diff options
Diffstat (limited to 'docs/htmldocs')
| -rw-r--r-- | docs/htmldocs/Samba-HOWTO-Collection.html | 695 | ||||
| -rw-r--r-- | docs/htmldocs/make_smbcodepage.1.html | 12 | ||||
| -rw-r--r-- | docs/htmldocs/make_unicodemap.1.html | 276 | ||||
| -rw-r--r-- | docs/htmldocs/smb.conf.5.html | 1494 | ||||
| -rw-r--r-- | docs/htmldocs/smbcontrol.1.html | 2 | ||||
| -rw-r--r-- | docs/htmldocs/smbspool.8.html | 4 | ||||
| -rw-r--r-- | docs/htmldocs/smbstatus.1.html | 2 | ||||
| -rw-r--r-- | docs/htmldocs/using_samba/licenseinfo.html | 12 | ||||
| -rw-r--r-- | docs/htmldocs/using_samba/this_edition.html | 4 |
9 files changed, 1741 insertions, 760 deletions
diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html index 85ef2feb705..401f4272159 100644 --- a/docs/htmldocs/Samba-HOWTO-Collection.html +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -38,10 +38,10 @@ NAME="AEN9" >Abstract</A ></H1 ><P ->This book is a collection of HOWTOs added to Samba documentation over the year. +>This book is a collection of HOWTOs added to Samba documentation over the years. I try to ensure that all are current, but sometimes the is a larger job -than one person can maintain. You can always find the later version of this -PDF file at <A +than one person can maintain. The most recent version of this document +can be found at <A HREF="http://www.samba.org/" TARGET="_top" >http://www.samba.org/</A @@ -271,299 +271,298 @@ HREF="#AEN445" ></DT ><DT >4.2. <A -HREF="#AEN462" +HREF="#AEN467" >Configuration</A ></DT ><DD ><DL ><DT >4.2.1. <A -HREF="#AEN472" +HREF="#AEN478" >Creating [print$]</A ></DT ><DT >4.2.2. <A -HREF="#AEN507" +HREF="#AEN513" >Setting Drivers for Existing Printers</A ></DT ><DT >4.2.3. <A -HREF="#AEN520" +HREF="#AEN530" >Support a large number of printers</A ></DT ><DT >4.2.4. <A -HREF="#AEN531" +HREF="#AEN541" >Adding New Printers via the Windows NT APW</A ></DT ><DT >4.2.5. <A -HREF="#AEN556" +HREF="#AEN566" >Samba and Printer Ports</A ></DT ></DL ></DD ><DT >4.3. <A -HREF="#AEN564" +HREF="#AEN574" >The Imprints Toolset</A ></DT ><DD ><DL ><DT >4.3.1. <A -HREF="#AEN568" +HREF="#AEN578" >What is Imprints?</A ></DT ><DT >4.3.2. <A -HREF="#AEN578" +HREF="#AEN588" >Creating Printer Driver Packages</A ></DT ><DT >4.3.3. <A -HREF="#AEN581" +HREF="#AEN591" >The Imprints server</A ></DT ><DT >4.3.4. <A -HREF="#AEN585" +HREF="#AEN595" >The Installation Client</A ></DT ></DL ></DD ><DT >4.4. <A -HREF="#AEN607" +HREF="#AEN617" ><A NAME="MIGRATION" ></A ->Migration to from Samba 2.0.x to - 2.2.x</A +>Migration to from Samba 2.0.x to 2.2.x</A ></DT ></DL ></DD ><DT >5. <A -HREF="#AEN639" +HREF="#AEN661" >security = domain in Samba 2.x</A ></DT ><DD ><DL ><DT >5.1. <A -HREF="#AEN657" +HREF="#AEN679" >Joining an NT Domain with Samba 2.2</A ></DT ><DT >5.2. <A -HREF="#AEN721" +HREF="#AEN743" >Samba and Windows 2000 Domains</A ></DT ><DT >5.3. <A -HREF="#AEN726" +HREF="#AEN748" >Why is this better than security = server?</A ></DT ></DL ></DD ><DT >6. <A -HREF="#AEN742" ->How to Configure Samba 2.2.x as a Primary Domain Controller</A +HREF="#AEN764" +>How to Configure Samba 2.2 as a Primary Domain Controller</A ></DT ><DD ><DL ><DT >6.1. <A -HREF="#AEN753" +HREF="#AEN781" >Background</A ></DT ><DT >6.2. <A -HREF="#AEN790" +HREF="#AEN819" >Configuring the Samba Domain Controller</A ></DT ><DT >6.3. <A -HREF="#AEN833" +HREF="#AEN862" >Creating Machine Trust Accounts and Joining Clients to the Domain</A ></DT ><DT >6.4. <A -HREF="#AEN872" +HREF="#AEN900" >Common Problems and Errors</A ></DT ><DT >6.5. <A -HREF="#AEN900" +HREF="#AEN942" >System Policies and Profiles</A ></DT ><DT >6.6. <A -HREF="#AEN940" +HREF="#AEN982" >What other help can I get ?</A ></DT ><DD ><DL ><DT >6.6.1. <A -HREF="#AEN987" +HREF="#AEN1029" >URLs and similar</A ></DT ><DT >6.6.2. <A -HREF="#AEN1011" +HREF="#AEN1053" >Mailing Lists</A ></DT ></DL ></DD ><DT >6.7. <A -HREF="#AEN1050" +HREF="#AEN1092" >DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></DT ></DL ></DD ><DT >7. <A -HREF="#AEN1074" +HREF="#AEN1116" >Unifed Logons between Windows NT and UNIX using Winbind</A ></DT ><DD ><DL ><DT >7.1. <A -HREF="#AEN1092" +HREF="#AEN1134" >Abstract</A ></DT ><DT >7.2. <A -HREF="#AEN1096" +HREF="#AEN1138" >Introduction</A ></DT ><DT >7.3. <A -HREF="#AEN1109" +HREF="#AEN1151" >What Winbind Provides</A ></DT ><DD ><DL ><DT >7.3.1. <A -HREF="#AEN1116" +HREF="#AEN1158" >Target Uses</A ></DT ></DL ></DD ><DT >7.4. <A -HREF="#AEN1120" +HREF="#AEN1162" >How Winbind Works</A ></DT ><DD ><DL ><DT >7.4.1. <A -HREF="#AEN1125" +HREF="#AEN1167" >Microsoft Remote Procedure Calls</A ></DT ><DT >7.4.2. <A -HREF="#AEN1129" +HREF="#AEN1171" >Name Service Switch</A ></DT ><DT >7.4.3. <A -HREF="#AEN1145" +HREF="#AEN1187" >Pluggable Authentication Modules</A ></DT ><DT >7.4.4. <A -HREF="#AEN1153" +HREF="#AEN1195" >User and Group ID Allocation</A ></DT ><DT >7.4.5. <A -HREF="#AEN1157" +HREF="#AEN1199" >Result Caching</A ></DT ></DL ></DD ><DT >7.5. <A -HREF="#AEN1160" +HREF="#AEN1202" >Installation and Configuration</A ></DT ><DT >7.6. <A -HREF="#AEN1166" +HREF="#AEN1208" >Limitations</A ></DT ><DT >7.7. <A -HREF="#AEN1178" +HREF="#AEN1220" >Conclusion</A ></DT ></DL ></DD ><DT >8. <A -HREF="#AEN1181" +HREF="#AEN1223" >UNIX Permission Bits and WIndows NT Access Control Lists</A ></DT ><DD ><DL ><DT >8.1. <A -HREF="#AEN1192" +HREF="#AEN1234" >Viewing and changing UNIX permissions using the NT security dialogs</A ></DT ><DT >8.2. <A -HREF="#AEN1201" +HREF="#AEN1243" >How to view file security on a Samba share</A ></DT ><DT >8.3. <A -HREF="#AEN1212" +HREF="#AEN1254" >Viewing file ownership</A ></DT ><DT >8.4. <A -HREF="#AEN1232" +HREF="#AEN1274" >Viewing file or directory permissions</A ></DT ><DD ><DL ><DT >8.4.1. <A -HREF="#AEN1247" +HREF="#AEN1289" >File Permissions</A ></DT ><DT >8.4.2. <A -HREF="#AEN1261" +HREF="#AEN1303" >Directory Permissions</A ></DT ></DL ></DD ><DT >8.5. <A -HREF="#AEN1268" +HREF="#AEN1310" >Modifying file or directory permissions</A ></DT ><DT >8.6. <A -HREF="#AEN1290" +HREF="#AEN1332" >Interaction with the standard Samba create mask parameters</A ></DT ><DT >8.7. <A -HREF="#AEN1354" +HREF="#AEN1396" >Interaction with the standard Samba file attribute mapping</A ></DT @@ -571,39 +570,39 @@ HREF="#AEN1354" ></DD ><DT >9. <A -HREF="#AEN1364" +HREF="#AEN1406" >OS2 Client HOWTO</A ></DT ><DD ><DL ><DT >9.1. <A -HREF="#AEN1375" +HREF="#AEN1417" >FAQs</A ></DT ><DD ><DL ><DT >9.1.1. <A -HREF="#AEN1377" +HREF="#AEN1419" >How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></DT ><DT >9.1.2. <A -HREF="#AEN1392" +HREF="#AEN1434" >How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></DT ><DT >9.1.3. <A -HREF="#AEN1401" +HREF="#AEN1443" >Are there any other issues when OS/2 (any version) is used as a client?</A ></DT ><DT >9.1.4. <A -HREF="#AEN1405" +HREF="#AEN1447" >How do I get printer driver download working for OS/2 clients?</A ></DT @@ -2347,22 +2346,60 @@ TARGET="_top" information</P ></LI ></UL +><P +>There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients +require that the Samba server possess a valid driver for the printer. +This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients +can use the local APW for installing drivers to be used with a Samba +served printer. This is the same behavior exhibited by Windows 9x clients. +As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients.</P +><P +>The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: <EM +>How to Add Printers with No User +Interaction in Windows 2000</EM +></P +><P +><A +HREF="http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP" +TARGET="_top" +>http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP</A +></P ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN462" +NAME="AEN467" >4.2. Configuration</A ></H1 +><DIV +CLASS="WARNING" ><P -><EM ->WARNING!!!</EM -> Previous versions of Samba -recommended using a share named [printer$]. This name was taken from the -printer$ service created by Windows 9x clients when a -printer was shared. Windows 9x printer servers always have +></P +><TABLE +CLASS="WARNING" +BORDER="1" +WIDTH="100%" +><TR +><TD +ALIGN="CENTER" +><B +>[print$] vs. [printer$]</B +></TD +></TR +><TR +><TD +ALIGN="LEFT" +><P +>Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have a printer$ service which provides read-only access via no password in order to support printer driver downloads.</P ><P @@ -2387,21 +2424,26 @@ the client.</P >These parameters, including <TT CLASS="PARAMETER" ><I ->printer driver +>printer driver file</I ></TT > parameter, are being depreciated and should not be used in new installations. For more information on this change, you should refer to the <A HREF="#MIGRATION" ->Migration section </A ->of this document.</P +>Migration section</A +> +of this document.</P +></TD +></TR +></TABLE +></DIV ><DIV CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN472" +NAME="AEN478" >4.2.1. Creating [print$]</A ></H2 ><P @@ -2430,6 +2472,11 @@ CLASS="PROGRAMLISTING" guest ok = yes browseable = yes read only = yes + ; since this share is configured as read only, then we need + ; a 'write list'. Check the file system permissions to make + ; sure this account can copy files to the share. If this + ; is setup to a non-root account, then it should also exist + ; as a 'printer admin' write list = ntadmin</PRE ></TD ></TR @@ -2450,16 +2497,17 @@ level user accounts to have write access in order to update files on the share. See the <A HREF="smb./conf.5.html" TARGET="_top" ->smb.conf(5) man page</A -> for more information on -configuring file shares.