The Samba-Bugzilla – Attachment 8024 Details for
Bug 9274
backport documentation changes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patches for v4-0-test
tmp40.diff (text/plain), 167.37 KB, created by
Stefan Metzmacher
on 2012-10-09 20:04:54 UTC
(
hide
)
Description:
Patches for v4-0-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2012-10-09 20:04:54 UTC
Size:
167.37 KB
patch
obsolete
>From e9db898151b810cce5aee7cb7682e279059c4457 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 09:28:06 -0700 >Subject: [PATCH 01/50] docs: Update docs to the modern age of Samba 4.0 > >This removes references to security=share, security=server and other outdated things. > >It also updates to a world where encrypted passwords are the norm. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml | 40 ++--- > docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml | 242 +------------------------- > 2 files changed, 15 insertions(+), 267 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml >index 951c879..5ea2db2 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Diagnosis.xml >@@ -130,9 +130,9 @@ configuration file is faulty. > > <note><para> > <indexterm><primary>/etc/samba</primary></indexterm> >-<indexterm><primary>/usr/local/samba/lib</primary></indexterm> >+<indexterm><primary>/usr/local/samba/etc</primary></indexterm> > Your &smb.conf; file may be located in <filename>/etc/samba</filename> >-or in <filename>/usr/local/samba/lib</filename>. >+or in <filename>/usr/local/samba/etc</filename>. > </para></note> > </step> > >@@ -431,8 +431,9 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c > <orderedlist> > <listitem> > <para> >- You have shadow passwords (or some other password system) but didn't >- compile in support for them in &smbd;. >+ Password encryption is enabled by default, but you have not >+ yet set a password for your samba user. Run >+ <command>smbpasswd -a username</command> > </para> > </listitem> > >@@ -444,7 +445,8 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c > > <listitem> > <para> >- You have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level. >+ You have explicitly disabled encrypted passwords with >+ <smbconfoption name="encrypt passwords">no</smbconfoption> have a mixed-case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level. > </para> > </listitem> > >@@ -454,12 +456,6 @@ If it says <quote><errorname>bad password,</errorname></quote> then the likely c > </para> > </listitem> > >-<listitem> >- <para> >- You enabled password encryption but didn't map UNIX to Samba users. Run >- <command>smbpasswd -a username</command> >- </para> >-</listitem> > </orderedlist> > > <para> >@@ -544,17 +540,7 @@ and other config lines in &smb.conf; are correct. > </para> > > <para> >-It's also possible that the server can't work out what username to connect you as. >-To see if this is the problem, add the line >-<smbconfoption name="user">username</smbconfoption> to the >-<smbconfsection name="[tmp]"/> section of >-&smb.conf; where <parameter>username</parameter> is the >-username corresponding to the password you typed. If you find this >-fixes things, you may need the username mapping option. >-</para> >- >-<para> >-It might also be the case that your client only sends encrypted passwords >+By default, most clients only sends encrypted passwords > and you have <smbconfoption name="encrypt passwords">no</smbconfoption> in &smb.conf;. > Change this setting to `yes' to fix this. > </para> >@@ -587,13 +573,9 @@ From file manager, try to browse the server. Your Samba server should > appear in the browse list of your local workgroup (or the one you > specified in &smb.conf;). You should be able to double-click on the name > of the server and get a list of shares. If you get the error message <quote>invalid password,</quote> >- you are probably running Windows NT and it >-is refusing to browse a server that has no encrypted password >-capability and is in user-level security mode. In this case, either set >-<smbconfoption name="security">server</smbconfoption> and >-<smbconfoption name="password server">Windows_NT_Machine</smbconfoption> in your >-&smb.conf; file or make sure <smbconfoption name="encrypt passwords"/> is >-set to <quote>yes</quote>. >+your client may be refusing to browse a server that has no encrypted password >+capability. In this case make sure <smbconfoption name="encrypt passwords"/> is >+set to <quote>yes</quote> and repeat the steps in this gude. > </para> > > </step> >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml >index 0b90c92..cb92766 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml >@@ -177,24 +177,10 @@ protocol. Since some time around 1996 the protocol has been better known as the > <indexterm><primary>security levels</primary></indexterm> > <indexterm><primary>security modes</primary></indexterm> > <indexterm><primary>user-level</primary></indexterm> >-<indexterm><primary>share-level</primary></indexterm> >-In the SMB/CIFS networking world, there are only two types of security: <emphasis>user-level</emphasis> and >-<emphasis>share level</emphasis>. We refer to these collectively as <emphasis>security levels</emphasis>. In >-implementing these two security levels, Samba provides flexibilities that are not available with MS Windows >-NT4/200x servers. In fact, Samba implements <emphasis>share-level</emphasis> security only one way, but has >-four ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba >+Samba has three ways of implementing <emphasis>user-level</emphasis> security. Collectively, we call the Samba > implementations of the security levels <emphasis>security modes</emphasis>. They are known as >-<emphasis>share</emphasis>, <emphasis>user</emphasis>, <emphasis>domain</emphasis>, <emphasis>ADS</emphasis>, >-and <emphasis>server</emphasis> modes. They are documented in this chapter. >-</para> >- >-<para> >-An SMB server informs the client, at the time of a session setup, the security level the server is running. >-There are two options: share-level and user-level. Which of these two the client receives affects the way the >-client then tries to authenticate itself. It does not directly affect (to any great extent) the way the Samba >-server does security. This may sound strange, but it fits in with the client/server approach of SMB. In SMB >-everything is initiated and controlled by the client, and the server can only tell the client what is >-available and whether an action is allowed. >+<emphasis>user</emphasis>, <emphasis>domain</emphasis> and >+<emphasis>ADS</emphasis> modes. They are documented in this chapter. > </para> > > <para> >@@ -268,71 +254,6 @@ This is the default setting since Samba-2.2.x. > > </sect2> > <sect2> >-<title>Share-Level Security</title> >- >-<para> >-<indexterm><primary>share-level</primary></indexterm> >-<indexterm><primary>mount</primary></indexterm> >-In share-level security, the client authenticates itself separately for each share. It sends a password along >-with each tree connection request (share mount), but it does not explicitly send a username with this >-operation. The client expects a password to be associated with each share, independent of the user. This means >-that Samba has to work out what username the client probably wants to use, >-because the username is not explicitly sent to the SMB server. Some commercial SMB servers such as NT actually associate passwords directly with shares >-in share-level security, but Samba always uses the UNIX authentication scheme where it is a username/password >-pair that is authenticated, not a share/password pair. >-</para> >- >-<para> >-To understand the MS Windows networking parallels, think in terms of MS Windows 9x/Me where you can create a >-shared folder that provides read-only or full access, with or without a password. >-</para> >- >-<para> >-Many clients send a session setup request even if the server is in share-level security. They normally send a valid >-username but no password. Samba records this username in a list of possible usernames. When the client then >-issues a tree connection request, it also adds to this list the name of the share they try to connect to (useful for >-home directories) and any users listed in the <smbconfoption name="user"/> parameter in the &smb.conf; file. >-The password is then checked in turn against these possible usernames. If a match is found, then the client is >-authenticated as that user. >-</para> >- >-<para> >-<indexterm><primary>name service switch</primary><see>NSS</see></indexterm> >-<indexterm><primary>/etc/passwd</primary></indexterm> >-<indexterm><primary>nsswitch.conf</primary></indexterm> >-Where the list of possible user names is not provided, Samba makes a UNIX system call to find the user >-account that has a password that matches the one provided from the standard account database. On a system that >-has no name service switch (NSS) facility, such lookups will be from the <filename>/etc/passwd</filename> >-database. On NSS enabled systems, the lookup will go to the libraries that have been specified in the >-<filename>nsswitch.conf</filename> file. The entries in that file in which the libraries are specified are: >-<screen> >-passwd: files nis ldap >-shadow: files nis ldap >-group: files nis ldap >-</screen> >-<indexterm><primary>/etc/passwd</primary></indexterm> >-<indexterm><primary>/etc/group</primary></indexterm> >-<indexterm><primary>NIS</primary></indexterm> >-In the example shown here (not likely to be used in practice) the lookup will check >-<filename>/etc/passwd</filename> and <filename>/etc/group</filename>, if not found it will check NIS, then >-LDAP. >-</para> >- >-<sect3> >-<title>Example Configuration</title> >- >-<para> >-The &smb.conf; parameter that sets share-level security is: >-</para> >- >-<para><smbconfblock> >-<smbconfoption name="security">share</smbconfoption> >-</smbconfblock></para> >- >-</sect3> >-</sect2> >- >-<sect2> > <title>Domain Security Mode (User-Level Security)</title> > > <para> >@@ -418,32 +339,12 @@ security domain. This is done as follows: > > > <procedure> >- <step><para>On the MS Windows NT domain controller, using >- the Server Manager, add a machine account for the Samba server. >- </para></step> >- > <step><para>On the UNIX/Linux system execute:</para> > > <para><screen>&rootprompt;<userinput>net rpc join -U administrator%password</userinput></screen></para> > </step> > </procedure> > >-<note><para> >-<indexterm><primary>smbpasswd</primary></indexterm> >-Samba-2.2.4 and later Samba 2.2.x series releases can autojoin a Windows NT4-style domain just by executing: >-<screen> >-&rootprompt;<userinput>smbpasswd -j <replaceable>DOMAIN_NAME</replaceable> -r <replaceable>PDC_NAME</replaceable> \ >- -U Administrator%<replaceable>password</replaceable></userinput> >-</screen> >-<indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>join</tertiary></indexterm> >-Samba-3 can do the same by executing: >-<screen> >-&rootprompt;<userinput>net rpc join -U Administrator%<replaceable>password</replaceable></userinput> >-</screen> >-It is not necessary with Samba-3 to specify the <replaceable>DOMAIN_NAME</replaceable> or the >-<replaceable>PDC_NAME</replaceable>, as it figures this out from the &smb.conf; file settings. >-</para></note> >- > <para> > <indexterm><primary>invalid shell</primary></indexterm> > <indexterm><primary>/etc/passwd</primary></indexterm> >@@ -481,7 +382,7 @@ For more information regarding domain membership, <link linkend="domain-member"> > <para> > <indexterm><primary>ADS</primary></indexterm> > <indexterm><primary>native mode</primary></indexterm> >-Both Samba-2.2, and Samba-3 can join an Active Directory domain using NT4 style RPC based security. This is >+Samba can join an Active Directory domain using NT4 style RPC based security. This is > possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style > domain members. This is contrary to popular belief. > </para> >@@ -527,103 +428,6 @@ ADS Domain Membership</link> for more information regarding this configuration o > </sect3> > </sect2> > >-<sect2> >-<title>Server Security (User Level Security)</title> >- >-<para> >-Server security mode is left over from the time when Samba was not capable of acting >-as a domain member server. It is highly recommended not to use this feature. Server >-security mode has many drawbacks that include: >-</para> >- >-<itemizedlist> >- <listitem><para>Potential account lockout on MS Windows NT4/200x password servers.</para></listitem> >- <listitem><para>Lack of assurance that the password server is the one specified.</para></listitem> >- <listitem><para>Does not work with Winbind, which is particularly needed when storing profiles remotely.</para></listitem> >- <listitem><para>This mode may open connections to the password server and keep them open for extended periods.</para></listitem> >- <listitem><para>Security on the Samba server breaks badly when the remote password server suddenly shuts down.</para></listitem> >- <listitem><para>With this mode there is NO security account in the domain that the password server belongs to for the Samba server.</para></listitem> >-</itemizedlist> >- >-<para> >-<indexterm><primary>session setup</primary></indexterm> >-<indexterm><primary>SMB</primary></indexterm> >-In server security mode the Samba server reports to the client that it is in user-level security. The client >-then does a session setup as described earlier. The Samba server takes the username/password that the client >-sends and attempts to log into the <smbconfoption name="password server"/> by sending exactly the same >-username/password that it got from the client. If that server is in user-level security and accepts the >-password, then Samba accepts the client's connection. This parameter allows the Samba server to use another >-SMB server as the <smbconfoption name="password server"/>. >-</para> >- >-<para> >-<indexterm><primary>security level</primary></indexterm> >-<indexterm><primary>encryption</primary></indexterm> >-You should also note that at the start of all this, when the server tells the client >-what security level it is in, it also tells the client if it supports encryption. If it >-does, it supplies the client with a random cryptkey. The client will then send all >-passwords in encrypted form. Samba supports this type of encryption by default. >-</para> >- >-<para> >-The parameter <smbconfoption name="security">server</smbconfoption> means that Samba reports to clients that >-it is running in <emphasis>user mode</emphasis> but actually passes off all authentication requests to another >-user mode server. This requires an additional parameter <smbconfoption name="password server"/> that points to >-the real authentication server. The real authentication server can be another Samba server, or it can be a >-Windows NT server, the latter being natively capable of encrypted password support. >-</para> >- >-<note><para> >-<indexterm><primary>password server</primary></indexterm> >-<indexterm><primary>workgroup</primary></indexterm> >-When Samba is running in <emphasis>server security mode</emphasis>, it is essential that the parameter >-<emphasis>password server</emphasis> is set to the precise NetBIOS machine name of the target authentication >-server. Samba cannot determine this from NetBIOS name lookups because the choice of the target authentication >-server is arbitrary and cannot be determined from a domain name. In essence, a Samba server that is in >-<emphasis>server security mode</emphasis> is operating in what used to be known as workgroup mode. >-</para></note> >- >-<sect3> >-<title>Example Configuration</title> >-<para><emphasis> >-Using MS Windows NT as an Authentication Server >-</emphasis></para> >- >-<para> >-This method involves the additions of the following parameters in the &smb.conf; file: >-</para> >- >-<para><smbconfblock> >-<smbconfoption name="encrypt passwords">Yes</smbconfoption> >-<smbconfoption name="security">server</smbconfoption> >-<smbconfoption name="password server">"NetBIOS_name_of_a_DC"</smbconfoption> >-</smbconfblock></para> >- >- >-<para> >-There are two ways of identifying whether or not a username and password pair is valid. >-One uses the reply information provided as part of the authentication messaging >-process, the other uses just an error code. >-</para> >- >-<para> >-<indexterm><primary>bogus</primary></indexterm> >-<indexterm><primary>lockout</primary></indexterm> >-The downside of this mode of configuration is that for security reasons Samba >-will send the password server a bogus username and a bogus password, and if the remote >-server fails to reject the bogus username and password pair, then an alternative mode of >-identification or validation is used. Where a site uses password lockout, after a >-certain number of failed authentication attempts, this will result in user lockouts. >-</para> >- >-<para> >-Use of this mode of authentication requires a standard UNIX account for the user. >-This account can be blocked to prevent logons by non-SMB/CIFS clients. >-</para> >- >-</sect3> >-</sect2> >- > </sect1> > > <sect1> >@@ -738,24 +542,6 @@ to those for whom English is not their native tongue. > </para> > > <sect2> >-<title>What Makes Samba a Server?</title> >- >-<para> >-To some, the nature of the Samba security mode is obvious, but entirely >-wrong all the same. It is assumed that <smbconfoption name="security">server</smbconfoption> means that Samba >-will act as a server. Not so! This setting means that Samba will <emphasis>try</emphasis> >-to use another SMB server as its source for user authentication alone. >-</para> >- >-<para> >-Samba is a server regardless of which security mode is chosen. When Samba is used outside of a domain security >-context, it is best to leave the security mode at the default setting. By default Samba-3 uses user-mode >-security. >-</para> >- >-</sect2> >- >-<sect2> > <title>What Makes Samba a Domain Controller?</title> > > <para> >@@ -778,26 +564,6 @@ makes Samba act as a domain member. Read the manufacturer's manual before the wa > > </sect2> > >- >-<sect2> >-<title>Constantly Losing Connections to Password Server</title> >- >-<para><quote> >-Why does server_validate() simply give up rather than re-establish its connection to the >-password server? Though I am not fluent in the SMB protocol, perhaps the cluster server >-process passes along to its client workstation the session key it receives from the password >-server, which means the password hashes submitted by the client would not work on a subsequent >-connection whose session key would be different. So server_validate() must give up. >-</quote></para> >- >-<para> >-Indeed. That's why <smbconfoption name="security">server</smbconfoption> >-is at best a nasty hack. Please use <smbconfoption name="security">domain</smbconfoption>; >-<smbconfoption name="security">server</smbconfoption> mode is also known as pass-through authentication. >-</para> >- >-</sect2> >- > <sect2> > <title>Stand-alone Server is converted to Domain Controller &smbmdash; Now User accounts don't work</title> > >-- >1.7.9.5 > > >From 15f44e59dc9b9b40e64b6055c50cd58c90a53f34 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 09:29:51 -0700 >Subject: [PATCH 02/50] docs: Remove distinction between server and domain > accounts > >Accounts on a server become accounts on the DC when upgraded. If they do not >then this is simply a bug (in say tdbsam), not a feature to be documented. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml | 30 -------------------------- > 1 file changed, 30 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml >index cb92766..f0c07d2 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-ServerType.xml >@@ -564,36 +564,6 @@ makes Samba act as a domain member. Read the manufacturer's manual before the wa > > </sect2> > >-<sect2> >-<title>Stand-alone Server is converted to Domain Controller &smbmdash; Now User accounts don't work</title> >- >-<para><quote> >-When I try to log in to the DOMAIN, the eventlog shows <emphasis>tried credentials DOMAIN/username; effective >-credentials SERVER/username</emphasis> >-</quote></para> >- >-<para> >-Usually this is due to a user or machine account being created before the Samba server is configured to be a >-domain controller. Accounts created before the server becomes a domain controller will be >-<emphasis>local</emphasis> accounts and authenticated as what looks like a member in the SERVER domain, much >-like local user accounts in Windows 2000 and later. Accounts created after the Samba server becomes a domain >-controller will be <emphasis>domain</emphasis> accounts and will be authenticated as a member of the DOMAIN >-domain. >-</para> >- >-<para> >-This can be verified by issuing the command <command>pdbedit -L -v username</command>. If this reports DOMAIN >-then the account is a domain account, if it reports SERVER then the account is a local account. >-</para> >- >-<para> >-The easiest way to resolve this is to remove and recreate the account; however this may cause problems with >-established user profiles. You can also use <command>pdbedit -u username -I DOMAIN</command>. You may also >-need to change the User SID and Primary Group SID to match the domain. >-</para> >- >-</sect2> >- > </sect1> > > </chapter> >-- >1.7.9.5 > > >From 49becb60316e1adb945d17f5c157a91fd6afd857 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 11:57:05 -0700 >Subject: [PATCH 03/50] docs: remove references to security=server > >--- > docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 66 ------------------------ > 1 file changed, 66 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >index d017863..53b7d1a 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >@@ -797,72 +797,6 @@ but in most cases the following will suffice: > > </sect2> > >-<sect2> >-<title>Why Is This Better Than <parameter>security = server</parameter>?</title> >- >-<para> >-<indexterm><primary>domain security</primary></indexterm> >-<indexterm><primary>UNIX users</primary></indexterm> >-<indexterm><primary>authentication</primary></indexterm> >-Currently, domain security in Samba does not free you from having to create local UNIX users to represent the >-users attaching to your server. This means that if domain user <constant>DOM\fred</constant> attaches to your >-domain security Samba server, there needs to be a local UNIX user fred to represent that user in the UNIX file >-system. This is similar to the older Samba security mode <smbconfoption >-name="security">server</smbconfoption>, where Samba would pass through the authentication request to a Windows >-NT server in the same way as a Windows 95 or Windows 98 server would. >-</para> >- >-<para> >-<indexterm><primary>winbind</primary></indexterm> >-<indexterm><primary>UID</primary></indexterm> >-<indexterm><primary>GID</primary></indexterm> >-Please refer to <link linkend="winbind">Winbind: Use of Domain Accounts</link>, for information on a system >-to automatically assign UNIX UIDs and GIDs to Windows NT domain users and groups. >-</para> >- >-<para> >-<indexterm><primary>domain-level</primary></indexterm> >-<indexterm><primary>authentication</primary></indexterm> >-<indexterm><primary>RPC</primary></indexterm> >-The advantage of domain-level security is that the authentication in domain-level security is passed down the >-authenticated RPC channel in exactly the same way that an NT server would do it. This means Samba servers now >-participate in domain trust relationships in exactly the same way NT servers do (i.e., you can add Samba >-servers into a resource domain and have the authentication passed on from a resource domain PDC to an account >-domain PDC). >-</para> >- >-<para> >-<indexterm><primary>PDC</primary></indexterm> >-<indexterm><primary>BDC</primary></indexterm> >-<indexterm><primary>connection resources</primary></indexterm> >-In addition, with <smbconfoption name="security">server</smbconfoption>, every Samba daemon on a server has to >-keep a connection open to the authenticating server for as long as that daemon lasts. This can drain the >-connection resources on a Microsoft NT server and cause it to run out of available connections. With >-<smbconfoption name="security">domain</smbconfoption>, however, the Samba daemons connect to the PDC or BDC >-only for as long as is necessary to authenticate the user and then drop the connection, thus conserving PDC >-connection resources. >-</para> >- >-<para> >-<indexterm><primary>PDC</primary></indexterm> >-<indexterm><primary>authentication reply</primary></indexterm> >-<indexterm><primary>SID</primary></indexterm> >-<indexterm><primary>NT groups</primary></indexterm> >-Finally, acting in the same manner as an NT server authenticating to a PDC means that as part of the >-authentication reply, the Samba server gets the user identification information such as the user SID, the list >-of NT groups the user belongs to, and so on. >-</para> >- >-<note> >-<para> >-Much of the text of this document was first published in the Web magazine >-<ulink url="http://www.linuxworld.com"><emphasis>LinuxWorld</emphasis></ulink> as the article <ulink >-url="http://www.linuxworld.com/linuxworld/lw-1998-10/lw-10-samba.html"/> >-<emphasis>Doing the NIS/NT Samba</emphasis>. >-</para> >-</note> >- >-</sect2> > </sect1> > > <sect1 id="ads-member"> >-- >1.7.9.5 > > >From e0d67aba5bf698c1782124272c684882795934da Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 11:57:38 -0700 >Subject: [PATCH 04/50] docs: update for modern kerberos libs > >--- > docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 52 +----------------------- > 1 file changed, 2 insertions(+), 50 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >index 53b7d1a..fb81ac0 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >@@ -913,11 +913,7 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat > <screen> > [libdefaults] > default_realm = YOUR.KERBEROS.REALM >- >-[realms] >- YOUR.KERBEROS.REALM = { >- kdc = your.kerberos.server >- } >+ dns_lookup_kdc = true > > [domain_realms] > .kerberos.server = YOUR.KERBEROS.REALM >@@ -925,13 +921,10 @@ When manually configuring <filename>krb5.conf</filename>, the minimal configurat > </para> > > <para> >-<indexterm><primary>Heimdal</primary></indexterm> >-When using Heimdal versions before 0.6, use the following configuration settings: >+If you must specify the KDC directly, the minimal configuration is: > <screen> > [libdefaults] > default_realm = YOUR.KERBEROS.REALM >- default_etypes = des-cbc-crc des-cbc-md5 >- default_etypes_des = des-cbc-crc des-cbc-md5 > > [realms] > YOUR.KERBEROS.REALM = { >@@ -951,19 +944,6 @@ Test your config by doing a <userinput>kinit > making sure that your password is accepted by the Win2000 KDC. > </para> > >-<para> >-<indexterm><primary>Heimdal</primary></indexterm> >-<indexterm><primary>ADS</primary></indexterm> >-<indexterm><primary>KDC</primary></indexterm> >-<indexterm><primary>Windows 2003</primary></indexterm> >-With Heimdal versions earlier than 0.6.x you can use only newly created accounts >-in ADS or accounts that have had the password changed once after migration, or >-in case of <constant>Administrator</constant> after installation. At the >-moment, a Windows 2003 KDC can only be used with Heimdal releases later than 0.6 >-(and no default etypes in krb5.conf). Unfortunately, this whole area is still >-in a state of flux. >-</para> >- > <note><para> > <indexterm><primary>realm</primary></indexterm> > <indexterm><primary>uppercase</primary></indexterm> >@@ -989,25 +969,6 @@ Clock skew limits are configurable in the Kerberos protocols. The default settin > </para> > > <para> >-<indexterm><primary>DNS</primary></indexterm> >-<indexterm><primary>KDC</primary></indexterm> >-<indexterm><primary>hostname</primary></indexterm> >-<indexterm><primary>realm</primary></indexterm> >-You also must ensure that you can do a reverse DNS lookup on the IP address of your KDC. Also, the name that >-this reverse lookup maps to must either be the NetBIOS name of the KDC (i.e., the hostname with no domain >-attached) or it can be the NetBIOS name followed by the realm. >-</para> >- >-<para> >-<indexterm><primary>/etc/hosts</primary></indexterm> >-<indexterm><primary>KDC</primary></indexterm> >-<indexterm><primary>realm</primary></indexterm> >-The easiest way to ensure you get this right is to add a <filename>/etc/hosts</filename> entry mapping the IP >-address of your KDC to its NetBIOS name. If you do not get this correct, then you will get a <errorname>local >-error</errorname> when you try to join the realm. >-</para> >- >-<para> > <indexterm><primary>Kerberos</primary></indexterm> > <indexterm><primary>Create the Computer Account</primary></indexterm> > <indexterm><primary>Testing Server Setup</primary></indexterm> >@@ -1094,15 +1055,6 @@ name, it may need to be quadrupled to pass through the shell escape and ldap esc > <replaceable>USERNAME</replaceable>@<replaceable>REALM</replaceable></userinput>. > <replaceable>USERNAME</replaceable> must be a user who has rights to add a machine to the domain. > </para></listitem></varlistentry> >- >- <varlistentry><term>Unsupported encryption/or checksum types</term> >- <listitem><para> >- <indexterm><primary>/etc/krb5.conf</primary></indexterm> >- <indexterm><primary>unsupported encryption</primary></indexterm> >- <indexterm><primary>Kerberos</primary></indexterm> >- Make sure that the <filename>/etc/krb5.conf</filename> is correctly configured >- for the type and version of Kerberos installed on the system. >- </para></listitem></varlistentry> > </variablelist> > </para> > >-- >1.7.9.5 > > >From a5096b1f6d6aa9a05ec44587a7b4cd20579ef6da Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 12:04:00 -0700 >Subject: [PATCH 05/50] docs: Remove confusing reference to smb signing and > client use spnego > >This section is more confusing than helpful, as client support for both is on by default. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 19 ------------------- > 1 file changed, 19 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >index fb81ac0..5cb2a43 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >@@ -1286,24 +1286,5 @@ account to which the Samba backend database account can be mapped. > </para> > > </sect2> >- >-<sect2> >- <title>I Can't Join a Windows 2003 PDC</title> >- >- <para> >-<indexterm><primary>SMB signing</primary></indexterm> >-<indexterm><primary>SMB</primary></indexterm> >-<indexterm><primary>Windows 2003</primary></indexterm> >-<indexterm><primary>SMB/CIFS</primary></indexterm> >- Windows 2003 requires SMB signing. Client-side SMB signing has been implemented in Samba-3.0. >- Set <smbconfoption name="client use spnego">yes</smbconfoption> when communicating >- with a Windows 2003 server. This will not interfere with other Windows clients that do not >- support the more advanced security features of Windows 2003 because the client will simply >- negotiate a protocol that both it and the server suppport. This is a well-known fall-back facility >- that is built into the SMB/CIFS protocols. >- </para> >- >-</sect2> >- > </sect1> > </chapter> >-- >1.7.9.5 > > >From ec069b86f913cf5ad7ed3fc07bf22f7a93f5ffd4 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 12:06:40 -0700 >Subject: [PATCH 06/50] docs: Remove references to old kerberos behaviour > >I have not seen any issues using the SRV records with windows, and this certainly >does not apply to current versions. Similarly, the need to change the admin password >does not apply now we require a krb5 lib with arcfour-hmac-md5 support. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml | 21 --------------------- > 1 file changed, 21 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >index 5cb2a43..11f79f7 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-DomainMember.xml >@@ -1106,27 +1106,6 @@ specify the <option>-k</option> option to choose Kerberos authentication. > </para> > > </sect2> >- >-<sect2> >-<title>Notes</title> >- >-<para> >-<indexterm><primary>administrator password</primary></indexterm> >-<indexterm><primary>change password</primary></indexterm> >-<indexterm><primary>encryption types</primary></indexterm> >-You must change the administrator password at least once after installing a domain controller, >-to create the right encryption types. >-</para> >- >-<para> >-<indexterm><primary>_kerberos._udp</primary></indexterm> >-<indexterm><primary>_ldap._tcp</primary></indexterm> >-<indexterm><primary>default DNS setup</primary></indexterm> >-Windows 200x does not seem to create the <parameter>_kerberos._udp</parameter> and >-<parameter>_ldap._tcp</parameter> in the default DNS setup. Perhaps this will be fixed later in service packs. >-</para> >- >-</sect2> > </sect1> > > <sect1> >-- >1.7.9.5 > > >From 3da9281a7ab4be073ba0e983b13b018b4357fa85 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 22:28:19 -0700 >Subject: [PATCH 07/50] docs: Remove references to Subversion, replace with > wiki link > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml | 115 ++------------------------- > 1 file changed, 8 insertions(+), 107 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >index e4baca4..d7d3e55 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >@@ -20,7 +20,7 @@ you can download Samba from Subversion or using <command>rsync</command>. > </para> > > <sect1> >-<title>Access Samba Source Code via Subversion</title> >+<title>Access Samba Source Code via GIT</title> > > > <sect2> >@@ -28,115 +28,16 @@ you can download Samba from Subversion or using <command>rsync</command>. > > <para> > <indexterm><primary>Subversion</primary></indexterm> >-Samba is developed in an open environment. Developers use a >-Subversion to <quote>checkin</quote> (also known as >-<quote>commit</quote>) new source code. Samba's various Subversion branches can >-be accessed via anonymous Subversion using the instructions >-detailed in this chapter. >-</para> >- >-<para> >-This chapter is a modified version of the instructions found at the >-<ulink noescape="1" url="http://samba.org/samba/subversion.html">Samba</ulink> Web site. >+Samba is developed in an open environment. Developers use >+GIT to <quote>checkin</quote> (also known as >+<quote>commit</quote>) new source code. See the >+<ulink noescape="1" >+ url="https://wiki.samba.org/index.php/Using_Git_for_Samba_Development">Using >+Git for Samba Development page</ulink> in the Samba wiki. > </para> > > </sect2> > >-<sect2> >-<title>Subversion Access to samba.org</title> >- >-<para> >-The machine samba.org runs a publicly accessible Subversion >-repository for access to the source code of several packages, >-including Samba, rsync, distcc, ccache, and jitterbug. There are two main ways >-of accessing the Subversion server on this host. >-</para> >- >-<sect3> >-<title>Access via ViewCVS</title> >- >- >-<para> >-<indexterm><primary>SVN</primary><secondary>web</secondary></indexterm> >-You can access the source code via your favorite WWW browser. This allows you to access >-the contents of individual files in the repository and also to look at the revision >-history and commit logs of individual files. You can also ask for a diff >-listing between any two versions on the repository. >-</para> >- >-<para> >-Use the URL >-<ulink noescape="1" url="http://viewcvs.samba.org/">http://viewcvs.samba.org/</ulink>. >-</para> >-</sect3> >- >-<sect3> >-<title>Access via Subversion</title> >- >-<para> >-<indexterm><primary>Subversion</primary></indexterm> >-You can also access the source code via a normal Subversion client. This gives you much more control over what >-you can do with the repository and allows you to check out whole source trees and keep them up to date via >-normal Subversion commands. This is the preferred method of access if you are a developer and not just a >-casual browser. >-</para> >- >-<para>In order to be able to download the Samba sources off Subversion, you need >-a Subversion client. Your distribution might include one, or you can download the >-sources from <ulink noescape="1" url="http://subversion.tigris.org/">http://subversion.tigris.org/</ulink>. >-</para> >- >-<para> >-To gain access via anonymous Subversion, use the following steps. >-</para> >- >-<procedure> >- <title>Retrieving Samba using Subversion</title> >- >- <step> >- <para> >- Install a recent copy of Subversion. All you really need is a >- copy of the Subversion client binary. >- </para> >- </step> >- >- <step> >- <para> >- Run the command >- <screen> >- <userinput>svn co svn://svnanon.samba.org/samba/trunk samba</userinput>. >- </screen> >- </para> >- >- <para> >- This will create a directory called <filename>samba</filename> containing the >- latest Samba source code (usually the branch that is going to be the next major release). This >- currently corresponds to the 3.1 development tree. >- </para> >- >- <para> >- Subversion branches other then trunk can be obtained by adding branches/BRANCH_NAME to the URL you check >- out. A list of branch names can be found on the <quote>Development</quote> page of the Samba Web site. A >- common request is to obtain the latest 3.0 release code. This could be done by using the following command: >- <screen> >- <userinput>svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0 samba_3</userinput>. >- </screen> >- </para> >- </step> >- >- <step> >- <para> >- Whenever you want to merge in the latest code changes, use the following command from within the Samba >- directory: >- <screen> >- <userinput>svn update</userinput> >- </screen> >- </para> >- </step> >-</procedure> >- >-</sect3> >-</sect2> > > </sect1> > >@@ -158,7 +59,7 @@ To gain access via anonymous Subversion, use the following steps. > > <para> > The disadvantage of the unpacked trees is that they do not support automatic >- merging of local changes as Subversion does. <command>rsync</command> access is most convenient >+ merging of local changes as GIT does. <command>rsync</command> access is most convenient > for an initial install. > </para> > </sect1> >-- >1.7.9.5 > > >From da86413b1311e5d1bb630faab7767036ecc74a09 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 22:29:05 -0700 >Subject: [PATCH 08/50] docs: Remove out of date links to pserver.samba.org > and old tarballs > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >index d7d3e55..bf01234 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >@@ -49,9 +49,9 @@ Git for Samba Development page</ulink> in the Samba wiki. > <indexterm><primary>rsync</primary></indexterm> > <indexterm><primary>ftp</primary></indexterm> > <parameter>pserver.samba.org</parameter> also exports unpacked copies of most parts of the Subversion tree >- at the Samba <ulink noescape="1" url="ftp://pserver.samba.org/pub/unpacked">pserver</ulink> location and also >+ at the Samba <ulink noescape="1" url="ftp://samba.org/pub/unpacked">unpacked</ulink> location and also > via anonymous rsync at the Samba <ulink noescape="1" >- url="rsync://pserver.samba.org/ftp/unpacked/">rsync</ulink> server location. I recommend using rsync rather >+ url="rsync://samba.org/ftp/unpacked/">rsync</ulink> server location. I recommend using rsync rather > than ftp, because rsync is capable of compressing data streams, but it is also more useful than FTP because > during a partial update it will transfer only the data that is missing plus a small overhead. See <ulink > noescape="1" url="http://rsync.samba.org/">the rsync home page</ulink> for more info on rsync. >@@ -82,8 +82,9 @@ With that said, go ahead and download the following files: > </para> > > <para><screen> >-&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-3.0.20.tar.asc</userinput> >-&prompt;<userinput>wget http://us1.samba.org/samba/ftp/samba-pubkey.asc</userinput> >+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.asc</userinput> >+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-latest.tar.gz</userinput> >+&prompt;<userinput>wget http://samba.org/samba/ftp/samba-pubkey.asc</userinput> > </screen></para> > > >@@ -96,8 +97,8 @@ PGP key itself. Import the public PGP key with: > </screen> > and verify the Samba source code integrity with: > <screen> >-&prompt;<userinput>gzip -d samba-3.0.20.tar.gz</userinput> >-&prompt;<userinput>gpg --verify samba-3.0.20.tar.asc</userinput> >+&prompt;<userinput>gzip -d samba-latest.tar.gz</userinput> >+&prompt;<userinput>gpg --verify samba-latest.tar.asc</userinput> > </screen> > </para> > >-- >1.7.9.5 > > >From 0ca3921963707130205e11e860daea123622cb4c Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 22:29:39 -0700 >Subject: [PATCH 09/50] docs: Remove referenece to autogen.sh and document waf > build instead > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml | 47 ++------------------------- > 1 file changed, 2 insertions(+), 45 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >index bf01234..7236dc7 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >@@ -117,28 +117,9 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> > <title>Building the Binaries</title> > > <para> >- <indexterm><primary>autogen.sh</primary></indexterm> >-<indexterm><primary>configure</primary></indexterm> >- After