diff options
47 files changed, 985 insertions, 727 deletions
diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf index 011ff341c96..92ab4c71d32 100644 --- a/docs/Samba-HOWTO-Collection.pdf +++ b/docs/Samba-HOWTO-Collection.pdf @@ -1,6 +1,6 @@ %PDF-1.2 %âãÏÓ -1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020617065538Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj +1 0 obj<</Producer(htmldoc 1.8.11 Copyright 1997-2001 Easy Software Products, All Rights Reserved.)/CreationDate(D:20020829040213Z)/Title(SAMBA Project Documentation)/Creator(Modular DocBook HTML Stylesheet Version 1.57)>>endobj 2 0 obj<</Type/Encoding/Differences[ 32/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quotesingle/parenleft/parenright/asterisk/plus/comma/minus/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/asciicircum/underscore/grave/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde 128/Euro 130/quotesinglbase/florin/quotedblbase/ellipsis/dagger/daggerdbl/circumflex/perthousand/Scaron/guilsinglleft/OE 145/quoteleft/quoteright/quotedblleft/quotedblright/bullet/endash/emdash/tilde/trademark/scaron/guilsinglright/oe 159/Ydieresis/space/exclamdown/cent/sterling/currency/yen/brokenbar/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine/guillemotright/onequarter/onehalf/threequarters/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]>>endobj 3 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier/Encoding 2 0 R>>endobj 4 0 obj<</Type/Font/Subtype/Type1/BaseFont/Courier-Bold/Encoding 2 0 R>>endobj @@ -3666,7 +3666,7 @@ xref 0000256429 00000 n 0000256524 00000 n trailer -<</Size 1124/Root 1123 0 R/Info 1 0 R/ID[<37f2139748809e07227d5db7799d36c3><37f2139748809e07227d5db7799d36c3>]>> +<</Size 1124/Root 1123 0 R/Info 1 0 R/ID[<94579745ca18c91b3922074b18e6ef4d><94579745ca18c91b3922074b18e6ef4d>]>> startxref 256739 %%EOF diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml index 64150fb53c6..d607fa1ca92 100644 --- a/docs/docbook/manpages/smbpasswd.8.sgml +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -183,6 +183,19 @@ <varlistentry> + <term>-t</term> + <listitem><para>This option is used to force smbpasswd to + change the current password assigned to the machine trust account + when operating in domain security mode. This is really meant to + be used on systems that only run <ulink url="winbindd.8.html"<command>winbindd</command></ulink>. + Under server installations, <ulink url="smbd.8.html"><command>smbd</command></ulink> + handle the password updates automatically.</para> + </listitem> + </varlistentry> + + + + <varlistentry> <term>-U username[%pass]</term> <listitem><para>This option may only be used in conjunction with the <parameter>-r</parameter> option. When changing diff --git a/docs/docbook/scripts/strip-links.pl b/docs/docbook/scripts/strip-links.pl index dbbdceaabcc..66bc101e086 100644 --- a/docs/docbook/scripts/strip-links.pl +++ b/docs/docbook/scripts/strip-links.pl @@ -1,13 +1,15 @@ #!/usr/bin/perl -## small script to stirp the <URL:...> tags from +## small script to strip the <URL:...> tags from ## manpages generated from docbook2man. we'll leave ## the <URL:ftp://...> and <URL:mailto:...> links for now while (<STDIN>) { chomp ($_); - $_ =~ s/\s*<URL:.*html.*>\s*//g; + $_ =~ s/\s*<URL:.*html.*>\s+/ /g; + $_ =~ s/\s*<URL:.*html.*>\S//g; + $_ =~ s/\s*<URL:.*html.*>$//g; print "$_\n"; } diff --git a/docs/htmldocs/Integrating-with-Windows.html b/docs/htmldocs/Integrating-with-Windows.html index 7c5fe316272..fd2bd7fdaf6 100644 --- a/docs/htmldocs/Integrating-with-Windows.html +++ b/docs/htmldocs/Integrating-with-Windows.html @@ -191,7 +191,7 @@ CLASS="FILENAME" > is one such file.</P ><P >When the IP address of the destination interface has been -determined a protocol called ARP/RARP isused to identify +determined a protocol called ARP/RARP is used to identify the MAC address of the target interface. ARP stands for Address Resolution Protocol, and is a broadcast oriented method that uses UDP (User Datagram Protocol) to send a request to all @@ -414,7 +414,7 @@ architecture of the MS Windows network. The term "workgroup" indicates that the primary nature of the network environment is that of a peer-to-peer design. In a WORKGROUP all machines are responsible for their own security, and generally such security is limited to use of -just a password (known as SHARE MORE security). In most situations +just a password (known as SHARE MODE security). In most situations with peer-to-peer networking the users who control their own machines will simply opt to have no security at all. It is possible to have USER MODE security in a WORKGROUP environment, thus requiring use @@ -444,8 +444,8 @@ NAME="AEN100" ></H2 ><P >All MS Windows machines employ an in memory buffer in which is -stored the NetBIOS names and their IP addresses for all external -machines that that the local machine has communicated with over the +stored the NetBIOS names and IP addresses for all external +machines that that machine has communicated with over the past 10-15 minutes. It is more efficient to obtain an IP address for a machine from the local cache than it is to go through all the configured name resolution mechanisms.</P @@ -453,7 +453,7 @@ configured name resolution mechanisms.</P >If a machine whose name is in the local name cache has been shut down before the name had been expired and flushed from the cache, then an attempt to exchange a message with that machine will be subject -to time-out delays. ie: It's name is in the cache, so a name resolution +to time-out delays. i.e.: Its name is in the cache, so a name resolution lookup will succeed, but the machine can not respond. This can be frustrating for users - but it is a characteristic of the protocol.</P ><P @@ -660,7 +660,7 @@ dependable browsing using Samba</A ></H1 ><P >As stated above, MS Windows machines register their NetBIOS names -(ie: the machine name for each service type in operation) on start +(i.e.: the machine name for each service type in operation) on start up. Also, as stated above, the exact method by which this name registration takes place is determined by whether or not the MS Windows client/server has been given a WINS server address, whether or not LMHOSTS lookup @@ -685,7 +685,7 @@ Instead, the domain master browser serves the role of contacting each local master browser (found by asking WINS or from LMHOSTS) and exchanging browse list contents. This way every master browser will eventually obtain a complete list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By nature of +is held to determine which machine will be the master browser. By the nature of the election criteria used, the machine with the highest uptime, or the most senior protocol version, or other criteria, will win the election as domain master browser.</P @@ -770,8 +770,8 @@ these versions no longer support plain text passwords by default.</P ><P >MS Windows clients have a habit of dropping network mappings that have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped the SMB protocol -has a mechanism by which the connection can be re-established using +use the mapped drive connection that has been dropped, the client +re-establishes the connection using a cached copy of the password.</P ><P >When Microsoft changed the default password mode, they dropped support for @@ -959,7 +959,7 @@ NAME="AEN196" ></H2 ><P >This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as and +Unix/Linux system both a Unix style account as well as an smbpasswd entry for the user. The Unix system account can be locked if required as only the encrypted password will be used for SMB client authentication.</P diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html index fd83c4e09a3..ffd5c3cf241 100644 --- a/docs/htmldocs/Samba-BDC-HOWTO.html +++ b/docs/htmldocs/Samba-BDC-HOWTO.html @@ -76,9 +76,13 @@ parameters in the [global]-section of the smb.conf have to be set:</P ><P ><PRE CLASS="PROGRAMLISTING" ->workgroup = SAMBA -domain master = yes -domain logons = yes</PRE +>[global] + workgroup = SAMBA + domain master = yes + domain logons = yes + encrypt passwords = yes + security = user + ....</PRE ></P ><P >Several other things like a [homes] and a [netlogon] share also may be @@ -171,33 +175,93 @@ NAME="AEN28" ><UL ><LI ><P ->The file private/MACHINE.SID identifies the domain. When a samba -server is first started, it is created on the fly and must never be -changed again. This file has to be the same on the PDC and the BDC, -so the MACHINE.SID has to be copied from the PDC to the BDC.</P +> The file <TT +CLASS="FILENAME" +>private/MACHINE.SID</TT +> identifies the domain. When a samba + server is first started, it is created on the fly and must never be + changed again. This file has to be the same on the PDC and the BDC, + so the MACHINE.SID has to be copied from the PDC to the BDC. Note that in the + latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored + in the <TT +CLASS="FILENAME" +>private/secrets.tdb</TT +> database. This file cannot just + be copied because Samba looks under the key <TT +CLASS="CONSTANT" +>SECRETS/SID/<TT +CLASS="REPLACEABLE" +><I +>DOMAIN</I +></TT +></TT +>. + where <TT +CLASS="REPLACEABLE" +><I +>DOMAIN</I +></TT +> is the machine's netbios name. Since this name has + to be unique for each SAMBA server, this lookup will fail. </P +><P +> A new option has been added to the <B +CLASS="COMMAND" +>smbpasswd(8)</B +> + command to help ease this problem. When running <B +CLASS="COMMAND" +>smbpasswd -S</B +> as the root user, + the domain SID will be retrieved from a domain controller matching the value of the + <TT +CLASS="PARAMETER" +><I +>workgroup</I +></TT +> parameter in <TT +CLASS="FILENAME" +>smb.conf</TT +> and stored as the + new Samba server's machine SID. See the <A +HREF="smbpasswd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbpasswd(8)</B +></A +> + man page for more details on this functionality. + </P ></LI ><LI ><P ->The Unix user database has to be synchronized from the PDC to the -BDC. This means that both the /etc/passwd and /etc/group have to be -replicated from the PDC to the BDC. This can be done manually -whenever changes are made, or the PDC is set up as a NIS master -server and the BDC as a NIS slave server. To set up the BDC as a -mere NIS client would not be enough, as the BDC would not be able to -access its user database in case of a PDC failure.</P +> The Unix user database has to be synchronized from the PDC to the + BDC. This means that both the /etc/passwd and /etc/group have to be + replicated from the PDC to the BDC. This can be done manually + whenever changes are made, or the PDC is set up as a NIS master + server and the BDC as a NIS slave server. To set up the BDC as a + mere NIS client would not be enough, as the BDC would not be able to + access its user database in case of a PDC failure. LDAP is also a + potential vehicle for sharing this information. + </P ></LI ><LI ><P ->The Samba password database in the file private/smbpasswd has to be -replicated from the PDC to the BDC. This is a bit tricky, see the -next section.</P +> The Samba password database in the file <TT +CLASS="FILENAME" +>private/smbpasswd</TT +> + has to be replicated from the PDC to the BDC. This is a bit tricky, see the + next section. + </P ></LI ><LI ><P ->Any netlogon share has to be replicated from the PDC to the -BDC. This can be done manually whenever login scripts are changed, -or it can be done automatically together with the smbpasswd -synchronization.</P +> Any netlogon share has to be replicated from the PDC to the + BDC. This can be done manually whenever login scripts are changed, + or it can be done automatically together with the smbpasswd + synchronization. + </P ></LI ></UL ><P @@ -206,9 +270,13 @@ by setting</P ><P ><PRE CLASS="PROGRAMLISTING" ->workgroup = samba -domain master = no -domain logons = yes</PRE +>[global] + workgroup = SAMBA + domain master = yes + domain logons = yes + encrypt passwords = yes + security = user + ....</PRE ></P ><P >in the [global]-section of the smb.conf of the BDC. This makes the BDC @@ -222,21 +290,58 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN44" +NAME="AEN57" >How do I replicate the smbpasswd file?</A ></H2 ><P >Replication of the smbpasswd file is sensitive. It has to be done -whenever changes to the SAM are made. Every user's password change is -done in the smbpasswd file and has to be replicated to the BDC. So +whenever changes to the SAM are made. Every user's password change +(including machine trust account password changes) is done in the +smbpasswd file and has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.</P ><P >As the smbpasswd file contains plain text password equivalents, it must not be sent unencrypted over the wire. The best way to set up smbpasswd replication from the PDC to the BDC is to use the utility -rsync. rsync can use ssh as a transport. ssh itself can be set up to -accept *only* rsync transfer without requiring the user to type a -password.</P +<B +CLASS="COMMAND" +>rsync(1)</B +>. <B +CLASS="COMMAND" +>rsync</B +> can use +<B +CLASS="COMMAND" +>ssh(1)</B +> as a transport. <B +CLASS="COMMAND" +>ssh</B +> itself +can be set up to accept <I +CLASS="EMPHASIS" +>only</I +> <B +CLASS="COMMAND" +>rsync</B +> transfer without requiring the user to +type a password. Refer to the man pages for these two tools for more details.</P +><P +>Another solution with high potential is to use Samba's <TT +CLASS="PARAMETER" +><I +>--with-ldapsam</I +></TT +> +for sharing and/or replicating the list of <TT +CLASS="CONSTANT" +>sambaAccount</TT +> entries. +This can all be done over SSL to ensure security. See the <A +HREF="Samba-LDAP-HOWTO.html" +TARGET="_top" +>Samba-LDAP-HOWTO</A +> +for more details.</P ></DIV ></DIV ></DIV diff --git a/docs/htmldocs/Samba-LDAP-HOWTO.html b/docs/htmldocs/Samba-LDAP-HOWTO.html index 9c223c0084f..7fbfbf5247b 100644 --- a/docs/htmldocs/Samba-LDAP-HOWTO.html +++ b/docs/htmldocs/Samba-LDAP-HOWTO.html @@ -64,7 +64,7 @@ TARGET="_top" >O'Reilly Publishing</A > is working on a guide to LDAP for System Administrators which has a planned release date of -early summer, 2002.</P +late 2002.</P ><P >Two additional Samba resources which may prove to be helpful are</P ><P @@ -86,7 +86,11 @@ HREF="http://samba.idealx.org/" TARGET="_top" >IDEALX</A > that are - geared to manage users and group in such a Samba-LDAP Domain Controller configuration. + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. These scripts can + be found in the Samba 2.2.5 release in the <TT +CLASS="FILENAME" +>examples/LDAP/smbldap-tools/</TT +> directory. </P ></LI ></UL @@ -96,7 +100,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN23" +NAME="AEN24" >Introduction</A ></H1 ><P @@ -124,7 +128,7 @@ in the thousands).</P >The first is that all lookups must be performed sequentially. Given that there are approximately two lookups per domain logon (one for a normal session connection such as when mapping a network drive or printer), this -is a performance bottleneck for lareg sites. What is needed is an indexed approach +is a performance bottleneck for large sites. What is needed is an indexed approach such as is used in databases.</P ></LI ><LI @@ -150,7 +154,10 @@ Identified (RID).</P ></UL ><P >As a result of these defeciencies, a more robust means of storing user attributes -used by smbd was developed. The API which defines access to user accounts +used by <B +CLASS="COMMAND" +>smbd</B +> was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. <TT @@ -172,7 +179,10 @@ CLASS="PARAMETER" >--with-ldapsam</I ></TT > autoconf -option, smbd (and associated tools) will store and lookup user accounts in +option, <B +CLASS="COMMAND" +>smbd</B +> (and associated tools) will store and lookup user accounts in an LDAP directory. In reality, this is very easy to understand. If you are comfortable with using an smbpasswd file, simply replace "smbpasswd" with "LDAP directory" in all the documentation.