sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-03 04:22:09 +03:00
Code Activity

Moving docs tree to docs-xml to make room for generated docs in the release tarball.

Browse Source 
(This used to be commit 9f672c26d6)
This commit is contained in:
Gerald W. Carter
2008-04-22 10:09:40 -05:00
parent 1972382463
commit 8f8a9f0190
899 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

252
docs-xml/manpages-3/eventlogadm.8.xml Normal file
View File

@ -0,0 +1,252 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="eventlogadm.8">
<refmeta>
<refentrytitle>eventlogadm</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>eventlogadm</refname>
<refpurpose>push records into the Samba event log store</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>eventlogadm</command>
<arg><option>-d</option></arg>
<arg><option>-h</option></arg>
<arg choice="plain"><option>-o</option>
<literal>addsource</literal>
<replaceable>EVENTLOG</replaceable>
<replaceable>SOURCENAME</replaceable>
<replaceable>MSGFILE</replaceable>
</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>eventlogadm</command>
<arg><option>-d</option></arg>
<arg><option>-h</option></arg>
<arg choice="plain"><option>-o</option>
<literal>write</literal>
<replaceable>EVENTLOG</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> suite.</para>
<para><command>eventlogadm</command> is a filter that accepts
formatted event log records on standard input and writes them
to the Samba event log store. Windows client can then manipulate
these record using the usual administration tools.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term><option>-d</option></term>
<listitem><para>
The <command>-d</command> option causes <command>eventlogadm</command> to emit debugging
information.
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>
<literal>addsource</literal>
<replaceable>EVENTLOG</replaceable>
<replaceable>SOURCENAME</replaceable>
<replaceable>MSGFILE</replaceable>
</term>
<listitem><para>
The <command>-o addsource</command> option creates a
new event log source.
</para> </listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o</option>
<literal>write</literal>
<replaceable>EVENTLOG</replaceable>
</term>
<listitem><para>
The <command>-o write</command> reads event log
records from standard input and writes them to theSamba
event log store named by EVENTLOG.
</para> </listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option></term>
<listitem><para>
Print usage information.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EVENTLOG RECORD FORMAT</title>
<para>For the write operation, <command>eventlogadm</command>
expects to be able to read structured records from standard
input. These records are a sequence of lines, with the record key
and data separated by a colon character. Records are separated
by at least one or more blank line.</para>
<para>The event log record field are:</para>
<itemizedlist>
<listitem><para>
<command>LEN</command> - This field should be 0, since <command>eventlogadm</command> will calculate this value.
</para></listitem>
<listitem><para>
<command>RS1</command> - This must be the value 1699505740.
</para></listitem>
<listitem><para>
<command>RCN</command> - This field should be 0.
</para></listitem>
<listitem><para>
<command>TMG</command> - The time the eventlog record
was generated; format is the number of seconds since
00:00:00 January 1, 1970, UTC.
</para></listitem>
<listitem><para>
<command>TMW</command> - The time the eventlog record was
written; format is the number of seconds since 00:00:00
January 1, 1970, UTC.
</para></listitem>
<listitem><para>
<command>EID</command> - The eventlog ID.
</para></listitem>
<listitem><para>
<command>ETP</command> - The event type -- one of
&quot;INFO&quot;,
&quot;ERROR&quot;, &quot;WARNING&quot;, &quot;AUDIT
SUCCESS&quot; or &quot;AUDIT FAILURE&quot;.
</para></listitem>
<listitem><para>
<command>ECT</command> - The event category; this depends
on the message file. It is primarily used as a means of
filtering in the eventlog viewer.
</para></listitem>
<listitem><para>
<command>RS2</command> - This field should be 0.
</para></listitem>
<listitem><para>
<command>CRN</command> - This field should be 0.
</para></listitem>
<listitem><para>
<command>USL</command> - This field should be 0.
</para></listitem>
<listitem><para>
<command>SRC</command> - This field contains the source
name associated with the event log. If a message file is
used with an event log, there will be a registry entry
for associating this source name with a message file DLL.
</para></listitem>
<listitem><para>
<command>SRN</command> - he name of the machine on
which the eventlog was generated. This is typically the
host name.
</para></listitem>
<listitem><para>
<command>STR</command> - The text associated with the
eventlog. There may be more than one string in a record.
</para></listitem>
<listitem><para>
<command>DAT</command> - This field should be left unset.
</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>An example of the record format accepted by <command>eventlogadm</command>:</para>
<programlisting>
LEN: 0
RS1: 1699505740
RCN: 0
TMG: 1128631322
TMW: 1128631322
EID: 1000
ETP: INFO
ECT: 0
RS2: 0
CRN: 0
USL: 0
SRC: cron
SRN: dmlinux
STR: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly)
DAT:
</programlisting>
<para>Set up an eventlog source, specifying a message file DLL:</para>
<programlisting>
eventlogadm -o addsource Application MyApplication | \\
%SystemRoot%/system32/MyApplication.dll
</programlisting>
<para>Filter messages from the system log into an event log:</para>
<programlisting>
tail -f /var/log/messages | \\
my_program_to_parse_into_eventlog_records | \\
eventlogadm SystemLogEvents
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para> The original Samba software and related utilities were
created by Andrew Tridgell. Samba is now developed by the
Samba Team as an Open Source project similar to the way the
Linux kernel is developed.</para>
</refsect1>
</refentry>

153
docs-xml/manpages-3/findsmb.1.xml Normal file
View File

@ -0,0 +1,153 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="findsmb.1">
<refmeta>
<refentrytitle>findsmb</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>findsmb</refname>
<refpurpose>list info about machines that respond to SMB
name queries on a subnet</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>findsmb</command>
<arg choice="opt">subnet broadcast address</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This perl script is part of the <citerefentry>
<refentrytitle>samba</refentrytitle><manvolnum>7</manvolnum></citerefentry>
suite.</para>
<para><command>findsmb</command> is a perl script that
prints out several pieces of information about machines
on a subnet that respond to SMB name query requests.
It uses <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
and <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum></citerefentry>
to obtain this information.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-r</term>
<listitem><para>Controls whether <command>findsmb</command> takes
bugs in Windows95 into account when trying to find a Netbios name
registered of the remote machine. This option is disabled by default
because it is specific to Windows 95 and Windows 95 machines only.
If set, <citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
will be called with <constant>-B</constant> option.</para></listitem>
</varlistentry>
<varlistentry>
<term>subnet broadcast address</term>
<listitem><para>Without this option, <command>findsmb
</command> will probe the subnet of the machine where
<citerefentry><refentrytitle>findsmb</refentrytitle><manvolnum>1</manvolnum></citerefentry>
is run. This value is passed to
<citerefentry><refentrytitle>nmblookup</refentrytitle><manvolnum>1</manvolnum></citerefentry>
as part of the <constant>-B</constant> option.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>The output of <command>findsmb</command> lists the following
information for all machines that respond to the initial
<command>nmblookup</command> for any name: IP address, NetBIOS name,
Workgroup name, operating system, and SMB server version.</para>
<para>There will be a '+' in front of the workgroup name for
machines that are local master browsers for that workgroup. There
will be an '*' in front of the workgroup name for
machines that are the domain master browser for that workgroup.
Machines that are running Windows for Workgroups, Windows 95 or
Windows 98 will
not show any information about the operating system or server
version.</para>
<para>The command with <constant>-r</constant> option
must be run on a system without <citerefentry>
<refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry> running.
If <command>nmbd</command> is running on the system, you will
only get the IP address and the DNS name of the machine. To
get proper responses from Windows 95 and Windows 98 machines,
the command must be run as root and with <constant>-r</constant>
option on a machine without <command>nmbd</command> running.</para>
<para>For example, running <command>findsmb</command>
without <constant>-r</constant> option set would yield output similar
to the following</para>
<programlisting>
IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION
---------------------------------------------------------------------
192.168.35.10 MINESET-TEST1 [DMVENGR]
192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6]
192.168.35.56 HERBNT2 [HERB-NT]
192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10]
192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX]
192.168.35.78 HERBDHCP1 +[HERB]
192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>nmbd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, and <citerefentry><refentrytitle>nmblookup</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink
url="ftp://ftp.icce.rug.nl/pub/unix/">ftp://ftp.icce.rug.nl/pub/unix/</ulink>)
and updated for the Samba 2.0 release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

92
docs-xml/manpages-3/idmap_ad.8.xml Normal file
View File

@ -0,0 +1,92 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_ad.8">
<refmeta>
<refentrytitle>idmap_ad</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_ad</refname>
<refpurpose>Samba's idmap_ad Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_ad plugin provides a way for Winbind to read
id mappings from an AD server that uses RFC2307/SFU schema
extensions. This module implements only the &quot;idmap&quot;
API, and is READONLY. Mappings must be provided in advance
by the administrator by adding the posixAccount/posixGroup
classess and relative attribute/value pairs to the users and
groups objects in AD</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
<variablelist>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative. Note that the range acts as a filter.
If specified any UID or GID stored in AD that fall outside the
range is ignored and the corresponding map is discarded.
It is intended as a way to avoid accidental UID/GID overlaps
between local and remotely defined IDs.
</para></listitem>
</varlistentry>
<varlistentry>
<term>schema_mode = &lt;rfc2307 | sfu &gt;</term>
<listitem><para>
Defines the schema that idmap_ad should use when querying
Active Directory regarding user and group information.
This can either the RFC2307 schema support included
in Windows 2003 R2 or the Service for Unix (SFU) schema.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>
The following example shows how to retrieve idmappings from our principal and
and trusted AD domains. All is needed is to set default to yes. If trusted
domains are present id conflicts must be resolved beforehand, there is no
guarantee on the order conflicting mappings would be resolved at this point.
This example also shows how to leave a small non conflicting range for local
id allocation that may be used in internal backends like BUILTIN.
</para>
<programlisting>
[global]
idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:backend = ad
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:range = 10000 - 300000000
idmap alloc backend = tdb
idmap alloc config:range = 5000 - 9999
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

165
docs-xml/manpages-3/idmap_ldap.8.xml Normal file
View File

@ -0,0 +1,165 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_ldap.8">
<refmeta>
<refentrytitle>idmap_ldap</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_ldap</refname>
<refpurpose>Samba's idmap_ldap Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_ldap plugin provides a means for Winbind to
store and retrieve SID/uid/gid mapping tables in an LDAP directory
service. The module implements both the &quot;idmap&quot; and
&quot;idmap alloc&quot; APIs.
</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
<variablelist>
<varlistentry>
<term>ldap_base_dn = DN</term>
<listitem><para>
Defines the directory base suffix to use when searching for
SID/uid/gid mapping entries. If not defined, idmap_ldap will default
to using the &quot;ldap idmap suffix&quot; option from smb.conf.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_user_dn = DN</term>
<listitem><para>
Defines the user DN to be used for authentication. If absent an
anonymous bind will be performed.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_url = ldap://server/</term>
<listitem><para>
Specifies the LDAP server to use when searching for existing
SID/uid/gid map entries. If not defined, idmap_ldap will
assume that ldap://localhost/ should be used.
</para></listitem>
</varlistentry>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative. Note that the range commonly matches
the allocation range due to the fact that the same backend will
store and retrieve SID/uid/gid mapping entries. If the parameter
is absent, Winbind fail over to use the &quot;idmap uid&quot; and
&quot;idmap gid&quot; options from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>IDMAP ALLOC OPTIONS</title>
<variablelist>
<varlistentry>
<term>ldap_base_dn = DN</term>
<listitem><para>
Defines the directory base suffix under which new SID/uid/gid mapping
entries should be stored. If not defined, idmap_ldap will default
to using the &quot;ldap idmap suffix&quot; option from smb.conf.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_user_dn = DN</term>
<listitem><para>
Defines the user DN to be used for authentication. If absent an
anonymous bind will be performed.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_url = ldap://server/</term>
<listitem><para>
Specifies the LDAP server to which modify/add/delete requests should
be sent. If not defined, idmap_ldap will assume that ldap://localhost/
should be used.
</para></listitem>
</varlistentry>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range from which
winbindd can allocate for users and groups. If the parameter
is absent, Winbind fail over to use the &quot;idmap uid&quot;
and &quot;idmap gid&quot; options from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>
The follow sets of a LDAP configuration which uses a slave server
running on localhost for fast fetching SID/gid/uid mappings, it
implies correct configuration of referrals.
The idmap alloc backend is pointed directly to the master to skip
the referral (and consequent reconnection to the master) that the
slave would return as allocation requires writing on the master.
</para>
<programlisting>
[global]
idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:backend = ldap
idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com
idmap config ALLDOMAINS:ldap_url = ldap://localhost/
idmap config ALLDOMAINS:range = 10000 - 50000
idmap alloc backend = ldap
idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com
idmap alloc config:ldap_url = ldap://master.example.com/
idmap alloc config:range = 10000 - 50000
</programlisting>
</refsect1>
<refsynopsisdiv>
<title>NOTE</title>
<para>In order to use authentication against ldap servers you may
need to provide a DN and a password. To avoid exposing the password
in plain text in the configuration file we store it into a security
store. The &quot;net idmap &quot; command is used to store a secret
for the DN specified in a specific idmap domain.
</para>
</refsynopsisdiv>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

66
docs-xml/manpages-3/idmap_nss.8.xml Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_nss.8">
<refmeta>
<refentrytitle>idmap_nss</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_nss</refname>
<refpurpose>Samba's idmap_nss Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_nss plugin provides a means to map Unix users and groups
to Windows accounts and obseletes the &quot;winbind trusted domains only&quot;
smb.conf option. This provides a simple means of ensuring that the SID
for a Unix user named jsmith is reported as the one assigned to
DOMAIN\jsmith which is necessary for reporting ACLs on files and printers
stored on a Samba member server.
</para>
</refsynopsisdiv>
<refsect1>
<title>EXAMPLES</title>
<para>
This example shows how to use idmap_nss to check the local accounts for its
own domain while using allocation to create new mappings for trusted domains
</para>
<programlisting>
[global]
idmap domains = SAMBA TRUSTEDDOMAINS
idmap config SAMBA:backend = nss
idmap config SAMBA:readonly = yes
idmap config TRUSTEDDOMAINS:default = yes
idmap config TRUSTEDDOMAINS:backend = tdb
idmap config TRUSTEDDOMAINS:range = 10000 - 50000
idmap alloc backend = tdb
idmap alloc config:range = 10000 - 50000
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

84
docs-xml/manpages-3/idmap_rid.8.xml Normal file
View File

@ -0,0 +1,84 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_rid.8">
<refmeta>
<refentrytitle>idmap_rid</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_rid</refname>
<refpurpose>Samba's idmap_rid Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_rid backend provides a way to use an algorithmic
mapping scheme to map UIDs/GIDs and SIDs. No database is required
in this case as the mapping is deterministic.</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
<variablelist>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative. Note that the range acts as a filter.
If algorithmically determined UID or GID fall outside the
range, they are ignored and the corresponding map is discarded.
It is intended as a way to avoid accidental UID/GID overlaps
between local and remotely defined IDs.
</para></listitem>
</varlistentry>
<varlistentry>
<term>base_rid = INTEGER</term>
<listitem><para>
Defines the base integer used to build SIDs out of an UID or a GID,
and to rebase the UID or GID to be obtained from a SID. User RIDs
by default start at 1000 (512 hexadecimal), this means a good value
for base_rid can be 1000 as the resulting ID is calculated this way:
ID = RID - BASE_RID + LOW RANGE ID.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>This example shows how to configure 2 domains with idmap_rid</para>
<programlisting>
[global]
idmap domains = MAIN TRUSTED1
idmap config MAIN:backend = rid
idmap config MAIN:base_rid = 0
idmap config MAIN:range = 10000 - 49999
idmap config TRUSTED1:backend = rid
idmap config TRUSTED1:base_rid = 1000
idmap config TRUSTED1:range = 50000 - 99999
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

93
docs-xml/manpages-3/idmap_tdb.8.xml Normal file
View File

@ -0,0 +1,93 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_tdb.8">
<refmeta>
<refentrytitle>idmap_tdb</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>idmap_tdb</refname>
<refpurpose>Samba's idmap_tdb Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv>
<title>DESCRIPTION</title>
<para>The idmap_tdb plugin is the default backend used by winbindd
for storing SID/uid/gid mapping tables and implements
both the &quot;idmap&quot; and &quot;idmap alloc&quot; APIs.
</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
<variablelist>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative. Note that the range commonly matches
the allocation range due to the fact that the same backend will
store and retrieve SID/uid/gid mapping entries. If the parameter
is absent, Winbind fail over to use the &quot;idmap uid&quot; and
&quot;idmap gid&quot; options from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>IDMAP ALLOC OPTIONS</title>
<variablelist>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range from which
winbindd can allocate for users and groups. If the parameter
is absent, Winbind fail over to use the &quot;idmap uid&quot;
and &quot;idmap gid&quot; options from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>
The following example is equivalent to the pre-3.0.25 default idmap
configuration using the &quot;idmap backend = tdb&quot; setting.
</para>
<programlisting>
[global]
idmap domains = ALLDOMAINS
idmap config ALLDOMAINS:default = yes
idmap config ALLDOMAINS:backend = tdb
idmap config ALLDOMAINS:range = 10000 - 50000
idmap alloc backend = tdb
idmap alloc config:range = 10000 - 50000
</programlisting>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
</para>
</refsect1>
</refentry>

265
docs-xml/manpages-3/ldb.3.xml Normal file
View File

@ -0,0 +1,265 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="ldb.3">
<refmeta>
<refentrytitle>ldb</refentrytitle>
<manvolnum>3</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">C Library Functions</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ldb</refname>
<refclass>The Samba Project</refclass>
<refpurpose>A light-weight database library</refpurpose>
</refnamediv>
<refsynopsisdiv>
<synopsis>#include &lt;ldb.h&gt;</synopsis>
</refsynopsisdiv>
<refsect1>
<title>description</title>
<para>
ldb is a light weight embedded database library and API. With a
programming interface that is very similar to LDAP, ldb can store its
data either in a tdb(3) database or in a real LDAP database.
</para>
<para>
When used with the tdb backend ldb does not require any database
daemon. Instead, ldb function calls are processed immediately by the
ldb library, which does IO directly on the database, while allowing
multiple readers/writers using operating system byte range locks. This
leads to an API with very low overheads, often resulting in speeds of
more than 10x what can be achieved with a more traditional LDAP
architecture.
</para>
<para>
In a taxonomy of databases ldb would sit half way between key/value
pair databases (such as berkley db or tdb) and a full LDAP
database. With a structured attribute oriented API like LDAP and good
indexing capabilities, ldb can be used for quite sophisticated
applications that need a light weight database, without the
administrative overhead of a full LDAP installation.
</para>
<para>
Included with ldb are a number of useful command line tools for
manipulating a ldb database. These tools are similar in style to the
equivalent ldap command line tools.
</para>
<para>
In its default mode of operation with a tdb backend, ldb can also be
seen as a "schema-less LDAP". By default ldb does not require a
schema, which greatly reduces the complexity of getting started with
ldb databases. As the complexity of you application grows you can take
advantage of some of the optional schema-like attributes that ldb
offers, or you can migrate to using the full LDAP api while keeping
your exiting ldb code.
</para>
<para>
If you are new to ldb, then I suggest starting with the manual pages
for ldbsearch(1) and ldbedit(1), and experimenting with a local
database. Then I suggest you look at the ldb_connect(3) and
ldb_search(3) manual pages.
</para>
</refsect1>
<refsect1>
<title>TOOLS</title>
<itemizedlist>
<listitem><para>
<application>ldbsearch(1)</application>
- command line ldb search utility
</para></listitem>
<listitem><para>
<application>ldbedit(1)</application>
- edit all or part of a ldb database using your favourite editor
</para></listitem>
<listitem><para>
<application>ldbadd(1)</application>
- add records to a ldb database using LDIF formatted input
</para></listitem>
<listitem><para>
<application>ldbdel(1)</application>
- delete records from a ldb database
</para></listitem>
<listitem><para>
<application>ldbmodify(1)</application>
- modify records in a ldb database using LDIF formatted input
</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>FUNCTIONS</title>
<itemizedlist>
<listitem><para>
<function>ldb_connect(3)</function>
- connect to a ldb backend
</para></listitem>
<listitem><para>
<function>ldb_search(3)</function>
- perform a database search
</para></listitem>
<listitem><para>
<function>ldb_add(3)</function>
- add a record to the database
</para></listitem>
<listitem><para>
<function>ldb_delete(3)</function>
- delete a record from the database
</para></listitem>
<listitem><para>
<function>ldb_modify(3)</function>
- modify a record in the database
</para></listitem>
<listitem><para>
<function>ldb_errstring(3)</function>
- retrieve extended error information from the last operation
</para></listitem>
<listitem><para>
<function>ldb_ldif_write(3)</function>
- write a LDIF formatted message
</para></listitem>
<listitem><para>
<function>ldb_ldif_write_file(3)</function>
- write a LDIF formatted message to a file
</para></listitem>
<listitem><para>
<function>ldb_ldif_read(3)</function>
- read a LDIF formatted message
</para></listitem>
<listitem><para>
<function>ldb_ldif_read_free(3)</function>
- free the result of a ldb_ldif_read()
</para></listitem>
<listitem><para>
<function>ldb_ldif_read_file(3)</function>
- read a LDIF message from a file
</para></listitem>
<listitem><para>
<function>ldb_ldif_read_string(3)</function>
- read a LDIF message from a string
</para></listitem>
<listitem><para>
<function>ldb_msg_find_element(3)</function>
- find an element in a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_val_equal_exact(3)</function>
- compare two ldb_val structures
</para></listitem>
<listitem><para>
<function>ldb_msg_find_val(3)</function>
- find an element by value
</para></listitem>
<listitem><para>
<function>ldb_msg_add_empty(3)</function>
- add an empty message element to a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_msg_add(3)</function>
- add a non-empty message element to a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_msg_element_compare(3)</function>
- compare two ldb_message_element structures
</para></listitem>
<listitem><para>
<function>ldb_msg_find_int(3)</function>
- return an integer value from a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_msg_find_uint(3)</function>
- return an unsigned integer value from a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_msg_find_double(3)</function>
- return a double value from a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_msg_find_string(3)</function>
- return a string value from a ldb_message
</para></listitem>
<listitem><para>
<function>ldb_set_alloc(3)</function>
- set the memory allocation function to be used by ldb
</para></listitem>
<listitem><para>
<function>ldb_set_debug(3)</function>
- set a debug handler to be used by ldb
</para></listitem>
<listitem><para>
<function>ldb_set_debug_stderr(3)</function>
- set a debug handler for stderr output
</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>Author</title>
<para>
ldb was written by
<ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
</para>
<para>
If you wish to report a problem or make a suggestion then please see
the <ulink url="http://ldb.samba.org/"/> web site for
current contact and maintainer information.
</para>
<para>
ldb is released under the GNU Lesser General Public License version 2
or later. Please see the file COPYING for license details.
</para>
</refsect1>
</refentry>

108
docs-xml/manpages-3/ldbadd.1.xml Normal file
View File

@ -0,0 +1,108 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="ldbadd.1">
<refmeta>
<refentrytitle>ldbadd</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ldbadd</refname>
<refpurpose>Command-line utility for adding records to an LDB</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ldbadd</command>
<arg choice="opt">-h</arg>
<arg choice="opt">-H LDB-URL</arg>
<arg choice="opt">ldif-file1</arg>
<arg choice="opt">ldif-file2</arg>
<arg choice="opt">...</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>ldbadd adds records to an ldb(7) database. It reads
the ldif(5) files specified on the command line and adds
the records from these files to the LDB database, which is specified
by the -H option or the LDB_URL environment variable.
</para>
<para>If - is specified as a ldb file, the ldif input is read from
standard input.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem><para>
Show list of available options.</para></listitem>
</varlistentry>
<varlistentry>
<term>-H &lt;ldb-url&gt;</term>
<listitem><para>
LDB URL to connect to. See ldb(7) for details.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>ENVIRONMENT</title>
<variablelist>
<varlistentry><term>LDB_URL</term>
<listitem><para>LDB URL to connect to (can be overrided by using the
-H command-line option.)</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 4.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>ldb(7), ldbmodify, ldbdel, ldif(5)</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para> ldb was written by
<ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
</para>
<para>
If you wish to report a problem or make a suggestion then please see
the <ulink url="http://ldb.samba.org/"/> web site for
current contact and maintainer information.
</para>
<para>This manpage was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

108
docs-xml/manpages-3/ldbdel.1.xml Normal file
View File

@ -0,0 +1,108 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="ldbdel.1">
<refmeta>
<refentrytitle>ldbdel</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ldbdel</refname>
<refpurpose>Command-line program for deleting LDB records</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ldbdel</command>
<arg choice="opt">-h</arg>
<arg choice="opt">-H LDB-URL</arg>
<arg choice="opt">dn</arg>
<arg choice="opt">...</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>ldbdel deletes records from an ldb(7) database.
It deletes the records identified by the dn's specified
on the command-line. </para>
<para>ldbdel uses either the database that is specified with
the -H option or the database specified by the LDB_URL environment
variable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem><para>
Show list of available options.</para></listitem>
</varlistentry>
<varlistentry>
<term>-H &lt;ldb-url&gt;</term>
<listitem><para>
LDB URL to connect to. See ldb(7) for details.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>ENVIRONMENT</title>
<variablelist>
<varlistentry><term>LDB_URL</term>
<listitem><para>LDB URL to connect to (can be overrided by using the
-H command-line option.)</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 4.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>ldb(7), ldbmodify, ldbadd, ldif(5)</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para> ldb was written by
<ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
</para>
<para>
If you wish to report a problem or make a suggestion then please see
the <ulink url="http://ldb.samba.org/"/> web site for
current contact and maintainer information.
</para>
<para>ldbdel was written by Andrew Tridgell.</para>
<para>This manpage was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

203
docs-xml/manpages-3/ldbedit.1.xml Normal file
View File

@ -0,0 +1,203 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="ldbedit.1">
<refmeta>
<refentrytitle>ldbedit</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ldbedit</refname>
<refpurpose>Edit LDB databases using your preferred editor</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ldbedit</command>
<arg choice="opt">-?</arg>
<arg choice="opt">--usage</arg>
<arg choice="opt">-s base|one|sub</arg>
<arg choice="opt">-b basedn</arg>
<arg choice="opt">-a</arg>
<arg choice="opt">-e editor</arg>
<arg choice="opt">-H LDB-URL</arg>
<arg choice="opt">expression</arg>
<arg rep="repeat" choice="opt">attributes</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>ldbedit is a utility that allows you to edit LDB entries (in
tdb files, sqlite files or LDAP servers) using your preferred editor.
ldbedit generates an LDIF file based on your query, allows you to edit
the LDIF, and then merges that LDIF back into the LDB backend.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-?</term>
<term>--help</term>
<listitem>
<para>
Show list of available options, and a phrase describing what that option
does.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--usage</term>
<listitem>
<para>
Show list of available options. This is similar to the help option,
however it does not provide any description, and is hence shorter.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-H &lt;ldb-url&gt;</term>
<listitem>
<para>
LDB URL to connect to. For a tdb database,
this will be of the form
tdb://<replaceable>filename</replaceable>.
For a LDAP connection over unix domain
sockets, this will be of the form
ldapi://<replaceable>socket</replaceable>. For
a (potentially remote) LDAP connection over
TCP, this will be of the form
ldap://<replaceable>hostname</replaceable>. For
an SQLite database, this will be of the form
sqlite://<replaceable>filename</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s one|sub|base</term>
<listitem><para>Search scope to use. One-level, subtree or base.</para></listitem>
</varlistentry>
<varlistentry>
<term>-a</term>
<term>-all</term>
<listitem>
<para>Edit all records. This allows you to
apply the same change to a number of records
at once. You probably want to combine this
with an expression of the form
"objectclass=*".
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-e editor</term>
<term>--editor editor</term>
<listitem>
<para>Specify the editor that should be used (overrides
the VISUAL and EDITOR environment
variables). If this option is not used, and
neither VISUAL nor EDITOR environment variables
are set, then the vi editor will be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-b basedn</term>
<listitem><para>Specify Base Distinguished Name to use.</para></listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<term>--verbose</term>
<listitem>
<para>Make ldbedit more verbose about the
operations that are being performed. Without
this option, ldbedit will only provide a
summary change line.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>ENVIRONMENT</title>
<variablelist>
<varlistentry>
<term>LDB_URL</term>
<listitem>
<para>LDB URL to connect to. This can be
overridden by using the -H command-line option.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>VISUAL and EDITOR</term>
<listitem>
<para>
Environment variables used to determine what
editor to use. VISUAL takes precedence over
EDITOR, and both are overridden by the
-e command-line option.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 4.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>ldb(7), ldbmodify(1), ldbdel(1), ldif(5), vi(1)</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
ldb was written by
<ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
</para>
<para>
If you wish to report a problem or make a suggestion then please see
the <ulink url="http://ldb.samba.org/"/> web site for
current contact and maintainer information.
</para>
<para>
This manpage was written by Jelmer Vernooij and updated
by Brad Hards.
</para>
</refsect1>
</refentry>

96
docs-xml/manpages-3/ldbmodify.1.xml Normal file
View File

@ -0,0 +1,96 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="ldbmodify.1">
<refmeta>
<refentrytitle>ldbmodify</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ldbmodify</refname>
<refpurpose>Modify records in a LDB database</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ldbmodify</command>
<arg choice="opt">-H LDB-URL</arg>
<arg choice="opt">ldif-file</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
ldbmodify changes, adds and deletes records in a LDB database.
The changes that should be made to the LDB database are read from
the specified LDIF-file. If - is specified as the filename, input is read from stdin.
</para>
<para>For now, see ldapmodify(1) for details on the LDIF file format.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-H &lt;ldb-url&gt;</term>
<listitem><para>
LDB URL to connect to. See ldb(7) for details.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>ENVIRONMENT</title>
<variablelist>
<varlistentry><term>LDB_URL</term>
<listitem><para>LDB URL to connect to (can be overrided by using the
-H command-line option.)</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 4.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>ldb(7), ldbedit</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para> ldb was written by
<ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
</para>
<para>
If you wish to report a problem or make a suggestion then please see
the <ulink url="http://ldb.samba.org/"/> web site for
current contact and maintainer information.
</para>
<para>This manpage was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

122
docs-xml/manpages-3/ldbsearch.1.xml Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry id="ldbsearch.1">
<refmeta>
<refentrytitle>ldbsearch</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ldbsearch</refname>
<refpurpose>Search for records in a LDB database</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ldbsearch</command>
<arg choice="opt">-h</arg>
<arg choice="opt">-s base|one|sub</arg>
<arg choice="opt">-b basedn</arg>
<arg chioce="opt">-i</arg>
<arg choice="opt">-H LDB-URL</arg>
<arg choice="opt">expression</arg>
<arg choice="opt">attributes</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>ldbsearch searches a LDB database for records matching the
specified expression (see the ldapsearch(1) manpage for
a description of the expression format). For each
record, the specified attributes are printed.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem><para>
Show list of available options.</para></listitem>
</varlistentry>
<varlistentry>
<term>-H &lt;ldb-url&gt;</term>
<listitem><para>
LDB URL to connect to. See ldb(7) for details.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-s one|sub|base</term>
<listitem><para>Search scope to use. One-level, subtree or base.</para></listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem><para>Read search expressions from stdin. </para></listitem>
</varlistentry>
<varlistentry>
<term>-b basedn</term>
<listitem><para>Specify Base DN to use.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>ENVIRONMENT</title>
<variablelist>
<varlistentry><term>LDB_URL</term>
<listitem><para>LDB URL to connect to (can be overrided by using the
-H command-line option.)</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 4.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>ldb(7), ldbedit(1)</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para> ldb was written by
<ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
</para>
<para>
If you wish to report a problem or make a suggestion then please see
the <ulink url="http://ldb.samba.org/"/> web site for
current contact and maintainer information.
</para>
<para>This manpage was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

140
docs-xml/manpages-3/libsmbclient.7.xml Normal file
View File

@ -0,0 +1,140 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="libsmbclient.7">
<refmeta>
<refentrytitle>libsmbclient</refentrytitle>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">7</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>libsmbclient</refname>
<refpurpose>An extension library for browsers and that can be used as a generic browsing API.</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>Browser URL:</command>
<para>
smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options]
</para>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.
</para>
<para>
<command>libsmbclient</command> is a library toolset that permits applications to manipulate CIFS/SMB network
resources using many of the standards POSIX functions available for manipulating local UNIX/Linux files. It
permits much more than just browsing, files can be opened and read or written, permissions changed, file times
modified, attributes and ACL's can be manipulated, and so on. Of course, its functionality includes all the
capabilities commonly called browsing.
</para>
<para>
<command>libsmbclient</command> can not be used directly from the command line, instead it provides an
extension of the capabilities of tools such as file managers and browsers. This man page describes the
configuration options for this tool so that the user may obtain greatest utility of use.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>
What the URLs mean:
</para>
<variablelist>
<varlistentry>
<term>smb://</term>
<listitem><para>
Shows all workgroups or domains that are visible in the network. The behavior matches
that of the Microsoft Windows Explorer.
</para>
<para>
The method of locating the list of workgroups (domains also) varies depending on the setting of
the context variable <literal>(context-&gt;options.browse_max_lmb_count)</literal>. It is the
responsibility of the application that calls this library to set this to a sensible value. This
is a compile-time option. This value determines the maximum number of local master browsers to
query for the list of workgroups. In order to ensure that the list is complete for those present
on the network, all master browsers must be querried. If there are a large number of workgroups
on the network, the time spent querying will be significant. For small networks (just a few
workgroups), it is suggested to set this value to 0, instructing libsmbclient to query all local
master browsers. In an environment that has many workgroups a more reasonable setting may be around 3.
</para></listitem>
</varlistentry>
<varlistentry>
<term>smb://name/</term>
<listitem><para>
This command causes libsmbclient to perform a name look-up. If the NAME&lt;1D&gt; or
NAME&lt;1B&gt; exists (workgroup name), libsmbclient will list all servers in the
workgroup (or domain). Otherwise, a name look-up for the NAME&lt;20&gt; (machine name)
will be performed, and the list of shared resources on the server will be displayed.
</para></listitem>
</varlistentry>
</variablelist>
<para>
When libsmbclient is invoked by an application it searches for a directory called
<filename>.smb</filename> in the $HOME directory that is specified in the users shell
environment. It then searches for a file called <filename>smb.conf</filename> which,
if present, will fully over-ride the system <filename>/etc/samba/smb.conf</filename> file. If
instead libsmbclient finds a file called <filename>~/.smb/smb.conf.append</filename>,
it will read the system <filename>/etc/samba/smb.conf</filename> and then append the
contents of the <filename>~/.smb/smb.conf.append</filename> to it.
</para>
<para>
<command>libsmbclient</command> will check the users shell environment for the <literal>USER</literal>
parameter and will use its value when if the <literal>user</literal> parameter was not included
in the URL.
</para>
</refsect1>
<refsect1>
<title>PROGRAMMERS GUIDE</title>
<para>
Watch this space for future updates.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>
This man page is correct for version 3.0 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities were created by Andrew Tridgell.
Samba is now developed by the Samba Team as an Open Source project similar to the way
the Linux kernel is developed.
</para>
<para>
The libsmbclient manpage page was written by John H Terpstra.
</para>
</refsect1>
</refentry>

