sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-27 22:50:26 +03:00
Code

Use new definition of <smbconfoption>, fixes a bunch of

Browse Source 
validity errors.
(This used to be commit 3eb5c35e47951f320f7c2f4cd478a95f6d48236e)
This commit is contained in:
Jelmer Vernooij 2005-03-12 22:34:38 +00:00 committed by Gerald W. Carter
parent 50834aa64b
commit 9c72dd78f2
60 changed files with 1821 additions and 1814 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/Makefile
View File

@ -65,7 +65,7 @@ htmlman: $(patsubst $(MANPAGEDIR)/%.xml,$(HTMLDIR)/%.html,$(MANPAGES)) $(HTMLDIR
html-single: $(patsubst $(DOCBOOKDIR)/%.xml,$(HTMLDIR)/%.html,$(MAIN_DOCS))
html: $(patsubst $(DOCBOOKDIR)/%.xml,$(HTMLDIR)/%/index.html,$(MAIN_DOCS)) $(HTMLDIR)/index.html
htmlhelp: $(patsubst $(DOCBOOKDIR)/%.xml,$(HTMLHELPDIR)/%,$(MAIN_DOCS))
validate: $(patsubst $(DOCBOOKDIR)/%.xml,$(VALIDATEDIR)/%.report.html,$(MAIN_DOCS))
validate: $(patsubst $(DOCBOOKDIR)/%.xml,$(VALIDATEDIR)/%.report,$(MAIN_DOCS))
# Intermediate docbook docs
@ -222,12 +222,12 @@ $(PEARSONDIR)/%.xml: %/index.xml xslt/pearson.xsl
$(PEARSONDIR)/%.report.html: $(PEARSONDIR)/%.xml
mkdir -p $(@D)
$(XMLLINT) --valid --noout --htmlout $< 2> $@
-$(XMLLINT) --valid --noout $< 2> $@
# Validation verification
$(VALIDATEDIR)/%.report.html: %/index.xml
$(VALIDATEDIR)/%.report: %/index.xml
mkdir -p $(@D)
$(XMLLINT) --xinclude --postvalid --noout --htmlout $< 2> $@
-$(XMLLINT) --xinclude --postvalid --noout $< 2> $@
# Find undocumented parameters
undocumented: $(SMBDOTCONFDOC)/parameters.all.xml scripts/find_missing_doc.pl scripts/find_missing_manpages.pl

8
docs/Samba-Guide/Chap01-WindowsNetworkingPrimer.xml
View File

@ -704,7 +704,7 @@
</indexterm>
<indexterm><primary>nobody</primary></indexterm>
Samba has a special name for the <constant>NULL</constant>, or empty, user account.
It calls that the <smbconfoption><name>guest account</name></smbconfoption>. The
It calls that the <smbconfoption name="guest account"/>. The
default value of this parameter is <constant>nobody</constant>; however, this can be
changed to map the function of the guest account to any other UNIX identity. Some
UNIX administrators prefer to map this account to the system default anonymous
@ -1128,7 +1128,7 @@
It should be noted that the <parameter>guest account</parameter> is essential to
Samba operation. Either the operating system must have an account called <constant>nobody</constant>
or there must be an entry in the &smb.conf; file with a valid UNIX account. For example,
<smbconfoption><name>guest account</name><value>ftp</value></smbconfoption>.
<smbconfoption name="guest account">ftp</smbconfoption>.
</para>
</answer>
@ -1238,7 +1238,7 @@
<question>
<para>
Is it necessary to specify <smbconfoption><name>encrypt passwords</name><value>Yes</value></smbconfoption>
Is it necessary to specify <smbconfoption name="encrypt passwords">Yes</smbconfoption>
when Samba-3 is configured as a Domain Member?
</para>
@ -1266,7 +1266,7 @@
<para>
Yes. This is a local function on the server. The default setting is to use the UNIX account
<constant>nobody</constant>. If this account does not exist on the UNIX server, then it is
necessary to provide a <smbconfoption><name>guest account</name><value>an_account</value></smbconfoption>,
necessary to provide a <smbconfoption name="guest account">an_account</smbconfoption>,
where <constant>an_account</constant> is a valid local UNIX user account.
</para>

102
docs/Samba-Guide/Chap02-SimpleOfficeServer.xml
View File

@ -193,13 +193,13 @@
<title>Drafting Office &smb.conf; File</title>
<smbconfcomment>Global Parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>security</name><value>SHARE</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="security">SHARE</smbconfoption>
<smbconfsection>[Plans]</smbconfsection>
<smbconfoption><name>path</name><value>/plans</value></smbconfoption>
<smbconfoption><name>read only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="path">/plans</smbconfoption>
<smbconfoption name="read only">Yes</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
</smbconfexample>
</para></step>
@ -670,39 +670,39 @@ application/octet-stream
<title>Charity Administration Office &smb.conf; File</title>
<smbconfcomment>Global Parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>security</name><value>SHARE</value></smbconfoption>
<smbconfoption><name>printing</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>disable spoolss</name><value>Yes</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>wins support</name><value>yes</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="security">SHARE</smbconfoption>
<smbconfoption name="printing">CUPS</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="disable spoolss">Yes</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="wins support">yes</smbconfoption>
<smbconfsection>[FTMFILES]</smbconfsection>
<smbconfoption><name>comment</name><value>Funds Tracking &amp; Management Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/ftmfiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>force user</name><value>abmas</value></smbconfoption>
<smbconfoption><name>force group</name><value>office</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>nt acl support</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Funds Tracking &amp; Management Files</smbconfoption>
<smbconfoption name="path">/data/ftmfiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="force user">abmas</smbconfoption>
<smbconfoption name="force group">office</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="nt acl support">No</smbconfoption>
<smbconfsection>[office]</smbconfsection>
<smbconfoption><name>comment</name><value>General Office Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/officefiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>force user</name><value>abmas</value></smbconfoption>
<smbconfoption><name>force group</name><value>office</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>nt acl support</name><value>No</value></smbconfoption>
<smbconfoption name="comment">General Office Files</smbconfoption>
<smbconfoption name="path">/data/officefiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="force user">abmas</smbconfoption>
<smbconfoption name="force group">office</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="nt acl support">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>Print Temporary Spool Configuration</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Print Temporary Spool Configuration</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
<procedure>
@ -1283,31 +1283,31 @@ application/octet-stream
<title>Accounting Office Network &smb.conf; File</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>BILLMORE</value></smbconfoption>
<smbconfoption><name>printing</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>disable spoolss</name><value>Yes</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption name="workgroup">BILLMORE</smbconfoption>
<smbconfoption name="printing">CUPS</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="disable spoolss">Yes</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfsection>[files]</smbconfsection>
<smbconfoption><name>comment</name><value>Work area files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/%U</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Work area files</smbconfoption>
<smbconfoption name="path">/data/%U</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[master]</smbconfsection>
<smbconfoption><name>comment</name><value>Master work area files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data</value></smbconfoption>
<smbconfoption><name>valid users</name><value>alan</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Master work area files</smbconfoption>
<smbconfoption name="path">/data</smbconfoption>
<smbconfoption name="valid users">alan</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>Print Temporary Spool Configuration</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Print Temporary Spool Configuration</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
</sect3>

84
docs/Samba-Guide/Chap03-TheSmallOffice.xml
View File

@ -643,63 +643,63 @@ hosts: files wins
<title>Accounting Office Network &smb.conf; File &smbmdash; [globals] Section</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>BILLMORE</value></smbconfoption>
<smbconfoption><name>passwd chat</name><value>*New*Password* \</value></smbconfoption>
<smbconfoption name="workgroup">BILLMORE</smbconfoption>
<smbconfoption name="passwd chat">*New*Password* \</smbconfoption>
<member><parameter>%n\n*Re-enter*new*password* %n\n *Password*changed*</parameter></member>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/usr/sbin/useradd -m '%u'</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/usr/sbin/userdel -r '%u'</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/usr/sbin/groupadd '%g'</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/usr/sbin/groupdel '%g'</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/usr/sbin/usermod -G '%g' '%u'</value></smbconfoption>
<smbconfoption><name>add machine script</name><value>/usr/sbin/useradd \</value></smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="add user script">/usr/sbin/useradd -m '%u'</smbconfoption>
<smbconfoption name="delete user script">/usr/sbin/userdel -r '%u'</smbconfoption>
<smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption>
<smbconfoption name="delete group script">/usr/sbin/groupdel '%g'</smbconfoption>
<smbconfoption name="add user to group script">/usr/sbin/usermod -G '%g' '%u'</smbconfoption>
<smbconfoption name="add machine script">/usr/sbin/useradd \</smbconfoption>
<member><parameter>-s /bin/false -d /var/lib/nobody '%u'</parameter></member>
<smbconfoption><name>logon script</name><value>scripts\login.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value> </value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>CUPS</value></smbconfoption>
<smbconfoption name="logon script">scripts\login.bat</smbconfoption>
<smbconfoption name="logon path"> </smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
<smbconfoption name="printing">CUPS</smbconfoption>
</smbconfexample>
<smbconfexample id="acct3conf">
<title>Accounting Office Network &smb.conf; File &smbmdash; Services and Shares Section</title>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/%U</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/data/%U</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[accounts]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/accounts</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%G</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Accounting Files</smbconfoption>
<smbconfoption name="path">/data/accounts</smbconfoption>
<smbconfoption name="valid users">%G</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[finsvcs]</smbconfsection>
<smbconfoption><name>comment</name><value>Financial Service Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/finsvcs</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%G</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Financial Service Files</smbconfoption>
<smbconfoption name="path">/data/finsvcs</smbconfoption>
<smbconfoption name="valid users">%G</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
</smbconfexample>
<sect2>

148
docs/Samba-Guide/Chap04-SecureOfficeServer.xml
View File

@ -511,7 +511,7 @@ Given 500 Users and 2 years:
</indexterm><indexterm>
<primary>name resolve order</primary>
</indexterm>
WINS serving is enabled by the <smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>,
WINS serving is enabled by the <smbconfoption name="wins support">Yes</smbconfoption>,
and name resolution is set to use it by means of the <smbconfoption><name>name resolve order</name>
<value>wins bcast hosts</value></smbconfoption> entry.
</para></listitem>
@ -531,8 +531,8 @@ Given 500 Users and 2 years:
</indexterm>
Samba is configured to directly interface with CUPS via the direct internal interface
that is provided by CUPS libraries. This is achieved with the
<smbconfoption><name>printing</name><value>CUPS</value></smbconfoption> as well as the
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption> entries.
<smbconfoption name="printing">CUPS</smbconfoption> as well as the
<smbconfoption name="printcap name">CUPS</smbconfoption> entries.
</para></listitem>
<listitem><para><indexterm>
@ -863,100 +863,100 @@ echo -e "\nNAT firewall done.\n"
<title>130 User Network with <emphasis>tdbsam</emphasis> &smbmdash; [globals] Section</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>PROMISES</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>DIAMOND</value></smbconfoption>
<smbconfoption><name>interfaces</name><value>eth1, eth2, lo</value></smbconfoption>
<smbconfoption><name>bind interfaces only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>tdbsam</value></smbconfoption>
<smbconfoption><name>pam password change</name><value>Yes</value></smbconfoption>
<smbconfoption><name>passwd chat</name><value>*New*Password* %n\n *Re-enter*new*password*</value></smbconfoption>
<smbconfoption name="workgroup">PROMISES</smbconfoption>
<smbconfoption name="netbios name">DIAMOND</smbconfoption>
<smbconfoption name="interfaces">eth1, eth2, lo</smbconfoption>
<smbconfoption name="bind interfaces only">Yes</smbconfoption>
<smbconfoption name="passdb backend">tdbsam</smbconfoption>
<smbconfoption name="pam password change">Yes</smbconfoption>
<smbconfoption name="passwd chat">*New*Password* %n\n *Re-enter*new*password*</smbconfoption>
<member><parameter> %n\n *Password*changed*</parameter></member>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>unix password sync</name><value>Yes</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>time server</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/usr/sbin/useradd -m '%u'</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/usr/sbin/userdel -r '%u'</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/usr/sbin/groupadd '%g'</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/usr/sbin/groupdel '%g'</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/usr/sbin/usermod -G '%g' '%u'</value></smbconfoption>
<smbconfoption><name>add machine script</name><value>/usr/sbin/useradd</value></smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="unix password sync">Yes</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="time server">Yes</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="add user script">/usr/sbin/useradd -m '%u'</smbconfoption>
<smbconfoption name="delete user script">/usr/sbin/userdel -r '%u'</smbconfoption>
<smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption>
<smbconfoption name="delete group script">/usr/sbin/groupdel '%g'</smbconfoption>
<smbconfoption name="add user to group script">/usr/sbin/usermod -G '%g' '%u'</smbconfoption>
<smbconfoption name="add machine script">/usr/sbin/useradd</smbconfoption>
<member><parameter>-s /bin/false -d /tmp '%u'</parameter></member>
<smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption>
<smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\\%L\%U</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption><name>utmp</name><value>Yes</value></smbconfoption>
<smbconfoption><name>map acl inherit</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>veto files</name><value>/*.eml/*.nws/*.{*}/</value></smbconfoption>
<smbconfoption><name>veto oplock files</name><value>/*.doc/*.xls/*.mdb/</value></smbconfoption>
<smbconfoption name="shutdown script">/var/lib/samba/scripts/shutdown.sh</smbconfoption>
<smbconfoption name="abort shutdown script">/sbin/shutdown -c</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="logon home">\\%L\%U</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
<smbconfoption name="utmp">Yes</smbconfoption>
<smbconfoption name="map acl inherit">Yes</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="veto files">/*.eml/*.nws/*.{*}/</smbconfoption>
<smbconfoption name="veto oplock files">/*.doc/*.xls/*.mdb/</smbconfoption>
</smbconfexample>
<smbconfexample id="promisnetsvca">
<title>130 User Network with <emphasis>tdbsam</emphasis> &smbmdash; Services Section Part A</title>
<smbconfsection>[IPC$]</smbconfsection>
<smbconfoption><name>path</name><value>/tmp</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>192.168.1.0/24, 192.168.2.0/24, 127.0.0.1</value></smbconfoption>
<smbconfoption><name>hosts deny</name><value>0.0.0.0/0</value></smbconfoption>
<smbconfoption name="path">/tmp</smbconfoption>
<smbconfoption name="hosts allow">192.168.1.0/24, 192.168.2.0/24, 127.0.0.1</smbconfoption>
<smbconfoption name="hosts deny">0.0.0.0/0</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>default devmode</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="default devmode">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>locking</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="locking">No</smbconfoption>
</smbconfexample>
<smbconfexample id="promisnetsvcb">
<title>130 User Network with <emphasis>tdbsam</emphasis> &smbmdash; Services Section Part B</title>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfsection>[accounts]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/accounts</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Accounting Files</smbconfoption>
<smbconfoption name="path">/data/accounts</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[service]</smbconfsection>
<smbconfoption><name>comment</name><value>Financial Services Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/service</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Financial Services Files</smbconfoption>
<smbconfoption name="path">/data/service</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[apps]</smbconfsection>
<smbconfoption><name>comment</name><value>Application Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/apps</value></smbconfoption>
<smbconfoption><name>read only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>admin users</name><value>bjordan</value></smbconfoption>
<smbconfoption name="comment">Application Files</smbconfoption>
<smbconfoption name="path">/apps</smbconfoption>
<smbconfoption name="read only">Yes</smbconfoption>
<smbconfoption name="admin users">bjordan</smbconfoption>
</smbconfexample>
</para></step>
@ -2579,7 +2579,7 @@ Nmap run completed -- 1 IP address (1 host up) scanned in 168 seconds
<question>
<para>
Why does the &smb.conf; file in this exercise include an entry for <smbconfoption><name>smb ports</name></smbconfoption>?
Why does the &smb.conf; file in this exercise include an entry for <smbconfoption name="smb ports"/>?
</para>
</question>