</P +>smb.conf(5) +man page</A +> for more information on configuring file shares.</P ><P >The requirement for <A HREF="smb.conf.5.html#GUESTOK" TARGET="_top" ><B CLASS="COMMAND" ->guest ok = yes</B +>guest +ok = yes</B ></A > depends upon how your site is configured. If users will be guaranteed to have @@ -2538,26 +2586,26 @@ ALIGN="CENTER" ALIGN="LEFT" ><P >In order to currently add a new driver to you Samba host, - one of two conditions must hold true:</P +one of two conditions must hold true:</P ><P ></P ><UL ><LI ><P >The account used to connect to the Samba host - must have a uid of 0 (i.e. a root account)</P + must have a uid of 0 (i.e. a root account)</P ></LI ><LI ><P >The account used to connect to the Samba host - must be a member of the <A + must be a member of the <A HREF="smb.conf.5.html#PRINTERADMIN" TARGET="_top" ><TT CLASS="PARAMETER" ><I >printer - admin</I + admin</I ></TT ></A > list.</P @@ -2565,7 +2613,8 @@ CLASS="PARAMETER" ></UL ><P >Of course, the connected account must still possess access - to add files to the subdirectories beneath [print$].</P +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default.</P ></TD ></TR ></TABLE @@ -2588,14 +2637,32 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN507" +NAME="AEN513" >4.2.2. Setting Drivers for Existing Printers</A ></H2 ><P >The initial listing of printers in the Samba host's -Printers folder will have no printer driver assigned to them. -The way assign a driver to a printer is to view the Properties -of the printer and either</P +Printers folder will have no real printer driver assigned +to them. By default, in Samba 2.2.0 this driver name was set to +<EM +>NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER</EM +>. +Later versions changed this to a NULL string to allow the use +tof the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message:</P +><P +><EM +>Device settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now?</EM +></P +><P +>Click "No" in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a +printer is to either</P ><P ></P ><UL @@ -2642,7 +2709,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN520" +NAME="AEN530" >4.2.3. Support a large number of printers</A ></H2 ><P @@ -2700,7 +2767,7 @@ Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] <TT CLASS="PROMPT" >$ </TT ->rpcclient pogo -U root%bleaK.er \ +>rpcclient pogo -U root%secret \ <TT CLASS="PROMPT" >> </TT @@ -2717,7 +2784,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN531" +NAME="AEN541" >4.2.4. Adding New Printers via the Windows NT APW</A ></H2 ><P @@ -2739,7 +2806,7 @@ CLASS="PARAMETER" ><I >printer admin</I ></TT ->. +>). </P ></LI ><LI @@ -2766,8 +2833,8 @@ TARGET="_top" ><TT CLASS="PARAMETER" ><I ->addprinter -command</I +>add +printer command</I ></TT ></A > must have a defined value. The program @@ -2789,7 +2856,7 @@ CLASS="COMMAND" CLASS="PARAMETER" ><I >add printer -program</I +command</I ></TT > and reparse to the <TT CLASS="FILENAME" @@ -2802,7 +2869,7 @@ CLASS="PARAMETER" ><I >add printer program</I ></TT -> is executed undet the context +> is executed under the context of the connected user, not necessarily a root account.</P ><P >There is a complementing <A @@ -2811,8 +2878,8 @@ TARGET="_top" ><TT CLASS="PARAMETER" ><I ->deleteprinter -command</I +>delete +printer command</I ></TT ></A > for removing entries from the "Printers..." @@ -2823,7 +2890,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN556" +NAME="AEN566" >4.2.5. Samba and Printer Ports</A ></H2 ><P @@ -2860,7 +2927,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN564" +NAME="AEN574" >4.3. The Imprints Toolset</A ></H1 ><P @@ -2878,7 +2945,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN568" +NAME="AEN578" >4.3.1. What is Imprints?</A ></H2 ><P @@ -2910,7 +2977,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN578" +NAME="AEN588" >4.3.2. Creating Printer Driver Packages</A ></H2 ><P @@ -2926,7 +2993,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN581" +NAME="AEN591" >4.3.3. The Imprints server</A ></H2 ><P @@ -2946,7 +3013,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN585" +NAME="AEN595" >4.3.4. The Installation Client</A ></H2 ><P @@ -3049,18 +3116,60 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN607" +NAME="AEN617" >4.4. <A NAME="MIGRATION" ></A ->Migration to from Samba 2.0.x to - 2.2.x</A +>Migration to from Samba 2.0.x to 2.2.x</A ></H1 ><P ->Given that printer driver management has changed - (we hope improved :) ) in 2.2.0 over prior releases, - migration from an existing setup to 2.2.0 can follow - several paths.</P +>Given that printer driver management has changed (we hope improved) in +2.2 over prior releases, migration from an existing setup to 2.2 can +follow several paths.</P +><P +>Windows clients have a tendency to remember things for quite a while. +For example, if a Windows NT client has attached to a Samba 2.0 server, +it will remember the server as a LanMan printer server. Upgrading +the Samba host to 2.2 makes support for MSRPC printing possible, but +the NT client will still remember the previous setting.</P +><P +>In order to give an NT client printing "amesia" (only necessary if you +want to use the newer MSRPC printing functionality in Samba), delete +the registry keys associated with the print server contained in +<TT +CLASS="CONSTANT" +>[HKLM\SYSTEM\CurrentControlSet\Control\Print]</TT +>. The +spooler service on the client should be stopped prior to doing this:</P +><P +><TT +CLASS="PROMPT" +>C:\WINNT\ ></TT +> <TT +CLASS="USERINPUT" +><B +>net stop spooler</B +></TT +></P +><P +><EM +>All the normal disclaimers about editing the registry go +here.</EM +> Be careful, and know what you are doing.</P +><P +>The spooler service should be restarted after you have finished +removing the appropriate registry entries by replacing the +<B +CLASS="COMMAND" +>stop</B +> command above with <B +CLASS="COMMAND" +>start</B +>.</P +><P +>Windows 9x clients will continue to use LanMan printing calls +with a 2.2 Samba server so there is no need to perform any of these +modifications on non-NT clients.</P ><DIV CLASS="WARNING" ><P @@ -3080,9 +3189,8 @@ ALIGN="CENTER" ><TD ALIGN="LEFT" ><P ->The following smb.conf parameters are considered to be - depreciated and will be removed soon. Do not use them - in new installations</P +>The following smb.conf parameters are considered to be depreciated and will +be removed soon. Do not use them in new installations</P ><P ></P ><UL @@ -3094,7 +3202,7 @@ CLASS="PARAMETER" >printer driver file (G)</I ></TT > - </P + </P ></LI ><LI ><P @@ -3104,7 +3212,7 @@ CLASS="PARAMETER" >printer driver (S)</I ></TT > - </P + </P ></LI ><LI ><P @@ -3114,7 +3222,7 @@ CLASS="PARAMETER" >printer driver location (S)</I ></TT > - </P + </P ></LI ></UL ></TD @@ -3129,31 +3237,31 @@ CLASS="PARAMETER" ><LI ><P >If you do not desire the new Windows NT - print driver support, nothing needs to be done. - All existing parameters work the same.</P + print driver support, nothing needs to be done. + All existing parameters work the same.</P ></LI ><LI ><P >If you want to take advantage of NT printer - driver support but do not want to migrate the - 9x drivers to the new setup, the leave the existing - printers.def file. When smbd attempts to locate a - 9x driver for the printer in the TDB and fails it - will drop down to using the printers.def (and all - associated parameters). The <B + driver support but do not want to migrate the + 9x drivers to the new setup, the leave the existing + printers.def file. When smbd attempts to locate a + 9x driver for the printer in the TDB and fails it + will drop down to using the printers.def (and all + associated parameters). The <B CLASS="COMMAND" >make_printerdef</B > - tool will also remain for backwards compatibility but will - be moved to the "this tool is the old way of doing it" - pile.</P + tool will also remain for backwards compatibility but will + be moved to the "this tool is the old way of doing it" + pile.</P ></LI ><LI ><P >If you install a Windows 9x driver for a printer - on your Samba host (in the printing TDB), this information will - take precedence and the three old printing parameters - will be ignored (including print driver location).</P + on your Samba host (in the printing TDB), this information will + take precedence and the three old printing parameters + will be ignored (including print driver location).</P ></LI ><LI ><P @@ -3161,23 +3269,22 @@ CLASS="COMMAND" CLASS="FILENAME" >printers.def</TT > - file into the new setup, the current only - solution is to use the Windows NT APW to install the NT drivers - and the 9x drivers. This can be scripted using <B + file into the new setup, the current only solution is to use the Windows + NT APW to install the NT drivers and the 9x drivers. This can be scripted + using <B CLASS="COMMAND" >smbclient</B -> - and <B +> and <B CLASS="COMMAND" >rpcclient</B >. See the - Imprints installation client at <A + Imprints installation client at <A HREF="http://imprints.sourceforge.net/" TARGET="_top" >http://imprints.sourceforge.net/</A > - for an example. - </P + for an example. + </P ></LI ></UL ></DIV @@ -3186,7 +3293,7 @@ TARGET="_top" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN639" +NAME="AEN661" >Chapter 5. security = domain in Samba 2.x</A ></H1 ><DIV @@ -3194,7 +3301,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN657" +NAME="AEN679" >5.1. Joining an NT Domain with Samba 2.2</A ></H1 ><P @@ -3421,7 +3528,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN721" +NAME="AEN743" >5.2. Samba and Windows 2000 Domains</A ></H1 ><P @@ -3446,7 +3553,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN726" +NAME="AEN748" >5.3. Why is this better than security = server?