127
docs-xml/manpages-3/lmhosts.5.xml Normal file
View File

@ -0,0 +1,127 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="lmhosts.5">
<refmeta>
<refentrytitle>lmhosts</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>lmhosts</refname>
<refpurpose>The Samba NetBIOS hosts file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>lmhosts</filename> is the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> NetBIOS name to IP address mapping file.</para>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This file is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><filename>lmhosts</filename> is the <emphasis>Samba
</emphasis> NetBIOS name to IP address mapping file. It
is very similar to the <filename>/etc/hosts</filename> file
format, except that the hostname component must correspond
to the NetBIOS naming format.</para>
</refsect1>
<refsect1>
<title>FILE FORMAT</title>
<para>It is an ASCII file containing one line for NetBIOS name.
The two fields on each line are separated from each other by
white space. Any entry beginning with '#' is ignored. Each line
in the lmhosts file contains the following information:</para>
<itemizedlist>
<listitem><para>IP Address - in dotted decimal format.</para>
</listitem>
<listitem><para>NetBIOS Name - This name format is a
maximum fifteen character host name, with an optional
trailing '#' character followed by the NetBIOS name type
as two hexadecimal digits.</para>
<para>If the trailing '#' is omitted then the given IP
address will be returned for all names that match the given
name, whatever the NetBIOS name type in the lookup.</para>
</listitem>
</itemizedlist>
<para>An example follows:
<programlisting>
#
# Sample Samba lmhosts file.
#
192.9.200.1 TESTPC
192.9.200.20 NTSERVER#20
192.9.200.21 SAMBASERVER
</programlisting>
</para>
<para>Contains three IP to NetBIOS name mappings. The first
and third will be returned for any queries for the names "TESTPC"
and "SAMBASERVER" respectively, whatever the type component of
the NetBIOS name requested.</para>
<para>The second mapping will be returned only when the "0x20" name
type for a name "NTSERVER" is queried. Any other name type will not
be resolved.</para>
<para>The default location of the <filename>lmhosts</filename> file
is in the same directory as the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file.</para>
</refsect1>
<refsect1>
<title>FILES</title>
<para>lmhosts is loaded from the configuration directory. This is
usually <filename>/etc/samba</filename> or <filename>/usr/local/samba/lib</filename>.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>, and <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

138
docs-xml/manpages-3/log2pcap.1.xml Normal file
View File

@ -0,0 +1,138 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="log2pcap.1">
<refmeta>
<refentrytitle>log2pcap</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>log2pcap</refname>
<refpurpose>Extract network traces from Samba log files</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>log2pcap</command>
<arg choice="opt">-h</arg>
<arg choice="opt">-q</arg>
<arg choice="opt">logfile</arg>
<arg choice="opt">pcap_file</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>log2pcap</command> reads in a
samba log file and generates a pcap file (readable
by most sniffers, such as ethereal or tcpdump) based on the packet
dumps in the log file.</para>
<para>The log file must have a <parameter>log level</parameter>
of at least <constant>5</constant> to get the SMB header/parameters
right, <constant>10</constant> to get the first 512 data bytes of the
packet and <constant>50</constant> to get the whole packet.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem><para>If this parameter is
specified the output file will be a
hex dump, in a format that is readable
by the <application>text2pcap</application> utility.</para></listitem>
</varlistentry>
<varlistentry>
<term>-q</term>
<listitem><para>Be quiet. No warning messages about missing
or incomplete data will be given.</para></listitem>
</varlistentry>
<varlistentry>
<term>logfile</term>
<listitem><para>
Samba log file. log2pcap will try to read the log from stdin
if the log file is not specified.
</para></listitem>
</varlistentry>
<varlistentry>
<term>pcap_file</term>
<listitem><para>
Name of the output file to write the pcap (or hexdump) data to.
If this argument is not specified, output data will be written
to stdout.
</para></listitem>
</varlistentry>
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Extract all network traffic from all samba log files:</para>
<para><programlisting>
<prompt>$</prompt> log2pcap &lt; /var/log/* &gt; trace.pcap
</programlisting></para>
<para>Convert to pcap using text2pcap:</para>
<para><programlisting>
<prompt>$</prompt> log2pcap -h samba.log | text2pcap -T 139,139 - trace.pcap
</programlisting></para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>Only SMB data is extracted from the samba logs, no LDAP,
NetBIOS lookup or other data.</para>
<para>The generated TCP and IP headers don't contain a valid
checksum.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>text2pcap</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>ethereal</refentrytitle><manvolnum>1</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>This manpage was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

614
docs-xml/manpages-3/mount.cifs.8.xml Normal file
View File

@ -0,0 +1,614 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="mount.cifs.8">
<refmeta>
<refentrytitle>mount.cifs</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>mount.cifs</refname>
<refpurpose>mount using the Common Internet File System (CIFS)</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>mount.cifs</command>
<arg choice="req">service</arg>
<arg choice="req">mount-point</arg>
<arg choice="opt">-o options</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>mount.cifs mounts a Linux CIFS filesystem. It
is usually invoked indirectly by
the <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command when using the
"-t cifs" option. This command only works in Linux, and the kernel must
support the cifs filesystem. The CIFS protocol is the successor to the
SMB protocol and is supported by most Windows servers and many other
commercial servers and Network Attached Storage appliances as well as
by the popular Open Source server Samba.
</para>
<para>
The mount.cifs utility attaches the UNC name (exported network resource) to
the local directory <emphasis>mount-point</emphasis>. It is possible to set the mode for mount.cifs to
setuid root to allow non-root users to mount shares to directories for which they
have write permission.
</para>
<para>
Options to <emphasis>mount.cifs</emphasis> are specified as a comma-separated
list of key=value pairs. It is possible to send options other
than those listed here, assuming that the cifs filesystem kernel module (cifs.ko) supports them.
Unrecognized cifs mount options passed to the cifs vfs kernel code will be logged to the
kernel log.
</para>
<para><emphasis>mount.cifs</emphasis> causes the cifs vfs to launch a thread named cifsd. After mounting it keeps running until
the mounted resource is unmounted (usually via the umount utility).
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry><term>user=<replaceable>arg</replaceable></term>
<listitem><para>specifies the username to connect as. If
this is not given, then the environment variable <emphasis>USER</emphasis> is used. This option can also take the
form "user%password" or "workgroup/user" or
"workgroup/user%password" to allow the password and workgroup
to be specified as part of the username.
</para>
<note>
<para>
The cifs vfs accepts the parameter <parameter>user=</parameter>, or for users familiar with smbfs it accepts the longer form of the parameter <parameter>username=</parameter>. Similarly the longer smbfs style parameter names may be accepted as synonyms for the shorter cifs parameters <parameter>pass=</parameter>,<parameter>dom=</parameter> and <parameter>cred=</parameter>.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry><term>password=<replaceable>arg</replaceable></term>
<listitem><para>specifies the CIFS password. If this
option is not given then the environment variable
<emphasis>PASSWD</emphasis> is used. If the password is not specified
directly or indirectly via an argument to mount, <emphasis>mount.cifs</emphasis> will prompt
for a password, unless the guest option is specified.
</para>
<para>Note that a password which contains the delimiter
character (i.e. a comma ',') will fail to be parsed correctly
on the command line. However, the same password defined
in the PASSWD environment variable or via a credentials file (see
below) or entered at the password prompt will be read correctly.
</para>
</listitem></varlistentry>
<varlistentry><term>credentials=<replaceable>filename</replaceable></term>
<listitem><para>
specifies a file that contains a username
and/or password. The format of the file is:
</para>
<programlisting>
username=<replaceable>value</replaceable>
password=<replaceable>value</replaceable>
</programlisting>
<para>
This is preferred over having passwords in plaintext in a
shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any
credentials file properly.
</para>
</listitem></varlistentry>
<varlistentry>
<term>uid=<replaceable>arg</replaceable></term>
<listitem><para>sets the uid that will own all files on
the mounted filesystem.
It may be specified as either a username or a numeric uid.
For mounts to servers which do support the CIFS Unix extensions,
such as a properly configured Samba server, the server provides
the uid, gid and mode so this parameter should not be
specified unless the server and client uid and gid
numbering differ. If the server and client are in the
same domain (e.g. running winbind or nss_ldap) and
the server supports the Unix Extensions then the uid
and gid can be retrieved from the server (and uid
and gid would not have to be specifed on the mount.
For servers which do not support the CIFS Unix
extensions, the default uid (and gid) returned on lookup
of existing files will be the uid (gid) of the person
who executed the mount (root, except when mount.cifs
is configured setuid for user mounts) unless the "uid="
(gid) mount option is specified. For the uid (gid) of newly
created files and directories, ie files created since
the last mount of the server share, the expected uid
(gid) is cached as long as the inode remains in
memory on the client. Also note that permission
checks (authorization checks) on accesses to a file occur
at the server, but there are cases in which an administrator
may want to restrict at the client as well. For those
servers which do not report a uid/gid owner
(such as Windows), permissions can also be checked at the
client, and a crude form of client side permission checking
can be enabled by specifying file_mode and dir_mode on
the client. Note that the mount.cifs helper must be
at version 1.10 or higher to support specifying the uid
(or gid) in non-numeric form.
</para></listitem>
</varlistentry>
<varlistentry>
<term>gid=<replaceable>arg</replaceable></term>
<listitem><para>sets the gid that will own all files on
the mounted filesystem. It may be specified as either a groupname or a numeric
gid. For other considerations see the description of uid above.
</para></listitem>
</varlistentry>
<varlistentry>
<term>port=<replaceable>arg</replaceable></term>
<listitem><para>sets the port number on the server to attempt to contact to negotiate
CIFS support. If the CIFS server is not listening on this port or
if it is not specified, the default ports will be tried i.e.
port 445 is tried and if no response then port 139 is tried.
</para></listitem>
</varlistentry>
<varlistentry>
<term>servern=<replaceable>arg</replaceable></term>
<listitem><para>
Specify the server netbios name (RFC1001 name) to use
when attempting to setup a session to the server. Although
rarely needed for mounting to newer servers, this option
is needed for mounting to some older servers (such
as OS/2 or Windows 98 and Windows ME) since when connecting
over port 139 they, unlike most newer servers, do not
support a default server name. A server name can be up
to 15 characters long and is usually uppercased.
</para></listitem>
</varlistentry>
<varlistentry>
<term>netbiosname=<replaceable>arg</replaceable></term>
<listitem><para>When mounting to servers via port 139, specifies the RFC1001
source name to use to represent the client netbios machine
name when doing the RFC1001 netbios session initialize.
</para></listitem>
</varlistentry>
<varlistentry>
<term>file_mode=<replaceable>arg</replaceable></term>
<listitem><para>If the server does not support the CIFS Unix extensions this
overrides the default file mode.</para></listitem>
</varlistentry>
<varlistentry>
<term>dir_mode=<replaceable>arg</replaceable></term>
<listitem><para>If the server does not support the CIFS Unix extensions this
overrides the default mode for directories. </para></listitem>
</varlistentry>
<varlistentry>
<term>ip=<replaceable>arg</replaceable></term>
<listitem><para>sets the destination IP address. This option is set automatically if the server name portion of the requested UNC name can be resolved so rarely needs to be specified by the user.</para></listitem>
</varlistentry>
<varlistentry>
<term>domain=<replaceable>arg</replaceable></term>
<listitem><para>sets the domain (workgroup) of the user </para></listitem>
</varlistentry>
<varlistentry>
<term>guest</term>
<listitem><para>don't prompt for a password </para></listitem>
</varlistentry>
<varlistentry>
<term>iocharset</term>
<listitem><para>Charset used to convert local path names to and from
Unicode. Unicode is used by default for network path
names if the server supports it. If iocharset is
not specified then the nls_default specified
during the local client kernel build will be used.
If server does not support Unicode, this parameter is
unused. </para></listitem>
</varlistentry>
<varlistentry>
<term>ro</term>
<listitem><para>mount read-only</para></listitem>
</varlistentry>
<varlistentry>
<term>rw</term>
<listitem><para>mount read-write</para></listitem>
</varlistentry>
<varlistentry>
<term>setuids</term>
<listitem><para>If the CIFS Unix extensions are negotiated with the server
the client will attempt to set the effective uid and gid of
the local process on newly created files, directories, and
devices (create, mkdir, mknod). If the CIFS Unix Extensions
are not negotiated, for newly created files and directories
instead of using the default uid and gid specified on the
the mount, cache the new file's uid and gid locally which means
that the uid for the file can change when the inode is
reloaded (or the user remounts the share).</para></listitem>
</varlistentry>
<varlistentry>
<term>nosetuids</term>
<listitem><para>The client will not attempt to set the uid and gid on
on newly created files, directories, and devices (create,
mkdir, mknod) which will result in the server setting the
uid and gid to the default (usually the server uid of the
user who mounted the share). Letting the server (rather than
the client) set the uid and gid is the default.If the CIFS
Unix Extensions are not negotiated then the uid and gid for
new files will appear to be the uid (gid) of the mounter or the
uid (gid) parameter specified on the mount.</para></listitem>
</varlistentry>
<varlistentry>
<term>perm</term>
<listitem><para>Client does permission checks (vfs_permission check of uid
and gid of the file against the mode and desired operation),
Note that this is in addition to the normal ACL check on the
target machine done by the server software.
Client permission checking is enabled by default.</para></listitem>
</varlistentry>
<varlistentry>
<term>noperm</term>
<listitem><para>Client does not do permission checks. This can expose
files on this mount to access by other users on the local
client system. It is typically only needed when the server
supports the CIFS Unix Extensions but the UIDs/GIDs on the
client and server system do not match closely enough to allow
access by the user doing the mount.
Note that this does not affect the normal ACL check on the
target machine done by the server software (of the server
ACL against the user name provided at mount time).</para></listitem>
</varlistentry>
<varlistentry>
<term>directio</term>
<listitem><para>Do not do inode data caching on files opened on this mount.
This precludes mmaping files on this mount. In some cases
with fast networks and little or no caching benefits on the
client (e.g. when the application is doing large sequential
reads bigger than page size without rereading the same data)
this can provide better performance than the default
behavior which caches reads (readahead) and writes
(writebehind) through the local Linux client pagecache
if oplock (caching token) is granted and held. Note that
direct allows write operations larger than page size
to be sent to the server. On some kernels this requires the cifs.ko module
to be built with the CIFS_EXPERIMENTAL configure option.</para></listitem>
</varlistentry>
<varlistentry>
<term>mapchars</term>
<listitem><para>Translate six of the seven reserved characters (not backslash, but including the colon, question mark, pipe, asterik, greater than and less than characters)
to the remap range (above 0xF000), which also
allows the CIFS client to recognize files created with
such characters by Windows's POSIX emulation. This can
also be useful when mounting to most versions of Samba
(which also forbids creating and opening files
whose names contain any of these seven characters).
This has no effect if the server does not support
Unicode on the wire.</para></listitem>
</varlistentry>
<varlistentry>
<term>nomapchars</term>
<listitem><para>Do not translate any of these seven characters (default)</para></listitem>
</varlistentry>
<varlistentry>
<term>intr</term>
<listitem><para>currently unimplemented</para></listitem>
</varlistentry>
<varlistentry>
<term>nointr</term>
<listitem><para>(default) currently unimplemented </para></listitem>
</varlistentry>
<varlistentry>
<term>hard</term>
<listitem><para>The program accessing a file on the cifs mounted file system will hang when the
server crashes.</para></listitem>
</varlistentry>
<varlistentry>
<term>soft</term>
<listitem><para>(default) The program accessing a file on the cifs mounted file system will not hang when the server crashes and will return errors to the user application.</para></listitem>
</varlistentry>
<varlistentry>
<term>noacl</term>
<listitem><para>Do not allow POSIX ACL operations even if server would support them.</para><para>
The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers
version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and
then POSIX support in the CIFS configuration options when building the cifs
module. POSIX ACL support can be disabled on a per mount basic by specifying
"noacl" on mount.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>nocase</term>
<listitem>
<para>Request case insensitive path name matching (case
sensitive is the default if the server suports it).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sec=</term>
<listitem>
<para>Security mode. Allowed values are:</para>
<itemizedlist>
<listitem><para>none attempt to connection as a null user (no name) </para></listitem>
<listitem><para>krb5 Use Kerberos version 5 authentication</para></listitem>
<listitem><para>krb5i Use Kerberos authentication and packet signing</para></listitem>
<listitem><para>ntlm Use NTLM password hashing (default)</para></listitem>
<listitem><para>ntlmi Use NTLM password hashing with signing (if
/proc/fs/cifs/PacketSigningEnabled on or if
server requires signing also can be the default)</para></listitem>
<listitem><para>ntlmv2 Use NTLMv2 password hashing</para></listitem>
<listitem><para>ntlmv2i Use NTLMv2 password hashing with packet signing</para></listitem>
</itemizedlist>
<para>[NB This [sec parameter] is under development and expected to be available in cifs kernel module 1.40 and later]
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>nobrl</term>
<listitem>
<para>Do not send byte range lock requests to the server.
This is necessary for certain applications that break
with cifs style mandatory byte range locks (and most
cifs servers do not yet support requesting advisory
byte range locks).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>sfu</term>
<listitem>
<para>
When the CIFS Unix Extensions are not negotiated, attempt to
create device files and fifos in a format compatible with
Services for Unix (SFU). In addition retrieve bits 10-12
of the mode via the SETFILEBITS extended attribute (as
SFU does). In the future the bottom 9 bits of the mode
mode also will be emulated using queries of the security
descriptor (ACL). [NB: requires version 1.39 or later
of the CIFS VFS. To recognize symlinks and be able
to create symlinks in an SFU interoperable form
requires version 1.40 or later of the CIFS VFS kernel module.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>serverino</term>
<listitem><para>Use inode numbers (unique persistent file identifiers)
returned by the server instead of automatically generating
temporary inode numbers on the client. Although server inode numbers
make it easier to spot hardlinked files (as they will have
the same inode numbers) and inode numbers may be persistent (which is
userful for some sofware),
the server does not guarantee that the inode numbers
are unique if multiple server side mounts are exported under a
single share (since inode numbers on the servers might not
be unique if multiple filesystems are mounted under the same
shared higher level directory). Note that not all
servers support returning server inode numbers, although
those that support the CIFS Unix Extensions, and Windows 2000 and
later servers typically do support this (although not necessarily
on every local server filesystem). Parameter has no effect if
the server lacks support for returning inode numbers or equivalent.
</para></listitem>
</varlistentry>
<varlistentry>
<term>noserverino</term>
<listitem><para>client generates inode numbers (rather than using the actual one
from the server) by default.
</para></listitem>
</varlistentry>
<varlistentry>
<term>nouser_xattr</term>
<listitem><para>(default) Do not allow getfattr/setfattr to get/set xattrs, even if server would support it otherwise. </para></listitem>
</varlistentry>
<varlistentry>
<term>rsize=<replaceable>arg</replaceable></term>
<listitem><para>default network read size (usually 16K). The client currently
can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize
defaults to 16K and may be changed (from 8K to the maximum
kmalloc size allowed by your kernel) at module install time
for cifs.ko. Setting CIFSMaxBufSize to a very large value
will cause cifs to use more memory and may reduce performance
in some cases. To use rsize greater than 127K (the original
cifs protocol maximum) also requires that the server support
a new Unix Capability flag (for very large read) which some
newer servers (e.g. Samba 3.0.26 or later) do. rsize can be
set from a minimum of 2048 to a maximum of 130048 (127K or
CIFSMaxBufSize, whichever is smaller)
</para></listitem>
</varlistentry>
<varlistentry>
<term>wsize=<replaceable>arg</replaceable></term>
<listitem><para>default network write size (default 57344)
maximum wsize currently allowed by CIFS is 57344 (fourteen
4096 byte pages)</para></listitem>
</varlistentry>
<varlistentry>
<term>--verbose</term>
<listitem><para>Print additional debugging information for the mount. Note that this parameter must be specified before the -o. For example:</para><para>mount -t cifs //server/share /mnt --verbose -o user=username</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SERVICE FORMATTING AND DELIMITERS</title>
<para>
It's generally preferred to use forward slashes (/) as a delimiter in service names. They are considered to be the "universal delimiter" since they are generally not allowed to be embedded within path components on Windows machines and the client can convert them to blackslashes (\) unconditionally. Conversely, backslash characters are allowed by POSIX to be part of a path component, and can't be automatically converted in the same way.
</para>
<para>
mount.cifs will attempt to convert backslashes to forward slashes where it's able to do so, but it cannot do so in any path component following the sharename.
</para>
</refsect1>
<refsect1>
<title>ENVIRONMENT VARIABLES</title>
<para>
The variable <emphasis>USER</emphasis> may contain the username of the
person to be used to authenticate to the server.
The variable can be used to set both username and
password by using the format username%password.
</para>
<para>
The variable <emphasis>PASSWD</emphasis> may contain the password of the
person using the client.
</para>
<para>
The variable <emphasis>PASSWD_FILE</emphasis> may contain the pathname
of a file to read the password from. A single line of input is
read and used as the password.
</para>
</refsect1>
<refsect1>
<title>NOTES</title>
<para>This command may be used only by root, unless installed setuid, in which case the noeexec and nosuid mount flags are enabled.</para>
</refsect1>
<refsect1>
<title>CONFIGURATION</title>
<para>
The primary mechanism for making configuration changes and for reading
debug information for the cifs vfs is via the Linux /proc filesystem.
In the directory <filename>/proc/fs/cifs</filename> are various
configuration files and pseudo files which can display debug information.
There are additional startup options such as maximum buffer size and number
of buffers which only may be set when the kernel cifs vfs (cifs.ko module) is
loaded. These can be seen by running the modinfo utility against the file
cifs.ko which will list the options that may be passed to cifs during module
installation (device driver load).
For more information see the kernel file <filename>fs/cifs/README</filename>.
</para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>Mounting using the CIFS URL specification is currently not supported.
</para>
<para>The credentials file does not handle usernames or passwords with
leading space.</para>
<para>
Note that the typical response to a bug report is a suggestion
to try the latest version first. So please try doing that first,
and always include which versions you use of relevant software
when reporting bugs (minimum: mount.cifs (try mount.cifs -V), kernel (see /proc/version) and
server type you are trying to contact.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 1.52 of
the cifs vfs filesystem (roughly Linux kernel 2.6.24).</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel
source tree may contain additional options and information.
</para>
<para><citerefentry><refentrytitle>umount.cifs</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>Steve French</para>
<para>The syntax and manpage were loosely based on that of smbmount. It
was converted to Docbook/XML by Jelmer Vernooij.</para>
<para>The maintainer of the Linux cifs vfs and the userspace
tool <emphasis>mount.cifs</emphasis> is <ulink url="mailto:sfrench@samba.org">Steve French</ulink>.
The <ulink url="mailto:linux-cifs-client@lists.samba.org">Linux CIFS Mailing list</ulink>
is the preferred place to ask questions regarding these programs.
</para>
</refsect1>
</refentry>

1548
docs-xml/manpages-3/net.8.xml Normal file
View File

File diff suppressed because it is too large Load Diff

294
docs-xml/manpages-3/nmbd.8.xml Normal file
View File

@ -0,0 +1,294 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="nmbd.8">
<refmeta>
<refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>nmbd</refname>
<refpurpose>NetBIOS name server to provide NetBIOS
over IP naming services to clients</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nmbd</command>
<arg choice="opt">-D</arg>
<arg choice="opt">-F</arg>
<arg choice="opt">-S</arg>
<arg choice="opt">-a</arg>
<arg choice="opt">-i</arg>
<arg choice="opt">-o</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-V</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-H &lt;lmhosts file&gt;</arg>
<arg choice="opt">-l &lt;log directory&gt;</arg>
<arg choice="opt">-p &lt;port number&gt;</arg>
<arg choice="opt">-s &lt;configuration file&gt;</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>nmbd</command> is a server that understands
and can reply to NetBIOS over IP name service requests, like
those produced by SMB/CIFS clients such as Windows 95/98/ME,
Windows NT, Windows 2000, Windows XP and LanManager clients. It also
participates in the browsing protocols which make up the
Windows "Network Neighborhood" view.</para>
<para>SMB/CIFS clients, when they start up, may wish to
locate an SMB/CIFS server. That is, they wish to know what
IP number a specified host is using.</para>
<para>Amongst other services, <command>nmbd</command> will
listen for such requests, and if its own NetBIOS name is
specified it will respond with the IP number of the host it
is running on. Its "own NetBIOS name" is by
default the primary DNS name of the host it is running on,
but this can be overridden by the <smbconfoption name="netbios name"/>
in &smb.conf;. Thus <command>nmbd</command> will
reply to broadcast queries for its own name(s). Additional
names for <command>nmbd</command> to respond on can be set
via parameters in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> configuration file.</para>
<para><command>nmbd</command> can also be used as a WINS
(Windows Internet Name Server) server. What this basically means
is that it will act as a WINS database server, creating a
database from name registration requests that it receives and
replying to queries from clients for these names.</para>
<para>In addition, <command>nmbd</command> can act as a WINS
proxy, relaying broadcast queries from clients that do
not understand how to talk the WINS protocol to a WINS
server.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-D</term>
<listitem><para>If specified, this parameter causes
<command>nmbd</command> to operate as a daemon. That is,
it detaches itself and runs in the background, fielding
requests on the appropriate port. By default, <command>nmbd</command>
will operate as a daemon if launched from a command shell.
nmbd can also be operated from the <command>inetd</command>
meta-daemon, although this is not recommended.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-F</term>
<listitem><para>If specified, this parameter causes
the main <command>nmbd</command> process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
<command>nmbd</command> under process supervisors such
as <command>supervise</command> and <command>svscan</command>
from Daniel J. Bernstein's <command>daemontools</command>
package, or the AIX process monitor.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem><para>If specified, this parameter causes
<command>nmbd</command> to log to standard output rather
than a file.</para></listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem><para>If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit daemon mode when run from the
command line. <command>nmbd</command> also logs to standard
output, as if the <constant>-S</constant> parameter had been
given. </para></listitem>
</varlistentry>
&stdarg.help;
<varlistentry>
<term>-H &lt;filename&gt;</term>
<listitem><para>NetBIOS lmhosts file. The lmhosts
file is a list of NetBIOS names to IP addresses that
is loaded by the nmbd server and used via the name
resolution mechanism <smbconfoption name="name resolve order"/> described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> to resolve any
NetBIOS name queries needed by the server. Note
that the contents of this file are <emphasis>NOT</emphasis>
used by <command>nmbd</command> to answer any name queries.
Adding a line to this file affects name NetBIOS resolution
from this host <emphasis>ONLY</emphasis>.</para>
<para>The default path to this file is compiled into
Samba as part of the build process. Common defaults
are <filename>/usr/local/samba/lib/lmhosts</filename>,
<filename>/usr/samba/lib/lmhosts</filename> or
<filename>/etc/samba/lmhosts</filename>. See the <citerefentry><refentrytitle>lmhosts</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> man page for details on the contents of this file.</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
<varlistentry>
<term>-p &lt;UDP port number&gt;</term>
<listitem><para>UDP port number is a positive integer value.
This option changes the default UDP port number (normally 137)
that <command>nmbd</command> responds to name queries on. Don't
use this option unless you are an expert, in which case you
won't need help!</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/inetd.conf</filename></term>
<listitem><para>If the server is to be run by the
<command>inetd</command> meta-daemon, this file
must contain suitable startup information for the
meta-daemon.
</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/rc</filename></term>
<listitem><para>or whatever initialization script your
system uses).</para>
<para>If running the server as a daemon at startup,
this file will need to contain an appropriate startup
sequence for the server.</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/services</filename></term>
<listitem><para>If running the server via the
meta-daemon <command>inetd</command>, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
<listitem><para>This is the default location of
the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> server
configuration file. Other common places that systems
install this file are <filename>/usr/samba/lib/smb.conf</filename>
and <filename>/etc/samba/smb.conf</filename>.</para>
<para>When run as a WINS server (see the
<smbconfoption name="wins support"/>
parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> man page),
<command>nmbd</command>
will store the WINS database in the file <filename>wins.dat</filename>
in the <filename>var/locks</filename> directory configured under
wherever Samba was configured to install itself.</para>
<para>If <command>nmbd</command> is acting as a <emphasis>
browse master</emphasis> (see the <smbconfoption name="local master"/>
parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> man page, <command>nmbd</command>
will store the browsing database in the file <filename>browse.dat
</filename> in the <filename>var/locks</filename> directory
configured under wherever Samba was configured to install itself.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SIGNALS</title>
<para>To shut down an <command>nmbd</command> process it is recommended
that SIGKILL (-9) <emphasis>NOT</emphasis> be used, except as a last
resort, as this may leave the name database in an inconsistent state.
The correct way to terminate <command>nmbd</command> is to send it
a SIGTERM (-15) signal and wait for it to die on its own.</para>
<para><command>nmbd</command> will accept SIGHUP, which will cause
it to dump out its namelists into the file <filename>namelist.debug
</filename> in the <filename>/usr/local/samba/var/locks</filename>
directory (or the <filename>var/locks</filename> directory configured
under wherever Samba was configured to install itself). This will also
cause <command>nmbd</command> to dump out its server database in
the <filename>log.nmb</filename> file.</para>
<para>The debug log level of nmbd may be raised or lowered
using <citerefentry><refentrytitle>smbcontrol</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> (SIGUSR[1|2] signals
are no longer used since Samba 2.2). This is to allow
transient problems to be diagnosed, whilst still running
at a normally low log level.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry><refentrytitle>inetd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, and the Internet
RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/">
http://samba.org/cifs/</ulink>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

223
docs-xml/manpages-3/nmblookup.1.xml Normal file
View File

@ -0,0 +1,223 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="nmblookup">
<refmeta>
<refentrytitle>nmblookup</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>nmblookup</refname>
<refpurpose>NetBIOS over TCP/IP client used to lookup NetBIOS
names</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>nmblookup</command>
<arg choice="opt">-M</arg>
<arg choice="opt">-R</arg>
<arg choice="opt">-S</arg>
<arg choice="opt">-r</arg>
<arg choice="opt">-A</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-B &lt;broadcast address&gt;</arg>
<arg choice="opt">-U &lt;unicast address&gt;</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
<arg choice="opt">-i &lt;NetBIOS scope&gt;</arg>
<arg choice="opt">-T</arg>
<arg choice="opt">-f</arg>
<arg choice="req">name</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>nmblookup</command> is used to query NetBIOS names
and map them to IP addresses in a network using NetBIOS over TCP/IP
queries. The options allow the name queries to be directed at a
particular IP broadcast area or to a particular machine. All queries
are done over UDP.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-M</term>
<listitem><para>Searches for a master browser by looking
up the NetBIOS name <replaceable>name</replaceable> with a
type of <constant>0x1d</constant>. If <replaceable>
name</replaceable> is "-" then it does a lookup on the special name
<constant>__MSBROWSE__</constant>. Please note that in order to
use the name "-", you need to make sure "-" isn't parsed as an
argument, e.g. use :
<userinput>nmblookup -M -- -</userinput>.</para></listitem>
</varlistentry>
<varlistentry>
<term>-R</term>
<listitem><para>Set the recursion desired bit in the packet
to do a recursive lookup. This is used when sending a name
query to a machine running a WINS server and the user wishes
to query the names in the WINS server. If this bit is unset
the normal (broadcast responding) NetBIOS processing code
on a machine is used instead. See RFC1001, RFC1002 for details.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem><para>Once the name query has returned an IP
address then do a node status query as well. A node status
query returns the NetBIOS names registered by a host.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-r</term>
<listitem><para>Try and bind to UDP port 137 to send and receive UDP
datagrams. The reason for this option is a bug in Windows 95
where it ignores the source port of the requesting packet
and only replies to UDP port 137. Unfortunately, on most UNIX
systems root privilege is needed to bind to this port, and
in addition, if the <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon is running on this machine it also binds to this port.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-A</term>
<listitem><para>Interpret <replaceable>name</replaceable> as
an IP Address and do a node status query on this address.</para>
</listitem>
</varlistentry>
&popt.common.connection;
&stdarg.help;
<varlistentry>
<term>-B &lt;broadcast address&gt;</term>
<listitem><para>Send the query to the given broadcast address. Without
this option the default behavior of nmblookup is to send the
query to the broadcast address of the network interfaces as
either auto-detected or defined in the <ulink
url="smb.conf.5.html#INTERFACES"><parameter>interfaces</parameter>
</ulink> parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-U &lt;unicast address&gt;</term>
<listitem><para>Do a unicast query to the specified address or
host <replaceable>unicast address</replaceable>. This option
(along with the <parameter>-R</parameter> option) is needed to
query a WINS server.</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
<varlistentry>
<term>-T</term>
<listitem><para>This causes any IP addresses found in the
lookup to be looked up via a reverse DNS lookup into a
DNS name, and printed out before each</para>
<para><emphasis>IP address .... NetBIOS name</emphasis></para>
<para> pair that is the normal output.</para></listitem>
</varlistentry>
<varlistentry>
<term>-f</term>
<listitem><para>
Show which flags apply to the name that has been looked up. Possible
answers are zero or more of: Response, Authoritative,
Truncated, Recursion_Desired, Recursion_Available, Broadcast.
</para></listitem>
</varlistentry>
<varlistentry>
<term>name</term>
<listitem><para>This is the NetBIOS name being queried. Depending
upon the previous options this may be a NetBIOS name or IP address.
If a NetBIOS name then the different name types may be specified
by appending '#&lt;type&gt;' to the name. This name may also be
'*', which will return all registered names within a broadcast
area.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para><command>nmblookup</command> can be used to query
a WINS server (in the same way <command>nslookup</command> is
used to query DNS servers). To query a WINS server, <command>nmblookup</command>
must be called like this:</para>
<para><command>nmblookup -U server -R 'name'</command></para>
<para>For example, running :</para>
<para><command>nmblookup -U samba.org -R 'IRIX#1B'</command></para>
<para>would query the WINS server samba.org for the domain
master browser (1B name type) for the IRIX workgroup.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>, and <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook
XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