the source tarball has been unpacked, the next step involves >- configuration to match Samba to your operating system platform. >- If your source directory does not contain the <command>configure</command> script, >- it is necessary to build it before you can continue. Building of >- the configure script requires the correct version of the autoconf >- tool kit. Where the necessary version of autoconf is present, >- the configure script can be generated by executing the following >- (please note that in Samba 3.4.x, the directory is called source3 instead >- of source): >-<screen> >-&rootprompt; cd samba-3.0.20/source >-&rootprompt; ./autogen.sh >-</screen> >- </para> >- >- >- <para> > <indexterm><primary>configure</primary></indexterm> > To build the binaries, run the program <userinput>./configure >- </userinput> in the source directory. This should automatically >+ </userinput> in the top level director of the source tree. This should automatically > configure Samba for your operating system. If you have unusual > needs, then you may wish to first run: > <screen> >@@ -167,30 +148,6 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> > </screen> > </para> > >- <para> >- Some people prefer to install binary files and man pages separately. If this is >- your wish, the binary files can be installed by executing: >-<screen> >-&rootprompt; <userinput>make installbin</userinput> >-</screen> >- The man pages can be installed using this command: >-<screen> >-&rootprompt; <userinput>make installman</userinput> >-</screen> >- </para> >- >- <para> >- Note that if you are upgrading from a previous version of Samba the old >- versions of the binaries will be renamed with an <quote>.old</quote> extension. >- You can go back to the previous version by executing: >-<screen> >-&rootprompt; <userinput>make revert</userinput> >-</screen> >- As you can see from this, building and installing Samba does not need to >- result in disaster! >- </para> >- >- > <sect2> > <title>Compiling Samba with Active Directory Support</title> > >@@ -220,7 +177,7 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> > > <para> > After you run configure, make sure that the >- <filename>include/config.h</filename> it generates contain lines like this: >+ <filename>bin/include/config.h</filename> it generates contain lines like this: > <programlisting> > #define HAVE_KRB5 1 > #define HAVE_LDAP 1 >-- >1.7.9.5 > > >From a31f44f08ce2fcea4d5fe790ebf01a947a53ace2 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 22:30:06 -0700 >Subject: [PATCH 10/50] docs: Remove referenece to old Red Hat Linux habits on > winbindd > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml | 20 -------------------- > 1 file changed, 20 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >index 7236dc7..ffedeb3 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >@@ -379,26 +379,6 @@ netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd > > <sect3> > <title>Starting Samba for Red Hat Linux</title> >- >- <para> >- Red Hat Linux has not always included all Samba components in the standard installation. >- So versions of Red Hat Linux do not install the winbind utility, even though it is present >- on the installation CDROM media. Check to see if the <command>winbindd</command> is present >- on the system: >-<screen> >-&rootprompt; ls /usr/sbin/winbindd >-/usr/sbin/winbindd >-</screen> >- This means that the appropriate RPM package was installed. The following response means >- that it is not installed: >-<screen> >-/bin/ls: /usr/sbin/winbind: No such file or directory >-</screen> >- In this case, it should be installed if you intend to use <command>winbindd</command>. Search >- the CDROM installation media for the samba-winbind RPM and install it following Red Hat >- guidelines. >- </para> >- > <para> > The process for starting Samba will now be outlined. Be sure to configure Samba's &smb.conf; > file before starting Samba. When configured, start Samba by executing: >-- >1.7.9.5 > > >From d67e3d11078657f1f507486e72d12a3bf0ec90e9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 23:06:59 -0700 >Subject: [PATCH 11/50] docs: Update BDC docs to recognise the AD DC and to > exclusivly recommend LDAP > >The confusing references to the not-recommended techniques and >outdated steps (like net rpc getsid, replaced by simply having the SID >just be in LDAP) just detract from the clarity of this document. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml | 179 +++------------------------------ > 1 file changed, 12 insertions(+), 167 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml >index 5aabb8b..9b69368 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-BDC.xml >@@ -47,96 +47,12 @@ you will have stability and operational problems. > <indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm> > <indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm> > <indexterm><primary>propagate</primary></indexterm> >-While it is possible to run a Samba-3 BDC with a non-LDAP backend, that backend must allow some form of >+It is not possible to run a Samba-3 BDC with a non-LDAP backend, as that backend must allow some form of > "two-way" propagation of changes from the BDC to the master. At this time only LDAP delivers the capability > to propagate identity database changes from the BDC to the PDC. The BDC can use a slave LDAP server, while it > is preferable for the PDC to use as its primary an LDAP master server. > </para> > >-<para> >-<indexterm><primary>non-LDAP</primary><secondary>backend</secondary></indexterm> >-<indexterm><primary>SAM backend</primary><secondary>non-LDAP</secondary></indexterm> >-<indexterm><primary>domain</primary><secondary>member</secondary><tertiary>server</tertiary></indexterm> >-<indexterm><primary>BDC</primary></indexterm> >-<indexterm><primary>PDC</primary></indexterm> >-<indexterm><primary>trust account password</primary></indexterm> >-<indexterm><primary>domain trust</primary></indexterm> >-The use of a non-LDAP backend SAM database is particularly problematic because domain member >-servers and workstations periodically change the Machine Trust Account password. The new >-password is then stored only locally. This means that in the absence of a centrally stored >-accounts database (such as that provided with an LDAP-based solution) if Samba-3 is running >-as a BDC, the BDC instance of the domain member trust account password will not reach the >-PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs, this results in >-overwriting the SAM that contains the updated (changed) trust account password with resulting >-breakage of the domain trust. >-</para> >- >-<para> >-<indexterm><primary>net</primary><secondary>rpc</secondary></indexterm> >-<indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm> >-<indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm> >-<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm> >-Considering the number of comments and questions raised concerning how to configure a BDC, >-let's consider each possible option and look at the pros and cons for each possible solution. >-<link linkend="pdc-bdc-table">The Domain Backend Account Distribution Options table below</link> lists >-possible design configurations for a PDC/BDC infrastructure. >-</para> >- >-<table frame="all" id="pdc-bdc-table"><title>Domain Backend Account Distribution Options</title> >-<tgroup cols="3"> >- <colspec align="center" colwidth="1*"/> >- <colspec align="center" colwidth="1*"/> >- <colspec align="left" colwidth="3*"/> >- >- <thead> >- <row><entry>PDC Backend</entry><entry>BDC Backend</entry><entry>Notes/Discussion</entry></row> >- </thead> >- <tbody> >- <row> >- <entry><para>Master LDAP Server</para></entry> >- <entry><para>Slave LDAP Server</para></entry> >- <entry><para>The optimal solution that provides high integrity. The SAM will be >- replicated to a common master LDAP server.</para></entry> >- </row> >- <row> >- <entry><para>Single Central LDAP Server</para></entry> >- <entry><para>Single Central LDAP Server</para></entry> >- <entry><para> >- A workable solution without failover ability. This is a usable solution, but not optimal. >- </para></entry> >- </row> >- <row> >- <entry><para>tdbsam</para></entry> >- <entry><para>tdbsam + <command>net rpc vampire</command></para></entry> >- <entry><para> >- Does not work with Samba-3.0; Samba does not implement the >- server-side protocols required. >- </para></entry> >- </row> >- <row> >- <entry><para>tdbsam</para></entry> >- <entry><para>tdbsam + <command>rsync</command></para></entry> >- <entry><para> >- Do not use this configuration. >- Does not work because the TDB files are live and data may not >- have been flushed to disk. Furthermore, this will cause >- domain trust breakdown. >- </para></entry> >- </row> >- <row> >- <entry><para>smbpasswd file</para></entry> >- <entry><para>smbpasswd file</para></entry> >- <entry><para> >- Do not use this configuration. >- Not an elegant solution due to the delays in synchronization >- and also suffers >- from the issue of domain trust breakdown. >- </para></entry> >- </row> >- </tbody> >-</tgroup> >-</table> >- > </sect1> > > <sect1> >@@ -453,9 +369,12 @@ Servers in &smb.conf; example</link>. > <indexterm><primary>domain controller</primary></indexterm> > As of the release of MS Windows 2000 and Active Directory, this information is now stored > in a directory that can be replicated and for which partial or full administrative control >-can be delegated. Samba-3 is not able to be a domain controller within an Active Directory >-tree, and it cannot be an Active Directory server. This means that Samba-3 also cannot >-act as a BDC to an Active Directory domain controller. >+can be delegated. Samba-4.0 is able to be a domain controller within an Active Directory >+tree, and it can be an Active Directory server. The details for how >+this can be done are documented in the <ulink >+url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 as an >+AD DC HOWTO</ulink> >+ > </para> > > </sect2> >@@ -554,35 +473,6 @@ The creation of a BDC requires some steps to prepare the Samba server before > > <itemizedlist> > <listitem><para> >- <indexterm><primary>SID</primary></indexterm> >- <indexterm><primary>PDC</primary></indexterm> >- <indexterm><primary>BDC</primary></indexterm> >- <indexterm><primary>private/secrets.tdb</primary></indexterm> >- <indexterm><primary>private/MACHINE.SID</primary></indexterm> >- <indexterm><primary>domain SID</primary></indexterm> >- The domain SID has to be the same on the PDC and the BDC. In Samba versions pre-2.2.5, the domain SID was >- stored in the file <filename>private/MACHINE.SID</filename>. For all versions of Samba released since 2.2.5 >- the domain SID is stored in the file <filename>private/secrets.tdb</filename>. This file is unique to each >- server and cannot be copied from a PDC to a BDC; the BDC will generate a new SID at startup. It will overwrite >- the PDC domain SID with the newly created BDC SID. There is a procedure that will allow the BDC to acquire the >- domain SID. This is described here. >- </para> >- >- <para> >- <indexterm><primary>domain SID</primary></indexterm> >- <indexterm><primary>PDC</primary></indexterm> >- <indexterm><primary>BDC</primary></indexterm> >- <indexterm><primary>secrets.tdb</primary></indexterm> >- <indexterm><primary>net</primary><secondary>rpc</secondary><tertiary>getsid</tertiary></indexterm> >- To retrieve the domain SID from the PDC or an existing BDC and store it in the >- <filename>secrets.tdb</filename>, execute: >- </para> >-<screen> >-&rootprompt;<userinput>net rpc getsid</userinput> >-</screen> >- </listitem> >- >- <listitem><para> > <indexterm><primary>secrets.tdb</primary></indexterm> > <indexterm><primary>smbpasswd</primary></indexterm> > <indexterm><primary>LDAP administration password</primary></indexterm> >@@ -623,9 +513,7 @@ The creation of a BDC requires some steps to prepare the Samba server before > <indexterm><primary>ssh</primary></indexterm> > <indexterm><primary>LDAP</primary></indexterm> > The Samba password database must be replicated from the PDC to the BDC. >- Although it is possible to synchronize the <filename>smbpasswd</filename> >- file with <command>rsync</command> and <command>ssh</command>, this method >- is broken and flawed, and is therefore not recommended. A better solution >+ The solution > is to set up slave LDAP servers for each BDC and a master LDAP server for the PDC. > The use of rsync is inherently flawed by the fact that the data will be replicated > at timed intervals. There is no guarantee that the BDC will be operating at all >@@ -804,7 +692,10 @@ No. The native NT4 SAM replication protocols have not yet been fully implemented > <indexterm><primary>BDC</primary></indexterm> > <indexterm><primary>PDC</primary></indexterm> > <indexterm><primary>logon requests</primary></indexterm> >-Can I get the benefits of a BDC with Samba? Yes, but only to a Samba PDC.The >+Can I get the benefits of a BDC with Samba? Yes, but only to a Samba >+PDC or as a <ulink >+url="https://wiki.samba.org/index.php/Samba4/HOWTO">Samba 4.0 Active >+Directory domain controller.</ulink> The > main reason for implementing a BDC is availability. If the PDC is a Samba > machine, a second Samba machine can be set up to service logon requests whenever > the PDC is down. >@@ -812,51 +703,5 @@ the PDC is down. > > </sect2> > >-<sect2> >-<title>How Do I Replicate the smbpasswd File?</title> >- >-<para> >-<indexterm><primary>replication</primary><secondary>SAM</secondary></indexterm> >-<indexterm><primary>smbpasswd</primary></indexterm> >-<indexterm><primary>SAM</primary></indexterm> >-Replication of the smbpasswd file is sensitive. It has to be done whenever changes >-to the SAM are made. Every user's password change is done in the smbpasswd file and >-has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary. >-</para> >- >-<para> >-<indexterm><primary>plaintext password</primary></indexterm> >-<indexterm><primary>ssh</primary></indexterm> >-<indexterm><primary>rsync</primary></indexterm> >-As the smbpasswd file contains plaintext password equivalents, it must not be >-sent unencrypted over the wire. The best way to set up smbpasswd replication from >-the PDC to the BDC is to use the utility rsync. rsync can use ssh as a transport. >-<command>ssh</command> itself can be set up to accept <emphasis>only</emphasis> >-<command>rsync</command> transfer without requiring the user to type a password. >-</para> >- >-<para> >-<indexterm><primary>machine trust accounts</primary></indexterm> >-<indexterm><primary>LDAP</primary></indexterm> >-As said a few times before, use of this method is broken and flawed. Machine trust >-accounts will go out of sync, resulting in a broken domain. This method is >-<emphasis>not</emphasis> recommended. Try using LDAP instead. >-</para> >- >-</sect2> >- >-<sect2> >-<title>Can I Do This All with LDAP?</title> >- >-<para> >-<indexterm><primary>pdb_ldap</primary></indexterm> >-<indexterm><primary>LDAP</primary></indexterm> >-The simple answer is yes. Samba's pdb_ldap code supports binding to a replica >-LDAP server and will also follow referrals and rebind to the master if it ever >-needs to make a modification to the database. (Normally BDCs are read-only, so >-this will not occur often). >-</para> >- >-</sect2> > </sect1> > </chapter> >-- >1.7.9.5 > > >From 178842fb649c12187ad2f5e8c02f80726b96ee7c Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 23:08:53 -0700 >Subject: [PATCH 12/50] docs: Remove reference to inetd startup, it is not > recommended > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml | 77 +-------------------------- > 1 file changed, 1 insertion(+), 76 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >index ffedeb3..ac866a8 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Compiling.xml >@@ -267,82 +267,7 @@ gpg: BAD signature from <quote>Samba Distribution Verification Key</quote> > </para> > > <sect2> >- <title>Starting from inetd.conf</title> >- >- <indexterm><primary>inetd</primary></indexterm> >- >- <note> >- <para>The following will be different if >- you use NIS, NIS+, or LDAP to distribute services maps.</para> >- </note> >- >- <para>Look at your <filename>/etc/services</filename>. >- What is defined at port 139/tcp? If nothing is defined, >- then add a line like this:</para> >- >- <para><programlisting>netbios-ssn 139/tcp</programlisting></para> >- >- <para>Similarly for 137/udp, you should have an entry like:</para> >- >- <para><programlisting>netbios-ns 137/udp</programlisting></para> >- >- <para> >- Next, edit your <filename>/etc/inetd.conf</filename> and add two lines like this: >-<programlisting> >-netbios-ssn stream tcp nowait root /usr/local/samba/sbin/smbd smbd >-netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd >-</programlisting> >- </para> >- >-<indexterm><primary>/etc/inetd.conf</primary></indexterm> >- <para> >- The exact syntax of <filename>/etc/inetd.conf</filename> >- varies between UNIXes. Look at the other entries in inetd.conf >- for a guide. >- </para> >- >- <para> >- <indexterm><primary>xinetd</primary></indexterm> >- Some distributions use xinetd instead of inetd. Consult the >- xinetd manual for configuration information. >- </para> >- >- <note><para>Some UNIXes already have entries like netbios_ns >- (note the underscore) in <filename>/etc/services</filename>. >- You must edit <filename>/etc/services</filename> or >- <filename>/etc/inetd.conf</filename> to make them consistent. >- </para></note> >- >- <note><para> >- <indexterm><primary>ifconfig</primary></indexterm> >- On many systems you may need to use the >- <smbconfoption name="interfaces"/> option in &smb.conf; to specify >- the IP address and netmask of your interfaces. Run >- <application>ifconfig</application> as root if you do >- not know what the broadcast is for your net. &nmbd; tries >- to determine it at runtime, but fails on some UNIXes. >- </para></note> >- >- <warning><para> >- Many UNIXes only accept around five parameters on the command >- line in <filename>inetd.conf</filename>. This means you shouldn't >- use spaces between the options and arguments, or you should use >- a script and start the script from <command>inetd</command>. >- </para></warning> >- >- <para> >- Restart <application>inetd</application>, perhaps just send it a HUP, >- like this: >-<indexterm><primary>killall</primary></indexterm> >-<screen> >-&rootprompt;<userinput>killall -HUP inetd</userinput> >-</screen> >- </para> >- >- </sect2> >- >- <sect2> >- <title>Alternative: Starting &smbd; as a Daemon</title> >+ <title>Starting &smbd; as a Daemon</title> > > <para> > <indexterm><primary>daemon</primary></indexterm> >-- >1.7.9.5 > > >From 9cdf549ab531e5a12e8d3c3c5a1329825da1bdb8 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Fri, 14 Sep 2012 23:13:33 -0700 >Subject: [PATCH 13/50] docs: Clarify TOSHARG-Bugs for 2012 > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml | 11 ++++------- > 1 file changed, 4 insertions(+), 7 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml >index 0ef2c5c..f6d7ba4 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Bugs.xml >@@ -32,12 +32,9 @@ us fix it fast. > </para> > > <para> >-<indexterm><primary>comp.protocols.smb</primary></indexterm> >-<indexterm><primary>newsgroup</primary></indexterm> > <indexterm><primary>configuration problem</primary></indexterm> >-If you post the bug to the comp.protocols.smb >-newsgroup or the mailing list, do not assume that we will read it. If you suspect that your >-problem is not a bug but a configuration problem, it is better to send >+If you suspect that your >+problem is not a bug but a configuration problem, it is best to send > it to the Samba mailing list, as there are thousands of other users on > that list who may be able to help you. > </para> >@@ -260,10 +257,10 @@ to catch any panics. If <command>smbd</command> seems to be frozen, look for any > processes. If it is not, and appears to be spinning, find the PID > of the spinning process and type: > <screen> >-&rootprompt; gdb /usr/local/samba/sbin/smbd >+&rootprompt; gdb -p PID > </screen> > <indexterm><primary>spinning process</primary></indexterm> >-then <quote>attach `pid'</quote> (of the spinning process), then type <quote>bt</quote> to >+then type <quote>bt full</quote> to > get a backtrace to see where the smbd is in the call path. > </para> > >-- >1.7.9.5 > > >From a2dde54166e959fe64c454c088c652c5df04c9b9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Sat, 15 Sep 2012 12:53:37 -0700 >Subject: [PATCH 