authentication knowlege. + This helper is a client, and as such may be run by any + user. The protocol used is + effectivly the reverse of the previous protocol. + + + + + + gss-spnego + + Server-side helper that implements GSS-SPNEGO. This + uses a protocol that is almost the same as + squid-2.5-ntlmssp, but has some + subtle differences that are undocumented outside the + source at this stage. + + Requires access to the directory + winbindd_privileged in + $LOCKDIR. + + + + + + gss-spnego-client + + Client-side helper that implements GSS-SPNEGO. This + also uses a protocol similar to the above helpers, but + is currently undocumented. + + + + + + + + + --username=USERNAME + + Specify username of user to authenticate + + + + + + --domain=DOMAIN + + Specify domain of user to authenticate + + + + + --workstation=WORKSTATION + + Specify the workstation the user authenticated from + + + + + --challenge=STRING + NTLM challenge (in HEXADECIMAL) + + + + + --lm-response=RESPONSE + LM Response to the challenge (in HEXADECIMAL) + + + + --nt-response=RESPONSE + NT or NTLMv2 Response to the challenge (in HEXADECIMAL) + + + + --password=PASSWORD + User's plaintext passwordIf + not specified on the command line, this is prompted for when + required. + + + + --request-lm-key + Retreive LM session key + + + + --request-nt-key + Request NT key + + + + --diagnostics + Perform Diagnostics on the authentication + chain. Uses the password from --password + or prompts for one. + + + + + --require-membership-of={SID|Name} + Require that a user be a member of specified + group (either name or SID) for authentication to succeed. + + + + &popt.common.samba; + &stdarg.help; + + + + + + EXAMPLE SETUP + + To setup ntlm_auth for use by squid 2.5, with both basic and + NTLMSSP authentication, the following + should be placed in the squid.conf file. + +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic +auth_param basic children 5 +auth_param basic realm Squid proxy-caching web server +auth_param basic credentialsttl 2 hours + + +This example assumes that ntlm_auth has been installed into your + path, and that the group permissions on + winbindd_privileged are as described above. + + To setup ntlm_auth for use by squid 2.5 with group limitation in addition to the above + example, the following should be added to the squid.conf file. + +auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users' +auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users' + + + + + + TROUBLESHOOTING + + If you're experiencing problems with authenticating Internet Explorer running + under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication + helper (--helper-protocol=squid-2.5-ntlmssp), then please read + + the Microsoft Knowledge Base article #239869 and follow instructions described there. + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The ntlm_auth manpage was written by Jelmer Vernooij and + Andrew Bartlett. + + + -- cgit