410
docs-xml/manpages-3/ntlm_auth.1.xml Normal file
View File

@ -0,0 +1,410 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="ntlm-auth.1">
<refmeta>
<refentrytitle>ntlm_auth</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>ntlm_auth</refname>
<refpurpose>tool to allow external access to Winbind's NTLM authentication function</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>ntlm_auth</command>
<arg choice="opt">-d debuglevel</arg>
<arg choice="opt">-l logdir</arg>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>ntlm_auth</command> is a helper utility that authenticates
users using NT/LM authentication. It returns 0 if the users is authenticated
successfully and 1 if access was denied. ntlm_auth uses winbind to access
the user and authentication data for a domain. This utility
is only indended to be used by other programs (currently
<ulink url="http://www.squid-cache.org/">Squid</ulink>
and <ulink url="http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/">mod_ntlm_winbind</ulink>)
</para>
</refsect1>
<refsect1>
<title>OPERATIONAL REQUIREMENTS</title>
<para>
The <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon must be operational
for many of these commands to function.</para>
<para>Some of these commands also require access to the directory
<filename>winbindd_privileged</filename> in
<filename>$LOCKDIR</filename>. This should be done either by running
this command as root or providing group access
to the <filename>winbindd_privileged</filename> directory. For
security reasons, this directory should not be world-accessable. </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>--helper-protocol=PROTO</term>
<listitem><para>
Operate as a stdio-based helper. Valid helper protocols are:
</para>
<variablelist>
<varlistentry>
<term>squid-2.4-basic</term>
<listitem><para>
Server-side helper for use with Squid 2.4's basic (plaintext)
authentication. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>squid-2.5-basic</term>
<listitem><para>
Server-side helper for use with Squid 2.5's basic (plaintext)
authentication. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>squid-2.5-ntlmssp</term>
<listitem><para>
Server-side helper for use with Squid 2.5's NTLMSSP
authentication. </para>
<para>Requires access to the directory
<filename>winbindd_privileged</filename> in
<filename>$LOCKDIR</filename>. The protocol used is
described here: <ulink
url="http://devel.squid-cache.org/ntlm/squid_helper_protocol.html">http://devel.squid-cache.org/ntlm/squid_helper_protocol.html</ulink>.
This protocol has been extended to allow the
NTLMSSP Negotiate packet to be included as an argument
to the <command>YR</command> command. (Thus avoiding
loss of information in the protocol exchange).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ntlmssp-client-1</term>
<listitem><para>
Client-side helper for use with arbitrary external
programs that may wish to use Samba's NTLMSSP
authentication knowledge. </para>
<para>This helper is a client, and as such may be run by any
user. The protocol used is
effectively the reverse of the previous protocol. A
<command>YR</command> command (without any arguments)
starts the authentication exchange.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>gss-spnego</term>
<listitem><para>
Server-side helper that implements GSS-SPNEGO. This
uses a protocol that is almost the same as
<command>squid-2.5-ntlmssp</command>, but has some
subtle differences that are undocumented outside the
source at this stage.
</para>
<para>Requires access to the directory
<filename>winbindd_privileged</filename> in
<filename>$LOCKDIR</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>gss-spnego-client</term>
<listitem><para>
Client-side helper that implements GSS-SPNEGO. This
also uses a protocol similar to the above helpers, but
is currently undocumented.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>ntlm-server-1</term>
<listitem><para>
Server-side helper protocol, intended for use by a
RADIUS server or the 'winbind' plugin for pppd, for
the provision of MSCHAP and MSCHAPv2 authentication.
</para>
<para>This protocol consists of lines in the form:
<command>Parameter: value</command> and <command>Parameter::
Base64-encode value</command>. The presence of a single
period <command>.</command> indicates that one side has
finished supplying data to the other. (Which in turn
could cause the helper to authenticate the
user). </para>
<para>Curently implemented parameters from the
external program to the helper are:</para>
<variablelist>
<varlistentry>
<term>Username</term>
<listitem><para>The username, expected to be in
Samba's <smbconfoption name="unix charset"/>.
</para>
<para><example>Username: bob</example></para>
<para><example>Username:: Ym9i</example></para>
</listitem></varlistentry>
<varlistentry>
<term>Username</term>
<listitem><para>The user's domain, expected to be in
Samba's <smbconfoption name="unix charset"/>.
</para>
<para><example>Domain: WORKGROUP</example></para>
<para><example>Domain:: V09SS0dST1VQ</example></para>
</listitem></varlistentry>
<varlistentry>
<term>Full-Username</term>
<listitem><para>The fully qualified username, expected to be in
Samba's <smbconfoption><name>unix
charset</name></smbconfoption> and qualified with the
<smbconfoption name="winbind separator"/>.
</para>
<para><example>Full-Username: WORKGROUP\bob</example></para>
<para><example>Full-Username:: V09SS0dST1VQYm9i</example></para>
</listitem></varlistentry>
<varlistentry>
<term>LANMAN-Challenge</term>
<listitem><para>The 8 byte <command>LANMAN Challenge</command> value,
generated randomly by the server, or (in cases such as
MSCHAPv2) generated in some way by both the server and
the client.
</para>
<para><example>LANMAN-Challege: 0102030405060708</example></para>
</listitem></varlistentry>
<varlistentry>
<term>LANMAN-Response</term>
<listitem><para>The 24 byte <command>LANMAN Response</command> value,
calculated from the user's password and the supplied
<command>LANMAN Challenge</command>. Typically, this
is provided over the network by a client wishing to authenticate.
</para>
<para><example>LANMAN-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</example></para>
</listitem></varlistentry>
<varlistentry>
<term>NT-Response</term>
<listitem><para>The >= 24 byte <command>NT Response</command>
calculated from the user's password and the supplied
<command>LANMAN Challenge</command>. Typically, this is
provided over the network by a client wishing to authenticate.
</para>
<para><example>NT-Response: 0102030405060708090A0B0C0D0E0F101112131415161718</example></para>
</listitem></varlistentry>
<varlistentry>
<term>Password</term>
<listitem><para>The user's password. This would be
provided by a network client, if the helper is being
used in a legacy situation that exposes plaintext
passwords in this way.
</para>
<para><example>Password: samba2</example></para>
<para><example>Password:: c2FtYmEy</example></para>
</listitem></varlistentry>
<varlistentry>
<term>Request-User-Session-Key</term>
<listitem><para>Apon sucessful authenticaiton, return
the user session key associated with the login.
</para>
<para><example>Request-User-Session-Key: Yes</example></para>
</listitem></varlistentry>
<varlistentry>
<term>Request-LanMan-Session-Key</term>
<listitem><para>Apon sucessful authenticaiton, return
the LANMAN session key associated with the login.
</para>
<para><example>Request-LanMan-Session-Key: Yes</example></para>
</listitem></varlistentry>
<para><warning>Implementors should take care to base64 encode
any data (such as usernames/passwords) that may contain malicous user data, such as
a newline. They may also need to decode strings from
the helper, which likewise may have been base64 encoded.</warning></para>
</variablelist>
</listitem>
</varlistentry>
</variablelist>
</listitem>
</varlistentry>
<varlistentry>
<term>--username=USERNAME</term>
<listitem><para>
Specify username of user to authenticate
</para></listitem>
</varlistentry>
<varlistentry>
<term>--domain=DOMAIN</term>
<listitem><para>
Specify domain of user to authenticate
</para></listitem>
</varlistentry>
<varlistentry>
<term>--workstation=WORKSTATION</term>
<listitem><para>
Specify the workstation the user authenticated from
</para></listitem>
</varlistentry>
<varlistentry>
<term>--challenge=STRING</term>
<listitem><para>NTLM challenge (in HEXADECIMAL)</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--lm-response=RESPONSE</term>
<listitem><para>LM Response to the challenge (in HEXADECIMAL)</para></listitem>
</varlistentry>
<varlistentry>
<term>--nt-response=RESPONSE</term>
<listitem><para>NT or NTLMv2 Response to the challenge (in HEXADECIMAL)</para></listitem>
</varlistentry>
<varlistentry>
<term>--password=PASSWORD</term>
<listitem><para>User's plaintext password</para><para>If
not specified on the command line, this is prompted for when
required. </para>
<para>For the NTLMSSP based server roles, this parameter
specifies the expected password, allowing testing without
winbindd operational.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--request-lm-key</term>
<listitem><para>Retreive LM session key</para></listitem>
</varlistentry>
<varlistentry>
<term>--request-nt-key</term>
<listitem><para>Request NT key</para></listitem>
</varlistentry>
<varlistentry>
<term>--diagnostics</term>
<listitem><para>Perform Diagnostics on the authentication
chain. Uses the password from <command>--password</command>
or prompts for one.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>--require-membership-of={SID|Name}</term>
<listitem><para>Require that a user be a member of specified
group (either name or SID) for authentication to succeed.</para>
</listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLE SETUP</title>
<para>To setup ntlm_auth for use by squid 2.5, with both basic and
NTLMSSP authentication, the following
should be placed in the <filename>squid.conf</filename> file.
<programlisting>
auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
</programlisting></para>
<note><para>This example assumes that ntlm_auth has been installed into your
path, and that the group permissions on
<filename>winbindd_privileged</filename> are as described above.</para></note>
<para>To setup ntlm_auth for use by squid 2.5 with group limitation in addition to the above
example, the following should be added to the <filename>squid.conf</filename> file.
<programlisting>
auth_param ntlm program ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of='WORKGROUP\Domain Users'
auth_param basic program ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of='WORKGROUP\Domain Users'
</programlisting></para>
</refsect1>
<refsect1>
<title>TROUBLESHOOTING</title>
<para>If you're experiencing problems with authenticating Internet Explorer running
under MS Windows 9X or Millenium Edition against ntlm_auth's NTLMSSP authentication
helper (--helper-protocol=squid-2.5-ntlmssp), then please read
<ulink url="http://support.microsoft.com/support/kb/articles/Q239/8/69.ASP">
the Microsoft Knowledge Base article #239869 and follow instructions described there</ulink>.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba
suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The ntlm_auth manpage was written by Jelmer Vernooij and
Andrew Bartlett.</para>
</refsect1>
</refentry>

173
docs-xml/manpages-3/pam_winbind.7.xml Normal file
View File

@ -0,0 +1,173 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="pam_winbind.7">
<refmeta>
<refentrytitle>pam_winbind</refentrytitle>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">7</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>pam_winbind</refname>
<refpurpose>PAM module for Winbind</refpurpose>
</refnamediv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>
pam_winbind is a PAM module that can authenticate users against the local domain by talking to the Winbind daemon.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>
pam_winbind supports several options which can either be set in
the PAM configuration files or in the pam_winbind configuration
file situated at
<filename>/etc/security/pam_winbind.conf</filename>. Options
from the PAM configuration file take precedence to those from
the configuration file.
<variablelist>
<varlistentry>
<term>debug</term>
<listitem><para>Gives debugging output to syslog.</para></listitem>
</varlistentry>
<varlistentry>
<term>debug_state</term>
<listitem><para>Gives detailed PAM state debugging output to syslog.</para></listitem>
</varlistentry>
<varlistentry>
<term>require_membership_of=[SID or NAME]</term>
<listitem><para>
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\\mygroup</parameter> or
<parameter>MYDOMAIN\\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
user is a member of with <command>wbinfo --user-sids=SID</command>.
</para></listitem>
</varlistentry>
<varlistentry>
<term>try_first_pass</term>
<listitem><para></para></listitem>
</varlistentry>
<varlistentry>
<term>use_first_pass</term>
<listitem><para>
By default, pam_winbind tries to get the authentication token from a previous module. If no token is available
it asks the user for the old password. With this option, pam_winbind aborts with an error if no authentication
token from a previous module is available.
</para></listitem>
</varlistentry>
<varlistentry>
<term>use_authtok</term>
<listitem><para>
Set the new password to the one provided by the previously stacked password module. If this option is not set
pam_winbind will ask the user for the new password.
</para></listitem>
</varlistentry>
<varlistentry>
<term>krb5_auth</term>
<listitem><para>
pam_winbind can authenticate using Kerberos when winbindd is
talking to an Active Directory domain controller. Kerberos
authentication must be enabled with this parameter. When
Kerberos authentication can not succeed (e.g. due to clock
skew), winbindd will fallback to samlogon authentication over
MSRPC. When this parameter is used in conjunction with
<parameter>winbind refresh tickets</parameter>, winbind will
keep your Ticket Granting Ticket (TGT) uptodate by refreshing
it whenever necessary.
</para></listitem>
</varlistentry>
<varlistentry>
<term>krb5_ccache_type=[type]</term>
<listitem><para>
When pam_winbind is configured to try kerberos authentication
by enabling the <parameter>krb5_auth</parameter> option, it can
store the retrieved Ticket Granting Ticket (TGT) in a
credential cache. The type of credential cache can be set with
this option. Currently the only supported value is:
<parameter>FILE</parameter>. In that case a credential cache in
the form of /tmp/krb5cc_UID will be created, where UID is
replaced with the numeric user id. Leave empty to just do
kerberos authentication without having a ticket cache after the
logon has succeeded.
</para></listitem>
</varlistentry>
<varlistentry>
<term>cached_login</term>
<listitem><para>
Winbind allows to logon using cached credentials when <parameter>winbind offline logon</parameter> is enabled. To use this feature from the PAM module this option must be set.
</para></listitem>
</varlistentry>
<varlistentry>
<term>silent</term>
<listitem><para>
Do not emit any messages.
</para></listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>wbinfo</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of Samba.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by
the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
</para>
<para>This manpage was written by Jelmer Vernooij and Guenther Deschner.</para>
</refsect1>
</refentry>

456
docs-xml/manpages-3/pdbedit.8.xml Normal file
View File

@ -0,0 +1,456 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="pdbedit.8">
<refmeta>
<refentrytitle>pdbedit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>pdbedit</refname>
<refpurpose>manage the SAM database (Database of Samba Users)</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>pdbedit</command>
<arg choice="opt">-L</arg>
<arg choice="opt">-v</arg>
<arg choice="opt">-w</arg>
<arg choice="opt">-u username</arg>
<arg choice="opt">-f fullname</arg>
<arg choice="opt">-h homedir</arg>
<arg choice="opt">-D drive</arg>
<arg choice="opt">-S script</arg>
<arg choice="opt">-p profile</arg>
<arg choice="opt">-a</arg>
<arg choice="opt">-t, --password-from-stdin</arg>
<arg choice="opt">-m</arg>
<arg choice="opt">-r</arg>
<arg choice="opt">-x</arg>
<arg choice="opt">-i passdb-backend</arg>
<arg choice="opt">-e passdb-backend</arg>
<arg choice="opt">-b passdb-backend</arg>
<arg choice="opt">-g</arg>
<arg choice="opt">-d debuglevel</arg>
<arg choice="opt">-s configfile</arg>
<arg choice="opt">-P account-policy</arg>
<arg choice="opt">-C value</arg>
<arg choice="opt">-c account-control</arg>
<arg choice="opt">-y</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The pdbedit program is used to manage the users accounts
stored in the sam database and can only be run by root.</para>
<para>The pdbedit tool uses the passdb modular interface and is
independent from the kind of users database used (currently there
are smbpasswd, ldap, nis+ and tdb based and more can be added
without changing the tool).</para>
<para>There are five main ways to use pdbedit: adding a user account,
removing a user account, modifing a user account, listing user
accounts, importing users accounts.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-L</term>
<listitem><para>This option lists all the user accounts
present in the users database.
This option prints a list of user/uid pairs separated by
the ':' character.</para>
<para>Example: <command>pdbedit -L</command></para>
<para><programlisting>
sorce:500:Simo Sorce
samba:45:Test User
</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<listitem><para>This option enables the verbose listing format.
It causes pdbedit to list the users in the database, printing
out the account fields in a descriptive format.</para>
<para>Example: <command>pdbedit -L -v</command></para>
<para><programlisting>
---------------
username: sorce
user ID/Group: 500/500
user RID/GRID: 2000/2001
Full Name: Simo Sorce
Home Directory: \\BERSERKER\sorce
HomeDir Drive: H:
Logon Script: \\BERSERKER\netlogon\sorce.bat
Profile Path: \\BERSERKER\profile
---------------
username: samba
user ID/Group: 45/45
user RID/GRID: 1090/1091
Full Name: Test User
Home Directory: \\BERSERKER\samba
HomeDir Drive:
Logon Script:
Profile Path: \\BERSERKER\profile
</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-w</term>
<listitem><para>This option sets the "smbpasswd" listing format.
It will make pdbedit list the users in the database, printing
out the account fields in a format compatible with the
<filename>smbpasswd</filename> file format. (see the
<citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details)</para>
<para>Example: <command>pdbedit -L -w</command></para>
<programlisting>
sorce:500:508818B733CE64BEAAD3B435B51404EE:
D2A2418EFC466A8A0F6B1DBB5C3DB80C:
[UX ]:LCT-00000000:
samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:
BC281CE3F53B6A5146629CD4751D3490:
[UX ]:LCT-3BFA1E8D:
</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>-u username</term>
<listitem><para>This option specifies the username to be
used for the operation requested (listing, adding, removing).
It is <emphasis>required</emphasis> in add, remove and modify
operations and <emphasis>optional</emphasis> in list
operations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f fullname</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's full
name. </para>
<para>Example: <command>-f "Simo Sorce"</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-h homedir</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's home
directory network path.</para>
<para>Example: <command>-h "\\\\BERSERKER\\sorce"</command>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-D drive</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the windows drive
letter to be used to map the home directory.</para>
<para>Example: <command>-D "H:"</command>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-S script</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's logon
script path.</para>
<para>Example: <command>-S "\\\\BERSERKER\\netlogon\\sorce.bat"</command>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p profile</term>
<listitem><para>This option can be used while adding or
modifing a user account. It will specify the user's profile
directory.</para>
<para>Example: <command>-p "\\\\BERSERKER\\netlogon"</command>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-G SID|rid</term>
<listitem><para>
This option can be used while adding or modifying a user account. It
will specify the users' new primary group SID (Security Identifier) or
rid. </para>
<para>Example: <command>-G S-1-5-21-2447931902-1787058256-3961074038-1201</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-U SID|rid</term>
<listitem><para>
This option can be used while adding or modifying a user account. It
will specify the users' new SID (Security Identifier) or
rid. </para>
<para>Example: <command>-U S-1-5-21-2447931902-1787058256-3961074038-5004</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-c account-control</term>
<listitem><para>This option can be used while adding or modifying a user
account. It will specify the users' account control property. Possible flags are listed below.
</para>
<para>
<itemizedlist>
<listitem><para>N: No password required</para></listitem>
<listitem><para>D: Account disabled</para></listitem>
<listitem><para>H: Home directory required</para></listitem>
<listitem><para>T: Temporary duplicate of other account</para></listitem>
<listitem><para>U: Regular user account</para></listitem>
<listitem><para>M: MNS logon user account</para></listitem>
<listitem><para>W: Workstation Trust Account</para></listitem>
<listitem><para>S: Server Trust Account</para></listitem>
<listitem><para>L: Automatic Locking</para></listitem>
<listitem><para>X: Password does not expire</para></listitem>
<listitem><para>I: Domain Trust Account</para></listitem>
</itemizedlist>
</para>
<para>Example: <command>-c "[X ]"</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-a</term>
<listitem><para>This option is used to add a user into the
database. This command needs a user name specified with
the -u switch. When adding a new user, pdbedit will also
ask for the password to be used.</para>
<para>Example: <command>pdbedit -a -u sorce</command>
<programlisting>new password:
retype new password
</programlisting>
</para>
<note><para>pdbedit does not call the unix password syncronisation
script if <smbconfoption name="unix password sync"/>
has been set. It only updates the data in the Samba
user database.
</para>
<para>If you wish to add a user and synchronise the password
that immediately, use <command>smbpasswd</command>'s <option>-a</option> option.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry>
<term>-t, --password-from-stdin</term>
<listitem><para>This option causes pdbedit to read the password
from standard input, rather than from /dev/tty (like the
<command>passwd(1)</command> program does). The password has
to be submitted twice and terminated by a newline each.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r</term>
<listitem><para>This option is used to modify an existing user
in the database. This command needs a user name specified with the -u
switch. Other options can be specified to modify the properties of
the specified user. This flag is kept for backwards compatibility, but
it is no longer necessary to specify it.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-m</term>
<listitem><para>This option may only be used in conjunction
with the <parameter>-a</parameter> option. It will make
pdbedit to add a machine trust account instead of a user
account (-u username will provide the machine name).</para>
<para>Example: <command>pdbedit -a -m -u w2k-wks</command>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-x</term>
<listitem><para>This option causes pdbedit to delete an account
from the database. It needs a username specified with the
-u switch.</para>
<para>Example: <command>pdbedit -x -u bob</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-i passdb-backend</term>
<listitem><para>Use a different passdb backend to retrieve users
than the one specified in smb.conf. Can be used to import data into
your local user database.</para>
<para>This option will ease migration from one passdb backend to
another.</para>
<para>Example: <command>pdbedit -i smbpasswd:/etc/smbpasswd.old
</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-e passdb-backend</term>
<listitem><para>Exports all currently available users to the
specified password database backend.</para>
<para>This option will ease migration from one passdb backend to
another and will ease backing up.</para>
<para>Example: <command>pdbedit -e smbpasswd:/root/samba-users.backup</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-g</term>
<listitem><para>If you specify <parameter>-g</parameter>,
then <parameter>-i in-backend -e out-backend</parameter>
applies to the group mapping instead of the user database.</para>
<para>This option will ease migration from one passdb backend to
another and will ease backing up.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-b passdb-backend</term>
<listitem><para>Use a different default passdb backend. </para>
<para>Example: <command>pdbedit -b xml:/root/pdb-backup.xml -l</command></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-P account-policy</term>
<listitem><para>Display an account policy</para>
<para>Valid policies are: minimum password age, reset count minutes, disconnect time,
user must logon to change password, password history, lockout duration, min password length,
maximum password age and bad lockout attempt.</para>
<para>Example: <command>pdbedit -P "bad lockout attempt"</command></para>
<para><programlisting>
account policy value for bad lockout attempt is 0
</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-C account-policy-value</term>
<listitem><para>Sets an account policy to a specified value.
This option may only be used in conjunction
with the <parameter>-P</parameter> option.
</para>
<para>Example: <command>pdbedit -P "bad lockout attempt" -C 3</command></para>
<para><programlisting>
account policy value for bad lockout attempt was 0
account policy value for bad lockout attempt is now 3
</programlisting></para>
</listitem>
</varlistentry>
<varlistentry>
<term>-y</term>
<listitem><para>If you specify <parameter>-y</parameter>,
then <parameter>-i in-backend -e out-backend</parameter>
applies to the account policies instead of the user database.</para>
<para>This option will allow to migrate account policies from their default
tdb-store into a passdb backend, e.g. an LDAP directory server.</para>
<para>Example: <command>pdbedit -y -i tdbsam: -e ldapsam:ldap://my.ldap.host</command></para>
</listitem>
</varlistentry>
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
</variablelist>
</refsect1>
<refsect1>
<title>NOTES</title>
<para>This command may be used only by root.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The pdbedit manpage was written by Simo Sorce and Jelmer Vernooij.</para>
</refsect1>
</refentry>

88
docs-xml/manpages-3/profiles.1.xml Normal file
View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="profiles.1">
<refmeta>
<refentrytitle>profiles</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>profiles</refname>
<refpurpose>A utility to report and change SIDs in registry files
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>profiles</command>
<arg choice="opt">-v</arg>
<arg choice="opt">-c SID</arg>
<arg choice="opt">-n SID</arg>
<arg choice="req">file</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>profiles</command> is a utility that
reports and changes SIDs in windows registry files. It currently only
supports NT.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>file</term>
<listitem><para>Registry file to view or edit. </para></listitem>
</varlistentry>
<varlistentry>
<term>-v,--verbose</term>
<listitem><para>Increases verbosity of messages.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-c SID1 -n SID2</term>
<listitem><para>Change all occurences of SID1 in <filename>file</filename> by SID2.
</para></listitem>
</varlistentry>
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba
suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The profiles man page was written by Jelmer Vernooij. </para>
</refsect1>
</refentry>

487
docs-xml/manpages-3/rpcclient.1.xml Normal file
View File

@ -0,0 +1,487 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="rpcclient.1">
<refmeta>
<refentrytitle>rpcclient</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>rpcclient</refname>
<refpurpose>tool for executing client side
MS-RPC functions</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>rpcclient</command>
<arg choice="opt">-A authfile</arg>
<arg choice="opt">-c &lt;command string&gt;</arg>
<arg choice="opt">-d debuglevel</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-l logdir</arg>
<arg choice="opt">-N</arg>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
<arg choice="opt">-U username[%password]</arg>
<arg choice="opt">-W workgroup</arg>
<arg choice="opt">-N</arg>
<arg choice="opt">-I destinationIP</arg>
<arg choice="req">server</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>rpcclient</command> is a utility initially developed
to test MS-RPC functionality in Samba itself. It has undergone
several stages of development and stability. Many system administrators
have now written scripts around it to manage Windows NT clients from
their UNIX workstation. </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>server</term>
<listitem><para>NetBIOS name of Server to which to connect.
The server can be any SMB/CIFS server. The name is
resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.</para></listitem>
</varlistentry>
<varlistentry>
<term>-c|--command='command string'</term>
<listitem><para>execute semicolon separated commands (listed
below)) </para></listitem>
</varlistentry>
<varlistentry>
<term>-I IP-address</term>
<listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation. </para>
<para>Normally the client would attempt to locate a named
SMB/CIFS server by looking it up via the NetBIOS name resolution
mechanism described above in the <parameter>name resolve order</parameter>
parameter above. Using this parameter will force the client
to assume that the server is on the machine with the specified IP
address and the NetBIOS name component of the resource being
connected to will be ignored. </para>
<para>There is no default for this parameter. If not supplied,
it will be determined automatically by the client as described
above. </para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
&popt.common.credentials;
&popt.common.connection;
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>COMMANDS</title>
<refsect2>
<title>LSARPC</title>
<variablelist>
<varlistentry><term>lsaquery</term><listitem><para>Query info policy</para></listitem></varlistentry>
<varlistentry><term>lookupsids</term><listitem><para>Resolve a list
of SIDs to usernames.
</para></listitem></varlistentry>
<varlistentry><term>lookupnames</term><listitem><para>Resolve a list
of usernames to SIDs.
</para></listitem></varlistentry>
<varlistentry><term>enumtrusts</term><listitem><para>Enumerate trusted domains</para></listitem></varlistentry>
<varlistentry><term>enumprivs</term><listitem><para>Enumerate privileges</para></listitem></varlistentry>
<varlistentry><term>getdispname</term><listitem><para>Get the privilege name</para></listitem></varlistentry>
<varlistentry><term>lsaenumsid</term><listitem><para>Enumerate the LSA SIDS</para></listitem></varlistentry>
<varlistentry><term>lsaenumprivsaccount</term><listitem><para>Enumerate the privileges of an SID</para></listitem></varlistentry>
<varlistentry><term>lsaenumacctrights</term><listitem><para>Enumerate the rights of an SID</para></listitem></varlistentry>
<varlistentry><term>lsaenumacctwithright</term><listitem><para>Enumerate accounts with a right</para></listitem></varlistentry>
<varlistentry><term>lsaaddacctrights</term><listitem><para>Add rights to an account</para></listitem></varlistentry>
<varlistentry><term>lsaremoveacctrights</term><listitem><para>Remove rights from an account</para></listitem></varlistentry>
<varlistentry><term>lsalookupprivvalue</term><listitem><para>Get a privilege value given its name</para></listitem></varlistentry>
<varlistentry><term>lsaquerysecobj</term><listitem><para>Query LSA security object</para></listitem></varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>LSARPC-DS</title>
<variablelist>
<varlistentry><term>dsroledominfo</term><listitem><para>Get Primary Domain Information</para></listitem></varlistentry>
</variablelist>
<para> </para>
<para><emphasis>DFS</emphasis></para>
<variablelist>
<varlistentry><term>dfsexist</term><listitem><para>Query DFS support</para></listitem></varlistentry>
<varlistentry><term>dfsadd</term><listitem><para>Add a DFS share</para></listitem></varlistentry>
<varlistentry><term>dfsremove</term><listitem><para>Remove a DFS share</para></listitem></varlistentry>
<varlistentry><term>dfsgetinfo</term><listitem><para>Query DFS share info</para></listitem></varlistentry>
<varlistentry><term>dfsenum</term><listitem><para>Enumerate dfs shares</para></listitem></varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>REG</title>
<variablelist>
<varlistentry><term>shutdown</term><listitem><para>Remote Shutdown</para></listitem></varlistentry>
<varlistentry><term>abortshutdown</term><listitem><para>Abort Shutdown</para></listitem></varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>SRVSVC</title>
<variablelist>
<varlistentry><term>srvinfo</term><listitem><para>Server query info</para></listitem></varlistentry>
<varlistentry><term>netshareenum</term><listitem><para>Enumerate shares</para></listitem></varlistentry>
<varlistentry><term>netfileenum</term><listitem><para>Enumerate open files</para></listitem></varlistentry>
<varlistentry><term>netremotetod</term><listitem><para>Fetch remote time of day</para></listitem></varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>SAMR</title>
<variablelist>
<varlistentry><term>queryuser</term><listitem><para>Query user info</para></listitem></varlistentry>
<varlistentry><term>querygroup</term><listitem><para>Query group info</para></listitem></varlistentry>
<varlistentry><term>queryusergroups</term><listitem><para>Query user groups</para></listitem></varlistentry>
<varlistentry><term>querygroupmem</term><listitem><para>Query group membership</para></listitem></varlistentry>
<varlistentry><term>queryaliasmem</term><listitem><para>Query alias membership</para></listitem></varlistentry>
<varlistentry><term>querydispinfo</term><listitem><para>Query display info</para></listitem></varlistentry>
<varlistentry><term>querydominfo</term><listitem><para>Query domain info</para></listitem></varlistentry>
<varlistentry><term>enumdomusers</term><listitem><para>Enumerate domain users</para></listitem></varlistentry>
<varlistentry><term>enumdomgroups</term><listitem><para>Enumerate domain groups</para></listitem></varlistentry>
<varlistentry><term>enumalsgroups</term><listitem><para>Enumerate alias groups</para></listitem></varlistentry>
<varlistentry><term>createdomuser</term><listitem><para>Create domain user</para></listitem></varlistentry>
<varlistentry><term>samlookupnames</term><listitem><para>Look up names</para></listitem></varlistentry>
<varlistentry><term>samlookuprids</term><listitem><para>Look up names</para></listitem></varlistentry>
<varlistentry><term>deletedomuser</term><listitem><para>Delete domain user</para></listitem></varlistentry>
<varlistentry><term>samquerysecobj</term><listitem><para>Query SAMR security object</para></listitem></varlistentry>
<varlistentry><term>getdompwinfo</term><listitem><para>Retrieve domain password info</para></listitem></varlistentry>
<varlistentry><term>lookupdomain</term><listitem><para>Look up domain</para></listitem></varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>SPOOLSS</title>
<variablelist>
<varlistentry><term>adddriver &lt;arch&gt; &lt;config&gt; [&lt;version&gt;]</term>
<listitem><para>
Execute an AddPrinterDriver() RPC to install the printer driver
information on the server. Note that the driver files should
already exist in the directory returned by
<command>getdriverdir</command>. Possible values for
<parameter>arch</parameter> are the same as those for
the <command>getdriverdir</command> command.
The <parameter>config</parameter> parameter is defined as
follows: </para>
<para><programlisting>
Long Printer Name:\
Driver File Name:\
Data File Name:\
Config File Name:\
Help File Name:\
Language Monitor Name:\
Default Data Type:\
Comma Separated list of Files
</programlisting></para>
<para>Any empty fields should be enter as the string "NULL". </para>
<para>Samba does not need to support the concept of Print Monitors
since these only apply to local printers whose driver can make
use of a bi-directional link for communication. This field should
be "NULL". On a remote NT print server, the Print Monitor for a
driver must already be installed prior to adding the driver or
else the RPC will fail. </para>
<para>The <parameter>version</parameter> parameter lets you
specify the printer driver version number. If omitted, the
default driver version for the specified architecture will
be used. This option can be used to upload Windows 2000
(version 3) printer drivers.</para></listitem></varlistentry>
<varlistentry><term>addprinter &lt;printername&gt;
&lt;sharename&gt; &lt;drivername&gt; &lt;port&gt;</term>
<listitem><para>
Add a printer on the remote server. This printer
will be automatically shared. Be aware that the printer driver
must already be installed on the server (see <command>adddriver</command>)
and the <parameter>port</parameter>must be a valid port name (see
<command>enumports</command>.</para>
</listitem></varlistentry>
<varlistentry><term>deldriver</term><listitem><para>Delete the
specified printer driver for all architectures. This
does not delete the actual driver files from the server,
only the entry from the server's list of drivers.
</para></listitem></varlistentry>
<varlistentry><term>deldriverex &lt;driver&gt; [architecture] [version]
</term><listitem><para>Delete the specified printer driver including driver files.
You can limit this action to a specific architecture and a specific version.
If no architecure is given, all driver files of that driver will be deleted.
</para></listitem></varlistentry>
<varlistentry><term>enumdata</term><listitem><para>Enumerate all
printer setting data stored on the server. On Windows NT clients,
these values are stored in the registry, while Samba servers
store them in the printers TDB. This command corresponds
to the MS Platform SDK GetPrinterData() function (* This
command is currently unimplemented).</para></listitem></varlistentry>
<varlistentry><term>enumdataex</term><listitem><para>Enumerate printer data for a key</para></listitem></varlistentry>
<varlistentry><term>enumjobs &lt;printer&gt;</term>
<listitem><para>List the jobs and status of a given printer.
This command corresponds to the MS Platform SDK EnumJobs()
function</para></listitem></varlistentry>
<varlistentry><term>enumkey</term><listitem><para>Enumerate
printer keys</para></listitem></varlistentry>
<varlistentry><term>enumports [level]</term>
<listitem><para>
Executes an EnumPorts() call using the specified
info level. Currently only info levels 1 and 2 are supported.
</para></listitem></varlistentry>
<varlistentry><term>enumdrivers [level]</term>
<listitem><para>
Execute an EnumPrinterDrivers() call. This lists the various installed
printer drivers for all architectures. Refer to the MS Platform SDK
documentation for more details of the various flags and calling
options. Currently supported info levels are 1, 2, and 3.</para></listitem></varlistentry>
<varlistentry><term>enumprinters [level]</term>
<listitem><para>Execute an EnumPrinters() call. This lists the various installed
and share printers. Refer to the MS Platform SDK documentation for
more details of the various flags and calling options. Currently
supported info levels are 1, 2 and 5.</para></listitem></varlistentry>
<varlistentry><term>getdata &lt;printername&gt; &lt;valuename;&gt;</term>
<listitem><para>Retrieve the data for a given printer setting. See
the <command>enumdata</command> command for more information.
This command corresponds to the GetPrinterData() MS Platform
SDK function. </para></listitem></varlistentry>
<varlistentry><term>getdataex</term><listitem><para>Get
printer driver data with
keyname</para></listitem></varlistentry>
<varlistentry><term>getdriver &lt;printername&gt;</term>
<listitem><para>
Retrieve the printer driver information (such as driver file,
config file, dependent files, etc...) for
the given printer. This command corresponds to the GetPrinterDriver()
MS Platform SDK function. Currently info level 1, 2, and 3 are supported.
</para></listitem></varlistentry>
<varlistentry><term>getdriverdir &lt;arch&gt;</term>
<listitem><para>
Execute a GetPrinterDriverDirectory()
RPC to retrieve the SMB share name and subdirectory for
storing printer driver files for a given architecture. Possible
values for <parameter>arch</parameter> are "Windows 4.0"
(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows
Alpha_AXP", and "Windows NT R4000". </para></listitem></varlistentry>
<varlistentry><term>getprinter &lt;printername&gt;</term>
<listitem><para>Retrieve the current printer information. This command
corresponds to the GetPrinter() MS Platform SDK function.
</para></listitem></varlistentry>
<varlistentry><term>getprintprocdir</term><listitem><para>Get
print processor
directory</para></listitem></varlistentry>
<varlistentry><term>openprinter &lt;printername&gt;</term>
<listitem><para>Execute an OpenPrinterEx() and ClosePrinter() RPC
against a given printer. </para></listitem></varlistentry>
<varlistentry><term>setdriver &lt;printername&gt;
&lt;drivername&gt;</term>
<listitem><para>Execute a SetPrinter() command to update the printer driver
associated with an installed printer. The printer driver must
already be correctly installed on the print server. </para>
<para>See also the <command>enumprinters</command> and
<command>enumdrivers</command> commands for obtaining a list of
of installed printers and drivers.</para></listitem></varlistentry>
<varlistentry><term>addform</term><listitem><para>Add form</para></listitem></varlistentry>
<varlistentry><term>setform</term><listitem><para>Set form</para></listitem></varlistentry>
<varlistentry><term>getform</term><listitem><para>Get form</para></listitem></varlistentry>
<varlistentry><term>deleteform</term><listitem><para>Delete form</para></listitem></varlistentry>
<varlistentry><term>enumforms</term><listitem><para>Enumerate form</para></listitem></varlistentry>
<varlistentry><term>setprinter</term><listitem><para>Set printer comment</para></listitem></varlistentry>
<varlistentry><term>setprinterdata</term><listitem><para>Set REG_SZ printer data</para></listitem></varlistentry>
<varlistentry><term>setprintername &lt;printername&gt;
&lt;newprintername&gt;</term>
<listitem><para>Set printer name</para></listitem></varlistentry>
<varlistentry><term>rffpcnex</term><listitem><para>Rffpcnex test</para></listitem></varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>NETLOGON</title>
<variablelist>
<varlistentry><term>logonctrl2</term>
<listitem><para>Logon Control 2</para></listitem>
</varlistentry>
<varlistentry><term>logonctrl</term>
<listitem><para>Logon Control</para></listitem>
</varlistentry>
<varlistentry><term>samsync</term>
<listitem><para>Sam Synchronisation</para></listitem>
</varlistentry>
<varlistentry><term>samdeltas</term>
<listitem><para>Query Sam Deltas</para></listitem>
</varlistentry>
<varlistentry><term>samlogon</term>
<listitem><para>Sam Logon</para></listitem>
</varlistentry>
</variablelist>
</refsect2>
<refsect2>
<title>GENERAL COMMANDS</title>
<variablelist>
<varlistentry><term>debuglevel</term><listitem><para>Set the current
debug level used to log information.</para></listitem></varlistentry>
<varlistentry><term>help (?)</term><listitem><para>Print a listing of all
known commands or extended help on a particular command.
</para></listitem></varlistentry>
<varlistentry><term>quit (exit)</term><listitem><para>Exit <command>rpcclient
</command>.</para></listitem></varlistentry>
</variablelist>
</refsect2>
</refsect1>
<refsect1>
<title>BUGS</title>
<para><command>rpcclient</command> is designed as a developer testing tool
and may not be robust in certain areas (such as command line parsing).
It has been known to generate a core dump upon failures when invalid
parameters where passed to the interpreter. </para>
<para>From Luke Leighton's original rpcclient man page:</para>
<para><emphasis>WARNING!</emphasis> The MSRPC over SMB code has
been developed from examining Network traces. No documentation is
available from the original creators (Microsoft) on how MSRPC over
SMB works, or how the individual MSRPC services work. Microsoft's
implementation of these services has been demonstrated (and reported)
to be... a bit flaky in places. </para>
<para>The development of Samba's implementation is also a bit rough,
and as more of the services are understood, it can even result in
versions of <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>rpcclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> that are incompatible for some commands or services. Additionally,
the developers are sending reports to Microsoft, and problems found
or reported to Microsoft are fixed in Service Packs, which may
result in incompatibilities.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba
suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original rpcclient man page was written by Matthew
Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter.
The conversion to DocBook for Samba 2.2 was done by Gerald
Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was
done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