14/50] docs: Update FastStart: remove security=share, avoid > disable spoolss > >As I understand it, all printing is via spoolss, so do not disable it! > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml | 22 +++++++++------------- > 1 file changed, 9 insertions(+), 13 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml >index 08f6e49..13a212b 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml >@@ -182,7 +182,8 @@ of the packages that are provided by the operating system vendor or through othe > <smbconfsection name="[global]"/> > <smbconfoption name="workgroup">MIDEARTH</smbconfoption> > <smbconfoption name="netbios name">HOBBIT</smbconfoption> >-<smbconfoption name="security">share</smbconfoption> >+<smbconfoption name="security">user</smbconfoption> >+<smbconfoption name="map to guest">bad user</smbconfoption> > > <smbconfsection name="[data]"/> > <smbconfoption name="comment">Data</smbconfoption> >@@ -220,7 +221,8 @@ Press enter to see a dump of your service definitions > [global] > workgroup = MIDEARTH > netbios name = HOBBIT >- security = share >+ security = user >+ map to guest = bad user > > [data] > comment = Data >@@ -286,7 +288,8 @@ Added user jackb. > <smbconfsection name="[global]"/> > <smbconfoption name="workgroup">MIDEARTH</smbconfoption> > <smbconfoption name="netbios name">HOBBIT</smbconfoption> >-<smbconfoption name="security">SHARE</smbconfoption> >+<smbconfoption name="security">USER</smbconfoption> >+<smbconfoption name="map to guest">bad user</smbconfoption> > > <smbconfsection name="[data]"/> > <smbconfoption name="comment">Data</smbconfoption> >@@ -340,10 +343,7 @@ Added user jackb. > <smbconfsection name="[global]"/> > <smbconfoption name="workgroup">MIDEARTH</smbconfoption> > <smbconfoption name="netbios name">LUTHIEN</smbconfoption> >-<smbconfoption name="security">share</smbconfoption> >-<smbconfoption name="printcap name">cups</smbconfoption> >-<smbconfoption name="disable spoolss">Yes</smbconfoption> >-<smbconfoption name="show add printer wizard">No</smbconfoption> >+<smbconfoption name="security">user</smbconfoption> > <smbconfoption name="printing">cups</smbconfoption> > > <smbconfsection name="[printers]"/> >@@ -444,10 +444,8 @@ Added user jackb. > is the default, and for which the default is to store Microsoft Windows-compatible > encrypted passwords in a file called <filename>/etc/samba/smbpasswd</filename>. > The default &smb.conf; entry that makes this happen is >- <smbconfoption name="passdb backend">smbpasswd, guest</smbconfoption>. Since this is the default, >- it is not necessary to enter it into the configuration file. Note that the guest backend is >- added to the list of active passdb backends no matter whether it specified directly in Samba configuration >- file or not. >+ <smbconfoption name="passdb backend">smbpasswd</smbconfoption>. Since this is the default, >+ it is not necessary to enter it into the configuration file. > </para> > > >@@ -474,8 +472,6 @@ Added user jackb. > <smbconfsection name="[global]"/> > <smbconfoption name="workgroup">MIDEARTH</smbconfoption> > <smbconfoption name="netbios name">OLORIN</smbconfoption> >-<smbconfoption name="printcap name">cups</smbconfoption> >-<smbconfoption name="disable spoolss">Yes</smbconfoption> > <smbconfoption name="show add printer wizard">No</smbconfoption> > <smbconfoption name="printing">cups</smbconfoption> > >-- >1.7.9.5 > > >From 7c643751105c08aafe02f93f063c30187ecd3cd9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Sat, 15 Sep 2012 15:52:47 -0700 >Subject: [PATCH 15/50] docs: Remove very outdated TOSHARG-Portability section > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml | 270 ------------------------- > docs-xml/Samba3-HOWTO/index.xml | 2 - > 2 files changed, 272 deletions(-) > delete mode 100644 docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml >deleted file mode 100644 >index 533ad5c..0000000 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Portability.xml >+++ /dev/null >@@ -1,270 +0,0 @@ >-<?xml version="1.0" encoding="iso-8859-1"?> >-<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> >-<chapter id="Portability"> >-<chapterinfo> >- &author.jelmer; >- &author.jht; >- <!-- Some other people as well, but there were no author names in the text files this file is based on--> >-</chapterinfo> >- >-<title>Portability</title> >- >-<para> >-<indexterm><primary>platforms</primary></indexterm> >-<indexterm><primary>compatible</primary></indexterm> >-Samba works on a wide range of platforms, but the interface all the >-platforms provide is not always compatible. This chapter contains >-platform-specific information about compiling and using Samba.</para> >- >-<sect1> >-<title>HPUX</title> >- >-<para> >-<indexterm><primary>/etc/logingroup</primary></indexterm> >-<indexterm><primary>/etc/group</primary></indexterm> >-Hewlett-Packard's implementation of supplementary groups is nonstandard (for >-historical reasons). There are two group files, <filename>/etc/group</filename> and >-<filename>/etc/logingroup</filename>; the system maps UIDs to numbers using the former, but >-initgroups() reads the latter. Most system admins who know the ropes >-symlink <filename>/etc/group</filename> to <filename>/etc/logingroup</filename> >-(hard-link does not work for reasons too obtuse to go into here). initgroups() will complain if one of the >-groups you're in, in <filename>/etc/logingroup</filename>, has what it considers to be an invalid >-ID, which means outside the range <constant>[0..UID_MAX]</constant>, where <constant>UID_MAX</constant> is >-60000 currently on HP-UX. This precludes -2 and 65534, the usual <constant>nobody</constant> >-GIDs. >-</para> >- >-<para> >-If you encounter this problem, make sure the programs that are failing >-to initgroups() are run as users, not in any groups with GIDs outside the >-allowed range. >-</para> >- >-<para> >-This is documented in the HP manual pages under setgroups(2) and passwd(4). >-</para> >- >-<para> >-<indexterm><primary>gcc</primary></indexterm> >-<indexterm><primary>ANSI compiler</primary></indexterm> >-On HP-UX you must use gcc or the HP ANSI compiler. The free compiler >-that comes with HP-UX is not ANSI compliant and cannot compile Samba. >-</para> >- >-</sect1> >- >-<sect1> >-<title>SCO UNIX</title> >- >-<para> >-If you run an old version of SCO UNIX, you may need to get important >-TCP/IP patches for Samba to work correctly. Without the patch, you may >-encounter corrupt data transfers using Samba. >-</para> >- >-<para> >-The patch you need is UOD385 Connection Drivers SLS. It is available from >-SCO <ulink noescape="1" url="ftp://ftp.sco.com/">ftp.sco.com</ulink>, directory SLS, >-files uod385a.Z and uod385a.ltr.Z). >-</para> >- >-<para> >-The information provided here refers to an old version of SCO UNIX. If you require >-binaries for more recent SCO UNIX products, please contact SCO to obtain packages that are >-ready to install. You should also verify with SCO that your platform is up to date for the >-binary packages you will install. This is important if you wish to avoid data corruption >-problems with your installation. To build Samba for SCO UNIX products may >-require significant patching of Samba source code. It is much easier to obtain binary >-packages directly from SCO. >-</para> >- >-</sect1> >- >-<sect1> >-<title>DNIX</title> >- >-<para> >-DNIX has a problem with seteuid() and setegid(). These routines are >-needed for Samba to work correctly, but they were left out of the DNIX >-C library for some reason. >-</para> >- >-<para> >-For this reason Samba by default defines the macro NO_EID in the DNIX >-section of includes.h. This works around the problem in a limited way, >-but it is far from ideal, and some things still will not work right. >-</para> >- >-<para> >-To fix the problem properly, you need to assemble the following two >-functions and then either add them to your C library or link them into >-Samba. Put the following in the file <filename>setegid.s</filename>: >-</para> >- >-<para><programlisting> >- .globl _setegid >-_setegid: >- moveq #47,d0 >- movl #100,a0 >- moveq #1,d1 >- movl 4(sp),a1 >- trap #9 >- bccs 1$ >- jmp cerror >-1$: >- clrl d0 >- rts >-</programlisting></para> >- >-<para> >-Put this in the file <filename>seteuid.s</filename>: >-</para> >- >-<para><programlisting> >- .globl _seteuid >-_seteuid: >- moveq #47,d0 >- movl #100,a0 >- moveq #0,d1 >- movl 4(sp),a1 >- trap #9 >- bccs 1$ >- jmp cerror >-1$: >- clrl d0 >- rts >-</programlisting></para> >- >-<para> >-After creating the files, you then assemble them using >-</para> >- >-<screen> >-&prompt;<userinput>as seteuid.s</userinput> >-&prompt;<userinput>as setegid.s</userinput> >-</screen> >- >-<para> >-which should produce the files <filename>seteuid.o</filename> and >-<filename>setegid.o</filename>. >-</para> >- >-<para> >-Next you need to add these to the LIBSM line in the DNIX section of >-the Samba Makefile. Your LIBSM line will look something like this: >-</para> >- >-<para><programlisting> >-LIBSM = setegid.o seteuid.o -ln >-</programlisting></para> >- >-<para> >-You should then remove the line: >-</para> >- >-<para><programlisting> >-#define NO_EID >-</programlisting></para> >- >-<para>from the DNIX section of <filename>includes.h</filename>.</para> >- >-</sect1> >- >-<sect1> >-<title>Red Hat Linux</title> >- >-<para> >-By default during installation, some versions of Red Hat Linux add an >-entry to <filename>/etc/hosts</filename> as follows: >-<programlisting> >-127.0.0.1 loopback "hostname"."domainname" >-</programlisting> >-</para> >- >-<para> >-<indexterm><primary>loopback interface</primary></indexterm> >-This causes Samba to loop back onto the loopback interface. >-The result is that Samba fails to communicate correctly with >-the world and therefore may fail to correctly negotiate who >-is the master browse list holder and who is the master browser. >-</para> >- >-<para> >-Corrective action: Delete the entry after the word "loopback" >-in the line starting 127.0.0.1. >-</para> >-</sect1> >- >-<sect1> >-<title>AIX: Sequential Read Ahead</title> >-<!-- From an email by William Jojo <jojowil@hvcc.edu> --> >-<para> >-Disabling sequential read ahead can improve Samba performance significantly >-when there is a relatively high level of multiprogramming (many smbd processes >-or mixed with another workload), not an abundance of physical memory or slower >-disk technology. These can cause AIX to have a higher WAIT values. Disabling >-sequential read-ahead can also have an adverse affect on other workloads in the >-system so you will need to evaluate other applications for impact. >-</para> >- >-<para> >-It is recommended to use the defaults provided by IBM, but if you experience a >-high amount of wait time, try disabling read-ahead with the following commands: >-</para> >- >-<para> >-For AIX 5.1 and earlier: <userinput>vmtune -r 0</userinput> >-</para> >- >-<para> >-For AIX 5.2 and later jfs filesystems: <userinput>ioo -o minpgahead=0</userinput> >-</para> >- >-<para> >-For AIX 5.2 and later jfs2 filesystems: <userinput>ioo -o j2_minPageReadAhead=0</userinput> >-</para> >- >-<para> >-If you have a mix of jfs and jfs2 filesystems on the same host, simply use both >-ioo commands. >-</para> >-</sect1> >- >-<sect1> >-<title>Solaris</title> >- >-<sect2> >-<title>Locking Improvements</title> >- >-<para>Some people have been experiencing problems with F_SETLKW64/fcntl >-when running Samba on Solaris. The built-in file-locking mechanism was >-not scalable. Performance would degrade to the point where processes would >-get into loops of trying to lock a file. It would try a lock, then fail, >-then try again. The lock attempt was failing before the grant was >-occurring. The visible manifestation of this was a handful of >-processes stealing all of the CPU, and when they were trussed, they would >-be stuck in F_SETLKW64 loops. >-</para> >- >-<para> >-Please check with Sun support for current patches needed to fix this bug. >-The patch revision for 2.6 is 105181-34, for 8 is 108528-19, and for 9 is 112233-04. >-After the installation of these patches, it is recommended to reconfigure >-and rebuild Samba. >-</para> >- >-<para>Thanks to Joe Meslovich for reporting this.</para> >- >-</sect2> >- >-<sect2 id="winbind-solaris9"> >-<title>Winbind on Solaris 9</title> >-<para> >-Nsswitch on Solaris 9 refuses to use the Winbind NSS module. This behavior >-is fixed by Sun in patch <ulink >-url="http://sunsolve.sun.com/search/advsearch.do?collection=PATCH&type=collections&max=50&language=en&queryKey5=112960;rev=14&toDocument=yes">112960-14</ulink>. >-</para> >-</sect2> >-</sect1> >- >-</chapter> >diff --git a/docs-xml/Samba3-HOWTO/index.xml b/docs-xml/Samba3-HOWTO/index.xml >index ef463d4..fcf53db 100644 >--- a/docs-xml/Samba3-HOWTO/index.xml >+++ b/docs-xml/Samba3-HOWTO/index.xml >@@ -202,8 +202,6 @@ The chapters in this part each cover specific Samba features. > <?latex \cleardoublepage ?> > <xi:include href="TOSHARG-Compiling.xml"/> > <?latex \cleardoublepage ?> >- <xi:include href="TOSHARG-Portability.xml"/> >- <?latex \cleardoublepage ?> > <xi:include href="TOSHARG-Other-Clients.xml"/> > <?latex \cleardoublepage ?> > <xi:include href="TOSHARG-Speed.xml"/> >-- >1.7.9.5 > > >From c900492dda4fcd059a824a5b162388b6b41982e9 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Sat, 15 Sep 2012 15:55:55 -0700 >Subject: [PATCH 16/50] docs: Remove very outdated TOSHARG-Other-Clients > section > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml | 351 ----------------------- > docs-xml/Samba3-HOWTO/index.xml | 2 - > 2 files changed, 353 deletions(-) > delete mode 100644 docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml >deleted file mode 100644 >index 94c3fcc..0000000 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Other-Clients.xml >+++ /dev/null >@@ -1,351 +0,0 @@ >-<?xml version="1.0" encoding="iso-8859-1"?> >-<!DOCTYPE chapter PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> >-<chapter id="Other-Clients"> >-<chapterinfo> >- &author.jelmer; >- &author.jht; >- &author.danshearer; >- <author>&person.jmcd;<contrib>OS/2</contrib></author> >- <pubdate>5 Mar 2001</pubdate> >-</chapterinfo> >- >-<title>Samba and Other CIFS Clients</title> >- >-<para>This chapter contains client-specific information.</para> >- >-<sect1> >-<title>Macintosh Clients</title> >- >-<para> >-<indexterm><primary>DAVE</primary></indexterm> >-Yes. <ulink url="http://www.thursby.com/">Thursby</ulink> has a CIFS client/server called <ulink >-url="http://www.thursby.com/products/dave.html">DAVE</ulink>. They test it against Windows 95, Windows >-NT/200x/XP, and Samba for compatibility issues. At the time of this writing, DAVE was at version 5.1. Please >-refer to Thursby's Web site for more information regarding this product. >-</para> >- >-<para> >-<indexterm><primary>Netatalk</primary></indexterm> >-<indexterm><primary>CAP</primary></indexterm> >-Alternatives include two free implementations of AppleTalk for several kinds of UNIX machines and several more >-commercial ones. These products allow you to run file services and print services natively to Macintosh >-users, with no additional support required on the Macintosh. The two free implementations are <ulink >-url="http://www.umich.edu/~rsug/netatalk/">Netatalk</ulink> and <ulink >-url="http://www.cs.mu.oz.au/appletalk/atalk.html">CAP</ulink>. What Samba offers MS Windows users, these >-packages offer to Macs. For more info on these packages, Samba, and Linux (and other UNIX-based systems), see >-<ulink noescape="1" url="http://www.eats.com/linux_mac_win.html">http://www.eats.com/linux_mac_win.html.</ulink> >-</para> >- >-<para>Newer versions of the Macintosh (Mac OS X) include Samba.</para> >- >-</sect1> >- >-<sect1> >-<title>OS2 Client</title> >- >- <sect2> >- <title>Configuring OS/2 Warp Connect or OS/2 Warp 4</title> >- >- <para>Basically, you need three components:</para> >- >- <itemizedlist> >- <listitem><para>The File and Print Client (IBM peer)</para></listitem> >- <listitem><para>TCP/IP (Internet support) </para></listitem> >- <listitem><para>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</para></listitem> >- </itemizedlist> >- >- <para>Installing the first two together with the base operating >- system on a blank system is explained in the Warp manual. If Warp >- has already been installed, but you now want to install the >- networking support, use the <quote>Selective Install for Networking</quote> >- object in the <quote>System Setup</quote> folder.</para> >- >- <para>Adding the <quote>NetBIOS over TCP/IP</quote> driver is not described >- in the manual and just barely in the online documentation. Start >- <command>MPTS.EXE</command>, click on <guiicon>OK</guiicon>, click on <guimenu>Configure LAPS</guimenu>, and click >- on <guimenu>IBM OS/2 NETBIOS OVER TCP/IP</guimenu> in <guilabel>Protocols</guilabel>. This line >- is then moved to <guilabel>Current Configuration</guilabel>. Select that line, >- click on <guimenuitem>Change number</guimenuitem>, and increase it from 0 to 1. Save this >- configuration.</para> >- >- <para>If the Samba server is not on your local subnet, you >- can optionally add IP names and addresses of these servers >- to the <guimenu>Names List</guimenu> or specify a WINS server (NetBIOS >- Nameserver in IBM and RFC terminology). For Warp Connect, you >- may need to download an update for <constant>IBM Peer</constant> to bring it on >- the same level as Warp 4. See the IBM OS/2 Warp Web page</para> >- </sect2> >- >- <sect2> >- <title>Configuring Other Versions of OS/2</title> >- >- <para>This sections deals with configuring OS/2 Warp 3 (not Connect), OS/2 1.2, 1.3 or 2.x.</para> >- >- <para>You can use the free Microsoft LAN Manager 2.2c Client for OS/2 that is >- available from >- <ulink noescape="1" url="ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/"> >- ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/</ulink>. In a nutshell, edit >- the file <filename>\OS2VER</filename> in the root directory of the OS/2 boot partition and add the lines:</para> >- >- <para><programlisting> >- 20=setup.exe >- 20=netwksta.sys >- 20=netvdd.sys >- </programlisting></para> >- >- <para>before you install the client. Also, do not use the included NE2000 driver because it is buggy. >- Try the NE2000 or NS2000 driver from <ulink noescape="1" url="ftp://ftp.cdrom.com/pub/os2/network/ndis/"> >- ftp://ftp.cdrom.com/pub/os2/network/ndis/</ulink> instead. >- </para> >- </sect2> >- >- <sect2> >- <title>Printer Driver Download for OS/2 Clients</title> >- >- <para>Create a share called <smbconfsection name="[PRINTDRV]"/> that is >- world-readable. Copy your OS/2 driver files there. The <filename>.EA_</filename> >- files must still be separate, so you will need to use the original install files >- and not copy an installed driver from an OS/2 system.</para> >- >- <para>Install the NT driver first for that printer. Then, add to your &smb.conf; a parameter, >- <smbconfoption name="os2 driver map"><replaceable>filename</replaceable></smbconfoption>. >- Next, in the file specified by <replaceable>filename</replaceable>, map the >- name of the NT driver name to the OS/2 driver name as follows:</para> >- >- <para><parameter><replaceable>nt driver name</replaceable> = <replaceable>os2 driver name</replaceable>.<replaceable>device name</replaceable></parameter>, e.g.,</para> >- >- <para><parameter> >- HP LaserJet 5L = LASERJET.HP LaserJet 5L</parameter></para> >- >- <para>You can have multiple drivers mapped in this file.</para> >- >- <para>If you only specify the OS/2 driver name, and not the >- device name, the first attempt to download the driver will >- actually download the files, but the OS/2 client will tell >- you the driver is not available. On the second attempt, it >- will work. This is fixed simply by adding the device name >- to the mapping, after which it will work on the first attempt. >- </para> >- </sect2> >-</sect1> >- >-<sect1> >-<title>Windows for Workgroups</title> >- >-<sect2> >-<title>Latest TCP/IP Stack from Microsoft</title> >- >-<para>Use the latest TCP/IP stack from Microsoft if you use Windows >-for Workgroups. The early TCP/IP stacks had lots of bugs.