</P @@ -213,7 +223,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN52" +NAME="AEN55" >Supported LDAP Servers</A ></H1 ><P @@ -238,7 +248,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN57" +NAME="AEN60" >Schema and Relationship to the RFC 2307 posixAccount</A ></H1 ><P @@ -252,7 +262,7 @@ in 2.2.2). The sambaAccount objectclass is given here:</P ><P ><PRE CLASS="PROGRAMLISTING" ->objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL +>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY DESC 'Samba Account' MUST ( uid $ rid ) MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ @@ -261,7 +271,10 @@ CLASS="PROGRAMLISTING" description $ userWorkstations $ primaryGroupID $ domain ))</PRE ></P ><P ->The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +>The <TT +CLASS="FILENAME" +>samba.schema</TT +> file has been formatted for OpenLDAP 2.0 & 2.1. The OID's are owned by the Samba Team and as such is legal to be openly published. If you translate the schema to be used with Netscape DS, please submit the modified schema file as a patch to <A @@ -270,22 +283,47 @@ TARGET="_top" >jerry@samba.org</A ></P ><P +>Since the original release, schema files for</P +><P +></P +><UL +><LI +><P +>IBM's SecureWay Server</P +></LI +><LI +><P +>Netscape Directory Server version 4.x and 5.x</P +></LI +></UL +><P +>have been submitted and included in the Samba source distribution. I cannot +personally comment on the integration of these commercial directory servers since +I have not had the oppotinuity to work with them.</P +><P >Just as the smbpasswd file is mean to store information which supplements a user's <TT CLASS="FILENAME" >/etc/passwd</TT > entry, so is the sambaAccount object -meant to supplement the UNIX user account information. A sambaAccount is a +meant to supplement the UNIX user account information. A sambaAccount is now an <TT CLASS="CONSTANT" ->STRUCTURAL</TT -> objectclass so it can be stored individually -in the directory. However, there are several fields (e.g. uid) which overlap -with the posixAccount objectclass outlined in RFC2307. This is by design.</P +>AUXILARY</TT +> objectclass so it can be stored alongside +a posixAccount or person objectclass in the directory. Note that there are +several fields (e.g. uid) which overlap with the posixAccount objectclass +outlined in RFC2307. This is by design. The move from a STRUCTURAL objectclass +to an AUXILIARY one was compliance with the LDAP data model which states that +an entry can contain only one STRUCTURAL objectclass per entry. This is now +enforced by the OpenLDAP 2.1 server.</P ><P >In order to store all user account information (UNIX and Samba) in the directory, it is necessary to use the sambaAccount and posixAccount objectclasses in -combination. However, smbd will still obtain the user's UNIX account +combination. However, <B +CLASS="COMMAND" +>smbd</B +> will still obtain the user's UNIX account information via the standard C library calls (e.g. getpwnam(), et. al.). This means that the Samba server must also have the LDAP NSS library installed and functioning correctly. This division of information makes it possible to @@ -297,7 +335,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN69" +NAME="AEN81" >Configuring Samba with LDAP</A ></H1 ><DIV @@ -305,7 +343,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN71" +NAME="AEN83" >OpenLDAP configuration</A ></H2 ><P @@ -369,9 +407,9 @@ CLASS="PROGRAMLISTING" ## required by OpenLDAP 2.0 index objectclass eq -## support pb_getsampwnam() +## support pbb_getsampwnam() index uid pres,eq -## support pdb_getsambapwrid() +## support pdb_getsampwrid() index rid eq ## uncomment these if you are storing posixAccount and @@ -387,7 +425,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN88" +NAME="AEN100" >Configuring Samba</A ></H2 ><P @@ -501,13 +539,69 @@ CLASS="REPLACEABLE" # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"</PRE ></P ></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN128" +>Importing <TT +CLASS="FILENAME" +>smbpasswd</TT +> entries</A +></H2 +><P +>Import existing user entries from an <TT +CLASS="FILENAME" +>smbpasswd</TT +> can be trivially done using +a Perl script named <TT +CLASS="FILENAME" +>import_smbpasswd.pl</TT +> included in the +<TT +CLASS="FILENAME" +>examples/LDAP/</TT +> directory of the Samba source distribution. There are +two main requirements of this script:</P +><P +></P +><UL +><LI +><P +>All users to be imported to the directory must have a valid uid on the + local system. This can be a problem if using a machinej different from the Samba server + to import the file.</P +></LI +><LI +><P +>The local system must have a working installation of the Net::LDAP perl + module which can be obtained from with <A +HREF="http://search.cpan.org/" +TARGET="_top" +>http://search.cpan.org/</A +> + by searching for <TT +CLASS="FILENAME" +>perl-ldap</TT +> or directly from <A +HREF="http://perl-ldap.sf.net/" +TARGET="_top" +>http://perl-ldap.sf.net/</A +>. + </P +></LI +></UL +><P +>Please refer to the documentation in the same directory as the script for more details.</P +></DIV ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN116" +NAME="AEN144" >Accounts and Groups management</A ></H1 ><P @@ -532,7 +626,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN121" +NAME="AEN149" >Security and sambaAccount</A ></H1 ><P @@ -605,7 +699,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN141" +NAME="AEN169" >LDAP specials attributes for sambaAccounts</A ></H1 ><P @@ -816,7 +910,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN211" +NAME="AEN239" >Example LDIF Entries for a sambaAccount</A ></H1 ><P @@ -874,7 +968,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN219" +NAME="AEN247" >Comments</A ></H1 ><P @@ -883,7 +977,7 @@ HREF="mailto:jerry@samba.org" TARGET="_top" >jerry@samba.org</A >. This documents was -last updated to reflect the Samba 2.2.3 release. </P +last updated to reflect the Samba 2.2.5 release. </P ></DIV ></DIV ></BODY diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html index 707fd87245b..e3c1934adaa 100644 --- a/docs/htmldocs/UNIX_INSTALL.html +++ b/docs/htmldocs/UNIX_INSTALL.html @@ -656,8 +656,8 @@ NAME="AEN166" >By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will - need to use the -i <scope> option to nmbd, smbd, and - smbclient. All your PCs will need to have the same setting for + need to use the 'netbios scope' smb.conf option. + All your PCs will need to have the same setting for this to work. I do not recommend scope IDs.</P ></DIV ><DIV @@ -778,19 +778,13 @@ NAME="AEN182" its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility modes called DENY_FCB and DENY_DOS.</P -><P ->You can disable share modes using "share modes = no". - This may be useful on a heavily loaded server as the share - modes code is very slow. See also the FAST_SHARE_MODES - option in the Makefile for a way to do full share modes - very fast using shared memory (if your OS supports it).</P ></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN192" +NAME="AEN191" >Mapping Usernames</A ></H2 ><P @@ -803,7 +797,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN195" +NAME="AEN194" >Other Character Sets</A ></H2 ><P diff --git a/docs/htmldocs/cups.html b/docs/htmldocs/cups.html index 4c07986acaa..c4191e25524 100644 --- a/docs/htmldocs/cups.html +++ b/docs/htmldocs/cups.html @@ -94,11 +94,12 @@ CLASS="PARAMETER" >-oraw</I ></TT > -option for printing. You can use the <B +option for printing. On a Linux system, you can use the <B CLASS="COMMAND" >ldd</B > command to -find out details:</P +find out details (ldd may not be present on other OS platforms, or its +function may be embodied by a different command):</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -176,7 +177,7 @@ try if you have <B CLASS="COMMAND" >lphelp</B > on your system) plus some different GUI frontends on Linux -UNIX, which can present PPD options to the users. PPD optons are normally +UNIX, which can present PPD options to the users. PPD options are normally meant to become evaluated by the PostScript RIP on the real PostScript printer.</P ><P @@ -194,8 +195,8 @@ CLASS="PARAMETER" ><I >*cupsFilter</I ></TT -> -this line +>. +This line tells the CUPS print system which printer-specific filter to use for the interpretation of the accompanying PostScript. Thus CUPS lets all its printers appear as PostScript devices to its clients, because it can act as a @@ -224,8 +225,8 @@ CLASS="COMMAND" > Filter and are therefor logged in the CUPS <TT CLASS="FILENAME" ->page_log </TT -> <I +>page_log</TT +>. - <I CLASS="EMPHASIS" >NOTE: </I >this @@ -250,7 +251,7 @@ NAME="AEN50" ><P >This setup may be of special interest to people experiencing major problems in WTS environments. WTS need often a multitude -of non-PostScript drivers installed to run their clients' multitude of +of non-PostScript drivers installed to run their clients' variety of different printer models. This often imposes the price of much increased instability. In many cases, in an attempt to overcome this problem, site administrators have resorted to restrict the allowed drivers installed on @@ -337,7 +338,7 @@ CLASS="PROGRAMLISTING" ICONLIB.DLL</PRE ></P ><P ->Users of the ESP Print Pro software are able to isntall +>Users of the ESP Print Pro software are able to install their "Samba Drivers" package for this purpose with no problem.</P ></DIV ><DIV @@ -433,10 +434,17 @@ CLASS="EMPHASIS" >the cupsomatic trick from Linuxprinting.org is working different from the other drivers. While the other drivers take the generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as -their input, cupsomatic "kidmaps" the PostScript inside CUPS, before +their input, cupsomatic "kidnaps" the PostScript inside CUPS, before RIP-ping, deviates it to an external Ghostscript installation (which now becomes the RIP) and gives it back to a CUPS backend once Ghostscript is -finished.</P +finished. -- CUPS versions from 1.1.15 and later will provide their pstoraster +PostScript RIP function again inside a system-wide Ghostscript +installation rather than in "their own" pstoraster filter. (This +CUPS-enabling Ghostscript version may be installed either as a +patch to GNU or AFPL Ghostscript, or as a complete ESP Ghostscript package). +However, this will not change the cupsomatic approach of guiding the printjob +along a different path through the filtering system than the standard CUPS +way...</P ><P >Once you installed a printer inside CUPS with one of the recommended methods (the lpadmin command, the web browser interface or one of @@ -580,6 +588,22 @@ share, right-click on this printer and select "Install..." or "Connect..." (depending on the Windows version you use). Now their should be a new printer in your client's local "Printers" folder, named (in my case) "infotec_IS2027 on kdebitshop"</P +><P +><I +CLASS="EMPHASIS" +>NOTE: </I +> +<B +CLASS="COMMAND" +>cupsaddsmb</B +> will only reliably work i +with CUPS version 1.1.15 or higher +and Samba from 2.2.4. If it doesn't work, or if the automatic printer +driver download to the clients doesn't succeed, you can still manually +install the CUPS printer PPD on top of the Adobe PostScript driver on +clients and then point the client's printer queue to the Samba printer +share for connection, should you desire to use the CUPS networked +PostScript RIP functions.</P ></DIV ></DIV ></DIV diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html index b94d0fbbfd4..38a7e280668 100644 --- a/docs/htmldocs/printer_driver2.html +++ b/docs/htmldocs/printer_driver2.html @@ -165,7 +165,7 @@ CLASS="PARAMETER" >printer driver file</I ></TT -> parameter, are being deprecated and should not +> parameter, are being deprecated and should not be used in new installations. For more information on this change, you should refer to the <A HREF="#MIGRATION" @@ -391,33 +391,36 @@ properties will be displayed. Do you want to install the driver now?</I ></P ><P ->Click "No" in the error dialog and you will be presented with -the printer properties window. The way assign a driver to a +>Click <I +CLASS="EMPHASIS" +>No</I +> in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a printer is to either</P ><P ></P ><UL ><LI ><P ->Use the "New Driver..." button to install +>Use the "New Driver..." button to install a new printer driver, or</P ></LI ><LI ><P ->Select a driver from the popup list of +>Select a driver from the popup list of installed drivers. Initially this list will be empty.</P ></LI ></UL ><P ->If you wish to install printer drivers for client -operating systems other than "Windows NT x86", you will need +>If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need to use the "Sharing" tab of the printer properties dialog.</P ><P ->Assuming you have connected with a root account, you -will also be able modify other printer properties such as +>Assuming you have connected with a root account, you +will also be able modify other printer properties such as ACLs and device settings using this dialog box.</P ><P ->A few closing comments for this section, it is possible +>A few closing comments for this section, it is possible on a Windows NT print server to have printers listed in the Printers folder which are not shared. Samba does not make this distinction. By definition, the only printers of @@ -428,7 +431,7 @@ CLASS="FILENAME" >.</P ><P >Another interesting side note is that Windows NT clients do -not use the SMB printer share, but rather can print directly +not use the SMB printer share, but rather can print directly to any printer on another Windows NT host using MS-RPC. This of course assumes that the printing client has the necessary privileges on the remote host serving the printer. The default @@ -440,45 +443,88 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN88" +NAME="AEN89" +>DeviceModes and New Printers</A +></H2 +><P +>In order for a printer to be truly usbla eby a Windows NT/2k/XP client, +it must posses:</P +><P +></P +><UL +><LI +><P +>a valid Device Mode generated by the driver for the printer, and</P +></LI +><LI +><P +>a complete set of PrinterDriverData generated by the driver.</P +></LI +></UL +><P +>If either one of these is incomplete, the clients can produce less than optimal +output at best or in the worst cases, unreadable garbage or nothing at all. +Fortunately, most driver generate the printer driver that is needed. +However, the client must be tickled to generate a valid Device Mode and set it on the +server. The easist means of doing so is to simply set the page orientation on +the server's printer using the native Windows NT/2k printer properties page from +a Window clients. Make sure to apply changes between swapping the page orientation +to cause the change to actually take place. Be aware that this can only be done +by a "printer admin" (the reason should be obvious I hope).</P +><P +>Samba also includes a service level parameter name <A +HREF="smb.conf.5.html#DEFAULTDEVMODE" +TARGET="_top" +>default +devmode</A +> for generating a default device mode for a printer. Some driver +will function fine with this default set of properties. Others may crash the client's +spooler service. Use this parameter with caution. It is always better to have the client +generate a valid device mode for the printer and store it on the server for you.</P +></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN100" >Support a large number of printers</A ></H2 ><P >One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for -100's of printers. Using the Windows NT APW is somewhat -awkward to say the list. If more than one printer are using the +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the same driver, the <A HREF="rpcclient.1.html" TARGET="_top" ><B CLASS="COMMAND" >rpcclient's -setdriver command</B +setdriver</B ></A -> can be used to set the driver +> command can be used to set the driver associated with an installed driver. The following is example of how this could be accomplished:</P ><P ><PRE CLASS="PROGRAMLISTING" -> -<TT +><TT CLASS="PROMPT" >$ </TT >rpcclient pogo -U root%secret -c "enumdrivers" Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] - + [Windows NT x86] Printer Driver Info 1: Driver Name: [HP LaserJet 4000 Series PS] - + Printer Driver Info 1: Driver Name: [HP LaserJet 2100 Series PS] - + Printer Driver Info 1: Driver Name: [HP LaserJet 4Si/4SiMX PS] - + <TT CLASS="PROMPT" >$ </TT @@ -488,7 +534,7 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] name:[\\POGO\hp-print] description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] comment:[] - + <TT CLASS="PROMPT" >$ </TT @@ -506,7 +552,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN99" +NAME="AEN111" >Adding New Printers via the Windows NT APW</A ></H2 ><P @@ -514,7 +560,7 @@ NAME="AEN99" CLASS="FILENAME" >smb.conf</TT > -in the "Printers..." folder. Also existing in this folder is the Windows NT +in the "Printers..." folder. Also existing in this folder is the Windows NT Add Printer Wizard icon. The APW will be show only if</P ><P ></P @@ -539,7 +585,7 @@ TARGET="_top" ><TT CLASS="PARAMETER" ><I ->show +>show add printer wizard = yes</I ></TT ></A @@ -548,36 +594,36 @@ CLASS="PARAMETER" ></LI ></UL ><P ->In order to be able to use the APW to successfully add a printer to a Samba +>In order to be able to use the APW to successfully add a printer to a Samba server, the <A HREF="smb.conf.5.html#ADDPRINTERCOMMAND" TARGET="_top" ><TT CLASS="PARAMETER" ><I ->add +>add printer command</I ></TT ></A > must have a defined value. The program -hook must successfully add the printer to the system (i.e. +hook must successfully add the printer to the system (i.e. <TT CLASS="FILENAME" >/etc/printcap</TT -> or appropriate files) and +> or appropriate files) and <TT CLASS="FILENAME" >smb.conf</TT > if necessary.