178
docs/Samba-Guide/Chap05-500UserNetwork.xml
View File

@ -939,41 +939,41 @@ hosts: files dns wins
<title>Server: MASSIVE (PDC), File: <filename>/etc/samba/smb.conf</filename></title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MEGANET</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>MASSIVE</value></smbconfoption>
<smbconfoption><name>interfaces</name><value>eth1, lo</value></smbconfoption>
<smbconfoption><name>bind interfaces only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>tdbsam</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/usr/sbin/useradd -m '%u'</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/usr/sbin/userdel -r '%u'</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/usr/sbin/groupadd '%g'</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/usr/sbin/groupdel '%g'</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/usr/sbin/usermod -G '%g' '%u'</value></smbconfoption>
<smbconfoption><name>add machine script</name><value>/usr/sbin/</value></smbconfoption>
<smbconfoption name="workgroup">MEGANET</smbconfoption>
<smbconfoption name="netbios name">MASSIVE</smbconfoption>
<smbconfoption name="interfaces">eth1, lo</smbconfoption>
<smbconfoption name="bind interfaces only">Yes</smbconfoption>
<smbconfoption name="passdb backend">tdbsam</smbconfoption>
<smbconfoption name="add user script">/usr/sbin/useradd -m '%u'</smbconfoption>
<smbconfoption name="delete user script">/usr/sbin/userdel -r '%u'</smbconfoption>
<smbconfoption name="add group script">/usr/sbin/groupadd '%g'</smbconfoption>
<smbconfoption name="delete group script">/usr/sbin/groupdel '%g'</smbconfoption>
<smbconfoption name="add user to group script">/usr/sbin/usermod -G '%g' '%u'</smbconfoption>
<smbconfoption name="add machine script">/usr/sbin/</smbconfoption>
<member><parameter>useradd -s /bin/false -d /var/lib/nobody '%u'</parameter></member>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption><name>include</name><value>/etc/samba/dc-common.conf</value></smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
<smbconfoption name="include">/etc/samba/dc-common.conf</smbconfoption>
<smbconfsection>[IPC$]</smbconfsection>
<smbconfoption><name>path</name><value>/tmp</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>172.16.0.0/16, 127.0.0.1</value></smbconfoption>
<smbconfoption><name>hosts deny</name><value>0.0.0.0/0</value></smbconfoption>
<smbconfoption name="path">/tmp</smbconfoption>
<smbconfoption name="hosts allow">172.16.0.0/16, 127.0.0.1</smbconfoption>
<smbconfoption name="hosts deny">0.0.0.0/0</smbconfoption>
<smbconfsection>[accounts]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/accounts</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Accounting Files</smbconfoption>
<smbconfoption name="path">/data/accounts</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[service]</smbconfsection>
<smbconfoption><name>comment</name><value>Financial Services Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/service</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Financial Services Files</smbconfoption>
<smbconfoption name="path">/data/service</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[pidata]</smbconfsection>
<smbconfoption><name>comment</name><value>Property Insurance Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/pidata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Property Insurance Files</smbconfoption>
<smbconfoption name="path">/data/pidata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
</smbconfexample>
<!-- Two -->
@ -981,73 +981,73 @@ hosts: files dns wins
<title>Server: MASSIVE (PDC), File: <filename>/etc/samba/dc-common.conf</filename></title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption>
<smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\%L\%U</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>include</name><value>/etc/samba/common.conf</value></smbconfoption>
<smbconfoption name="shutdown script">/var/lib/samba/scripts/shutdown.sh</smbconfoption>
<smbconfoption name="abort shutdown script">/sbin/shutdown -c</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="logon home">\%L\%U</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="include">/etc/samba/common.conf</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>locking</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="locking">No</smbconfoption>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
</smbconfexample>
<!-- Three -->
<smbconfexample id="ch5-commonsmb">
<title>Common Samba Configuration File: <filename>/etc/samba/common.conf</filename></title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>time server</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption>
<smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption>
<smbconfoption><name>utmp</name><value>Yes</value></smbconfoption>
<smbconfoption><name>map acl inherit</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>veto files</name><value>/*.eml/*.nws/*.{*}/</value></smbconfoption>
<smbconfoption><name>veto oplock files</name><value>/*.doc/*.xls/*.mdb/</value></smbconfoption>
<smbconfoption><name>include</name><value> </value></smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="time server">Yes</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="shutdown script">/var/lib/samba/scripts/shutdown.sh</smbconfoption>
<smbconfoption name="abort shutdown script">/sbin/shutdown -c</smbconfoption>
<smbconfoption name="utmp">Yes</smbconfoption>
<smbconfoption name="map acl inherit">Yes</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="veto files">/*.eml/*.nws/*.{*}/</smbconfoption>
<smbconfoption name="veto oplock files">/*.doc/*.xls/*.mdb/</smbconfoption>
<smbconfoption name="include"> </smbconfoption>
<smbconfcomment>Share and Service Definitions are common to all servers</smbconfcomment>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>default devmode</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="default devmode">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[apps]</smbconfsection>
<smbconfoption><name>comment</name><value>Application Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/apps</value></smbconfoption>
<smbconfoption><name>admin users</name><value>bjordan</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Application Files</smbconfoption>
<smbconfoption name="path">/apps</smbconfoption>
<smbconfoption name="admin users">bjordan</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
</smbconfexample>
<!-- Four -->
@ -1055,9 +1055,9 @@ hosts: files dns wins
<title>Server: BLDG1 (Member), File: smb.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MEGANET</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>BLDG1</value></smbconfoption>
<smbconfoption><name>include</name><value>/etc/samba/dom-mem.conf</value></smbconfoption>
<smbconfoption name="workgroup">MEGANET</smbconfoption>
<smbconfoption name="netbios name">BLDG1</smbconfoption>
<smbconfoption name="include">/etc/samba/dom-mem.conf</smbconfoption>
</smbconfexample>
<!-- Five -->
@ -1065,9 +1065,9 @@ hosts: files dns wins
<title>Server: BLDG2 (Member), File: smb.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MEGANET</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>BLDG2</value></smbconfoption>
<smbconfoption><name>include</name><value>/etc/samba/dom-mem.conf</value></smbconfoption>
<smbconfoption name="workgroup">MEGANET</smbconfoption>
<smbconfoption name="netbios name">BLDG2</smbconfoption>
<smbconfoption name="include">/etc/samba/dom-mem.conf</smbconfoption>
</smbconfexample>
<!-- Six -->
@ -1075,13 +1075,13 @@ hosts: files dns wins
<title>Common Domain Member Include File: dom-mem.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption>
<smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins server</name><value>172.16.0.1</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>include</name><value>/etc/samba/common.conf</value></smbconfoption>
<smbconfoption name="shutdown script">/var/lib/samba/scripts/shutdown.sh</smbconfoption>
<smbconfoption name="abort shutdown script">/sbin/shutdown -c</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="wins server">172.16.0.1</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
<smbconfoption name="idmap gid">15000-20000</smbconfoption>
<smbconfoption name="include">/etc/samba/common.conf</smbconfoption>
</smbconfexample>
<!-- Seven -->