</para> >- >-<para> >-Microsoft has released an incremental upgrade to its TCP/IP 32-bit VxD drivers. The latest release can be >-found at ftp.microsoft.com, located in <filename>/Softlib/MSLFILES/TCP32B.EXE</filename>. There is an >-update.txt file there that describes the problems that were fixed. New files include >-<filename>WINSOCK.DLL</filename>, <filename>TELNET.EXE</filename>, <filename>WSOCK.386</filename>, >-<filename>VNBT.386</filename>, <filename>WSTCP.386</filename>, <filename>TRACERT.EXE</filename>, >-<filename>NETSTAT.EXE</filename>, and <filename>NBTSTAT.EXE</filename>. >-</para> >- >-<para> >-More information about this patch is available in <ulink >-url="http://support.microsoft.com/kb/q99891/">Knowledge Base article 99891</ulink>. >-</para> >- >-</sect2> >- >-<sect2> >-<title>Delete .pwl Files After Password Change</title> >- >-<para> >-Windows for Workgroups does a lousy job with passwords. When you change passwords on either >-the UNIX box or the PC, the safest thing to do is delete the .pwl files in the Windows >-directory. The PC will complain about not finding the files, but will soon get over it, >-allowing you to enter the new password. >-</para> >- >-<para> >-If you do not do this, you may find that Windows for Workgroups remembers and uses the old >-password, even if you told it a new one. >-</para> >- >-<para> >-Often Windows for Workgroups will totally ignore a password you give it in a dialog box. >-</para> >- >-</sect2> >- >-<sect2> >-<title>Configuring Windows for Workgroups Password Handling</title> >- >-<para> >-<indexterm><primary>admincfg.exe</primary></indexterm> >-There is a program call <filename>admincfg.exe</filename> on the last disk (disk 8) of the WFW 3.11 disk set. >-To install it, type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>. Then add an icon >-for it via the <application>Program Manager</application> <guimenu>New</guimenu> menu. This program allows >-you to control how WFW handles passwords, Disable Password Caching and so on, for use with <smbconfoption >-name="security">user</smbconfoption>. >-</para> >- >-</sect2> >- >-<sect2> >-<title>Password Case Sensitivity</title> >- >-<para>Windows for Workgroups uppercases the password before sending it to the server. >-UNIX passwords can be case-sensitive though. Check the &smb.conf; information on >-<smbconfoption name="password level"/> to specify what characters >-Samba should try to uppercase when checking.</para> >- >-</sect2> >- >-<sect2> >-<title>Use TCP/IP as Default Protocol</title> >- >-<para>To support print queue reporting, you may find >-that you have to use TCP/IP as the default protocol under >-Windows for Workgroups. For some reason, if you leave NetBEUI as the default, >-it may break the print queue reporting on some systems. >-It is presumably a Windows for Workgroups bug.</para> >- >-</sect2> >- >-<sect2 id="speedimpr"> >-<title>Speed Improvement</title> >- >-<para> >-Note that some people have found that setting <parameter>DefaultRcvWindow</parameter> in >-the <smbconfsection name="[MSTCP]"/> section of the >-<filename>SYSTEM.INI</filename> file under Windows for Workgroups to 3072 gives a >-big improvement. >-</para> >- >-<para> >-My own experience with DefaultRcvWindow is that I get a much better >-performance with a large value (16384 or larger). Other people have >-reported that anything over 3072 slows things down enormously. One >-person even reported a speed drop of a factor of 30 when he went from >-3072 to 8192. >-</para> >-</sect2> >-</sect1> >- >-<sect1> >-<title>Windows 95/98</title> >- >-<para> >-When using Windows 95 OEM SR2, the following updates are recommended where Samba >-is being used. Please note that the changes documented in >-<link linkend="speedimpr">Speed Improvement</link> will affect you once these >-updates have been installed. >-</para> >- >-<para> >-There are more updates than the ones mentioned here. Refer to the >-Microsoft Web site for all currently available updates to your specific version >-of Windows 95. >-</para> >- >-<simplelist> >-<member>Kernel Update: KRNLUPD.EXE</member> >-<member>Ping Fix: PINGUPD.EXE</member> >-<member>RPC Update: RPCRTUPD.EXE</member> >-<member>TCP/IP Update: VIPUPD.EXE</member> >-<member>Redirector Update: VRDRUPD.EXE</member> >-</simplelist> >- >-<para> >-Also, if using <application>MS Outlook,</application> it is desirable to >-install the <command>OLEUPD.EXE</command> fix. This >-fix may stop your machine from hanging for an extended period when exiting >-Outlook, and you may notice a significant speedup when accessing network >-neighborhood services. >-</para> >- >-<sect2> >-<title>Speed Improvement</title> >- >-<para> >-Configure the Windows 95 TCP/IP registry settings to give better >-performance. I use a program called <command>MTUSPEED.exe</command> that I got off the >-Internet. There are various other utilities of this type freely available. >-</para> >- >-</sect2> >- >-</sect1> >- >-<sect1> >-<title>Windows 2000 Service Pack 2</title> >- >-<para> >-There are several annoyances with Windows 2000 SP2, one of which >-only appears when using a Samba server to host user profiles >-to Windows 2000 SP2 clients in a Windows domain. This assumes >-that Samba is a member of the domain, but the problem will >-most likely occur if it is not. >-</para> >- >-<para> >-In order to serve profiles successfully to Windows 2000 SP2 >-clients (when not operating as a PDC), Samba must have >-<smbconfoption name="nt acl support">no</smbconfoption> >-added to the file share that houses the roaming profiles. >-If this is not done, then the Windows 2000 SP2 client will >-complain about not being able to access the profile (Access >-Denied) and create multiple copies of it on disk (DOMAIN.user.001, >-DOMAIN.user.002, and so on). See the &smb.conf; man page >-for more details on this option. Also note that the >-<smbconfoption name="nt acl support"/> parameter was formally a global parameter in >-releases prior to Samba 2.2.2. >-</para> >- >-<para> >-<link linkend="minimalprofile">Following example</link> provides a minimal profile share. >-</para> >- >-<example id="minimalprofile"> >-<title>Minimal Profile Share</title> >-<smbconfblock> >-<smbconfsection name="[profile]"/> >-<smbconfoption name="path">/export/profile</smbconfoption> >-<smbconfoption name="create mask">0600</smbconfoption> >-<smbconfoption name="directory mask">0700</smbconfoption> >-<smbconfoption name="nt acl support">no</smbconfoption> >-<smbconfoption name="read only">no</smbconfoption> >-</smbconfblock> >-</example> >- >-<para> >-The reason for this bug is that the Windows 200x SP2 client copies >-the security descriptor for the profile that contains >-the Samba server's SID, and not the domain SID. The client >-compares the SID for SAMBA\user and realizes it is >-different from the one assigned to DOMAIN\user; hence, >-<errorname>access denied</errorname> message. >-</para> >- >-<para> >-When the <smbconfoption name="nt acl support"/> parameter is disabled, Samba will send >-the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client >-to set a default ACL for the profile. This default ACL includes: >-</para> >- >-<para><emphasis>DOMAIN\user <quote>Full Control</quote></emphasis>></para> >- >-<note><para>This bug does not occur when using Winbind to >-create accounts on the Samba host for Domain users.</para></note> >- >-</sect1> >- >-<sect1> >-<title>Windows NT 3.1</title> >- >-<para>If you have problems communicating across routers with Windows >-NT 3.1 workstations, read <ulink url="http://support.microsoft.com/default.aspx?scid=kb;Q103765">this Microsoft Knowledge Base article:</ulink>. >- >-</para> >- >-</sect1> >- >-</chapter> >diff --git a/docs-xml/Samba3-HOWTO/index.xml b/docs-xml/Samba3-HOWTO/index.xml >index fcf53db..b2af47a 100644 >--- a/docs-xml/Samba3-HOWTO/index.xml >+++ b/docs-xml/Samba3-HOWTO/index.xml >@@ -202,8 +202,6 @@ The chapters in this part each cover specific Samba features. > <?latex \cleardoublepage ?> > <xi:include href="TOSHARG-Compiling.xml"/> > <?latex \cleardoublepage ?> >- <xi:include href="TOSHARG-Other-Clients.xml"/> >- <?latex \cleardoublepage ?> > <xi:include href="TOSHARG-Speed.xml"/> > <?latex \cleardoublepage ?> > <xi:include href="TOSHARG-SecureLDAP.xml"/> >-- >1.7.9.5 > > >From 8a8b7793cf797b4fbb0af5a58b0538bd91bc3594 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 17 Sep 2012 11:54:25 -0700 >Subject: [PATCH 17/50] docs: Remove references to sysv-style CUPS from > TOSHARG-CUPS-printing > >This also simplifies the cups config by not duplicating the printcap name parameter >that is already set by default when printing=cups is set. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml | 75 +++-------------------- > 1 file changed, 8 insertions(+), 67 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml b/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml >index d0258fb..807334e 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml >@@ -98,9 +98,7 @@ > <indexterm><primary>/etc/printcap</primary></indexterm> > <indexterm><primary>Printcap</primary></indexterm> > <indexterm><primary>PrintcapFormat</primary></indexterm> >-Printing with CUPS in the most basic &smb.conf; setup in Samba-3.0 (as was true for 2.2.x) requires just two >-parameters: <smbconfoption name="printing">cups</smbconfoption> and <smbconfoption >-name="printcap">cups</smbconfoption>. CUPS does not need a printcap file. However, the >+Printing with CUPS in the most basic &smb.conf; setup in Samba requires just this parameter: <smbconfoption name="printing">cups</smbconfoption>. CUPS does not need a printcap file. However, the > <filename>cupsd.conf</filename> configuration file knows of two related directives that control how such a > file will be automatically created and maintained by CUPS for the convenience of third-party applications > (example: <parameter>Printcap /etc/printcap</parameter> and <parameter>PrintcapFormat BSD</parameter>). >@@ -116,52 +114,13 @@ url="http://localhost:631/documentation.html">CUPS</ulink> web site. > > <para> > <indexterm><primary>libcups.so</primary></indexterm> >- Samba has a special relationship to CUPS. Samba can be compiled with CUPS library support. >+ Samba has a special relationship to CUPS, and to use CUPS Samba must be compiled with CUPS library support. > Most recent installations have this support enabled. By default, CUPS linking is compiled >- into smbd and other Samba binaries. Of course, you can use CUPS even >- if Samba is not linked against <filename>libcups.so</filename> &smbmdash; but >- there are some differences in required or supported configuration. >+ into smbd and other Samba binaries. The parameter >+ <smbconfoption name="printing">cups</smbconfoption> will only >+ be accepted if this is the case. > </para> > >- <para> >-<indexterm><primary>libcups</primary></indexterm> >-<indexterm><primary>ldd</primary></indexterm> >- When Samba is compiled and linked with <filename>libcups</filename>, <smbconfoption name="printcap">cups</smbconfoption> >- uses the CUPS API to list printers, submit jobs, query queues, and so on. Otherwise it maps to the System V >- commands with an additional <command>-oraw</command> option for printing. On a Linux >- system, you can use the <command>ldd</command> utility to find out if smbd has been linked with the >- libcups library (<command>ldd</command> may not be present on other OS platforms, or its function may be embodied >- by a different command): >-<screen> >-&rootprompt;<userinput>ldd `which smbd`</userinput> >-libssl.so.0.9.6 => /usr/lib/libssl.so.0.9.6 (0x4002d000) >-libcrypto.so.0.9.6 => /usr/lib/libcrypto.so.0.9.6 (0x4005a000) >-libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) >-[....] >-</screen> >- </para> >- >- <para> >-<indexterm><primary>libcups.so.2</primary></indexterm> >- The line <computeroutput>libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000)</computeroutput> shows >- there is CUPS support compiled into this version of Samba. If this is the case, and printing = cups >- is set, then <emphasis>any otherwise manually set print command in &smb.conf; is ignored</emphasis>. >- This is an important point to remember! >- </para> >- >- <tip><para> Should it be necessary, for any reason, to set your own print commands, you can do this by setting >- <smbconfoption name="printing">sysv</smbconfoption>. However, you will lose all the benefits >- of tight CUPS-Samba integration. When you do this, you must manually configure the printing system commands >- (most important: >- <smbconfoption name="print command"/>; other commands are >- <smbconfoption name="lppause command"/>, >- <smbconfoption name="lpresume command"/>, >- <smbconfoption name="lpq command"/>, >- <smbconfoption name="lprm command"/>, >- <smbconfoption name="queuepause command"/> and >- <smbconfoption name="queue resume command"/>). >- </para></tip> >- > </sect2> > > <sect2> >@@ -179,7 +138,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) > <smbconfsection name="[global]"/> > <smbconfoption name="load printers">yes</smbconfoption> > <smbconfoption name="printing">cups</smbconfoption> >- <smbconfoption name="printcap name">cups</smbconfoption> > > <smbconfsection name="[printers]"/> > <smbconfoption name="comment">All Printers</smbconfoption> >@@ -222,7 +180,6 @@ libcups.so.2 => /usr/lib/libcups.so.2 (0x40123000) > <smbconfblock> > <smbconfsection name="[global]"/> > <smbconfoption name="printing">cups</smbconfoption> >- <smbconfoption name="printcap name">cups</smbconfoption> > <smbconfoption name="load printers">yes</smbconfoption> > > <smbconfsection name="[printers]"/> >@@ -2198,18 +2155,14 @@ file <parameter>[global]</parameter> section: > > <smbconfblock> > <smbconfoption name="printing">cups</smbconfoption> >-<smbconfoption name="printcap">cups</smbconfoption> > </smbconfblock> > > <para> > When these parameters are specified, all manually set print directives (like <smbconfoption name="print > command"/> or <smbconfoption name="lppause command"/>) in &smb.conf; (as well as in Samba itself) will be >-ignored. Instead, Samba will directly interface with CUPS through its application program interface (API), as >-long as Samba has been compiled with CUPS library (libcups) support. If Samba has not been compiled with CUPS >-support, and if no other print commands are set up, then printing will use the <emphasis>System V</emphasis> >-AT&T command set, with the -oraw option automatically passing through (if you want your own defined print >-commands to work with a Samba server that has CUPS support compiled in, simply use <smbconfoption >-name="classicalprinting">sysv</smbconfoption>). This is illustrated in <link linkend="f13small">the Printing via >+ignored. Instead, Samba will directly interface with CUPS through its >+application program interface (API). >+This is illustrated in <link linkend="f13small">the Printing via > CUPS/Samba Server diagram</link>. > </para> > >@@ -4732,8 +4685,6 @@ For everything to work as it should, you need to have three things: > <listitem><para>A Samba-&smb.conf; setting of > <smbconfoption name="printing">cups</smbconfoption>.</para></listitem> > >- <listitem><para>Another Samba &smb.conf; setting of >- <smbconfoption name="printcap">cups</smbconfoption>.</para></listitem> > </itemizedlist> > > <note><para> >@@ -4747,16 +4698,6 @@ influence whatsoever on your printing. > </para></note> > </sect2> > >-<sect2> >-<title>Manual Configuration</title> >- >-<para> >-If you want to do things manually, replace the <smbconfoption name="printing">cups</smbconfoption> >-by <smbconfoption name="printing">bsd</smbconfoption>. Then your manually set commands may work >-(I haven't tested this), and a <smbconfoption name="print command">lp -d %P %s; rm %s</smbconfoption> >-may do what you need. >-</para> >-</sect2> > </sect1> > > <sect1> >-- >1.7.9.5 > > >From c64244237f49ab5fc3db0accdaab58f3ca58e8dd Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 17 Sep 2012 11:55:12 -0700 >Subject: [PATCH 18/50] docs: Remove references to mulitple passdb backends > >These are long-gone and confusing. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 29 ----------------------------- > 1 file changed, 29 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >index c1738e3..54e0041 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >@@ -20,16 +20,6 @@ > <title>Account Information Databases</title> > > <para> >-<indexterm><primary>account backends</primary></indexterm> >-<indexterm><primary>password backends</primary></indexterm> >-<indexterm><primary>scalability</primary></indexterm> >-<indexterm><primary>ADS</primary></indexterm> >-Early releases of Samba-3 implemented new capability to work concurrently with multiple account backends. This >-capability was removed beginning with release of Samba 3.0.23. Commencing with Samba 3.0.23 it is possible to >-work with only one specified passwd backend. >-</para> >- >-<para> > <indexterm><primary>passdb backend</primary></indexterm> > <indexterm><primary>smbpasswd</primary></indexterm> > <indexterm><primary>tdbsam</primary></indexterm> >@@ -1654,25 +1644,6 @@ regarding this facility. > <sect1> > <title>Password Backends</title> > >-<para> >-<indexterm><primary>account database</primary></indexterm> >-<indexterm><primary>SMB/CIFS server</primary></indexterm> >-Samba offers flexibility in backend account database design. The flexibility is immediately obvious as one >-begins to explore this capability. Recent changes to Samba (since 3.0.23) have removed the mulitple backend >-feature in order to simplify problems that broke some installations. This removal has made the internal >-operation of Samba-3 more consistent and predictable. >-</para> >- >-<para> >-<indexterm><primary>multiple backends</primary></indexterm> >-<indexterm><primary>tdbsam databases</primary></indexterm> >-Beginning with Samba 3.0.23 it is no longer possible to specify use of mulitple passdb backends. Earlier >-versions of Samba-3 made it possible to specify multiple password backends, and even multiple >-backends of the same type. The multiple passdb backend capability caused many problems with name to SID and >-SID to name ID resolution. The Samba team wrestled with the challenges and decided that this feature needed >-to be removed. >-</para> >- > <sect2> > <title>Plaintext</title> > >-- >1.7.9.5 > > >From 9a1f91ab04f1049b0a7f5f9d5ed72d81114254d5 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 17 Sep 2012 11:56:08 -0700 >Subject: [PATCH 19/50] docs: Remove references to specific windows versions, > instead mention Home/Professional/Server > >The flavours of windows seem to last longer than the individual products. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >index 54e0041..5d4b108 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >@@ -314,10 +314,10 @@ Samba-3 introduces a number of new password backend capabilities. > > <note> > <para> >-<indexterm><primary>Windows XP Home</primary></indexterm> >+<indexterm><primary>Windows Home edition</primary></indexterm> > <indexterm><primary>domain member</primary></indexterm> > <indexterm><primary>domain logons</primary></indexterm> >- MS Windows XP Home does not have facilities to become a domain member, and it cannot participate in domain logons. >+ MS Windows Home editions do not have facilities to become a domain member, and cannot participate in domain logons. > </para> > </note> > >@@ -328,9 +328,8 @@ Samba-3 introduces a number of new password backend capabilities. > <itemizedlist> > <listitem><para>Windows NT 3.5x.</para></listitem> > <listitem><para>Windows NT 4.0.</para></listitem> >- <listitem><para>Windows 2000 Professional.</para></listitem> >- <listitem><para>Windows 200x Server/Advanced Server.</para></listitem> >- <listitem><para>Windows XP Professional.</para></listitem> >+ <listitem><para>Windows editions labeled Professional.</para></listitem> >+ <listitem><para>Windows editions laveled Server/Advanced Server.</para></listitem> > </itemizedlist> > > <para> >-- >1.7.9.5 > > >From dc5eb755d0ebf518c154f28c2dbbc4c67a32d2cd Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Mon, 17 Sep 2012 11:56:28 -0700 >Subject: [PATCH 20/50] docs: Remove another reference to security=share > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >index 5d4b108..ac9bebc 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >@@ -385,7 +385,7 @@ Samba-3 introduces a number of new password backend capabilities. > <indexterm><primary>password prompt</primary></indexterm> > <indexterm><primary>SMB encryption</primary></indexterm> > Windows NT does not like talking to a server that does not support encrypted passwords. It will refuse to >- browse the server if the server is also in user-level security mode. It will insist on prompting the user for >+ browse the server. It will insist on prompting the user for > the password on each connection, which is very annoying. The only thing you can do to stop this is to use SMB > encryption. > </para></listitem> >-- >1.7.9.5 > > >From e8300d8e63fc444fb9bdaf3770f567ff35447550 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Sun, 23 Sep 2012 03:09:32 +1000 >Subject: [PATCH 21/50] docs: Update TOSHARG-Install > >- winbindd runs as many processes now >- open_oplock_ipc errors do not happen any more, we do not use UDP messaging any more. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-Install.xml | 20 ++------------------ > 1 file changed, 2 insertions(+), 18 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml >index 673ba93..88e0ed8 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml >@@ -657,24 +657,8 @@ The following questions and issues are raised repeatedly on the Samba mailing li > </para> > > <para> >- &winbindd; will run as one or two daemons, depending on whether or not it is being >- run in <emphasis>split mode</emphasis> (in which case there will be two instances). >- </para> >- >- </sect2> >- >- <sect2> >- <title>Error Message: open_oplock_ipc</title> >- >- <para> >- An error message is observed in the log files when &smbd; is started: <quote>open_oplock_ipc: Failed to >- get local UDP socket for address 100007f. Error was Cannot assign requested.</quote> >- </para> >- >- <para> >- Your loopback device isn't working correctly. Make sure it is configured correctly. The loopback >- device is an internal (virtual) network device with the IP address <emphasis>127.0.0.1</emphasis>. >- Read your OS documentation for details on how to configure the loopback on your system. >+ &winbindd; will run as many processes depending in part on how many >+ domains it needs to contact. > </para> > > </sect2> >-- >1.7.9.5 > > >From 99589476a09aa5f1ca89339e48f8cd19a464239a Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 25 Sep 2012 11:04:14 +1000 >Subject: [PATCH 22/50] docs: Fix typo in TOSHARG-Passdb > >--- > docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >index ac9bebc..427313a 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >@@ -329,7 +329,7 @@ Samba-3 introduces a number of new password backend capabilities. > <listitem><para>Windows NT 3.5x.</para></listitem> > <listitem><para>Windows NT 4.0.</para></listitem> > <listitem><para>Windows editions labeled Professional.</para></listitem> >- <listitem><para>Windows editions laveled Server/Advanced Server.</para></listitem> >+ <listitem><para>Windows editions labeled Server/Advanced Server.</para></listitem> > </itemizedlist> > > <para> >-- >1.7.9.5 > > >From d488b44fc90f2c4f45868fbb6fe6da10d6812b14 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 25 Sep 2012 11:05:01 +1000 >Subject: [PATCH 23/50] docs: Remove mention of auth methods in TOSHARG-Passdb > >This is not connected to the passdb system, and we should not encourage setting of auth methods >in any case. > >Andrew Bartlett >--- > docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 12 ------------ > 1 file changed, 12 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >index 427313a..456c7ce 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml >@@ -2605,18 +2605,6 @@ sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7 > Read the <link linkend="acctmgmttools">Account Management Tools</link> for details.</para> > > </sect2> >- >- <sect2> >- <title>Configuration of <parameter>auth methods</parameter></title> >- >- <para> >- When explicitly setting an <smbconfoption name="auth methods"/> parameter, >- <parameter>guest</parameter> must be specified as the first entry on the line &smbmdash; >- for example, <smbconfoption name="auth methods">guest sam</smbconfoption>. >- </para> >- >- </sect2> >- > </sect1> > > </chapter> >-- >1.7.9.5 > > >From ca7b843b9ec5902b2e2fe52ebb74725d0565540b Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Tue, 25 Sep 2012 11:05:37 +1000 >Subject: [PATCH 24/50] docs: Change TOSHARG-VFS to avoid suggesting VFS > modules are Linux/IRIX only > >Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> >Autobuild-Date(master): Tue Sep 25 08:27:15 CEST 2012 on sn-devel-104 >--- > docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > >diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml >index 933efb5..84ee82d 100644 >--- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml >+++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml >@@ -34,8 +34,7 @@ modules that come with the Samba source and provides references to some external > <indexterm><primary>IRIX</primary></indexterm> > <indexterm><primary>GNU/Linux</primary></indexterm> > If not supplied with your platform distribution binary Samba package, you may have problems compiling these >-modules, as shared libraries are compiled and linked in different ways on different systems. They currently >-have been tested against GNU/Linux and IRIX. >+modules, as shared libraries are compiled and linked in different ways on different systems. > </para> > > <para> >-- >1.7.9.5 > > >From bfe6bdd8d2b5f6d3d4e7070086e65c13e8733eac Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de> >Date: Tue, 2 Oct 2012 11:37:11 +0200 >Subject: [PATCH 25/50] s3-docs: add delete_lost option to vfs_streams_depot.8 > >Signed-off-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User(master): Stefan Metzmacher <metze@samba.org> >Autobuild-Date(master): Wed Oct 3 18:10:14 CEST 2012 on sn-devel-104 >--- > docs-xml/manpages/vfs_streams_depot.8.xml | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > >diff --git a/docs-xml/manpages/vfs_streams_depot.8.xml b/docs-xml/manpages/vfs_streams_depot.8.xml >index 78b5fd3..639428b 100644 >--- a/docs-xml/manpages/vfs_streams_depot.8.xml >+++ b/docs-xml/manpages/vfs_streams_depot.8.xml >@@ -52,6 +52,25 @@ > </listitem> > </varlistentry> > >+ <varlistentry> >+ <term>streams_depot:delete_lost = [ yes | no ]</term> >+ <listitem> >+ <para>In the case of an already existing data streams directory >+ for a newly created file the streams directory will be renamed >+ to "lost-%lu", random(). With this option lost stream directories >+ will be removed instead of renamed.</para> >+ <itemizedlist> >+ <listitem><para> >+ <command>no(default)</command> - rename lost streams to >+ "lost-%lu", random(). >+ </para></listitem> >+ <listitem><para> >+ <command>yes</command> - remove lost streams. >+ </para></listitem> >+ </itemizedlist> >+ </listitem> >+ </varlistentry> >+ > </variablelist> > </refsect1> > >-- >1.7.9.5 > > >From 48d1653f9a2cdb0252b873abb1873475de57d174 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 01:31:37 +0200 >Subject: [PATCH 26/50] undocumented: Drop extension from helper scripts. > >--- > docs-xml/Makefile | 6 +-- > docs-xml/scripts/find_missing_doc | 62 +++++++++++++++++++++++++++++ > docs-xml/scripts/find_missing_doc.pl | 62 ----------------------------- > docs-xml/scripts/find_missing_manpages | 39 ++++++++++++++++++ > docs-xml/scripts/find_missing_manpages.pl | 39 ------------------ > 5 files changed, 104 insertions(+), 104 deletions(-) > create mode 100755 docs-xml/scripts/find_missing_doc > delete mode 100755 docs-xml/scripts/find_missing_doc.pl > create mode 100755 docs-xml/scripts/find_missing_manpages > delete mode 100755 docs-xml/scripts/find_missing_manpages.pl > >diff --git a/docs-xml/Makefile b/docs-xml/Makefile >index 0feab24..0b4e880 100644 >--- a/docs-xml/Makefile >+++ b/docs-xml/Makefile >@@ -260,9 +260,9 @@ $(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml > cd $(<D) && $(XMLLINT) --xinclude --noent --postvalid --noout $(<F) > > # Find undocumented parameters >-undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl >- $(PERL) scripts/find_missing_doc.pl $(SRCDIR) >- $(PERL) scripts/find_missing_manpages.pl $(SRCDIR)/source3 >+undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc scripts/find_missing_manpages >+ $(PERL) scripts/find_missing_doc $(SRCDIR) >+ $(PERL) scripts/find_missing_manpages $(SRCDIR)/source3 > > samples: $(DOCBOOKDIR)/Samba3-HOWTO.xml xslt/extract-examples.xsl scripts/indent-smb.conf.pl > @mkdir -p examples >diff --git a/docs-xml/scripts/find_missing_doc b/docs-xml/scripts/find_missing_doc >new file mode 100755 >index 0000000..6ce547b >--- /dev/null >+++ b/docs-xml/scripts/find_missing_doc >@@ -0,0 +1,62 @@ >+#!/usr/bin/perl >+ >+my %doc; >+ >+$topdir = (shift @ARGV) or $topdir = "."; >+ >+################################################## >+# Reading links from manpage >+ >+$curdir = $ENV{PWD}; >+ >+chdir("smbdotconf"); >+ >+open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|"); >+ >+while(<IN>) { >+ if( /<samba:parameter .*?name="([^"]*?)"/g ){ >+ my $name = $1; >+ $name =~ s/ //g; >+ $doc{$name} = "NOTFOUND"; >+ } >+} >+ >+close(IN); >+ >+chdir($curdir); >+ >+################################################# >+# Reading entries from source code >+ >+ >+open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!"); >+ >+while ($ln = <SOURCE>) { >+ last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/; >+} #burn through the preceding lines >+ >+while ($ln = <SOURCE>) { >+ last if $ln =~ m/^\s*\}\;\s*$/; >+ #pull in the param names only >+ next if $ln =~ m/.*P_SEPARATOR.*/; >+ next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/; >+ >+ my $name = $1; >+ $name =~ s/ //g; >+ >+ if($doc{lc($name)}) { >+ $doc{lc($name)} = "FOUND"; >+ } else { >+ print "'$name' is not documented\n"; >+ } >+} >+close SOURCE; >+ >+################################################## >+# Trying to find missing references >+ >+foreach (keys %doc) { >+ if($doc{$_} cmp "FOUND") { >+ print "'$_' is documented but is not a configuration option\n"; >+ } >+} >diff --git a/docs-xml/scripts/find_missing_doc.pl b/docs-xml/scripts/find_missing_doc.pl >deleted file mode 100755 >index 6ce547b..0000000 >--- a/docs-xml/scripts/find_missing_doc.pl >+++ /dev/null >@@ -1,62 +0,0 @@ >-#!/usr/bin/perl >- >-my %doc; >- >-$topdir = (shift @ARGV) or $topdir = "."; >- >-################################################## >-# Reading links from manpage >- >-$curdir = $ENV{PWD}; >- >-chdir("smbdotconf"); >- >-open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|"); >- >-while(<IN>) { >- if( /<samba:parameter .*?name="([^"]*?)"/g ){ >- my $name = $1; >- $name =~ s/ //g; >- $doc{$name} = "NOTFOUND"; >- } >-} >- >-close(IN); >- >-chdir($curdir); >- >-################################################# >-# Reading entries from source code >- >- >-open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!"); >- >-while ($ln = <SOURCE>) { >- last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/; >-} #burn through the preceding lines >- >-while ($ln = <SOURCE>) { >- last if $ln =~ m/^\s*\}\;\s*$/; >- #pull in the param names only >- next if $ln =~ m/.*P_SEPARATOR.*/; >- next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/; >- >- my $name = $1; >- $name =~ s/ //g; >- >- if($doc{lc($name)}) { >- $doc{lc($name)} = "FOUND"; >- } else { >- print "'$name' is not documented\n"; >- } >-} >-close SOURCE; >- >-################################################## >-# Trying to find missing references >- >-foreach (keys %doc) { >- if($doc{$_} cmp "FOUND") { >- print "'$_' is documented but is not a configuration option\n"; >- } >-} >diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages >new file mode 100755 >index 0000000..cd8ed87 >--- /dev/null >+++ b/docs-xml/scripts/find_missing_manpages >@@ -0,0 +1,39 @@ >+#!/usr/bin/perl >+ >+my %doc; >+ >+$invar = 0; >+ >+$topdir = (shift @ARGV) or $topdir = "."; >+ >+$progs = ""; >+ >+open(IN, "$topdir/Makefile.in"); >+while(<IN>) { >+ if($invar && /^([ \t]*)(.*?)([\\])$/) { >+ $progs.=" " . $2; >+ if($4) { $invar = 1; } else { $invar = 0; } >+ } elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) { >+ $progs.=" " . $3; >+ if($4) { $invar = 1; } >+ } else { $invar = 0; } >+} >+ >+$progs =~ s/@([^@]+)@//g; >+ >+foreach(split(/bin\//, $progs)) { >+ next if($_ eq " "); >+ s/ //g; >+ >+ $f = $_; >+ >+ $found = 0; >+ >+ for($i = 0; $i < 9; $i++) { >+ if(-e "manpages/$f.$i.xml") { $found = 1; } >+ } >+ >+ if(!$found) { >+ print "'$f' does not have a manpage\n"; >+ } >+} >diff --git a/docs-xml/scripts/find_missing_manpages.pl b/docs-xml/scripts/find_missing_manpages.pl >deleted file mode 100755 >index cd8ed87..0000000 >--- a/docs-xml/scripts/find_missing_manpages.pl >+++ /dev/null >@@ -1,39 +0,0 @@ >-#!/usr/bin/perl >- >-my %doc; >- >-$invar = 0; >- >-$topdir = (shift @ARGV) or $topdir = "."; >- >-$progs = ""; >- >-open(IN, "$topdir/Makefile.in"); >-while(<IN>) { >- if($invar && /^([ \t]*)(.*?)([\\])$/) { >- $progs.=" " . $2; >- if($4) { $invar = 1; } else { $invar = 0; } >- } elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) { >- $progs.=" " . $3; >- if($4) { $invar = 1; } >- } else { $invar = 0; } >-} >- >-$progs =~ s/@([^@]+)@//g; >- >-foreach(split(/bin\//, $progs)) { >- next if($_ eq " "); >- s/ //g; >- >- $f = $_; >- >- $found = 0; >- >- for($i = 0; $i < 9; $i++) { >- if(-e "manpages/$f.$i.xml") { $found = 1; } >- } >- >- if(!$found) { >- print "'$f' does not have a manpage\n"; >- } >-} >-- >1.7.9.5 > > >From 7ce6ea22d6dc0e1411a887df0d48d1e434977f8e Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 01:31:26 +0200 >Subject: [PATCH 27/50] smb.conf.5: Document 'cldap port'. > >--- > docs-xml/smbdotconf/protocol/cldapport.xml | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/cldapport.xml > >diff --git a/docs-xml/smbdotconf/protocol/cldapport.xml b/docs-xml/smbdotconf/protocol/cldapport.xml >new file mode 100644 >index 0000000..c5f7606 >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/cldapport.xml >@@ -0,0 +1,13 @@ >+<samba:parameter name="cldap port" >+ context="G" >+ type="integer" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>This option controls the port used by the CLDAP protocol. >+</para> >+</description> >+ >+<value type="default">389</value> >+<value type="example">3389</value> >+</samba:parameter> >-- >1.7.9.5 > > >From b6dfe5f5436f498945533b8a9bf842030552ab2c Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 01:28:17 +0200 >Subject: [PATCH 28/50] Remove unused neatquotes script. > >--- > docs-xml/scripts/neatquotes.pl | 12 ------------ > 1 file changed, 12 deletions(-) > delete mode 100755 docs-xml/scripts/neatquotes.pl > >diff --git a/docs-xml/scripts/neatquotes.pl b/docs-xml/scripts/neatquotes.pl >deleted file mode 100755 >index 9d5aa6e..0000000 >--- a/docs-xml/scripts/neatquotes.pl >+++ /dev/null >@@ -1,12 +0,0 @@ >-#!/usr/bin/perl >- >-my $inprog = 0; >- >-while(<STDIN>) { >- if(/<(programlisting|screen)>/) { $inprog = 1; } >- if(/<\/(programlisting|screen)>/) { $inprog = 0; } >- if(not /="(.*)"/ and not $inprog) { >- s/"(.*?)"/<quote>\1<\/quote>/g; >- } >- print $_; >-} >-- >1.7.9.5 > > >From ab86fbb4602508c8ef2cbba7a5d53dc1dd24a503 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 02:59:35 +0200 >Subject: [PATCH 29/50] smb.conf(5): Remove documentation for removed 'lock > spin count' parameter. > >Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> >Autobuild-Date(master): Wed Sep 26 09:41:09 CEST 2012 on sn-devel-104 >--- > docs-xml/smbdotconf/locking/lockspincount.xml | 12 ------------ > 1 file changed, 12 deletions(-) > delete mode 100644 docs-xml/smbdotconf/locking/lockspincount.xml > >diff --git a/docs-xml/smbdotconf/locking/lockspincount.xml b/docs-xml/smbdotconf/locking/lockspincount.xml >deleted file mode 100644 >index da2582d..0000000 >--- a/docs-xml/smbdotconf/locking/lockspincount.xml >+++ /dev/null >@@ -1,12 +0,0 @@ >-<samba:parameter name="lock spin count" >- context="G" >- type="integer" >- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >-<description> >- <para>This parameter has been made inoperative in Samba 3.0.24. >- The functionality it controlled is now controlled by the parameter >- <smbconfoption name="lock spin time"/>. >- </para> >-</description> >-<value type="default">0</value> >-</samba:parameter> >-- >1.7.9.5 > > >From 91843a390c1b8f8b604624397fc3a12f1a205985 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 01:24:04 +0200 >Subject: [PATCH 30/50] find_missing_manpages: Ignore make variables. > >--- > docs-xml/scripts/find_missing_manpages | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages >index cd8ed87..12cbc28 100755 >--- a/docs-xml/scripts/find_missing_manpages >+++ b/docs-xml/scripts/find_missing_manpages >@@ -20,6 +20,7 @@ while(<IN>) { > } > > $progs =~ s/@([^@]+)@//g; >+$progs =~ s/\$\(.*?\)//g; > > foreach(split(/bin\//, $progs)) { > next if($_ eq " "); >-- >1.7.9.5 > > >From 945afc967398c51f114a090cb4b438db392d6a90 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 02:05:39 +0200 >Subject: [PATCH 31/50] find_missing_manpages: convert to python > >--- > docs-xml/scripts/find_missing_manpages | 74 +++++++++++++++++++------------- > 1 file changed, 44 insertions(+), 30 deletions(-) > >diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages >index 12cbc28..a0a19af 100755 >--- a/docs-xml/scripts/find_missing_manpages >+++ b/docs-xml/scripts/find_missing_manpages >@@ -1,40 +1,54 @@ >-#!/usr/bin/perl >+#!/usr/bin/python > >-my %doc; >+import optparse >+import os >+import re > >-$invar = 0; >+parser = optparse.OptionParser("source_dir") > >-$topdir = (shift @ARGV) or $topdir = "."; >+(opts, args) = parser.parse_args() > >-$progs = ""; >+invar = 0 > >-open(IN, "$topdir/Makefile.in"); >-while(<IN>) { >- if($invar && /^([ \t]*)(.*?)([\\])$/) { >- $progs.=" " . $2; >- if($4) { $invar = 1; } else { $invar = 0; } >- } elsif(/^([^ ]*)_PROGS([0-9]*) = (.*?)([\\])$/) { >- $progs.=" " . $3; >- if($4) { $invar = 1; } >- } else { $invar = 0; } >-} >+if len(args) == 1: >+ topdir = args[0] >+else: >+ topdir = "." > >-$progs =~ s/@([^@]+)@//g; >-$progs =~ s/\$\(.*?\)//g; >+progs = [] > >-foreach(split(/bin\//, $progs)) { >- next if($_ eq " "); >- s/ //g; >+f = open(os.path.join(topdir, "Makefile.in"), "r") > >- $f = $_; >- >- $found = 0; >+for l in f.readlines(): >+ l = l.strip() >+ if invar: >+ invar = (l[-1] == "\\") >+ progs.extend(l.rstrip("\\").split(" ")) >+ else: >+ m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l) >+ if m: >+ progs.extend(m.group(3).split(" ")) >+ invar = (m.group(4) == "\\") >+ else: >+ invar = False > >- for($i = 0; $i < 9; $i++) { >- if(-e "manpages/$f.$i.xml") { $found = 1; } >- } >+#$progs =~ s/@([^@]+)@//g; >+#$progs =~ s/\$\(.*?\)//g; > >- if(!$found) { >- print "'$f' does not have a manpage\n"; >- } >-} >+for prog in progs: >+ prog = prog.strip() >+ if prog == "": >+ continue >+ if prog[0] in ("@", "$"): >+ continue >+ prog = prog[len("bin/"):] >+ >+ found = False >+ >+ for i in range(9): >+ p = "manpages/%s.%d.xml" % (prog, i) >+ if os.path.exists(p): >+ found = True >+ >+ if not found: >+ print "'%s' does not have a manpage" % prog >-- >1.7.9.5 > > >From 45b47ea42f8a6ae3c22aac4169b6803d199ef4a7 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 02:37:01 +0200 >Subject: [PATCH 32/50] find_missing_doc: Convert to python. > >--- > docs-xml/scripts/find_missing_doc | 119 +++++++++++++++++++------------- > docs-xml/scripts/find_missing_manpages | 43 ++++++++---- > 2 files changed, 100 insertions(+), 62 deletions(-) > >diff --git a/docs-xml/scripts/find_missing_doc b/docs-xml/scripts/find_missing_doc >index 6ce547b..d75ef8d 100755 >--- a/docs-xml/scripts/find_missing_doc >+++ b/docs-xml/scripts/find_missing_doc >@@ -1,62 +1,83 @@ >-#!/usr/bin/perl >+#!/usr/bin/python > >-my %doc; >+# Copyright (C) 2007,2012 Jelmer Vernooij <jelmer@samba.org> > >-$topdir = (shift @ARGV) or $topdir = "."; >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# > >-################################################## >-# Reading links from manpage >- >-$curdir = $ENV{PWD}; >- >-chdir("smbdotconf"); >+import optparse >+import os >+import re > >-open(IN,"xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml|"); >+parser = optparse.OptionParser("source_dir") > >-while(<IN>) { >- if( /<samba:parameter .*?name="([^"]*?)"/g ){ >- my $name = $1; >- $name =~ s/ //g; >- $doc{$name} = "NOTFOUND"; >- } >-} >+(opts, args) = parser.parse_args() > >-close(IN); >+if len(args) == 1: >+ topdir = args[0] >+else: >+ topdir = "." > >-chdir($curdir); >- >-################################################# >-# Reading entries from source code >- >- >-open(SOURCE,"$topdir/lib/param/param_table.c") or die("Can't open $topdir/lib/param/param_table.c: $!"); >+# Reading links from manpage > >-while ($ln = <SOURCE>) { >- last if $ln =~ m/^static\ struct\ parm_struct\ parm_table.*/; >-} #burn through the preceding lines >+curdir = os.getcwd() >+doc = {} > >-while ($ln = <SOURCE>) { >- last if $ln =~ m/^\s*\}\;\s*$/; >- #pull in the param names only >- next if $ln =~ m/.*P_SEPARATOR.