362
docs-xml/manpages-3/samba.7.xml Normal file
View File

@ -0,0 +1,362 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="samba.7">
<refmeta>
<refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">Miscellanea</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>samba</refname>
<refpurpose>A Windows SMB/CIFS fileserver for UNIX</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis><command>samba</command></cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>The Samba software suite is a collection of programs
that implements the Server Message Block (commonly abbreviated
as SMB) protocol for UNIX systems. This protocol is sometimes
also referred to as the Common Internet File System (CIFS). For a
more thorough description, see <ulink url="http://www.ubiqx.org/cifs/">
http://www.ubiqx.org/cifs/</ulink>. Samba also implements the NetBIOS
protocol in nmbd.</para>
<variablelist>
<varlistentry>
<term><citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para>The <command>smbd</command> daemon provides the file and print services to
SMB clients, such as Windows 95/98, Windows NT, Windows
for Workgroups or LanManager. The configuration file
for this daemon is described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>
</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para>The <command>nmbd</command>
daemon provides NetBIOS nameservice and browsing
support. The configuration file for this daemon
is described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry></para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbclient</command>
program implements a simple ftp-like client. This
is useful for accessing SMB shares on other compatible
servers (such as Windows NT), and can also be used
to allow a UNIX box to print to a printer attached to
any SMB server (such as a PC running Windows NT).</para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>testparm</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>testparm</command>
utility is a simple syntax checker for Samba's <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> configuration file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>testprns</command>
utility supports testing printer names defined
in your <filename>printcap</filename> file used
by Samba.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbstatus</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbstatus</command>
tool provides access to information about the
current connections to <command>smbd</command>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>nmblookup</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>nmblookup</command>
tools allows NetBIOS name queries to be made
from a UNIX host.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para>The <command>smbpasswd</command>
command is a tool for changing LanMan and Windows NT
password hashes on Samba and Windows NT servers.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbcacls</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbcacls</command> command is
a tool to set ACL's on remote CIFS servers. </para>
</listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbsh</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbsh</command> command is
a program that allows you to run a unix shell with
with an overloaded VFS.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbtree</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbtree</command> command
is a text-based network neighborhood tool.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbtar</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>smbtar</command> can make
backups of data on CIFS/SMB servers.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbspool</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para><command>smbspool</command> is a
helper utility for printing on printers connected
to CIFS servers. </para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbcontrol</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>smbcontrol</command> is a utility
that can change the behaviour of running samba daemons.
</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>rpcclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>rpcclient</command> is a utility
that can be used to execute RPC commands on remote
CIFS servers.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>pdbedit</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para>The <command>pdbedit</command> command
can be used to maintain the local user database on
a samba server.</para></listitem></varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>findsmb</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para>The <command>findsmb</command> command
can be used to find SMB servers on the local network.
</para></listitem></varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>net</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para>The <command>net</command> command
is supposed to work similar to the DOS/Windows
NET.EXE command.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>swat</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para><command>swat</command> is a web-based
interface to configuring <filename>smb.conf</filename>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></term>
<listitem><para><command>winbindd</command> is a daemon
that is used for integrating authentication and
the user database into unix.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>wbinfo</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>wbinfo</command> is a utility
that retrieves and stores information related to winbind.
</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>profiles</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>profiles</command> is a command-line
utility that can be used to replace all occurences of
a certain SID with another SID.
</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>log2pcap</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>log2pcap</command> is a utility
for generating pcap trace files from Samba log
files.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>vfstest</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>vfstest</command> is a utility
that can be used to test vfs modules.</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>ntlm_auth</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>ntlm_auth</command> is a helper-utility
for external programs wanting to do NTLM-authentication.
</para></listitem></varlistentry>
<varlistentry>
<term>
<citerefentry><refentrytitle>smbmount</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>smbumount</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>smbmnt</refentrytitle><manvolnum>8</manvolnum></citerefentry></term>
<listitem><para><command>smbmount</command>,<command>smbumount</command> and <command>smbmnt</command> are commands that can be used to
mount CIFS/SMB shares on Linux.
</para></listitem>
</varlistentry>
<varlistentry>
<term><citerefentry><refentrytitle>smbcquotas</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></term>
<listitem><para><command>smbcquotas</command> is a tool that
can set remote QUOTA's on server with NTFS 5. </para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>COMPONENTS</title>
<para>The Samba suite is made up of several components. Each
component is described in a separate manual page. It is strongly
recommended that you read the documentation that comes with Samba
and the manual pages of those components that you use. If the
manual pages and documents aren't clear enough then please visit
<ulink url="http://devel.samba.org/">http://devel.samba.org</ulink>
for information on how to file a bug report or submit a patch.</para>
<para>If you require help, visit the Samba webpage at
<ulink url="http://samba.org/">http://www.samba.org/</ulink> and
explore the many option available to you.
</para>
</refsect1>
<refsect1>
<title>AVAILABILITY</title>
<para>The Samba software suite is licensed under the
GNU Public License(GPL). A copy of that license should
have come with the package in the file COPYING. You are
encouraged to distribute copies of the Samba suite, but
please obey the terms of this license.</para>
<para>The latest version of the Samba suite can be
obtained via anonymous ftp from samba.org in the
directory pub/samba/. It is also available on several
mirror sites worldwide.</para>
<para>You may also find useful information about Samba
on the newsgroup <ulink url="news:comp.protocols.smb">
comp.protocol.smb</ulink> and the Samba mailing
list. Details on how to join the mailing list are given in
the README file that comes with Samba.</para>
<para>If you have access to a WWW viewer (such as Mozilla
or Konqueror) then you will also find lots of useful information,
including back issues of the Samba mailing list, at
<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the
Samba suite. </para>
</refsect1>
<refsect1>
<title>CONTRIBUTIONS</title>
<para>If you wish to contribute to the Samba project,
then I suggest you join the Samba mailing list at
<ulink url="http://lists.samba.org/">http://lists.samba.org</ulink>.
</para>
<para>If you have patches to submit, visit
<ulink url="http://devel.samba.org/">http://devel.samba.org/</ulink>
for information on how to do it properly. We prefer patches
in <command>diff -u</command> format.</para>
</refsect1>
<refsect1>
<title>CONTRIBUTORS</title>
<para>Contributors to the project are now too numerous
to mention here but all deserve the thanks of all Samba
users. To see a full list, look at the
<filename>change-log</filename> in the source package
for the pre-CVS changes and at <ulink
url="http://cvs.samba.org/">
http://cvs.samba.org/</ulink>
for the contributors to Samba post-CVS. CVS is the Open Source
source code control system used by the Samba Team to develop
Samba. The project would have been unmanageable without it.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML
4.2 for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

859
docs-xml/manpages-3/smb.conf.5.xml Normal file
View File

@ -0,0 +1,859 @@
<refentry id="smb.conf.5" xmlns:xi="http://www.w3.org/2003/XInclude"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<refmeta>
<refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smb.conf</refname>
<refpurpose>The configuration file for the Samba suite</refpurpose>
</refnamediv>
<refsect1>
<title>SYNOPSIS</title>
<para>
The <filename moreinfo="none">smb.conf</filename> file is a configuration file for the Samba suite. <filename
moreinfo="none">smb.conf</filename> contains runtime configuration information for the Samba programs. The
<filename moreinfo="none">smb.conf</filename> file is designed to be configured and administered by the
<citerefentry><refentrytitle>swat</refentrytitle> <manvolnum>8</manvolnum></citerefentry> program. The
complete description of the file format and possible parameters held within are here for reference purposes.
</para>
</refsect1>
<refsect1 id="FILEFORMATSECT">
<title>FILE FORMAT</title>
<para>
The file consists of sections and parameters. A section begins with the name of the section in square brackets
and continues until the next section begins. Sections contain parameters of the form:
<programlisting>
<replaceable>name</replaceable> = <replaceable>value </replaceable>
</programlisting>
</para>
<para>
The file is line-based - that is, each newline-terminated line represents either a comment, a section name or
a parameter.
</para>
<para>Section and parameter names are not case sensitive.</para>
<para>
Only the first equals sign in a parameter is significant. Whitespace before or after the first equals sign is
discarded. Leading, trailing and internal whitespace in section and parameter names is irrelevant. Leading
and trailing whitespace in a parameter value is discarded. Internal whitespace within a parameter value is
retained verbatim.
</para>
<para>
Any line beginning with a semicolon (<quote>;</quote>) or a hash (<quote>#</quote>)
character is ignored, as are lines containing only whitespace.
</para>
<para>
Any line ending in a <quote><literal>\</literal></quote> is continued on the next line in the customary UNIX fashion.
</para>
<para>
The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean,
which may be given as yes/no, 0/1 or true/false. Case is not significant in boolean values, but is preserved
in string values. Some items such as create masks are numeric.
</para>
</refsect1>
<refsect1>
<title>SECTION DESCRIPTIONS</title>
<para>
Each section in the configuration file (except for the [global] section) describes a shared resource (known as
a <quote>share</quote>). The section name is the name of the shared resource and the parameters within the
section define the shares attributes.
</para>
<para>
There are three special sections, [global], [homes] and [printers], which are described under
<emphasis>special sections</emphasis>. The following notes apply to ordinary section descriptions.
</para>
<para>
A share consists of a directory to which access is being given plus a description of the access rights
which are granted to the user of the service. Some housekeeping options are also specifiable.
</para>
<para>
Sections are either file share services (used by the client as an extension of their native file systems)
or printable services (used by the client to access print services on the host running the server).
</para>
<para>
Sections may be designated <emphasis>guest</emphasis> services, in which case no password is required to
access them. A specified UNIX <emphasis>guest account</emphasis> is used to define access privileges in this
case.
</para>
<para>
Sections other than guest services will require a password to access them. The client provides the
username. As older clients only provide passwords and not usernames, you may specify a list of usernames to
check against the password using the <literal>user =</literal> option in the share definition. For modern clients
such as Windows 95/98/ME/NT/2000, this should not be necessary.
</para>
<para>
The access rights granted by the server are masked by the access rights granted to the specified or guest
UNIX user by the host system. The server does not grant more access than the host system grants.
</para>
<para>
The following sample section defines a file space share. The user has write access to the path <filename
moreinfo="none">/home/bar</filename>. The share is accessed via the share name <literal>foo</literal>:
<programlisting>
<smbconfsection name="[foo]"/>
<smbconfoption name="path">/home/bar</smbconfoption>
<smbconfoption name="read only">no</smbconfoption>
</programlisting>
</para>
<para>
The following sample section defines a printable share. The share is read-only, but printable. That is,
the only write access permitted is via calls to open, write to and close a spool file. The <emphasis>guest
ok</emphasis> parameter means access will be permitted as the default guest user (specified elsewhere):
<programlisting>
<smbconfsection name="[aprinter]"/>
<smbconfoption name="path">/usr/spool/public</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
</programlisting>
</para>
</refsect1>
<refsect1>
<title>SPECIAL SECTIONS</title>
<refsect2>
<title>The [global] section</title>
<para>
Parameters in this section apply to the server as a whole, or are defaults for sections that do not
specifically define certain items. See the notes under PARAMETERS for more information.
</para>
</refsect2>
<refsect2 id="HOMESECT">
<title>The [homes] section</title>
<para>
If a section called [homes] is included in the configuration file, services connecting clients
to their home directories can be created on the fly by the server.
</para>
<para>
When the connection request is made, the existing sections are scanned. If a match is found, it is
used. If no match is found, the requested section name is treated as a username and looked up in the local
password file. If the name exists and the correct password has been given, a share is created by cloning the
[homes] section.
</para>
<para>
Some modifications are then made to the newly created share:
</para>
<itemizedlist>
<listitem><para>
The share name is changed from homes to the located username.
</para></listitem>
<listitem><para>
If no path was given, the path is set to the user's home directory.
</para></listitem>
</itemizedlist>
<para>
If you decide to use a <emphasis>path =</emphasis> line in your [homes] section, it may be useful
to use the %S macro. For example:
<programlisting>
<userinput moreinfo="none">path = /data/pchome/%S</userinput>
</programlisting>
is useful if you have different home directories for your PCs than for UNIX access.
</para>
<para>
This is a fast and simple way to give a large number of clients access to their home directories with a minimum
of fuss.
</para>
<para>
A similar process occurs if the requested section name is <quote>homes</quote>, except that the share
name is not changed to that of the requesting user. This method of using the [homes] section works well if
different users share a client PC.
</para>
<para>
The [homes] section can specify all the parameters a normal service section can specify, though some make more sense
than others. The following is a typical and suitable [homes] section:
<programlisting>
<smbconfsection name="[homes]"/>
<smbconfoption name="read only">no</smbconfoption>
</programlisting>
</para>
<para>
An important point is that if guest access is specified in the [homes] section, all home directories will be
visible to all clients <emphasis>without a password</emphasis>. In the very unlikely event that this is actually
desirable, it is wise to also specify <emphasis>read only access</emphasis>.
</para>
<para>
The <emphasis>browseable</emphasis> flag for auto home directories will be inherited from the global browseable
flag, not the [homes] browseable flag. This is useful as it means setting <emphasis>browseable = no</emphasis> in
the [homes] section will hide the [homes] share but make any auto home directories visible.
</para>
</refsect2>
<refsect2 id="PRINTERSSECT">
<title>The [printers] section</title>
<para>
This section works like [homes], but for printers.
</para>
<para>
If a [printers] section occurs in the configuration file, users are able to connect to any printer
specified in the local host's printcap file.
</para>
<para>
When a connection request is made, the existing sections are scanned. If a match is found, it is used.
If no match is found, but a [homes] section exists, it is used as described above. Otherwise, the requested
section name is treated as a printer name and the appropriate printcap file is scanned to see if the requested
section name is a valid printer share name. If a match is found, a new printer share is created by cloning the
[printers] section.
</para>
<para>
A few modifications are then made to the newly created share:
</para>
<itemizedlist>
<listitem><para>The share name is set to the located printer name</para></listitem>
<listitem><para>If no printer name was given, the printer name is set to the located printer name</para></listitem>
<listitem><para>If the share does not permit guest access and no username was given, the username is set
to the located printer name.</para></listitem>
</itemizedlist>
<para>
The [printers] service MUST be printable - if you specify otherwise, the server will refuse
to load the configuration file.
</para>
<para>
Typically the path specified is that of a world-writeable spool directory with the sticky bit set on
it. A typical [printers] entry looks like this:
<programlisting>
<smbconfsection name="[printers]"/>
<smbconfoption name="path">/usr/spool/public</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
</programlisting>
</para>
<para>
All aliases given for a printer in the printcap file are legitimate printer names as far as the server is concerned.
If your printing subsystem doesn't work like that, you will have to set up a pseudo-printcap. This is a file
consisting of one or more lines like this:
<programlisting>
alias|alias|alias|alias...
</programlisting>
</para>
<para>
Each alias should be an acceptable printer name for your printing subsystem. In the [global] section,
specify the new file as your printcap. The server will only recognize names found in your pseudo-printcap,
which of course can contain whatever aliases you like. The same technique could be used simply to limit access
to a subset of your local printers.
</para>
<para>
An alias, by the way, is defined as any component of the first entry of a printcap record. Records are separated by newlines,
components (if there are more than one) are separated by vertical bar symbols (<literal>|</literal>).
</para>
<note><para>
On SYSV systems which use lpstat to determine what printers are defined on the system you may be able to use
<literal>printcap name = lpstat</literal> to automatically obtain a list of printers. See the
<literal>printcap name</literal> option for more details.
</para></note>
</refsect2>
</refsect1>
<refsect1>
<title>USERSHARES</title>
<para>Starting with Samba version 3.0.23 the capability for non-root users to add, modify, and delete
their own share definitions has been added. This capability is called <emphasis>usershares</emphasis> and
is controlled by a set of parameters in the [global] section of the smb.conf.
The relevant parameters are :
</para>
<variablelist>
<varlistentry>
<term>usershare allow guests</term>
<listitem><para>Controls if usershares can permit guest access.</para></listitem>
</varlistentry>
<varlistentry>
<term>usershare max shares</term>
<listitem><para>Maximum number of user defined shares allowed.</para></listitem>
</varlistentry>
<varlistentry>
<term>usershare owner only</term>
<listitem><para>If set only directories owned by the sharing user can be shared.</para></listitem>
</varlistentry>
<varlistentry>
<term>usershare path</term>
<listitem><para>Points to the directory containing the user defined share definitions.
The filesystem permissions on this directory control who can create user defined shares.</para></listitem>
</varlistentry>
<varlistentry>
<term>usershare prefix allow list</term>
<listitem><para>Comma-separated list of absolute pathnames restricting what directories
can be shared. Only directories below the pathnames in this list are permitted.</para></listitem>
</varlistentry>
<varlistentry>
<term>usershare prefix deny list</term>
<listitem><para>Comma-separated list of absolute pathnames restricting what directories
can be shared. Directories below the pathnames in this list are prohibited.</para></listitem>
</varlistentry>
<varlistentry>
<term>usershare template share</term>
<listitem><para>Names a pre-existing share used as a template for creating new usershares.
All other share parameters not specified in the user defined share definition
are copied from this named share.</para></listitem>
</varlistentry>
</variablelist>
<para>To allow members of the UNIX group <literal>foo</literal> to create user defined
shares, create the directory to contain the share definitions as follows:
</para>
<para>Become root:</para>
<programlisting>
mkdir /usr/local/samba/lib/usershares
chgrp foo /usr/local/samba/lib/usershares
chmod 1770 /usr/local/samba/lib/usershares
</programlisting>
<para>Then add the parameters
<programlisting>
<smbconfoption name="usershare path">/usr/local/samba/lib/usershares</smbconfoption>
<smbconfoption name="usershare max shares">10</smbconfoption> # (or the desired number of shares)
</programlisting>
to the global
section of your <filename>smb.conf</filename>. Members of the group foo may then manipulate the user defined shares
using the following commands.</para>
<variablelist>
<varlistentry>
<term>net usershare add sharename path [comment] [acl] [guest_ok=[y|n]]</term>
<listitem><para>To create or modify (overwrite) a user defined share.</para></listitem>
</varlistentry>
<varlistentry>
<term>net usershare delete sharename</term>
<listitem><para>To delete a user defined share.</para></listitem>
</varlistentry>
<varlistentry>
<term>net usershare list wildcard-sharename</term>
<listitem><para>To list user defined shares.</para></listitem>
</varlistentry>
<varlistentry>
<term>net usershare info wildcard-sharename</term>
<listitem><para>To print information about user defined shares.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PARAMETERS</title>
<para>Parameters define the specific attributes of sections.</para>
<para>
Some parameters are specific to the [global] section (e.g., <emphasis>security</emphasis>). Some parameters
are usable in all sections (e.g., <emphasis>create mask</emphasis>). All others are permissible only in normal
sections. For the purposes of the following descriptions the [homes] and [printers] sections will be
considered normal. The letter <emphasis>G</emphasis> in parentheses indicates that a parameter is specific to
the [global] section. The letter <emphasis>S</emphasis> indicates that a parameter can be specified in a
service specific section. All <emphasis>S</emphasis> parameters can also be specified in the [global] section
- in which case they will define the default behavior for all services.
</para>
<para>
Parameters are arranged here in alphabetical order - this may not create best bedfellows, but at least you can
find them! Where there are synonyms, the preferred synonym is described, others refer to the preferred
synonym.
</para>
</refsect1>
<refsect1>
<title>VARIABLE SUBSTITUTIONS</title>
<para>
Many of the strings that are settable in the config file can take substitutions. For example the option
<quote>path = /tmp/%u</quote> is interpreted as <quote>path = /tmp/john</quote> if the user connected with the
username john.
</para>
<para>
These substitutions are mostly noted in the descriptions below, but there are some general substitutions
which apply whenever they might be relevant. These are:
</para>
<variablelist>
<varlistentry>
<term>%U</term>
<listitem><para>session username (the username that the client wanted, not
necessarily the same as the one they got).</para></listitem>
</varlistentry>
<varlistentry>
<term>%G</term>
<listitem><para>primary group name of %U.</para></listitem>
</varlistentry>
<varlistentry>
<term>%h</term>
<listitem><para>the Internet hostname that Samba is running on.</para></listitem>
</varlistentry>
<varlistentry>
<term>%m</term>
<listitem><para>the NetBIOS name of the client machine (very useful).</para>
<para>This parameter is not available when Samba listens on port 445, as clients no longer
send this information. If you use this macro in an include statement on a domain that has
a Samba domain controller be sure to set in the [global] section <parameter>smb ports =
139</parameter>. This will cause Samba to not listen on port 445 and will permit include
functionality to function as it did with Samba 2.x.
</para></listitem>
</varlistentry>
<varlistentry>
<term>%L</term>
<listitem><para>the NetBIOS name of the server. This allows you to change your config based on what
the client calls you. Your server can have a <quote>dual personality</quote>.
</para></listitem>
</varlistentry>
<varlistentry>
<term>%M</term>
<listitem><para>the Internet name of the client machine.
</para></listitem>
</varlistentry>
<varlistentry>
<term>%R</term>
<listitem><para>the selected protocol level after protocol negotiation. It can be one of CORE, COREPLUS,
LANMAN1, LANMAN2 or NT1.</para></listitem>
</varlistentry>
<varlistentry>
<term>%d</term>
<listitem><para>the process id of the current server
process.</para></listitem>
</varlistentry>
<varlistentry>
<term>%a</term>
<listitem><para>
The architecture of the remote
machine. It currently recognizes Samba (<constant>Samba</constant>),
the Linux CIFS file system (<constant>CIFSFS</constant>), OS/2, (<constant>OS2</constant>),
Windows for Workgroups (<constant>WfWg</constant>), Windows 9x/ME
(<constant>Win95</constant>), Windows NT (<constant>WinNT</constant>),
Windows 2000 (<constant>Win2K</constant>),
Windows XP (<constant>WinXP</constant>),
Windows XP 64-bit(<constant>WinXP64</constant>),
Windows 2003 including
2003R2 (<constant>Win2K3</constant>), and Windows
Vista (<constant>Vista</constant>). Anything else will be known as
<constant>UNKNOWN</constant>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%I</term>
<listitem><para>the IP address of the client machine.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%i</term>
<listitem><para>the local IP address to which a client connected.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%T</term>
<listitem><para>the current date and time.</para></listitem>
</varlistentry>
<varlistentry>
<term>%D</term>
<listitem><para>name of the domain or workgroup of the current user.</para></listitem>
</varlistentry>
<varlistentry>
<term>%w</term>
<listitem><para>the winbind separator.</para></listitem>
</varlistentry>
<varlistentry>
<term>%$(<replaceable>envvar</replaceable>)</term>
<listitem><para>the value of the environment variable
<replaceable>envar</replaceable>.</para></listitem>
</varlistentry>
</variablelist>
<para>
The following substitutes apply only to some configuration options (only those that are
used when a connection has been established):
</para>
<variablelist>
<varlistentry>
<term>%S</term>
<listitem><para>the name of the current service, if any.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%P</term>
<listitem><para>the root directory of the current service, if any.</para></listitem>
</varlistentry>
<varlistentry>
<term>%u</term>
<listitem><para>username of the current service, if any.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>%g</term>
<listitem><para>primary group name of %u.</para></listitem>
</varlistentry>
<varlistentry>
<term>%H</term>
<listitem><para>the home directory of the user given by %u.</para></listitem>
</varlistentry>
<varlistentry>
<term>%N</term>
<listitem><para>
the name of your NIS home directory server. This is obtained from your NIS auto.map entry.
If you have not compiled Samba with the <emphasis>--with-automount</emphasis> option, this
value will be the same as %L.</para></listitem>
</varlistentry>
<varlistentry>
<term>%p</term>
<listitem><para>
the path of the service's home directory, obtained from your NIS auto.map entry. The NIS
auto.map entry is split up as <literal>%N:%p</literal>.</para></listitem>
</varlistentry>
</variablelist>
<para>
There are some quite creative things that can be done with these substitutions and other
<filename moreinfo="none">smb.conf</filename> options.
</para>
</refsect1>
<refsect1 id="NAMEMANGLINGSECT">
<title>NAME MANGLING</title>
<para>
Samba supports <literal>name mangling</literal> so that DOS and Windows clients can use files that don't
conform to the 8.3 format. It can also be set to adjust the case of 8.3 format filenames.
</para>
<para>
There are several options that control the way mangling is performed, and they are grouped here rather
than listed separately. For the defaults look at the output of the testparm program.
</para>
<para>
These options can be set separately for each service.
</para>
<para>
The options are:
</para>
<variablelist>
<varlistentry>
<term>case sensitive = yes/no/auto</term>
<listitem><para>
controls whether filenames are case sensitive. If they aren't, Samba must do a filename search and match on
passed names. The default setting of auto allows clients that support case sensitive filenames (Linux CIFSVFS
and smbclient 3.0.5 and above currently) to tell the Samba server on a per-packet basis that they wish to
access the file system in a case-sensitive manner (to support UNIX case sensitive semantics). No Windows or
DOS system supports case-sensitive filename so setting this option to auto is that same as setting it to no
for them. Default <emphasis>auto</emphasis>.
</para></listitem>
</varlistentry>
<varlistentry>
<term>default case = upper/lower</term>
<listitem><para>
controls what the default case is for new filenames (ie. files that don't currently exist in the filesystem).
Default <emphasis>lower</emphasis>. IMPORTANT NOTE: This option will be used to modify the case of
<emphasis>all</emphasis> incoming client filenames, not just new filenames if the options <smbconfoption
name="case sensitive">yes</smbconfoption>, <smbconfoption name="preserve case">No</smbconfoption>,
<smbconfoption name="short preserve case">No</smbconfoption> are set. This change is needed as part of the
optimisations for directories containing large numbers of files.
</para></listitem>
</varlistentry>
<varlistentry>
<term>preserve case = yes/no</term>
<listitem><para>
controls whether new files (ie. files that don't currently exist in the filesystem) are created with the case
that the client passes, or if they are forced to be the <literal>default</literal> case. Default
<emphasis>yes</emphasis>.
</para></listitem>
</varlistentry>
<varlistentry>
<term>short preserve case = yes/no</term>
<listitem><para>
controls if new files (ie. files that don't currently exist in the filesystem) which conform to 8.3 syntax,
that is all in upper case and of suitable length, are created upper case, or if they are forced to be the
<literal>default</literal> case. This option can be used with <literal>preserve case = yes</literal> to permit
long filenames to retain their case, while short names are lowercased. Default <emphasis>yes</emphasis>.
</para></listitem>
</varlistentry>
</variablelist>
<para>
By default, Samba 3.0 has the same semantics as a Windows NT server, in that it is case insensitive
but case preserving. As a special case for directories with large numbers of files, if the case
options are set as follows, "case sensitive = yes", "case preserve = no", "short preserve case = no"
then the "default case" option will be applied and will modify all filenames sent from the client
when accessing this share.
</para>
</refsect1>
<refsect1 id="VALIDATIONSECT">
<title>NOTE ABOUT USERNAME/PASSWORD VALIDATION</title>
<para>
There are a number of ways in which a user can connect to a service. The server uses the following steps
in determining if it will allow a connection to a specified service. If all the steps fail, the connection
request is rejected. However, if one of the steps succeeds, the following steps are not checked.
</para>
<para>
If the service is marked <quote>guest only = yes</quote> and the server is running with share-level
security (<quote>security = share</quote>, steps 1 to 5 are skipped.
</para>
<orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic">
<listitem><para>
If the client has passed a username/password pair and that username/password pair is validated by the UNIX
system's password programs, the connection is made as that username. This includes the
<literal>\\server\service</literal>%<replaceable>username</replaceable> method of passing a username.
</para></listitem>
<listitem><para>
If the client has previously registered a username with the system and now supplies a correct password for that
username, the connection is allowed.
</para></listitem>
<listitem><para>
The client's NetBIOS name and any previously used usernames are checked against the supplied password. If
they match, the connection is allowed as the corresponding user.
</para></listitem>
<listitem><para>
If the client has previously validated a username/password pair with the server and the client has passed
the validation token, that username is used.
</para></listitem>
<listitem><para>
If a <literal>user = </literal> field is given in the <filename moreinfo="none">smb.conf</filename> file for the
service and the client has supplied a password, and that password matches (according to the UNIX system's
password checking) with one of the usernames from the <literal>user =</literal> field, the connection is made as
the username in the <literal>user =</literal> line. If one of the usernames in the <literal>user =</literal> list
begins with a <literal>@</literal>, that name expands to a list of names in the group of the same name.
</para></listitem>
<listitem><para>
If the service is a guest service, a connection is made as the username given in the <literal>guest account
=</literal> for the service, irrespective of the supplied password.
</para></listitem>
</orderedlist>
</refsect1>
<refsect1>
<title>REGISTRY-BASED CONFIGURATION</title>
<para>
Starting with Samba version 3.2.0, the capability to
store Samba configuration in the registry is available.
There are two levels of registry configuration:
</para>
<orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic">
<listitem><para>Share definitions stored in registry are used.
This is triggered by setting the global
parameter <parameter>registry shares</parameter> to <quote>yes</quote>
in <emphasis>smb.conf</emphasis>.
</para>
<para>Note: Shares defined in <emphasis>smb.conf</emphasis>
always take priority over
shares of the same name defined in registry.
</para></listitem>
<listitem><para>Global <emphasis>smb.conf</emphasis> options stored in
registry are used. This is triggered by the
parameter <smbconfoption name="config backend">registry</smbconfoption> in
the [global] section of <emphasis>smb.conf</emphasis>.
This removes everything that has been read from config files
to this point and reads the content of the global configuration
section from the registry.
Activation of global registry options automatically
activates registry shares. In this case, no share definitions
from smb.conf are read: This is a registry only configuration
with the advantage that share definitions are not read
in a bulk at startup time but on demand when a share is
accessed.
</para></listitem>
</orderedlist>
<para>
Caveat: To make registry-based configurations foolproof at least to a
certain extent, the use
of <parameter>lock directory</parameter>,
<parameter>config backend</parameter>, and
<parameter>include</parameter> inside the registry
configuration has been disabled. Especially, by changing the
<parameter>lock directory</parameter> inside the registry
configuration, one would create a broken setup where the daemons
do not see the configuration they loaded once it is active.
</para>
<para>
The registry configuration can be accessed with
tools like <emphasis>regedit</emphasis> or <emphasis>net rpc
registry</emphasis> in the key
<emphasis><literal>HKLM\Software\Samba\smbconf</literal></emphasis>.
More conveniently, the <emphasis>conf</emphasis> subcommand of the
<citerefentry><refentrytitle>net</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> utility
offers a dedicated interface to read and write the
registry based configuration locally, i.e. directly
accessing the database file, circumventing the
server.
</para>
</refsect1>
<refsect1>
<title>EXPLANATION OF EACH PARAMETER</title>
<samba:parameterlist>
<xi:include href="../smbdotconf/parameters.all.xml" parse="xml"/>
</samba:parameterlist>
</refsect1>
<refsect1>
<title>WARNINGS</title>
<para>
Although the configuration file permits service names to contain spaces, your client software may not.
Spaces will be ignored in comparisons anyway, so it shouldn't be a problem - but be aware of the possibility.
</para>
<para>
On a similar note, many clients - especially DOS clients - limit service names to eight characters.
<citerefentry><refentrytitle>smbd</refentrytitle> <manvolnum>8</manvolnum></citerefentry> has no such
limitation, but attempts to connect from such clients will fail if they truncate the service names. For this
reason you should probably keep your service names down to eight characters in length.
</para>
<para>
Use of the <literal>[homes]</literal> and <literal>[printers]</literal> special sections make life
for an administrator easy, but the various combinations of default attributes can be tricky. Take extreme
care when designing these sections. In particular, ensure that the permissions on spool directories are
correct.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>swat</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmblookup</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
</para>
<para>
The original Samba man pages were written by Karl Auer. The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0 release by Jeremy Allison. The conversion
to DocBook for Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done by
Alexander Bokovoy.
</para>
</refsect1>
</refentry>