</A ></H1 ><P @@ -3532,50 +3639,63 @@ TARGET="_top" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN742" ->Chapter 6. How to Configure Samba 2.2.x as a Primary Domain Controller</A +NAME="AEN764" +>Chapter 6. How to Configure Samba 2.2 as a Primary Domain Controller</A ></H1 ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN753" +NAME="AEN781" >6.1. Background</A ></H1 +><DIV +CLASS="NOTE" +><BLOCKQUOTE +CLASS="NOTE" ><P +><B +>Note: </B ><EM >Author's Note :</EM -> This document -is a combination of David Bannon's Samba 2.2 PDC HOWTO -and the Samba NT Domain FAQ. Both documents are superceeded by this one.</P +> This document is a combination +of David Bannon's Samba 2.2 PDC HOWTO and the Samba NT Domain FAQ. +Both documents are superceeded by this one.</P +></BLOCKQUOTE +></DIV ><P >Version of Samba prior to release 2.2 had marginal capabilities to act as a Windows NT 4.0 Primary Domain Controller (PDC). The following -functionality should work in 2.2.0:</P +functionality should work in 2.2:</P ><P ></P ><UL ><LI ><P ->domain logons for Windows NT 4.0/2000 clients</P +> domain logons for Windows NT 4.0/2000 clients + </P ></LI ><LI ><P ->placing a Windows 9x client in user level security</P +> placing a Windows 9x client in user level security + </P ></LI ><LI ><P ->retrieving a list of users and groups from a Samba PDC to - Windows 9x/NT/2000 clients </P +> retrieving a list of users and groups from a Samba PDC to + Windows 9x/NT/2000 clients + </P ></LI ><LI ><P ->roving user profiles</P +> roving (roaming) user profiles + </P ></LI ><LI ><P ->Windows NT 4.0 style system policies</P +> Windows NT 4.0 style system policies + </P ></LI ></UL ><P @@ -3585,21 +3705,25 @@ functionality should work in 2.2.0:</P ><UL ><LI ><P ->Windows NT 4 domain trusts</P +> Windows NT 4 domain trusts + </P ></LI ><LI ><P ->Sam replication with Windows NT 4.0 Domain Controllers - (i.e. a Samba PDC and a Windows NT BDC or vice versa) </P +> SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa) + </P ></LI ><LI ><P ->Adding users via the User Manager for Domains</P +> Adding users via the User Manager for Domains + </P ></LI ><LI ><P ->Acting as a Windows 2000 Domain Controller (i.e. Kerberos - and Active Directory)</P +> Acting as a Windows 2000 Domain Controller (i.e. Kerberos and + Active Directory) + </P ></LI ></UL ><P @@ -3613,14 +3737,14 @@ time.</P support for Windows NT 4.0 style domain logons from Windows NT 4.0 and Windows 2000 (including SP1) clients. This article outlines the steps necessary for configuring Samba as a PDC. -Note that it is necessary to have a working Samba server -prior to implementing the PDC functionality. If you have not -followed the steps outlined in <A +It is necessary to have a working Samba server prior to implementing the +PDC functionality. If you have not followed the steps outlined in +<A HREF="UNIX_INSTALL.html" TARGET="_top" ->UNIX_INSTALL.html</A ->, please make sure that your server -is configured correctly before proceeding. Another good +> UNIX_INSTALL.html</A +>, please make sure +that your server is configured correctly before proceeding. Another good resource in the <A HREF="smb.conf.5.html" TARGET="_top" @@ -3636,13 +3760,14 @@ steps.</P TYPE="1" ><LI ><P ->Configuring the Samba Domain Controller +> Configuring the Samba PDC </P ></LI ><LI ><P ->Creating machine trust accounts - and joining clients to the domain</P +> Creating machine trust accounts and joining clients + to the domain + </P ></LI ></OL ><P @@ -3656,7 +3781,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN790" +NAME="AEN819" >6.2. Configuring the Samba Domain Controller</A ></H1 ><P @@ -3768,7 +3893,7 @@ TARGET="_top" > = \\homeserver\%u ; specify a generic logon script for all users - ; this is a relative path to the [netlogon] share + ; this is a relative **DOS** path to the [netlogon] share <A HREF="smb.conf.5.html#LOGONSCRIPT" TARGET="_top" @@ -3825,16 +3950,14 @@ TARGET="_top" ></TABLE ></P ><P ->There are a couple of points to emphasize in the above -configuration.</P +>There are a couple of points to emphasize in the above configuration.</P ><P ></P ><UL ><LI ><P ->encrypted passwords must be enabled. - For more details on how to do this, refer to - <A +> Encrypted passwords must be enabled. For more details on how + to do this, refer to <A HREF="ENCRYPTION.html" TARGET="_top" >ENCRYPTION.html</A @@ -3843,23 +3966,25 @@ TARGET="_top" ></LI ><LI ><P ->The server must support domain logons - and a <TT +> The server must support domain logons and a + <TT CLASS="FILENAME" >[netlogon]</TT -> share</P +> share + </P ></LI ><LI ><P ->The server must be the domain master browser - in order for Windows client to locate the server as a DC.</P +> The server must be the domain master browser in order for Windows + client to locate the server as a DC. + </P ></LI ></UL ><P >As Samba 2.2 does not offer a complete implementation of group mapping between Windows NT groups and UNIX groups (this is really quite complicated to explain in a short space), you should refer to the <A -HREF="smb.conf.5.html#DOMAINADMONUSERS" +HREF="smb.conf.5.html#DOMAINADMINUSERS" TARGET="_top" >domain admin users</A @@ -3876,14 +4001,11 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN833" +NAME="AEN862" >6.3. Creating Machine Trust Accounts and Joining Clients to the Domain</A ></H1 ><P ->First you must understand what a machine trust account is and what -it is used for.</P -><P >A machine trust account is a user account owned by a computer. The account password acts as the shared secret for secure communication with the Domain Controller. Hence the reason that @@ -3897,7 +4019,7 @@ as user LanMan and NT password hashes (currently <TT CLASS="FILENAME" >smbpasswd</TT >). -However, machine trust accounts only possess the NT password hash.</P +However, machine trust accounts only possess and use the NT password hash.</P ><P >There are two means of creating machine trust accounts.</P ><P @@ -3905,16 +4027,18 @@ However, machine trust accounts only possess the NT password hash.</P ><UL ><LI ><P ->Manual creation before joining the client - to the domain. In this case, the password is set to a known - value -- the lower case of the machine's netbios name.</P +> Manual creation before joining the client to the domain. In this case, + the password is set to a known value -- the lower case of the + machine's netbios name. + </P ></LI ><LI ><P ->Creation of the account at the time of - joining the domain. In this case, the session key of the - administrative account used to join the client to the domain acts - as an encryption key for setting the password to a random value.</P +> Creation of the account at the time of joining the domain. In + this case, the session key of the administrative account used to join + the client to the domain acts as an encryption key for setting the + password to a random value. + </P ></LI ></UL ><P @@ -3994,8 +4118,7 @@ in your domain.</P ><P >The second way of creating machine trust accounts is to add them on the fly at the time the client is joined to the domain. -You will need to include a value for the -<A +You will need to include a value for the <A HREF="smb.conf.5.html#ADDUSERSCRIPT" TARGET="_top" >add user script</A @@ -4016,28 +4139,27 @@ CLASS="PROGRAMLISTING" ></TABLE ></P ><P ->In Samba 2.2.0, <EM +>In Samba 2.2, <EM >only the root account</EM > can be used to create -machine accounts on the fly like this. Therefore, it is required -to create an entry in smbpasswd for <EM +machine accounts on the fly like this. Therefore, it is required to create +an entry in smbpasswd for <EM >root</EM ->. -The password <EM +>. The password +<EM >SHOULD</EM -> be set to s different -password that the associated <TT +> be set to s different password that the +associated <TT CLASS="FILENAME" >/etc/passwd</TT -> -entry for security reasons.</P +> entry for security reasons.</P ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN872" +NAME="AEN900" >6.4. Common Problems and Errors</A ></H1 ><P @@ -4065,14 +4187,22 @@ unique uid !</P ><P ><EM >I get told "You already have a connection to the Domain...." -when creating a machine account.</EM +or "Cannot join domain, the credentials supplied conflict with an +existing set.." when creating a machine account.</EM ></P ><P >This happens if you try to create a machine account from the -machine itself and use a user name that does not work (for whatever -reason) and then try another (possibly valid) user name. -Exit out of the network applet to close the initial connection -and try again.</P +machine itself and already have a connection (e.g. mapped drive) +to a share (or IPC$) on the Samba PDC. The following command +will remove all network drive connections:</P +><P +><TT +CLASS="PROMPT" +>C:\WINNT\></TT +> <B +CLASS="COMMAND" +>net use * /d</B +></P ><P >Further, if the machine is a already a 'member of a workgroup' that is the same name as the domain you are joining (bad idea) you will @@ -4080,14 +4210,6 @@ get this message. Change the workgroup name to something else, it does not matter what, reboot, and try again.