</P ><P ->When using the APW from a client, if the named printer share does +>When using the APW from a client, if the named printer share does not exist, <B CLASS="COMMAND" >smbd</B > will execute the <TT CLASS="PARAMETER" ><I ->add printer +>add printer command</I ></TT > and reparse to the <TT @@ -612,7 +658,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN124" +NAME="AEN136" >Samba and Printer Ports</A ></H2 ><P @@ -649,7 +695,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN132" +NAME="AEN144" >The Imprints Toolset</A ></H1 ><P @@ -662,12 +708,19 @@ TARGET="_top" > as well as the documentation included with the imprints source distribution. This section will only provide a brief introduction to the features of Imprints.</P +><P +>As of June 16, 2002 (quite a bit earlier actually), the Imprints + project is in need of a new maintainer. The most important skill + is decent perl coding and an interest in MS-RPC based printing using Samba. + If you wich to volunteer, please coordinate your efforts on the samba-technical + mailing list. + </P ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN136" +NAME="AEN149" >What is Imprints?</A ></H2 ><P @@ -699,7 +752,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN146" +NAME="AEN159" >Creating Printer Driver Packages</A ></H2 ><P @@ -715,7 +768,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN149" +NAME="AEN162" >The Imprints server</A ></H2 ><P @@ -736,7 +789,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN153" +NAME="AEN166" >The Installation Client</A ></H2 ><P @@ -830,7 +883,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN175" +NAME="AEN188" ><A NAME="MIGRATION" ></A @@ -963,6 +1016,17 @@ CLASS="PARAMETER" ></TR ></TABLE ></DIV +><DIV +CLASS="SECT2" +><HR><H2 +CLASS="SECT2" +><A +NAME="AEN221" +>Parameters in <TT +CLASS="FILENAME" +>smb.conf(5)</TT +> for Backwards Compatibility</A +></H2 ><P >The have been two new parameters add in Samba 2.2.2 to for better support of Samba 2.0.x backwards capability (<TT @@ -979,9 +1043,10 @@ CLASS="PARAMETER" ></TT >). Both of these options are described in the smb.coinf(5) man page and are -disabled by default.</P +disabled by default. Use them with caution.</P +></DIV ></DIV ></DIV ></BODY ></HTML -> +>
\ No newline at end of file diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html index 90f9ca076c5..7c0699c535b 100644 --- a/docs/htmldocs/smbpasswd.8.html +++ b/docs/htmldocs/smbpasswd.8.html @@ -286,6 +286,31 @@ CLASS="PARAMETER" </P ></DD ><DT +>-t</DT +><DD +><P +>This option is used to force smbpasswd to + change the current password assigned to the machine trust account + when operating in domain security mode. This is really meant to + be used on systems that only run <A +HREF="winbindd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>winbindd</B +></A +>. + Under server installations, <A +HREF="smbd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbd</B +></A +> + handle the password updates automatically.</P +></DD +><DT >-U username[%pass]</DT ><DD ><P @@ -660,7 +685,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN205" +NAME="AEN213" ></A ><H2 >NOTES</H2 @@ -703,7 +728,7 @@ CLASS="FILENAME" ><DIV CLASS="REFSECT1" ><A -NAME="AEN215" +NAME="AEN223" ></A ><H2 >VERSION</H2 @@ -714,7 +739,7 @@ NAME="AEN215" ><DIV CLASS="REFSECT1" ><A -NAME="AEN218" +NAME="AEN226" ></A ><H2 >SEE ALSO</H2 @@ -737,7 +762,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN224" +NAME="AEN232" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html index bae907c687a..3ed7e6d8238 100644 --- a/docs/htmldocs/testparm.1.html +++ b/docs/htmldocs/testparm.1.html @@ -37,12 +37,12 @@ NAME="AEN8" ><B CLASS="COMMAND" >testparm</B -> [-s] [-h] [-L <servername>] {config filename} [hostname hostIP]</P +> [-s] [-h] [-x] [-L <servername>] {config filename} [hostname hostIP]</P ></DIV ><DIV CLASS="REFSECT1" ><A -NAME="AEN16" +NAME="AEN17" ></A ><H2 >DESCRIPTION</H2 @@ -95,7 +95,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN31" +NAME="AEN32" ></A ><H2 >OPTIONS</H2 @@ -122,6 +122,12 @@ CLASS="COMMAND" >Print usage message </P ></DD ><DT +>-x</DT +><DD +><P +>Print only parameters that have non-default values</P +></DD +><DT >-L servername</DT ><DD ><P @@ -192,7 +198,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN66" +NAME="AEN71" ></A ><H2 >FILES</H2 @@ -221,7 +227,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN75" +NAME="AEN80" ></A ><H2 >DIAGNOSTICS</H2 @@ -235,7 +241,7 @@ NAME="AEN75" ><DIV CLASS="REFSECT1" ><A -NAME="AEN78" +NAME="AEN83" ></A ><H2 >VERSION</H2 @@ -246,7 +252,7 @@ NAME="AEN78" ><DIV CLASS="REFSECT1" ><A -NAME="AEN81" +NAME="AEN86" ></A ><H2 >SEE ALSO</H2 @@ -272,7 +278,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN88" +NAME="AEN93" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html index 8a41808700b..bb18545c5b8 100644 --- a/docs/htmldocs/winbind.html +++ b/docs/htmldocs/winbind.html @@ -161,7 +161,7 @@ NAME="AEN27" workstations into a NT based organization.</P ><P >Another interesting way in which we expect Winbind to - be used is as a central part of UNIX based appliances. Appliances + be used is as a central part of UNIX based appliances. Appliances that provide file and print services to Microsoft based networks will be able to use Winbind to provide seamless integration of the appliance into the domain.</P @@ -405,37 +405,29 @@ HREF="mailto:jtrostel@snapserver.com" TARGET="_top" >jtrostel@snapserver.com</A > -for providing the HOWTO for this section.</P -><P ->This HOWTO describes how to get winbind services up and running +for providing the original Linux version of this HOWTO which +describes how to get winbind services up and running to control access and authenticate users on your Linux box using -the winbind services which come with SAMBA 2.2.2.</P -><P ->There is also some Solaris specific information in -<TT -CLASS="FILENAME" ->docs/textdocs/Solaris-Winbind-HOWTO.txt</TT ->. -Future revisions of this document will incorporate that -information.</P +the winbind services which are included with the SAMBA 2.2.2 and later +releases.</P ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN78" +NAME="AEN75" >Introduction</A ></H2 ><P >This HOWTO describes the procedures used to get winbind up and -running on my RedHat 7.1 system. Winbind is capable of providing access -and authentication control for Windows Domain users through an NT -or Win2K PDC for 'regular' services, such as telnet a nd ftp, as -well for SAMBA services.</P +running on a RedHat 7.1 system. Winbind is capable of providing access +and authentication control for Windows Domain users through an NT +or Win2K PDC for 'regular' services, such as telnet and ftp, as +well providing dynamic uid/gid allocation for Samba.</P ><P ->This HOWTO has been written from a 'RedHat-centric' perspective, so if -you are using another distribution, you may have to modify the instructions -somewhat to fit the way your distribution works.</P +>This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution (or operating system), you may have +to modify the instructions somewhat to fit the way your distribution works.</P ><P ></P ><UL @@ -447,9 +439,9 @@ CLASS="EMPHASIS" > </P ><P ->This allows the SAMBA administrator to rely on the - authentication mechanisms on the NT/Win2K PDC for the authentication - of domain members. NT/Win2K users no longer need to have separate +>This allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate accounts on the SAMBA server. </P ></LI @@ -461,12 +453,10 @@ CLASS="EMPHASIS" > </P ><P -> This HOWTO is designed for system administrators. If you are - implementing SAMBA on a file server and wish to (fairly easily) +> This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) integrate existing NT/Win2K users from your PDC onto the - SAMBA server, this HOWTO is for you. That said, I am no NT or PAM - expert, so you may find a better or easier way to accomplish - these tasks. + SAMBA server, this HOWTO is for you. </P ></LI ></UL @@ -476,119 +466,130 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN91" +NAME="AEN88" >Requirements</A ></H2 ><P ->If you have a samba configuration file that you are currently +>If you have a samba configuration file that you are currently using... <I CLASS="EMPHASIS" >BACK IT UP!</I -> If your system already uses PAM, +> If your system already uses PAM, <I CLASS="EMPHASIS" >back up the <TT CLASS="FILENAME" >/etc/pam.d</TT -> directory -contents!</I -> If you haven't already made a boot disk, +> (or <TT +CLASS="FILENAME" +>/etc/pam.conf</TT +>) +directory contents!</I +> If you haven't already made a boot disk, <I CLASS="EMPHASIS" >MAKE ONE NOW!</I ></P ><P ->Messing with the pam configuration files can make it nearly impossible -to log in to yourmachine. That's why you want to be able to boot back -into your machine in single user mode and restore your +>Messing with the pam configuration files can make it nearly impossible +to log in to your machine. That's why you want to be able to boot back +into your machine in single user mode and restore your <TT CLASS="FILENAME" >/etc/pam.d</TT -> back to the original state they were in if -you get frustrated with the way things are going. ;-)</P +> (or <TT +CLASS="FILENAME" +>pam.conmf</TT +>) back to +the original state they were in if +you get frustrated with the way things are going.</P ><P ->The latest version of SAMBA (version 2.2.2 as of this writing), now -includes a functioning winbindd daemon. Please refer to the +>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2. Please refer to the <A HREF="http://samba.org/" TARGET="_top" >main SAMBA web page</A -> or, -better yet, your closest SAMBA mirror site for instructions on -downloading the source code.</P +> or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code. it is generally advised to obtain the lates +Samba release as bugs are constantly being fixed.</P ><P ->To allow Domain users the ability to access SAMBA shares and -files, as well as potentially other services provided by your +>To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your SAMBA machine, PAM (pluggable authentication modules) must -be setup properly on your machine. In order to compile the -winbind modules, you should have at least the pam libraries resident -on your system. For recent RedHat systems (7.1, for instance), that -means <TT +be setup properly on your machine. In order to compile the +winbind modules, you must have at the PAM libraries and header files resident +on your system. For recent RedHat systems (7.x, for instance), that +means installing both <TT CLASS="FILENAME" ->pam-0.74-22</TT ->. For best results, it is helpful to also -install the development packages in <TT +>pam</TT +> and <TT CLASS="FILENAME" ->pam-devel-0.74-22</TT ->.</P +>pam-devel</TT +> RPM. +The former is installed by default on all Linux systems of which the author is aware.</P ></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN105" +NAME="AEN104" >Testing Things Out</A ></H2 ><P ->Before starting, it is probably best to kill off all the SAMBA -related daemons running on your server. Kill off all <B +>Before starting, kill off all the SAMBA related daemons running on your server. Kill off +all <B CLASS="COMMAND" >smbd</B ->, -<B +>, <B CLASS="COMMAND" >nmbd</B >, and <B CLASS="COMMAND" >winbindd</B -> processes that may -be running. To use PAM, you will want to make sure that you have the -standard PAM package (for RedHat) which supplies the <TT +> processes that may +be running (<B +CLASS="COMMAND" +>winbindd</B +> will only be running if you have ao previous Winbind +installation...but why would you be reading tis if that were the case?). To use PAM, you will +want to make sure that you have the standard PAM package (for RedHat) which supplies the <TT CLASS="FILENAME" >/etc/pam.d</TT -> -directory structure, including the pam modules are used by pam-aware +> +directory structure, including the pam modules are used by pam-aware services, several pam libraries, and the <TT CLASS="FILENAME" >/usr/doc</TT -> +> and <TT CLASS="FILENAME" >/usr/man</TT -> entries for pam. Winbind built better -in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, -my RedHat system has both <TT +> entries for pam. Samba will require +the pam-devel package if you plan to build the <TT CLASS="FILENAME" ->pam-0.74-22</TT -> and -<TT -CLASS="FILENAME" ->pam-devel-0.74-22</TT -> RPMs installed.</P +>pam_winbind.so</TT +> library or +include the <B +CLASS="COMMAND" +>--with-pam</B +> option to the configure script. +This package includes the header files needed to compile pam-aware applications.</P +><P +>[I have no idea which Solaris packages are quired for PAM libraries and +development files. If you know, please mail me the information and I will include +it in the next revision of this HOWTO. --jerry@samba.org]</P ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN116" ->Configure and compile SAMBA</A +NAME="AEN117" +>Configure and Compile SAMBA</A ></H3 ><P ->The configuration and compilation of SAMBA is pretty straightforward. -The first three steps may not be necessary depending upon -whether or not you have previously built the Samba binaries.</P +>The configuration and compilation of SAMBA is straightforward.</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -597,27 +598,6 @@ CLASS="PROMPT" >root#</TT > <B CLASS="COMMAND" ->autoconf</B -> -<TT -CLASS="PROMPT" ->root#</TT -> <B -CLASS="COMMAND" ->make clean</B -> -<TT -CLASS="PROMPT" ->root#</TT -> <B -CLASS="COMMAND" ->rm config.cache</B -> -<TT -CLASS="PROMPT" ->root#</TT -> <B -CLASS="COMMAND" >./configure --with-winbind</B > <TT @@ -641,36 +621,43 @@ CLASS="FILENAME" >/usr/local/samba</TT >. See the main SAMBA documentation if you want to install SAMBA somewhere else. -It will also build the winbindd executable and libraries. </P +It will also build the winbindd executable and NSS library.</P ></DIV ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN135" +NAME="AEN130" >Configure <TT CLASS="FILENAME" >nsswitch.conf</TT -> and the +> and the winbind libraries</A ></H3 ><P >The libraries needed to run the <B CLASS="COMMAND" >winbindd</B -> daemon -through nsswitch need to be copied to their proper locations, so</P +> daemon +through nsswitch need to be copied to their proper locations.</P ><P ><TT CLASS="PROMPT" >root#</TT > <B CLASS="COMMAND" ->cp ../samba/source/nsswitch/libnss_winbind.so /lib</B +>cp nsswitch/libnss_winbind.so /lib</B +> +<TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>chmod 755 /lib/libnss_winbind.so</B ></P ><P ->I also found it necessary to make the following symbolic link:</P +>It necessary to make the following symbolic link:</P ><P ><TT CLASS="PROMPT" @@ -680,73 +667,60 @@ CLASS="COMMAND" >ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2</B ></P ><P ->Now, as root you need to edit <TT +>The <TT +CLASS="FILENAME" +>.2</TT +> extension is due to the version of glibc used on your Linux host. +for most modern systems, the file extension is correct. However, some other operating systems, +Solaris 7/8 being the most common, the destination filename should be replaced with +<TT +CLASS="FILENAME" +>/lib/nss_winbind.so.1</TT +></P +><P +>Now, as root edit <TT CLASS="FILENAME" >/etc/nsswitch.conf</TT -> to +> to allow user and group entries to be visible from the <B CLASS="COMMAND" >winbindd</B -> -daemon. My <TT -CLASS="FILENAME" ->/etc/nsswitch.conf</TT -> file look like -this after editing:</P +> +daemon. After editing, the file look appear:</P ><P ><PRE CLASS="PROGRAMLISTING" > passwd: files winbind - shadow: files + shadow: files group: files winbind</PRE ></P -><P -> -The libraries needed by the winbind daemon will be automatically -entered into the <B -CLASS="COMMAND" ->ldconfig</B -> cache the next time -your system reboots, but it -is faster (and you don't need to reboot) if you do it manually:</P -><P -><TT -CLASS="PROMPT" ->root#</TT -> <B -CLASS="COMMAND" ->/sbin/ldconfig -v | grep winbind</B -></P -><P ->This makes <TT -CLASS="FILENAME" ->libnss_winbind</TT -> available to winbindd -and echos back a check to you.