264
docs-xml/manpages-3/smbcacls.1.xml Normal file
View File

@ -0,0 +1,264 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbcacls.1">
<refmeta>
<refentrytitle>smbcacls</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbcacls</refname>
<refpurpose>Set or get ACLs on an NT file or directory names</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbcacls</command>
<arg choice="req">//server/share</arg>
<arg choice="req">filename</arg>
<arg choice="opt">-D acls</arg>
<arg choice="opt">-M acls</arg>
<arg choice="opt">-a acls</arg>
<arg choice="opt">-S acls</arg>
<arg choice="opt">-C name</arg>
<arg choice="opt">-G name</arg>
<arg choice="opt">--numeric</arg>
<arg choice="opt">-t</arg>
<arg choice="opt">-U username</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-d</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>smbcacls</command> program manipulates NT Access Control
Lists (ACLs) on SMB file shares. </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>The following options are available to the <command>smbcacls</command> program.
The format of ACLs is described in the section ACL FORMAT </para>
<variablelist>
<varlistentry>
<term>-a acls</term>
<listitem><para>Add the ACLs specified to the ACL list. Existing
access control entries are unchanged. </para></listitem>
</varlistentry>
<varlistentry>
<term>-M acls</term>
<listitem><para>Modify the mask value (permissions) for the ACLs
specified on the command line. An error will be printed for each
ACL specified that was not already present in the ACL list
</para></listitem>
</varlistentry>
<varlistentry>
<term>-D acls</term>
<listitem><para>Delete any ACLs specified on the command line.
An error will be printed for each ACL specified that was not
already present in the ACL list. </para></listitem>
</varlistentry>
<varlistentry>
<term>-S acls</term>
<listitem><para>This command sets the ACLs on the file with
only the ones specified on the command line. All other ACLs are
erased. Note that the ACL specified must contain at least a revision,
type, owner and group for the call to succeed. </para></listitem>
</varlistentry>
<varlistentry>
<term>-U username</term>
<listitem><para>Specifies a username used to connect to the
specified service. The username may be of the form "username" in
which case the user is prompted to enter in a password and the
workgroup specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file is
used, or "username%password" or "DOMAIN\username%password" and the
password and workgroup names are used as provided. </para></listitem>
</varlistentry>
<varlistentry>
<term>-C name</term>
<listitem><para>The owner of a file or directory can be changed
to the name given using the <parameter>-C</parameter> option.
The name can be a sid in the form S-1-x-y-z or a name resolved
against the server specified in the first argument. </para>
<para>This command is a shortcut for -M OWNER:name.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-G name</term>
<listitem><para>The group owner of a file or directory can
be changed to the name given using the <parameter>-G</parameter>
option. The name can be a sid in the form S-1-x-y-z or a name
resolved against the server specified n the first argument.
</para>
<para>This command is a shortcut for -M GROUP:name.</para></listitem>
</varlistentry>
<varlistentry>
<term>--numeric</term>
<listitem><para>This option displays all ACL information in numeric
format. The default is to convert SIDs to names and ACE types
and masks to a readable string format. </para></listitem>
</varlistentry>
<varlistentry>
<term>-t</term>
<listitem><para>
Don't actually do anything, only validate the correctness of
the arguments.
</para></listitem>
</varlistentry>
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
</variablelist>
</refsect1>
<refsect1>
<title>ACL FORMAT</title>
<para>The format of an ACL is one or more ACL entries separated by
either commas or newlines. An ACL entry is one of the following: </para>
<para><programlisting>
REVISION:&lt;revision number&gt;
OWNER:&lt;sid or name&gt;
GROUP:&lt;sid or name&gt;
ACL:&lt;sid or name&gt;:&lt;type&gt;/&lt;flags&gt;/&lt;mask&gt;
</programlisting></para>
<para>The revision of the ACL specifies the internal Windows
NT ACL revision for the security descriptor.
If not specified it defaults to 1. Using values other than 1 may
cause strange behaviour. </para>
<para>The owner and group specify the owner and group sids for the
object. If a SID in the format S-1-x-y-z is specified this is used,
otherwise the name specified is resolved using the server on which
the file or directory resides. </para>
<para>ACLs specify permissions granted to the SID. This SID again
can be specified in S-1-x-y-z format or as a name in which case
it is resolved against the server on which the file or directory
resides. The type, flags and mask values determine the type of
access granted to the SID. </para>
<para>The type can be either 0 or 1 corresponding to ALLOWED or
DENIED access to the SID. The flags values are generally
zero for file ACLs and either 9 or 2 for directory ACLs. Some
common flags are: </para>
<itemizedlist>
<listitem><para><constant>#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1</constant></para></listitem>
<listitem><para><constant>#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2</constant></para></listitem>
<listitem><para><constant>#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4</constant></para></listitem>
<listitem><para><constant>#define SEC_ACE_FLAG_INHERIT_ONLY 0x8</constant></para></listitem>
</itemizedlist>
<para>At present flags can only be specified as decimal or
hexadecimal values.</para>
<para>The mask is a value which expresses the access right
granted to the SID. It can be given as a decimal or hexadecimal value,
or by using one of the following text strings which map to the NT
file permissions of the same name. </para>
<itemizedlist>
<listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
<listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
<listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
<listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
<listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
<listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
</itemizedlist>
<para>The following combined permissions can be specified:</para>
<itemizedlist>
<listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX'
permissions</para></listitem>
<listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
</para></listitem>
<listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO'
permissions</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>EXIT STATUS</title>
<para>The <command>smbcacls</command> program sets the exit status
depending on the success or otherwise of the operations performed.
The exit status may be one of the following values. </para>
<para>If the operation succeeded, smbcacls returns and exit
status of 0. If <command>smbcacls</command> couldn't connect to the specified server,
or there was an error getting or setting the ACLs, an exit status
of 1 is returned. If there was an error parsing any command line
arguments, an exit status of 2 is returned. </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para><command>smbcacls</command> was written by Andrew Tridgell
and Tim Potter.</para>
<para>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba 3.0 was done
by Alexander Bokovoy.</para>
</refsect1>
</refentry>

1135
docs-xml/manpages-3/smbclient.1.xml Normal file
View File

File diff suppressed because it is too large Load Diff

297
docs-xml/manpages-3/smbcontrol.1.xml Normal file
View File

@ -0,0 +1,297 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbcontrol.1">
<refmeta>
<refentrytitle>smbcontrol</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbcontrol</refname>
<refpurpose>send messages to smbd, nmbd or winbindd processes</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbcontrol</command>
<arg>-i</arg>
<arg>-s</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>smbcontrol</command>
<arg>destination</arg>
<arg>message-type</arg>
<arg>parameter</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbcontrol</command> is a very small program, which
sends messages to a <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, a <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, or a <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon running on the system.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
&stdarg.help;
&stdarg.configfile;
<varlistentry>
<term>-i</term>
<listitem><para>Run interactively. Individual commands
of the form destination message-type parameters can be entered
on STDIN. An empty command line or a "q" will quit the
program.</para></listitem>
</varlistentry>
<varlistentry>
<term>destination</term>
<listitem><para>One of <parameter>nmbd</parameter>, <parameter>smbd</parameter> or a process ID.</para>
<para>The <parameter>smbd</parameter> destination causes the
message to "broadcast" to all smbd daemons.</para>
<para>The <parameter>nmbd</parameter> destination causes the
message to be sent to the nmbd daemon specified in the
<filename>nmbd.pid</filename> file.</para>
<para>If a single process ID is given, the message is sent
to only that process.</para></listitem>
</varlistentry>
<varlistentry>
<term>message-type</term>
<listitem><para>Type of message to send. See
the section <constant>MESSAGE-TYPES</constant> for details.
</para></listitem></varlistentry>
<varlistentry>
<term>parameters</term>
<listitem><para>any parameters required for the message-type</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>MESSAGE-TYPES</title>
<para>Available message types are:</para>
<variablelist>
<varlistentry><term>close-share</term>
<listitem><para>Order smbd to close the client
connections to the named share. Note that this doesn't affect client
connections to any other shares. This message-type takes an argument of the
share name for which client connections will be closed, or the
"*" character which will close all currently open shares.
This may be useful if you made changes to the access controls on the share.
This message can only be sent to <constant>smbd</constant>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>debug</term>
<listitem><para>Set debug level to the value specified by the
parameter. This can be sent to any of the destinations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>force-election</term>
<listitem><para>This message causes the <command>nmbd</command> daemon to
force a new browse master election. </para>
</listitem></varlistentry>
<varlistentry>
<term>ping</term>
<listitem><para>
Send specified number of "ping" messages and
wait for the same number of reply "pong" messages. This can be sent to
any of the destinations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>profile</term>
<listitem><para>Change profile settings of a daemon, based on the
parameter. The parameter can be "on" to turn on profile stats
collection, "off" to turn off profile stats collection, "count"
to enable only collection of count stats (time stats are
disabled), and "flush" to zero the current profile stats. This can
be sent to any smbd or nmbd destinations.</para>
</listitem></varlistentry>
<varlistentry>
<term>debuglevel</term>
<listitem><para>
Request debuglevel of a certain daemon and write it to stdout. This
can be sent to any of the destinations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>profilelevel</term>
<listitem><para>
Request profilelevel of a certain daemon and write it to stdout.
This can be sent to any smbd or nmbd destinations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>printnotify</term>
<listitem><para>
Order smbd to send a printer notify message to any Windows NT clients
connected to a printer. This message-type takes the following arguments:
</para>
<variablelist>
<varlistentry>
<term>queuepause printername</term>
<listitem><para>Send a queue pause change notify
message to the printer specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>queueresume printername</term>
<listitem><para>Send a queue resume change notify
message for the printer specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>jobpause printername unixjobid</term>
<listitem><para>Send a job pause change notify
message for the printer and unix jobid
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>jobresume printername unixjobid</term>
<listitem><para>Send a job resume change notify
message for the printer and unix jobid
specified.</para></listitem>
</varlistentry>
<varlistentry>
<term>jobdelete printername unixjobid</term>
<listitem><para>Send a job delete change notify
message for the printer and unix jobid
specified.</para></listitem>
</varlistentry>
</variablelist>
<para>
Note that this message only sends notification that an
event has occured. It doesn't actually cause the
event to happen.
</para>
<para>This message can only be sent to <constant>smbd</constant>. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>samsync</term>
<listitem><para>Order smbd to synchronise sam database from PDC (being BDC). Can only be sent to <constant>smbd</constant>. </para>
<note><para>Not working at the moment</para></note>
</listitem>
</varlistentry>
<varlistentry>
<term>samrepl</term>
<listitem><para>Send sam replication message, with specified serial. Can only be sent to <constant>smbd</constant>. Should not be used manually.</para></listitem>
</varlistentry>
<varlistentry>
<term>dmalloc-mark</term>
<listitem><para>Set a mark for dmalloc. Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem>
</varlistentry>
<varlistentry>
<term>dmalloc-log-changed</term>
<listitem><para>
Dump the pointers that have changed since the mark set by dmalloc-mark.
Can be sent to both smbd and nmbd. Only available if samba is built with dmalloc support. </para></listitem>
</varlistentry>
<varlistentry>
<term>shutdown</term>
<listitem><para>Shut down specified daemon. Can be sent to both smbd and nmbd.</para></listitem>
</varlistentry>
<varlistentry>
<term>pool-usage</term>
<listitem><para>Print a human-readable description of all
talloc(pool) memory usage by the specified daemon/process. Available
for both smbd and nmbd.</para></listitem>
</varlistentry>
<varlistentry>
<term>drvupgrade</term>
<listitem><para>Force clients of printers using specified driver
to update their local version of the driver. Can only be
sent to smbd.</para></listitem>
</varlistentry>
<varlistentry>
<term>reload-config</term>
<listitem><para>Force daemon to reload smb.conf configuration file. Can be sent
to <constant>smbd</constant>, <constant>nmbd</constant>, or <constant>winbindd</constant>.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

183
docs-xml/manpages-3/smbcquotas.1.xml Normal file
View File

@ -0,0 +1,183 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbcquotas.1">
<refmeta>
<refentrytitle>smbcquotas</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbcquotas</refname>
<refpurpose>Set or get QUOTAs of NTFS 5 shares</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbcquotas</command>
<arg choice="req">//server/share</arg>
<arg choice="opt">-u user</arg>
<arg choice="opt">-L</arg>
<arg choice="opt">-F</arg>
<arg choice="opt">-S QUOTA_SET_COMMAND</arg>
<arg choice="opt">-n</arg>
<arg choice="opt">-t</arg>
<arg choice="opt">-v</arg>
<arg choice="opt">-d debuglevel</arg>
<arg choice="opt">-s configfile</arg>
<arg choice="opt">-l logdir</arg>
<arg choice="opt">-V</arg>
<arg choice="opt">-U username</arg>
<arg choice="opt">-N</arg>
<arg choice="opt">-k</arg>
<arg choice="opt">-A</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>smbcquotas</command> program manipulates NT Quotas on SMB file shares. </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>The following options are available to the <command>smbcquotas</command> program. </para>
<variablelist>
<varlistentry>
<term>-u user</term>
<listitem><para> Specifies the user of whom the quotas are get or set.
By default the current user's username will be used.</para></listitem>
</varlistentry>
<varlistentry>
<term>-L</term>
<listitem><para>Lists all quota records of the share.</para></listitem>
</varlistentry>
<varlistentry>
<term>-F</term>
<listitem><para>Show the share quota status and default limits.</para></listitem>
</varlistentry>
<varlistentry>
<term>-S QUOTA_SET_COMMAND</term>
<listitem><para>This command sets/modifies quotas for a user or on the share,
depending on the QUOTA_SET_COMMAND parameter which is described later.</para></listitem>
</varlistentry>
<varlistentry>
<term>-n</term>
<listitem><para>This option displays all QUOTA information in numeric
format. The default is to convert SIDs to names and QUOTA limits
to a readable string format.</para></listitem>
</varlistentry>
<varlistentry>
<term>-t</term>
<listitem><para>
Don't actually do anything, only validate the correctness of the arguments.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<listitem><para>
Be verbose.
</para></listitem>
</varlistentry>
&stdarg.help;
&stdarg.server.debug;
&popt.common.samba;
&popt.common.credentials;
</variablelist>
</refsect1>
<refsect1>
<title>QUOTA_SET_COMAND</title>
<para>The format of an the QUOTA_SET_COMMAND is an operation
name followed by a set of parameters specific to that operation.
</para>
<para>To set user quotas for the user specified by -u or for the
current username: </para>
<para><userinput>
UQLIM:&lt;username&gt;:&lt;softlimit&gt;/&lt;hardlimit&gt;
</userinput></para>
<para>To set the default quotas for a share:
</para>
<para><userinput>
FSQLIM:&lt;softlimit&gt;/&lt;hardlimit&gt;
</userinput></para>
<para>
To change the share quota settings:
</para>
<para><userinput>
FSQFLAGS:QUOTA_ENABLED/DENY_DISK/LOG_SOFTLIMIT/LOG_HARD_LIMIT
</userinput></para>
<para>All limits are specified as a number of bytes.</para>
</refsect1>
<refsect1>
<title>EXIT STATUS</title>
<para>The <command>smbcquotas</command> program sets the exit status
depending on the success or otherwise of the operations performed.
The exit status may be one of the following values. </para>
<para>If the operation succeeded, smbcquotas returns an exit
status of 0. If <command>smbcquotas</command> couldn't connect to the specified server,
or when there was an error getting or setting the quota(s), an exit status
of 1 is returned. If there was an error parsing any command line
arguments, an exit status of 2 is returned. </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para><command>smbcquotas</command> was written by Stefan Metzmacher.</para>
</refsect1>
</refentry>

445
docs-xml/manpages-3/smbd.8.xml Normal file
View File

@ -0,0 +1,445 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbd.8">
<refmeta>
<refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbd</refname>
<refpurpose>server to provide SMB/CIFS services to clients</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbd</command>
<arg choice="opt">-D</arg>
<arg choice="opt">-F</arg>
<arg choice="opt">-S</arg>
<arg choice="opt">-i</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-V</arg>
<arg choice="opt">-b</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-l &lt;log directory&gt;</arg>
<arg choice="opt">-p &lt;port number(s)&gt;</arg>
<arg choice="opt">-P &lt;profiling level&gt;</arg>
<arg choice="opt">-O &lt;socket option&gt;</arg>
<arg choice="opt">-s &lt;configuration file&gt;</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbd</command> is the server daemon that
provides filesharing and printing services to Windows clients.
The server provides filespace and printer services to
clients using the SMB (or CIFS) protocol. This is compatible
with the LanManager protocol, and can service LanManager
clients. These include MSCLIENT 3.0 for DOS, Windows for
Workgroups, Windows 95/98/ME, Windows NT, Windows 2000,
OS/2, DAVE for Macintosh, and smbfs for Linux.</para>
<para>An extensive description of the services that the
server can provide is given in the man page for the
configuration file controlling the attributes of those
services (see <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>. This man page will not describe the
services, but will concentrate on the administrative aspects
of running the server.</para>
<para>Please note that there are significant security
implications to running this server, and the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> manual page should be regarded as mandatory reading before
proceeding with installation.</para>
<para>A session is created whenever a client requests one.
Each client gets a copy of the server for each session. This
copy then services all connections made by the client during
that session. When all connections from its client are closed,
the copy of the server for that client terminates.</para>
<para>The configuration file, and any files that it includes,
are automatically reloaded every minute, if they change. You
can force a reload by sending a SIGHUP to the server. Reloading
the configuration file will not affect connections to any service
that is already established. Either the user will have to
disconnect from the service, or <command>smbd</command> killed and restarted.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-D</term>
<listitem><para>If specified, this parameter causes
the server to operate as a daemon. That is, it detaches
itself and runs in the background, fielding requests
on the appropriate port. Operating the server as a
daemon is the recommended way of running <command>smbd</command> for
servers that provide more than casual use file and
print services. This switch is assumed if <command>smbd
</command> is executed on the command line of a shell.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-F</term>
<listitem><para>If specified, this parameter causes
the main <command>smbd</command> process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
<command>smbd</command> under process supervisors such
as <command>supervise</command> and <command>svscan</command>
from Daniel J. Bernstein's <command>daemontools</command>
package, or the AIX process monitor.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem><para>If specified, this parameter causes
<command>smbd</command> to log to standard output rather
than a file.</para></listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem><para>If this parameter is specified it causes the
server to run "interactively", not as a daemon, even if the
server is executed on the command line of a shell. Setting this
parameter negates the implicit deamon mode when run from the
command line. <command>smbd</command> also logs to standard
output, as if the <command>-S</command> parameter had been
given.
</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
&stdarg.help;
<varlistentry>
<term>-b</term>
<listitem><para>Prints information about how
Samba was built.</para></listitem>
</varlistentry>
<varlistentry>
<term>-p|--port&lt;port number(s)&gt;</term>
<listitem><para><replaceable>port number(s)</replaceable> is a
space or comma-separated list of TCP ports smbd should listen on.
The default value is taken from the <smbconfoption name="ports"/> parameter in &smb.conf;</para>
<para>The default ports are 139 (used for SMB over NetBIOS over TCP)
and port 445 (used for plain SMB over TCP).
</para></listitem>
</varlistentry>
<varlistentry>
<term>-P|--profiling-level&lt;profiling level&gt;</term>
<listitem><para><replaceable>profiling level</replaceable> is a
number specifying the level of profiling data to be collected.
0 turns off profiling, 1 turns on counter profiling only,
2 turns on complete profiling, and 3 resets all profiling data.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/inetd.conf</filename></term>
<listitem><para>If the server is to be run by the
<command>inetd</command> meta-daemon, this file
must contain suitable startup information for the
meta-daemon.
</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/rc</filename></term>
<listitem><para>or whatever initialization script your
system uses).</para>
<para>If running the server as a daemon at startup,
this file will need to contain an appropriate startup
sequence for the server. </para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/services</filename></term>
<listitem><para>If running the server via the
meta-daemon <command>inetd</command>, this file
must contain a mapping of service name (e.g., netbios-ssn)
to service port (e.g., 139) and protocol type (e.g., tcp).
</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
<listitem><para>This is the default location of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> server configuration file. Other common places that systems
install this file are <filename>/usr/samba/lib/smb.conf</filename>
and <filename>/etc/samba/smb.conf</filename>.</para>
<para>This file describes all the services the server
is to make available to clients. See <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for more information.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>LIMITATIONS</title>
<para>On some systems <command>smbd</command> cannot change uid back
to root after a setuid() call. Such systems are called
trapdoor uid systems. If you have such a system,
you will be unable to connect from a client (such as a PC) as
two different users at once. Attempts to connect the
second user will result in access denied or
similar.</para>
</refsect1>
<refsect1>
<title>ENVIRONMENT VARIABLES</title>
<variablelist>
<varlistentry>
<term><envar>PRINTER</envar></term>
<listitem><para>If no printer name is specified to
printable services, most systems will use the value of
this variable (or <constant>lp</constant> if this variable is
not defined) as the name of the printer to use. This
is not specific to the server, however.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>PAM INTERACTION</title>
<para>Samba uses PAM for authentication (when presented with a plaintext
password), for account checking (is this account disabled?) and for
session management. The degree too which samba supports PAM is restricted
by the limitations of the SMB protocol and the <smbconfoption name="obey pam restrictions"/> <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply:
</para>
<itemizedlist>
<listitem><para><emphasis>Account Validation</emphasis>: All accesses to a
samba server are checked
against PAM to see if the account is vaild, not disabled and is permitted to
login at this time. This also applies to encrypted logins.
</para></listitem>
<listitem><para><emphasis>Session Management</emphasis>: When not using share
level secuirty, users must pass PAM's session checks before access
is granted. Note however, that this is bypassed in share level secuirty.
Note also that some older pam configuration files may need a line
added for session support.
</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>DIAGNOSTICS</title>
<para>Most diagnostics issued by the server are logged
in a specified log file. The log file name is specified
at compile time, but may be overridden on the command line.</para>
<para>The number and nature of diagnostics available depends
on the debug level used by the server. If you have problems, set
the debug level to 3 and peruse the log files.</para>
<para>Most messages are reasonably self-explanatory. Unfortunately,
at the time this man page was created, there are too many diagnostics
available in the source code to warrant describing each and every
diagnostic. At this stage your best bet is still to grep the
source code and inspect the conditions that gave rise to the
diagnostics you are seeing.</para>
</refsect1>
<refsect1>
<title>TDB FILES</title>
<para>Samba stores it's data in several TDB (Trivial Database) files, usually located in <filename>/var/lib/samba</filename>.</para>
<para>
(*) information persistent across restarts (but not
necessarily important to backup).
</para>
<variablelist>
<varlistentry><term>account_policy.tdb*</term>
<listitem>
<para>NT account policy settings such as pw expiration, etc...</para>
</listitem>
</varlistentry>
<varlistentry><term>brlock.tdb</term>
<listitem><para>byte range locks</para></listitem>
</varlistentry>
<varlistentry><term>browse.dat</term>
<listitem><para>browse lists</para></listitem>
</varlistentry>
<varlistentry><term>connections.tdb</term>
<listitem><para>share connections (used to enforce max connections, etc...)</para></listitem>
</varlistentry>
<varlistentry><term>gencache.tdb</term>
<listitem><para>generic caching db</para></listitem>
</varlistentry>
<varlistentry><term>group_mapping.tdb*</term>
<listitem><para>group mapping information</para></listitem>
</varlistentry>
<varlistentry><term>locking.tdb</term>
<listitem><para>share modes &amp; oplocks</para></listitem>
</varlistentry>
<varlistentry><term>login_cache.tdb*</term>
<listitem><para>bad pw attempts</para></listitem>
</varlistentry>
<varlistentry><term>messages.tdb</term>
<listitem><para>Samba messaging system</para></listitem>
</varlistentry>
<varlistentry><term>netsamlogon_cache.tdb*</term>
<listitem><para>cache of user net_info_3 struct from net_samlogon() request (as a domain member)</para></listitem>
</varlistentry>
<varlistentry><term>ntdrivers.tdb*</term>
<listitem><para>installed printer drivers</para></listitem>
</varlistentry>
<varlistentry><term>ntforms.tdb*</term>
<listitem><para>installed printer forms</para></listitem>
</varlistentry>
<varlistentry><term>ntprinters.tdb*</term>
<listitem><para>installed printer information</para></listitem>
</varlistentry>
<varlistentry><term>printing/</term>
<listitem><para>directory containing tdb per print queue of cached lpq output</para></listitem>
</varlistentry>
<varlistentry><term>registry.tdb</term>
<listitem><para>Windows registry skeleton (connect via regedit.exe)</para></listitem>
</varlistentry>
<varlistentry><term>sessionid.tdb</term>
<listitem><para>session information (e.g. support for 'utmp = yes')</para></listitem>
</varlistentry>
<varlistentry><term>share_info.tdb*</term>
<listitem><para>share acls</para></listitem>
</varlistentry>
<varlistentry><term>winbindd_cache.tdb</term>
<listitem><para>winbindd's cache of user lists, etc...</para></listitem>
</varlistentry>
<varlistentry><term>winbindd_idmap.tdb*</term>
<listitem><para>winbindd's local idmap db</para></listitem>
</varlistentry>
<varlistentry><term>wins.dat*</term>
<listitem><para>wins database when 'wins support = yes'</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SIGNALS</title>
<para>Sending the <command>smbd</command> a SIGHUP will cause it to
reload its <filename>smb.conf</filename> configuration
file within a short period of time.</para>
<para>To shut down a user's <command>smbd</command> process it is recommended
that <command>SIGKILL (-9)</command> <emphasis>NOT</emphasis>
be used, except as a last resort, as this may leave the shared
memory area in an inconsistent state. The safe way to terminate
an <command>smbd</command> is to send it a SIGTERM (-15) signal and wait for
it to die on its own.</para>
<para>The debug log level of <command>smbd</command> may be raised
or lowered using <citerefentry><refentrytitle>smbcontrol</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> program (SIGUSR[1|2] signals are no longer
used since Samba 2.2). This is to allow transient problems to be diagnosed,
whilst still running at a normally low log level.</para>
<para>Note that as the signal handlers send a debug write,
they are not re-entrant in <command>smbd</command>. This you should wait until
<command>smbd</command> is in a state of waiting for an incoming SMB before
issuing them. It is possible to make the signal handlers safe
by un-blocking the signals before the select call and re-blocking
them after, however this would affect performance.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>hosts_access</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>inetd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>smbclient</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testparm</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry><refentrytitle>testprns</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, and the
Internet RFC's <filename>rfc1001.txt</filename>, <filename>rfc1002.txt</filename>.
In addition the CIFS (formerly SMB) specification is available
as a link from the Web page <ulink noescape="1" url="http://samba.org/cifs/">
http://samba.org/cifs/</ulink>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

211
docs-xml/manpages-3/smbget.1.xml Normal file
View File

@ -0,0 +1,211 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbget.1">
<refmeta>
<refentrytitle>smbget</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbget</refname>
<refpurpose>wget-like utility for download files over SMB</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbget</command>
<arg choice="opt">-a, --guest</arg>
<arg choice="opt">-r, --resume</arg>
<arg choice="opt">-R, --recursive</arg>
<arg choice="opt">-u, --username=STRING</arg>
<arg choice="opt">-p, --password=STRING</arg>
<arg choice="opt">-w, --workgroup=STRING</arg>
<arg choice="opt">-n, --nonprompt</arg>
<arg choice="opt">-d, --debuglevel=INT</arg>
<arg choice="opt">-D, --dots</arg>
<arg choice="opt">-P, --keep-permissions</arg>
<arg choice="opt">-o, --outputfile</arg>
<arg choice="opt">-f, --rcfile</arg>
<arg choice="opt">-q, --quiet</arg>
<arg choice="opt">-v, --verbose</arg>
<arg choice="opt">-b, --blocksize</arg>
<arg choice="opt">-?, --help</arg>
<arg choice="opt">--usage</arg>
<arg choice="req">smb://host/share/path/to/file</arg>
<arg choice="opt">smb://url2/</arg>
<arg choice="opt">...</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>smbget is a simple utility with wget-like semantics, that can download files from SMB servers. You can specify the files you would like to download on the command-line.
</para>
<para>
The files should be in the smb-URL standard, e.g. use smb://host/share/file
for the UNC path <emphasis>\\\\HOST\\SHARE\\file</emphasis>.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<varlistentry>
<term>-a, --guest</term>
<listitem><para>Work as user guest</para></listitem>
</varlistentry>
<varlistentry>
<term>-r, --resume</term>
<listitem><para>Automatically resume aborted files</para></listitem>
</varlistentry>
<varlistentry>
<term>-R, --recursive</term>
<listitem><para>Recursively download files</para></listitem>
</varlistentry>
<varlistentry>
<term>-u, --username=STRING</term>
<listitem><para>Username to use</para></listitem>
</varlistentry>
<varlistentry>
<term>-p, --password=STRING</term>
<listitem><para>Password to use</para></listitem>
</varlistentry>
<varlistentry>
<term>-w, --workgroup=STRING</term>
<listitem><para>Workgroup to use (optional)</para></listitem>
</varlistentry>
<varlistentry>
<term>-n, --nonprompt</term>
<listitem><para>Don't ask anything (non-interactive)</para></listitem>
</varlistentry>
<varlistentry>
<term>-d, --debuglevel=INT</term>
<listitem><para>Debuglevel to use</para></listitem>
</varlistentry>
<varlistentry>
<term>-D, --dots</term>
<listitem><para>Show dots as progress indication</para></listitem>
</varlistentry>
<varlistentry>
<term>-P, --keep-permissions</term>
<listitem><para>Set same permissions on local file as are set on remote file.</para></listitem>
</varlistentry>
<varlistentry>
<term>-o, --outputfile</term>
<listitem><para>Write the file that is being download to the specified file. Can not be used together with -R.</para></listitem>
</varlistentry>
<varlistentry>
<term>-f, --rcfile</term>
<listitem><para>Use specified rcfile. This will be loaded in the order it was specified - e.g. if you specify any options before this one, they might get overriden by the contents of the rcfile.</para></listitem>
</varlistentry>
<varlistentry>
<term>-q, --quiet</term>
<listitem><para>Be quiet</para></listitem>
</varlistentry>
<varlistentry>
<term>-v, --verbose</term>
<listitem><para>Be verbose</para></listitem>
</varlistentry>
<varlistentry>
<term>-b, --blocksize</term>
<listitem><para>Number of bytes to download in a block. Defaults to 64000.</para></listitem>
</varlistentry>
<varlistentry>
<term>-?, --help</term>
<listitem><para>Show help message</para></listitem>
</varlistentry>
<varlistentry>
<term>--usage</term>
<listitem><para>Display brief usage message</para></listitem>
</varlistentry>
</refsect1>
<refsect1>
<title>SMB URLS</title>
<para> SMB URL's should be specified in the following format:</para>
<para><programlisting>
smb://[[[domain;]user[:password@]]server[/share[/path[/file]]]]
</programlisting></para>
<para><programlisting>
smb:// means all the workgroups
</programlisting></para>
<para><programlisting>
smb://name/ means, if <replaceable>name</replaceable> is a workgroup, all the servers in this workgroup, or if <replaceable>name</replaceable> is a server, all the shares on this server.
</programlisting></para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<programlisting>
# Recursively download 'src' directory
smbget -R smb://rhonwyn/jelmer/src
# Download FreeBSD ISO and enable resuming
smbget -r smb://rhonwyn/isos/FreeBSD5.1.iso
# Recursively download all ISOs
smbget -Rr smb://rhonwyn/isos
# Backup my data on rhonwyn
smbget -Rr smb://rhonwyn/
</programlisting>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>Permission denied is returned in some cases where the cause of the error is unknown
(such as an illegally formatted smb:// url or trying to get a directory without -R
turned on).</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The smbget manpage was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

116
docs-xml/manpages-3/smbgetrc.5.xml Normal file
View File

@ -0,0 +1,116 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbgetrc.5">
<refmeta>
<refentrytitle>smbgetrc</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbgetrc</refname>
<refpurpose>configuration file for smbget</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>smbgetrc</filename></para>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>
This manual page documents the format and options of the <emphasis>smbgetrc</emphasis>
file. This is the configuration file used by the <citerefentry><refentrytitle>smbget</refentrytitle><manvolnum>1</manvolnum></citerefentry>
utility. The file contains of key-value pairs, one pair on each line. The key
and value should be separated by a space.
</para>
<para>By default, smbget reads its configuration from <emphasis>$HOME/.smbgetrc</emphasis>, though
other locations can be specified using the command-line options.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>
The following keys can be set:
</para>
<variablelist>
<varlistentry><term>resume on|off</term>
<listitem><para>
Whether aborted downloads should be automatically resumed.
</para></listitem>
</varlistentry>
<varlistentry>
<term>recursive on|off</term>
<listitem><para>Whether directories should be downloaded recursively</para></listitem>
</varlistentry>
<varlistentry><term>username <replaceable>name</replaceable></term>
<listitem><para>Username to use when logging in to the remote server. Use an empty string for anonymous access.
</para></listitem>
</varlistentry>
<varlistentry><term>password <replaceable>pass</replaceable></term>
<listitem><para>Password to use when logging in.</para></listitem>
</varlistentry>
<varlistentry><term>workgroup <replaceable>wg</replaceable></term>
<listitem><para>Workgroup to use when logging in</para></listitem>
</varlistentry>
<varlistentry><term>nonprompt on|off</term>
<listitem><para>Turns off asking for username and password. Useful for scripts.</para></listitem>
</varlistentry>
<varlistentry><term>debuglevel <replaceable>int</replaceable></term>
<listitem><para>(Samba) debuglevel to run at. Useful for tracking down protocol level problems.</para></listitem>
</varlistentry>
<varlistentry><term>dots on|off</term>
<listitem><para>Whether a single dot should be printed for each block that has been downloaded, instead of the default progress indicator.</para></listitem>
</varlistentry>
<varlistentry><term>blocksize <replaceable>int</replaceable></term>
<listitem><para>Number of bytes to put in a block. </para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbget</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> and <citerefentry><refentrytitle>Samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>This manual page was written by Jelmer Vernooij</para>
</refsect1>
</refentry>