</P ><P ><EM ->I get told "Cannot join domain, the credentials supplied -conflict with an existing set.."</EM -></P -><P ->This is the same basic problem as mentioned above, "You already -have a connection..."</P -><P -><EM >"The system can not log you on (C000019B)...."</EM ></P ><P @@ -4120,9 +4242,11 @@ for this computer either does not exist or is not accessible". Whats wrong ?</P ><P >This problem is caused by the PDC not having a suitable machine account. -If you are using the <B -CLASS="COMMAND" ->add user script =</B +If you are using the <TT +CLASS="PARAMETER" +><I +>add user script</I +></TT > method to create accounts then this would indicate that it has not worked. Ensure the domain admin user system is working.</P @@ -4137,13 +4261,70 @@ in both /etc/passwd and the smbpasswd file. Some people have reported that inconsistent subnet masks between the Samba server and the NT client have caused this problem. Make sure that these are consistent for both client and server.</P +><P +><EM +>When I attempt to login to a Samba Domain from a NT4/W2K workstation, +I get a message about my account being disabled.</EM +></P +><P +>This problem is caused by a PAM related bug in Samba 2.2.0. This bug is +fixed in 2.2.1. Other symptoms could be unaccessible shares on +NT/W2K member servers in the domain or the following error in your smbd.log: +passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user%</P +><P +>At first be ensure to enable the useraccounts with <B +CLASS="COMMAND" +>smbpasswd -e +%user%</B +>, this is normaly done, when you create an account.</P +><P +>In order to work around this problem in 2.2.0, configure the +<TT +CLASS="PARAMETER" +><I +>account</I +></TT +> control flag in +<TT +CLASS="FILENAME" +>/etc/pam.d/samba</TT +> file as follows:</P +><P +><TABLE +BORDER="0" +BGCOLOR="#E0E0E0" +WIDTH="100%" +><TR +><TD +><PRE +CLASS="PROGRAMLISTING" +>account required pam_permit.so</PRE +></TD +></TR +></TABLE +></P +><P +>If you want to remain backward compatibility to samba 2.0.x use +<TT +CLASS="FILENAME" +>pam_permit.so</TT +>, it's also possible to use +<TT +CLASS="FILENAME" +>pam_pwdb.so</TT +>. There are some bugs if you try to +use <TT +CLASS="FILENAME" +>pam_unix.so</TT +>, if you need this, be ensure to use +the most recent version of this file.</P ></DIV ><DIV CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN900" +NAME="AEN942" >6.5. System Policies and Profiles</A ></H1 ><P @@ -4281,7 +4462,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN940" +NAME="AEN982" >6.6. What other help can I get ?</A ></H1 ><P @@ -4462,7 +4643,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN987" +NAME="AEN1029" >6.6.1. URLs and similar</A ></H2 ><P @@ -4535,7 +4716,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1011" +NAME="AEN1053" >6.6.2. Mailing Lists</A ></H2 ><P @@ -4667,7 +4848,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1050" +NAME="AEN1092" >6.7. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba</A ></H1 ><P @@ -4768,7 +4949,7 @@ within its registry.</P CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN1074" +NAME="AEN1116" >Chapter 7. Unifed Logons between Windows NT and UNIX using Winbind</A ></H1 ><DIV @@ -4776,7 +4957,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1092" +NAME="AEN1134" >7.1. Abstract</A ></H1 ><P @@ -4798,7 +4979,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1096" +NAME="AEN1138" >7.2. Introduction</A ></H1 ><P @@ -4852,7 +5033,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1109" +NAME="AEN1151" >7.3. What Winbind Provides</A ></H1 ><P @@ -4894,7 +5075,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1116" +NAME="AEN1158" >7.3.1. Target Uses</A ></H2 ><P @@ -4918,7 +5099,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1120" +NAME="AEN1162" >7.4. How Winbind Works</A ></H1 ><P @@ -4938,7 +5119,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1125" +NAME="AEN1167" >7.4.1. Microsoft Remote Procedure Calls</A ></H2 ><P @@ -4964,7 +5145,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1129" +NAME="AEN1171" >7.4.2. Name Service Switch</A ></H2 ><P @@ -5043,7 +5224,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1145" +NAME="AEN1187" >7.4.3. Pluggable Authentication Modules</A ></H2 ><P @@ -5092,7 +5273,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1153" +NAME="AEN1195" >7.4.4. User and Group ID Allocation</A ></H2 ><P @@ -5118,7 +5299,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1157" +NAME="AEN1199" >7.4.5. Result Caching</A ></H2 ><P @@ -5141,7 +5322,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1160" +NAME="AEN1202" >7.5. Installation and Configuration</A ></H1 ><P @@ -5172,7 +5353,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1166" +NAME="AEN1208" >7.6. Limitations</A ></H1 ><P @@ -5220,7 +5401,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1178" +NAME="AEN1220" >7.7. Conclusion</A ></H1 ><P @@ -5236,7 +5417,7 @@ NAME="AEN1178" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN1181" +NAME="AEN1223" >Chapter 8. UNIX Permission Bits and WIndows NT Access Control Lists</A ></H1 ><DIV @@ -5244,7 +5425,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1192" +NAME="AEN1234" >8.1. Viewing and changing UNIX permissions using the NT security dialogs</A ></H1 @@ -5283,7 +5464,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1201" +NAME="AEN1243" >8.2. How to view file security on a Samba share</A ></H1 ><P @@ -5329,7 +5510,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1212" +NAME="AEN1254" >8.3. Viewing file ownership</A ></H1 ><P @@ -5415,7 +5596,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1232" +NAME="AEN1274" >8.4. Viewing file or directory permissions</A ></H1 ><P @@ -5477,7 +5658,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1247" +NAME="AEN1289" >8.4.1. File Permissions</A ></H2 ><P @@ -5539,7 +5720,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1261" +NAME="AEN1303" >8.4.2. Directory Permissions</A ></H2 ><P @@ -5571,7 +5752,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1268" +NAME="AEN1310" >8.5. Modifying file or directory permissions</A ></H1 ><P @@ -5669,7 +5850,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1290" +NAME="AEN1332" >8.6. Interaction with the standard Samba create mask parameters</A ></H1 @@ -5942,7 +6123,7 @@ CLASS="SECT1" ><HR><H1 CLASS="SECT1" ><A -NAME="AEN1354" +NAME="AEN1396" >8.7. Interaction with the standard Samba file attribute mapping</A ></H1 @@ -5989,7 +6170,7 @@ CLASS="COMMAND" CLASS="CHAPTER" ><HR><H1 ><A -NAME="AEN1364" +NAME="AEN1406" >Chapter 9. OS2 Client HOWTO</A ></H1 ><DIV @@ -5997,7 +6178,7 @@ CLASS="SECT1" ><H1 CLASS="SECT1" ><A -NAME="AEN1375" +NAME="AEN1417" >9.1. FAQs</A ></H1 ><DIV @@ -6005,7 +6186,7 @@ CLASS="SECT2" ><H2 CLASS="SECT2" ><A -NAME="AEN1377" +NAME="AEN1419" >9.1.1. How can I configure OS/2 Warp Connect or OS/2 Warp 4 as a client for Samba?</A ></H2 @@ -6064,7 +6245,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1392" +NAME="AEN1434" >9.1.2. How can I configure OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x for Samba?</A ></H2 @@ -6117,7 +6298,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1401" +NAME="AEN1443" >9.1.3. Are there any other issues when OS/2 (any version) is used as a client?</A ></H2 @@ -6139,7 +6320,7 @@ CLASS="SECT2" ><HR><H2 CLASS="SECT2" ><A -NAME="AEN1405" +NAME="AEN1447" >9.1.4. How do I get printer driver download working for OS/2 clients?</A ></H2 diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html index 52eb12e5274..8e792e31221 100644 --- a/docs/htmldocs/make_smbcodepage.1.html +++ b/docs/htmldocs/make_smbcodepage.1.html @@ -14,7 +14,7 @@ VLINK="#840084" ALINK="#0000FF" ><H1 ><A -NAME="FINDSMB" +NAME="MAKE-SMBCODEPAGE" >make_smbcodepage</A ></H1 ><DIV @@ -104,24 +104,24 @@ CLASS="PARAMETER" >inputfile</DT ><DD ><P ->This is the input file to process. In t - he '<TT +>This is the input file to process. In + the <TT CLASS="PARAMETER" ><I >c</I ></TT ->' case this will be a text +> case this will be a text codepage definition file such as the ones found in the Samba <TT CLASS="FILENAME" >source/codepages</TT > directory. In - the '<TT + the <TT CLASS="PARAMETER" ><I >d</I ></TT ->' case this will be the +> case this will be the binary format codepage definition file normally found in the <TT CLASS="FILENAME" diff --git a/docs/htmldocs/make_unicodemap.1.html b/docs/htmldocs/make_unicodemap.1.html new file mode 100644 index 00000000000..a0b87406936 --- /dev/null +++ b/docs/htmldocs/make_unicodemap.1.html @@ -0,0 +1,276 @@ +<HTML +><HEAD +><TITLE +>make_unicodemap</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.57"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="MAKE-UNICODEMAP" +>make_unicodemap</A +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN5" +></A +><H2 +>Name</H2 +>make_unicodemap -- construct a unicode map file for Samba</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN8" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>make_unicodemap</B +> {codepage} {inputfile} {outputfile}</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN14" +></A +><H2 +>DESCRIPTION</H2 +><P +> This tool is part of the <A +HREF="samba.7.html" +TARGET="_top" +>Samba</A +> + suite. + </P +><P +> <B +CLASS="COMMAND" +>make_unicodemap</B +> compiles text unicode map + files into binary unicodef map files for use with the + internationalization features of Samba 2.2. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN20" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>codepage</DT +><DD +><P +>This is the codepage or UNIX character + set we are processing (a number, e.g. 850). + </P +></DD +><DT +>inputfile</DT +><DD +><P +>This is the input file to process. This is a + text unicode map file such as the ones found in the Samba + <TT +CLASS="FILENAME" +>source/codepages</TT +> directory. + </P +></DD +><DT +>outputfile</DT +><DD +><P +>This is the binary output file to produce. + </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN36" +></A +><H2 +>Samba Unicode Map Files</H2 +><P +> A text Samba unicode map file is a description that tells Samba + how to map characters from a specified DOS code page or UNIX character + set to 16 bit unicode. + </P +><P +>A binary Samba unicode map file is a binary representation + of the same information, including a value that specifies what + codepage or UNIX character set this file is describing. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN40" +></A +><H2 +>Files</H2 +><P +><TT +CLASS="FILENAME" +>CP<codepage>.TXT</TT +></P +><P +> These are the input (text) unicode map files provided + in the Samba <TT +CLASS="FILENAME" +>source/codepages</TT +> + directory. + </P +><P +> A text unicode map file consists of multiple lines + containing two fields. These fields are : + </P +><P +></P +><UL +><LI +><P +><TT +CLASS="PARAMETER" +><I +>character</I +></TT +> - which is + the (hex) character mapped on this line. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>unicode</I +></TT +> - which + is the (hex) 16 bit unicode character that the character + will map to. + </P +></LI +></UL +><P +> <TT +CLASS="FILENAME" +>unicode_map.<codepage></TT +> - These are + the output (binary) unicode map files produced and placed in + the Samba destination <TT +CLASS="FILENAME" +>lib/codepage</TT +> + directory. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN57" +></A +><H2 +>Installation</H2 +><P +> The location of the server and its support files is a matter + for individual system administrators. The following are thus + suggestions only. + </P +><P +> It is recommended that the <B +CLASS="COMMAND" +>make_unicodemap</B +> + program be installed under the + <TT +CLASS="FILENAME" +>$prefix/samba</TT +> hierarchy, + in a directory readable by all, writeable only by root. The + program itself should be executable by all. The program + should NOT be setuid or setgid! + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN63" +></A +><H2 +>VERSION</H2 +><P +>This man page is correct for version 2.2 of + the Samba suite.</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN66" +></A +><H2 +>SEE ALSO</H2 +><P +><A +HREF="smbd.8.html" +TARGET="_top" +><B +CLASS="COMMAND" +>smbd(8)</B +></A +>, + <A +HREF="smb.conf.5.html" +TARGET="_top" +>smb.conf(5)</A +> + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN72" +></A +><H2 +>AUTHOR</H2 +><P +>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</P +><P +>The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + <A +HREF="ftp://ftp.icce.rug.nl/pub/unix/" +TARGET="_top" +> ftp://ftp.icce.rug.nl/pub/unix/</A +>) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter</P +></DIV +></BODY +></HTML +>
\ No newline at end of file diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html index 0f8a83a9396..b3a5e75a7f3 100644 --- a/docs/htmldocs/smb.conf.5.html +++ b/docs/htmldocs/smb.conf.5.html @@ -859,11 +859,11 @@ NAME="AEN253" ><LI ><P ><A -HREF="#ADDUSERSCRIPT" +HREF="#ADDPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I ->add user script</I +>add printer command</I ></TT ></A ></P @@ -871,11 +871,23 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#ADDPRINTERCOMMAND" +HREF="#ADDSHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>add share command</I +></TT +></A +></P +></LI +><LI +><P +><A +HREF="#ADDUSERSCRIPT" ><TT CLASS="PARAMETER" ><I ->addprinter command</I +>add user script</I ></TT ></A ></P @@ -967,6 +979,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#CHANGESHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>change share command</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#CHARACTERSET" ><TT CLASS="PARAMETER" @@ -1123,23 +1147,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DELETEUSERSCRIPT" -><TT -CLASS="PARAMETER" -><I ->delete user script</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#DELETEPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I ->deleteprinter command</I +>delete printer command</I ></TT ></A ></P @@ -1147,11 +1159,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DFREECOMMAND" +HREF="#DELETESHARECOMMAND" ><TT CLASS="PARAMETER" ><I ->dfree command</I +>delete share command</I ></TT ></A ></P @@ -1159,11 +1171,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DNSPROXY" +HREF="#DELETEUSERSCRIPT" ><TT CLASS="PARAMETER" ><I ->dns proxy</I +>delete user script</I ></TT ></A ></P @@ -1171,11 +1183,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DOMAINADMINGROUP" +HREF="#DFREECOMMAND" ><TT CLASS="PARAMETER" ><I ->domain admin group</I +>dfree command</I ></TT ></A ></P @@ -1183,11 +1195,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DOMAINADMINUSERS" +HREF="#DNSPROXY" ><TT CLASS="PARAMETER" ><I ->domain admin users</I +>dns proxy</I ></TT ></A ></P @@ -1195,11 +1207,11 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DOMAINGROUPS" +HREF="#DOMAINADMINGROUP" ><TT CLASS="PARAMETER" ><I ->domain groups</I +>domain admin group</I ></TT ></A ></P @@ -1219,18 +1231,6 @@ CLASS="PARAMETER" ><LI ><P ><A -HREF="#DOMAINGUESTUSERS" -><TT -CLASS="PARAMETER" -><I ->domain guest users</I -></TT -></A -></P -></LI -><LI -><P -><A HREF="#DOMAINLOGONS" ><TT CLASS="PARAMETER" @@ -1867,6 +1867,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#OBEYPAMRESTRICTIONS" +><TT +CLASS="PARAMETER" +><I +>obey pam restrictions</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#OPLOCKBREAKWAITTIME" ><TT CLASS="PARAMETER" @@ -1903,6 +1915,18 @@ CLASS="PARAMETER" ><LI ><P ><A +HREF="#PAMPASSWORDCHANGE" +><TT +CLASS="PARAMETER" +><I +>pam password change</I +></TT +></A +></P +></LI +><LI +><P +><A HREF="#PANICACTION" ><TT CLASS="PARAMETER" @@ -2757,7 +2781,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN889" +NAME="AEN897" ></A ><H2 >COMPLETE LIST OF SERVICE PARAMETERS</H2 @@ -4176,7 +4200,7 @@ CLASS="PARAMETER" ><DIV CLASS="REFSECT1" ><A -NAME="AEN1361" +NAME="AEN1369" ></A ><H2 >EXPLANATION OF EACH PARAMETER</H2 @@ -4187,154 +4211,9 @@ CLASS="VARIABLELIST" ><DL ><DT ><A -NAME="ADDUSERSCRIPT" -></A ->add user script (G)</DT -><DD -><P ->This is the full pathname to a script that will - be run <EM ->AS ROOT</EM -> by <A -HREF="smbd.8.html" -TARGET="_top" ->smbd(8) - </A -> under special circumstances described below.</P -><P ->Normally, a Samba server requires that UNIX users are - created for all users accessing files on this server. For sites - that use Windows NT account databases as their primary user database - creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows <A -HREF="smbd.8.html" -TARGET="_top" ->smbd</A -> to create the required UNIX users - <EM ->ON DEMAND</EM -> when a user accesses the Samba server.</P -><P ->In order to use this option, <A -HREF="smbd.8.html" -TARGET="_top" ->smbd</A -> - must be set to <TT -CLASS="PARAMETER" -><I ->security=server</I -></TT -> or <TT -CLASS="PARAMETER" -><I -> security=domain</I -></TT -> and <TT -CLASS="PARAMETER" -><I ->add user script</I -></TT -> - must be set to a full pathname for a script that will create a UNIX - user given one argument of <TT -CLASS="PARAMETER" -><I ->%u</I -></TT ->, which expands into - the UNIX user name to create.</P -><P ->When the Windows user attempts to access the Samba server, - at login (session setup in the SMB protocol) time, <A -HREF="smbd.8.html" -TARGET="_top" -> smbd</A -> contacts the <TT -CLASS="PARAMETER" -><I ->password server</I -></TT -> and - attempts to authenticate the given user with the given password. If the - authentication succeeds then <B -CLASS="COMMAND" ->smbd</B -> - attempts to find a UNIX user in the UNIX password database to map the - Windows user into. If this lookup fails, and <TT -CLASS="PARAMETER" -><I ->add user script - </I -></TT -> is set then <B -CLASS="COMMAND" ->smbd</B -> will - call the specified script <EM ->AS ROOT</EM ->, expanding - any <TT -CLASS="PARAMETER" -><I ->%u</I -></TT -> argument to be the user name to create.</P -><P ->If this script successfully creates the user then <B -CLASS="COMMAND" ->smbd - </B -> will continue on as though the UNIX user - already existed. In this way, UNIX users are dynamically created to - match existing Windows NT accounts.</P -><P ->See also <A -HREF="#SECURITY" -><TT -CLASS="PARAMETER" -><I -> security</I -></TT -></A ->, <A -HREF="#PASSWORDSERVER" -> <TT -CLASS="PARAMETER" -><I ->password server</I -></TT -></A ->, - <A -HREF="#DELETEUSERSCRIPT" -><TT -CLASS="PARAMETER" -><I ->delete user - script</I -></TT -></A ->.