290
docs/Samba-Guide/Chap06-MakingHappyUsers.xml
View File

@ -1848,56 +1848,56 @@ SID for domain MASSIVE is: S-1-5-21-3504140859-1010554828-2431957765
<title>LDAP Based &smb.conf; File, Server: MASSIVE &smbmdash; global Section: Part A</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>MASSIVE</value></smbconfoption>
<smbconfoption><name>interfaces</name><value>eth1, lo</value></smbconfoption>
<smbconfoption><name>bind interfaces only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>enable privileges</name><value>Yes</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>time server</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/opt/IDEALX/sbin/smbldap-useradd -m "%u"</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/opt/IDEALX/sbin/smbldap-userdel "%u"</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/opt/IDEALX/sbin/smbldap-groupadd -p "%g"</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/opt/IDEALX/sbin/smbldap-groupdel "%g"</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/opt/IDEALX/sbin/</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="netbios name">MASSIVE</smbconfoption>
<smbconfoption name="interfaces">eth1, lo</smbconfoption>
<smbconfoption name="bind interfaces only">Yes</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="enable privileges">Yes</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="time server">Yes</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="add user script">/opt/IDEALX/sbin/smbldap-useradd -m "%u"</smbconfoption>
<smbconfoption name="delete user script">/opt/IDEALX/sbin/smbldap-userdel "%u"</smbconfoption>
<smbconfoption name="add group script">/opt/IDEALX/sbin/smbldap-groupadd -p "%g"</smbconfoption>
<smbconfoption name="delete group script">/opt/IDEALX/sbin/smbldap-groupdel "%g"</smbconfoption>
<smbconfoption name="add user to group script">/opt/IDEALX/sbin/</smbconfoption>
<member><parameter>smbldap-groupmod -m "%u" "%g"</parameter></member>
<smbconfoption><name>delete user from group script</name><value>/opt/IDEALX/sbin/</value></smbconfoption>
<smbconfoption name="delete user from group script">/opt/IDEALX/sbin/</smbconfoption>
<member><parameter>smbldap-groupmod -x "%u" "%g"</parameter></member>
<smbconfoption><name>set primary group script</name><value>/opt/IDEALX/sbin/</value></smbconfoption>
<smbconfoption name="set primary group script">/opt/IDEALX/sbin/</smbconfoption>
<member><parameter>smbldap-usermod -g "%g" "%u"</parameter></member>
<smbconfoption><name>add machine script</name><value>/opt/IDEALX/sbin/smbldap-useradd -w "%u"</value></smbconfoption>
<smbconfoption name="add machine script">/opt/IDEALX/sbin/smbldap-useradd -w "%u"</smbconfoption>
</smbconfexample>
<smbconfexample id="ch6-massive-smbconfb">
<title>LDAP Based &smb.conf; File, Server: MASSIVE &smbmdash; global Section: Part B</title>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>map acl inherit</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, chrisr</value></smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
<smbconfoption name="ldap suffix">dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="map acl inherit">Yes</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printer admin">root, chrisr</smbconfoption>
</smbconfexample>
</sect2>
@ -3207,37 +3207,37 @@ smb: \> q
<title>LDAP Based &smb.conf; File, Server: BLDG1</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>BLDG1</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>enable privileges</name><value>Yes</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>No</value></smbconfoption>
<smbconfoption><name>wins server</name><value>172.16.0.1</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, chrisr</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="netbios name">BLDG1</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="enable privileges">Yes</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="domain master">No</smbconfoption>
<smbconfoption name="wins server">172.16.0.1</smbconfoption>
<smbconfoption name="ldap suffix">dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printer admin">root, chrisr</smbconfoption>
</smbconfexample>
@ -3245,104 +3245,104 @@ smb: \> q
<title>LDAP Based &smb.conf; File, Server: BLDG2</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>BLDG2</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>enable privileges</name><value>Yes</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>No</value></smbconfoption>
<smbconfoption><name>wins server</name><value>172.16.0.1</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, chrisr</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="netbios name">BLDG2</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="enable privileges">Yes</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="domain master">No</smbconfoption>
<smbconfoption name="wins server">172.16.0.1</smbconfoption>
<smbconfoption name="ldap suffix">dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printer admin">root, chrisr</smbconfoption>
</smbconfexample>
<smbconfexample id="ch6-shareconfa">
<title>LDAP Based &smb.conf; File, Shares Section &smbmdash; Part A</title>
<smbconfsection>[accounts]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/accounts</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Accounting Files</smbconfoption>
<smbconfoption name="path">/data/accounts</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[service]</smbconfsection>
<smbconfoption><name>comment</name><value>Financial Services Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/service</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Financial Services Files</smbconfoption>
<smbconfoption name="path">/data/service</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[pidata]</smbconfsection>
<smbconfoption><name>comment</name><value>Property Insurance Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/pidata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Property Insurance Files</smbconfoption>
<smbconfoption name="path">/data/pidata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
<smbconfexample id="ch6-shareconfb">
<title>LDAP Based &smb.conf; File, Shares Section &smbmdash; Part B</title>
<smbconfsection>[apps]</smbconfsection>
<smbconfoption><name>comment</name><value>Application Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/apps</value></smbconfoption>
<smbconfoption><name>admin users</name><value>bjordan</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Application Files</smbconfoption>
<smbconfoption name="path">/apps</smbconfoption>
<smbconfoption name="admin users">bjordan</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>locking</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="locking">No</smbconfoption>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfsection>[profdata]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Data Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profdata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Data Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profdata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/drivers</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>no</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption><name>write list</name><value>root, chrisr</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
<smbconfoption name="guest ok">no</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="write list">root, chrisr</smbconfoption>
</smbconfexample>
<example id="ch6-ldifadd">

288
docs/Samba-Guide/Chap07-2000UserNetwork.xml
View File

@ -1152,209 +1152,209 @@ index default sub
<title>Primary Domain Controller &smb.conf; File &smbmdash; Part A</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>0</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>time server</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/var/lib/samba/sbin/smbldap-useradd.pl -m '%u'</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/var/lib/samba/sbin/smbldap-userdel.pl '%u'</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/var/lib/samba/sbin/smbldap-groupdel.pl '%g'</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/var/lib/samba/sbin/</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">0</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="time server">Yes</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="add user script">/var/lib/samba/sbin/smbldap-useradd.pl -m '%u'</smbconfoption>
<smbconfoption name="delete user script">/var/lib/samba/sbin/smbldap-userdel.pl '%u'</smbconfoption>
<smbconfoption name="add group script">/var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'</smbconfoption>
<smbconfoption name="delete group script">/var/lib/samba/sbin/smbldap-groupdel.pl '%g'</smbconfoption>
<smbconfoption name="add user to group script">/var/lib/samba/sbin/</smbconfoption>
<member><parameter>smbldap-groupmod.pl -m '%g' '%u'</parameter></member>
<smbconfoption><name>delete user from group script</name><value>/var/lib/samba/sbin/</value></smbconfoption>
<smbconfoption name="delete user from group script">/var/lib/samba/sbin/</smbconfoption>
<member><parameter>smbldap-groupmod.pl -x '%g' '%u'</parameter></member>
<smbconfoption><name>set primary group script</name><value>/var/lib/samba/sbin/</value></smbconfoption>
<smbconfoption name="set primary group script">/var/lib/samba/sbin/</smbconfoption>
<member><parameter>smbldap-usermod.pl -g '%g' '%u'</parameter></member>
<smbconfoption><name>add machine script</name><value>/var/lib/samba/sbin/</value></smbconfoption>
<smbconfoption name="add machine script">/var/lib/samba/sbin/</smbconfoption>
<member><parameter>smbldap-useradd.pl -w '%u'</parameter></member>
<smbconfoption><name>shutdown script</name><value>/var/lib/samba/scripts/shutdown.sh</value></smbconfoption>
<smbconfoption><name>abort shutdown script</name><value>/sbin/shutdown -c</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="shutdown script">/var/lib/samba/scripts/shutdown.sh</smbconfoption>
<smbconfoption name="abort shutdown script">/sbin/shutdown -c</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="domain master">Yes</smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
<smbconfoption name="ldap suffix">dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="idmap backend">ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
</smbconfexample>
<smbconfexample id="ch7-massmbconfB">
<title>Primary Domain Controller &smb.conf; File &smbmdash; Part B</title>
<smbconfsection>[IPC$]</smbconfsection>
<smbconfoption><name>path</name><value>/tmp</value></smbconfoption>
<smbconfoption name="path">/tmp</smbconfoption>
<smbconfsection>[accounts]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/accounts</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Accounting Files</smbconfoption>
<smbconfoption name="path">/data/accounts</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[service]</smbconfsection>
<smbconfoption><name>comment</name><value>Financial Services Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/service</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Financial Services Files</smbconfoption>
<smbconfoption name="path">/data/service</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[pidata]</smbconfsection>
<smbconfoption><name>comment</name><value>Property Insurance Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/pidata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Property Insurance Files</smbconfoption>
<smbconfoption name="path">/data/pidata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
<smbconfexample id="ch7-massmbconfC">
<title>Primary Domain Controller &smb.conf; File &smbmdash; Part C</title>
<smbconfsection>[apps]</smbconfsection>
<smbconfoption><name>comment</name><value>Application Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/apps</value></smbconfoption>
<smbconfoption><name>admin users</name><value>bjones</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Application Files</smbconfoption>
<smbconfoption name="path">/apps</smbconfoption>
<smbconfoption name="admin users">bjones</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, Administrator</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>locking</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="admin users">root, Administrator</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="locking">No</smbconfoption>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfsection>[profdata]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Data Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profdata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Data Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profdata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/drivers</value></smbconfoption>
<smbconfoption><name>write list</name><value>root</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, Administrator</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="write list">root</smbconfoption>
<smbconfoption name="admin users">root, Administrator</smbconfoption>
</smbconfexample>
<smbconfexample id="ch7-slvsmbocnfA">
<title>Backup Domain Controller &smb.conf; File &smbmdash; Part A</title>
<smbconfcomment># Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>BLDG1</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://lapdc.abmas.biz</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>X:</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>63</value></smbconfoption>
<smbconfoption><name>domain master</name><value>No</value></smbconfoption>
<smbconfoption><name>wins server</name><value>192.168.2.1</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>utmp</name><value>Yes</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap://massive.abmas.biz</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="netbios name">BLDG1</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://lapdc.abmas.biz</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">X:</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="os level">63</smbconfoption>
<smbconfoption name="domain master">No</smbconfoption>
<smbconfoption name="wins server">192.168.2.1</smbconfoption>
<smbconfoption name="ldap suffix">dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="utmp">Yes</smbconfoption>
<smbconfoption name="idmap backend">ldap://massive.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection>[accounts]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/accounts</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Accounting Files</smbconfoption>
<smbconfoption name="path">/data/accounts</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[service]</smbconfsection>
<smbconfoption><name>comment</name><value>Financial Services Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/service</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Financial Services Files</smbconfoption>
<smbconfoption name="path">/data/service</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
</smbconfexample>
<smbconfexample id="ch7-slvsmbocnfB">
<title>Backup Domain Controller &smb.conf; File &smbmdash; Part B</title>
<smbconfsection>[pidata]</smbconfsection>
<smbconfoption><name>comment</name><value>Property Insurance Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/pidata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Property Insurance Files</smbconfoption>
<smbconfoption name="path">/data/pidata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[apps]</smbconfsection>
<smbconfoption><name>comment</name><value>Application Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/apps</value></smbconfoption>
<smbconfoption><name>admin users</name><value>bjones</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Application Files</smbconfoption>
<smbconfoption name="path">/apps</smbconfoption>
<smbconfoption name="admin users">bjones</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>locking</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="locking">No</smbconfoption>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfsection>[profdata]</smbconfsection>
<smbconfoption><name>comment</name><value>Profile Data Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profdata</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Profile Data Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profdata</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
</smbconfexample>
<sect2>

8
docs/Samba-Guide/Chap08-MigrateNT4Samba3.xml
View File

@ -416,7 +416,7 @@
<primary>BDC</primary>
</indexterm>
Edit the &smb.conf; file to temporarily change the parameter
<smbconfoption><name>domain master</name><value>No</value></smbconfoption> so
<smbconfoption name="domain master">No</smbconfoption> so
the Samba server functions as a BDC for the purpose of migration. Also, temporarily
(only during domain account migration) comment out the lines that specify deletion
scripts (delete user script, etc.).
@ -597,7 +597,7 @@ SAM_DELTA_DOMAIN_INFO not handled
<primary>PDC</primary>
</indexterm>
Edit the &smb.conf; file to reset the parameter
<smbconfoption><name>domain master</name><value>Yes</value></smbconfoption> so that
<smbconfoption name="domain master">Yes</smbconfoption> so that
the Samba server functions as a PDC for the purpose of migration.
</para></step>
</procedure>
@ -664,7 +664,7 @@ gidNumber: 1000
<primary>BDC</primary>
</indexterm>
Edit the &smb.conf; file to temporarily change the parameter
<smbconfoption><name>domain master</name><value>No</value></smbconfoption> so
<smbconfoption name="domain master">No</smbconfoption> so
the Samba server functions as a BDC for the purpose of migration.
</para></step>
@ -824,7 +824,7 @@ Users Ordinary users
<primary>PDC</primary>
</indexterm>
Edit the &smb.conf; file to reset the parameter
<smbconfoption><name>domain master</name><value>Yes</value></smbconfoption> so
<smbconfoption name="domain master">Yes</smbconfoption> so
the Samba server functions as a PDC for the purpose of migration.
</para></step>
</procedure>