</P ></DIV ><DIV CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN160" ->Configure smb.conf</A +NAME="AEN152" +>Configure <TT +CLASS="FILENAME" +>smb.conf</TT +></A ></H3 ><P ->Several parameters are needed in the smb.conf file to control +>Several parameters are needed in the smb.conf file to control the behavior of <B CLASS="COMMAND" >winbindd</B ->. Configure +>. Configure <TT CLASS="FILENAME" >smb.conf</TT -> These are described in more detail in +> These are described in more detail in the <A HREF="winbindd.8.html" TARGET="_top" >winbindd(8)</A -> man page. My +> man page. My <TT CLASS="FILENAME" >smb.conf</TT @@ -776,6 +750,8 @@ TARGET="_top" >winbind gid</A > = 10000-20000 # allow enumeration of winbind users and groups + # might need to disable these next two for performance + # reasons on the winbindd host <A HREF="winbindd.8.html#WINBINDENUMUSERS" TARGET="_top" @@ -786,7 +762,7 @@ HREF="winbindd.8.html#WINBINDENUMGROUP" TARGET="_top" >winbind enum groups</A > = yes - # give winbind users a real shell (only needed if they have telnet access) + # give winbind users a real shell (only needed if they have telnet/sshd/etc... access) <A HREF="winbindd.8.html#TEMPLATEHOMEDIR" TARGET="_top" @@ -804,23 +780,23 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN176" +NAME="AEN169" >Join the SAMBA server to the PDC domain</A ></H3 ><P ->Enter the following command to make the SAMBA server join the +>Enter the following command to make the SAMBA server join the PDC domain, where <TT CLASS="REPLACEABLE" ><I >DOMAIN</I ></TT -> is the name of +> is the name of your Windows domain and <TT CLASS="REPLACEABLE" ><I >Administrator</I ></TT -> is +> is a domain user who has administrative privileges in the domain.</P ><P ><TT @@ -831,7 +807,7 @@ CLASS="COMMAND" >/usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator</B ></P ><P ->The proper response to the command should be: "Joined the domain +>The proper response to the command should be: "Joined the domain <TT CLASS="REPLACEABLE" ><I @@ -842,7 +818,7 @@ CLASS="REPLACEABLE" ><I >DOMAIN</I ></TT -> +> is your DOMAIN name.</P ></DIV ><DIV @@ -850,14 +826,14 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN187" +NAME="AEN180" >Start up the winbindd daemon and test it!</A ></H3 ><P ->Eventually, you will want to modify your smb startup script to -automatically invoke the winbindd daemon when the other parts of +>Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of SAMBA start, but it is possible to test out just the winbind -portion first. To start up winbind services, enter the following +portion first. To start up winbind services, enter the following command as root:</P ><P ><TT @@ -865,10 +841,17 @@ CLASS="PROMPT" >root#</TT > <B CLASS="COMMAND" ->/usr/local/samba/bin/winbindd</B +>export PATH=$PATH:/usr/local/samba/bin</B +> +<TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>winbindd</B ></P ><P ->I'm always paranoid and like to make sure the daemon +>I'm always paranoid and like to make sure the daemon is really running...</P ><P ><TT @@ -883,7 +866,13 @@ CLASS="COMMAND" ><P >3025 ? 00:00:00 winbindd</P ><P ->Now... for the real test, try to get some information about the +>Note that a sample RedHat init script for starting winbindd is included in +the SAMBA sourse distribution as <TT +CLASS="FILENAME" +>packaging/RedHat/winbind.init</TT +>.</P +><P +>Now... for the real test, try to get some information about the users on your PDC</P ><P ><TT @@ -891,11 +880,10 @@ CLASS="PROMPT" >root#</TT > <B CLASS="COMMAND" ->/usr/local/samba/bin/wbinfo -u</B +>wbinfo -u</B ></P ><P -> -This should echo back a list of users on your Windows users on +>This should echo back a list of users on your Windows users on your PDC. For example, I get the following response:</P ><P ><PRE @@ -916,7 +904,7 @@ separator</I ></TT > is '+'.</P ><P ->You can do the same sort of thing to get group information from +>You can do the same sort of thing to get group information from the PDC:</P ><P ><PRE @@ -939,7 +927,7 @@ CEO+Enterprise Admins CEO+Group Policy Creator Owners</PRE ></P ><P ->The function 'getent' can now be used to get unified +>The function 'getent' can now be used to get unified lists of both local and PDC users and groups. Try the following command:</P ><P @@ -954,9 +942,13 @@ CLASS="COMMAND" >You should get a list that looks like your <TT CLASS="FILENAME" >/etc/passwd</TT -> -list followed by the domain users with their new uids, gids, home -directories and default shells.</P +> +list followed by the domain users with their new uids, gids, home +directories and default shells. If you do not, verify that the permissions on the +libnss_winbind.so library are <TT +CLASS="FILENAME" +>rwxr-xr-x</TT +>.</P ><P >The same thing can be done for groups with the command</P ><P @@ -973,132 +965,32 @@ CLASS="SECT3" ><HR><H3 CLASS="SECT3" ><A -NAME="AEN223" ->Fix the <TT -CLASS="FILENAME" ->/etc/rc.d/init.d/smb</TT -> startup files</A +NAME="AEN221" +>Configure Winbind and PAM</A ></H3 ><P ->The <B +>At this point we are assured that <B CLASS="COMMAND" >winbindd</B -> daemon needs to start up after the -<B -CLASS="COMMAND" ->smbd</B > and <B CLASS="COMMAND" ->nmbd</B -> daemons are running. -To accomplish this task, you need to modify the <TT -CLASS="FILENAME" ->/etc/init.d/smb</TT +>smbd</B > -script to add commands to invoke this daemon in the proper sequence. My +are working together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in +this step. (Did you remember to make backups of your original <TT CLASS="FILENAME" ->/etc/init.d/smb</TT -> file starts up <B -CLASS="COMMAND" ->smbd</B ->, -<B -CLASS="COMMAND" ->nmbd</B ->, and <B -CLASS="COMMAND" ->winbindd</B -> from the -<TT +>/etc/pam.d</TT +> (or <TT CLASS="FILENAME" ->/usr/local/samba/bin</TT -> directory directly. The 'start' -function in the script looks like this:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->start() { - KIND="SMB" - echo -n $"Starting $KIND services: " - daemon /usr/local/samba/bin/smbd $SMBDOPTIONS - RETVAL=$? - echo - KIND="NMB" - echo -n $"Starting $KIND services: " - daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS - RETVAL2=$? - echo - KIND="Winbind" - echo -n $"Starting $KIND services: " - daemon /usr/local/samba/bin/winbindd - RETVAL3=$? - echo - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ - RETVAL=1 - return $RETVAL -}</PRE -></P -><P ->The 'stop' function has a corresponding entry to shut down the -services and look s like this:</P +>/etc/pam.conf</TT +>) file[s]? If not, do it now.)</P ><P -><PRE -CLASS="PROGRAMLISTING" ->stop() { - KIND="SMB" - echo -n $"Shutting down $KIND services: " - killproc smbd - RETVAL=$? - echo - KIND="NMB" - echo -n $"Shutting down $KIND services: " - killproc nmbd - RETVAL2=$? - echo - KIND="Winbind" - echo -n $"Shutting down $KIND services: " - killproc winbindd - RETVAL3=$? - [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb - echo "" - return $RETVAL -}</PRE -></P -><P ->If you restart the <B -CLASS="COMMAND" ->smbd</B ->, <B -CLASS="COMMAND" ->nmbd</B ->, -and <B +>You will need a PAM module to use <B CLASS="COMMAND" >winbindd</B -> daemons at this point, you -should be able to connect to the samba server as a domain member just as -if you were a local user.</P -></DIV -><DIV -CLASS="SECT3" -><HR><H3 -CLASS="SECT3" -><A -NAME="AEN245" ->Configure Winbind and PAM</A -></H3 -><P ->If you have made it this far, you know that winbindd and samba are working -together. If you want to use winbind to provide authentication for other -services, keep reading. The pam configuration files need to be altered in -this step. (Did you remember to make backups of your original -<TT -CLASS="FILENAME" ->/etc/pam.d</TT -> files? If not, do it now.)</P -><P ->You will need a pam module to use winbindd with these other services. This +> with these other services. This module will be compiled in the <TT CLASS="FILENAME" >../source/nsswitch</TT @@ -1121,7 +1013,7 @@ CLASS="FILENAME" CLASS="FILENAME" >pam_winbind.so</TT > file should be copied to the location of -your other pam security modules. On my RedHat system, this was the +your other pam security modules. On Linux and Solaris systems, this is the <TT CLASS="FILENAME" >/lib/security</TT @@ -1132,41 +1024,36 @@ CLASS="PROMPT" >root#</TT > <B CLASS="COMMAND" ->cp ../samba/source/nsswitch/pam_winbind.so /lib/security</B -></P -><P ->The <TT -CLASS="FILENAME" ->/etc/pam.d/samba</TT -> file does not need to be changed. I -just left this fileas it was:</P -><P -><PRE -CLASS="PROGRAMLISTING" ->auth required /lib/security/pam_stack.so service=system-auth -account required /lib/security/pam_stack.so service=system-auth</PRE +>cp nsswitch/pam_winbind.so /lib/security</B +> +<TT +CLASS="PROMPT" +>root#</TT +> <B +CLASS="COMMAND" +>chmod 755 /lib/security/pam_winbind.so</B ></P ><P ->The other services that I modified to allow the use of winbind -as an authentication service were the normal login on the console (or a terminal -session), telnet logins, and ftp service. In order to enable these -services, you may first need to change the entries in +>Other services, such as the normal login on the console (or a terminal +session), telnet logins, and ftp service, can be modified to allow the use of winbind +as an authentication service. In order to enable these +services, you may first need to change the entries in <TT CLASS="FILENAME" >/etc/xinetd.d</TT > (or <TT CLASS="FILENAME" >/etc/inetd.conf</TT ->). -RedHat 7.1 uses the new xinetd.d structure, in this case you need +>). +RedHat 7.1 uses the new xinetd.d structure, in this case you need to change the lines in <TT CLASS="FILENAME" >/etc/xinetd.d/telnet</TT -> +> and <TT CLASS="FILENAME" >/etc/xinetd.d/wu-ftp</TT -> from </P +> from</P ><P ><PRE CLASS="PROGRAMLISTING" @@ -1180,15 +1067,14 @@ CLASS="PROGRAMLISTING" >enable = yes</PRE ></P ><P -> -For ftp services to work properly, you will also need to either -have individual directories for the domain users already present on +>For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on the server, or change the home directory template to a general -directory for all domain users. These can be easily set using +directory for all domain users. These can be easily set using the <TT CLASS="FILENAME" >smb.conf</TT -> global entry +> global entry <B CLASS="COMMAND" >template homedir</B @@ -1197,12 +1083,12 @@ CLASS="COMMAND" >The <TT CLASS="FILENAME" >/etc/pam.d/ftp</TT -> file can be changed +> file can be changed to allow winbind ftp access in a manner similar to the samba file. My <TT CLASS="FILENAME" >/etc/pam.d/ftp</TT -> file was +> file was changed to look like this:</P ><P ><PRE @@ -1219,7 +1105,7 @@ session required /lib/security/pam_stack.so service=system-auth</PRE >The <TT CLASS="FILENAME" >/etc/pam.d/login</TT -> file can be changed nearly the +> file can be changed nearly the same way. It now looks like this:</P ><P ><PRE @@ -1239,12 +1125,12 @@ session optional /lib/security/pam_console.so</PRE >In this case, I added the <B CLASS="COMMAND" >auth sufficient /lib/security/pam_winbind.so</B -> +> lines as before, but also added the <B CLASS="COMMAND" >required pam_securetty.so</B -> -above it, to disallow root logins over the network. I also added a +> +above it, to disallow root logins over the network. I also added a <B CLASS="COMMAND" >sufficient /lib/security/pam_unix.so use_first_pass</B @@ -1252,8 +1138,23 @@ CLASS="COMMAND" line after the <B CLASS="COMMAND" >winbind.so</B -> line to get rid of annoying +> line to get rid of annoying double prompts for passwords.</P +><P +>Note that a Solaris <TT +CLASS="FILENAME" +>/etc/pam.conf</TT +> confiruation file looks +very similar to this except thaty the service name is included as the first entry +per line. An example for the login service is given here.</P +><P +><PRE +CLASS="PROGRAMLISTING" +>## excerpt from /etc/pam.conf on a Solaris 8 system +login auth required /lib/security/pam_winbind.so +login auth required /lib/security/$ISA/pam_unix.so.1 try_first_pass +login auth required /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass</PRE +></P ></DIV ></DIV ></DIV @@ -1262,38 +1163,28 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN292" +NAME="AEN274" >Limitations</A ></H1 ><P ->Winbind has a number of limitations in its current - released version that we hope to overcome in future +>Winbind has a number of limitations in its current + released version that we hope to overcome in future releases:</P ><P ></P ><UL ><LI ><P ->Winbind is currently only available for - the Linux operating system, although ports to other operating - systems are certainly possible. For such ports to be feasible, - we require the C library of the target operating system to - support the Name Service Switch and Pluggable Authentication - Modules systems. This is becoming more common as NSS and - PAM gain support among UNIX vendors.</P -></LI -><LI -><P ->The mappings of Windows NT RIDs to UNIX ids - is not made algorithmically and depends on the order in which - unmapped users or groups are seen by winbind. It may be difficult - to recover the mappings of rid to UNIX id mapping if the file +>The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file containing this information is corrupted or destroyed.</P ></LI ><LI ><P ->Currently the winbind PAM module does not take - into account possible workstation and logon time restrictions +>Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions that may be been set for Windows NT users.</P ></LI ></UL @@ -1303,7 +1194,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN302" +NAME="AEN282" >Conclusion</A ></H1 ><P diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1 index ce26d67cf78..72cc193c3de 100644 --- a/docs/manpages/findsmb.1 +++ b/docs/manpages/findsmb.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "FINDSMB" "1" "02 May 2002" "" "" +.TH "FINDSMB" "1" "28 August 2002" "" "" .SH NAME findsmb \- list info about machines that respond to SMB name queries on a subnet .SH SYNOPSIS @@ -11,12 +11,12 @@ findsmb \- list info about machines that respond to SMB name queries on a subne \fBfindsmb\fR [ \fBsubnet broadcast address\fR ] .SH "DESCRIPTION" .PP -This perl script is part of the Sambasuite. +This perl script is part of the Samba suite. .PP \fBfindsmb\fR is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. -It uses \fB nmblookup(1)\fRto obtain this information. +It uses \fB nmblookup(1)\fR to obtain this information. .SH "OPTIONS" .TP \fBsubnet broadcast address\fR @@ -40,7 +40,7 @@ Machines that are running Windows, Windows 95 or Windows 98 will not show any information about the operating system or server version. .PP -The command must be run on a system without \fBnmbd\fRrunning. +The command must be run on a system without \fBnmbd\fR running. If \fBnmbd\fR is running on the system, you will only get the IP address and the DNS name of the machine. To get proper responses from Windows 95 and Windows 98 machines, @@ -72,9 +72,9 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, +\fBnmbd(8)\fR \fBsmbclient(1) -\fR +\fR and \fBnmblookup(1)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 index 92aea409de8..93b56b00db7 100644 --- a/docs/manpages/lmhosts.5 +++ b/docs/manpages/lmhosts.5 @@ -3,15 +3,15 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "LMHOSTS" "5" "02 May 2002" "" "" +.TH "LMHOSTS" "5" "28 August 2002" "" "" .SH NAME lmhosts \- The Samba NetBIOS hosts file .SH SYNOPSIS .PP -\fIlmhosts\fR is the SambaNetBIOS name to IP address mapping file. +\fIlmhosts\fR is the Samba NetBIOS name to IP address mapping file. .SH "DESCRIPTION" .PP -This file is part of the Sambasuite. +This file is part of the Samba suite. .PP \fIlmhosts\fR is the \fBSamba \fRNetBIOS name to IP address mapping file. It @@ -67,7 +67,7 @@ be resolved. .PP The default location of the \fIlmhosts\fR file is in the same directory as the -smb.conf(5)>file. +smb.conf(5)> file. .PP .SH "VERSION" .PP @@ -76,7 +76,7 @@ the Samba suite. .SH "SEE ALSO" .PP \fBsmbclient(1) -\fR +\fR and \fB smbpasswd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1 index 3ac5a04c24b..04c43673fad 100644 --- a/docs/manpages/make_smbcodepage.1 +++ b/docs/manpages/make_smbcodepage.