</P -><P ->Default: <B -CLASS="COMMAND" ->add user script = <empty string> - </B -></P -><P ->Example: <B -CLASS="COMMAND" ->add user script = /usr/local/samba/bin/add_user - %u</B -></P -></DD -><DT -><A NAME="ADDPRINTERCOMMAND" ></A ->addprinter command (G)</DT +>add printer command (G)</DT ><DD ><P >With the introduction of MS-RPC based printing @@ -4348,7 +4227,8 @@ NAME="ADDPRINTERCOMMAND" physically added to underlying printing system. The <TT CLASS="PARAMETER" ><I -> addprinter command</I +>add + printer command</I ></TT > defines a script to be run which will perform the necessary operations for adding the printer @@ -4370,7 +4250,7 @@ CLASS="COMMAND" >The <TT CLASS="PARAMETER" ><I ->addprinter command</I +>add printer command</I ></TT > is automatically invoked with the following parameter (in @@ -4444,7 +4324,7 @@ CLASS="PARAMETER" >Once the <TT CLASS="PARAMETER" ><I ->addprinter command</I +>add printer command</I ></TT > has been executed, <B @@ -4465,7 +4345,7 @@ HREF="#DELETEPRINTERCOMMAND" ><TT CLASS="PARAMETER" ><I -> deleteprinter command</I +> delete printer command</I ></TT ></A >, <A @@ -4500,6 +4380,290 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="ADDSHARECOMMAND" +></A +>add share command (G)</DT +><DD +><P +>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <TT +CLASS="PARAMETER" +><I +>add share command</I +></TT +> is used to define an + external program or script which will add a new service definition + to <TT +CLASS="FILENAME" +>smb.conf</TT +>. In order to successfully + execute the <TT +CLASS="PARAMETER" +><I +>add share command</I +></TT +>, <B +CLASS="COMMAND" +>smbd</B +> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </P +><P +> When executed, <B +CLASS="COMMAND" +>smbd</B +> will automatically invoke the + <TT +CLASS="PARAMETER" +><I +>add share command</I +></TT +> with four parameters. + </P +><P +></P +><UL +><LI +><P +><TT +CLASS="PARAMETER" +><I +>configFile</I +></TT +> - the location + of the global <TT +CLASS="FILENAME" +>smb.conf</TT +> file. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>shareName</I +></TT +> - the name of the new + share. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>pathName</I +></TT +> - path to an **existing** + directory on disk. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>comment</I +></TT +> - comment string to associate + with the new share. + </P +></LI +></UL +><P +> This parameter is only used for add file shares. To add printer shares, + see the <A +HREF="#ADDPRINTERCOMMAND" +><TT +CLASS="PARAMETER" +><I +>add printer + command</I +></TT +></A +>. + </P +><P +> See also <A +HREF="#CHANGESHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>change share + command</I +></TT +></A +>, <A +HREF="#DELETESHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>delete share + command</I +></TT +></A +>. + </P +><P +>Default: <EM +>none</EM +></P +><P +>Example: <B +CLASS="COMMAND" +>add share command = /usr/local/bin/addshare</B +></P +></DD +><DT +><A +NAME="ADDUSERSCRIPT" +></A +>add user script (G)</DT +><DD +><P +>This is the full pathname to a script that will + be run <EM +>AS ROOT</EM +> by <A +HREF="smbd.8.html" +TARGET="_top" +>smbd(8) + </A +> under special circumstances described below.</P +><P +>Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows <A +HREF="smbd.8.html" +TARGET="_top" +>smbd</A +> to create the required UNIX users + <EM +>ON DEMAND</EM +> when a user accesses the Samba server.</P +><P +>In order to use this option, <A +HREF="smbd.8.html" +TARGET="_top" +>smbd</A +> + must be set to <TT +CLASS="PARAMETER" +><I +>security=server</I +></TT +> or <TT +CLASS="PARAMETER" +><I +> security=domain</I +></TT +> and <TT +CLASS="PARAMETER" +><I +>add user script</I +></TT +> + must be set to a full pathname for a script that will create a UNIX + user given one argument of <TT +CLASS="PARAMETER" +><I +>%u</I +></TT +>, which expands into + the UNIX user name to create.</P +><P +>When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, <A +HREF="smbd.8.html" +TARGET="_top" +> smbd</A +> contacts the <TT +CLASS="PARAMETER" +><I +>password server</I +></TT +> and + attempts to authenticate the given user with the given password. If the + authentication succeeds then <B +CLASS="COMMAND" +>smbd</B +> + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and <TT +CLASS="PARAMETER" +><I +>add user script + </I +></TT +> is set then <B +CLASS="COMMAND" +>smbd</B +> will + call the specified script <EM +>AS ROOT</EM +>, expanding + any <TT +CLASS="PARAMETER" +><I +>%u</I +></TT +> argument to be the user name to create.</P +><P +>If this script successfully creates the user then <B +CLASS="COMMAND" +>smbd + </B +> will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.</P +><P +>See also <A +HREF="#SECURITY" +><TT +CLASS="PARAMETER" +><I +> security</I +></TT +></A +>, <A +HREF="#PASSWORDSERVER" +> <TT +CLASS="PARAMETER" +><I +>password server</I +></TT +></A +>, + <A +HREF="#DELETEUSERSCRIPT" +><TT +CLASS="PARAMETER" +><I +>delete user + script</I +></TT +></A +>.</P +><P +>Default: <B +CLASS="COMMAND" +>add user script = <empty string> + </B +></P +><P +>Example: <B +CLASS="COMMAND" +>add user script = /usr/local/samba/bin/add_user + %u</B +></P +></DD +><DT +><A NAME="ADMINUSERS" ></A >admin users (S)</DT @@ -5061,6 +5225,136 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="CHANGESHARECOMMAND" +></A +>change share command (G)</DT +><DD +><P +>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <TT +CLASS="PARAMETER" +><I +>change share command</I +></TT +> is used to define an + external program or script which will modify an existing service definition + in <TT +CLASS="FILENAME" +>smb.conf</TT +>. In order to successfully + execute the <TT +CLASS="PARAMETER" +><I +>change share command</I +></TT +>, <B +CLASS="COMMAND" +>smbd</B +> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </P +><P +> When executed, <B +CLASS="COMMAND" +>smbd</B +> will automatically invoke the + <TT +CLASS="PARAMETER" +><I +>change share command</I +></TT +> with four parameters. + </P +><P +></P +><UL +><LI +><P +><TT +CLASS="PARAMETER" +><I +>configFile</I +></TT +> - the location + of the global <TT +CLASS="FILENAME" +>smb.conf</TT +> file. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>shareName</I +></TT +> - the name of the new + share. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>pathName</I +></TT +> - path to an **existing** + directory on disk. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>comment</I +></TT +> - comment string to associate + with the new share. + </P +></LI +></UL +><P +> This parameter is only used modify existing file shares definitions. To modify + printer shares, use the "Printers..." folder as seen when browsing the Samba host. + </P +><P +> See also <A +HREF="#ADDSHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>add share + command</I +></TT +></A +>, <A +HREF="#DELETESHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>delete + share command</I +></TT +></A +>. + </P +><P +>Default: <EM +>none</EM +></P +><P +>Example: <B +CLASS="COMMAND" +>change share command = /usr/local/bin/addshare</B +></P +></DD +><DT +><A NAME="CHARACTERSET" ></A >character set (G)</DT @@ -5731,6 +6025,18 @@ CLASS="PARAMETER" ></A > parameter.</P ><P +>Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the <A +HREF="#SECURITYMASK" +><TT +CLASS="PARAMETER" +><I +>security mask</I +></TT +></A +>.</P +><P >Default: <B CLASS="COMMAND" >create mask = 0744</B @@ -6040,6 +6346,102 @@ CLASS="PROGRAMLISTING" ></DD ><DT ><A +NAME="DELETEPRINTERCOMMAND" +></A +>delete printer command (G)</DT +><DD +><P +>With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call.</P +><P +>For a Samba host this means that the printer must be + physically deleted from underlying printing system. The <TT +CLASS="PARAMETER" +><I +> deleteprinter command</I +></TT +> defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from <TT +CLASS="FILENAME" +>smb.conf</TT +>. + </P +><P +>The <TT +CLASS="PARAMETER" +><I +>delete printer command</I +></TT +> is + automatically called with only one parameter: <TT +CLASS="PARAMETER" +><I +> "printer name"</I +></TT +>.</P +><P +>Once the <TT +CLASS="PARAMETER" +><I +>delete printer command</I +></TT +> has + been executed, <B +CLASS="COMMAND" +>smbd</B +> will reparse the <TT +CLASS="FILENAME" +> smb.conf</TT +> to associated printer no longer exists. + If the sharename is still valid, then <B +CLASS="COMMAND" +>smbd + </B +> will return an ACCESS_DENIED error to the client.