266
docs/Samba-Guide/Chap08b-MigrateNW4Samba3.xml
View File

@ -533,199 +533,199 @@ shadow: files ldap
<title>Samba Configuration File &smbmdash; smb.conf Part A</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>MASSIVE</value></smbconfoption>
<smbconfoption><name>server string</name><value>Corp File Server</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://localhost</value></smbconfoption>
<smbconfoption><name>pam password change</name><value>Yes</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>log file</name><value>/data/samba/log/%m.log</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins host bcast</value></smbconfoption>
<smbconfoption><name>time server</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/opt/IDEALX/sbin/smbldap-useradd -m "%u"</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/opt/IDEALX/sbin/smbldap-groupadd -p "%g"</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value></value></smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="netbios name">MASSIVE</smbconfoption>
<smbconfoption name="server string">Corp File Server</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://localhost</smbconfoption>
<smbconfoption name="pam password change">Yes</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="log file">/data/samba/log/%m.log</smbconfoption>
<smbconfoption name="name resolve order">wins host bcast</smbconfoption>
<smbconfoption name="time server">Yes</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="add user script">/opt/IDEALX/sbin/smbldap-useradd -m "%u"</smbconfoption>
<smbconfoption name="add group script">/opt/IDEALX/sbin/smbldap-groupadd -p "%g"</smbconfoption>
<smbconfoption name="add user to group script"></smbconfoption>
<member><parameter>/opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"</parameter></member>
<smbconfoption><name>delete user from group script</name><value></value></smbconfoption>
<smbconfoption name="delete user from group script"></smbconfoption>
<member><parameter>/opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"</parameter></member>
<smbconfoption><name>set primary group script</name><value></value></smbconfoption>
<smbconfoption name="set primary group script"></smbconfoption>
<member><parameter>/opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"</parameter></member>
<smbconfoption><name>add machine script</name><value>/usr/local/sbin/smbldap-useradd -w "%m"</value></smbconfoption>
<smbconfoption><name>logon script</name><value>logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%U\%a</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>H:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\\%L\%U</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap passwd sync</name><value>Yes</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>ou=MEGANET2,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap ssl</name><value>no</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, "@Domain Admins"</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>"@Domain Admins"</value></smbconfoption>
<smbconfoption><name>force printername</name><value>Yes</value></smbconfoption>
<smbconfoption name="add machine script">/usr/local/sbin/smbldap-useradd -w "%m"</smbconfoption>
<smbconfoption name="logon script">logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%U\%a</smbconfoption>
<smbconfoption name="logon drive">H:</smbconfoption>
<smbconfoption name="logon home">\\%L\%U</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="ldap suffix">ou=MEGANET2,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="admin users">root, "@Domain Admins"</smbconfoption>
<smbconfoption name="printer admin">"@Domain Admins"</smbconfoption>
<smbconfoption name="force printername">Yes</smbconfoption>
</smbconfexample>
<smbconfexample id="ch8smbconf2">
<title>Samba Configuration File &smbmdash; smb.conf Part B</title>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network logon service</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/netlogon</value></smbconfoption>
<smbconfoption><name>write list</name><value>"@Domain Admins"</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Network logon service</smbconfoption>
<smbconfoption name="path">/data/samba/netlogon</smbconfoption>
<smbconfoption name="write list">"@Domain Admins"</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Roaming Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/profiles/</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption><name>veto files</name><value>desktop.ini</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Roaming Profile Share</smbconfoption>
<smbconfoption name="path">/data/samba/profiles/</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfoption name="veto files">desktop.ini</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0770</value></smbconfoption>
<smbconfoption><name>veto files</name><value>desktop.ini</value></smbconfoption>
<smbconfoption><name>hide files</name><value>desktop.ini</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="create mask">0770</smbconfoption>
<smbconfoption name="veto files">desktop.ini</smbconfoption>
<smbconfoption name="hide files">desktop.ini</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[software]</smbconfsection>
<smbconfoption><name>comment</name><value>Software for %a computers</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/shares/software/%a</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Software for %a computers</smbconfoption>
<smbconfoption name="path">/data/samba/shares/software/%a</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfsection>[public]</smbconfsection>
<smbconfoption><name>comment</name><value>Public Files</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/shares/public</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Public Files</smbconfoption>
<smbconfoption name="path">/data/samba/shares/public</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfsection>[PDF]</smbconfsection>
<smbconfoption><name>comment</name><value>Location of documents printed to PDFCreator printer</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/shares/pdf</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Location of documents printed to PDFCreator printer</smbconfoption>
<smbconfoption name="path">/data/samba/shares/pdf</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
</smbconfexample>
<smbconfexample id="ch8smbconf3">
<title>Samba Configuration File &smbmdash; smb.conf Part C</title>
<smbconfsection>[EVERYTHING]</smbconfsection>
<smbconfoption><name>comment</name><value>All shares</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba</value></smbconfoption>
<smbconfoption><name>valid users</name><value>"@Domain Admins"</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All shares</smbconfoption>
<smbconfoption name="path">/data/samba</smbconfoption>
<smbconfoption name="valid users">"@Domain Admins"</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[CDROM]</smbconfsection>
<smbconfoption><name>comment</name><value>CD-ROM on MASSIVE</value></smbconfoption>
<smbconfoption><name>path</name><value>/mnt</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">CD-ROM on MASSIVE</smbconfoption>
<smbconfoption name="path">/mnt</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/drivers</value></smbconfoption>
<smbconfoption><name>write list</name><value>root</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers Share</smbconfoption>
<smbconfoption name="path">/data/samba/drivers</smbconfoption>
<smbconfoption name="write list">root</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/spool</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0644</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/data/samba/spool</smbconfoption>
<smbconfoption name="create mask">0644</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[acct_hp8500]</smbconfsection>
<smbconfoption><name>comment</name><value>"Accounting Color Laser Printer"</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/spool/private</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@acct, @acct_admin, @hr, "@Domain Admins",\</value></smbconfoption>
<smbconfoption name="comment">"Accounting Color Laser Printer"</smbconfoption>
<smbconfoption name="path">/data/samba/spool/private</smbconfoption>
<smbconfoption name="valid users">@acct, @acct_admin, @hr, "@Domain Admins",\</smbconfoption>
<member><parameter>@Receptionist, dwayne, terri, danae, jerry</parameter></member>
<smbconfoption><name>create mask</name><value>0644</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>copy</name><value>printers</value></smbconfoption>
<smbconfoption name="create mask">0644</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="copy">printers</smbconfoption>
<smbconfsection>[plotter]</smbconfsection>
<smbconfoption><name>comment</name><value>Engineering Plotter</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/samba/spool</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0644</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>copy</name><value>printers</value></smbconfoption>
<smbconfoption name="comment">Engineering Plotter</smbconfoption>
<smbconfoption name="path">/data/samba/spool</smbconfoption>
<smbconfoption name="create mask">0644</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="copy">printers</smbconfoption>
</smbconfexample>
<smbconfexample id="ch8smbconf4">
<title>Samba Configuration File &smbmdash; smb.conf Part D</title>
<smbconfsection>[APPS]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/Apps</value></smbconfoption>
<smbconfoption><name>force group</name><value>"Domain Users"</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/Apps</smbconfoption>
<smbconfoption name="force group">"Domain Users"</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[ACCT]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/Accounting</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@acct, "@Domain Admins"</value></smbconfoption>
<smbconfoption><name>force group</name><value>acct</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0660</value></smbconfoption>
<smbconfoption><name>directory mask</name><value>0770</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/Accounting</smbconfoption>
<smbconfoption name="valid users">@acct, "@Domain Admins"</smbconfoption>
<smbconfoption name="force group">acct</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="create mask">0660</smbconfoption>
<smbconfoption name="directory mask">0770</smbconfoption>
<smbconfsection>[ACCT_ADMIN]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/Acct_Admin</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@”acct_admin”</value></smbconfoption>
<smbconfoption><name>force group</name><value>acct_admin</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/Acct_Admin</smbconfoption>
<smbconfoption name="valid users">@”acct_admin”</smbconfoption>
<smbconfoption name="force group">acct_admin</smbconfoption>
<smbconfsection>[HR_PR]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/HR_PR</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@hr, @acct_admin</value></smbconfoption>
<smbconfoption><name>force group</name><value>hr</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/HR_PR</smbconfoption>
<smbconfoption name="valid users">@hr, @acct_admin</smbconfoption>
<smbconfoption name="force group">hr</smbconfoption>
<smbconfsection>[ENGR]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/Engr</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@engr, @receptionist, @truss, "@Domain Admins", cheri</value></smbconfoption>
<smbconfoption><name>force group</name><value>engr</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0770</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/Engr</smbconfoption>
<smbconfoption name="valid users">@engr, @receptionist, @truss, "@Domain Admins", cheri</smbconfoption>
<smbconfoption name="force group">engr</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="create mask">0770</smbconfoption>
<smbconfsection>[DATA]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/DATA</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@engr, @receptionist, @truss, "@Domain Admins", cheri</value></smbconfoption>
<smbconfoption><name>force group</name><value>engr</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0770</value></smbconfoption>
<smbconfoption><name>copy</name><value>engr</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/DATA</smbconfoption>
<smbconfoption name="valid users">@engr, @receptionist, @truss, "@Domain Admins", cheri</smbconfoption>
<smbconfoption name="force group">engr</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="create mask">0770</smbconfoption>
<smbconfoption name="copy">engr</smbconfoption>
</smbconfexample>
<smbconfexample id="ch8smbconf5">
<title>Samba Configuration File &smbmdash; smb.conf Part E</title>
<smbconfsection>[X]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/X</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@engr, @acct</value></smbconfoption>
<smbconfoption><name>force group</name><value>engr</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0770</value></smbconfoption>
<smbconfoption><name>copy</name><value>engr</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/X</smbconfoption>
<smbconfoption name="valid users">@engr, @acct</smbconfoption>
<smbconfoption name="force group">engr</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="create mask">0770</smbconfoption>
<smbconfoption name="copy">engr</smbconfoption>
<smbconfsection>[NETWORK]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/network</value></smbconfoption>
<smbconfoption><name>valid users</name><value>"@Domain Users"</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0770</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/network</smbconfoption>
<smbconfoption name="valid users">"@Domain Users"</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="create mask">0770</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfsection>[UTILS]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/Utils</value></smbconfoption>
<smbconfoption><name>write list</name><value>"@Domain Admins"</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/Utils</smbconfoption>
<smbconfoption name="write list">"@Domain Admins"</smbconfoption>
<smbconfsection>[SYS]</smbconfsection>
<smbconfoption><name>path</name><value>/data/samba/shares/SYS</value></smbconfoption>
<smbconfoption><name>valid users</name><value>chad</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="path">/data/samba/shares/SYS</smbconfoption>
<smbconfoption name="valid users">chad</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
<para>

208
docs/Samba-Guide/Chap09-AddingUNIXClients.xml
View File

@ -201,7 +201,7 @@
<primary>mapping</primary>
</indexterm>
If the parameter
<smbconfoption><name>idmap backend</name><value>ldap:ldap://myserver.domain</value></smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://myserver.domain</smbconfoption>
was specified and the LDAP server has been configured with a container in which it may
store the IDMAP entries, all Domain Members may share a common mapping.
</para></listitem>
@ -230,7 +230,7 @@
</indexterm>
If you wish to make use of accounts (users and/or groups) that are local to (i.e., capable
of being resolved using) the name service switch (NSS) facility, it is imperative to use the
<smbconfoption><name>winbind enable local accounts</name><value>Yes</value></smbconfoption>
<smbconfoption name="winbind enable local accounts">Yes</smbconfoption>
in the &smb.conf; file. This parameter specifically applies only to Domain Controllers,
not to Domain Member servers.
</para></listitem>
@ -278,7 +278,7 @@
</indexterm>
In the situation where UNIX accounts are held on the Domain Member server itself, the only effective
way to use them involves the &smb.conf; entry
<smbconfoption><name>winbind trusted domains only</name><value>Yes</value></smbconfoption>. This forces
<smbconfoption name="winbind trusted domains only">Yes</smbconfoption>. This forces
Samba (<command>smbd</command>) to perform a <command>getpwnam()</command> system call that can
then be controlled via <filename>/etc/nsswitch.conf</filename> file settings. The use of this parameter
disables the use of Samba with Trusted Domains (i.e., External Domains).
@ -672,49 +672,49 @@ Joined domain MEGANET2.
<title>Samba Domain Member in Samba Domain Control Context &smbmdash; &smb.conf; File</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>security</name><value>DOMAIN</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>10</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>wins server</name><value>192.168.2.1</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager,dc=abmas,dc=biz</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://lapdc.abmas.biz</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>winbind trusted domains only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="security">DOMAIN</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">10</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="wins server">192.168.2.1</smbconfoption>
<smbconfoption name="ldap suffix">dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager,dc=abmas,dc=biz</smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://lapdc.abmas.biz</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="winbind trusted domains only">Yes</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/drivers</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, Administrator</value></smbconfoption>
<smbconfoption><name>write list</name><value>root</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="admin users">root, Administrator</smbconfoption>
<smbconfoption name="write list">root</smbconfoption>
</smbconfexample>
<example id="ch9-ldifadd">
@ -970,45 +970,45 @@ MEGANET2+PIOps:x:10005:
<title>Samba Domain Member Server &smb.conf; File for NT4 Domain</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>MEGANET2</value></smbconfoption>
<smbconfoption><name>security</name><value>DOMAIN</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>0</value></smbconfoption>
<smbconfoption><name>smb ports</name><value>139 445</value></smbconfoption>
<smbconfoption><name>name resolve order</name><value>wins bcast hosts</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>wins server</name><value>192.168.2.1</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>template primary group</name><value>"Domain Users"</value></smbconfoption>
<smbconfoption><name>template shell</name><value>/bin/bash</value></smbconfoption>
<smbconfoption><name>winbind separator</name><value>+</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>192.168.2., 192.168.3., 127.</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">MEGANET2</smbconfoption>
<smbconfoption name="security">DOMAIN</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">0</smbconfoption>
<smbconfoption name="smb ports">139 445</smbconfoption>
<smbconfoption name="name resolve order">wins bcast hosts</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="wins server">192.168.2.1</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="template primary group">"Domain Users"</smbconfoption>
<smbconfoption name="template shell">/bin/bash</smbconfoption>
<smbconfoption name="winbind separator">+</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="hosts allow">192.168.2., 192.168.3., 127.</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/drivers</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, Administrator</value></smbconfoption>
<smbconfoption><name>write list</name><value>root</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="admin users">root, Administrator</smbconfoption>
<smbconfoption name="write list">root</smbconfoption>
</smbconfexample>
<example id="ch9-nsswbnd">
@ -1642,43 +1642,43 @@ data = "\00\00\00\00bp\00\00\06krbtgt\06krbtgt-
<title>Samba Domain Member &smb.conf; File for Active Directory Membership</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>unix charset</name><value>LOCALE</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>LONDON</value></smbconfoption>
<smbconfoption><name>realm</name><value>LONDON.ABMAS.BIZ</value></smbconfoption>
<smbconfoption><name>server string</name><value>Samba 3.0.12</value></smbconfoption>
<smbconfoption><name>security</name><value>ADS</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>log level</name><value>1</value></smbconfoption>
<smbconfoption><name>syslog</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%m</value></smbconfoption>
<smbconfoption><name>max log size</name><value>50</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>CUPS</value></smbconfoption>
<smbconfoption><name>ldap ssl</name><value>no</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption><name>template primary group</name><value>"Domain Users"</value></smbconfoption>
<smbconfoption><name>template shell</name><value>/bin/bash</value></smbconfoption>
<smbconfoption><name>winbind separator</name><value>+</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="unix charset">LOCALE</smbconfoption>
<smbconfoption name="workgroup">LONDON</smbconfoption>
<smbconfoption name="realm">LONDON.ABMAS.BIZ</smbconfoption>
<smbconfoption name="server string">Samba 3.0.12</smbconfoption>
<smbconfoption name="security">ADS</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="log level">1</smbconfoption>
<smbconfoption name="syslog">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%m</smbconfoption>
<smbconfoption name="max log size">50</smbconfoption>
<smbconfoption name="printcap name">CUPS</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfoption name="template primary group">"Domain Users"</smbconfoption>
<smbconfoption name="template shell">/bin/bash</smbconfoption>
<smbconfoption name="winbind separator">+</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>SMB Print Spool</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">SMB Print Spool</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/drivers</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, Administrator</value></smbconfoption>
<smbconfoption><name>write list</name><value>root</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="admin users">root, Administrator</smbconfoption>
<smbconfoption name="write list">root</smbconfoption>
</smbconfexample>
</sect2>