211
docs-xml/manpages-3/smbpasswd.5.xml Normal file
View File

@ -0,0 +1,211 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbpasswd.5">
<refmeta>
<refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbpasswd</refname>
<refpurpose>The Samba encrypted password file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>smbpasswd</filename></para>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>smbpasswd is the Samba encrypted password file. It contains
the username, Unix user id and the SMB hashed passwords of the
user, as well as account flag information and the time the
password was last changed. This file format has been evolving with
Samba and has had several different formats in the past. </para>
</refsect1>
<refsect1>
<title>FILE FORMAT</title>
<para>The format of the smbpasswd file used by Samba 2.2
is very similar to the familiar Unix <filename>passwd(5)</filename>
file. It is an ASCII file containing one line for each user. Each field
ithin each line is separated from the next by a colon. Any entry
beginning with '#' is ignored. The smbpasswd file contains the
following information for each user: </para>
<variablelist>
<varlistentry>
<term>name</term>
<listitem><para> This is the user name. It must be a name that
already exists in the standard UNIX passwd file. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>uid</term>
<listitem><para>This is the UNIX uid. It must match the uid
field for the same user entry in the standard UNIX passwd file.
If this does not match then Samba will refuse to recognize
this smbpasswd file entry as being valid for a user.
</para></listitem>
</varlistentry>
<varlistentry>
<term>Lanman Password Hash</term>
<listitem><para>This is the LANMAN hash of the user's password,
encoded as 32 hex digits. The LANMAN hash is created by DES
encrypting a well known string with the user's password as the
DES key. This is the same password used by Windows 95/98 machines.
Note that this password hash is regarded as weak as it is
vulnerable to dictionary attacks and if two users choose the
same password this entry will be identical (i.e. the password
is not "salted" as the UNIX password is). If the user has a
null password this field will contain the characters "NO PASSWORD"
as the start of the hex string. If the hex string is equal to
32 'X' characters then the user's account is marked as
<constant>disabled</constant> and the user will not be able to
log onto the Samba server. </para>
<para><emphasis>WARNING !!</emphasis> Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as <emphasis>plain text
equivalents</emphasis> and must <emphasis>NOT</emphasis> be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
traverse access only to the root user and the smbpasswd file
itself must be set to be read/write only by root, with no
other access. </para></listitem>
</varlistentry>
<varlistentry>
<term>NT Password Hash</term>
<listitem><para>This is the Windows NT hash of the user's
password, encoded as 32 hex digits. The Windows NT hash is
created by taking the user's password as represented in
16-bit, little-endian UNICODE and then applying the MD4
(internet rfc1321) hashing algorithm to it. </para>
<para>This password hash is considered more secure than
the LANMAN Password Hash as it preserves the case of the
password and uses a much higher quality hashing algorithm.
However, it is still the case that if two users choose the same
password this entry will be identical (i.e. the password is
not "salted" as the UNIX password is). </para>
<para><emphasis>WARNING !!</emphasis>. Note that, due to
the challenge-response nature of the SMB/CIFS authentication
protocol, anyone with a knowledge of this password hash will
be able to impersonate the user on the network. For this
reason these hashes are known as <emphasis>plain text
equivalents</emphasis> and must <emphasis>NOT</emphasis> be made
available to anyone but the root user. To protect these passwords
the smbpasswd file is placed in a directory with read and
traverse access only to the root user and the smbpasswd file
itself must be set to be read/write only by root, with no
other access. </para></listitem>
</varlistentry>
<varlistentry>
<term>Account Flags</term>
<listitem><para>This section contains flags that describe
the attributes of the users account. This field is bracketed by
'[' and ']' characters and is always 13 characters in length
(including the '[' and ']' characters).
The contents of this field may be any of the following characters:
</para>
<itemizedlist>
<listitem><para><emphasis>U</emphasis> - This means
this is a "User" account, i.e. an ordinary user.</para></listitem>
<listitem><para><emphasis>N</emphasis> - This means the
account has no password (the passwords in the fields LANMAN
Password Hash and NT Password Hash are ignored). Note that this
will only allow users to log on with no password if the <parameter>
null passwords</parameter> parameter is set in the
<citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> config file. </para></listitem>
<listitem><para><emphasis>D</emphasis> - This means the account
is disabled and no SMB/CIFS logins will be allowed for this user. </para></listitem>
<listitem><para><emphasis>X</emphasis> - This means the password
does not expire. </para></listitem>
<listitem><para><emphasis>W</emphasis> - This means this account
is a "Workstation Trust" account. This kind of account is used
in the Samba PDC code stream to allow Windows NT Workstations
and Servers to join a Domain hosted by a Samba PDC. </para>
</listitem>
</itemizedlist>
<para>Other flags may be added as the code is extended in future.
The rest of this field space is filled in with spaces. For further
information regarding the flags that are supported please refer to the
man page for the <command>pdbedit</command> command.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Last Change Time</term>
<listitem><para>This field consists of the time the account was
last modified. It consists of the characters 'LCT-' (standing for
"Last Change Time") followed by a numeric encoding of the UNIX time
in seconds since the epoch (1970) that the last change was made.
</para></listitem>
</varlistentry>
</variablelist>
<para>All other colon separated fields are ignored at this time.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>, and
the Internet RFC1321 for details on the MD4 algorithm.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

431
docs-xml/manpages-3/smbpasswd.8.xml Normal file
View File

@ -0,0 +1,431 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbpasswd.8">
<refmeta>
<refentrytitle>smbpasswd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbpasswd</refname>
<refpurpose>change a user's SMB password</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbpasswd</command>
<arg choice="opt">-a</arg>
<arg choice="opt">-c &lt;config file&gt;</arg>
<arg choice="opt">-x</arg>
<arg choice="opt">-d</arg>
<arg choice="opt">-e</arg>
<arg choice="opt">-D debuglevel</arg>
<arg choice="opt">-n</arg>
<arg choice="opt">-r &lt;remote machine&gt;</arg>
<arg choice="opt">-R &lt;name resolve order&gt;</arg>
<arg choice="opt">-m</arg>
<arg choice="opt">-U username[%password]</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-s</arg>
<arg choice="opt">-w pass</arg>
<arg choice="opt">-W</arg>
<arg choice="opt">-i</arg>
<arg choice="opt">-L</arg>
<arg choice="opt">username</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The smbpasswd program has several different
functions, depending on whether it is run by the <emphasis>root</emphasis> user
or not. When run as a normal user it allows the user to change
the password used for their SMB sessions on any machines that store
SMB passwords. </para>
<para>By default (when run with no arguments) it will attempt to
change the current user's SMB password on the local machine. This is
similar to the way the <command>passwd(1)</command> program works. <command>
smbpasswd</command> differs from how the passwd program works
however in that it is not <emphasis>setuid root</emphasis> but works in
a client-server mode and communicates with a
locally running <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>. As a consequence in order for this to
succeed the smbd daemon must be running on the local machine. On a
UNIX machine the encrypted SMB passwords are usually stored in
the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file. </para>
<para>When run by an ordinary user with no options, smbpasswd
will prompt them for their old SMB password and then ask them
for their new password twice, to ensure that the new password
was typed correctly. No passwords will be echoed on the screen
whilst being typed. If you have a blank SMB password (specified by
the string "NO PASSWORD" in the smbpasswd file) then just press
the &lt;Enter&gt; key when asked for your old password. </para>
<para>smbpasswd can also be used by a normal user to change their
SMB password on remote machines, such as Windows NT Primary Domain
Controllers. See the (<parameter>-r</parameter>) and <parameter>-U</parameter> options
below. </para>
<para>When run by root, smbpasswd allows new users to be added
and deleted in the smbpasswd file, as well as allows changes to
the attributes of the user in this file to be made. When run by root, <command>
smbpasswd</command> accesses the local smbpasswd file
directly, thus enabling changes to be made even if smbd is not
running. </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-a</term>
<listitem><para>
This option specifies that the username following should be added to the local smbpasswd file, with the new
password typed (type &lt;Enter&gt; for the old password). This option is ignored if the username following
already exists in the smbpasswd file and it is treated like a regular change password command. Note that the
default passdb backends require the user to already exist in the system password file (usually
<filename>/etc/passwd</filename>), else the request to add the user will fail.
</para>
<para>This option is only available when running smbpasswd
as root. </para></listitem>
</varlistentry>
<varlistentry>
<term>-c</term>
<listitem><para>
This option can be used to specify the path and file name of the &smb.conf; configuration file when it
is important to use other than the default file and / or location.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-x</term>
<listitem><para>
This option specifies that the username following should be deleted from the local smbpasswd file.
</para>
<para>
This option is only available when running smbpasswd as root.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-d</term>
<listitem><para>This option specifies that the username following
should be <constant>disabled</constant> in the local smbpasswd
file. This is done by writing a <constant>'D'</constant> flag
into the account control space in the smbpasswd file. Once this
is done all attempts to authenticate via SMB using this username
will fail. </para>
<para>If the smbpasswd file is in the 'old' format (pre-Samba 2.0
format) there is no space in the user's password entry to write
this information and the command will FAIL. See <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details on the 'old' and new password file formats.
</para>
<para>This option is only available when running smbpasswd as
root.</para></listitem>
</varlistentry>
<varlistentry>
<term>-e</term>
<listitem><para>This option specifies that the username following
should be <constant>enabled</constant> in the local smbpasswd file,
if the account was previously disabled. If the account was not
disabled this option has no effect. Once the account is enabled then
the user will be able to authenticate via SMB once again. </para>
<para>If the smbpasswd file is in the 'old' format, then <command>
smbpasswd</command> will FAIL to enable the account.
See <citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for
details on the 'old' and new password file formats. </para>
<para>This option is only available when running smbpasswd as root.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-D debuglevel</term>
<listitem><para><replaceable>debuglevel</replaceable> is an integer
from 0 to 10. The default value if this parameter is not specified
is zero. </para>
<para>The higher this value, the more detail will be logged to the
log files about the activities of smbpasswd. At level 0, only
critical errors and serious warnings will be logged. </para>
<para>Levels above 1 will generate considerable amounts of log
data, and should only be used when investigating a problem. Levels
above 3 are designed for use only by developers and generate
HUGE amounts of log data, most of which is extremely cryptic.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-n</term>
<listitem><para>This option specifies that the username following
should have their password set to null (i.e. a blank password) in
the local smbpasswd file. This is done by writing the string "NO
PASSWORD" as the first part of the first password stored in the
smbpasswd file. </para>
<para>Note that to allow users to logon to a Samba server once
the password has been set to "NO PASSWORD" in the smbpasswd
file the administrator must set the following parameter in the [global]
section of the <filename>smb.conf</filename> file : </para>
<para><command>null passwords = yes</command></para>
<para>This option is only available when running smbpasswd as
root.</para></listitem>
</varlistentry>
<varlistentry>
<term>-r remote machine name</term>
<listitem><para>This option allows a user to specify what machine
they wish to change their password on. Without this parameter
smbpasswd defaults to the local host. The <replaceable>remote
machine name</replaceable> is the NetBIOS name of the SMB/CIFS
server to contact to attempt the password change. This name is
resolved into an IP address using the standard name resolution
mechanism in all programs of the Samba suite. See the <parameter>-R
name resolve order</parameter> parameter for details on changing
this resolving mechanism. </para>
<para>The username whose password is changed is that of the
current UNIX logged on user. See the <parameter>-U username</parameter>
parameter for details on changing the password for a different
username. </para>
<para>Note that if changing a Windows NT Domain password the
remote machine specified must be the Primary Domain Controller for
the domain (Backup Domain Controllers only have a read-only
copy of the user account database and will not allow the password
change).</para>
<para><emphasis>Note</emphasis> that Windows 95/98 do not have
a real password database so it is not possible to change passwords
specifying a Win95/98 machine as remote machine target. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>-R name resolve order</term>
<listitem><para>This option allows the user of smbpasswd to determine
what name resolution services to use when looking up the NetBIOS
name of the host being connected to. </para>
<para>The options are :"lmhosts", "host", "wins" and "bcast". They
cause names to be resolved as follows: </para>
<itemizedlist>
<listitem><para><constant>lmhosts</constant>: Lookup an IP
address in the Samba lmhosts file. If the line in lmhosts has
no name type attached to the NetBIOS name (see the <citerefentry><refentrytitle>lmhosts</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> for details) then
any name type matches for lookup.</para></listitem>
<listitem><para><constant>host</constant>: Do a standard host
name to IP address resolution, using the system <filename>/etc/hosts
</filename>, NIS, or DNS lookups. This method of name resolution
is operating system depended for instance on IRIX or Solaris this
may be controlled by the <filename>/etc/nsswitch.conf</filename>
file). Note that this method is only used if the NetBIOS name
type being queried is the 0x20 (server) name type, otherwise
it is ignored.</para></listitem>
<listitem><para><constant>wins</constant>: Query a name with
the IP address listed in the <parameter>wins server</parameter>
parameter. If no WINS server has been specified this method
will be ignored.</para></listitem>
<listitem><para><constant>bcast</constant>: Do a broadcast on
each of the known local interfaces listed in the
<parameter>interfaces</parameter> parameter. This is the least
reliable of the name resolution methods as it depends on the
target host being on a locally connected subnet.</para></listitem>
</itemizedlist>
<para>The default order is <command>lmhosts, host, wins, bcast</command>
and without this parameter or any entry in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file the name resolution methods will
be attempted in this order. </para></listitem>
</varlistentry>
<varlistentry>
<term>-m</term>
<listitem><para>This option tells smbpasswd that the account
being changed is a MACHINE account. Currently this is used
when Samba is being used as an NT Primary Domain Controller.</para>
<para>This option is only available when running smbpasswd as root.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-U username</term>
<listitem><para>This option may only be used in conjunction
with the <parameter>-r</parameter> option. When changing
a password on a remote machine it allows the user to specify
the user name on that machine whose password will be changed. It
is present to allow users who have different user names on
different systems to change these passwords. </para></listitem>
</varlistentry>
<varlistentry>
<term>-h</term>
<listitem><para>This option prints the help string for <command>
smbpasswd</command>, selecting the correct one for running as root
or as an ordinary user. </para></listitem>
</varlistentry>
<varlistentry>
<term>-s</term>
<listitem><para>This option causes smbpasswd to be silent (i.e.
not issue prompts) and to read its old and new passwords from
standard input, rather than from <filename>/dev/tty</filename>
(like the <command>passwd(1)</command> program does). This option
is to aid people writing scripts to drive smbpasswd</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-w password</term>
<listitem><para>This parameter is only available if Samba
has been compiled with LDAP support. The <parameter>-w</parameter>
switch is used to specify the password to be used with the
<smbconfoption name="ldap admin dn"/>. Note that the password is stored in
the <filename>secrets.tdb</filename> and is keyed off
of the admin's DN. This means that if the value of <parameter>ldap
admin dn</parameter> ever changes, the password will need to be
manually updated as well.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-W</term>
<listitem><para><command>NOTE: </command> This option is same as "-w"
except that the password should be entered using stdin.
</para>
<para>This parameter is only available if Samba
has been compiled with LDAP support. The <parameter>-W</parameter>
switch is used to specify the password to be used with the
<smbconfoption name="ldap admin dn"/>. Note that the password is stored in
the <filename>secrets.tdb</filename> and is keyed off
of the admin's DN. This means that if the value of <parameter>ldap
admin dn</parameter> ever changes, the password will need to be
manually updated as well.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem><para>This option tells smbpasswd that the account
being changed is an interdomain trust account. Currently this is used
when Samba is being used as an NT Primary Domain Controller.
The account contains the info about another trusted domain.</para>
<para>This option is only available when running smbpasswd as root.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-L</term>
<listitem><para>Run in local mode.</para></listitem>
</varlistentry>
<varlistentry>
<term>username</term>
<listitem><para>This specifies the username for all of the
<emphasis>root only</emphasis> options to operate on. Only root
can specify this parameter as only root has the permission needed
to modify attributes directly in the local smbpasswd file.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>NOTES</title>
<para>Since <command>smbpasswd</command> works in client-server
mode communicating with a local smbd for a non-root user then
the smbd daemon must be running for this to work. A common problem
is to add a restriction to the hosts that may access the <command>
smbd</command> running on the local machine by specifying either <parameter>allow
hosts</parameter> or <parameter>deny hosts</parameter> entry in
the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file and neglecting to
allow "localhost" access to the smbd. </para>
<para>In addition, the smbpasswd command is only useful if Samba
has been set up to use encrypted passwords. </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbpasswd</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry><refentrytitle>Samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

164
docs-xml/manpages-3/smbsh.1.xml Normal file
View File

@ -0,0 +1,164 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbsh.1">
<refmeta>
<refentrytitle>smbsh</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbsh</refname>
<refpurpose>Allows access to remote SMB shares
using UNIX commands</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbsh</command>
<arg choice="opt">-W workgroup</arg>
<arg choice="opt">-U username</arg>
<arg choice="opt">-P prefix</arg>
<arg choice="opt">-R &lt;name resolve order&gt;</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-l logdir</arg>
<arg choice="opt">-L libdir</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbsh</command> allows you to access an NT filesystem
using UNIX commands such as <command>ls</command>, <command>
egrep</command>, and <command>rcp</command>. You must use a
shell that is dynamically linked in order for <command>smbsh</command>
to work correctly.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-W WORKGROUP</term>
<listitem><para>Override the default workgroup specified in the
workgroup parameter of the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file
for this session. This may be needed to connect to some
servers. </para></listitem>
</varlistentry>
<varlistentry>
<term>-U username[%pass]</term>
<listitem><para>Sets the SMB username or username and password.
If this option is not specified, the user will be prompted for
both the username and the password. If %pass is not specified,
the user will be prompted for the password.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-P prefix</term>
<listitem><para>This option allows
the user to set the directory prefix for SMB access. The
default value if this option is not specified is
<emphasis>smb</emphasis>.
</para></listitem>
</varlistentry>
&stdarg.configfile;
&stdarg.server.debug;
&stdarg.resolve.order;
<varlistentry>
<term>-L libdir</term>
<listitem><para>This parameter specifies the location of the
shared libraries used by <command>smbsh</command>. The default
value is specified at compile time.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>To use the <command>smbsh</command> command, execute <command>
smbsh</command> from the prompt and enter the username and password
that authenticates you to the machine running the Windows NT
operating system.
<programlisting>
<prompt>system% </prompt><userinput>smbsh</userinput>
<prompt>Username: </prompt><userinput>user</userinput>
<prompt>Password: </prompt><userinput>XXXXXXX</userinput>
</programlisting></para>
<para>Any dynamically linked command you execute from
this shell will access the <filename>/smb</filename> directory
using the smb protocol. For example, the command <command>ls /smb
</command> will show a list of workgroups. The command
<command>ls /smb/MYGROUP </command> will show all the machines in
the workgroup MYGROUP. The command
<command>ls /smb/MYGROUP/&lt;machine-name&gt;</command> will show the share
names for that machine. You could then, for example, use the <command>
cd</command> command to change directories, <command>vi</command> to
edit files, and <command>rcp</command> to copy files.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para><command>smbsh</command> works by intercepting the standard
libc calls with the dynamically loaded versions in <filename>
smbwrapper.o</filename>. Not all calls have been "wrapped", so
some programs may not function correctly under <command>smbsh
</command>.</para>
<para>Programs which are not dynamically linked cannot make
use of <command>smbsh</command>'s functionality. Most versions
of UNIX have a <command>file</command> command that will
describe how a program was linked.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

133
docs-xml/manpages-3/smbspool.8.xml Normal file
View File

@ -0,0 +1,133 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbspool.8">
<refmeta>
<refentrytitle>smbspool</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbspool</refname>
<refpurpose>send a print file to an SMB printer</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbspool</command>
<arg choice="req">job</arg>
<arg choice="req">user</arg>
<arg choice="req">title</arg>
<arg choice="req">copies</arg>
<arg choice="req">options</arg>
<arg choice="opt">filename</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>smbspool is a very small print spooling program that
sends a print file to an SMB printer. The command-line arguments
are position-dependent for compatibility with the Common UNIX
Printing System, but you can use smbspool with any printing system
or from a program or script.</para>
<para><emphasis>DEVICE URI</emphasis></para>
<para>smbspool specifies the destination using a Uniform Resource
Identifier ("URI") with a method of "smb". This string can take
a number of forms:</para>
<itemizedlist>
<listitem><para>smb://server[:port]/printer</para></listitem>
<listitem><para>smb://workgroup/server[:port]/printer</para></listitem>
<listitem><para>smb://username:password@server[:port]/printer</para></listitem>
<listitem><para>smb://username:password@workgroup/server[:port]/printer</para></listitem>
</itemizedlist>
<para>smbspool tries to get the URI from the environment variable
<envar>DEVICE_URI</envar>. If <envar>DEVICE_URI</envar> is not present,
smbspool will use argv[0] if that starts with <quote>smb://</quote>
or argv[1] if that is not the case.</para>
<para>Programs using the <command>exec(2)</command> functions can
pass the URI in argv[0], while shell scripts must set the
<envar>DEVICE_URI</envar> environment variable prior to
running smbspool.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<itemizedlist>
<listitem><para>The job argument (argv[1]) contains the
job ID number and is presently not used by smbspool.
</para></listitem>
<listitem><para>The user argument (argv[2]) contains the
print user's name and is presently not used by smbspool.
</para></listitem>
<listitem><para>The title argument (argv[3]) contains the
job title string and is passed as the remote file name
when sending the print job.</para></listitem>
<listitem><para>The copies argument (argv[4]) contains
the number of copies to be printed of the named file. If
no filename is provided then this argument is not used by
smbspool.</para></listitem>
<listitem><para>The options argument (argv[5]) contains
the print options in a single string and is currently
not used by smbspool.</para></listitem>
<listitem><para>The filename argument (argv[6]) contains the
name of the file to print. If this argument is not specified
then the print file is read from the standard input.</para>
</listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para><command>smbspool</command> was written by Michael Sweet
at Easy Software Products.</para>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

140
docs-xml/manpages-3/smbstatus.1.xml Normal file
View File

@ -0,0 +1,140 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbstatus.1">
<refmeta>
<refentrytitle>smbstatus</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbstatus</refname>
<refpurpose>report on current Samba connections</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbstatus</command>
<arg choice="opt">-P</arg>
<arg choice="opt">-b</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-v</arg>
<arg choice="opt">-L</arg>
<arg choice="opt">-B</arg>
<arg choice="opt">-p</arg>
<arg choice="opt">-S</arg>
<arg choice="opt">-s &lt;configuration file&gt;</arg>
<arg choice="opt">-u &lt;username&gt;</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbstatus</command> is a very simple program to
list the current Samba connections.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-P|--profile</term>
<listitem><para>If samba has been compiled with the
profiling option, print only the contents of the profiling
shared memory area.</para></listitem>
</varlistentry>
<varlistentry>
<term>-b|--brief</term>
<listitem><para>gives brief output.</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
<varlistentry>
<term>-v|--verbose</term>
<listitem><para>gives verbose output.</para></listitem>
</varlistentry>
<varlistentry>
<term>-L|--locks</term>
<listitem><para>causes smbstatus to only list locks.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-B|--byterange</term>
<listitem><para>causes smbstatus to include byte range locks.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-p|--processes</term>
<listitem><para>print a list of <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> processes and exit.
Useful for scripting.</para></listitem>
</varlistentry>
<varlistentry>
<term>-S|--shares</term>
<listitem><para>causes smbstatus to only list shares.</para>
</listitem>
</varlistentry>
&stdarg.help;
<varlistentry>
<term>-u|--user=&lt;username&gt;</term>
<listitem><para>selects information relevant to <parameter>username</parameter> only.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

237
docs-xml/manpages-3/smbtar.1.xml Normal file
View File

@ -0,0 +1,237 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbtar.1">
<refmeta>
<refentrytitle>smbtar</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbtar</refname>
<refpurpose>shell script for backing up SMB/CIFS shares
directly to UNIX tape drives</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbtar</command>
<arg choice="opt">-r</arg>
<arg choice="opt">-i</arg>
<arg choice="opt">-a</arg>
<arg choice="opt">-v</arg>
<arg choice="req">-s server</arg>
<arg choice="opt">-p password</arg>
<arg choice="opt">-x services</arg>
<arg choice="opt">-X</arg>
<arg choice="opt">-N filename</arg>
<arg choice="opt">-b blocksize</arg>
<arg choice="opt">-d directory</arg>
<arg choice="opt">-l loglevel</arg>
<arg choice="opt">-u user</arg>
<arg choice="opt">-t tape</arg>
<arg choice="req">filenames</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbtar</command> is a very small shell script on top
of <citerefentry><refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> which dumps SMB shares directly to tape.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-s server</term>
<listitem><para>The SMB/CIFS server that the share resides
upon.</para></listitem>
</varlistentry>
<varlistentry>
<term>-x service</term>
<listitem><para>The share name on the server to connect to.
The default is "backup".</para></listitem>
</varlistentry>
<varlistentry>
<term>-X</term>
<listitem><para>Exclude mode. Exclude filenames... from tar
create or restore. </para></listitem>
</varlistentry>
<varlistentry>
<term>-d directory</term>
<listitem><para>Change to initial <parameter>directory
</parameter> before restoring / backing up files. </para></listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<listitem><para>Verbose mode.</para></listitem>
</varlistentry>
<varlistentry>
<term>-p password</term>
<listitem><para>The password to use to access a share.
Default: none </para></listitem>
</varlistentry>
<varlistentry>
<term>-u user</term>
<listitem><para>The user id to connect as. Default:
UNIX login name. </para></listitem>
</varlistentry>
<varlistentry>
<term>-a</term>
<listitem><para>Reset DOS archive bit mode to
indicate file has been archived. </para></listitem>
</varlistentry>
<varlistentry>
<term>-t tape</term>
<listitem><para>Tape device. May be regular file or tape
device. Default: <parameter>$TAPE</parameter> environmental
variable; if not set, a file called <filename>tar.out
</filename>. </para></listitem>
</varlistentry>
<varlistentry>
<term>-b blocksize</term>
<listitem><para>Blocking factor. Defaults to 20. See
<command>tar(1)</command> for a fuller explanation. </para></listitem>
</varlistentry>
<varlistentry>
<term>-N filename</term>
<listitem><para>Backup only files newer than filename. Could
be used (for example) on a log file to implement incremental
backups. </para></listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem><para>Incremental mode; tar files are only backed
up if they have the archive bit set. The archive bit is reset
after each file is read. </para></listitem>
</varlistentry>
<varlistentry>
<term>-r</term>
<listitem><para>Restore. Files are restored to the share
from the tar file. </para></listitem>
</varlistentry>
<varlistentry>
<term>-l log level</term>
<listitem><para>Log (debug) level. Corresponds to the
<parameter>-d</parameter> flag of <citerefentry>
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>ENVIRONMENT VARIABLES</title>
<para>The <parameter>$TAPE</parameter> variable specifies the
default tape device to write to. May be overridden
with the -t option. </para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>The <command>smbtar</command> script has different
options from ordinary tar and from smbclient's tar command. </para>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para>Sites that are more careful about security may not like
the way the script handles PC passwords. Backup and restore work
on entire shares; should work on file lists. smbtar works best
with GNU tar and may not work well with other versions. </para>
</refsect1>
<refsect1>
<title>DIAGNOSTICS</title>
<para>See the <emphasis>DIAGNOSTICS</emphasis> section for the <citerefentry>
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
</citerefentry> command.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>smbclient</refentrytitle><manvolnum>1</manvolnum>
</citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para><ulink noescape="1" url="mailto:poultenr@logica.co.uk">Ricky Poulten</ulink>
wrote the tar extension and this man page. The <command>smbtar</command>
script was heavily rewritten and improved by <ulink noescape="1"
url="mailto:Martin.Kraemer@mch.sni.de">Martin Kraemer</ulink>. Many
thanks to everyone who suggested extensions, improvements, bug
fixes, etc. The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

96
docs-xml/manpages-3/smbtree.1.xml Normal file
View File

@ -0,0 +1,96 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="smbtree.1">
<refmeta>
<refentrytitle>smbtree</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbtree</refname>
<refpurpose>A text based smb network browser
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>smbtree</command>
<arg choice="opt">-b</arg>
<arg choice="opt">-D</arg>
<arg choice="opt">-S</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>smbtree</command> is a smb browser program
in text mode. It is similar to the "Network Neighborhood" found
on Windows computers. It prints a tree with all
the known domains, the servers in those domains and
the shares on the servers.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-b</term>
<listitem><para>Query network nodes by sending requests
as broadcasts instead of querying the local master browser.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-D</term>
<listitem><para>Only print a list of all
the domains known on broadcast or by the
master browser</para></listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem><para>Only print a list of
all the domains and servers responding on broadcast or
known by the master browser.
</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
&popt.common.credentials;
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba
suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The smbtree man page was written by Jelmer Vernooij. </para>
</refsect1>
</refentry>

237
docs-xml/manpages-3/swat.8.xml Normal file
View File

@ -0,0 +1,237 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="swat.8">
<refmeta>
<refentrytitle>swat</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>swat</refname>
<refpurpose>Samba Web Administration Tool</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>swat</command>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
<arg choice="opt">-a</arg>
<arg choice="opt">-P</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>swat</command> allows a Samba administrator to
configure the complex <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file via a Web browser. In addition,
a <command>swat</command> configuration page has help links
to all the configurable options in the <filename>smb.conf</filename> file allowing an
administrator to easily look up the effects of any change. </para>
<para><command>swat</command> is run from <command>inetd</command> </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-s smb configuration file</term>
<listitem><para>The default configuration file path is
determined at compile time. The file specified contains
the configuration details required by the <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> server. This is the file
that <command>swat</command> will modify.
The information in this file includes server-specific
information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide.
See <filename>smb.conf</filename> for more information.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-a</term>
<listitem><para>This option disables authentication and
places <command>swat</command> in demo mode. In that mode anyone will be able to modify
the <filename>smb.conf</filename> file. </para>
<para><emphasis>WARNING: Do NOT enable this option on a production
server. </emphasis></para></listitem>
</varlistentry>
<varlistentry>
<term>-P</term>
<listitem><para>This option restricts read-only users to the password
management page. <command>swat</command> can then be used to change
user passwords without users seeing the "View" and "Status" menu
buttons.</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>INSTALLATION</title>
<para>Swat is included as binary package with most distributions. The
package manager in this case takes care of the installation and
configuration. This section is only for those who have compiled
swat from scratch.
</para>
<para>After you compile SWAT you need to run <command>make install
</command> to install the <command>swat</command> binary
and the various help files and images. A default install would put
these in: </para>
<itemizedlist>
<listitem><para>/usr/local/samba/sbin/swat</para></listitem>
<listitem><para>/usr/local/samba/swat/images/*</para></listitem>
<listitem><para>/usr/local/samba/swat/help/*</para></listitem>
</itemizedlist>
<refsect2>
<title>Inetd Installation</title>
<para>You need to edit your <filename>/etc/inetd.conf
</filename> and <filename>/etc/services</filename>
to enable SWAT to be launched via <command>inetd</command>.</para>
<para>In <filename>/etc/services</filename> you need to
add a line like this: </para>
<para><command>swat 901/tcp</command></para>
<para>Note for NIS/YP and LDAP users - you may need to rebuild the
NIS service maps rather than alter your local <filename>
/etc/services</filename> file. </para>
<para>the choice of port number isn't really important
except that it should be less than 1024 and not currently
used (using a number above 1024 presents an obscure security
hole depending on the implementation details of your
<command>inetd</command> daemon). </para>
<para>In <filename>/etc/inetd.conf</filename> you should
add a line like this: </para>
<para><command>swat stream tcp nowait.400 root
/usr/local/samba/sbin/swat swat</command></para>
<para>Once you have edited <filename>/etc/services</filename>
and <filename>/etc/inetd.conf</filename> you need to send a
HUP signal to inetd. To do this use <command>kill -1 PID
</command> where PID is the process ID of the inetd daemon. </para>
</refsect2>
</refsect1>
<refsect1>
<title>LAUNCHING</title>
<para>To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/".</para>
<para>Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire. </para>
</refsect1>
<refsect1>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/inetd.conf</filename></term>
<listitem><para>This file must contain suitable startup
information for the meta-daemon.</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/services</filename></term>
<listitem><para>This file must contain a mapping of service name
(e.g., swat) to service port (e.g., 901) and protocol type
(e.g., tcp). </para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
<listitem><para>This is the default location of the <citerefentry>
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> server configuration file that swat edits. Other
common places that systems install this file are <filename>
/usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf
</filename>. This file describes all the services the server
is to make available to clients. </para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>WARNINGS</title>
<para><command>swat</command> will rewrite your <citerefentry>
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> file. It will rearrange the entries and delete all
comments, <parameter>include=</parameter> and <parameter>copy=
</parameter> options. If you have a carefully crafted <filename>
smb.conf</filename> then back it up or don't use swat! </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><command>inetd(5)</command>, <citerefentry>
<refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>, <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

136
docs-xml/manpages-3/tdbbackup.8.xml Normal file
View File

@ -0,0 +1,136 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="tdbbackup.8">
<refmeta>
<refentrytitle>tdbbackup</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>tdbbackup</refname>
<refpurpose>tool for backing up and for validating the integrity of samba .tdb files</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>tdbbackup</command>
<arg choice="opt">-s suffix</arg>
<arg choice="opt">-v</arg>
<arg choice="opt">-h</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> suite.</para>
<para><command>tdbbackup</command> is a tool that may be used to backup samba .tdb
files. This tool may also be used to verify the integrity of the .tdb files prior
to samba startup or during normal operation. If it finds file damage and it finds
a prior backup the backup file will be restored.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem><para>
Get help information.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-s suffix</term>
<listitem><para>
The <command>-s</command> option allows the adminisistrator to specify a file
backup extension. This way it is possible to keep a history of tdb backup
files by using a new suffix for each backup.
</para> </listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<listitem><para>
The <command>-v</command> will check the database for damages (currupt data)
which if detected causes the backup to be restored.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>COMMANDS</title>
<para><emphasis>GENERAL INFORMATION</emphasis></para>
<para>
The <command>tdbbackup</command> utility can safely be run at any time. It was designed so
that it can be used at any time to validate the integrity of tdb files, even during Samba
operation. Typical usage for the command will be:
</para>
<para>tdbbackup [-s suffix] *.tdb</para>
<para>
Before restarting samba the following command may be run to validate .tdb files:
</para>
<para>tdbbackup -v [-s suffix] *.tdb</para>
<para>
Samba .tdb files are stored in various locations, be sure to run backup all
.tdb file on the system. Important files includes:
</para>
<itemizedlist>
<listitem><para>
<command>secrets.tdb</command> - usual location is in the /usr/local/samba/private
directory, or on some systems in /etc/samba.
</para></listitem>
<listitem><para>
<command>passdb.tdb</command> - usual location is in the /usr/local/samba/private
directory, or on some systems in /etc/samba.
</para></listitem>
<listitem><para>
<command>*.tdb</command> located in the /usr/local/samba/var directory or on some
systems in the /var/cache or /var/lib/samba directories.
</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities were created by Andrew Tridgell.
Samba is now developed by the Samba Team as an Open Source project similar to the way
the Linux kernel is developed.
</para>
<para>The tdbbackup man page was written by John H Terpstra.</para>
</refsect1>
</refentry>