</P +><P +>See also <A +HREF="#ADDPRINTERCOMMAND" +><TT +CLASS="PARAMETER" +><I +> add printer command</I +></TT +></A +>, <A +HREF="#PRINTING" +><TT +CLASS="PARAMETER" +><I +>printing</I +></TT +></A +>, + <A +HREF="#SHOWADDPRINTERWIZARD" +><TT +CLASS="PARAMETER" +><I +>show add + printer wizard</I +></TT +></A +></P +><P +>Default: <EM +>none</EM +></P +><P +>Example: <B +CLASS="COMMAND" +>deleteprinter command = /usr/bin/removeprinter + </B +></P +></DD +><DT +><A NAME="DELETEREADONLY" ></A >delete readonly (S)</DT @@ -6059,6 +6461,123 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="DELETESHARECOMMAND" +></A +>delete share command (G)</DT +><DD +><P +>Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + <TT +CLASS="PARAMETER" +><I +>delete share command</I +></TT +> is used to define an + external program or script which will remove an existing service + definition from <TT +CLASS="FILENAME" +>smb.conf</TT +>. In order to successfully + execute the <TT +CLASS="PARAMETER" +><I +>delete share command</I +></TT +>, <B +CLASS="COMMAND" +>smbd</B +> + requires that the administrator be connected using a root account (i.e. + uid == 0). + </P +><P +> When executed, <B +CLASS="COMMAND" +>smbd</B +> will automatically invoke the + <TT +CLASS="PARAMETER" +><I +>delete share command</I +></TT +> with two parameters. + </P +><P +></P +><UL +><LI +><P +><TT +CLASS="PARAMETER" +><I +>configFile</I +></TT +> - the location + of the global <TT +CLASS="FILENAME" +>smb.conf</TT +> file. + </P +></LI +><LI +><P +><TT +CLASS="PARAMETER" +><I +>shareName</I +></TT +> - the name of + the existing service. + </P +></LI +></UL +><P +> This parameter is only used to remove file shares. To delete printer shares, + see the <A +HREF="#DELETEPRINTERCOMMAND" +><TT +CLASS="PARAMETER" +><I +>delete printer + command</I +></TT +></A +>. + </P +><P +> See also <A +HREF="#ADDSHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>delete share + command</I +></TT +></A +>, <A +HREF="#CHANGESHARECOMMAND" +><TT +CLASS="PARAMETER" +><I +>change + share</I +></TT +></A +>. + </P +><P +>Default: <EM +>none</EM +></P +><P +>Example: <B +CLASS="COMMAND" +>delete share command = /usr/local/bin/delshare</B +></P +></DD +><DT +><A NAME="DELETEUSERSCRIPT" ></A >delete user script (G)</DT @@ -6232,102 +6751,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="DELETEPRINTERCOMMAND" -></A ->deleteprinter command (G)</DT -><DD -><P ->With the introduction of MS-RPC based printer - support for Windows NT/2000 clients in Samba 2.2, it is now - possible to delete printer at run time by issuing the - DeletePrinter() RPC call.</P -><P ->For a Samba host this means that the printer must be - physically deleted from underlying printing system. The <TT -CLASS="PARAMETER" -><I -> deleteprinter command</I -></TT -> defines a script to be run which - will perform the necessary operations for removing the printer - from the print system and from <TT -CLASS="FILENAME" ->smb.conf</TT ->. - </P -><P ->The <TT -CLASS="PARAMETER" -><I ->deleteprinter command</I -></TT -> is - automatically called with only one parameter: <TT -CLASS="PARAMETER" -><I -> "printer name"</I -></TT ->.</P -><P ->Once the <TT -CLASS="PARAMETER" -><I ->deleteprinter command</I -></TT -> has - been executed, <B -CLASS="COMMAND" ->smbd</B -> will reparse the <TT -CLASS="FILENAME" -> smb.conf</TT -> to associated printer no longer exists. - If the sharename is still valid, then <B -CLASS="COMMAND" ->smbd - </B -> will return an ACCESS_DENIED error to the client.</P -><P ->See also <A -HREF="#ADDPRINTERCOMMAND" -><TT -CLASS="PARAMETER" -><I -> addprinter command</I -></TT -></A ->, <A -HREF="#PRINTING" -><TT -CLASS="PARAMETER" -><I ->printing</I -></TT -></A ->, - <A -HREF="#SHOWADDPRINTERWIZARD" -><TT -CLASS="PARAMETER" -><I ->show add - printer wizard</I -></TT -></A -></P -><P ->Default: <EM ->none</EM -></P -><P ->Example: <B -CLASS="COMMAND" ->deleteprinter command = /usr/bin/removeprinter - </B -></P -></DD -><DT -><A NAME="DELETEVETOFILES" ></A >delete veto files (S)</DT @@ -6551,6 +6974,18 @@ CLASS="PARAMETER" > parameter. This parameter is set to 000 by default (i.e. no extra mode bits are added).</P ><P +>Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the <A +HREF="#DIRECTORYSECURITYMASK" +><TT +CLASS="PARAMETER" +><I +>directory security mask</I +></TT +></A +>.</P +><P >See the <A HREF="#FORCEDIRECTORYMODE" ><TT @@ -6639,27 +7074,17 @@ NAME="DIRECTORYSECURITYMASK" mask may be treated as a set of bits the user is not allowed to change.</P ><P ->If not set explicitly this parameter is set to the same - value as the <A -HREF="#DIRECTORYMASK" -><TT -CLASS="PARAMETER" -><I ->directory - mask</I -></TT -></A -> parameter. To allow a user to - modify all the user/group/world permissions on a directory, set - this parameter to 0777.</P +>If not set explicitly this parameter is set to 0777 + meaning a user is allowed to modify all the user/group/world + permissions on a directory.</P ><P ><EM >Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to set - it to 0777.</P + Administrators of most normal systems will probably want to leave + it as the default of 0777.</P ><P >See also the <A HREF="#FORCEDIRECTORYSECURITYMODE" @@ -6691,13 +7116,12 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->directory security mask = <same as - directory mask></B +>directory security mask = 0777</B ></P ><P >Example: <B CLASS="COMMAND" ->directory security mask = 0777</B +>directory security mask = 0700</B ></P ></DD ><DT @@ -6750,70 +7174,47 @@ NAME="DOMAINADMINGROUP" >domain admin group (G)</DT ><DD ><P ->This is an <EM ->EXPERIMENTAL</EM -> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <A -HREF="mailto:samba-ntdom@samba.org" -TARGET="_top" ->samba-ntdom</A -> available by - visiting the web page at <A -HREF="http://lists.samba.org/" -TARGET="_top" -> http://lists.samba.org/</A ->.</P -></DD -><DT -><A -NAME="DOMAINADMINUSERS" -></A ->domain admin users (G)</DT -><DD +>This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Admins" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + <TT +CLASS="FILENAME" +>smb.conf</TT +> notation. + </P ><P ->This is an <EM ->EXPERIMENTAL</EM -> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <A -HREF="mailto:samba-ntdom@samba.org" -TARGET="_top" ->samba-ntdom</A -> available by - visiting the web page at <A -HREF="http://lists.samba.org/" -TARGET="_top" -> http://lists.samba.org/</A ->.</P -></DD -><DT -><A -NAME="DOMAINGROUPS" +>See also <A +HREF="#DOMAINGUESTGROUP" +><TT +CLASS="PARAMETER" +><I +>domain + guest group</I +></TT ></A ->domain groups (G)</DT -><DD +>, <A +HREF="#DOMAINLOGONS" +><TT +CLASS="PARAMETER" +><I +>domain + logons</I +></TT +></A +> + </P ><P ->This is an <EM ->EXPERIMENTAL</EM -> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <A -HREF="mailto:samba-ntdom@samba.org" -TARGET="_top" ->samba-ntdom</A -> available by - visiting the web page at <A -HREF="http://lists.samba.org/" -TARGET="_top" -> http://lists.samba.org/</A ->.</P +>Default: <EM +>no domain administrators</EM +></P +><P +>Example: <B +CLASS="COMMAND" +>domain admin group = root @wheel</B +></P ></DD ><DT ><A @@ -6822,46 +7223,47 @@ NAME="DOMAINGUESTGROUP" >domain guest group (G)</DT ><DD ><P ->This is an <EM ->EXPERIMENTAL</EM -> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <A -HREF="mailto:samba-ntdom@samba.org" -TARGET="_top" ->samba-ntdom</A -> available by - visiting the web page at <A -HREF="http://lists.samba.org/" -TARGET="_top" -> http://lists.samba.org/</A ->.</P -></DD -><DT -><A -NAME="DOMAINGUESTUSERS" +>This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Guests" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + <TT +CLASS="FILENAME" +>smb.conf</TT +> notation. + </P +><P +>See also <A +HREF="#DOMAINADMINGROUP" +><TT +CLASS="PARAMETER" +><I +>domain + admin group</I +></TT ></A ->domain guest users (G)</DT -><DD +>, <A +HREF="#DOMAINLOGONS" +><TT +CLASS="PARAMETER" +><I +>domain + logons</I +></TT +></A +> + </P ><P ->This is an <EM ->EXPERIMENTAL</EM -> parameter - that is part of the unfinished Samba NT Domain Controller Code. It may - be removed in a later release. To work with the latest code builds - that may have more support for Samba NT Domain Controller functionality - please subscribe to the mailing list <A -HREF="mailto:samba-ntdom@samba.org" -TARGET="_top" ->samba-ntdom</A -> available by - visiting the web page at <A -HREF="http://lists.samba.org/" -TARGET="_top" -> http://lists.samba.org/</A ->.</P +>Default: <EM +>no domain guests</EM +></P +><P +>Example: <B +CLASS="COMMAND" +>domain guest group = nobody @guest</B +></P ></DD ><DT ><A @@ -7436,6 +7838,19 @@ CLASS="PARAMETER" > parameter is applied.</P ><P +>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <A +HREF="#RESTRICTACLWITHMASK" +><TT +CLASS="PARAMETER" +><I +>restrict acl with + mask</I +></TT +></A +> to true.</P +><P >See also the parameter <A HREF="#CREATEMASK" ><TT @@ -7495,6 +7910,19 @@ CLASS="PARAMETER" > is applied.</P ><P +>Note that by default this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + this mask on access control lists also, they need to set the <A +HREF="#RESTRICTACLWITHMASK" +><TT +CLASS="PARAMETER" +><I +>restrict acl with + mask</I +></TT +></A +> to true.</P +><P >See also the parameter <A HREF="#DIRECTORYMASK" ><TT @@ -7548,27 +7976,17 @@ NAME="FORCEDIRECTORYSECURITYMODE" mask may be treated as a set of bits that, when modifying security on a directory, the user has always set to be 'on'.</P ><P ->If not set explicitly this parameter is set to the same - value as the <A -HREF="#FORCEDIRECTORYMODE" -><TT -CLASS="PARAMETER" -><I ->force - directory mode</I -></TT -></A -> parameter. To allow - a user to modify all the user/group/world permissions on a - directory without restrictions, set this parameter to 000.</P +>If not set explicitly this parameter is 000, which + allows a user to modify all the user/group/world permissions on a + directory without restrictions.</P ><P ><EM >Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to set - it to 0000.</P + Administrators of most normal systems will probably want to leave + it set as 0000.