4
docs/Samba-Guide/Chap10-KerberosFastStart.xml
View File

@ -1188,7 +1188,7 @@
</indexterm>
On Domain Member servers and clients, even when the <parameter>winbind use default domain</parameter> has
been specified, the use of Domain accounts in security controls requires fully qualified Domain specification,
for example, <smbconfoption><name>valid users</name><value>@"MEGANET\Northern Engineers"</value></smbconfoption>.
for example, <smbconfoption name="valid users">@"MEGANET\Northern Engineers"</smbconfoption>.
Note the necessity to use the double quotes to avoid having the space in the Windows group name interpreted as a
delimiter.
</para></note>
@ -1953,7 +1953,7 @@ other::r-x
</indexterm>
Yes. This was fixed in Samba-3.0.2. The use of this parameter is strongly recommended as a safeguard
on the <smbconfsection>[homes]</smbconfsection> meta-service. The correct way to specify this is:
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>.
<smbconfoption name="valid users">%S</smbconfoption>.
</para>
</answer>

24
docs/Samba-Guide/Chap10b-DomainAppsSupport.xml
View File

@ -698,25 +698,25 @@ password: XXXXXXXX
<smbconfexample id="ch10-smbconf">
<title>Samba Configuration &smbmdash; File: <filename>/etc/samba/smb.conf</filename></title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>LONDON</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>W2K3S</value></smbconfoption>
<smbconfoption><name>realm</name><value>LONDON.ABMAS.BIZ</value></smbconfoption>
<smbconfoption><name>security</name><value>ads</value></smbconfoption>
<smbconfoption><name>encrypt passwords</name><value>yes</value></smbconfoption>
<smbconfoption><name>password server</name><value>w2k3s.london.abmas.biz</value></smbconfoption>
<smbconfoption name="workgroup">LONDON</smbconfoption>
<smbconfoption name="netbios name">W2K3S</smbconfoption>
<smbconfoption name="realm">LONDON.ABMAS.BIZ</smbconfoption>
<smbconfoption name="security">ads</smbconfoption>
<smbconfoption name="encrypt passwords">yes</smbconfoption>
<smbconfoption name="password server">w2k3s.london.abmas.biz</smbconfoption>
<smbconfcomment>separate domain and username with '/', like DOMAIN/username</smbconfcomment>
<smbconfoption><name>winbind separator</name><value>/</value></smbconfoption>
<smbconfoption name="winbind separator">/</smbconfoption>
<smbconfcomment>use UIDs from 10000 to 20000 for domain users</smbconfcomment>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
# use GIDs from 10000 to 20000 for domain groups
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfcomment>allow enumeration of winbind users and groups</smbconfcomment>
<smbconfoption><name>winbind enum users</name><value>yes</value></smbconfoption>
<smbconfoption><name>winbind enum groups</name><value>yes</value></smbconfoption>
<smbconfoption><name>winbind user default domain</name><value>yes</value></smbconfoption>
<smbconfoption name="winbind enum users">yes</smbconfoption>
<smbconfoption name="winbind enum groups">yes</smbconfoption>
<smbconfoption name="winbind user default domain">yes</smbconfoption>
</smbconfexample>
<example id="ch10-etcnsscfg">

130
docs/Samba-HOWTO-Collection/AccessControls.xml
View File

@ -478,11 +478,11 @@ Before using any of the following options, please refer to the man page for &smb
<para>
User and group-based controls can prove quite useful. In some situations it is distinctly desirable to affect all
file system operations as if a single user were doing so. The use of the <smbconfoption><name>force user</name></smbconfoption> and
<smbconfoption><name>force group</name></smbconfoption> behavior will achieve this. In other situations it may be necessary to effect a
file system operations as if a single user were doing so. The use of the <smbconfoption name="force user"/> and
<smbconfoption name="force group"/> behavior will achieve this. In other situations it may be necessary to effect a
paranoia level of control to ensure that only particular authorized persons will be able to access a share or
its contents. Here the use of the <smbconfoption><name>valid users</name></smbconfoption> or the
<smbconfoption><name>invalid users</name></smbconfoption> may be most useful.
its contents. Here the use of the <smbconfoption name="valid users"/> or the
<smbconfoption name="invalid users"/> may be most useful.
</para>
<para>
@ -508,7 +508,7 @@ Before using any of the following options, please refer to the man page for &smb
</thead>
<tbody>
<row>
<entry><smbconfoption><name>admin users</name></smbconfoption></entry>
<entry><smbconfoption name="admin users"/></entry>
<entry><para>
List of users who will be granted administrative privileges on the share.
They will do all file operations as the super-user (root).
@ -517,59 +517,59 @@ Before using any of the following options, please refer to the man page for &smb
</para></entry>
</row>
<row>
<entry><smbconfoption><name>force group</name></smbconfoption></entry>
<entry><smbconfoption name="force group"/></entry>
<entry><para>
Specifies a UNIX group name that will be assigned as the default primary group
for all users connecting to this service.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>force user</name></smbconfoption></entry>
<entry><smbconfoption name="force user"/></entry>
<entry><para>
Specifies a UNIX user name that will be assigned as the default user for all users connecting to this service.
This is useful for sharing files. Incorrect use can cause security problems.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>guest ok</name></smbconfoption></entry>
<entry><smbconfoption name="guest ok"/></entry>
<entry><para>
If this parameter is set for a service, then no password is required to connect to the service. Privileges will be
those of the guest account.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>invalid users</name></smbconfoption></entry>
<entry><smbconfoption name="invalid users"/></entry>
<entry><para>
List of users that should not be allowed to login to this service.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>only user</name></smbconfoption></entry>
<entry><smbconfoption name="only user"/></entry>
<entry><para>
Controls whether connections with usernames not in the user list will be allowed.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>read list</name></smbconfoption></entry>
<entry><smbconfoption name="read list"/></entry>
<entry><para>
List of users that are given read-only access to a service. Users in this list
will not be given write access, no matter what the read only option is set to.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>username</name></smbconfoption></entry>
<entry><smbconfoption name="username"/></entry>
<entry><para>
Refer to the &smb.conf; man page for more information -- this is a complex and potentially misused parameter.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>valid users</name></smbconfoption></entry>
<entry><smbconfoption name="valid users"/></entry>
<entry><para>
List of users that should be allowed to login to this service.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>write list</name></smbconfoption></entry>
<entry><smbconfoption name="write list"/></entry>
<entry><para>
List of users that are given read-write access to a service.
</para></entry>
@ -607,67 +607,67 @@ Before using any of the following options, please refer to the man page for &smb
</thead>
<tbody>
<row>
<entry><smbconfoption><name>create mask</name></smbconfoption></entry>
<entry><smbconfoption name="create mask"/></entry>
<entry><para>
Refer to the &smb.conf; man page.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>directory mask</name></smbconfoption></entry>
<entry><smbconfoption name="directory mask"/></entry>
<entry><para>
The octal modes used when converting DOS modes to UNIX modes when creating UNIX directories.
See also: directory security mask.
</para></entry></row>
<row>
<entry><smbconfoption><name>dos filemode</name></smbconfoption></entry>
<entry><smbconfoption name="dos filemode"/></entry>
<entry><para>
Enabling this parameter allows a user who has write access to the file to modify the permissions on it.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>force create mode</name></smbconfoption></entry>
<entry><smbconfoption name="force create mode"/></entry>
<entry><para>
This parameter specifies a set of UNIX mode bit permissions that will always be set on a file created by Samba.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>force directory mode</name></smbconfoption></entry>
<entry><smbconfoption name="force directory mode"/></entry>
<entry><para>
This parameter specifies a set of UNIX mode bit permissions that will always be set on a directory created by Samba.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>force directory security mode</name></smbconfoption></entry>
<entry><smbconfoption name="force directory security mode"/></entry>
<entry><para>
Controls UNIX permission bits modified when a Windows NT client is manipulating UNIX permissions on a directory.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>force security mode</name></smbconfoption></entry>
<entry><smbconfoption name="force security mode"/></entry>
<entry><para>
Controls UNIX permission bits modified when a Windows NT client manipulates UNIX permissions.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>hide unreadable</name></smbconfoption></entry>
<entry><smbconfoption name="hide unreadable"/></entry>
<entry><para>
Prevents clients from seeing the existence of files that cannot be read.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>hide unwriteable files</name></smbconfoption></entry>
<entry><smbconfoption name="hide unwriteable files"/></entry>
<entry><para>
Prevents clients from seeing the existence of files that cannot be written to. Unwriteable directories are shown as usual.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>nt acl support</name></smbconfoption></entry>
<entry><smbconfoption name="nt acl support"/></entry>
<entry><para>
This parameter controls whether smbd will attempt to map UNIX permissions into Windows NT access control lists.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>security mask</name></smbconfoption></entry>
<entry><smbconfoption name="security mask"/></entry>
<entry><para>
Controls UNIX permission bits modified when a Windows NT client is manipulating the UNIX permissions on a file.
</para></entry>
@ -699,9 +699,9 @@ Before using any of the following options, please refer to the man page for &smb
<tbody>
<row>
<entry>
<smbconfoption><name>case sensitive</name></smbconfoption>,
<smbconfoption><name>default case</name></smbconfoption>,
<smbconfoption><name>short preserve case</name></smbconfoption>
<smbconfoption name="case sensitive"/>,
<smbconfoption name="default case"/>,
<smbconfoption name="short preserve case"/>
</entry>
<entry><para>
This means that all file name lookup will be done in a case sensitive manner.
@ -709,32 +709,32 @@ Before using any of the following options, please refer to the man page for &smb
</para></entry>
</row>
<row>
<entry><smbconfoption><name>csc policy</name></smbconfoption></entry>
<entry><smbconfoption name="csc policy"/></entry>
<entry><para>
Client Side Caching Policy - parallels MS Windows client side file caching capabilities.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>dont descend</name></smbconfoption></entry>
<entry><smbconfoption name="dont descend"/></entry>
<entry><para>
Allows specifying a comma-delimited list of directories that the server should always show as empty.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>dos filetime resolution</name></smbconfoption></entry>
<entry><smbconfoption name="dos filetime resolution"/></entry>
<entry><para>
This option is mainly used as a compatibility option for Visual C++ when used against Samba shares.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>dos filetimes</name></smbconfoption></entry>
<entry><smbconfoption name="dos filetimes"/></entry>
<entry><para>
DOS and Windows allow users to change file time stamps if they can write to the file. POSIX semantics prevent this.
This option allows DOS and Windows behavior.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>fake oplocks</name></smbconfoption></entry>
<entry><smbconfoption name="fake oplocks"/></entry>
<entry><para>
Oplocks are the way that SMB clients get permission from a server to locally cache file operations. If a server grants an
oplock, the client is free to assume that it is the only one accessing the file and it will aggressively cache file data.
@ -742,22 +742,22 @@ Before using any of the following options, please refer to the man page for &smb
</row>
<row>
<entry>
<smbconfoption><name>hide dot files</name></smbconfoption>,
<smbconfoption><name>hide files</name></smbconfoption>,
<smbconfoption><name>veto files</name></smbconfoption>
<smbconfoption name="hide dot files"/>,
<smbconfoption name="hide files"/>,
<smbconfoption name="veto files"/>
</entry>
<entry><para>
Note: MS Windows Explorer allows over-ride of files marked as hidden so they will still be visible.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>read only</name></smbconfoption></entry>
<entry><smbconfoption name="read only"/></entry>
<entry><para>
If this parameter is yes, then users of a service may not create or modify files in the service's directory.
</para></entry>
</row>
<row>
<entry><smbconfoption><name>veto files</name></smbconfoption></entry>
<entry><smbconfoption name="veto files"/></entry>
<entry><para>
List of files and directories that are neither visible nor accessible.
</para></entry>
@ -953,7 +953,7 @@ Before using any of the following options, please refer to the man page for &smb
</para>
<para>
If the parameter <smbconfoption><name>nt acl support</name></smbconfoption> is set to <constant>false</constant>,
If the parameter <smbconfoption name="nt acl support"/> is set to <constant>false</constant>,
the file owner will be shown as the NT user <emphasis>Everyone</emphasis>.
</para>
@ -991,7 +991,7 @@ Before using any of the following options, please refer to the man page for &smb
GECOS field of the UNIX password database).</para>
<para>
If the parameter <smbconfoption><name>nt acl support</name></smbconfoption> is set to <constant>false</constant>,
If the parameter <smbconfoption name="nt acl support"/> is set to <constant>false</constant>,
the file owner will be shown as the NT user <constant>Everyone</constant> and the permissions will be
shown as NT <quote>Full Control</quote>.
</para>
@ -1049,7 +1049,7 @@ Before using any of the following options, please refer to the man page for &smb
with the standard Samba permission masks and mapping of DOS
attributes that need to also be taken into account.</para>
<para>If the parameter <smbconfoption><name>nt acl support</name></smbconfoption>
<para>If the parameter <smbconfoption name="nt acl support"/>
is set to <constant>false</constant>, any attempt to set
security permissions will fail with an <errorname>`Access Denied'
</errorname> message.</para>
@ -1097,10 +1097,10 @@ Before using any of the following options, please refer to the man page for &smb
These are:
<itemizedlist>
<listitem><smbconfoption><name>security mask</name></smbconfoption></listitem>
<listitem><smbconfoption><name>force security mode</name></smbconfoption></listitem>
<listitem><smbconfoption><name>directory security mask</name></smbconfoption></listitem>
<listitem><smbconfoption><name>force directory security mode</name></smbconfoption></listitem>
<listitem><smbconfoption name="security mask"/></listitem>
<listitem><smbconfoption name="force security mode"/></listitem>
<listitem><smbconfoption name="directory security mask"/></listitem>
<listitem><smbconfoption name="force directory security mode"/></listitem>
</itemizedlist>
</para>
@ -1109,22 +1109,22 @@ Before using any of the following options, please refer to the man page for &smb
permissions, Samba maps the given permissions into a user/group/world
r/w/x triplet set, and then checks the changed permissions for a
file against the bits set in the
<smbconfoption><name>security mask</name></smbconfoption> parameter. Any bits that
<smbconfoption name="security mask"/> parameter. Any bits that
were changed that are not set to <quote>1</quote> in this parameter are left alone
in the file permissions.</para>
<para>Essentially, zero bits in the <smbconfoption><name>security mask</name></smbconfoption>
<para>Essentially, zero bits in the <smbconfoption name="security mask"/>
may be treated as a set of bits the user is <emphasis>not</emphasis>
allowed to change, and one bits are those the user is allowed to change.
</para>
<para>If not explicitly set, this parameter defaults to the same value as
the <smbconfoption><name>create mask</name></smbconfoption> parameter. To allow a user to modify all the
the <smbconfoption name="create mask"/> parameter. To allow a user to modify all the
user/group/world permissions on a file, set this parameter to 0777.
</para>
<para>Next Samba checks the changed permissions for a file against the bits set in the
<smbconfoption><name>force security mode</name></smbconfoption> parameter. Any bits
<smbconfoption name="force security mode"/> parameter. Any bits
that were changed that correspond to bits set to <quote>1</quote> in this parameter
are forced to be set.</para>
@ -1132,10 +1132,10 @@ Before using any of the following options, please refer to the man page for &smb
may be treated as a set of bits that, when modifying security on a file, the user has always set to be <quote>on</quote>.</para>
<para>If not explicitly set, this parameter defaults to the same value
as the <smbconfoption><name>force create mode</name></smbconfoption> parameter.
as the <smbconfoption name="force create mode"/> parameter.
To allow a user to modify all the user/group/world permissions on a file
with no restrictions set this parameter to 000. The
<smbconfoption><name>security mask</name></smbconfoption> and <parameter>force
<smbconfoption name="security mask"/> and <parameter>force
security mode</parameter> parameters are applied to the change
request in that order.</para>
@ -1146,11 +1146,11 @@ Before using any of the following options, please refer to the man page for &smb
</parameter> parameter instead of <parameter>force security mode
</parameter>.</para>
<para>The <smbconfoption><name>directory security mask</name></smbconfoption> parameter
<para>The <smbconfoption name="directory security mask"/> parameter
by default is set to the same value as the <parameter>directory mask
</parameter> parameter and the <parameter>force directory security
mode</parameter> parameter by default is set to the same value as
the <smbconfoption><name>force directory mode</name></smbconfoption> parameter.
the <smbconfoption name="force directory mode"/> parameter.
In this way Samba enforces the permission restrictions that
an administrator can set on a Samba share, while still allowing users
to modify the permission bits within that restriction.</para>
@ -1162,10 +1162,10 @@ Before using any of the following options, please refer to the man page for &smb
</para>
<smbconfblock>
<smbconfoption><name>security mask</name><value>0777</value></smbconfoption>
<smbconfoption><name>force security mode</name><value>0</value></smbconfoption>
<smbconfoption><name>directory security mask</name><value>0777</value></smbconfoption>
<smbconfoption><name>force directory security mode</name><value>0</value></smbconfoption>
<smbconfoption name="security mask">0777</smbconfoption>
<smbconfoption name="force security mode">0</smbconfoption>
<smbconfoption name="directory security mask">0777</smbconfoption>
<smbconfoption name="force directory security mode">0</smbconfoption>
</smbconfblock>
</sect2>
@ -1305,8 +1305,8 @@ drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
<para>
Now in your &smb.conf; for the share add:
<smbconfblock>
<smbconfoption><name>force create mode</name><value>0775</value></smbconfoption>
<smbconfoption><name>force directory mode</name><value>6775</value></smbconfoption>
<smbconfoption name="force create mode">0775</smbconfoption>
<smbconfoption name="force directory mode">6775</smbconfoption>
</smbconfblock>
</para>
@ -1319,8 +1319,8 @@ drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
<para>
An alternative is to set in the &smb.conf; entry for the share:
<smbconfblock>
<smbconfoption><name>force user</name><value>jack</value></smbconfoption>
<smbconfoption><name>force group</name><value>engr</value></smbconfoption>
<smbconfoption name="force user">jack</smbconfoption>
<smbconfoption name="force group">engr</smbconfoption>
</smbconfblock>
</para>
</step>
@ -1332,8 +1332,8 @@ drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
<title>File Operations Done as <emphasis>root</emphasis> with <emphasis>force user</emphasis> Set</title>
<para>
When you have a user in <smbconfoption><name>admin users</name></smbconfoption>, Samba will always do file operations for
this user as <emphasis>root</emphasis>, even if <smbconfoption><name>force user</name></smbconfoption> has been set.
When you have a user in <smbconfoption name="admin users"/>, Samba will always do file operations for
this user as <emphasis>root</emphasis>, even if <smbconfoption name="force user"/> has been set.
</para>
</sect2>
@ -1362,8 +1362,8 @@ drwsrwsr-x 2 jack engr 48 2003-02-04 09:55 foodbar
<para>
<smbconfblock>
<smbconfoption><name>force create mode</name><value>0660</value></smbconfoption>
<smbconfoption><name>force directory mode</name><value>0770</value></smbconfoption>
<smbconfoption name="force create mode">0660</smbconfoption>
<smbconfoption name="force directory mode">0770</smbconfoption>
</smbconfblock>
</para>