*/; >- next unless $ln =~ /\s*\.label\s*=\s*\"(.*)\".*/; >+os.chdir("smbdotconf"); > >- my $name = $1; >- $name =~ s/ //g; >+f = os.popen("xsltproc --xinclude --param smb.context ALL generate-context.xsl parameters.all.xml", "r") >+try: >+ for l in f.readlines(): >+ m = re.match('<samba:parameter .*?name="([^"]*?)"', l) >+ if m: >+ name = m.group(1).replace(" ", "") >+ doc[name] = False >+finally: >+ f.close() > >- if($doc{lc($name)}) { >- $doc{lc($name)} = "FOUND"; >- } else { >- print "'$name' is not documented\n"; >- } >-} >-close SOURCE; >+os.chdir(curdir) > >-################################################## >-# Trying to find missing references >+# Reading entries from source code > >-foreach (keys %doc) { >- if($doc{$_} cmp "FOUND") { >- print "'$_' is documented but is not a configuration option\n"; >- } >-} >+f = open(os.path.join(topdir, "lib/param/param_table.c"), "r") >+ >+# burn through the preceding lines >+while True: >+ l = f.readline() >+ if l.startswith("static struct parm_struct parm_table"): >+ break >+ >+for l in f.readlines(): >+ if re.match("^\s*\}\;\s*$", l): >+ break >+ # pull in the param names only >+ if re.match(".*P_SEPARATOR.*", l): >+ continue >+ m = re.match("\s*\.label\s*=\s*\"(.*)\".*", l) >+ if not m: >+ continue >+ >+ name = m.group(1) >+ name = name.replace(" ", "") >+ >+ if name.lower() in doc: >+ doc[name.lower()] = True >+ else: >+ print "'%s' is not documented" % name >+f.close() >+ >+# Try to find missing references >+for key in doc.keys(): >+ if doc[key] == "FOUND": >+ print "'$_' is documented but is not a configuration option" >diff --git a/docs-xml/scripts/find_missing_manpages b/docs-xml/scripts/find_missing_manpages >index a0a19af..baa5809 100755 >--- a/docs-xml/scripts/find_missing_manpages >+++ b/docs-xml/scripts/find_missing_manpages >@@ -1,4 +1,19 @@ > #!/usr/bin/python >+# Copyright (C) 2007,2012 Jelmer Vernooij <jelmer@samba.org> >+ >+# This program is free software; you can redistribute it and/or modify >+# it under the terms of the GNU General Public License as published by >+# the Free Software Foundation; either version 3 of the License, or >+# (at your option) any later version. >+# >+# This program is distributed in the hope that it will be useful, >+# but WITHOUT ANY WARRANTY; without even the implied warranty of >+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the >+# GNU General Public License for more details. >+# >+# You should have received a copy of the GNU General Public License >+# along with this program. If not, see <http://www.gnu.org/licenses/>. >+# > > import optparse > import os >@@ -8,7 +23,7 @@ parser = optparse.OptionParser("source_dir") > > (opts, args) = parser.parse_args() > >-invar = 0 >+invar = False > > if len(args) == 1: > topdir = args[0] >@@ -18,19 +33,21 @@ else: > progs = [] > > f = open(os.path.join(topdir, "Makefile.in"), "r") >- >-for l in f.readlines(): >- l = l.strip() >- if invar: >- invar = (l[-1] == "\\") >- progs.extend(l.rstrip("\\").split(" ")) >- else: >- m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l) >- if m: >- progs.extend(m.group(3).split(" ")) >- invar = (m.group(4) == "\\") >+try: >+ for l in f.readlines(): >+ l = l.strip() >+ if invar: >+ invar = (l[-1] == "\\") >+ progs.extend(l.rstrip("\\").split(" ")) > else: >- invar = False >+ m = re.match("^([^ ]*)_PROGS([0-9]*) = (.*?)([\\\\])$", l) >+ if m: >+ progs.extend(m.group(3).split(" ")) >+ invar = (m.group(4) == "\\") >+ else: >+ invar = False >+finally: >+ f.close() > > #$progs =~ s/@([^@]+)@//g; > #$progs =~ s/\$\(.*?\)//g; >-- >1.7.9.5 > > >From 0392d828d6c7c93096dc03d0828fa0e024d7abd2 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 18:36:28 +0200 >Subject: [PATCH 33/50] smb.conf(5): Distinguish parametric options. > >--- > docs-xml/smbdotconf/misc/rpcdaemon.xml | 2 +- > docs-xml/smbdotconf/misc/rpcserver.xml | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/docs-xml/smbdotconf/misc/rpcdaemon.xml b/docs-xml/smbdotconf/misc/rpcdaemon.xml >index 4ba27fc..8db9267 100644 >--- a/docs-xml/smbdotconf/misc/rpcdaemon.xml >+++ b/docs-xml/smbdotconf/misc/rpcdaemon.xml >@@ -1,4 +1,4 @@ >-<samba:parameter name="rpc_daemon" >+<samba:parameter name="rpc_daemon:DAEMON" > context="G" > type="string" > advanced="1" print="1" >diff --git a/docs-xml/smbdotconf/misc/rpcserver.xml b/docs-xml/smbdotconf/misc/rpcserver.xml >index fcc63fe..4372eea 100644 >--- a/docs-xml/smbdotconf/misc/rpcserver.xml >+++ b/docs-xml/smbdotconf/misc/rpcserver.xml >@@ -1,4 +1,4 @@ >-<samba:parameter name="rpc_server" >+<samba:parameter name="rpc_server:SERVER" > context="G" > type="string" > advanced="1" print="1" >-- >1.7.9.5 > > >From 4f141be8a1120d5412d0c628ecab2d3906407766 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:41:20 -0700 >Subject: [PATCH 34/50] smb.conf(5): 'write ok' is a reverse synonym for 'read > only'. > >--- > docs-xml/smbdotconf/security/readonly.xml | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/docs-xml/smbdotconf/security/readonly.xml b/docs-xml/smbdotconf/security/readonly.xml >index 6e1f6dd..612bf0d 100644 >--- a/docs-xml/smbdotconf/security/readonly.xml >+++ b/docs-xml/smbdotconf/security/readonly.xml >@@ -3,6 +3,7 @@ > type="boolean" > basic="1" advanced="1" > xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<synonym>write ok</synonym> > <description> > <para>An inverted synonym is <smbconfoption name="writeable"/>.</para> > >-- >1.7.9.5 > > >From bfb2d302395108b990a45a4032fb7c28522f0739 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:46:37 -0700 >Subject: [PATCH 35/50] smb.conf(5): Add basic documentation for 'krb5 port'. > >--- > docs-xml/smbdotconf/security/krb5port.xml | 11 +++++++++++ > 1 file changed, 11 insertions(+) > create mode 100644 docs-xml/smbdotconf/security/krb5port.xml > >diff --git a/docs-xml/smbdotconf/security/krb5port.xml b/docs-xml/smbdotconf/security/krb5port.xml >new file mode 100644 >index 0000000..e4887fc >--- /dev/null >+++ b/docs-xml/smbdotconf/security/krb5port.xml >@@ -0,0 +1,11 @@ >+<samba:parameter name="krb5 port" >+ context="G" >+ type="list" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies which port the KDC should listen on for Kerberos traffic.</para> >+</description> >+ >+<value type="default">88</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 6c936a7589992a1a2a4002a5b081e760aa98e059 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:50:34 -0700 >Subject: [PATCH 36/50] smb.conf(5): Add basic documentation for 'nbt port'. > >--- > docs-xml/smbdotconf/protocol/nbtport.xml | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/nbtport.xml > >diff --git a/docs-xml/smbdotconf/protocol/nbtport.xml b/docs-xml/smbdotconf/protocol/nbtport.xml >new file mode 100644 >index 0000000..d269189 >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/nbtport.xml >@@ -0,0 +1,12 @@ >+<samba:parameter name="nbt port" >+ context="G" >+ type="list" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies which port the server should use for NetBIOS over IP name >+ services traffic.</para> >+</description> >+ >+<value type="default">137</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 60b8df6547256c8e9f22ce9229b98489faf2a3e3 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:51:41 -0700 >Subject: [PATCH 37/50] smb.conf(5): Add basic documentation for 'web port'. > >--- > docs-xml/smbdotconf/protocol/webport.xml | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/webport.xml > >diff --git a/docs-xml/smbdotconf/protocol/webport.xml b/docs-xml/smbdotconf/protocol/webport.xml >new file mode 100644 >index 0000000..1b1073c >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/webport.xml >@@ -0,0 +1,12 @@ >+<samba:parameter name="web port" >+ context="G" >+ type="list" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies which port the Samba web server should listen on.</para> >+</description> >+ >+<value type="default">901</value> >+<value type="example">80</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 6dedd30b6f301f3f37cab6e627d0357968426015 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:55:15 -0700 >Subject: [PATCH 38/50] smb.conf(5): Add basic documentation for 'unicode'. > >--- > docs-xml/smbdotconf/protocol/unicode.xml | 13 +++++++++++++ > 1 file changed, 13 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/unicode.xml > >diff --git a/docs-xml/smbdotconf/protocol/unicode.xml b/docs-xml/smbdotconf/protocol/unicode.xml >new file mode 100644 >index 0000000..22ffc4b >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/unicode.xml >@@ -0,0 +1,13 @@ >+<samba:parameter name="unicode" >+ context="G" >+ type="bool" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies whether the server and client should support unicode.</para> >+ >+ <para>If this option is set to false, the use of ASCII will be forced.</para> >+</description> >+ >+<value type="default">True</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 389685da537dc29730b3b8685d62e17f8006a09b Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:58:02 -0700 >Subject: [PATCH 39/50] smb.conf(5): Add basic documentation for 'dgram port'. > >--- > docs-xml/smbdotconf/protocol/dgramport.xml | 11 +++++++++++ > 1 file changed, 11 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/dgramport.xml > >diff --git a/docs-xml/smbdotconf/protocol/dgramport.xml b/docs-xml/smbdotconf/protocol/dgramport.xml >new file mode 100644 >index 0000000..ee10e9c >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/dgramport.xml >@@ -0,0 +1,11 @@ >+<samba:parameter name="dgram port" >+ context="G" >+ type="integer" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies which ports the server should listen on for NetBIOS datagram traffic.</para> >+</description> >+ >+<value type="default">138</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 0c169de3fa501b84c27faa5d6f60d17eabbe8f8f Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 12:59:32 -0700 >Subject: [PATCH 40/50] smb.conf(5): Add basic documentation for 'kpasswd > port'. > >--- > docs-xml/smbdotconf/security/kpasswdport.xml | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > create mode 100644 docs-xml/smbdotconf/security/kpasswdport.xml > >diff --git a/docs-xml/smbdotconf/security/kpasswdport.xml b/docs-xml/smbdotconf/security/kpasswdport.xml >new file mode 100644 >index 0000000..419e866 >--- /dev/null >+++ b/docs-xml/smbdotconf/security/kpasswdport.xml >@@ -0,0 +1,12 @@ >+<samba:parameter name="kpasswd port" >+ context="G" >+ type="integer" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies which ports the Kerberos server should listen on for >+ password changes.</para> >+</description> >+ >+<value type="default">464</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 969bfa25378969f9e9ea26d3987acb3f300ffa37 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 13:07:54 -0700 >Subject: [PATCH 41/50] smb.conf(5): Add basic documentation for 'rpc > bigendian'. > >Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> >Autobuild-Date(master): Wed Sep 26 23:51:34 CEST 2012 on sn-devel-104 >--- > docs-xml/smbdotconf/protocol/rpcbigendian.xml | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/rpcbigendian.xml > >diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml >new file mode 100644 >index 0000000..ae12f71 >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml >@@ -0,0 +1,16 @@ >+<samba:parameter name="rpc bigendian" >+ context="G" >+ type="bool" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Setting this option will force the RPC client and server to >+ transfer data in big endian.</para> >+ >+ <para>If it is disabled, data will be transferred in little endian.</para> >+ >+ <para>The behaviour is independent of the endianness of the host machine.</para> >+</description> >+ >+<value type="default">False</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 47cfe16fa1c501b6f787aa33ffbc175cf1cbb0e5 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 13:20:42 -0700 >Subject: [PATCH 42/50] smb.conf(5): Consistent spelling of parameter names. > >This includes spacing and casing. > >Conflicts: > source4/scripting/python/samba/tests/docs.py >--- > docs-xml/smbdotconf/misc/nishomedir.xml | 2 +- > docs-xml/smbdotconf/printing/addportcommand.xml | 2 +- > docs-xml/smbdotconf/protocol/rpcbigendian.xml | 2 +- > docs-xml/smbdotconf/security/clientntlmv2auth.xml | 2 +- > 4 files changed, 4 insertions(+), 4 deletions(-) > >diff --git a/docs-xml/smbdotconf/misc/nishomedir.xml b/docs-xml/smbdotconf/misc/nishomedir.xml >index 45c4511..c617563 100644 >--- a/docs-xml/smbdotconf/misc/nishomedir.xml >+++ b/docs-xml/smbdotconf/misc/nishomedir.xml >@@ -1,4 +1,4 @@ >-<samba:parameter name="nis homedir" >+<samba:parameter name="NIS homedir" > context="G" > type="boolean" > advanced="1" developer="1" >diff --git a/docs-xml/smbdotconf/printing/addportcommand.xml b/docs-xml/smbdotconf/printing/addportcommand.xml >index 17c899e..80e56c9 100644 >--- a/docs-xml/smbdotconf/printing/addportcommand.xml >+++ b/docs-xml/smbdotconf/printing/addportcommand.xml >@@ -1,4 +1,4 @@ >-<samba:parameter name="add port command" >+<samba:parameter name="addport command" > context="G" > type="string" > advanced="1" developer="1" >diff --git a/docs-xml/smbdotconf/protocol/rpcbigendian.xml b/docs-xml/smbdotconf/protocol/rpcbigendian.xml >index ae12f71..7d1d864 100644 >--- a/docs-xml/smbdotconf/protocol/rpcbigendian.xml >+++ b/docs-xml/smbdotconf/protocol/rpcbigendian.xml >@@ -1,4 +1,4 @@ >-<samba:parameter name="rpc bigendian" >+<samba:parameter name="rpc big endian" > context="G" > type="bool" > advanced="1" developer="1" >diff --git a/docs-xml/smbdotconf/security/clientntlmv2auth.xml b/docs-xml/smbdotconf/security/clientntlmv2auth.xml >index b151df2..7f30356 100644 >--- a/docs-xml/smbdotconf/security/clientntlmv2auth.xml >+++ b/docs-xml/smbdotconf/security/clientntlmv2auth.xml >@@ -1,4 +1,4 @@ >-<samba:parameter name="client ntlmv2 auth" >+<samba:parameter name="client NTLMv2 auth" > context="G" > type="boolean" > advanced="1" developer="1" >-- >1.7.9.5 > > >From e9551e40cd66325e5aec8ffbe449b56694f77e90 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 16:02:40 -0700 >Subject: [PATCH 43/50] smb.conf(5): Extend 'server min protocol' description. > >Conflicts: > docs-xml/smbdotconf/protocol/serverminprotocol.xml >--- > docs-xml/smbdotconf/protocol/serverminprotocol.xml | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/smbdotconf/protocol/serverminprotocol.xml b/docs-xml/smbdotconf/protocol/serverminprotocol.xml >index 40566ce..58323b5 100644 >--- a/docs-xml/smbdotconf/protocol/serverminprotocol.xml >+++ b/docs-xml/smbdotconf/protocol/serverminprotocol.xml >@@ -1,7 +1,7 @@ > <samba:parameter name="server min protocol" > context="G" >- type="string" >- developer="1" >+ type="enum" >+ developer="1" > xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> > <synonym>min protocol</synonym> > <description> >@@ -10,6 +10,6 @@ > > <related>server max protocol</related> > >-<value type="default">LANMAN1</value> >+<value type="default">CORE</value> > <value type="example">NT1</value> > </samba:parameter> >-- >1.7.9.5 > > >From 5719f2fbdd1347aeabdb95b83553505e08b979e4 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 15:44:46 -0700 >Subject: [PATCH 44/50] smb.conf(5): Document 'share backend' parameter. > >--- > docs-xml/smbdotconf/base/sharebackend.xml | 18 ++++++++++++++++++ > 1 file changed, 18 insertions(+) > create mode 100644 docs-xml/smbdotconf/base/sharebackend.xml > >diff --git a/docs-xml/smbdotconf/base/sharebackend.xml b/docs-xml/smbdotconf/base/sharebackend.xml >new file mode 100644 >index 0000000..10958fa >--- /dev/null >+++ b/docs-xml/smbdotconf/base/sharebackend.xml >@@ -0,0 +1,18 @@ >+<samba:parameter name="share backend" >+ context="G" >+ type="choice" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para> >+ This option specifies the backend that will be used to access the configuration of >+ file shares. >+ </para> >+ >+ <para>Traditionally, Samba file shares have been configured in the >+ <option>smb.conf</option> file and this is still the default. >+ </para> >+ >+ <para>At the moment there are no other supported backends.</para> >+</description> >+<value type="default">classic</value> >+</samba:parameter> >-- >1.7.9.5 > > >From bedfa8b4d94a017da06cdf97c951f62fe14e4cc6 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 16:12:16 -0700 >Subject: [PATCH 45/50] smb.conf(5): Add basic documentation for 'client min > protocol'. > >--- > docs-xml/smbdotconf/protocol/clientminprotocol.xml | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/clientminprotocol.xml > >diff --git a/docs-xml/smbdotconf/protocol/clientminprotocol.xml b/docs-xml/smbdotconf/protocol/clientminprotocol.xml >new file mode 100644 >index 0000000..3bcccec >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/clientminprotocol.xml >@@ -0,0 +1,19 @@ >+<samba:parameter name="client min protocol" >+ context="G" >+ type="enum" >+ developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>This setting controls the minimum protocol version that the client >+ will attempt to use.</para> >+ >+ <para>Normally this option should not be set as the automatic >+ negotiation phase in the SMB protocol takes care of choosing >+ the appropriate protocol.</para> >+</description> >+ >+<related>client max protocol</related> >+<related>server min protocol</related> >+<value type="default">CORE</value> >+<value type="example">NT1</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 7833153330a8fa5d1407536568346e603d299158 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 16:11:05 -0700 >Subject: [PATCH 46/50] smb.conf(5): Add documentation for 'client max > protocol'. > >--- > docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 78 ++++++++++++++++++++ > 1 file changed, 78 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/clientmaxprotocol.xml > >diff --git a/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml >new file mode 100644 >index 0000000..06fda5a >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/clientmaxprotocol.xml >@@ -0,0 +1,78 @@ >+<samba:parameter name="client max protocol" >+ context="G" >+ type="enum" >+ developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>The value of the parameter (a string) is the highest >+ protocol level that will be supported by the client.</para> >+ >+ <para>Possible values are :</para> >+ <itemizedlist> >+ <listitem> >+ <para><constant>CORE</constant>: Earliest version. No >+ concept of user names.</para> >+ </listitem> >+ >+ <listitem> >+ <para><constant>COREPLUS</constant>: Slight improvements on >+ CORE for efficiency.</para> >+ </listitem> >+ >+ <listitem> >+ <para><constant>LANMAN1</constant>: First <emphasis>modern</emphasis> >+ version of the protocol. Long filename support.</para> >+ </listitem> >+ >+ <listitem> >+ <para><constant>LANMAN2</constant>: Updates to Lanman1 protocol.</para> >+ </listitem> >+ >+ <listitem> >+ <para><constant>NT1</constant>: Current up to date version of the protocol. >+ Used by Windows NT. Known as CIFS.</para> >+ </listitem> >+ >+ <listitem> >+ <para><constant>SMB2</constant>: Re-implementation of the SMB protocol. >+ Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.</para> >+ <itemizedlist> >+ <listitem> >+ <para><constant>SMB2_02</constant>: The earliest SMB2 version.</para> >+ </listitem> >+ <listitem> >+ <para><constant>SMB2_10</constant>: Windows 7 SMB2 version.</para> >+ </listitem> >+ <listitem> >+ <para><constant>SMB2_22</constant>: Early Windows 8 SMB2 version.</para> >+ </listitem> >+ <listitem> >+ <para><constant>SMB2_24</constant>: Windows 8 beta SMB2 version.</para> >+ </listitem> >+ </itemizedlist> >+ <para>By default SMB2 selects the SMB2_10 variant.</para> >+ </listitem> >+ >+ <listitem> >+ <para><constant>SMB3</constant>: The same as SMB2. >+ Used by Windows 8. SMB3 has sub protocols available.</para> >+ <itemizedlist> >+ <listitem> >+ <para><constant>SMB3_00</constant>: Windows 8 SMB3 version. (mostly the same as SMB2_24)</para> >+ </listitem> >+ </itemizedlist> >+ <para>By default SMB3 selects the SMB3_00 variant.</para> >+ </listitem> >+ </itemizedlist> >+ >+ <para>Normally this option should not be set as the automatic >+ negotiation phase in the SMB protocol takes care of choosing >+ the appropriate protocol.