</P ><P >See also the <A HREF="#DIRECTORYSECURITYMASK" @@ -7600,13 +8018,12 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->force directory security mode = <same as - force directory mode></B +>force directory security mode = 0</B ></P ><P >Example: <B CLASS="COMMAND" ->force directory security mode = 0</B +>force directory security mode = 700</B ></P ></DD ><DT @@ -7701,27 +8118,17 @@ NAME="FORCESECURITYMODE" mask may be treated as a set of bits that, when modifying security on a file, the user has always set to be 'on'.</P ><P ->If not set explicitly this parameter is set to the same - value as the <A -HREF="#FORCECREATEMODE" -><TT -CLASS="PARAMETER" -><I ->force - create mode</I -></TT -></A -> parameter. To allow a user to - modify all the user/group/world permissions on a file, with no - restrictions set this parameter to 000.</P +>If not set explicitly this parameter is set to 0, + and allows a user to modify all the user/group/world permissions on a file, + with no restrictions.</P ><P ><EM >Note</EM > that users who can access the Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. - Administrators of most normal systems will probably want to set - it to 0000.</P + Administrators of most normal systems will probably want to leave + this set to 0000.</P ><P >See also the <A HREF="#FORCEDIRECTORYSECURITYMODE" @@ -7753,13 +8160,12 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->force security mode = <same as force - create mode></B +>force security mode = 0</B ></P ><P >Example: <B CLASS="COMMAND" ->force security mode = 0</B +>force security mode = 700</B ></P ></DD ><DT @@ -11634,6 +12040,36 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="OBEYPAMRESTRICTIONS" +></A +>obey pam restrictions (G)</DT +><DD +><P +>When Samba 2.2 is configure to enable PAM support + (i.e. --with-pam), this parameter will control whether or not Samba + should obey PAM's account and session management directives. The + default behavior is to use PAM for clear text authentication only + and to ignore any account or session management. Note that Samba + always ignores PAM for authentication in the case of <A +HREF="#ENCRYPTPASSWORDS" +><TT +CLASS="PARAMETER" +><I +>encrypt passwords = yes</I +></TT +> + </A +>. The reason is that PAM modules cannot support the challenge/response + authentication mechanism needed in the presence of SMB password encryption. + </P +><P +>Default: <B +CLASS="COMMAND" +>obey pam restrictions = no</B +></P +></DD +><DT +><A NAME="ONLYUSER" ></A >only user (S)</DT @@ -11694,30 +12130,6 @@ CLASS="COMMAND" ></DD ><DT ><A -NAME="OLELOCKINGCOMPATIBILITY" -></A ->ole locking compatibility (G)</DT -><DD -><P ->This parameter allows an administrator to turn - off the byte range lock manipulation that is done within Samba to - give compatibility for OLE applications. Windows OLE applications - use byte range locking as a form of inter-process communication, by - locking ranges of bytes around the 2^32 region of a file range. This - can cause certain UNIX lock managers to crash or otherwise cause - problems. Setting this parameter to <TT -CLASS="CONSTANT" ->no</TT -> means you - trust your UNIX lock manager to handle such cases correctly.</P -><P ->Default: <B -CLASS="COMMAND" ->ole locking compatibility = yes</B -></P -></DD -><DT -><A NAME="ONLYGUEST" ></A >only guest (S)</DT @@ -11952,6 +12364,33 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="PAMPASSWORDCHANGE" +></A +>pam password change (G)</DT +><DD +><P +>With the addition of better PAM support in Samba 2.2, + this parameter, it is possible to use PAM's password change control + flag for Samba. If enabled, then PAM will be used for password + changes when requested by an SMB client, and the <A +HREF="#PASSWDCHAT" +><TT +CLASS="PARAMETER" +><I +>passwd chat</I +></TT +></A +> string will + be ignored. + </P +><P +>Default: <B +CLASS="COMMAND" +>pam password change = no</B +></P +></DD +><DT +><A NAME="PANICACTION" ></A >panic action (G)</DT @@ -13990,6 +14429,102 @@ CLASS="COMMAND" ></DD ><DT ><A +NAME="RESTRICTACLWITHMASK" +></A +>restrict acl with mask (S)</DT +><DD +><P +>This is a boolean parameter. If set to false (default), then + Creation of files with access control lists (ACLS) and modification of ACLs + using the Windows NT/2000 ACL editor will be applied directly to the file + or directory.</P +><P +>If set to True, then all requests to set an ACL on a file will have the + parameters <A +HREF="#CREATEMASK" +><TT +CLASS="PARAMETER" +><I +>create mask</I +></TT +></A +>, + <A +HREF="#FORCECREATEMODE" +><TT +CLASS="PARAMETER" +><I +>force create mode</I +></TT +></A +> + applied before setting the ACL, and all requests to set an ACL on a directory will + have the parameters <A +HREF="#DIRECTORYMASK" +><TT +CLASS="PARAMETER" +><I +>directory + mask</I +></TT +></A +>, <A +HREF="#FORCEDIRECTORYMODE" +><TT +CLASS="PARAMETER" +><I +>force + directory mode</I +></TT +></A +> applied before setting the ACL. + </P +><P +>See also <A +HREF="#CREATEMASK" +><TT +CLASS="PARAMETER" +><I +>create mask</I +></TT +></A +>, + <A +HREF="#FORCECREATEMODE" +><TT +CLASS="PARAMETER" +><I +>force create mode</I +></TT +></A +>, + <A +HREF="#DIRECTORYMASK" +><TT +CLASS="PARAMETER" +><I +>directory mask</I +></TT +></A +>, + <A +HREF="#FORCEDIRECTORYMODE" +><TT +CLASS="PARAMETER" +><I +>force directory mode</I +></TT +></A +> + </P +><P +>Default: <B +CLASS="COMMAND" +>restrict acl with mask = no</B +></P +></DD +><DT +><A NAME="RESTRICTANONYMOUS" ></A >restrict anonymous (G)</DT @@ -14819,19 +15354,9 @@ NAME="SECURITYMASK" mask may be treated as a set of bits the user is not allowed to change.</P ><P ->If not set explicitly this parameter is set to the same - value as the <A -HREF="#CREATEMASK" -><TT -CLASS="PARAMETER" -><I ->create mask - </I -></TT -></A -> parameter. To allow a user to modify all the - user/group/world permissions on a file, set this parameter to - 0777.</P +>If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions on a file. + </P ><P ><EM >Note</EM @@ -14839,7 +15364,7 @@ CLASS="PARAMETER" Samba server through other means can easily bypass this restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most normal systems will - probably want to set it to 0777.</P + probably want to leave it set to 0777.</P ><P >See also the <A HREF="#FORCEDIRECTORYSECURITYMODE" @@ -14871,13 +15396,12 @@ CLASS="PARAMETER" ><P >Default: <B CLASS="COMMAND" ->security mask = <same as create mask> - </B +>security mask = 0777</B ></P ><P >Example: <B CLASS="COMMAND" ->security mask = 0777</B +>security mask = 0770</B ></P ></DD ><DT @@ -17781,7 +18305,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5643" +NAME="AEN5786" ></A ><H2 >WARNINGS</H2 @@ -17811,7 +18335,7 @@ TARGET="_top" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5649" +NAME="AEN5792" ></A ><H2 >VERSION</H2 @@ -17822,7 +18346,7 @@ NAME="AEN5649" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5652" +NAME="AEN5795" ></A ><H2 >SEE ALSO</H2 @@ -17901,7 +18425,7 @@ CLASS="COMMAND" ><DIV CLASS="REFSECT1" ><A -NAME="AEN5672" +NAME="AEN5815" ></A ><H2 >AUTHOR</H2 diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html index c8cb14ccd31..7136d3e981e 100644 --- a/docs/htmldocs/smbcontrol.1.html +++ b/docs/htmldocs/smbcontrol.1.html @@ -14,7 +14,7 @@ VLINK="#840084" ALINK="#0000FF" ><H1 ><A -NAME="FINDSMB" +NAME="SMBCONTROL" >smbcontrol</A ></H1 ><DIV diff --git a/docs/htmldocs/smbspool.8.html b/docs/htmldocs/smbspool.8.html index d29db41716a..f689b4a0bce 100644 --- a/docs/htmldocs/smbspool.8.html +++ b/docs/htmldocs/smbspool.8.html @@ -14,7 +14,7 @@ VLINK="#840084" ALINK="#0000FF" ><H1 ><A -NAME="FINDSMB" +NAME="SMBSPOOL" >smbspool</A ></H1 ><DIV @@ -24,7 +24,7 @@ NAME="AEN5" ></A ><H2 >Name</H2 ->nmblookup -- send print file to an SMB printer</DIV +>smbspool -- send print file to an SMB printer</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html index cc366638dfe..1d3dc9f952a 100644 --- a/docs/htmldocs/smbstatus.1.html +++ b/docs/htmldocs/smbstatus.1.html @@ -14,7 +14,7 @@ VLINK="#840084" ALINK="#0000FF" ><H1 ><A -NAME="FINDSMB" +NAME="SMBSTATUS" >smbstatus</A ></H1 ><DIV diff --git a/docs/htmldocs/using_samba/licenseinfo.html b/docs/htmldocs/using_samba/licenseinfo.html index 71bc74def8b..7e8962a8325 100644 --- a/docs/htmldocs/using_samba/licenseinfo.html +++ b/docs/htmldocs/using_samba/licenseinfo.html @@ -38,8 +38,8 @@ should read: O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <p> For an excerpt, the reference should read: @@ -50,8 +50,8 @@ For an excerpt, the reference should read: and published by O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <p> Translations must contain similar references in the target @@ -64,8 +64,8 @@ the following: published by O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <p> Both commercial and noncommercial redistribution of material diff --git a/docs/htmldocs/using_samba/this_edition.html b/docs/htmldocs/using_samba/this_edition.html index 839f65737a0..71522ac31e1 100644 --- a/docs/htmldocs/using_samba/this_edition.html +++ b/docs/htmldocs/using_samba/this_edition.html @@ -31,8 +31,8 @@ By Robert Eckstein, David Collier-Brown & Peter Kelly O'Reilly & Associates. This material may be distributed only subject to the terms and conditions set forth in the license, which is presently available at - <a href="http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html"> - http://www.oreilly.com/catalog/samba/chapter/licenseinfo.html</a>. + <a href="http://www.oreilly.com/catalog/samba/licenseinfo.html"> + http://www.oreilly.com/catalog/samba/licenseinfo.html</a>. </blockquote> <hr size=1 noshade> |