From 12eea1a70b0c8331aabc09e5ae464d7863de6240 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 12 Aug 2003 22:36:55 +0000 Subject: [PATCH] Better compatibility with official syntax --- docs/docbook/projdoc/Samba-PDC-HOWTO.xml | 4 ++-- docs/docbook/projdoc/passdb.xml | 2 +- docs/docbook/smbdotconf/base/netbiosaliases.xml | 2 +- docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml | 4 ++-- docs/docbook/smbdotconf/logon/adduserscript.xml | 2 +- docs/docbook/smbdotconf/logon/logonscript.xml | 4 ++-- docs/docbook/smbdotconf/misc/remoteannounce.xml | 3 +-- docs/docbook/smbdotconf/printing/os2drivermap.xml | 5 ++--- docs/docbook/smbdotconf/protocol/clientusespnego.xml | 3 +++ docs/docbook/smbdotconf/protocol/nameresolveorder.xml | 2 +- docs/docbook/smbdotconf/protocol/profileacls.xml | 13 +++++++++---- docs/docbook/smbdotconf/security/allowtrusteddomains.xml | 2 +- docs/docbook/smbdotconf/security/guestaccount.xml | 4 ++-- docs/docbook/smbdotconf/security/passdbbackend.xml | 13 +++---------- docs/docbook/smbdotconf/security/passwdprogram.xml | 12 ++---------- docs/docbook/smbdotconf/security/security.xml | 4 ++-- docs/docbook/smbdotconf/tuning/usesendfile.xml | 6 ++++-- docs/docbook/smbdotconf/vfs/hostmsdfs.xml | 6 ++++-- docs/docbook/smbdotconf/vfs/msdfsroot.xml | 7 ++++--- docs/docbook/smbdotconf/vfs/vfsobjects.xml | 11 +---------- docs/docbook/smbdotconf/winbind/idmapgid.xml | 2 +- docs/docbook/smbdotconf/wins/winsserver.xml | 2 +- 22 files changed, 50 insertions(+), 63 deletions(-) diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml index b19609a0930..62aec85f164 100644 --- a/docs/docbook/projdoc/Samba-PDC-HOWTO.xml +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.xml @@ -224,7 +224,7 @@ LDAP based user and machine account back end. New to Samba-3 is the ability to use a back-end database that holds the same type of data as the NT4 style SAM (Security Account Manager) database (one of the registry files). -See also . +See also . @@ -388,7 +388,7 @@ A Domain Controller is an SMB/CIFS server that: For Samba to provide these is rather easy to configure. Each Samba Domain Controller must provide the NETLOGON service which Samba calls the domain logons functionality (after the name of the parameter in the &smb.conf; file). Additionally, one (1) server in a Samba-3 -Domain must advertise itself as the domain master browserSee also . This causes the Primary Domain Controller +Domain must advertise itself as the domain master browserSee also . This causes the Primary Domain Controller to claim domain specific NetBIOS name that identifies it as a domain master browser for its given domain/workgroup. Local master browsers in the same domain/workgroup on broadcast-isolated subnets then ask for a complete copy of the browse list for the whole wide area network. Browser clients diff --git a/docs/docbook/projdoc/passdb.xml b/docs/docbook/projdoc/passdb.xml index ab7c9932fb2..4bc2634528f 100644 --- a/docs/docbook/projdoc/passdb.xml +++ b/docs/docbook/projdoc/passdb.xml @@ -1313,7 +1313,7 @@ Refer to the logon home parameter in the &smb.conf; man page only - Only update the LDAP password and let the LDAP server worry about the other fields. This option is only available on some LDAP servers. Only when the LDAP server supports LDAP_EXOP_X_MODIFY_PASSWD + Only update the LDAP password and let the LDAP server worry about the other fields. This option is only available on some LDAP servers. Only when the LDAP server supports LDAP_EXOP_X_MODIFY_PASSWD diff --git a/docs/docbook/smbdotconf/base/netbiosaliases.xml b/docs/docbook/smbdotconf/base/netbiosaliases.xml index a62fb8f7d68..ac8ffaf2b9a 100644 --- a/docs/docbook/smbdotconf/base/netbiosaliases.xml +++ b/docs/docbook/smbdotconf/base/netbiosaliases.xml @@ -3,7 +3,7 @@ advanced="1" wizard="1" developer="1" xmlns:samba="http://samba.org/common"> - This is a list of NetBIOS names that nmbd(8) will + This is a list of NetBIOS names that nmbd will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none of these names will be advertised as either browse server or logon diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml index 06017fce595..7caf3058c94 100644 --- a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml +++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml @@ -5,8 +5,8 @@ If a Samba server is a member of a Windows NT Domain (see the security = domain) - parameter) then periodically a running - smbd(8) process will