61
docs-xml/manpages-3/tdbdump.8.xml Normal file
View File

@ -0,0 +1,61 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="tdbdump.8">
<refmeta>
<refentrytitle>tdbdump</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>tdbdump</refname>
<refpurpose>tool for printing the contents of a TDB file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>tdbdump</command>
<arg choice="req">filename</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> suite.</para>
<para><command>tdbdump</command> is a very simple utility that 'dumps' the
contents of a TDB (Trivial DataBase) file to standard output in a
human-readable format.
</para>
<para>This tool can be used when debugging problems with TDB files. It is
intended for those who are somewhat familiar with Samba internals.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>
The original Samba software and related utilities were created by Andrew Tridgell.
Samba is now developed by the Samba Team as an Open Source project similar to the way
the Linux kernel is developed.
</para>
<para>The tdbdump man page was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

227
docs-xml/manpages-3/tdbtool.8.xml Normal file
View File

@ -0,0 +1,227 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="tdbtool.8">
<refmeta>
<refentrytitle>tdbtool</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>tdbtool</refname>
<refpurpose>manipulate the contents TDB files</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>tdbtool</command>
</cmdsynopsis>
<cmdsynopsis>
<command>tdbtool</command>
<arg choice="plain">
<replaceable>TDBFILE</replaceable>
</arg>
<arg rep="repeat" choice="opt">
<replaceable>COMMANDS</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> suite.</para>
<para><command>tdbtool</command> a tool for displaying and
altering the contents of Samba TDB (Trivial DataBase) files. Each
of the commands listed below can be entered interactively or
provided on the command line.</para>
</refsect1>
<refsect1>
<title>COMMANDS</title>
<variablelist>
<varlistentry>
<term><option>create</option>
<replaceable>TDBFILE</replaceable></term>
<listitem><para>Create a new database named
<replaceable>TDBFILE</replaceable>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>open</option>
<replaceable>TDBFILE</replaceable></term>
<listitem><para>Open an existing database named
<replaceable>TDBFILE</replaceable>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>erase</option></term>
<listitem><para>Erase the current database.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>dump</option></term>
<listitem><para>Dump the current database as strings.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>cdump</option></term>
<listitem><para>Dump the current database as connection records.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>keys</option></term>
<listitem><para>Dump the current database keys as strings.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>hexkeys</option></term>
<listitem><para>Dump the current database keys as hex values.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>info</option></term>
<listitem><para>Print summary information about the
current database.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>insert</option>
<replaceable>KEY</replaceable>
<replaceable>DATA</replaceable>
</term>
<listitem><para>Insert a record into the
current database.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>move</option>
<replaceable>KEY</replaceable>
<replaceable>TDBFILE</replaceable>
</term>
<listitem><para>Move a record from the
current database into <replaceable>TDBFILE</replaceable>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>store</option>
<replaceable>KEY</replaceable>
<replaceable>DATA</replaceable>
</term>
<listitem><para>Store (replace) a record in the
current database.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>show</option>
<replaceable>KEY</replaceable>
</term>
<listitem><para>Show a record by key.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>delete</option>
<replaceable>KEY</replaceable>
</term>
<listitem><para>Delete a record by key.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>list</option>
</term>
<listitem><para>Print the current database hash table and free list.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>free</option>
</term>
<listitem><para>Print the current database and free list.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>!</option>
<replaceable>COMMAND</replaceable>
</term>
<listitem><para>Execute the given system command.
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>first</option>
</term>
<listitem><para>Print the first record in the current database.
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>next</option>
</term>
<listitem><para>Print the next record in the current database.
</para></listitem>
</varlistentry>
<varlistentry>
<term>
<option>quit</option>
</term>
<listitem><para>Exit <command>tdbtool</command>.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para>The contents of the Samba TDB files are private
to the implementation and should not be altered with
<command>tdbtool</command>.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para> The original Samba software and related utilities were
created by Andrew Tridgell. Samba is now developed by the
Samba Team as an Open Source project similar to the way the
Linux kernel is developed.</para>
</refsect1>
</refentry>

210
docs-xml/manpages-3/testparm.1.xml Normal file
View File

@ -0,0 +1,210 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="testparm.1">
<refmeta>
<refentrytitle>testparm</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>testparm</refname>
<refpurpose>check an smb.conf configuration file for
internal correctness</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>testparm</command>
<arg choice="opt">-s</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-v</arg>
<arg choice="opt">-L &lt;servername&gt;</arg>
<arg choice="opt">-t &lt;encoding&gt;</arg>
<arg choice="req">config filename</arg>
<arg choice="opt">hostname hostIP</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>testparm</command> is a very simple test program
to check an <citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> configuration file for
internal correctness. If this program reports no problems, you
can use the configuration file with confidence that <command>smbd
</command> will successfully load the configuration file.</para>
<para>Note that this is <emphasis>NOT</emphasis> a guarantee that
the services specified in the configuration file will be
available or will operate as expected. </para>
<para>If the optional host name and host IP address are
specified on the command line, this test program will run through
the service entries reporting whether the specified host
has access to each service. </para>
<para>If <command>testparm</command> finds an error in the <filename>
smb.conf</filename> file it returns an exit code of 1 to the calling
program, else it returns an exit code of 0. This allows shell scripts
to test the output from <command>testparm</command>.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-s</term>
<listitem><para>Without this option, <command>testparm</command>
will prompt for a carriage return after printing the service
names and before dumping the service definitions.</para></listitem>
</varlistentry>
&stdarg.help;
&stdarg.version;
<varlistentry>
<term>-L servername</term>
<listitem><para>Sets the value of the %L macro to <replaceable>servername</replaceable>.
This is useful for testing include files specified with the
%L macro. </para></listitem>
</varlistentry>
<varlistentry>
<term>-v</term>
<listitem><para>If this option is specified, testparm
will also output all options that were not used in <citerefentry>
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> and are thus set to their defaults.</para></listitem>
</varlistentry>
<varlistentry>
<term>-t encoding</term>
<listitem><para>
Output data in specified encoding.
</para></listitem>
</varlistentry>
<varlistentry>
<term>--parameter-name parametername</term>
<listitem><para>
Dumps the named parameter. If no section-name is set the view
is limited by default to the global section.
It is also possible to dump a parametrical option. Therfore
the option has to be separated by a colon from the
parametername.
</para></listitem>
</varlistentry>
<varlistentry>
<term>--section-name sectionname</term>
<listitem><para>
Dumps the named section.
</para></listitem>
</varlistentry>
<varlistentry>
<term>configfilename</term>
<listitem><para>This is the name of the configuration file
to check. If this parameter is not present then the
default <citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> file will be checked.
</para></listitem>
</varlistentry>
<varlistentry>
<term>hostname</term>
<listitem><para>If this parameter and the following are
specified, then <command>testparm</command> will examine the <parameter>hosts
allow</parameter> and <parameter>hosts deny</parameter>
parameters in the <citerefentry>
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> file to
determine if the hostname with this IP address would be
allowed access to the <command>smbd</command> server. If
this parameter is supplied, the hostIP parameter must also
be supplied.</para></listitem>
</varlistentry>
<varlistentry>
<term>hostIP</term>
<listitem><para>This is the IP address of the host specified
in the previous parameter. This address must be supplied
if the hostname parameter is supplied. </para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><citerefentry><refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry></term>
<listitem><para>This is usually the name of the configuration
file used by <citerefentry><refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>DIAGNOSTICS</title>
<para>The program will issue a message saying whether the
configuration file loaded OK or not. This message may be preceded by
errors and warnings if the file did not load. If the file was
loaded OK, the program then dumps all known service details
to stdout. </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>, <citerefentry>
<refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at <ulink noescape="1" url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to DocBook XML 4.2
for Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

137
docs-xml/manpages-3/umount.cifs.8.xml Normal file
View File

@ -0,0 +1,137 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="umount.cifs.8">
<refmeta>
<refentrytitle>umount.cifs</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>umount.cifs</refname>
<refpurpose>for normal, non-root users, to unmount their own Common Internet File System (CIFS) mounts</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>umount.cifs</command>
<arg choice="req">mount-point</arg>
<arg choice="opt">-nVvhfle</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>umount.cifs unmounts a Linux CIFS filesystem. It can be invoked
indirectly by the
<citerefentry><refentrytitle>umount</refentrytitle><manvolnum>8</manvolnum></citerefentry> command
when umount.cifs is in /sbin directory, unless you specify the "-i" option to umount. Specifying -i to umount avoids execution of umount helpers such as umount.cifs. The umount.cifs command only works in Linux, and the kernel must
support the cifs filesystem. The CIFS protocol is the successor to the
SMB protocol and is supported by most Windows servers and many other
commercial servers and Network Attached Storage appliances as well as
by the popular Open Source server Samba.
</para>
<para>
The umount.cifs utility detaches the local directory <emphasis>mount-point</emphasis> from the corresponding UNC name (exported network resource) and frees the associated kernel resources.
It is possible to set the mode for umount.cifs to
setuid root (or equivalently update the /etc/permissions file) to allow non-root users to umount shares to directories for which they have write permission. The umount.cifs utility is typically
not needed if unmounts need only be performed by root users, or if user mounts and unmounts
can rely on specifying explicit entries in /etc/fstab See</para>
<para><citerefentry><refentrytitle>fstab</refentrytitle>
<manvolnum>5</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>--verbose</term>
<listitem><para>print additional debugging information</para></listitem>
</varlistentry>
<varlistentry>
<term>--no-mtab</term>
<listitem><para>Do not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>NOTES</title>
<para>This command is normally intended to be installed setuid (since root users can already run unmount). An alternative to using umount.cifs is to add specfic entries for the user mounts that you wish a particular user or users to mount and unmount to /etc/fstab</para>
</refsect1>
<refsect1>
<title>CONFIGURATION</title>
<para>
The primary mechanism for making configuration changes and for reading
debug information for the cifs vfs is via the Linux /proc filesystem.
In the directory <filename>/proc/fs/cifs</filename> are various
configuration files and pseudo files which can display debug information.
For more information see the kernel file <filename>fs/cifs/README</filename>.
</para>
</refsect1>
<refsect1>
<title>BUGS</title>
<para>At this time umount.cifs does not lock the mount table using the same lock as the umount utility does, so do not attempt to do multiple unmounts from different processes (and in particular unmounts of a cifs mount and another type of filesystem mount at the same time).
</para>
<para>If the same mount point is mounted multiple times by cifs, umount.cifs will remove all of the matching entries from the mount table (although umount.cifs will actually only unmount the last one), rather than only removing the last matching entry in /etc/mtab. The pseudofile /proc/mounts will display correct information though, and the lack of an entry in /etc/mtab does not prevent subsequent unmounts.</para>
<para>
Note that the typical response to a bug report is a suggestion
to try the latest version first. So please try doing that first,
and always include which versions you use of relevant software
when reporting bugs (minimum: umount.cifs (try umount.cifs -V), kernel (see /proc/version) and
server type you are trying to contact.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 1.34 of
the cifs vfs filesystem (roughly Linux kernel 2.6.12).</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
Documentation/filesystems/cifs.txt and fs/cifs/README in the linux kernel
source tree may contain additional options and information.
</para>
<para><citerefentry><refentrytitle>mount.cifs</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>Steve French</para>
<para>The syntax was loosely based on the umount utility and the manpage was loosely based on that of mount.cifs.8. The man page was created by Steve French</para>
<para>The maintainer of the Linux cifs vfs and the userspace
tool <emphasis>umount.cifs</emphasis> is <ulink url="mailto:sfrench@samba.org">Steve French</ulink>.
The <ulink url="mailto:linux-cifs-client@lists.samba.org">Linux CIFS Mailing list</ulink>
is the preferred place to ask questions regarding these programs.
</para>
</refsect1>
</refentry>

122
docs-xml/manpages-3/vfs_audit.8.xml Normal file
View File

@ -0,0 +1,122 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_audit.8">
<refmeta>
<refentrytitle>vfs_audit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_audit</refname>
<refpurpose>record selected Samba VFS operations in the system log</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = audit</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_audit</command> VFS module records selected
client operations to the system log using
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>.</para>
<para>The following Samba VFS operations are recorded:</para>
<simplelist>
<member>connect</member>
<member>disconnect</member>
<member>opendir</member>
<member>mkdir</member>
<member>rmdir</member>
<member>open</member>
<member>close</member>
<member>rename</member>
<member>unlink</member>
<member>chmod</member>
<member>fchmod</member>
<member>chmod_acl</member>
<member>fchmod_acl</member>
</simplelist>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>audit:facility = FACILITY</term>
<listitem>
<para>Log messages to the named
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> facility.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>audit:priority = PRIORITY</term>
<listitem>
<para>Log messages with the named
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> priority.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Log operations on all shares using the LOCAL1 facility
and NOTICE priority:</para>
<programlisting>
<smbconfsection name="[global]"/>
<smbconfoption name="vfs objects">audit</smbconfoption>
<smbconfoption name="audit:facility">LOCAL1</smbconfoption>
<smbconfoption name="audit:priority">NOTICE</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

110
docs-xml/manpages-3/vfs_cacheprime.8.xml Normal file
View File

@ -0,0 +1,110 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_cacheprime.8">
<refmeta>
<refentrytitle>vfs_cacheprime</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_cacheprime</refname>
<refpurpose>prime the kernel file data cache</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = cacheprime</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_cacheprime</command> VFS module reads chunks
of file data near the range requested by clients in order to
make sure the data is present in the kernel file data cache at
the time when it is actually requested by clients. </para>
<para>The size of the disk read operations performed
by <command>vfs_cacheprime</command> is determined by the
cacheprime:rsize option. All disk read operations are aligned
on boundaries that are a multiple of this size. Each range of
the file data is primed at most once during the time the client
has the file open. </para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>cacheprime:rsize = BYTES</term>
<listitem>
<para>The number of bytes with which to prime
the kernel data cache.</para>
<para>The following suffixes may be applied to BYTES:</para>
<itemizedlist>
<listitem><para><command>K</command> - BYTES is a number of kilobytes</para></listitem>
<listitem><para><command>M</command> - BYTES is a number of megabytes</para></listitem>
<listitem><para><command>G</command> - BYTES is a number of gigabytes</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>For a hypothetical disk array, it is necessary to ensure
that all read operations are of size 1 megabyte (1048576 bytes),
and aligned on 1 megabyte boundaries:
</para>
<programlisting>
<smbconfsection name="[hypothetical]"/>
<smbconfoption name="vfs objects">cacheprime</smbconfoption>
<smbconfoption name="cacheprime:rsize">1M</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para><command>cacheprime</command> is not a a substitute for
a general-purpose readahead mechanism. It is intended for use
only in very specific environments where disk operations must
be aligned and sized to known values (as much as that is possible).
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

78
docs-xml/manpages-3/vfs_cap.8.xml Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_cap.8">
<refmeta>
<refentrytitle>vfs_cap</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_cap</refname>
<refpurpose>CAP encode filenames</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = cap</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>CAP (Columbia Appletalk Protocol) encoding is a
technique for representing non-ASCII filenames in ASCII. The
<command>vfs_cap</command> VFS module translates filenames to and
from CAP format, allowing users to name files in their native
encoding. </para>
<para>CAP encoding is most commonly
used in Japanese language environments. </para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>On a system using GNU libiconv, use CAP encoding to support
users in the Shift_JIS locale:</para>
<programlisting>
<smbconfsection name="[global]"/>
<smbconfoption name="dos charset">CP932</smbconfoption>
<smbconfoption name="dos charset">CP932</smbconfoption>
<smbconfoption name="vfs objects">cap</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

73
docs-xml/manpages-3/vfs_catia.8.xml Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_catia.8">
<refmeta>
<refentrytitle>vfs_catia</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_catia</refname>
<refpurpose>translate illegal characters in Catia filenames</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = catia</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The Catia CAD package commonly creates filenames that
use characters that are illegal in CIFS filenames. The
<command>vfs_catia</command> VFS module implements a fixed character
mapping so that these files can be shared with CIFS clients.
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Map Catia filenames on the [CAD] share:</para>
<programlisting>
<smbconfsection name="[CAD]"/>
<smbconfoption name="path">/data/cad</smbconfoption>
<smbconfoption name="vfs objects">catia</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

110
docs-xml/manpages-3/vfs_commit.8.xml Normal file
View File

@ -0,0 +1,110 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_commit.8">
<refmeta>
<refentrytitle>vfs_commit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_commit</refname>
<refpurpose>flush dirty data at specified intervals</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = commit</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_commit</command> VFS module keeps track of
the amount of data written to a file and synchronizes it to
disk when a specified amount accumulates.
</para>
<para><command>vfs_commit</command> is useful in two
circumstances. First, if you have very precious data, the
impact of unexpected power loss can be minimized by a small
commit:dthresh value. Secondly, write performance can be
improved on some systems by flushing file data early and at
regular intervals.</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>commit:dthresh = BYTES</term>
<listitem>
<para>Synchronize file data each time the specified
number of bytes has been written.
</para>
<para>The following suffixes may be applied to BYTES:</para>
<itemizedlist>
<listitem><para><command>K</command> - BYTES is a number of kilobytes</para></listitem>
<listitem><para><command>M</command> - BYTES is a number of megabytes</para></listitem>
<listitem><para><command>G</command> - BYTES is a number of gigabytes</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Synchronize the file data on the [precious] share after
every 512 kilobytes (524288 bytes) of data is written:</para>
<programlisting>
<smbconfsection name="[precious]"/>
<smbconfoption name="path">/data/precious</smbconfoption>
<smbconfoption name="vfs objects">commit</smbconfoption>
<smbconfoption name="commit:dthresh">512K</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para>On some systems, the data synchronization performed by
<command>commit</command> may reduce performance.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

136
docs-xml/manpages-3/vfs_default_quota.8.xml Normal file
View File

@ -0,0 +1,136 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_default_quota.8">
<refmeta>
<refentrytitle>vfs_default_quota</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_default_quota</refname>
<refpurpose>store default quota records for Windows clients</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = default_quota</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>
suite.</para>
<para>Many common quota implementations only store
quotas for users and groups, but do not store a default quota. The
<command>vfs_default_quota</command> module allows Samba to store
default quota values which can be examined using the Windows
Explorer interface.
</para>
<para>By default, Samba returns NO_LIMIT the default quota and
refuses to update them. <command>vfs_default_quota</command> maps
the default quota to the quota record of a user. By default the
root user is taken because quota limits for root are typically
not enforced.</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>default_quota:uid = UID</term>
<listitem>
<para>UID specifies the user ID of the quota record where the
default user quota values are stored.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>default_quota:gid = GID</term>
<listitem>
<para>GID specifies the group ID of the quota record where the
default group quota values are stored.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>default_quota:uid nolimit = BOOL</term>
<listitem>
<para>If this parameter is True, then the user whose
quota record is storing the default user quota will
be reported as having a quota of NO_LIMIT. Otherwise,
the stored values will be reported.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>default_quota:gid nolimit = BOOL</term>
<listitem>
<para>If this parameter is True, then the group whose
quota record is storing the default group quota will
be reported as having a quota of NO_LIMIT. Otherwise,
the stored values will be reported.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Store the default quota record in the quota record for
the user with ID 65535 and report that user as having no quota
limits:</para>
<programlisting>
<smbconfsection name="[global]"/>
<smbconfoption name="vfs objects">default_quota</smbconfoption>
<smbconfoption name="default_quota:uid">65535</smbconfoption>
<smbconfoption name="default_quota:uid nolimit">yes</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

68
docs-xml/manpages-3/vfs_extd_audit.8.xml Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_extd_audit.8">
<refmeta>
<refentrytitle>vfs_extd_audit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_extd_audit</refname>
<refpurpose>record selected Samba VFS operations</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = extd_audit</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>extd_audit</command> VFS module records selected
client operations to both the
<citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> log and
system log (using
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>).</para>
<para>Other than logging to the
<citerefentry><refentrytitle>smbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> log,
<command>vfs_extd_audit</command> is identical to
<citerefentry><refentrytitle>vfs_audit</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>.
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

73
docs-xml/manpages-3/vfs_fake_perms.8.xml Normal file
View File

@ -0,0 +1,73 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_fake_perms.8">
<refmeta>
<refentrytitle>vfs_fake_perms</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_fake_perms</refname>
<refpurpose>enable read only Roaming Profiles</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = fake_perms</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_fake_perms</command> VFS module was created
to allow Roaming Profile files and directories to be set (on
the Samba server under UNIX) as read only. This module will,
if installed on the Profiles share, report to the client that
the Profile files and directories are writeable. This satisfies
the client even though the files will never be overwritten as
the client logs out or shuts down.
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<programlisting>
<smbconfsection name="[Profiles]"/>
<smbconfoption name="path">/profiles</smbconfoption>
<smbconfoption name="vfs objects">fake_perms</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

266
docs-xml/manpages-3/vfs_full_audit.8.xml Normal file
View File

@ -0,0 +1,266 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_full_audit.8">
<refmeta>
<refentrytitle>vfs_full_audit</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_full_audit</refname>
<refpurpose>record Samba VFS operations in the system log</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = full_audit</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_full_audit</command> VFS module records selected
client operations to the system log using
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry>.</para>
<para><command>vfs_full_audit</command> is able to record the
complete set of Samba VFS operations:</para>
<simplelist>
<member>aio_cancel</member>
<member>aio_error</member>
<member>aio_fsync</member>
<member>aio_read</member>
<member>aio_return</member>
<member>aio_suspend</member>
<member>aio_write</member>
<member>chdir</member>
<member>chflags</member>
<member>chmod</member>
<member>chmod_acl</member>
<member>chown</member>
<member>close</member>
<member>closedir</member>
<member>connect</member>
<member>disconnect</member>
<member>disk_free</member>
<member>fchmod</member>
<member>fchmod_acl</member>
<member>fchown</member>
<member>fget_nt_acl</member>
<member>fgetxattr</member>
<member>flistxattr</member>
<member>fremovexattr</member>
<member>fset_nt_acl</member>
<member>fsetxattr</member>
<member>fstat</member>
<member>fsync</member>
<member>ftruncate</member>
<member>get_nt_acl</member>
<member>get_quota</member>
<member>get_shadow_copy_data</member>
<member>getlock</member>
<member>getwd</member>
<member>getxattr</member>
<member>kernel_flock</member>
<member>lgetxattr</member>
<member>link</member>
<member>linux_setlease</member>
<member>listxattr</member>
<member>llistxattr</member>
<member>lock</member>
<member>lremovexattr</member>
<member>lseek</member>
<member>lsetxattr</member>
<member>lstat</member>
<member>mkdir</member>
<member>mknod</member>
<member>open</member>
<member>opendir</member>
<member>pread</member>
<member>pwrite</member>
<member>read</member>
<member>readdir</member>
<member>readlink</member>
<member>realpath</member>
<member>removexattr</member>
<member>rename</member>
<member>rewinddir</member>
<member>rmdir</member>
<member>seekdir</member>
<member>sendfile</member>
<member>set_nt_acl</member>
<member>set_quota</member>
<member>setxattr</member>
<member>stat</member>
<member>statvfs</member>
<member>symlink</member>
<member>sys_acl_add_perm</member>
<member>sys_acl_clear_perms</member>
<member>sys_acl_create_entry</member>
<member>sys_acl_delete_def_file</member>
<member>sys_acl_free_acl</member>
<member>sys_acl_free_qualifier</member>
<member>sys_acl_free_text</member>
<member>sys_acl_get_entry</member>
<member>sys_acl_get_fd</member>
<member>sys_acl_get_file</member>
<member>sys_acl_get_perm</member>
<member>sys_acl_get_permset</member>
<member>sys_acl_get_qualifier</member>
<member>sys_acl_get_tag_type</member>
<member>sys_acl_init</member>
<member>sys_acl_set_fd</member>
<member>sys_acl_set_file</member>
<member>sys_acl_set_permset</member>
<member>sys_acl_set_qualifier</member>
<member>sys_acl_set_tag_type</member>
<member>sys_acl_to_text</member>
<member>sys_acl_valid</member>
<member>telldir</member>
<member>unlink</member>
<member>utime</member>
<member>write</member>
</simplelist>
<para>In addition to these operations,
<command>vfs_full_audit</command> recognizes the special operation
names &quot;all&quot; and &quot;none &quot;, which refer to all
the VFS operations and none of the VFS operations respectively.
</para>
<para><command>vfs_full_audit</command> records operations in fixed
format consisting of fields separated by '|' characters. The
format is: </para>
<programlisting>
smbd_audit: PREFIX|OPERATION|RESULT|FILE
</programlisting>
<para>The record fields are:</para>
<itemizedlist>
<listitem><para><command>PREFIX</command> - the result of the full_audit:prefix string after variable substitutions</para></listitem>
<listitem><para><command>OPERATION</command> - the name of the VFS operation</para></listitem>
<listitem><para><command>RESULT</command> - whether the operation succeeded or failed</para></listitem>
<listitem><para><command>FILE</command> - the name of the file or directory the operation was performed on</para></listitem>
</itemizedlist>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>vfs_full_audit:prefix = STRING</term>
<listitem>
<para>Prepend audit messages with STRING. STRING is
processed for standard substitution variables listed in
<citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>. The default
prefix is &quot;%u|%I&quot;. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>vfs_full_audit:success = LIST</term>
<listitem>
<para>LIST is a list of VFS operations that should be
recorded if they succeed. Operations are specified using
the names listed above.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>vfs_full_audit:failure = LIST</term>
<listitem>
<para>LIST is a list of VFS operations that should be
recorded if they failed. Operations are specified using
the names listed above.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>full_audit:facility = FACILITY</term>
<listitem>
<para>Log messages to the named
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> facility.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>full_audit:priority = PRIORITY</term>
<listitem>
<para>Log messages with the named
<citerefentry><refentrytitle>syslog</refentrytitle>
<manvolnum>3</manvolnum></citerefentry> priority.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Log file and directory open operations on the [records]
share using the LOCAL7 facility and ALERT priority, including
the username and IP address:</para>
<programlisting>
<smbconfsection name="[records]"/>
<smbconfoption name="path">/data/records</smbconfoption>
<smbconfoption name="vfs objects">full_audit</smbconfoption>
<smbconfoption name="full_audit:prefix">%u|%I</smbconfoption>
<smbconfoption name="full_audit:success">open opendir</smbconfoption>
<smbconfoption name="full_audit:failure">all</smbconfoption>
<smbconfoption name="full_audit:facility">LOCAL7</smbconfoption>
<smbconfoption name="full_audit:priority">ALERT</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

164
docs-xml/manpages-3/vfs_gpfs.8.xml Normal file
View File

@ -0,0 +1,164 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_gpfs.8">
<refmeta>
<refentrytitle>vfs_gpfs</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_gpfs</refname>
<refpurpose>gpfs specific samba extensions like acls and prealloc</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = gpfs</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>gpfs</command> VFS module is the home
for all gpfs extensions that Samba requires for proper integration
with GPFS. It uses the GPL library interfaces provided by GPFS.
</para>
<para>Currently the gpfs vfs module provides extensions in following areas :
<itemizedlist>
<listitem><para>NFSv4 ACL Interfaces with configurable options for GPFS</para></listitem>
<listitem><para>Kernel oplock support on GPFS</para></listitem>
<listitem><para>Lease support on GPFS</para></listitem>
</itemizedlist>
</para>
<para><command>NOTE:</command>This module follows the posix-acl behaviour
and hence allows permission stealing via chown. Samba might allow at a later
point in time, to restrict the chown via this module as such restrictions
are the responsibility of the underlying filesystem than of Samba.
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>nfs4:mode = [ simple | special ]</term>
<listitem>
<para>
Enable/Disable substitution of special IDs on GPFS. This parameter
should not affect the windows users in anyway. It only ensures that Samba
sets the special IDs - OWNER@ and GROUP@ ( mappings to simple uids )
that are relevant to GPFS.
</para>
<para>The following MODEs are understood by the module:</para>
<itemizedlist>
<listitem><para><command>simple(default)</command> - do not use special IDs in GPFS ACEs</para></listitem>
<listitem><para><command>special</command> - use special IDs in GPFS ACEs. </para> </listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>nfs4:acedup = [dontcare|reject|ignore|merge]</term>
<listitem>
<para>
This parameter configures how Samba handles duplicate ACEs encountered in GPFS ACLs.
GPFS allows/creates duplicate ACE for different bits for same ID.
</para>
<para>Following is the behaviour of Samba for different values :</para>
<itemizedlist>
<listitem><para><command>dontcare (default)</command> - copy the ACEs as they come</para></listitem>
<listitem><para><command>reject</command> - stop operation and exit with error on ACL set op</para></listitem>
<listitem><para><command>ignore</command> - don't include the second matching ACE</para></listitem>
<listitem><para><command>merge</command> - bitwise OR the 2 ace.flag fields and 2 ace.mask fields of the 2 duplicate ACEs into 1 ACE</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
<varlistentry>
<term>nfs4:chown = [yes|no]</term>
<listitem>
<para>This parameter allows enabling or disabling the chown supported
by the underlying filesystem. This parameter should be enabled with
care as it might leave your system insecure.</para>
<para>Some filesystems allow chown as a) giving b) stealing. It is the latter
that is considered a risk.</para>
<para>Following is the behaviour of Samba for different values : </para>
<itemizedlist>
<listitem><para><command>yes</command> - Enable chown if as supported by the under filesystem</para></listitem>
<listitem><para><command>no (default)</command> - Disable chown</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>A GPFS mount can be exported via Samba as follows :</para>
<programlisting>
<smbconfsection name="[samba_gpfs_share]"/>
<smbconfoption name="vfs objects">gpfs</smbconfoption>
<smbconfoption name="path">/test/gpfs_mount</smbconfoption>
<smbconfoption name="nfs4: mode">special</smbconfoption>
<smbconfoption name="nfs4: acedup">merge</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para>The gpfs gpl libraries are required by <command>gpfs</command> VFS
module during both compilation and runtime.
Also this VFS module is tested to work on SLES 9/10 and RHEL 4.4
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The GPFS VFS module was created with contributions from
Volker Lendecke and the developers at IBM.
</para>
<para> This manpage was created by the IBM FSCC team </para>
</refsect1>
</refentry>

77
docs-xml/manpages-3/vfs_netatalk.8.xml Normal file
View File

@ -0,0 +1,77 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_netatalk.8">
<refmeta>
<refentrytitle>vfs_netatalk</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_netatalk</refname>
<refpurpose>hide .AppleDouble files from CIFS clients</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = netatalk</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_netatalk</command> VFS module dynamically
hides .AppleDouble files, preventing spurious errors on some
CIFS clients. .AppleDouble files may be created by historic
implementations of AFP (Apple Filing Protocol) on servers. </para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Hide .AppleDouble files on the [data] share:</para>
<programlisting>
<smbconfsection name="[data]"/>
<smbconfoption name="vfs objects">netatalk</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para>This module is largely historic and unlikely to be of use
in modern networks since current Apple systems are able to mount CIFS
shares natively.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

70
docs-xml/manpages-3/vfs_notify_fam.8.xml Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_notify_fam.8">
<refmeta>
<refentrytitle>vfs_notify_fam</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_notify_fam</refname>
<refpurpose>FAM support for file change notifications</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = notify_fam</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_notify_fam</command> module makes use of
the system FAM (File Alteration Monitor) daemon to implement
file change notifications for Windows clients. FAM is generally
present only on IRIX and some BSD systems.</para>
<para>This module is not stackable.</para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Support FAM notifications globally:</para>
<programlisting>
<smbconfsection name="[global]"/>
<smbconfoption name="vfs objects">notify_fam</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

107
docs-xml/manpages-3/vfs_prealloc.8.xml Normal file
View File

@ -0,0 +1,107 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_prealloc.8">
<refmeta>
<refentrytitle>vfs_prealloc</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_prealloc</refname>
<refpurpose>preallocate matching files to a predetermined size</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = prealloc</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_prealloc</command> VFS module preallocates
files to a specified size each time a new file is created. This
is useful in environments where files are of a predetermined
size will be written to a disk subsystem where extending file
allocations is expensive. </para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>prealloc:EXT = BYTES</term>
<listitem>
<para>Preallocate all files with the extension EXT to
the size specified by BYTES.
</para>
<para>The following suffixes may be applied to BYTES:</para>
<itemizedlist>
<listitem><para><command>K</command> - BYTES is a number of kilobytes</para></listitem>
<listitem><para><command>M</command> - BYTES is a number of megabytes</para></listitem>
<listitem><para><command>G</command> - BYTES is a number of gigabytes</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>A process writes TIFF files to a Samba share, and the
is known these files will almost always be around 4 megabytes
(4194304 bytes): </para>
<programlisting>
<smbconfsection name="[frames]"/>
<smbconfoption name="path">/data/frames</smbconfoption>
<smbconfoption name="vfs objects">prealloc</smbconfoption>
<smbconfoption name="prealloc:tiff">4M</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para><command>vfs_prealloc</command> is not supported on all
platforms and filesystems. Currently only XFS filesystems on
Linux and IRIX are supported.
</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

115
docs-xml/manpages-3/vfs_readahead.8.xml Normal file
View File

@ -0,0 +1,115 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_readahead.8">
<refmeta>
<refentrytitle>vfs_readahead</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_readahead</refname>
<refpurpose>pre-load the kernel buffer cache</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = readahead</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>This <command>vfs_readahead</command> VFS module detects
read requests at multiples of a given offset (hex 0x80000 by
default) and then tells the kernel via either the readahead
system call (on Linux) or the posix_fadvise system call to
pre-fetch this data into the buffer cache.</para>
<para>This module is useful for Windows Vista clients reading
data using the Windows Explorer program, which asynchronously
does multiple file read requests at offset boundaries of 0x80000
bytes.</para>
<para>The offset multiple used is given by the readahead:offset
option, which defaults to 0x80000.</para>
<para>The size of the disk read operations performed
by <command>vfs_readahead</command> is determined by the
readahead:length option. By default this is set to the
same value as the readahead:offset option and if not
set explicitly will use the current value of
readahead:offset.</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>readahead:offset = BYTES</term>
<listitem>
<para>The offset multiple that causes readahead to be
requested of the kernel buffer cache.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>readahead:length = BYTES</term>
<listitem>
<para>The number of bytes requested to be
read into the kernel buffer cache on each
readahead call.</para>
</listitem>
</varlistentry>
<para>The following suffixes may be applied to BYTES:</para>
<itemizedlist>
<listitem><para><command>K</command> - BYTES is a number of kilobytes</para></listitem>
<listitem><para><command>M</command> - BYTES is a number of megabytes</para></listitem>
<listitem><para><command>G</command> - BYTES is a number of gigabytes</para></listitem>
</itemizedlist>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<programlisting>
<smbconfsection name="[hypothetical]"/>
<smbconfoption name="vfs objects">readahead</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