32
docs/Samba-HOWTO-Collection/BDC.xml
View File

@ -253,10 +253,10 @@ Refer to <link linkend="minimalPDC">following configuration</link> for an exampl
<para><smbconfexample id="minimalPDC">
<title>Minimal smb.conf for a PDC in Use With a BDC &smbmdash; LDAP Server on PDC.</title>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam://localhost:389</value></smbconfoption>
<smbconfoption><name>domain master</name><value>yes</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>yes</value></smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
<smbconfoption name="passdb backend">ldapsam://localhost:389</smbconfoption>
<smbconfoption name="domain master">yes</smbconfoption>
<smbconfoption name="domain logons">yes</smbconfoption>
</smbconfexample></para>
<para>
@ -310,7 +310,7 @@ unable to avoid such configurations, and these sites should review the
sleep</name></smbconfoption> parameter, intended to slow down Samba sufficiently
for the replication to catch up. This is a kludge, and one that the
administrator must manually duplicate in any scripts (such as the
<smbconfoption><name>add machine script</name></smbconfoption>) that
<smbconfoption name="add machine script"/>) that
they use.
</para>
@ -346,7 +346,7 @@ the secondary LDAP server in the &smb.conf; file as shown in <link linkend="muli
<smbconfexample id="mulitldapcfg">
<title>Multiple LDAP Servers in &smb.conf;</title>
<member>...</member>
<smbconfoption><name>passdb backend</name><value> </value></smbconfoption>
<smbconfoption name="passdb backend"> </smbconfoption>
<member><parameter>ldapsam:"ldap://master.quenya.org ldap://slave.quenya.org"</parameter></member>
<member>...</member>
</smbconfexample>
@ -460,14 +460,14 @@ The creation of a BDC requires some steps to prepare the Samba server before
</listitem>
<listitem><para>
Specification of the <smbconfoption><name>ldap admin dn</name></smbconfoption> is obligatory.
Specification of the <smbconfoption name="ldap admin dn"/> is obligatory.
This also requires the LDAP administration password to be set in the <filename>secrets.tdb</filename>
using the <command>smbpasswd -w <replaceable>mysecret</replaceable></command>.
</para></listitem>
<listitem><para>
Either <smbconfoption><name>ldap suffix</name></smbconfoption> or
<smbconfoption><name>ldap idmap suffix</name></smbconfoption> must be specified in
Either <smbconfoption name="ldap suffix"/> or
<smbconfoption name="ldap idmap suffix"/> must be specified in
the &smb.conf; file.
</para></listitem>
@ -512,11 +512,11 @@ done by setting Samba as shown in <link linkend="minim-bdc">the next example</li
<para><smbconfexample id="minim-bdc">
<title>Minimal setup for being a BDC</title>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://slave-ldap.quenya.org</value></smbconfoption>
<smbconfoption><name>domain master</name><value>no</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>yes</value></smbconfoption>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://slave-ldap.quenya.org</value></smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://slave-ldap.quenya.org</smbconfoption>
<smbconfoption name="domain master">no</smbconfoption>
<smbconfoption name="domain logons">yes</smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://slave-ldap.quenya.org</smbconfoption>
</smbconfexample></para>
<para>
@ -524,7 +524,7 @@ In the <smbconfsection>[global]</smbconfsection>-section of the &smb.conf; of th
only register the name MIDEARTH&lt;#1c&gt; with the WINS server. This is no
problem as the name MIDEARTH&lt;#1c&gt; is a NetBIOS group name that is meant to
be registered by more than one machine. The parameter
<smbconfoption><name>domain master</name><value>no</value></smbconfoption>
<smbconfoption name="domain master">no</smbconfoption>
forces the BDC not to register <?latex \linebreak ?>MIDEARTH&lt;#1b&gt; which as a unique NetBIOS
name is reserved for the Primary Domain Controller.
</para>
@ -547,7 +547,7 @@ regarding its behavior.
</para></note>
<para>
The use of the <smbconfoption><name>idmap backend</name><value>ldap:ldap://master.quenya.org</value></smbconfoption>
The use of the <smbconfoption name="idmap backend">ldap:ldap://master.quenya.org</smbconfoption>
option on a BDC only make sense where ldapsam is used on a PDC. The purpose for an LDAP based idmap backend is
also to allow a domain-member (without its own passdb backend) to use winbindd to resolve Windows network users
and groups to common UID/GIDs. In other words, this option is generally intended for use on BDCs and on Domain