try and change the MACHINE ACCOUNT + parameter) then periodically a running smbd + process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called private/secrets.tdb . This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml index 34d3e7ea586..42f7b045637 100644 --- a/docs/docbook/smbdotconf/logon/adduserscript.xml +++ b/docs/docbook/smbdotconf/logon/adduserscript.xml @@ -11,7 +11,7 @@ created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the - Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users + Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users ON DEMAND when a user accesses the Samba server. In order to use this option, smbd diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml index 65b6253c0c0..a1e8e0c03b5 100644 --- a/docs/docbook/smbdotconf/logon/logonscript.xml +++ b/docs/docbook/smbdotconf/logon/logonscript.xml @@ -22,8 +22,8 @@ suggested command would be to add NET TIME \\SERVER /SET /YES, to force every machine to synchronize clocks with the same time server. Another use would be to add NET USE - U: \\SERVER\UTILS for commonly used utilities, or - NET USE Q: \\SERVER\ISO9001_QA for example. + U: \\SERVER\UTILS for commonly used utilities, or + NET USE Q: \\SERVER\ISO9001_QA for example. Note that it is particularly important not to allow write access to the [netlogon] share, or to grant users write permission diff --git a/docs/docbook/smbdotconf/misc/remoteannounce.xml b/docs/docbook/smbdotconf/misc/remoteannounce.xml index 019cc306a7b..d03ea8b0e25 100644 --- a/docs/docbook/smbdotconf/misc/remoteannounce.xml +++ b/docs/docbook/smbdotconf/misc/remoteannounce.xml @@ -27,8 +27,7 @@ addresses of the remote networks, but can also be the IP addresses of known browse masters if your network config is that stable. - See the documentation file BROWSING - in the docs/ directory. + See . Default: remote announce = <empty string> diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml index 478031c7b9c..ffaa58fe2a7 100644 --- a/docs/docbook/smbdotconf/printing/os2drivermap.xml +++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml @@ -14,9 +14,8 @@ LaserJet 5L. The need for the file is due to the printer driver namespace - problem described in the Samba - Printing HOWTO. For more details on OS/2 clients, please - refer to the OS2-Client-HOWTO containing in the Samba documentation. + problem described in . For more details on OS/2 clients, please + refer to . Default: os2 driver map = <empty string> diff --git a/docs/docbook/smbdotconf/protocol/clientusespnego.xml b/docs/docbook/smbdotconf/protocol/clientusespnego.xml index df25fbfb207..ce187a36fa0 100644 --- a/docs/docbook/smbdotconf/protocol/clientusespnego.xml +++ b/docs/docbook/smbdotconf/protocol/clientusespnego.xml @@ -6,6 +6,9 @@ This variable controls controls whether samba clients will try to use Simple and Protected NEGOciation (as specified by rfc2478) with WindowsXP and Windows2000 servers to agree upon an authentication mechanism. + SPNEGO client support for SMB Signing is currently broken, so + you might want to turn this option off when operating with + Windows 2003 domain controllers in particular. Default: client use spnego = yes diff --git a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml index 4e88495489a..45bc98843f9 100644 --- a/docs/docbook/smbdotconf/protocol/nameresolveorder.xml +++ b/docs/docbook/smbdotconf/protocol/nameresolveorder.xml @@ -18,7 +18,7 @@ lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + noescape="1" url="lmhosts.5.html">lmhosts(5) for details) then any name type matches for lookup. diff --git a/docs/docbook/smbdotconf/protocol/profileacls.xml b/docs/docbook/smbdotconf/protocol/profileacls.xml index 6f2b3ec510a..505f3718092 100644 --- a/docs/docbook/smbdotconf/protocol/profileacls.xml +++ b/docs/docbook/smbdotconf/protocol/profileacls.xml @@ -10,7 +10,10 @@ Windows XP clients. New versions of Windows 2000 or Windows XP service packs do security ACL checking on the owner and ability to write of the profile directory stored on a local workstation when copied from a Samba - share. When not in domain mode with winbindd then the security info copied + share. + + +When not in domain mode with winbindd then the security info copied onto the local workstation has no meaning to the logged in user (SID) on that workstation so the profile storing fails. Adding this parameter onto a share used for profile storage changes two things about the @@ -19,15 +22,17 @@ BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to every returned ACL. This will allow any Windows 2000 or XP workstation - user to access the profile. Note that if you have multiple users logging + user to access the profile. + + Note that if you have multiple users logging on to a workstation then in order to prevent them from being able to access each others profiles you must remove the "Bypass traverse checking" advanced user right. This will prevent access to other users profile directories as the top level profile directory (named after the user) is created by the workstation profile code and has an ACL restricting entry to the directory tree to the owning user. - - + + Default: profile acls = no diff --git a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml index 63363d26070..8354f8b8dad 100644 --- a/docs/docbook/smbdotconf/security/allowtrusteddomains.xml +++ b/docs/docbook/smbdotconf/security/allowtrusteddomains.xml @@ -7,7 +7,7 @@ security option is set to server or domain. If it is set to no, then attempts to connect to a resource from - a domain or workgroup other than the one which smbd is running + a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication. diff --git a/docs/docbook/smbdotconf/security/guestaccount.xml b/docs/docbook/smbdotconf/security/guestaccount.xml index f9192748f9b..9db3b6362d8 100644 --- a/docs/docbook/smbdotconf/security/guestaccount.xml +++ b/docs/docbook/smbdotconf/security/guestaccount.xml @@ -1,5 +1,5 @@ @@ -13,7 +13,7 @@ the specified username overrides this one. - On some systems the default guest account "nobody" may not + One some systems the default guest account "nobody" may not be able to print. Use another account in this case. You should test this by trying to log in as your guest user (perhaps by using the su - command) and trying to print using the diff --git a/docs/docbook/smbdotconf/security/passdbbackend.xml b/docs/docbook/smbdotconf/security/passdbbackend.xml index 1a3a83946ad..8c64299dd42 100644 --- a/docs/docbook/smbdotconf/security/passdbbackend.xml +++ b/docs/docbook/smbdotconf/security/passdbbackend.xml @@ -55,22 +55,15 @@ details. - - guest - - Very simple backend that only provides one user: the guest user. - Only maps the NT guest user to the guest account. - Required in pretty much all situations. - - Default: passdb backend = smbpasswd - Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd guest + Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb smbpasswd:/etc/samba/smbpasswd - Example: passdb backend = ldapsam:ldaps://ldap.example.com guest + Example: passdb backend = ldapsam:ldaps://ldap.example.com - Example: passdb backend = mysql:my_plugin_args tdbsam:/etc/samba/private/passdb.tdb guest + Example: passdb backend = mysql:my_plugin_args tdbsam diff --git a/docs/docbook/smbdotconf/security/passwdprogram.xml b/docs/docbook/smbdotconf/security/passwdprogram.xml index 22235322c8d..db026701580 100644 --- a/docs/docbook/smbdotconf/security/passwdprogram.xml +++ b/docs/docbook/smbdotconf/security/passwdprogram.xml @@ -17,9 +17,8 @@ Note that if the unix password sync parameter is set to yes then this program is called AS ROOT - before the SMB password in the - smbpasswd5 - file is changed. If this UNIX password change fails, then + before the SMB password in the smbpasswd + file is changed. If this UNIX password change fails, then smbd will fail to change the SMB password also (this is by design). @@ -29,13 +28,6 @@ for security implications. Note that by default unix password sync is set to no. - Not that this program is only invoked when a password change is - done via the smbd program, not when smbpasswd is used locally as root to - change a password. This means that you cannot run "smbpasswd USERNAME" as - root on the SMB server in order to test this parameter, but should run the - command "smbpasswd -r SMBMACHINE" as a non-root user instead if you want - to test the invocation of this program. - See also unix password sync. diff --git a/docs/docbook/smbdotconf/security/security.xml b/docs/docbook/smbdotconf/security/security.xml index 389e8dd0098..030abc1de14 100644 --- a/docs/docbook/smbdotconf/security/security.xml +++ b/docs/docbook/smbdotconf/security/security.xml @@ -19,8 +19,8 @@ Windows NT. The alternatives are security = share, - security = server, security = domain - , or security = ads. + security = server or security = domain + . In versions of Samba prior to 2.0.0, the default was