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "MAKE_SMBCODEPAGE" "1" "02 May 2002" "" "" +.TH "MAKE_SMBCODEPAGE" "1" "28 August 2002" "" "" .SH NAME make_smbcodepage \- construct a codepage file for Samba .SH SYNOPSIS @@ -11,7 +11,7 @@ make_smbcodepage \- construct a codepage file for Samba \fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBmake_smbcodepage\fR compiles or de-compiles codepage files for use with the internationalization features @@ -123,7 +123,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1 index 3c273576b45..9795531c41b 100644 --- a/docs/manpages/make_unicodemap.1 +++ b/docs/manpages/make_unicodemap.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "MAKE_UNICODEMAP" "1" "02 May 2002" "" "" +.TH "MAKE_UNICODEMAP" "1" "28 August 2002" "" "" .SH NAME make_unicodemap \- construct a unicode map file for Samba .SH SYNOPSIS @@ -11,7 +11,7 @@ make_unicodemap \- construct a unicode map file for Samba \fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR .SH "DESCRIPTION" .PP -This tool is part of the Samba +This tool is part of the Samba suite. .PP \fBmake_unicodemap\fR compiles text unicode map @@ -82,7 +82,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index b9992e47f8a..46b29f1f959 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "NMBD" "8" "17 June 2002" "" "" +.TH "NMBD" "8" "28 August 2002" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS @@ -33,7 +33,7 @@ but this can be overridden with the \fB-n\fR option (see OPTIONS below). Thus \fBnmbd\fR will reply to broadcast queries for its own name(s). Additional names for \fBnmbd\fR to respond on can be set -via parameters in the \fI smb.conf(5)\fRconfiguration file. +via parameters in the \fI smb.conf(5)\fR configuration file. .PP \fBnmbd\fR can also be used as a WINS (Windows Internet Name Server) server. What this basically means @@ -82,7 +82,7 @@ for \fBnmbd\fR. NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name -resolution mechanism name resolve order +resolution mechanism name resolve order described in \fIsmb.conf(5)\fR to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are \fBNOT\fR used by \fBnmbd\fR to answer any name queries. @@ -93,7 +93,7 @@ The default path to this file is compiled into Samba as part of the build process. Common defaults are \fI/usr/local/samba/lib/lmhosts\fR, \fI/usr/samba/lib/lmhosts\fR or -\fI/etc/lmhosts\fR. See the \fIlmhosts(5)\fRman page for details on the +\fI/etc/lmhosts\fR. See the \fIlmhosts(5)\fR man page for details on the contents of this file. .TP \fB-V\fR @@ -119,8 +119,8 @@ and generate HUGE amounts of log data, most of which is extremely cryptic. Note that specifying this parameter here will override -the log level -parameter in the \fI smb.conf\fRfile. +the log level +parameter in the \fI smb.conf\fR file. .TP \fB-l <log directory>\fR The -l parameter specifies a directory @@ -135,8 +135,8 @@ will log to the default debug log location defined at compile time. \fB-n <primary NetBIOS name>\fR This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the NetBIOS nameparameter in the -\fIsmb.conf\fRfile. However, a command +to setting the NetBIOS name parameter in the +\fIsmb.conf\fR file. However, a command line setting will take precedence over settings in \fIsmb.conf\fR. .TP @@ -153,14 +153,14 @@ is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but this may be changed when Samba is autoconfigured. The file specified contains the configuration details -required by the server. See \fIsmb.conf(5)\fRfor more information. +required by the server. See \fIsmb.conf(5)\fR for more information. .SH "FILES" .TP \fB\fI/etc/inetd.conf\fB\fR If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the -meta-daemon. See the UNIX_INSTALL.htmldocument +meta-daemon. See the UNIX_INSTALL.html document for details. .TP \fB\fI/etc/rc\fB\fR @@ -169,7 +169,7 @@ system uses). If running the server as a daemon at startup, this file will need to contain an appropriate startup -sequence for the server. See the UNIX_INSTALL.htmldocument +sequence for the server. See the UNIX_INSTALL.html document for details. .TP \fB\fI/etc/services\fB\fR @@ -219,7 +219,7 @@ the \fIlog.nmb\fR file. .PP The debug log level of nmbd may be raised or lowered using \fBsmbcontrol(1)\fR -(SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level. .SH "TROUBLESHOOTING" @@ -237,10 +237,10 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBinetd(8)\fR, \fBsmbd(8)\fR, +\fBinetd(8)\fR, \fBsmbd(8)\fR \fIsmb.conf(5)\fR -, \fBsmbclient(1) -\fR, and the Internet RFC's + \fBsmbclient(1) +\fR and the Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. In addition the CIFS (formerly SMB) specification is available as a link from the Web page diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 index 307414844a6..f91dc2c4ba1 100644 --- a/docs/manpages/nmblookup.1 +++ b/docs/manpages/nmblookup.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "NMBLOOKUP" "1" "16 May 2002" "" "" +.TH "NMBLOOKUP" "1" "28 August 2002" "" "" .SH NAME nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names .SH SYNOPSIS @@ -11,7 +11,7 @@ nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names \fBnmblookup\fR [ \fB-f\fR ] [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B <broadcast address>\fR ] [ \fB-U <unicast address>\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-i <NetBIOS scope>\fR ] [ \fB-T\fR ] \fBname\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBnmblookup\fR is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP @@ -50,7 +50,7 @@ datagrams. The reason for this option is a bug in Windows 95 where it ignores the source port of the requesting packet and only replies to UDP port 137. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and -in addition, if the nmbd(8) +in addition, if the nmbd(8) daemon is running on this machine it also binds to this port. .TP \fB-A\fR @@ -65,7 +65,7 @@ Send the query to the given broadcast address. Without this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto-detected or defined in the \fIinterfaces\fR -parameter of the \fIsmb.conf (5)\fR file. + parameter of the \fIsmb.conf (5)\fR file. .TP \fB-U <unicast address>\fR Do a unicast query to the specified address or @@ -89,11 +89,11 @@ Levels above 3 are designed for use only by developers and generate HUGE amounts of data, most of which is extremely cryptic. Note that specifying this parameter here will override -the \fI log level\fRparameter in the \fI smb.conf(5)\fR file. +the \fI log level\fR parameter in the \fI smb.conf(5)\fR file. .TP \fB-s <smb.conf>\fR This parameter specifies the pathname to -the Samba configuration file, smb.conf(5). This file controls all aspects of +the Samba configuration file, smb.conf(5) This file controls all aspects of the Samba setup on the machine. .TP \fB-i <scope>\fR @@ -142,8 +142,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, -samba(7) +\fBnmbd(8)\fR +samba(7) and smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 index d2ae81fe649..8e59ba336cd 100644 --- a/docs/manpages/pdbedit.8 +++ b/docs/manpages/pdbedit.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "PDBEDIT" "8" "02 May 2002" "" "" +.TH "PDBEDIT" "8" "28 August 2002" "" "" .SH NAME pdbedit \- manage the SAM database .SH SYNOPSIS @@ -11,7 +11,7 @@ pdbedit \- manage the SAM database \fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i file\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The pdbedit program is used to manage the users accounts stored in the sam database and can be run only by root. @@ -77,7 +77,7 @@ Example: \fBpdbedit -l -v\fR This option sets the "smbpasswd" listing format. It will make pdbedit list the users in the database printing out the account fields in a format compatible with the -\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fRfor details) +\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details) Example: \fBpdbedit -l -w\fR @@ -178,7 +178,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -smbpasswd(8), +smbpasswd(8) samba(7) .SH "AUTHOR" .PP diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 index 62037fbb4ee..efc90487d8c 100644 --- a/docs/manpages/rpcclient.1 +++ b/docs/manpages/rpcclient.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "RPCCLIENT" "1" "02 May 2002" "" "" +.TH "RPCCLIENT" "1" "28 August 2002" "" "" .SH NAME rpcclient \- tool for executing client side MS-RPC functions .SH SYNOPSIS @@ -11,7 +11,7 @@ rpcclient \- tool for executing client side MS-RPC functions \fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c <command string>\fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s <smb config file>\fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] \fBserver\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBrpcclient\fR is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone @@ -23,7 +23,7 @@ their UNIX workstation. \fBserver\fR NetBIOS name of Server to which to connect. The server can be any SMB/CIFS server. The name is -resolved using the \fIname resolve order\fRline from +resolved using the \fIname resolve order\fR line from \fIsmb.conf(5)\fR. .TP \fB-A filename\fR diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index fb51e249763..e0401f35ef5 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SAMBA" "7" "02 May 2002" "" "" +.TH "SAMBA" "7" "28 August 2002" "" "" .SH NAME SAMBA \- A Windows SMB/CIFS fileserver for UNIX .SH SYNOPSIS @@ -125,7 +125,7 @@ Samba. The project would have been unmanageable without it. .PP In addition, several commercial organizations now help fund the Samba Team with money and equipment. For details see -the Samba Web pages at http://samba.org/samba/samba-thanks.html. +the Samba Web pages at http://samba.org/samba/samba-thanks.html .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 5621f344da6..8760ccc56e2 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMB.CONF" "5" "27 July 2002" "" "" +.TH "SMB.CONF" "5" "28 August 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -13,7 +13,7 @@ file for the Samba suite. \fIsmb.conf\fR contains runtime configuration information for the Samba programs. The \fIsmb.conf\fR file is designed to be configured and administered by the \fBswat(8)\fR -program. The complete description of the file format and + program. The complete description of the file format and possible parameters held within are here for reference purposes. .SH "FILE FORMAT" .PP @@ -1456,7 +1456,7 @@ will perform the necessary operations for adding the printer to the print system and to add the appropriate service definition to the \fIsmb.conf\fR file in order that it can be shared by \fBsmbd(8)\fR -. + The \fIadd printer command\fR is automatically invoked with the following parameter (in @@ -1556,16 +1556,16 @@ Example: \fBadd share command = /usr/local/bin/addshare\fR \fBadd user script (G)\fR This is the full pathname to a script that will be run \fBAS ROOT\fR by smbd(8) -under special circumstances described below. + under special circumstances described below. Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the -Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users +Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users \fBON DEMAND\fR when a user accesses the Samba server. -In order to use this option, smbd +In order to use this option, smbd must \fBNOT\fR be set to \fIsecurity = share\fR and \fIadd user script\fR must be set to a full pathname for a script that will create a UNIX @@ -1573,7 +1573,7 @@ user given one argument of \fI%u\fR, which expands into the UNIX user name to create. When the Windows user attempts to access the Samba server, -at login (session setup in the SMB protocol) time, smbdcontacts the \fIpassword server\fR and +at login (session setup in the SMB protocol) time, smbd contacts the \fIpassword server\fR and attempts to authenticate the given user with the given password. If the authentication succeeds then \fBsmbd\fR attempts to find a UNIX user in the UNIX password database to map the @@ -1616,7 +1616,7 @@ Synonym for \fIhosts allow\fR. This option only takes effect when the \fIsecurity\fR option is set to server or domain. If it is set to no, then attempts to connect to a resource from -a domain or workgroup other than the one which smbdis running +a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication. @@ -1633,7 +1633,7 @@ Default: \fBallow trusted domains = yes\fR .TP \fBannounce as (G)\fR This specifies what type of server -\fBnmbd\fR +\fBnmbd\fR will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), @@ -1672,8 +1672,8 @@ Default: \fBavailable = yes\fR \fBbind interfaces only (G)\fR This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. If -affects file service smbd(8)and -name service nmbd(8)in slightly +affects file service smbd(8) and +name service nmbd(8) in slightly different ways. For name service it causes \fBnmbd\fR to bind @@ -1702,8 +1702,8 @@ interfaces as it will not cope with non-permanent interfaces. If \fIbind interfaces only\fR is set then unless the network address \fB127.0.0.1\fR is added -to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR -and \fBswat(8)\fRmay +to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR +and \fBswat(8)\fR may not work as expected due to the reasons covered below. To change a users SMB password, the \fBsmbpasswd\fR @@ -1714,7 +1714,7 @@ network address \fB127.0.0.1\fR is added to the \fIinterfaces\fR parameter list then \fB smbpasswd\fR will fail to connect in it's default mode. \fBsmbpasswd\fR can be forced to use the primary IP interface of the local host by using its \fI-r remote machine\fR -parameter, with \fIremote machine\fR set + parameter, with \fIremote machine\fR set to the IP name of the primary interface of the local host. The \fBswat\fR status page tries to connect with @@ -1727,7 +1727,7 @@ and \fBnmbd\fR. Default: \fBbind interfaces only = no\fR .TP \fBblock size (S)\fR -This parameter controls the behavior of smbd(8)when reporting disk free sizes. +This parameter controls the behavior of smbd(8) when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes. Changing this parameter may have some effect on the @@ -1745,7 +1745,7 @@ Default: \fBblock size = 1024\fR Example: \fBblock size = 65536\fR .TP \fBblocking locks (S)\fR -This parameter controls the behavior of smbd(8)when given a request by a client +This parameter controls the behavior of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it. @@ -1765,7 +1765,7 @@ Default: \fBblocking locks = yes\fR See the \fI browseable\fR. .TP \fBbrowse list (G)\fR -This controls whether \fBsmbd(8)\fRwill serve a browse list to +This controls whether \fBsmbd(8)\fR will serve a browse list to a client doing a \fBNetServerEnum\fR call. Normally set to true. You should never need to change this. @@ -1791,7 +1791,7 @@ sensitive. This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of -a directory is expensive under UNIX, hence an \fBsmbd(8)\fRdaemon only performs such a scan +a directory is expensive under UNIX, hence an \fBsmbd(8)\fR daemon only performs such a scan on each requested directory once every \fIchange notify timeout\fR seconds. @@ -1848,7 +1848,7 @@ Example: \fBchange share command = /usr/local/bin/addshare\fR .PP .TP \fBcharacter set (G)\fR -This allows smbdto map incoming filenames +This allows smbd to map incoming filenames from a DOS Code page (see the client code page parameter) to several built in UNIX character sets. The built in code page translations are: @@ -1919,10 +1919,10 @@ the code page. The default for USA MS-DOS, Windows 95, and Windows NT releases is code page 437. The default for western European releases of the above operating systems is code page 850. -This parameter tells smbd(8) +This parameter tells smbd(8) which of the \fIcodepage.XXX \fRfiles to dynamically load on startup. These files, -described more fully in the manual page \fBmake_smbcodepage(1)\fR, tell \fB smbd\fR how to map lower to upper case characters to provide +described more fully in the manual page \fBmake_smbcodepage(1)\fR tell \fB smbd\fR how to map lower to upper case characters to provide the case insensitivity of filenames that Windows clients expect. Samba currently ships with the following code page files : @@ -2189,7 +2189,7 @@ Default: \fBdebug hires timestamp = no\fR .TP \fBdebug pid (G)\fR When using only one log file for more then one -forked smbd-process there may be hard to follow which process +forked smbdprocess there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on. @@ -2368,7 +2368,7 @@ Example: \fBdelete share command = /usr/local/bin/delshare\fR .TP \fBdelete user script (G)\fR This is the full pathname to a script that will -be run \fBAS ROOT\fR by \fBsmbd(8)\fRunder special circumstances +be run \fBAS ROOT\fR by \fBsmbd(8)\fR under