22
docs/Samba-HOWTO-Collection/Bugs.xml
View File

@ -80,36 +80,36 @@ detail, but may use too much disk space.
</para>
<para>
To set the debug level, use the <smbconfoption><name>log level</name></smbconfoption> in your
To set the debug level, use the <smbconfoption name="log level"/> in your
&smb.conf;. You may also find it useful to set the log
level higher for just one machine and keep separate logs for each machine.
To do this, add the following lines to your main &smb.conf; file:
</para>
<para><smbconfblock>
<smbconfoption><name>log level</name><value>10</value></smbconfoption>
<smbconfoption><name>log file</name><value>/usr/local/samba/lib/log.%m</value></smbconfoption>
<smbconfoption><name>include</name><value>/usr/local/samba/lib/smb.conf.%m</value></smbconfoption>
<smbconfoption name="log level">10</smbconfoption>
<smbconfoption name="log file">/usr/local/samba/lib/log.%m</smbconfoption>
<smbconfoption name="include">/usr/local/samba/lib/smb.conf.%m</smbconfoption>
</smbconfblock></para>
<para>
and create a file <filename>/usr/local/samba/lib/smb.conf.<replaceable>machine</replaceable></filename> where
<replaceable>machine</replaceable> is the name of the client you wish to debug. In that file
put any &smb.conf; commands you want, for example
<smbconfoption><name>log level</name></smbconfoption> may be useful. This also allows you to
<smbconfoption name="log level"/> may be useful. This also allows you to
experiment with different security systems, protocol levels and so on, on just
one machine.
</para>
<para>
The &smb.conf; entry <smbconfoption><name>log level</name></smbconfoption>
is synonymous with the parameter <smbconfoption><name>debuglevel</name></smbconfoption> that has
The &smb.conf; entry <smbconfoption name="log level"/>
is synonymous with the parameter <smbconfoption name="debuglevel"/> that has
been used in older versions of Samba and is being retained for backward
compatibility of &smb.conf; files.
</para>
<para>
As the <smbconfoption><name>log level</name></smbconfoption> value is increased, you will record
As the <smbconfoption name="log level"/> value is increased, you will record
a significantly greater level of debugging information. For most
debugging operations, you may not need a setting higher than
<constant>3</constant>. Nearly
@ -128,9 +128,9 @@ prepared for a large volume of log data.
<para>
<smbconfblock>
<smbconfoption><name>log level</name><value>0 tdb:3 passdb:5 auth:4 vfs:2</value></smbconfoption>
<smbconfoption><name>max log size</name><value>0</value></smbconfoption>
<smbconfoption><name>log file</name><value>/var/log/samba/%U.%m.log</value></smbconfoption>
<smbconfoption name="log level">0 tdb:3 passdb:5 auth:4 vfs:2</smbconfoption>
<smbconfoption name="max log size">0</smbconfoption>
<smbconfoption name="log file">/var/log/samba/%U.%m.log</smbconfoption>
</smbconfblock>
</para>

184
docs/Samba-HOWTO-Collection/CUPS-printing.xml
View File

@ -91,8 +91,8 @@
<para>
Printing with CUPS in the most basic &smb.conf; setup in Samba-3.0 (as was true for 2.2.x) only needs two
settings: <smbconfoption><name>printing</name><value>cups</value></smbconfoption> and
<smbconfoption><name>printcap</name><value>cups</value></smbconfoption>. CUPS does not need a printcap file.
settings: <smbconfoption name="printing">cups</smbconfoption> and
<smbconfoption name="printcap">cups</smbconfoption>. CUPS does not need a printcap file.
However, the <filename>cupsd.conf</filename> configuration file knows of two related directives that control
how such a file will be automatically created and maintained by CUPS for the convenience of third-party
applications (example: <parameter>Printcap /etc/printcap</parameter> and <parameter>PrintcapFormat BSD</parameter>).
@ -114,7 +114,7 @@
</para>
<para>
When Samba is compiled against <filename>libcups</filename>, <smbconfoption><name>printcap</name><value>cups</value></smbconfoption>
When Samba is compiled against <filename>libcups</filename>, <smbconfoption name="printcap">cups</smbconfoption>
uses the CUPS API to list printers, submit jobs, query queues, and so on. Otherwise it maps to the System V
commands with an additional <command>-oraw</command> option for printing. On a Linux
system, you can use the <command>ldd</command> utility to find out details (ldd may not be present on
@ -137,16 +137,16 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
</para>
<tip><para> Should it be necessary, for any reason, to set your own print commands, you can do this by setting
<smbconfoption><name>printing</name><value>sysv</value></smbconfoption>. However, you will lose all the benefits
<smbconfoption name="printing">sysv</smbconfoption>. However, you will lose all the benefits
of tight CUPS/Samba integration. When you do this you must manually configure the printing system commands
(most important:
<smbconfoption><name>print command</name></smbconfoption>; other commands are
<smbconfoption><name>lppause command</name></smbconfoption>,
<smbconfoption><name>lpresume command</name></smbconfoption>,
<smbconfoption><name>lpq command</name></smbconfoption>,
<smbconfoption><name>lprm command</name></smbconfoption>,
<smbconfoption><name>queuepause command</name></smbconfoption> and
<smbconfoption><name>queue resume command</name></smbconfoption>).</para></tip>
<smbconfoption name="print command"/>; other commands are
<smbconfoption name="lppause command"/>,
<smbconfoption name="lpresume command"/>,
<smbconfoption name="lpq command"/>,
<smbconfoption name="lprm command"/>,
<smbconfoption name="queuepause command"/> and
<smbconfoption name="queue resume command"/>).</para></tip>
</sect2>
<sect2>
@ -159,19 +159,19 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<para><smbconfexample id="cups-exam-simple">
<title>Simplest printing-related smb.conf</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>load printers</name><value>yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption name="load printers">yes</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>browseable</name><value>no</value></smbconfoption>
<smbconfoption><name>public</name><value>yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption><name>writable</name><value>no</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, @ntadmins</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="browseable">no</smbconfoption>
<smbconfoption name="public">yes</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">root, @ntadmins</smbconfoption>
</smbconfexample></para>
@ -206,45 +206,45 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<para><smbconfexample id="overridesettings">
<title>Overriding global CUPS settings for one printer</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>load printers</name><value>yes</value></smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="load printers">yes</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>public</name><value>yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption><name>writable</name><value>no</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, @ntadmins</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="public">yes</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">root, @ntadmins</smbconfoption>
<smbconfsection>[special_printer]</smbconfsection>
<smbconfoption><name>comment</name><value>A special printer with his own settings</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba-special</value></smbconfoption>
<smbconfoption><name>printing</name><value>sysv</value></smbconfoption>
<smbconfoption><name>printcap</name><value>lpstat</value></smbconfoption>
<smbconfoption><name>print command</name><value>echo "NEW: `date`: printfile %f" \</value></smbconfoption>
<smbconfoption name="comment">A special printer with his own settings</smbconfoption>
<smbconfoption name="path">/var/spool/samba-special</smbconfoption>
<smbconfoption name="printing">sysv</smbconfoption>
<smbconfoption name="printcap">lpstat</smbconfoption>
<smbconfoption name="print command">echo "NEW: `date`: printfile %f" \</smbconfoption>
<member><parameter> >> /tmp/smbprn.log ; \</parameter></member>
<member><parameter>echo " `date`: p-%p s-%s f-%f" >> /tmp/smbprn.log ; \</parameter></member>
<member><parameter>echo " `date`: j-%j J-%J z-%z c-%c" >> /tmp/smbprn.log ; rm %f</parameter></member>
<smbconfoption><name>public</name><value>no</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>no</value></smbconfoption>
<smbconfoption><name>writable</name><value>no</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>kurt</value></smbconfoption>
<smbconfoption><name>hosts deny</name><value>0.0.0.0</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>turbo_xp, 10.160.50.23, 10.160.51.60</value></smbconfoption>
<smbconfoption name="public">no</smbconfoption>
<smbconfoption name="guest ok">no</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">kurt</smbconfoption>
<smbconfoption name="hosts deny">0.0.0.0</smbconfoption>
<smbconfoption name="hosts allow">turbo_xp, 10.160.50.23, 10.160.51.60</smbconfoption>
</smbconfexample></para>
<para>
This special share is only there for testing purposes. It does not write the print job to a file. It just logs the job parameters
known to Samba into the <filename>/tmp/smbprn.log</filename> file and deletes the job-file. Moreover, the
<smbconfoption><name>printer admin</name></smbconfoption> of this share is <quote>kurt</quote> (not the <quote>@ntadmins</quote> group),
<smbconfoption name="printer admin"/> of this share is <quote>kurt</quote> (not the <quote>@ntadmins</quote> group),
guest access is not allowed, the share isn't published to the Network Neighborhood (so you need to know it is there), and it only
allows access from only three hosts. To prevent CUPS kicking in and taking over the print jobs for that share, we need to set
<smbconfoption><name>printing</name><value>sysv</value></smbconfoption> and
<smbconfoption><name>printcap</name><value>lpstat</value></smbconfoption>.
<smbconfoption name="printing">sysv</smbconfoption> and
<smbconfoption name="printcap">lpstat</smbconfoption>.
</para>
</sect2>
</sect1>
@ -337,10 +337,10 @@ libcups.so.2 =&gt; /usr/lib/libcups.so.2 (0x40123000)
<step><para>
In the &smb.conf; file <constant>[printers]</constant> section add
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>,
<smbconfoption name="use client driver">Yes</smbconfoption>,
and in the <constant>[global]</constant> section add
<smbconfoption><name>printing</name><value>CUPS</value></smbconfoption>, plus
<smbconfoption><name>printcap</name><value>CUPS</value></smbconfoption>.
<smbconfoption name="printing">CUPS</smbconfoption>, plus
<smbconfoption name="printcap">CUPS</smbconfoption>.
</para></step>
<step><para>
@ -2140,13 +2140,13 @@ section:
</para>
<smbconfblock>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printcap</name><value>cups</value></smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printcap">cups</smbconfoption>
</smbconfblock>
<para>
When these parameters are specified, all manually set print directives
(like <smbconfoption><name>print command</name></smbconfoption>, or <smbconfoption><name>lppause command</name></smbconfoption>) in &smb.conf; (as well as
(like <smbconfoption name="print command"/>, or <smbconfoption name="lppause command"/>) in &smb.conf; (as well as
in Samba itself) will be ignored. Instead, Samba will directly
interface with CUPS through its application program interface (API),
as long as Samba has been compiled with CUPS library (libcups)
@ -2155,7 +2155,7 @@ other print commands are set up, then printing will use the
<emphasis>System V</emphasis> AT&amp;T command set, with the -oraw
option automatically passing through (if you want your own defined
print commands to work with a Samba that has CUPS support compiled in,
simply use <smbconfoption><name>printing</name><value>sysv</value></smbconfoption>).
simply use <smbconfoption name="printing">sysv</smbconfoption>).
</para>
<para>
@ -2170,7 +2170,7 @@ simply use <smbconfoption><name>printing</name><value>sysv</value></smbconfoptio
<para>
Samba <emphasis>must</emphasis> use its own spool directory (it is set
by a line similar to <smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>,
by a line similar to <smbconfoption name="path">/var/spool/samba</smbconfoption>,
in the <smbconfsection>[printers]</smbconfsection> or
<smbconfsection>[printername]</smbconfsection> section of
&smb.conf;). Samba receives the job in its own
@ -2454,27 +2454,27 @@ Prior to running <command>cupsaddsmb</command>, you need the settings in
<para><smbconfexample id="cupsadd-ex">
<title>smb.conf for cupsaddsmb usage</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>load printers</name><value>yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption name="load printers">yes</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>browseable</name><value>no</value></smbconfoption>
<smbconfoption><name>public</name><value>yes</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="browseable">no</smbconfoption>
<smbconfoption name="public">yes</smbconfoption>
<smbconfcomment>setting depends on your requirements</smbconfcomment>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption><name>writable</name><value>no</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root</value></smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers</value></smbconfoption>
<smbconfoption><name>path</name><value>/etc/samba/drivers</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>no</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption><name>write list</name><value>root</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers</smbconfoption>
<smbconfoption name="path">/etc/samba/drivers</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
<smbconfoption name="guest ok">no</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="write list">root</smbconfoption>
</smbconfexample></para>
</sect2>
@ -2834,7 +2834,7 @@ associated with this printer is copied from
Windows client installations via Point'n'Print. Before we can run the
command successfully, we need to be sure that we can authenticate
toward Samba. If you have a small network, you are probably using user-level
security (<smbconfoption><name>security</name><value>user</value></smbconfoption>).
security (<smbconfoption name="security">user</smbconfoption>).
</para>
<para>
@ -3037,7 +3037,7 @@ If you get:
SetPrinter call failed!
result was WERR_ACCESS_DENIED
</screen>
It means that you might have set <smbconfoption><name>use client driver</name><value>yes</value></smbconfoption> for this printer.
It means that you might have set <smbconfoption name="use client driver">yes</smbconfoption> for this printer.
Set it to <quote>no</quote> will solve the problem. Refer to man samba(5) for explanantion on
<parameter>use client driver</parameter>.
</para>
@ -3418,7 +3418,7 @@ preconditions to complete successfully:
</para>
<itemizedlist>
<listitem><para>You are connected as <smbconfoption><name>printer admin</name></smbconfoption> or root (this is <emphasis>not</emphasis> the <quote>Printer Operators</quote> group in
<listitem><para>You are connected as <smbconfoption name="printer admin"/> or root (this is <emphasis>not</emphasis> the <quote>Printer Operators</quote> group in
NT, but the <emphasis>printer admin</emphasis> group as defined in
the <smbconfsection>[global]</smbconfsection> section of
&smb.conf;).</para></listitem>
@ -4903,7 +4903,7 @@ requested by marketing for the mailing, and so on).
<para>
Samba print files pass through two spool directories. One is the
incoming directory managed by Samba, (set in the
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
directive in the <smbconfsection>[printers]</smbconfsection> section of
&smb.conf;). The other is the spool directory of
your UNIX print subsystem. For CUPS it is normally
@ -4968,19 +4968,19 @@ things:
on Linux by running <userinput>ldd `which smbd'</userinput>).</para></listitem>
<listitem><para>A Samba-&smb.conf; setting of
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>.</para></listitem>
<smbconfoption name="printing">cups</smbconfoption>.</para></listitem>
<listitem><para>Another Samba-&smb.conf; setting of
<smbconfoption><name>printcap</name><value>cups</value></smbconfoption>.</para></listitem>
<smbconfoption name="printcap">cups</smbconfoption>.</para></listitem>
</itemizedlist>
<note><para>
In this case, all other manually set printing-related commands (like
<smbconfoption><name>print command</name></smbconfoption>,
<smbconfoption><name>lpq command</name></smbconfoption>,
<smbconfoption><name>lprm command</name></smbconfoption>,
<smbconfoption><name>lppause command</name></smbconfoption> or
<smbconfoption><name>lpresume command</name></smbconfoption>) are ignored and they should normally have no
<smbconfoption name="print command"/>,
<smbconfoption name="lpq command"/>,
<smbconfoption name="lprm command"/>,
<smbconfoption name="lppause command"/> or
<smbconfoption name="lpresume command"/>) are ignored and they should normally have no
influence whatsoever on your printing.
</para></note>
</sect2>
@ -4989,9 +4989,9 @@ influence whatsoever on your printing.
<title>Manual Configuration</title>
<para>
If you want to do things manually, replace the <smbconfoption><name>printing</name><value>cups</value></smbconfoption>
by <smbconfoption><name>printing</name><value>bsd</value></smbconfoption>. Then your manually set commands may work
(I haven't tested this), and a <smbconfoption><name>print command</name><value>lp -d %P %s; rm %s"</value></smbconfoption>
If you want to do things manually, replace the <smbconfoption name="printing">cups</smbconfoption>
by <smbconfoption name="printing">bsd</smbconfoption>. Then your manually set commands may work
(I haven't tested this), and a <smbconfoption name="print command">lp -d %P %s; rm %s"</smbconfoption>
may do what you need.
</para>
</sect2>
@ -5130,7 +5130,7 @@ Samba.</para>
<sect2 id="root-ask-loop">
<title><quote>cupsaddsmb</quote> Keeps Asking for Root Password in Never-ending Loop</title>
<para>Have you <smbconfoption><name>security</name><value>user</value></smbconfoption>? Have
<para>Have you <smbconfoption name="security">user</smbconfoption>? Have
you used <command>smbpasswd</command> to give root a Samba account?
You can do two things: open another terminal and execute
<command>smbpasswd -a root</command> to create the account and
@ -5189,7 +5189,7 @@ Samba.</para>
<para>Once you are connected as the wrong user (for
example, as <constant>nobody</constant>, which often occurs if you have
<smbconfoption><name>map to guest</name><value>bad user</value></smbconfoption>), Windows Explorer will not accept an
<smbconfoption name="map to guest">bad user</smbconfoption>), Windows Explorer will not accept an
attempt to connect again as a different user. There will not be any byte
transfered on the wire to Samba, but still you'll see a stupid error
message that makes you think Samba has denied access. Use
@ -5215,9 +5215,9 @@ printer in question and select
<para>You see per <command>smbstatus</command> that you are
connected as user nobody; while you want to be root or
printer admin. This is probably due to
<smbconfoption><name>map to guest</name><value>bad user</value></smbconfoption>, which silently connects you under the guest account
<smbconfoption name="map to guest">bad user</smbconfoption>, which silently connects you under the guest account
when you gave (maybe by accident) an incorrect username. Remove
<smbconfoption><name>map to guest</name></smbconfoption>, if you want to prevent
<smbconfoption name="map to guest"/>, if you want to prevent
this.</para></sect2>
<sect2>
@ -5368,7 +5368,7 @@ Do you see any difference? I don't either. However, only the last
one, which you arrived at with steps <quote>C.1.-6.</quote>, will save any settings
permanently and be the defaults for new users. If you want all clients
to get the same defaults, you need to conduct these steps <emphasis>as
Administrator</emphasis> (<smbconfoption><name>printer admin</name></smbconfoption> in
Administrator</emphasis> (<smbconfoption name="printer admin"/> in
&smb.conf;) <emphasis>before</emphasis> a client
downloads the driver (the clients can later set their own
<emphasis>per-user defaults</emphasis> by following the
@ -5407,7 +5407,7 @@ again.</para></sect2>
<para>Have you ever by accident set the CUPS spool directory to
the same location? (<parameter>RequestRoot /var/spool/samba/</parameter> in <filename>cupsd.conf</filename> or
the other way round: <filename>/var/spool/cups/</filename> is set as
<smbconfoption><name>path</name></smbconfoption>> in the <smbconfsection>[printers]</smbconfsection>
<smbconfoption name="path"/>> in the <smbconfsection>[printers]</smbconfsection>
section). These <parameter>must</parameter> be different. Set
<!--FIXME-->
<parameter>RequestRoot /var/spool/cups/</parameter> in