101
docs-xml/manpages-3/vfs_readonly.8.xml Normal file
View File

@ -0,0 +1,101 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_readonly.8">
<refmeta>
<refentrytitle>vfs_readonly</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_readonly</refname>
<refpurpose>make a Samba share read only for a specified time period</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = readonly</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_readonly</command> VFS module marks a share
as read only for all clients connecting within the configured
time period. Clients connecting during this time will be denied
write access to all files in the share, irrespective of ther
actual access privileges.</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>readonly:period = BEGIN, END</term>
<listitem>
<para>Only mark the share as read only if the client
connection was made between the times marked by the
BEGIN and END date specifiers.
The syntax of these date specifiers is the
same as that accepted by the -d option of GNU
<citerefentry><refentrytitle>date</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Mark all shares read only:</para>
<programlisting>
<smbconfsection name="[global]"/>
<smbconfoption name="vfs objects">readonly</smbconfoption>
</programlisting>
<para>Mark the [backup] share as read only during business hours:</para>
<programlisting>
<smbconfsection name="[backup]"/>
<smbconfoption name="path">/readonly</smbconfoption>
<smbconfoption name="vfs objects">readonly</smbconfoption>
<smbconfoption name="readonly:period">readonly:period = "today 9:00","today 17:00"</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

217
docs-xml/manpages-3/vfs_recycle.8.xml Normal file
View File

@ -0,0 +1,217 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_recycle.8">
<refmeta>
<refentrytitle>vfs_recycle</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_recycle</refname>
<refpurpose>Samba VFS recycle bin</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = recycle</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_recycle</command> intercepts file deletion
requests and moves the affected files to a temporary repository
rather than deleting them immediately. This gives the same effect
as the Recycle Bin on Windows computers. </para>
<para>The Recycle Bin will not appear in Windows Explorer
views of the network file system (share) nor on any mapped
drive. Instead, a directory called .recycle will be automatically
created when the first file is deleted and recycle:repository is
not configured. If recycle:repository is configured, the name
of the created directory depends on recycle:repository. Users
can recover files from the recycle bin. If the recycle:keeptree
option has been specified, deleted files will be found in a path
identical with that from which the file was deleted. </para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>recycle:repository = PATH</term>
<listitem>
<para>Path of the directory where deleted files should be moved.
</para>
<para>If this option is not set, the default path .recycle
is used. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:directory_mode = MODE</term>
<listitem>
<para>Set MODE to the octal mode the recycle repository
should be created with. The recycle repository will be
created when first file is deleted. If recycle:subdir_mode
is not set, MODE also applies to subdirectories.
</para>
<para>If this option is not set, the default mode
0700 is used. </para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:subdir_mode = MODE</term>
<listitem>
<para>Set MODE to the octal mode with which
sub directories of the recycle repository should be created.
</para>
<para>If this option is not set, subdirectories
will be created with the mode from recycle:directory_mode.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:keeptree = BOOL</term>
<listitem>
<para>Specifies whether the directory structure should
be preserved or whether the files in a directory that is being
deleted should be kept separately in the repository.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:versions = BOOL</term>
<listitem>
<para>If this option is True, two files with the same
name that are deleted will both be kept in the repository.
Newer deleted versions of a file will be called
&quot;Copy #x of filename&quot;.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:touch = BOOL</term>
<listitem>
<para>Specifies whether a file's access date should be
updated when the file is moved to the repository.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:touch_mtime = BOOL</term>
<listitem>
<para>Specifies whether a file's last modified date should be
updated when the file is moved to the repository.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:minsize = BYTES</term>
<listitem>
<para>Files that are smaller than the number of bytes
specified by this parameter will not be put into the
repository.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:maxsize = BYTES</term>
<listitem>
<para>Files that are larger than the number of bytes
specified by this parameter will not be put into the
repository.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:exclude = LIST</term>
<listitem>
<para>List of files that should not be put into the
repository when deleted, but deleted in the normal way.
Wildcards such as * and ? are supported.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:exclude_dir = LIST</term>
<listitem>
<para>List of directories whose files should not be put
into the repository when deleted, but deleted in the
normal way. Wildcards such as * and ? are supported.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>recycle:noversions = LIST</term>
<listitem>
<para>Specifies a list of paths (wildcards such as *
and ? are supported) for which no versioning should
be used. Only useful when recycle:versions is enabled.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Log operations on all shares using the LOCAL1 facility
and NOTICE priority:</para>
<programlisting>
<smbconfsection name="[global]"/>
<smbconfoption name="vfs objects">recycle</smbconfoption>
<smbconfoption name="recycle:facility">LOCAL1</smbconfoption>
<smbconfoption name="recycle:priority">NOTICE</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

121
docs-xml/manpages-3/vfs_shadow_copy.8.xml Normal file
View File

@ -0,0 +1,121 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_shadow_copy.8">
<refmeta>
<refentrytitle>vfs_shadow_copy</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_shadow_copy</refname>
<refpurpose>Make a Samba share read only for a specified time period</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = shadow_copy</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_shadow_copy</command> VFS module functionality
that is similar to Microsoft Shadow Copy services. When setup properly,
this module allows Microsoft Shadow Copy clients to browse
"shadow copies" on Samba shares.
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>CONFIGURATION</title>
<para><command>vfs_shadow_copy</command> relies on a filesystem
snapshot implementation. Many common filesystems have native
support for this.
</para>
<para>Filesystem snapshots must be mounted on
specially named directories in order to be recognized by
<command>vfs_shadow_copy</command>. The snapshot mount points must
be immediate children of a the directory being shared.</para>
<para>The snapshot naming convention is @GMT-YYYY.MM.DD-hh.mm.ss,
where:
<itemizedlist>
<listitem><para><command>YYYY</command> is the 4 digit year</para></listitem>
<listitem><para><command>MM</command> is the 2 digit month</para></listitem>
<listitem><para><command>DD</command> is the 2 digit day</para></listitem>
<listitem><para><command>hh</command> is the 2 digit hour</para></listitem>
<listitem><para><command>mm</command> is the 2 digit minute</para></listitem>
<listitem><para><command>ss</command> is the 2 digit second.</para></listitem>
</itemizedlist>
</para>
<para>The <command>vfs_shadow_copy</command> snapshot naming convention can be produced with the following
<citerefentry><refentrytitle>date</refentrytitle>
<manvolnum>1</manvolnum></citerefentry> command:
<programlisting>
TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
</programlisting></para>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
<para>Add shadow copy support to user home directories:</para>
<programlisting>
<smbconfsection name="[homes]"/>
<smbconfoption name="vfs objects">shadow_copy</smbconfoption>
</programlisting>
</refsect1>
<refsect1>
<title>CAVEATS</title>
<para>This is not a backup, archival, or version control solution.
</para>
<para>With Samba or Windows servers,
<command>vfs_shadow_copy</command> is designed to be an end-user
tool only. It does not replace or enhance your backup and
archival solutions and should in no way be considered as
such. Additionally, if you need version control, implement a
version control system.</para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0.25 of the Samba suite.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

69
docs-xml/manpages-3/vfs_xattr_tdb.8.xml Normal file
View File

@ -0,0 +1,69 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfs_xattr_tdb.8">
<refmeta>
<refentrytitle>vfs_xattr_tdb</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfs_xattr_tdb</refname>
<refpurpose>Save Extended Attributes (EAs) in a tdb file</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfs objects = xattr_tdb</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This VFS module is part of the
<citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>vfs_xattr_tdb</command> VFS module stores
Extended Attributes (EAs) in a tdb file.
This enables the usage of Extended Attributes on OS and
filesystems which do not support Extended Attributes
by themselves.
</para>
<para>This module is stackable.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>xattr_tdb:file = PATH</term>
<listitem>
<para>Name of the tdb file the EAs are stored in.
If this option is not set, the default filename
<filename>xattr.tdb</filename> is used.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
</refsect1>
</refentry>

153
docs-xml/manpages-3/vfstest.1.xml Normal file
View File

@ -0,0 +1,153 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="vfstest.1">
<refmeta>
<refentrytitle>vfstest</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>vfstest</refname>
<refpurpose>tool for testing samba VFS modules </refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>vfstest</command>
<arg choice="opt">-d debuglevel</arg>
<arg choice="opt">-c command</arg>
<arg choice="opt">-l logdir</arg>
<arg choice="opt">-h</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>vfstest</command> is a small command line
utility that has the ability to test dso samba VFS modules. It gives the
user the ability to call the various VFS functions manually and
supports cascaded VFS modules.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-c|--command=command</term>
<listitem><para>Execute the specified (colon-separated) commands.
See below for the commands that are available.
</para> </listitem>
</varlistentry>
&stdarg.help;
<varlistentry>
<term>-l|--logfile=logbasename</term>
<listitem><para>File name for log/debug files. The extension
<constant>'.client'</constant> will be appended. The log file is never removed
by the client.
</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
</variablelist>
</refsect1>
<refsect1>
<title>COMMANDS</title>
<para><emphasis>VFS COMMANDS</emphasis></para>
<itemizedlist>
<listitem><para><command>load &lt;module.so&gt;</command> - Load specified VFS module </para></listitem>
<listitem><para><command>populate &lt;char&gt; &lt;size&gt;</command> - Populate a data buffer with the specified data
</para></listitem>
<listitem><para><command>showdata [&lt;offset&gt; &lt;len&gt;]</command> - Show data currently in data buffer
</para></listitem>
<listitem><para><command>connect</command> - VFS connect()</para></listitem>
<listitem><para><command>disconnect</command> - VFS disconnect()</para></listitem>
<listitem><para><command>disk_free</command> - VFS disk_free()</para></listitem>
<listitem><para><command>opendir</command> - VFS opendir()</para></listitem>
<listitem><para><command>readdir</command> - VFS readdir()</para></listitem>
<listitem><para><command>mkdir</command> - VFS mkdir()</para></listitem>
<listitem><para><command>rmdir</command> - VFS rmdir()</para></listitem>
<listitem><para><command>closedir</command> - VFS closedir()</para></listitem>
<listitem><para><command>open</command> - VFS open()</para></listitem>
<listitem><para><command>close</command> - VFS close()</para></listitem>
<listitem><para><command>read</command> - VFS read()</para></listitem>
<listitem><para><command>write</command> - VFS write()</para></listitem>
<listitem><para><command>lseek</command> - VFS lseek()</para></listitem>
<listitem><para><command>rename</command> - VFS rename()</para></listitem>
<listitem><para><command>fsync</command> - VFS fsync()</para></listitem>
<listitem><para><command>stat</command> - VFS stat()</para></listitem>
<listitem><para><command>fstat</command> - VFS fstat()</para></listitem>
<listitem><para><command>lstat</command> - VFS lstat()</para></listitem>
<listitem><para><command>unlink</command> - VFS unlink()</para></listitem>
<listitem><para><command>chmod</command> - VFS chmod()</para></listitem>
<listitem><para><command>fchmod</command> - VFS fchmod()</para></listitem>
<listitem><para><command>chown</command> - VFS chown()</para></listitem>
<listitem><para><command>fchown</command> - VFS fchown()</para></listitem>
<listitem><para><command>chdir</command> - VFS chdir()</para></listitem>
<listitem><para><command>getwd</command> - VFS getwd()</para></listitem>
<listitem><para><command>utime</command> - VFS utime()</para></listitem>
<listitem><para><command>ftruncate</command> - VFS ftruncate()</para></listitem>
<listitem><para><command>lock</command> - VFS lock()</para></listitem>
<listitem><para><command>symlink</command> - VFS symlink()</para></listitem>
<listitem><para><command>readlink</command> - VFS readlink()</para></listitem>
<listitem><para><command>link</command> - VFS link()</para></listitem>
<listitem><para><command>mknod</command> - VFS mknod()</para></listitem>
<listitem><para><command>realpath</command> - VFS realpath()</para></listitem>
</itemizedlist>
<para><emphasis>GENERAL COMMANDS</emphasis></para>
<itemizedlist>
<listitem><para><command>conf &lt;smb.conf&gt;</command> - Load a different configuration file</para></listitem>
<listitem><para><command>help [&lt;command&gt;]</command> - Get list of commands or info about specified command</para></listitem>
<listitem><para><command>debuglevel &lt;level&gt;</command> - Set debug level</para></listitem>
<listitem><para><command>freemem</command> - Free memory currently in use</para></listitem>
<listitem><para><command>exit</command> - Exit vfstest</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of the Samba
suite.</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The vfstest man page was written by Jelmer Vernooij.</para>
</refsect1>
</refentry>

380
docs-xml/manpages-3/wbinfo.1.xml Normal file
View File

@ -0,0 +1,380 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="wbinfo.1">
<refmeta>
<refentrytitle>wbinfo</refentrytitle>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>wbinfo</refname>
<refpurpose>Query information from winbind daemon</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>wbinfo</command>
<arg choice="opt">-a user%password</arg>
<arg choice="opt">--all-domains</arg>
<arg choice="opt">--allocate-gid</arg>
<arg choice="opt">--allocate-uid</arg>
<arg choice="opt">-D domain</arg>
<arg choice="opt">--domain domain</arg>
<arg choice="opt">-g</arg>
<arg choice="opt">--getdcname domain</arg>
<arg choice="opt">--get-auth-user</arg>
<arg choice="opt">-G gid</arg>
<arg choice="opt">-h</arg>
<arg choice="opt">-i user</arg>
<arg choice="opt">-I ip</arg>
<arg choice="opt">-K user%password</arg>
<arg choice="opt">-m</arg>
<arg choice="opt">-n name</arg>
<arg choice="opt">-N netbios-name</arg>
<arg choice="opt">--own-domain</arg>
<arg choice="opt">-p</arg>
<arg choice="opt">-r user</arg>
<arg choice="opt">-s sid</arg>
<arg choice="opt">--separator</arg>
<arg choice="opt">--sequence</arg>
<arg choice="opt">--set-auth-user user%password</arg>
<arg choice="opt">-S sid</arg>
<arg choice="opt">-t</arg>
<arg choice="opt">-u</arg>
<arg choice="opt">--uid-info uid</arg>
<arg choice="opt">--user-domgroups sid</arg>
<arg choice="opt">--user-sids sid</arg>
<arg choice="opt">-U uid</arg>
<arg choice="opt">-V</arg>
<arg choice="opt">-Y sid</arg>
<arg choice="opt">--verbose</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para>The <command>wbinfo</command> program queries and returns information
created and used by the <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon. </para>
<para>The <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon must be configured
and running for the <command>wbinfo</command> program to be able
to return information.</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-a|--authenticate username%password</term>
<listitem><para>Attempt to authenticate a user via winbindd.
This checks both authenticaion methods and reports its results.
</para><note><para>Do not be tempted to use this
functionality for authentication in third-party
applications. Instead use <citerefentry><refentrytitle>ntlm_auth</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>.</para></note></listitem>
</varlistentry>
<varlistentry>
<term>--allocate-gid</term>
<listitem><para>Get a new GID out of idmap
</para></listitem>
</varlistentry>
<varlistentry>
<term>--allocate-uid</term>
<listitem><para>Get a new UID out of idmap
</para></listitem>
</varlistentry>
<varlistentry>
<term>--all-domains</term>
<listitem><para>List all domains (trusted and
own domain).
</para></listitem>
</varlistentry>
<varlistentry>
<term>--domain name</term>
<listitem><para>This parameter sets the domain on which any specified
operations will performed. If special domain name '.' is used to represent
the current domain to which winbindd belongs. Currently only the
<option>--sequence</option>,
<option>-u</option>, and <option>-g</option> options honor this parameter.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-D|--domain-info domain</term>
<listitem><para>Show most of the info we have about the domain.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-g|--domain-groups</term>
<listitem><para>This option will list all groups available
in the Windows NT domain for which the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> daemon is operating in. Groups in all trusted domains
will also be listed. Note that this operation does not assign
group ids to any groups that have not already been
seen by <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>. </para></listitem>
</varlistentry>
<varlistentry>
<term>--get-auth-user</term>
<listitem><para>Print username and password used by winbindd
during session setup to a domain controller. Username
and password can be set using <option>--set-auth-user</option>.
Only available for root.</para></listitem>
</varlistentry>
<varlistentry>
<term>--getdcname domain</term>
<listitem><para>Get the DC name for the specified domain.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-G|--gid-to-sid gid</term>
<listitem><para>Try to convert a UNIX group id to a Windows
NT SID. If the gid specified does not refer to one within
the idmap gid range then the operation will fail. </para></listitem>
</varlistentry>
<varlistentry>
<term>-i|--user-info user</term>
<listitem><para>Get user info.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-I|--WINS-by-ip ip</term>
<listitem><para>The <parameter>-I</parameter> option
queries <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> to send a node status
request to get the NetBIOS name associated with the IP address
specified by the <parameter>ip</parameter> parameter.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-K|--krb5auth username%password</term>
<listitem><para>Attempt to authenticate a user via Kerberos.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-m|--trusted-domains</term>
<listitem><para>Produce a list of domains trusted by the
Windows NT server <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> contacts
when resolving names. This list does not include the Windows
NT domain the server is a Primary Domain Controller for.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-n|--name-to-sid name</term>
<listitem><para>The <parameter>-n</parameter> option
queries <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> for the SID
associated with the name specified. Domain names can be specified
before the user name by using the winbind separator character.
For example CWDOM1/Administrator refers to the Administrator
user in the domain CWDOM1. If no domain is specified then the
domain used is the one specified in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> <parameter>workgroup
</parameter> parameter. </para></listitem>
</varlistentry>
<varlistentry>
<term>-N|--WINS-by-name name</term>
<listitem><para>The <parameter>-N</parameter> option
queries <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> to query the WINS
server for the IP address associated with the NetBIOS name
specified by the <parameter>name</parameter> parameter.
</para></listitem>
</varlistentry>
<varlistentry>
<term>--own-domain</term>
<listitem><para>List own domain.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-p|--ping</term>
<listitem><para>Check whether winbindd is still alive.
Prints out either 'succeeded' or 'failed'.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-r|--user-groups username</term>
<listitem><para>Try to obtain the list of UNIX group ids
to which the user belongs. This only works for users
defined on a Domain Controller.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-s|--sid-to-name sid</term>
<listitem><para>Use <parameter>-s</parameter> to resolve
a SID to a name. This is the inverse of the <parameter>-n
</parameter> option above. SIDs must be specified as ASCII strings
in the traditional Microsoft format. For example,
S-1-5-21-1455342024-3071081365-2475485837-500. </para></listitem>
</varlistentry>
<varlistentry>
<term>--separator</term>
<listitem><para>Get the active winbind separator.
</para></listitem>
</varlistentry>
<varlistentry>
<term>--sequence</term>
<listitem><para>Show sequence numbers of
all known domains</para></listitem>
</varlistentry>
<varlistentry>
<term>--set-auth-user username%password</term>
<listitem><para>Store username and password used by winbindd
during session setup to a domain controller. This enables
winbindd to operate in a Windows 2000 domain with Restrict
Anonymous turned on (a.k.a. Permissions compatible with
Windows 2000 servers only).
</para></listitem>
</varlistentry>
<varlistentry>
<term>-S|--sid-to-uid sid</term>
<listitem><para>Convert a SID to a UNIX user id. If the SID
does not correspond to a UNIX user mapped by <citerefentry>
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry> then the operation will fail. </para></listitem>
</varlistentry>
<varlistentry>
<term>-t|--check-secret</term>
<listitem><para>Verify that the workstation trust account
created when the Samba server is added to the Windows NT
domain is working. </para></listitem>
</varlistentry>
<varlistentry>
<term>-u|--domain-users</term>
<listitem><para>This option will list all users available
in the Windows NT domain for which the <citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> daemon is operating in. Users in all trusted domains
will also be listed. Note that this operation does not assign
user ids to any users that have not already been seen by <citerefentry>
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
.</para></listitem>
</varlistentry>
<varlistentry>
<term>--uid-info UID</term>
<listitem><para>Get user info for the user conencted to
user id UID.</para></listitem>
</varlistentry>
<varlistentry>
<term>--user-domgroups SID</term>
<listitem><para>Get user domain groups.
</para></listitem>
</varlistentry>
<varlistentry>
<term>--user-sids SID</term>
<listitem><para>Get user group SIDs for user.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-U|--uid-to-sid uid</term>
<listitem><para>Try to convert a UNIX user id to a Windows NT
SID. If the uid specified does not refer to one within
the idmap uid range then the operation will fail. </para></listitem>
</varlistentry>
<varlistentry>
<term>--verbose</term>
<listitem><para>
Print additional information about the query
results.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-Y|--sid-to-gid sid</term>
<listitem><para>Convert a SID to a UNIX group id. If the SID
does not correspond to a UNIX group mapped by <citerefentry>
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum></citerefentry> then
the operation will fail. </para></listitem>
</varlistentry>
&stdarg.version;
&stdarg.help;
</variablelist>
</refsect1>
<refsect1>
<title>EXIT STATUS</title>
<para>The wbinfo program returns 0 if the operation
succeeded, or 1 if the operation failed. If the <citerefentry>
<refentrytitle>winbindd</refentrytitle><manvolnum>8</manvolnum>
</citerefentry> daemon is not working <command>wbinfo</command> will always return
failure. </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry><refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> and <citerefentry><refentrytitle>ntlm_auth</refentrytitle>
<manvolnum>1</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para><command>wbinfo</command> and <command>winbindd</command>
were written by Tim Potter.</para>
<para>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter. The conversion to DocBook XML 4.2 for Samba
3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>

512
docs-xml/manpages-3/winbindd.8.xml Normal file
View File

@ -0,0 +1,512 @@
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="winbindd.8">
<refmeta>
<refentrytitle>winbindd</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
<refmiscinfo class="version">3.2</refmiscinfo>
</refmeta>
<refnamediv>
<refname>winbindd</refname>
<refpurpose>Name Service Switch daemon for resolving names
from NT servers</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>winbindd</command>
<arg choice="opt">-D</arg>
<arg choice="opt">-F</arg>
<arg choice="opt">-S</arg>
<arg choice="opt">-i</arg>
<arg choice="opt">-Y</arg>
<arg choice="opt">-d &lt;debug level&gt;</arg>
<arg choice="opt">-s &lt;smb config file&gt;</arg>
<arg choice="opt">-n</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This program is part of the <citerefentry><refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry> suite.</para>
<para><command>winbindd</command> is a daemon that provides
a number of services to the Name Service Switch capability found
in most modern C libraries, to arbitrary applications via PAM
and <command>ntlm_auth</command> and to Samba itself.</para>
<para>Even if winbind is not used for nsswitch, it still provides a
service to <command>smbd</command>, <command>ntlm_auth</command>
and the <command>pam_winbind.so</command> PAM module, by managing connections to
domain controllers. In this configuraiton the
<smbconfoption name="idmap uid"/> and
<smbconfoption name="idmap gid"/>
parameters are not required. (This is known as `netlogon proxy only mode'.)</para>
<para> The Name Service Switch allows user
and system information to be obtained from different databases
services such as NIS or DNS. The exact behaviour can be configured
throught the <filename>/etc/nsswitch.conf</filename> file.
Users and groups are allocated as they are resolved to a range
of user and group ids specified by the administrator of the
Samba system.</para>
<para>The service provided by <command>winbindd</command> is called `winbind' and
can be used to resolve user and group information from a
Windows NT server. The service can also provide authentication
services via an associated PAM module. </para>
<para>
The <filename>pam_winbind</filename> module supports the
<parameter>auth</parameter>, <parameter>account</parameter>
and <parameter>password</parameter>
module-types. It should be noted that the
<parameter>account</parameter> module simply performs a getpwnam() to verify that
the system can obtain a uid for the user, as the domain
controller has already performed access control. If the
<filename>libnss_winbind</filename> library has been correctly
installed, or an alternate source of names configured, this should always succeed.
</para>
<para>The following nsswitch databases are implemented by
the winbindd service: </para>
<variablelist>
<varlistentry>
<term>-D</term>
<listitem><para>If specified, this parameter causes
the server to operate as a daemon. That is, it detaches
itself and runs in the background on the appropriate port.
This switch is assumed if <command>winbindd</command> is
executed on the command line of a shell.
</para></listitem>
</varlistentry>
<varlistentry>
<term>hosts</term>
<listitem><para>This feature is only available on IRIX.
User information traditionally stored in
the <filename>hosts(5)</filename> file and used by
<command>gethostbyname(3)</command> functions. Names are
resolved through the WINS server or by broadcast.
</para></listitem>
</varlistentry>
<varlistentry>
<term>passwd</term>
<listitem><para>User information traditionally stored in
the <filename>passwd(5)</filename> file and used by
<command>getpwent(3)</command> functions. </para></listitem>
</varlistentry>
<varlistentry>
<term>group</term>
<listitem><para>Group information traditionally stored in
the <filename>group(5)</filename> file and used by
<command>getgrent(3)</command> functions. </para></listitem>
</varlistentry>
</variablelist>
<para>For example, the following simple configuration in the
<filename>/etc/nsswitch.conf</filename> file can be used to initially
resolve user and group information from <filename>/etc/passwd
</filename> and <filename>/etc/group</filename> and then from the
Windows NT server.
<programlisting>
passwd: files winbind
group: files winbind
## only available on IRIX; Linux users should us libnss_wins.so
hosts: files dns winbind
</programlisting></para>
<para>The following simple configuration in the
<filename>/etc/nsswitch.conf</filename> file can be used to initially
resolve hostnames from <filename>/etc/hosts</filename> and then from the
WINS server.</para>
<programlisting>
hosts: files wins
</programlisting>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-F</term>
<listitem><para>If specified, this parameter causes
the main <command>winbindd</command> process to not daemonize,
i.e. double-fork and disassociate with the terminal.
Child processes are still created as normal to service
each connection request, but the main process does not
exit. This operation mode is suitable for running
<command>winbindd</command> under process supervisors such
as <command>supervise</command> and <command>svscan</command>
from Daniel J. Bernstein's <command>daemontools</command>
package, or the AIX process monitor.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem><para>If specified, this parameter causes
<command>winbindd</command> to log to standard output rather
than a file.</para></listitem>
</varlistentry>
&stdarg.server.debug;
&popt.common.samba;
&stdarg.help;
<varlistentry>
<term>-i</term>
<listitem><para>Tells <command>winbindd</command> to not
become a daemon and detach from the current terminal. This
option is used by developers when interactive debugging
of <command>winbindd</command> is required.
<command>winbindd</command> also logs to standard output,
as if the <command>-S</command> parameter had been given.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-n</term>
<listitem><para>Disable caching. This means winbindd will
always have to wait for a response from the domain controller
before it can respond to a client and this thus makes things
slower. The results will however be more accurate, since
results from the cache might not be up-to-date. This
might also temporarily hang winbindd if the DC doesn't respond.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-Y</term>
<listitem><para>Single daemon mode. This means winbindd will run
as a single process (the mode of operation in Samba 2.2). Winbindd's
default behavior is to launch a child process that is responsible for
updating expired cache entries.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>NAME AND ID RESOLUTION</title>
<para>Users and groups on a Windows NT server are assigned
a security id (SID) which is globally unique when the
user or group is created. To convert the Windows NT user or group
into a unix user or group, a mapping between SIDs and unix user
and group ids is required. This is one of the jobs that <command>
winbindd</command> performs. </para>
<para>As winbindd users and groups are resolved from a server, user
and group ids are allocated from a specified range. This
is done on a first come, first served basis, although all existing
users and groups will be mapped as soon as a client performs a user
or group enumeration command. The allocated unix ids are stored
in a database and will be remembered. </para>
<para>WARNING: The SID to unix id database is the only location
where the user and group mappings are stored by winbindd. If this
store is deleted or corrupted, there is no way for winbindd to
determine which user and group ids correspond to Windows NT user
and group rids. </para>
<para>See the <smbconfoption><name>idmap
domains</name></smbconfoption> or the old <smbconfoption><name>idmap
backend</name></smbconfoption> parameters in
<filename>smb.conf</filename> for options for sharing this
database, such as via LDAP.</para>
</refsect1>
<refsect1>
<title>CONFIGURATION</title>
<para>Configuration of the <command>winbindd</command> daemon
is done through configuration parameters in the <citerefentry>
<refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> file. All parameters should be specified in the
[global] section of smb.conf. </para>
<itemizedlist>
<listitem><para>
<smbconfoption name="winbind separator"/></para></listitem>
<listitem><para>
<smbconfoption name="idmap uid"/></para></listitem>
<listitem><para>
<smbconfoption name="idmap gid"/></para></listitem>
<listitem><para>
<smbconfoption name="idmap backend"/></para></listitem>
<listitem><para>
<smbconfoption name="winbind cache time"/></para></listitem>
<listitem><para>
<smbconfoption name="winbind enum users"/></para></listitem>
<listitem><para>
<smbconfoption name="winbind enum groups"/></para></listitem>
<listitem><para>
<smbconfoption name="template homedir"/></para></listitem>
<listitem><para>
<smbconfoption name="template shell"/></para></listitem>
<listitem><para>
<smbconfoption name="winbind use default domain"/></para></listitem>
<listitem><para>
<smbconfoption name="winbind: rpc only"/>
Setting this parameter forces winbindd to use RPC
instead of LDAP to retrieve information from Domain
Controllers.
</para></listitem>
</itemizedlist>
</refsect1>
<refsect1>
<title>EXAMPLE SETUP</title>
<para>
To setup winbindd for user and group lookups plus
authentication from a domain controller use something like the
following setup. This was tested on an early Red Hat Linux box.
</para>
<para>In <filename>/etc/nsswitch.conf</filename> put the
following:
<programlisting>
passwd: files winbind
group: files winbind
</programlisting>
</para>
<para>In <filename>/etc/pam.d/*</filename> replace the <parameter>
auth</parameter> lines with something like this:
<programlisting>
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_unix.so \
use_first_pass shadow nullok
</programlisting>
</para>
<note><para>
The PAM module pam_unix has recently replaced the module pam_pwdb.
Some Linux systems use the module pam_unix2 in place of pam_unix.
</para></note>
<para>Note in particular the use of the <parameter>sufficient
</parameter> keyword and the <parameter>use_first_pass</parameter> keyword. </para>
<para>Now replace the account lines with this: </para>
<para><command>account required /lib/security/pam_winbind.so
</command></para>
<para>The next step is to join the domain. To do that use the
<command>net</command> program like this: </para>
<para><command>net join -S PDC -U Administrator</command></para>
<para>The username after the <parameter>-U</parameter> can be any
Domain user that has administrator privileges on the machine.
Substitute the name or IP of your PDC for "PDC".</para>
<para>Next copy <filename>libnss_winbind.so</filename> to
<filename>/lib</filename> and <filename>pam_winbind.so
</filename> to <filename>/lib/security</filename>. A symbolic link needs to be
made from <filename>/lib/libnss_winbind.so</filename> to
<filename>/lib/libnss_winbind.so.2</filename>. If you are using an
older version of glibc then the target of the link should be
<filename>/lib/libnss_winbind.so.1</filename>.</para>
<para>Finally, setup a <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> containing directives like the
following:
<programlisting>
[global]
winbind separator = +
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
idmap uid = 10000-20000
idmap gid = 10000-20000
workgroup = DOMAIN
security = domain
password server = *
</programlisting></para>
<para>Now start winbindd and you should find that your user and
group database is expanded to include your NT users and groups,
and that you can login to your unix box as a domain user, using
the DOMAIN+user syntax for the username. You may wish to use the
commands <command>getent passwd</command> and <command>getent group
</command> to confirm the correct operation of winbindd.</para>
</refsect1>
<refsect1>
<title>NOTES</title>
<para>The following notes are useful when configuring and
running <command>winbindd</command>: </para>
<para><citerefentry><refentrytitle>nmbd</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> must be running on the local machine
for <command>winbindd</command> to work. </para>
<para>PAM is really easy to misconfigure. Make sure you know what
you are doing when modifying PAM configuration files. It is possible
to set up PAM such that you can no longer log into your system. </para>
<para>If more than one UNIX machine is running <command>winbindd</command>,
then in general the user and groups ids allocated by winbindd will not
be the same. The user and group ids will only be valid for the local
machine, unless a shared <smbconfoption><name>idmap
backend</name></smbconfoption> is configured.</para>
<para>If the the Windows NT SID to UNIX user and group id mapping
file is damaged or destroyed then the mappings will be lost. </para>
</refsect1>
<refsect1>
<title>SIGNALS</title>
<para>The following signals can be used to manipulate the
<command>winbindd</command> daemon. </para>
<variablelist>
<varlistentry>
<term>SIGHUP</term>
<listitem><para>Reload the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> file and
apply any parameter changes to the running
version of winbindd. This signal also clears any cached
user and group information. The list of other domains trusted
by winbindd is also reloaded. </para></listitem>
</varlistentry>
<varlistentry>
<term>SIGUSR2</term>
<listitem><para>The SIGUSR2 signal will cause <command>
winbindd</command> to write status information to the winbind
log file.</para>
<para>Log files are stored in the filename specified by the
log file parameter.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/nsswitch.conf(5)</filename></term>
<listitem><para>Name service switch configuration file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>/tmp/.winbindd/pipe</term>
<listitem><para>The UNIX pipe over which clients communicate with
the <command>winbindd</command> program. For security reasons, the
winbind client will only attempt to connect to the winbindd daemon
if both the <filename>/tmp/.winbindd</filename> directory
and <filename>/tmp/.winbindd/pipe</filename> file are owned by
root. </para></listitem>
</varlistentry>
<varlistentry>
<term>$LOCKDIR/winbindd_privileged/pipe</term>
<listitem><para>The UNIX pipe over which 'privileged' clients
communicate with the <command>winbindd</command> program. For security
reasons, access to some winbindd functions - like those needed by
the <command>ntlm_auth</command> utility - is restricted. By default,
only users in the 'root' group will get this access, however the administrator
may change the group permissions on $LOCKDIR/winbindd_privileged to allow
programs like 'squid' to use ntlm_auth.
Note that the winbind client will only attempt to connect to the winbindd daemon
if both the <filename>$LOCKDIR/winbindd_privileged</filename> directory
and <filename>$LOCKDIR/winbindd_privileged/pipe</filename> file are owned by
root. </para></listitem>
</varlistentry>
<varlistentry>
<term>/lib/libnss_winbind.so.X</term>
<listitem><para>Implementation of name service switch library.
</para></listitem>
</varlistentry>
<varlistentry>
<term>$LOCKDIR/winbindd_idmap.tdb</term>
<listitem><para>Storage for the Windows NT rid to UNIX user/group
id mapping. The lock directory is specified when Samba is initially
compiled using the <parameter>--with-lockdir</parameter> option.
This directory is by default <filename>/usr/local/samba/var/locks
</filename>. </para></listitem>
</varlistentry>
<varlistentry>
<term>$LOCKDIR/winbindd_cache.tdb</term>
<listitem><para>Storage for cached user and group information.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 3.0 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><filename>nsswitch.conf(5)</filename>, <citerefentry>
<refentrytitle>samba</refentrytitle>
<manvolnum>7</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>wbinfo</refentrytitle>
<manvolnum>1</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>ntlm_auth</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
<refentrytitle>pam_winbind</refentrytitle>
<manvolnum>8</manvolnum></citerefentry></para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para><command>wbinfo</command> and <command>winbindd</command> were
written by Tim Potter.</para>
<para>The conversion to DocBook for Samba 2.2 was done
by Gerald Carter. The conversion to DocBook XML 4.2 for
Samba 3.0 was done by Alexander Bokovoy.</para>
</refsect1>
</refentry>