special circumstances described below. Normally, a Samba server requires that UNIX users are @@ -2589,7 +2589,7 @@ See also use client driver Default : \fBdisable spoolss = no\fR .TP \fBdns proxy (G)\fR -Specifies that nmbd(8) +Specifies that nmbd(8) when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server for that name on behalf of @@ -2652,13 +2652,13 @@ directory shipped with the source code. Default: \fBdomain logons = no\fR .TP \fBdomain master (G)\fR -Tell \fB nmbd(8)\fRto enable WAN-wide browse list +Tell \fB nmbd(8)\fR to enable WAN-wide browse list collation. Setting this option causes \fBnmbd\fR to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given \fIworkgroup\fR. Local master browsers in the same \fIworkgroup\fR on broadcast-isolated subnets will give this \fBnmbd\fR their local browse lists, -and then ask \fBsmbd(8)\fR +and then ask \fBsmbd(8)\fR for a complete copy of the browse list for the whole wide area network. Browser clients will then contact their local master browser, and will receive the domain-wide browse list, instead of just the list @@ -2718,7 +2718,7 @@ granularity on time resolution is two seconds. Setting this parameter for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second resolution is made to \fBsmbd(8)\fR -. + This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. If oplocks are enabled on a @@ -2739,7 +2739,7 @@ file they can change the timestamp on it. Under POSIX semantics, only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user \fBsmbd\fR is acting -on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbdwill change the file +on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbd will change the file timestamp as DOS requires. Default: \fBdos filetimes = no\fR @@ -2753,9 +2753,9 @@ Samba see the file ENCRYPTION.txt in the Samba documentation directory \fIdocs/\fR shipped with the source code. In order for encrypted passwords to work correctly -\fBsmbd(8)\fRmust either +\fBsmbd(8)\fR must either have access to a local \fIsmbpasswd(5) -\fRprogram for information on how to set up +\fR program for information on how to set up and maintain this file), or set the security = [server|domain] parameter which causes \fBsmbd\fR to authenticate against another server. @@ -2843,7 +2843,7 @@ that it is the only one accessing the file and it will aggressively cache file data. With some oplock types the client may even cache file open/close operations. This can give enormous performance benefits. -When you set \fBfake oplocks = yes\fR, \fBsmbd(8)\fRwill +When you set \fBfake oplocks = yes\fR, \fBsmbd(8)\fR will always grant oplock requests no matter how many clients are using the file. @@ -2862,7 +2862,7 @@ Default: \fBfake oplocks = no\fR .TP \fBfollow symlinks (S)\fR This parameter allows the Samba administrator -to stop \fBsmbd(8)\fR +to stop \fBsmbd(8)\fR from following symbolic links in a particular share. Setting this parameter to no prevents any file or directory that is a symbolic link from being followed (the user will get an @@ -3065,7 +3065,7 @@ Example: \fBforce user = auser\fR This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by \fBsmbd(8) -\fRwhen a client queries the filesystem type +\fR when a client queries the filesystem type for a share. The default type is NTFS for compatibility with Windows NT but this can be changed to other strings such as Samba or FAT @@ -3179,7 +3179,7 @@ Default: \fBhide unreadable = no\fR .TP \fBhomedir map (G)\fR If\fInis homedir -\fRis true, and \fBsmbd(8)\fRis also acting +\fRis true, and \fBsmbd(8)\fR is also acting as a Win95/98 \fIlogon server\fR then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun @@ -3211,7 +3211,7 @@ to browse Dfs trees hosted on the server. See also the \fI msdfs root\fR share level parameter. For more information on setting up a Dfs tree on Samba, -refer to msdfs_setup.html. +refer to msdfs_setup.html Default: \fBhost msdfs = no\fR .TP @@ -3264,7 +3264,7 @@ deny access from one particular host Note that access still requires suitable user-level passwords. See \fBtestparm(1)\fR -for a way of testing your host access to see if it does + for a way of testing your host access to see if it does what you expect. Default: \fBnone (i.e., all hosts permitted access) @@ -3468,7 +3468,7 @@ allows the use of them to be turned on or off. Kernel oplocks support allows Samba \fIoplocks \fRto be broken whenever a local UNIX process or NFS operation accesses a file that \fBsmbd(8)\fR -has oplocked. This allows complete data consistency between + has oplocked. This allows complete data consistency between SMB/CIFS, NFS and local file access (and is a \fBvery\fR cool feature :-). @@ -3483,7 +3483,7 @@ and \fIlevel2 oplocks Default: \fBkernel oplocks = yes\fR .TP \fBlanman auth (G)\fR -This parameter determines whether or not smbdwill +This parameter determines whether or not smbd will attempt to authenticate users using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS @@ -3513,7 +3513,7 @@ Name (DN) name used by Samba to contact the ldap server when retreiving user account information. The \fIldap admin dn\fR is used in conjunction with the admin dn password stored in the \fIprivate/secrets.tdb\fR file. See the -\fBsmbpasswd(8)\fRman +\fBsmbpasswd(8)\fR man page for more information on how to accmplish this. Default : \fBnone\fR @@ -3626,7 +3626,7 @@ parameters. Default: \fBlevel2 oplocks = yes\fR .TP \fBlm announce (G)\fR -This parameter determines if \fBnmbd(8)\fRwill produce Lanman announce +This parameter determines if \fBnmbd(8)\fR will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three values, true, false, or @@ -3671,7 +3671,7 @@ more details. Default: \fBload printers = yes\fR .TP \fBlocal master (G)\fR -This option allows \fB nmbd(8)\fRto try and become a local master browser +This option allows \fB nmbd(8)\fR to try and become a local master browser on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By default this value is set to true. Setting this value to true doesn't @@ -4050,14 +4050,14 @@ Example 2: \fBlprm command = /usr/bin/cancel %p-%j \fBmachine password timeout (G)\fR If a Samba server is a member of a Windows NT Domain (see the security = domain) -parameter) then periodically a running smbd(8)process will try and change the MACHINE ACCOUNT +parameter) then periodically a running smbd(8) process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called \fIprivate/secrets.tdb \fR\&. This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server. See also \fBsmbpasswd(8) -\fR, and the security = domain) parameter. +\fR and the security = domain) parameter. Default: \fBmachine password timeout = 604800\fR .TP @@ -4230,7 +4230,7 @@ Default: \fBmangled names = yes\fR .TP \fBmangled stack (G)\fR This parameter controls the number of mangled names -that should be cached in the Samba server smbd(8). +that should be cached in the Samba server smbd(8) This stack is a list of recently mangled base names (extensions are only maintained if they are longer than 3 characters @@ -4313,7 +4313,7 @@ This parameter is only useful in security modes other than \fIsecurity = share\ and domain. This parameter can take three different values, which tell -smbd(8)what to do with user +smbd(8) what to do with user login requests that don't match a valid UNIX user in some way. The three settings are : @@ -4421,7 +4421,7 @@ Default: \fBmax mux = 50\fR .TP \fBmax open files (G)\fR This parameter limits the maximum number of -open files that one smbd(8)file +open files that one smbd(8) file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses only one bit per unopened file. @@ -4435,7 +4435,7 @@ Default: \fBmax open files = 10000\fR \fBmax print jobs (S)\fR This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. -If this number is exceeded, \fB smbd(8)\fRwill remote "Out of Space" to the client. +If this number is exceeded, \fB smbd(8)\fR will remote "Out of Space" to the client. See all \fItotal print jobs\fR. @@ -4492,7 +4492,7 @@ processes concurrently running on a system and is intended as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating -conditions, each user will have an smbdassociated with him or her +conditions, each user will have an smbd associated with him or her to handle connections to all shares from a given host. Default: \fBmax smbd processes = 0\fR ## no limit @@ -4510,7 +4510,7 @@ Default: \fBmax ttl = 259200\fR .TP \fBmax wins ttl (G)\fR This option tells nmbd(8) -when acting as a WINS server ( \fIwins support = yes\fR) what the maximum + when acting as a WINS server ( \fIwins support = yes\fR) what the maximum \&'time to live' of NetBIOS names that \fBnmbd\fR will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds). @@ -4665,7 +4665,7 @@ Dfs links are specified in the share directory by symbolic links of the form \fImsdfs:serverA\\shareA,serverB\\shareB \fRand so on. For more information on setting up a Dfs tree on Samba, refer to msdfs_setup.html -. + See also \fIhost msdfs \fR @@ -4684,7 +4684,7 @@ cause names to be resolved as follows : \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu @@ -4722,7 +4722,7 @@ system hostname lookup. .PP .TP \fBnetbios aliases (G)\fR -This is a list of NetBIOS names that nmbd(8)will advertise as additional +This is a list of NetBIOS names that nmbd(8) will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none @@ -4786,7 +4786,7 @@ Default: \fBnis homedir = no\fR .TP \fBnt acl support (S)\fR This boolean parameter controls whether -smbd(8)will attempt to map +smbd(8) will attempt to map UNIX permissions into Windows NT access control lists. This parameter was formally a global parameter in releases prior to 2.2.2. @@ -4795,7 +4795,7 @@ Default: \fBnt acl support = yes\fR .TP \fBnt pipe support (G)\fR This boolean parameter controls whether -smbd(8)will allow Windows NT +smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ pipes. This is a developer debugging option and can be left alone. @@ -4803,7 +4803,7 @@ alone. Default: \fBnt pipe support = yes\fR .TP \fBnt smb support (G)\fR -This boolean parameter controls whether smbd(8)will negotiate NT specific SMB +This boolean parameter controls whether smbd(8) will negotiate NT specific SMB support with Windows NT/2k/XP clients. Although this is a developer debugging option and should be left alone, benchmarking has discovered that Windows NT clients give faster performance with this option @@ -4818,7 +4818,7 @@ You should not need to ever disable this parameter. Default: \fBnt smb support = yes\fR .TP \fBnt status support (G)\fR -This boolean parameter controls whether smbd(8)will negotiate NT specific status +This boolean parameter controls whether smbd(8) will negotiate NT specific status support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. If this option is set to no then Samba offers @@ -4833,7 +4833,7 @@ Default: \fBnt status support = yes\fR Allow or disallow client access to accounts that have null passwords. -See also smbpasswd (5). +See also smbpasswd (5) Default: \fBnull passwords = no\fR .TP @@ -4890,11 +4890,11 @@ Default: \fBoplock break wait time = 0\fR .TP \fBoplock contention limit (S)\fR This is a \fBvery\fR advanced -smbd(8)tuning option to +smbd(8) tuning option to improve the efficiency of the granting of oplocks under multiple client contention for the same file. -In brief it specifies a number, which causes smbdnot to +In brief it specifies a number, which causes smbd not to grant an oplock even when requested if the approximate number of clients contending for an oplock on the same file goes over this limit. This causes \fBsmbd\fR to behave in a similar @@ -4931,7 +4931,7 @@ Default: \fBoplocks = yes\fR \fBos level (G)\fR This integer value controls what level Samba advertises itself as for browse elections. The value of this -parameter determines whether nmbd(8) +parameter determines whether nmbd(8) has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area. \fBNote :\fRBy default, Samba will win @@ -4960,9 +4960,9 @@ LaserJet 5L\fR. The need for the file is due to the printer driver namespace problem described in the Samba -Printing HOWTO. For more details on OS/2 clients, please +Printing HOWTO For more details on OS/2 clients, please refer to the OS2-Client-HOWTO -containing in the Samba documentation. + containing in the Samba documentation. Default: \fBos2 driver map = <empty string> \fR.TP @@ -4980,7 +4980,7 @@ Default: \fBpam password change = no\fR .TP \fBpanic action (G)\fR This is a Samba developer option that allows a -system command to be called when either smbd(8) +system command to be called when either smbd(8) crashes. This is usually used to draw attention to the fact that a problem occurred. @@ -4990,9 +4990,9 @@ Example: \fBpanic action = "/bin/sleep 90000"\fR .TP \fBpasswd chat (G)\fR This string controls the \fB"chat"\fR -conversation that takes places between smbdand the local password changing +conversation that takes places between smbd and the local password changing program to change the user's password. The string describes a -sequence of response-receive pairs that smbd(8)uses to determine what to send to the +sequence of response-receive pairs that smbd(8) uses to determine what to send to the \fIpasswd program\fR and what to expect back. If the expected output is not received then the password is not changed. @@ -5041,7 +5041,7 @@ changed*"\fR This boolean specifies if the passwd chat script parameter is run in \fBdebug\fR mode. In this mode the strings passed to and received from the passwd chat are printed -in the smbd(8)log with a +in the smbd(8) log with a \fIdebug level\fR of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the \fBsmbd\fR log. It is available to help @@ -5074,7 +5074,7 @@ it. password sync\fR parameter is set to true then this program is called \fBAS ROOT\fR before the SMB password in the smbpasswd(5) -file is changed. If this UNIX password change fails, then + file is changed. If this UNIX password change fails, then \fBsmbd\fR will fail to change the SMB password also (this is by design). @@ -5321,7 +5321,7 @@ return code from \fIpreexec Default: \fBpreexec close = no\fR .TP \fBpreferred master (G)\fR -This boolean parameter controls if nmbd(8)is a preferred master browser +This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. If this is set to true, on startup, \fBnmbd\fR @@ -5533,7 +5533,7 @@ Example: \fBprinter admin = admin, @staff\fR parameter and will be removed in the next major release following version 2.2. Please see the instructions in the Samba 2.2. Printing -HOWTOfor more information +HOWTO for more information on the new method of loading printer drivers onto a Samba server. This option allows you to control the string @@ -5559,7 +5559,7 @@ Example: \fBprinter driver = HP LaserJet 4L\fR parameter and will be removed in the next major release following version 2.2. Please see the instructions in the Samba 2.2. Printing -HOWTOfor more information +HOWTO for more information on the new method of loading printer drivers onto a Samba server. This parameter tells Samba where the printer driver @@ -5587,7 +5587,7 @@ Example: \fBprinter driver file = parameter and will be removed in the next major release following version 2.2. Please see the instructions in the Samba 2.2. Printing -HOWTOfor more information +HOWTO for more information on the new method of loading printer drivers onto a Samba server. This parameter tells clients of a particular printer @@ -5641,7 +5641,7 @@ QNX, SOFTQ, and CUPS. To see what the defaults are for the other print -commands when using the various options use the testparm(1)program. +commands when using the various options use the testparm(1) program. This option can be set on a per printer basis @@ -5704,7 +5704,7 @@ Default: \fBdepends on the setting of \fIprinting\fB\fR Example: \fBqueuepause command = enable %p \fR.TP \fBread bmpx (G)\fR -This boolean parameter controls whether smbd(8)will support the "Read +This boolean parameter controls whether smbd(8) will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to no. You should never need to set this parameter. @@ -5770,7 +5770,7 @@ Default: \fBread size = 16384\fR Example: \fBread size = 8192\fR .TP \fBremote announce (G)\fR -This option allows you to setup nmbd(8)to periodically announce itself +This option allows you to setup nmbd(8) to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name. This is useful if you want your Samba server to appear @@ -5799,7 +5799,7 @@ in the \fIdocs/\fR directory. Default: \fBremote announce = <empty string> \fR.TP \fBremote browse sync (G)\fR -This option allows you to setup nmbd(8)to periodically request +This option allows you to setup nmbd(8) to periodically request synchronization of browse lists with the master browser of a Samba server that is on a remote segment. This option will allow you to gain browse lists for multiple workgroups across routed networks. This @@ -5920,7 +5920,7 @@ Samba and is one of the most important settings in the \fI smb.conf\fR file. The option sets the "security mode bit" in replies to protocol negotiations with smbd(8) -to turn share level security on or off. Clients decide + to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server. @@ -6096,7 +6096,7 @@ parameter. \fBSECURITY = DOMAIN \fR.PP .PP -This mode will only work correctly if smbpasswd(8)has been used to add this +This mode will only work correctly if smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR parameter to be set to true. In this mode Samba will try to validate the username/password by passing @@ -6474,7 +6474,7 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -The certificate in this file is used by \fBsmbclient(1)\fRif it exists. It's needed +The certificate in this file is used by \fBsmbclient(1)\fR if it exists. It's needed if the server requires a client certificate. Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem @@ -6485,7 +6485,7 @@ is only available if the SSL libraries have been compiled on your system and the configure option \fB--with-ssl\fR was given at configure time. -This is the private key for \fBsmbclient(1)\fR. It's only needed if the +This is the private key for \fBsmbclient(1)\fR It's only needed if the client should have a certificate. Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem @@ -6603,7 +6603,7 @@ given at configure time. If this variable is set to yes, the \fBsmbclient(1)\fR -will request a certificate from the server. Same as + will request a certificate from the server. Same as \fIssl require clientcert\fR for the server. @@ -6653,7 +6653,7 @@ Security) is the new standard for SSL. Default: \fBssl version = "ssl2or3"\fR .TP \fBstat cache (G)\fR -This parameter determines if smbd(8)will use a cache in order to +This parameter determines if smbd(8) will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter. @@ -6719,7 +6719,7 @@ the process to be suspended until the kernel has ensured that all outstanding data in kernel disk buffers has been safely stored onto stable storage. This is very slow and should only be done rarely. Setting this parameter to no (the -default) means that smbdignores the Windows applications requests for +default) means that smbd ignores the Windows applications requests for a sync call. There is only a possibility of losing data if the operating system itself that Samba is running on crashes, so there is little danger in this default setting. In addition, this fixes many @@ -6780,7 +6780,7 @@ Default: \fBsyslog only = no\fR .TP \fBtemplate homedir (G)\fR When filling out the user information for a Windows NT -user, the winbindd(8)daemon +user, the winbindd(8) daemon uses this parameter to fill in the home directory for that user. If the string \fI%D\fR is present it is substituted with the user's Windows NT domain name. If the string \fI%U @@ -6791,7 +6791,7 @@ Default: \fBtemplate homedir = /home/%D/%U\fR .TP \fBtemplate shell (G)\fR When filling out the user information for a Windows NT -user, the winbindd(8)daemon +user, the winbindd(8) daemon uses this parameter to fill in the login shell for that user. Default: \fBtemplate shell = /bin/false\fR @@ -6808,7 +6808,7 @@ Example: \fBtime offset = 60\fR .TP \fBtime server (G)\fR This parameter determines if -nmbd(8)advertises itself as a time server to Windows +nmbd(8) advertises itself as a time server to Windows clients. Default: \fBtime server = no\fR @@ -6820,7 +6820,7 @@ Synonym for \fI debug timestamp\fR. This parameter accepts an integer value which defines a limit on the maximum number of print jobs that will be accepted system wide at any given time. If a print job is submitted -by a client which will exceed this number, then smbdwill return an +by a client which will exceed this number, then smbd will return an error indicating that no space is available on the server. The default value of 0 means that no such limit exists. This parameter can be used to prevent a server from exceeding its capacity and is @@ -7315,7 +7315,7 @@ Default: \fBwide links = yes\fR .TP \fBwinbind cache time (G)\fR This parameter specifies the number of seconds the -winbindd(8)daemon will cache +winbindd(8) daemon will cache user and group information before querying a Windows NT server again. @@ -7323,7 +7323,7 @@ Default: \fBwinbind cache type = 15\fR .TP \fBwinbind enum users (G)\fR On large installations using -winbindd(8)it may be +winbindd(8) it may be necessary to suppress the enumeration of users through the \fBsetpwent()\fR, \fBgetpwent()\fR and @@ -7342,7 +7342,7 @@ Default: \fBwinbind enum users = yes \fR .TP \fBwinbind enum groups (G)\fR On large installations using -winbindd(8)it may be +winbindd(8) it may be necessary to suppress the enumeration of groups through the \fBsetgrent()\fR, \fBgetgrent()\fR and @@ -7358,7 +7358,7 @@ Default: \fBwinbind enum groups = yes \fR .TP \fBwinbind gid (G)\fR The winbind gid parameter specifies the range of group -ids that are allocated by the winbindd(8)daemon. This range of group ids should have no +ids that are allocated by the winbindd(8) daemon. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise. @@ -7383,7 +7383,7 @@ Example: \fBwinbind separator = +\fR .TP \fBwinbind uid (G)\fR The winbind gid parameter specifies the range of group -ids that are allocated by the winbindd(8)daemon. This range of ids should have no +ids that are allocated by the winbindd(8) daemon. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise. @@ -7451,7 +7451,7 @@ directory of the Samba source code. .PP .TP \fBwins proxy (G)\fR -This is a boolean that controls if nmbd(8)will respond to broadcast name +This is a boolean that controls if nmbd(8) will respond to broadcast name queries on behalf of other hosts. You may need to set this to yes for some older clients. @@ -7459,7 +7459,7 @@ Default: \fBwins proxy = no\fR .TP \fBwins server (G)\fR This specifies the IP address (or DNS name: IP -address for preference) of the WINS server that nmbd(8)should register with. If you have a WINS server on +address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on your network then you should set this to the WINS server's IP. You should point this at your WINS server if you have a @@ -7478,7 +7478,7 @@ Example: \fBwins server = 192.9.200.1\fR .TP \fBwins support (G)\fR This boolean controls if the -nmbd(8)process in Samba will act as a WINS server. You should +nmbd(8) process in Samba will act as a WINS server. You should not set this to true unless you have a multi-subnetted network and you wish a particular \fBnmbd\fR to be your WINS server. Note that you should \fBNEVER\fR set this to true @@ -7573,7 +7573,7 @@ problem - but be aware of the possibility. .PP On a similar note, many clients - especially DOS clients - limit service names to eight characters. smbd(8) -has no such limitation, but attempts to connect from such + has no such limitation, but attempts to connect from such clients will fail if they truncate the service names. For this reason you should probably keep your service names down to eight characters in length. @@ -7589,14 +7589,14 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -samba(7), -\fBsmbpasswd(8)\fR, -\fBswat(8)\fR, -\fBsmbd(8)\fR, -\fBnmbd(8)\fR, -\fBsmbclient(1)\fR, -\fBnmblookup(1)\fR, -\fBtestparm(1)\fR, +samba(7) +\fBsmbpasswd(8)\fR +\fBswat(8)\fR +\fBsmbd(8)\fR +\fBnmbd(8)\fR +\fBsmbclient(1)\fR +\fBnmblookup(1)\fR +\fBtestparm(1)\fR \fBtestprns(1)\fR .SH "AUTHOR" .PP diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 index 966c9d68f2d..ea7eb57737e 100644 --- a/docs/manpages/smbcacls.1 +++ b/docs/manpages/smbcacls.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCACLS" "1" "02 May 2002" "" "" +.TH "SMBCACLS" "1" "28 August 2002" "" "" .SH NAME smbcacls \- Set or get ACLs on an NT file or directory names .SH SYNOPSIS @@ -11,7 +11,7 @@ smbcacls \- Set or get ACLs on an NT file or directory names \fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The \fBsmbcacls\fR program manipulates NT Access Control Lists (ACLs) on SMB file shares. diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 1e526043e9b..8ad27aad69f 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCLIENT" "1" "02 May 2002" "" "" +.TH "SMBCLIENT" "1" "28 August 2002" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS @@ -11,7 +11,7 @@ smbclient \- ftp-like client to access SMB/CIFS resources on servers \fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ] [ \fB-b <buffer size>\fR ] [ \fB-d debuglevel\fR ] [ \fB-D Directory\fR ] [ \fB-U username\fR ] [ \fB-W workgroup\fR ] [ \fB-M <netbios name>\fR ] [ \fB-m maxprotocol\fR ] [ \fB-A authfile\fR ] [ \fB-N\fR ] [ \fB-l logfile\fR ] [ \fB-L <netbios name>\fR ] [ \fB-I destinationIP\fR ] [ \fB-E <terminal code>\fR ] [ \fB-c <command string>\fR ] [ \fB-i scope\fR ] [ \fB-O <socket options>\fR ] [ \fB-p port\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-s <smb config file>\fR ] [ \fB-T<c|x>IXFqgbNan\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbclient\fR is a client that can \&'talk' to an SMB/CIFS server. It offers an interface @@ -85,7 +85,7 @@ cause names to be resolved as follows : \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 index b0490955454..13af47fa016 100644 --- a/docs/manpages/smbcontrol.1 +++ b/docs/manpages/smbcontrol.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBCONTROL" "1" "29 May 2002" "" "" +.TH "SMBCONTROL" "1" "28 August 2002" "" "" .SH NAME smbcontrol \- send messages to smbd, nmbd or winbindd processes .SH SYNOPSIS @@ -13,12 +13,12 @@ smbcontrol \- send messages to smbd, nmbd or winbindd processes \fBsmbcontrol\fR [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] \fBdestination\fR \fBmessage-type\fR [ \fBparameter\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbcontrol\fR is a very small program, which -sends messages to an smbd(8), +sends messages to an smbd(8) an nmbd(8) -or a winbindd(8) +or a winbindd(8) daemon running on the system. .SH "OPTIONS" .TP @@ -27,7 +27,7 @@ debuglevel is an integer from 0 to 10. .TP \fB-s <smb.conf>\fR This parameter specifies the pathname to -the Samba configuration file, smb.conf(5). This file controls all aspects of +the Samba configuration file, smb.conf(5) This file controls all aspects of the Samba setup on the machine. .TP \fB-i\fR @@ -112,8 +112,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, -and \fBsmbd(8)\fR. +\fBnmbd(8)\fR +and \fBsmbd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index 37bb85bccfe..b6fd01e1886 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBD" "8" "17 June 2002" "" "" +.TH "SMBD" "8" "28 August 2002" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS @@ -26,12 +26,12 @@ An extensive description of the services that the server can provide is given in the man page for the configuration file controlling the attributes of those services (see \fIsmb.conf(5) -\fR. This man page will not describe the +\fR This man page will not describe the services, but will concentrate on the administrative aspects of running the server. .PP Please note that there are significant security -implications to running this server, and the \fIsmb.conf(5)\fR +implications to running this server, and the \fIsmb.conf(5)\fR manpage should be regarded as mandatory reading before proceeding with installation. .PP @@ -110,7 +110,7 @@ data, most of which is extremely cryptic. Note that specifying this parameter here will override the log -levelfile. +level file. .TP \fB-l <log directory>\fR If specified, @@ -120,7 +120,7 @@ file will be created for informational and debug messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size -option in the \fI smb.conf(5)\fRfile. \fBBeware:\fR +option in the \fI smb.conf(5)\fR file. \fBBeware:\fR If the directory specified does not exist, \fBsmbd\fR will log to the default debug log location defined at compile time. @@ -128,9 +128,9 @@ The default log directory is specified at compile time. .TP \fB-O <socket options>\fR -See the socket options +See the socket options parameter in the \fIsmb.conf(5) -\fRfile for details. +\fR file for details. .TP \fB-p <port number>\fR \fIport number\fR is a positive integer @@ -161,7 +161,7 @@ configuration details required by the server. The information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is -to provide. See \fI smb.conf(5)\fRfor more information. +to provide. See \fI smb.conf(5)\fR for more information. The default configuration file name is determined at compile time. .SH "FILES" @@ -198,7 +198,7 @@ install this file are \fI/usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf\fR. This file describes all the services the server -is to make available to clients. See \fIsmb.conf(5)\fRfor more information. +is to make available to clients. See \fIsmb.conf(5)\fR for more information. .SH "LIMITATIONS" .PP On some systems \fBsmbd\fR cannot change uid back @@ -280,7 +280,7 @@ it to die on its own. .PP The debug log level of \fBsmbd\fR may be raised or lowered using \fBsmbcontrol(1) -\fRprogram (SIGUSR[1|2] signals are no longer used in +\fR program (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level. .PP @@ -293,10 +293,10 @@ them after, however this would affect performance. .SH "SEE ALSO" .PP hosts_access(5), \fBinetd(8)\fR, -\fBnmbd(8)\fR, +\fBnmbd(8)\fR \fIsmb.conf(5)\fR -, \fBsmbclient(1) -\fR, and the Internet RFC's + \fBsmbclient(1) +\fR and the Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. In addition the CIFS (formerly SMB) specification is available as a link from the Web page diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8 index 1d9dfdbf405..e3d90cfa1a0 100644 --- a/docs/manpages/smbmnt.8 +++ b/docs/manpages/smbmnt.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBMNT" "8" "02 May 2002" "" "" +.TH "SMBMNT" "8" "28 August 2002" "" "" .SH NAME smbmnt \- helper utility for mounting SMB filesystems .SH SYNOPSIS @@ -21,7 +21,7 @@ by the user, and that the user has write permission on. .PP The \fBsmbmnt\fR program is normally invoked by \fBsmbmount(8)\fR -. It should not be invoked directly by users. + It should not be invoked directly by users. .PP smbmount searches the normal PATH for smbmnt. You must ensure that the smbmnt version in your path matches the smbmount used. diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 index 4ec74c82d67..a53606321f7 100644 --- a/docs/manpages/smbmount.8 +++ b/docs/manpages/smbmount.