security = share mainly because that was diff --git a/docs/docbook/smbdotconf/tuning/usesendfile.xml b/docs/docbook/smbdotconf/tuning/usesendfile.xml index e8b8213ec37..6bbd6515499 100644 --- a/docs/docbook/smbdotconf/tuning/usesendfile.xml +++ b/docs/docbook/smbdotconf/tuning/usesendfile.xml @@ -2,11 +2,13 @@ context="S" xmlns:samba="http://samba.org/common"> - If this parameter is yes, and the underlying operating + If this parameter is yes, and Samba + was built with the --with-sendfile-support option, and the underlying operating system supports sendfile system call, then some SMB read calls (mainly ReadAndX and ReadRaw) will use the more efficient sendfile system call for files that are exclusively oplocked. This may make more efficient use of the system CPU's - and cause Samba to be faster. + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet. Default: use sendfile = no diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml index c76c3b6c1d5..4e8dfe7a79f 100644 --- a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml +++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml @@ -3,14 +3,16 @@ advanced="1" developer="1" xmlns:samba="http://samba.org/common"> - If set to yes, + This boolean parameter is only available + if Samba has been configured and compiled with the + --with-msdfs option. If set to yes, Samba will act as a Dfs server, and allow Dfs-aware clients to browse Dfs trees hosted on the server. See also the msdfs root share level parameter. For more information on setting up a Dfs tree on Samba, - refer to msdfs_setup.html. + refer to . Default: host msdfs = no diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml index eaed6f68e9b..e72bf89b1f4 100644 --- a/docs/docbook/smbdotconf/vfs/msdfsroot.xml +++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml @@ -2,14 +2,15 @@ context="S" xmlns:samba="http://samba.org/common"> - If set to yes, + This boolean parameter is only available if + Samba is configured and compiled with the + --with-msdfs option. If set to yes, Samba treats the share as a Dfs root and allows clients to browse the distributed file system tree rooted at the share directory. Dfs links are specified in the share directory by symbolic links of the form msdfs:serverA\\shareA,serverB\\shareB and so on. For more information on setting up a Dfs tree - on Samba, refer to "Hosting a Microsoft - Distributed File System tree on Samba" document. + on Samba, refer to . See also host msdfs diff --git a/docs/docbook/smbdotconf/vfs/vfsobjects.xml b/docs/docbook/smbdotconf/vfs/vfsobjects.xml index 85f50164015..32a10b5bd63 100644 --- a/docs/docbook/smbdotconf/vfs/vfsobjects.xml +++ b/docs/docbook/smbdotconf/vfs/vfsobjects.xml @@ -2,19 +2,10 @@ context="S" xmlns:samba="http://samba.org/common"> - This parameter specifies the backend module names which + This parameter specifies the backend names which are used for Samba VFS I/O operations. By default, normal disk I/O operations are used but these can be overloaded with one or more VFS objects. - - Options for a given VFS module are specified one per line - smb.conf perfaced by the module name and a colon (:). Such as - - foo:bar=biddle - - where 'foo' is the name of VFS module, 'bar' is a parameter supported - by ;foo;, and 'biddle' is the value of the option 'bar'. Refer to the - manpage for a given VFS modules regarding the options supported by that module. Default: no value diff --git a/docs/docbook/smbdotconf/winbind/idmapgid.xml b/docs/docbook/smbdotconf/winbind/idmapgid.xml index 43a8e34fad0..8bd46a80c60 100644 --- a/docs/docbook/smbdotconf/winbind/idmapgid.xml +++ b/docs/docbook/smbdotconf/winbind/idmapgid.xml @@ -5,7 +5,7 @@ The idmap gid parameter specifies the range of group ids that are allocated for - the purpose of mapping UNIX groups to NT group SIDs. This range of group ids should have no + the purpose of mapping UNX groups to NT group SIDs. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise. The availability of an idmap gid range is essential for correct operation of diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml index 12ee635acdf..577a130ff18 100644 --- a/docs/docbook/smbdotconf/wins/winsserver.xml +++ b/docs/docbook/smbdotconf/wins/winsserver.xml @@ -21,7 +21,7 @@ to a WINS server if you have multiple subnets and wish cross-subnet browsing to work correctly. - See the documentation file Browsing in the samba howto collection. + See the . Default: not enabled -- 2.11.4.GIT