</para> >+</description> >+ >+<related>server max protocol</related> >+<related>client mn protocol</related> >+ >+<value type="default">SMB3</value> >+<value type="example">LANMAN1</value> >+</samba:parameter> >-- >1.7.9.5 > > >From c3bbd347e30b00334e24a3f7f4d361834a008b74 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 16:06:14 -0700 >Subject: [PATCH 47/50] smb.conf(5): List 'protocol' as alias for 'server max > protocol'. > >--- > docs-xml/smbdotconf/protocol/servermaxprotocol.xml | 1 + > 1 file changed, 1 insertion(+) > >diff --git a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml >index 57e82d1..94184c8 100644 >--- a/docs-xml/smbdotconf/protocol/servermaxprotocol.xml >+++ b/docs-xml/smbdotconf/protocol/servermaxprotocol.xml >@@ -72,6 +72,7 @@ > > <related>server min protocol</related> > <synonym>max protocol</synonym> >+<synonym>protocol</synonym> > > <value type="default">SMB3</value> > <value type="example">LANMAN1</value> >-- >1.7.9.5 > > >From 639fc6efbac5dea9d47e3b78d159bbda00b17e58 Mon Sep 17 00:00:00 2001 >From: Jelmer Vernooij <jelmer@samba.org> >Date: Wed, 26 Sep 2012 18:01:35 -0700 >Subject: [PATCH 48/50] smb.conf(5): Add basic documentation for 'dcerpc > endpoint servers'. > >--- > .../smbdotconf/protocol/dcerpcendpointservers.xml | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > create mode 100644 docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml > >diff --git a/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml >new file mode 100644 >index 0000000..b6d5ddc >--- /dev/null >+++ b/docs-xml/smbdotconf/protocol/dcerpcendpointservers.xml >@@ -0,0 +1,12 @@ >+<samba:parameter name="dcerpc endpoint servers" >+ context="G" >+ type="list" >+ advanced="1" developer="1" >+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >+<description> >+ <para>Specifies which DCE/RPC endpoint servers should be run.</para> >+</description> >+ >+<value type="example">epmapper wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi dssetup unixinfo browser eventlog6 backupkey</value> >+<value type="default">rpcecho</value> >+</samba:parameter> >-- >1.7.9.5 > > >From 8ed410ba35a1c1d788c75ff48ff4afaf0be0fe37 Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Mon, 8 Oct 2012 11:57:40 +0200 >Subject: [PATCH 49/50] docs: Add man 8 samba-tool. > >Addresses bug #8802 - Create missing manpages for new binaries. > >Please note that it's a very basic version. Please feel free >to extend. > >Karolin >--- > docs-xml/manpages/samba-tool.8.xml | 613 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 613 insertions(+) > create mode 100644 docs-xml/manpages/samba-tool.8.xml > >diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml >new file mode 100644 >index 0000000..c312ff0 >--- /dev/null >+++ b/docs-xml/manpages/samba-tool.8.xml >@@ -0,0 +1,613 @@ >+<?xml version="1.0" encoding="iso-8859-1"?> >+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> >+<refentry id="samba-tool.8"> >+ >+<refmeta> >+ <refentrytitle>samba-tool</refentrytitle> >+ <manvolnum>8</manvolnum> >+ <refmiscinfo class="source">Samba</refmiscinfo> >+ <refmiscinfo class="manual">System Administration tools</refmiscinfo> >+ <refmiscinfo class="version">4.0</refmiscinfo> >+</refmeta> >+ >+ >+<refnamediv> >+ <refname>samba-tool</refname> >+ <refpurpose>Main Samba administration tool. >+ </refpurpose> >+</refnamediv> >+ >+<refsynopsisdiv> >+ <cmdsynopsis> >+ <command>samba-tool</command> >+ <arg choice="opt">-h</arg> >+ <arg choice="opt">-W myworkgroup</arg> >+ <arg choice="opt">-U user</arg> >+ <arg choice="opt">-d debuglevel</arg> >+ <arg choice="opt">--v</arg> >+ </cmdsynopsis> >+</refsynopsisdiv> >+ >+<refsect1> >+ <title>DESCRIPTION</title> >+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> >+ <manvolnum>7</manvolnum></citerefentry> suite.</para> >+</refsect1> >+ >+<refsect1> >+ <title>OPTIONS</title> >+ >+ <variablelist> >+ >+ <varlistentry> >+ <term>-h|--help</term> >+ <listitem><para> >+ Show this help message and exit >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>-s FILE|--configfile=FILE</term> >+ <listitem><para> >+ Configuration file >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>-d DEBUGLEVEL|--debuglevel=DEBUGLEVEL</term> >+ <listitem><para> >+ Debug Level >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--option=OPTION</term> >+ <listitem><para> >+ Set smb.conf option from command line >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--realm=REALM</term> >+ <listitem><para> >+ Set the realm name >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--simple-bind-dn=DN</term> >+ <listitem><para> >+ DN to use for a simple bind >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--password=PASSWORD</term> >+ <listitem><para> >+ Password >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>-U USERNAME|--username=USERNAME</term> >+ <listitem><para> >+ Username >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>-W WORKGROUP|--workgroup=WORKGROUP</term> >+ <listitem><para> >+ Workgroup >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>-N|--no-pass</term> >+ <listitem><para> >+ Don't ask for a password >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>-k KERBEROS|--kerberos=KERBEROS</term> >+ <listitem><para> >+ Use Kerberos >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--ipaddress=IPADDRESS</term> >+ <listitem><para> >+ IP address of the server >+ </para></listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term>--version</term> >+ <listitem><para> >+ Display version number >+ </para></listitem> >+ </varlistentry> >+ >+ </variablelist> >+</refsect1> >+ >+<refsect1> >+<title>COMMANDS</title> >+ >+<refsect2> >+ <title>dbcheck</title> >+ <para>Check the local AD database for errors.</para> >+</refsect2> >+ >+<refsect2> >+ <title>delegation</title> >+ <para>Manage Delegations.</para> >+</refsect2> >+ >+<refsect3> >+ <title>delegation add-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title> >+ <para>Add a service principal as msDS-AllowedToDelegateTo.</para> >+</refsect3> >+ >+<refsect3> >+ <title>delegation del-service <replaceable>accountname</replaceable> <replaceable>principal</replaceable> [options]</title> >+ <para>Delete a service principal as msDS-AllowedToDelegateTo.</para> >+</refsect3> >+ >+<refsect3> >+ <title>delegation for-any-protocol <replaceable>accountname</replaceable> [(on|off)] [options]</title> >+ <para>Set/unset UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (S4U2Proxy) >+ for an account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>delegation for-any-service <replaceable>accountname</replaceable> [(on|off)] [options]</title> >+ <para>Set/unset UF_TRUSTED_FOR_DELEGATION for an account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>delegation show <replaceable>accountname</replaceable> [options] </title> >+ <para>Show the delegation setting of an account.</para> >+</refsect3> >+ >+<refsect2> >+ <title>dns</title> >+ <para>Manage Domain Name Service (DNS).</para> >+</refsect2> >+ >+<refsect3> >+ <title>dns add <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title> >+ <para>Add a DNS record.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns delete <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>data</replaceable></title> >+ <para>Delete a DNS record.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns query <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT|ALL</replaceable> [options] <replaceable>data</replaceable></title> >+ <para>Query a name.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns roothints <replaceable>server</replaceable> [<replaceable>name</replaceable>] [options]</title> >+ <para>Query root hints.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns serverinfo <replaceable>server</replaceable> [options]</title> >+ <para>Query server information.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns update <replaceable>server</replaceable> <replaceable>zone</replaceable> <replaceable>name</replaceable> <replaceable>A|AAAA|PTR|CNAME|NS|MX|SRV|TXT</replaceable> <replaceable>olddata</replaceable> <replaceable>newdata</replaceable></title> >+ <para>Update a DNS record.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns zonecreate <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title> >+ <para>Create a zone.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns zonedelete <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title> >+ <para>Delete a zone.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns zoneinfo <replaceable>server</replaceable> <replaceable>zone</replaceable> [options]</title> >+ <para>Query zone information.</para> >+</refsect3> >+ >+<refsect3> >+ <title>dns zonelist <replaceable>server</replaceable> [options]</title> >+ <para>List zones.</para> >+</refsect3> >+ >+<refsect2> >+ <title>domain</title> >+ <para>Manage Domain.</para> >+</refsect2> >+ >+<refsect3> >+ <title>domain classicupgrade [options] <replaceable>classic_smb_conf</replaceable></title> >+ <para>Upgrade from Samba classic (NT4-like) database to Samba AD DC >+ database.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain dcpromo <replaceable>dnsdomain</replaceable> [DC|RODC] [options]</title> >+ <para>Promote an existing domain member or NT4 PDC to an AD DC.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain demote</title> >+ <para>Demote ourselves from the role of domain controller.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain exportkeytab <replaceable>keytab</replaceable> [options]</title> >+ <para>Dumps Kerberos keys of the domain into a keytab.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain info <replaceable>ip_address</replaceable> [options]</title> >+ <para>Print basic info about a domain and the specified DC. >+</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain join <replaceable>dnsdomain</replaceable> [DC|RODC|MEMBER|SUBDOMAIN] [options]</title> >+ <para>Join a domain as either member or backup domain controller.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain level <replaceable>show|raise</replaceable> <replaceable>options</replaceable> [options]</title> >+ <para>Show/raise domain and forest function levels.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain passwordsettings <replaceable>show|set</replaceable> <replaceable>options</replaceable> [options]</title> >+ <para>Show/set password settings.</para> >+</refsect3> >+ >+<refsect3> >+ <title>domain provision</title> >+ <para>Promote an existing domain member or NT4 PDC to an AD DC.</para> >+</refsect3> >+ >+<refsect2> >+ <title>drs</title> >+ <para>Manage Directory Replication Services (DRS).</para> >+</refsect2> >+ >+<refsect3> >+ <title>drs bind</title> >+ <para>Show DRS capabilities of a server.</para> >+</refsect3> >+ >+<refsect3> >+ <title>drs kcc</title> >+ <para>Trigger knowledge consistency center run.</para> >+</refsect3> >+ >+<refsect3> >+ <title>drs options</title> >+ <para>Query or change <replaceable>options</replaceable> for NTDS Settings >+ object of a domain controller.</para> >+</refsect3> >+ >+<refsect3> >+ <title>drs replicate <replaceable>destination_DC</replaceable> <replaceable>source_DC</replaceable> <replaceable>NC</replaceable> [options]</title> >+ <para>Replicate a naming context between two DCs.</para> >+</refsect3> >+ >+<refsect3> >+ <title>drs showrepl</title> >+ <para>Show replication status.</para> >+</refsect3> >+ >+<refsect2> >+ <title>dsacl</title> >+ <para>Administer DS ACLs</para> >+</refsect2> >+ >+<refsect3> >+ <title>dsacl set</title> >+ <para>Modify access list on a directory object.</para> >+</refsect3> >+ >+<refsect2> >+ <title>fsmo</title> >+ <para>Manage Flexible Single Master Operations (FSMO).</para> >+</refsect2> >+ >+<refsect3> >+ <title>fsmo seize [options]</title> >+ <para>Seize the role.</para> >+</refsect3> >+ >+<refsect3> >+ <title>fsmo show</title> >+ <para>Show the roles.</para> >+</refsect3> >+ >+<refsect3> >+ <title>fsmo transfer [options]</title> >+ <para>Transfer the role.</para> >+</refsect3> >+ >+<refsect2> >+ <title>gpo</title> >+ <para>Manage Group Policy Objects (GPO).</para> >+</refsect2> >+ >+<refsect3> >+ <title>gpo create <replaceable>displayname</replaceable> [options]</title> >+ <para>Create an empty GPO.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo del <replaceable>gpo</replaceable> [options]</title> >+ <para>Delete GPO.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo dellink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title> >+ <para>Delete GPO link from a container.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo fetch <replaceable>gpo</replaceable> [options]</title> >+ <para>Download a GPO.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo getinheritance <replaceable>container_dn</replaceable> [options]</title> >+ <para>Get inheritance flag for a container.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo getlink <replaceable>container_dn</replaceable> [options]</title> >+ <para>List GPO Links for a container.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo list <replaceable>username</replaceable> [options]</title> >+ <para>List GPOs for an account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo listall</title> >+ <para>List all GPOs.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo listcontainers <replaceable>gpo</replaceable> [options]</title> >+ <para>List all linked containers for a GPO.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo setinheritance <replaceable>container_dn</replaceable> <replaceable>block|inherit</replaceable> [options]</title> >+ <para>Set inheritance flag on a container.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo setlink <replaceable>container_dn</replaceable> <replaceable>gpo</replaceable> [options]</title> >+ <para>Add or Update a GPO link to a container.</para> >+</refsect3> >+ >+<refsect3> >+ <title>gpo show <replaceable>gpo</replaceable> [options]</title> >+ <para>Show information for a GPO.</para> >+</refsect3> >+ >+<refsect2> >+ <title>group</title> >+ <para>Manage groups.</para> >+</refsect2> >+ >+<refsect3> >+ <title>group add <replaceable>groupname</replaceable> [options]</title> >+ <para>Create a new AD group.</para> >+</refsect3> >+ >+<refsect3> >+ <title>group addmembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title> >+ <para>Add members to an AD group.</para> >+</refsect3> >+ >+<refsect3> >+ <title>group delete <replaceable>groupname</replaceable> [options]</title> >+ <para>Delete an AD group.</para> >+</refsect3> >+ >+<refsect3> >+ <title>group list</title> >+ <para>List all groups.</para> >+</refsect3> >+ >+<refsect3> >+ <title>group listmembers <replaceable>groupname</replaceable> [options]</title> >+ <para>List all members of the specified AD group.</para> >+</refsect3> >+ >+<refsect3> >+ <title>group removemembers <replaceable>groupname</replaceable> <replaceable>members</replaceable> [options]</title> >+ <para>Remove members from the specified AD group.</para> >+</refsect3> >+ >+<refsect2> >+ <title>ldapcmp <replaceable>URL1</replaceable> <replaceable>URL2</replaceable> <replaceable>domain|configuration|schema|dnsdomain|dnsforest</replaceable> [options] </title> >+ <para>Compare two LDAP databases.</para> >+</refsect2> >+ >+<refsect2> >+ <title>ntacl</title> >+ <para>Manage NT ACLs.</para> >+</refsect2> >+ >+<refsect3> >+ <title>ntacl get <replaceable>file</replaceable> [options]</title> >+ <para>Get ACLs on a file.</para> >+</refsect3> >+ >+<refsect3> >+ <title>ntacl set <replaceable>acl</replaceable> <replaceable>file</replaceable> [options]</title> >+ <para>Set ACLs on a file.</para> >+</refsect3> >+ >+<refsect3> >+ <title>ntacl sysvolcheck</title> >+ <para>Check sysvol ACLs match defaults (including correct ACLs on GPOs).</para> >+</refsect3> >+ >+<refsect3> >+ <title>ntacl sysvolreset</title> >+ <para>Reset sysvol ACLs to defaults (including correct ACLs on GPOs).</para> >+</refsect3> >+ >+<refsect2> >+ <title>rodc</title> >+ <para>Manage Read-Only Domain Controller (RODC).</para> >+</refsect2> >+ >+<refsect3> >+ <title>rodc preload <replaceable>SID</replaceable>|<replaceable>DN</replaceable>|<replaceable>accountname</replaceable> [options]</title> >+ <para>Preload one account for an RODC.</para> >+</refsect3> >+ >+<refsect2> >+ <title>sites</title> >+ <para>Manage sites.</para> >+</refsect2> >+ >+<refsect3> >+ <title>sites create <replaceable>site</replaceable> [options]</title> >+ <para>Create a new site.</para> >+</refsect3> >+ >+<refsect3> >+ <title>sites remove <replaceable>site</replaceable> [options]</title> >+ <para>Delete an esxisting site.</para> >+</refsect3> >+ >+<refsect2> >+ <title>spn</title> >+ <para>Manage Service Principal Names (SPN).</para> >+</refsect2> >+ >+<refsect3> >+ <title>spn add <replaceable>name</replaceable> <replaceable>user</replaceable> [options]</title> >+ <para>Create a new SPN.</para> >+</refsect3> >+ >+<refsect3> >+ <title>spn delete <replaceable>name</replaceable> [<replaceable>user</replaceable>] [options]</title> >+ <para>Delete an existing SPN.</para> >+</refsect3> >+ >+<refsect3> >+ <title>spn list <replaceable>user</replaceable> [options]</title> >+ <para>List SPNs of a given user.</para> >+</refsect3> >+ >+<refsect2> >+ <title>testparm</title> >+ <para>Check the syntax of the configuration file.</para> >+</refsect2> >+ >+<refsect2> >+ <title>time</title> >+ <para>Retrieve the time on a server.</para> >+</refsect2> >+ >+<refsect2> >+ <title>user</title> >+ <para>Manage users.</para> >+</refsect2> >+ >+<refsect3> >+ <title>user add <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title> >+ <para>Create a new user. Please note that this subcommand is deprecated >+ and available for compatibility reasons only. Please use >+ <command>samba-tool user create</command> instead.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user create <replaceable>username</replaceable> [<replaceable>password</replaceable>]</title> >+ <para>Create a new user in the Active Directory Domain.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user delete <replaceable>username</replaceable> [options]</title> >+ <para>Delete an existing user account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user disable <replaceable>username</replaceable></title> >+ <para>Disable an user account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user enable <replaceable>username</replaceable></title> >+ <para>Enable an user account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user list</title> >+ <para>List all users.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user password [options]</title> >+ <para>Change password for an user account (the one provided in >+ authentication).</para> >+</refsect3> >+ >+<refsect3> >+ <title>user setexpiry <replaceable>username</replaceable> [options]</title> >+ <para>Set the expiration of an user account.</para> >+</refsect3> >+ >+<refsect3> >+ <title>user setpassword <replaceable>username</replaceable> [options]</title> >+ <para>Sets or resets the password of an user account.</para> >+</refsect3> >+ >+<refsect2> >+ <title>vampire [options] <replaceable>domain</replaceable></title> >+ <para>Join and synchronise a remote AD domain to the local server. >+ Please note that <command>samba-tool vampire</command> is deprecated, >+ please use <command>samba-tool domain join</command> instead.</para> >+</refsect2> >+ >+<refsect2> >+<title>help</title> >+<para>Gives usage information.</para> >+</refsect2> >+ >+</refsect1> >+ >+<refsect1> >+ <title>VERSION</title> >+ >+ <para>This man page is complete for version 4 of the Samba >+ suite.</para> >+</refsect1> >+ >+<refsect1> >+ <title>AUTHOR</title> >+ >+ <para>The original Samba software and related utilities >+ were created by Andrew Tridgell. Samba is now developed >+ by the Samba Team as an Open Source project similar >+ to the way the Linux kernel is developed.</para> >+ >+ <para>The samba-tool manpage was written by Karolin Seeger.</para> >+</refsect1> >+ >+</refentry> >-- >1.7.9.5 > > >From 69b3f7ff85c781e92339fbb26bdaf09bde4b77a1 Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Tue, 9 Oct 2012 11:56:19 +0200 >Subject: [PATCH 50/50] docs: Add '-V' to the list of options. > >Karolin > >Autobuild-User(master): Karolin Seeger <kseeger@samba.org> >Autobuild-Date(master): Tue Oct 9 18:53:12 CEST 2012 on sn-devel-104 >(cherry picked from commit f88ab17993e22a9c368017d54da437c057e371ca) >--- > docs-xml/manpages/samba-tool.8.xml | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml >index c312ff0..a8f2afe 100644 >--- a/docs-xml/manpages/samba-tool.8.xml >+++ b/docs-xml/manpages/samba-tool.8.xml >@@ -124,7 +124,7 @@ > </varlistentry> > > <varlistentry> >- <term>--version</term> >+ <term>-V|--version</term> > <listitem><para> > Display version number > </para></listitem> >-- >1.7.9.5 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
kseeger
:
review+
Actions:
View
Attachments on
bug 9274
: 8024 |
8115
|
8259