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBMOUNT" "8" "02 May 2002" "" "" +.TH "SMBMOUNT" "8" "28 August 2002" "" "" .SH NAME smbmount \- mount an smbfs filesystem .SH SYNOPSIS @@ -115,7 +115,7 @@ sets the workgroup on the destination .TP \fBsockopt=<arg>\fR sets the TCP socket options. See the \fIsmb.conf -\fR\fIsocket options\fR option. +\fR \fIsocket options\fR option. .TP \fBscope=<arg>\fR sets the NetBIOS scope @@ -198,7 +198,7 @@ source tree may contain additional options and information. FreeBSD also has a smbfs, but it is not related to smbmount .PP For Solaris, HP-UX and others you may want to look at -\fBsmbsh(1)\fRor at other +\fBsmbsh(1)\fR or at other solutions, such as sharity or perhaps replacing the SMB server with a NFS server. .SH "AUTHOR" diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 index 782bfa37ed9..6d92f0f42f2 100644 --- a/docs/manpages/smbpasswd.5 +++ b/docs/manpages/smbpasswd.5 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBPASSWD" "5" "16 May 2002" "" "" +.TH "SMBPASSWD" "5" "28 August 2002" "" "" .SH NAME smbpasswd \- The Samba encrypted password file .SH SYNOPSIS @@ -11,7 +11,7 @@ smbpasswd \- The Samba encrypted password file \fIsmbpasswd\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the @@ -109,7 +109,7 @@ in the smbpasswd file. account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored). Note that this will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5) -\fRconfig file. +\fR config file. .TP 0.2i \(bu \fBD\fR - This means the account @@ -141,8 +141,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbpasswd(8)\fR, -samba(7), and +\fBsmbpasswd(8)\fR +samba(7) and the Internet RFC1321 for details on the MD4 algorithm. .SH "AUTHOR" .PP diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 index b81a3fbb376..a1341ed4d34 100644 --- a/docs/manpages/smbpasswd.8 +++ b/docs/manpages/smbpasswd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBPASSWD" "8" "06 June 2002" "" "" +.TH "SMBPASSWD" "8" "28 August 2002" "" "" .SH NAME smbpasswd \- change a user's SMB password .SH SYNOPSIS @@ -17,7 +17,7 @@ otherwise: \fBsmbpasswd\fR [ \fBoptions\fR ] [ \fBpassword\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The smbpasswd program has several different functions, depending on whether it is run by the \fBroot\fR @@ -135,6 +135,14 @@ as well to indicate a specific domain controller which should be contacted. In this case, the domain SID obtained is the one for the domain to which the remote machine belongs. .TP +\fB-t\fR +This option is used to force smbpasswd to +change the current password assigned to the machine trust account +when operating in domain security mode. This is really meant to +be used on systems that only run \fBwinbindd\fR +Under server installations, \fBsmbd\fR +handle the password updates automatically. +.TP \fB-U username[%pass]\fR This option may only be used in conjunction with the \fI-r\fR option. When changing @@ -212,7 +220,7 @@ has been configured to use the experimental \fB--with-ldapsam\fR option. The \fI-w\fR switch is used to specify the password to be used with the \fIldap admin -dn\fR. Note that the password is stored in +dn\fR Note that the password is stored in the \fIprivate/secrets.tdb\fR and is keyed off of the admin's DN. This means that if the value of \fIldap admin dn\fR ever changes, the password will need to be @@ -274,7 +282,7 @@ names to be resolved as follows : \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu @@ -336,7 +344,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fIsmbpasswd(5)\fR, +\fIsmbpasswd(5)\fR samba(7) .SH "AUTHOR" .PP diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 index 965827e2fe7..a3e5fa205e7 100644 --- a/docs/manpages/smbsh.1 +++ b/docs/manpages/smbsh.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSH" "1" "02 May 2002" "" "" +.TH "SMBSH" "1" "28 August 2002" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands .SH SYNOPSIS @@ -11,7 +11,7 @@ smbsh \- Allows access to Windows NT filesystem using UNIX commands \fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R <name resolve order>\fR ] [ \fB-d <debug level>\fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbsh\fR allows you to access an NT filesystem using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a @@ -155,7 +155,7 @@ of UNIX have a \fBfile\fR command that will describe how a program was linked. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 index 58cf6d93c6b..6c979f3ec82 100644 --- a/docs/manpages/smbspool.8 +++ b/docs/manpages/smbspool.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSPOOL" "8" "02 May 2002" "" "" +.TH "SMBSPOOL" "8" "28 August 2002" "" "" .SH NAME smbspool \- send print file to an SMB printer .SH SYNOPSIS @@ -11,7 +11,7 @@ smbspool \- send print file to an SMB printer \fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments @@ -82,8 +82,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, -and samba(7). +\fBsmbd(8)\fR +and samba(7) .SH "AUTHOR" .PP \fBsmbspool\fR was written by Michael Sweet diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 15cc0747086..c0badbb348b 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBSTATUS" "1" "02 May 2002" "" "" +.TH "SMBSTATUS" "1" "28 August 2002" "" "" .SH NAME smbstatus \- report on current Samba connections .SH SYNOPSIS @@ -11,7 +11,7 @@ smbstatus \- report on current Samba connections \fBsmbstatus\fR [ \fB-P\fR ] [ \fB-b\fR ] [ \fB-d\fR ] [ \fB-L\fR ] [ \fB-p\fR ] [ \fB-S\fR ] [ \fB-s <configuration file>\fR ] [ \fB-u <username>\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbstatus\fR is a very simple program to list the current Samba connections. @@ -32,7 +32,7 @@ gives verbose output. causes smbstatus to only list locks. .TP \fB-p\fR -print a list of \fBsmbd(8)\fRprocesses and exit. +print a list of \fBsmbd(8)\fR processes and exit. Useful for scripting. .TP \fB-S\fR @@ -42,7 +42,7 @@ causes smbstatus to only list shares. The default configuration file name is determined at compile time. The file specified contains the configuration details required by the server. See \fIsmb.conf(5)\fR -for more information. + for more information. .TP \fB-u <username>\fR selects information relevant to @@ -53,8 +53,8 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fRand -smb.conf(5). +\fBsmbd(8)\fR and +smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index f2c35f132fc..833b0d358cd 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBTAR" "1" "02 May 2002" "" "" +.TH "SMBTAR" "1" "28 August 2002" "" "" .SH NAME smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives .SH SYNOPSIS @@ -11,10 +11,10 @@ smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape dri \fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbtar\fR is a very small shell script on top -of \fBsmbclient(1)\fR +of \fBsmbclient(1)\fR which dumps SMB shares directly to tape. .SH "OPTIONS" .TP @@ -92,16 +92,16 @@ with GNU tar and may not work well with other versions. .PP See the \fBDIAGNOSTICS\fR section for the \fBsmbclient(1)\fR -command. + command. .SH "VERSION" .PP This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, -\fBsmbclient(1)\fR, -smb.conf(5), +\fBsmbd(8)\fR +\fBsmbclient(1)\fR +smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8 index 1bd3e66b0ab..32ef9c2f27f 100644 --- a/docs/manpages/smbumount.8 +++ b/docs/manpages/smbumount.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SMBUMOUNT" "8" "02 May 2002" "" "" +.TH "SMBUMOUNT" "8" "28 August 2002" "" "" .SH NAME smbumount \- smbfs umount for normal users .SH SYNOPSIS diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 index 27a15d6861b..e328ee0ba9a 100644 --- a/docs/manpages/swat.8 +++ b/docs/manpages/swat.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "SWAT" "8" "17 June 2002" "" "" +.TH "SWAT" "8" "28 August 2002" "" "" .SH NAME swat \- Samba Web Administration Tool .SH SYNOPSIS @@ -11,10 +11,10 @@ swat \- Samba Web Administration Tool \fBswat\fR [ \fB-s <smb config file>\fR ] [ \fB-a\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBswat\fR allows a Samba administrator to -configure the complex \fI smb.conf(5)\fRfile via a Web browser. In addition, +configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, a \fBswat\fR configuration page has help links to all the configurable options in the \fIsmb.conf\fR file allowing an administrator to easily look up the effects of any change. @@ -165,8 +165,8 @@ the Samba suite. .SH "SEE ALSO" .PP \fBinetd(5)\fR, -\fBsmbd(8)\fR, -smb.conf(5), \fBxinetd(8)\fR +\fBsmbd(8)\fR +smb.conf(5) \fBxinetd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index 13afa02c7ff..dbc36175dd8 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -3,15 +3,15 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "TESTPARM" "1" "02 May 2002" "" "" +.TH "TESTPARM" "1" "28 August 2002" "" "" .SH NAME testparm \- check an smb.conf configuration file for internal correctness .SH SYNOPSIS .sp -\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [\fB-x\fR] [ \fB-L <servername>\fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ] +\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-x\fR ] [ \fB-L <servername>\fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBtestparm\fR is a very simple test program to check an \fBsmbd\fR configuration file for @@ -41,14 +41,14 @@ names and before dumping the service definitions. \fB-h\fR Print usage message .TP +\fB-x\fR +Print only parameters that have non-default values +.TP \fB-L servername\fR Sets the value of the %L macro to \fIservername\fR. This is useful for testing include files specified with the %L macro. .TP -\fB-x\fR -Exclude from parameter list all parameters with values set at default. -.TP \fBconfigfilename\fR This is the name of the configuration file to check. If this parameter is not present then the @@ -86,7 +86,7 @@ This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fIsmb.conf(5)\fR, +\fIsmb.conf(5)\fR \fBsmbd(8)\fR .SH "AUTHOR" .PP diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index 4a8d61c5a09..1337e090d55 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "TESTPRNS" "1" "02 May 2002" "" "" +.TH "TESTPRNS" "1" "28 August 2002" "" "" .SH NAME testprns \- check printer name for validity with smbd .SH SYNOPSIS @@ -11,11 +11,11 @@ testprns \- check printer name for validity with smbd \fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBtestprns\fR is a very simple test program to determine whether a given printer name is valid for use in -a service to be provided by \fB smbd(8)\fR. +a service to be provided by \fB smbd(8)\fR .PP "Valid" in this context means "can be found in the printcap specified". This program is very stupid - so stupid in @@ -73,7 +73,7 @@ the Samba suite. .SH "SEE ALSO" .PP \fIprintcap(5)\fR, -\fBsmbd(8)\fR, +\fBsmbd(8)\fR \fBsmbclient(1)\fR .SH "AUTHOR" .PP diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 index 178aff94ee0..9c1e44ea9dd 100644 --- a/docs/manpages/wbinfo.1 +++ b/docs/manpages/wbinfo.1 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WBINFO" "1" "02 May 2002" "" "" +.TH "WBINFO" "1" "28 August 2002" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS @@ -11,10 +11,10 @@ wbinfo \- Query information from winbind daemon \fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-h name\fR ] [ \fB-i ip\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The \fBwbinfo\fR program queries and returns information -created and used by the \fB winbindd(8)\fRdaemon. +created and used by the \fB winbindd(8)\fR daemon. .PP The \fBwinbindd(8)\fR daemon must be configured and running for the \fBwbinfo\fR program to be able diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 index 6cb22342d3f..a71a25febba 100644 --- a/docs/manpages/winbindd.8 +++ b/docs/manpages/winbindd.8 @@ -3,7 +3,7 @@ .\" <http://shell.ipoline.com/~elmert/hacks/docbook2X/> .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng <steve@ggi-project.org>. -.TH "WINBINDD" "8" "02 May 2002" "" "" +.TH "WINBINDD" "8" "28 August 2002" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers .SH SYNOPSIS @@ -11,7 +11,7 @@ winbindd \- Name Service Switch daemon for resolving names from NT servers \fBwinbindd\fR [ \fB-i\fR ] [ \fB-d <debug level>\fR ] [ \fB-s <smb config file>\fR ] .SH "DESCRIPTION" .PP -This program is part of the Sambasuite. +This program is part of the Samba suite. .PP \fBwinbindd\fR is a daemon that provides a service for the Name Service Switch capability that is present @@ -376,8 +376,8 @@ the Samba suite. .SH "SEE ALSO" .PP \fInsswitch.conf(5)\fR, -samba(7), -wbinfo(1), +samba(7) +wbinfo(1) smb.conf(5) .SH "AUTHOR" .PP diff --git a/examples/VFS/block/block.c b/examples/VFS/block/block.c index a8b17a35dd4..7ced065bad6 100644 --- a/examples/VFS/block/block.c +++ b/examples/VFS/block/block.c @@ -144,7 +144,7 @@ struct vfs_ops execute_vfs_ops = { extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char * , char *)); -//functions +/* functions */ BOOL enter_pblock_mount(char *dir); BOOL get_section(char *sect); diff --git a/packaging/Mandrake/makerpms.sh.tmpl b/packaging/Mandrake/makerpms.sh.tmpl index 493de7e0cd5..ba4eff0e2b1 100644 --- a/packaging/Mandrake/makerpms.sh.tmpl +++ b/packaging/Mandrake/makerpms.sh.tmpl @@ -60,9 +60,14 @@ SOURCES=`awk '/^Source/ {print $2}' samba.spec |grep -v "%{"` PATCHES=`awk '/^Patch/ {print $2}' samba.spec` for i in $PATCHES $SOURCES;do + # We have two cases to fix, one where it's bzip2'ed + # in the spec and not in CVS, one where it's bzip2'ed + # in CVS but not in the spec [ -e $i ] && cp -av $i $SRCDIR i_nobz2=`echo $i|sed -e 's/.bz2$//'` + i_bz2=$i.bz2 [ -e $i_nobz2 ] && bzip2 -kf $i_nobz2 && mv -fv $i $SRCDIR + [ -e $i_bz2 ] && bunzip2 -kf $i_bz2 && mv -fv $i $SRCDIR done echo Getting Ready to build release package diff --git a/source/Makefile.in b/source/Makefile.in index f7eef9ff982..b30d479caca 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -78,7 +78,7 @@ CODEPAGEDIR = @codepagedir@ # The current codepage definition list. CODEPAGELIST= 437 737 775 850 852 861 932 866 949 950 936 1251 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R 857 ISO8859-9 \ - ISO8859-13 ISO8859-15 + ISO8859-13 ISO8859-15 1125 KOI8-U PASSWD_FLAGS = -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DTDB_PASSWD_FILE=\"$(TDB_PASSWD_FILE)\" FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DLOGFILEBASE=\"$(LOGFILEBASE)\" diff --git a/source/include/smb.h b/source/include/smb.h index cd7693b3b71..bb780729325 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -1157,6 +1157,7 @@ struct bitmap { #define FILE_OPEN_BY_FILE_ID 0x2000 /* Responses when opening a file. */ +#define FILE_WAS_SUPERSEDED 0 #define FILE_WAS_OPENED 1 #define FILE_WAS_CREATED 2 #define FILE_WAS_OVERWRITTEN 3 diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 8cd43d88ba0..b80cac8d3c3 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -960,7 +960,10 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib p++; SSVAL(p,0,fsp->fnum); p += 2; - SIVAL(p,0,smb_action); + if ((create_disposition == FILE_SUPERSEDE) && (smb_action == FILE_WAS_OVERWRITTEN)) + SIVAL(p,0,FILE_WAS_SUPERSEDED); + else + SIVAL(p,0,smb_action); p += 4; /* Create time. */ @@ -1461,7 +1464,10 @@ static int call_nt_transact_create(connection_struct *conn, p += 2; SSVAL(p,0,fsp->fnum); p += 2; - SIVAL(p,0,smb_action); + if ((create_disposition == FILE_SUPERSEDE) && (smb_action == FILE_WAS_OVERWRITTEN)) + SIVAL(p,0,FILE_WAS_SUPERSEDED); + else + SIVAL(p,0,smb_action); p += 8; /* Create time. */ diff --git a/source/smbd/process.c b/source/smbd/process.c index 996cad7cf49..c34a146eab1 100644 --- a/source/smbd/process.c +++ b/source/smbd/process.c @@ -657,8 +657,8 @@ static int switch_message(int type,char *inbuf,char *outbuf,int size,int bufsize errno = 0; last_message = type; - /* make sure this is an SMB packet */ - if ((strncmp(smb_base(inbuf),"\377SMB",4) != 0) || (size - 4 < smb_size)) { + /* make sure this is an SMB packet. smb_size contains NetBIOS header so subtract 4 from it. */ + if ((strncmp(smb_base(inbuf),"\377SMB",4) != 0) || (size < (smb_size-4))) { DEBUG(0,("Non-SMB packet of length %d. Terminating server\n",smb_len(inbuf))); exit_server("Non-SMB packet"); return(-1); diff --git a/source/utils/smbpasswd.c b/source/utils/smbpasswd.c index 527e2a38f68..df2d2d7ef6d 100644 --- a/source/utils/smbpasswd.c +++ b/source/utils/smbpasswd.c @@ -1,3 +1,4 @@ + /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -33,7 +34,7 @@ extern int optind; /* forced running in root-mode */ static BOOL local_mode; -static BOOL joining_domain = False, got_pass = False, got_username = False; +static BOOL joining_domain = False, got_pass = False, got_username = False, changing_trust_pw = FALSE; static int local_flags = 0; static BOOL stdin_passwd_get = False; static fstring user_name, user_password; @@ -94,6 +95,7 @@ static void usage(void) #endif printf(" -x delete user\n"); printf(" -j DOMAIN join domain name\n"); + printf(" -t DOMAIN change trust account password on domain\n"); printf(" -S DOMAIN Retrieve the domain SID for DOMAIN\n"); printf(" -R ORDER name resolve order\n"); @@ -114,7 +116,7 @@ static void process_options(int argc, char **argv, BOOL amroot) user_name[0] = '\0'; - while ((ch = getopt(argc, argv, "c:axdehmnj:r:sw:R:D:U:LS")) != EOF) { + while ((ch = getopt(argc, argv, "c:axdehmnj:t:r:sw:R:D:U:LS")) != EOF) { switch(ch) { case 'L': local_mode = amroot = True; @@ -155,6 +157,12 @@ static void process_options(int argc, char **argv, BOOL amroot) strupper(new_domain); joining_domain = True; break; + case 't': + if (!amroot) goto bad_args; + new_domain = optarg; + strupper(new_domain); + changing_trust_pw = True; + break; case 'r': remote_machine = optarg; break; @@ -837,7 +845,7 @@ static int process_root(void) */ if ( ((local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) == (LOCAL_ADD_USER|LOCAL_DELETE_USER)) || ( (local_flags & (LOCAL_ADD_USER|LOCAL_DELETE_USER)) - && ((remote_machine != NULL) || joining_domain) ) ) + && ((remote_machine != NULL) || joining_domain || changing_trust_pw) ) ) { usage(); } @@ -876,6 +884,17 @@ static int process_root(void) } } + + /* Change Trust Password */ + + if (changing_trust_pw) { + if (change_trust_account_password(new_domain, remote_machine)) { + return 0; + } + return 1; + } + + /* * get the domain sid from a PDC and store it in secrets.tdb * Used for Samba PDC/BDC installations. |