2
docs/Samba-HOWTO-Collection/Compiling.xml
View File

@ -439,7 +439,7 @@ example of what you would not want to see would be:
<note><para>
<indexterm><primary>ifconfig</primary></indexterm>
On many systems you may need to use the
<smbconfoption><name>interfaces</name></smbconfoption> option in &smb.conf; to specify the IP
<smbconfoption name="interfaces"/> option in &smb.conf; to specify the IP
address and netmask of your interfaces. Run
<application>ifconfig</application>
as root if you do not know what the broadcast is for your

40
docs/Samba-HOWTO-Collection/Diagnosis.xml
View File

@ -58,9 +58,9 @@ lines shown in <link linkend="tmpshare">the next example</link>.
<para><smbconfexample id="tmpshare">
<title>smb.conf with [tmp] share</title>
<smbconfsection>[tmp]</smbconfsection>
<smbconfoption><name>comment</name><value>temporary files </value></smbconfoption>
<smbconfoption><name>path</name><value>/tmp</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption name="comment">temporary files </smbconfoption>
<smbconfoption name="path">/tmp</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
</smbconfexample>
</para>
@ -244,10 +244,10 @@ the &smb.conf; file entries as shown in <link linkend="modif1">the next example<
<title>Configuration for only allowing connections from a certain subnet</title>
<smbconfsection>[globals]</smbconfsection>
<member>...</member>
<smbconfoption><name>hosts deny</name><value>ALL</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>xxx.xxx.xxx.xxx/yy</value></smbconfoption>
<smbconfoption><name>interfaces</name><value>eth0</value></smbconfoption>
<smbconfoption><name>bind interfaces only</name><value>Yes</value></smbconfoption>
<smbconfoption name="hosts deny">ALL</smbconfoption>
<smbconfoption name="hosts allow">xxx.xxx.xxx.xxx/yy</smbconfoption>
<smbconfoption name="interfaces">eth0</smbconfoption>
<smbconfoption name="bind interfaces only">Yes</smbconfoption>
<member>...</member>
</smbconfexample>
</para>
@ -263,9 +263,9 @@ To solve this problem, change these lines as shown in <link linkend="modif2">the
<title>Configuration for allowing connections from a certain subnet and localhost</title>
<smbconfsection>[globals]</smbconfsection>
<member>...</member>
<smbconfoption><name>hosts deny</name><value>ALL</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>xxx.xxx.xxx.xxx/yy 127.</value></smbconfoption>
<smbconfoption><name>interfaces</name><value>eth0 lo</value></smbconfoption>
<smbconfoption name="hosts deny">ALL</smbconfoption>
<smbconfoption name="hosts allow">xxx.xxx.xxx.xxx/yy 127.</smbconfoption>
<smbconfoption name="interfaces">eth0 lo</smbconfoption>
<member>...</member>
</smbconfexample>
</para>
@ -347,7 +347,7 @@ messages from several hosts.
If this does not give a similar result to the previous test, then
nmblookup isn't correctly getting your broadcast address through its
automatic mechanism. In this case you should experiment with the
<smbconfoption><name>interfaces</name></smbconfoption> option in &smb.conf; to manually configure your IP
<smbconfoption name="interfaces"/> option in &smb.conf; to manually configure your IP
address, broadcast and netmask.
</para>
@ -400,19 +400,19 @@ If it says <quote><errorname>bad password</errorname></quote>, then the likely c
<listitem>
<para>
Your <smbconfoption><name>valid users</name></smbconfoption> configuration is incorrect.
Your <smbconfoption name="valid users"/> configuration is incorrect.
</para>
</listitem>
<listitem>
<para>
You have a mixed case password and you haven't enabled the <smbconfoption><name>password level</name></smbconfoption> option at a high enough level.
You have a mixed case password and you haven't enabled the <smbconfoption name="password level"/> option at a high enough level.
</para>
</listitem>
<listitem>
<para>
The <smbconfoption><name>path</name></smbconfoption> line in &smb.conf; is incorrect. Check it with &testparm;.
The <smbconfoption name="path"/> line in &smb.conf; is incorrect. Check it with &testparm;.
</para>
</listitem>
@ -502,7 +502,7 @@ and other config lines in &smb.conf; are correct.
<para>
It's also possible that the server can't work out what user name to connect you as.
To see if this is the problem, add the line
<smbconfoption><name>user</name><value>username</value></smbconfoption> to the
<smbconfoption name="user">username</smbconfoption> to the
<smbconfsection>[tmp]</smbconfsection> section of
&smb.conf; where <parameter>username</parameter> is the
username corresponding to the password you typed. If you find this
@ -511,7 +511,7 @@ fixes things, you may need the username mapping option.
<para>
It might also be the case that your client only sends encrypted passwords
and you have <smbconfoption><name>encrypt passwords</name><value>no</value></smbconfoption> in &smb.conf;.
and you have <smbconfoption name="encrypt passwords">no</smbconfoption> in &smb.conf;.
Change this to "yes" to fix this.
</para>
@ -530,7 +530,7 @@ master browser for that workgroup.
If you do not, then the election process has failed. Wait a minute to
see if it is just being slow, then try again. If it still fails after
that, then look at the browsing options you have set in &smb.conf;. Make
sure you have <smbconfoption><name>preferred master</name><value>yes</value></smbconfoption> to ensure that
sure you have <smbconfoption name="preferred master">yes</smbconfoption> to ensure that
an election is held at startup.
</para>
@ -546,9 +546,9 @@ of the server and get a list of shares. If you get the error message <quote>inva
you are probably running Windows NT and it
is refusing to browse a server that has no encrypted password
capability and is in User Level Security mode. In this case, either set
<smbconfoption><name>security</name><value>server</value></smbconfoption> and
<smbconfoption><name>password server</name><value>Windows_NT_Machine</value></smbconfoption> in your
&smb.conf; file, or make sure <smbconfoption><name>encrypt passwords</name></smbconfoption> is
<smbconfoption name="security">server</smbconfoption> and
<smbconfoption name="password server">Windows_NT_Machine</smbconfoption> in your
&smb.conf; file, or make sure <smbconfoption name="encrypt passwords"/> is
set to <quote>yes</quote>.
</para>

56
docs/Samba-HOWTO-Collection/DomainMember.xml
View File

@ -122,7 +122,7 @@ as follows:
<itemizedlist>
<listitem><para>
A Domain Security Account (stored in the
<smbconfoption><name>passdb backend</name></smbconfoption> that has been configured in the
<smbconfoption name="passdb backend"/> that has been configured in the
&smb.conf; file. The precise nature of the account information that is
stored depends on the type of backend database that has been chosen.
</para>
@ -276,7 +276,7 @@ information to such clients. You have been warned!
<title>Managing Domain Machine Accounts using NT4 Server Manager</title>
<para>
A working <smbconfoption><name>add machine script</name></smbconfoption> is essential
A working <smbconfoption name="add machine script"/> is essential
for machine trust accounts to be automatically created. This applies no matter whether
one uses automatic account creation, or if one wishes to use the NT4 Domain Server Manager.
</para>
@ -370,7 +370,7 @@ Here is an example for a Red Hat Linux system.
<para><smbconfblock>
<smbconfsection>[global]</smbconfsection>
<smbconfcomment>&lt;...remainder of parameters...&gt;</smbconfcomment>
<smbconfoption><name>add machine script</name><value>/usr/sbin/useradd -d /var/lib/nobody -g 100 \</value></smbconfoption>
<smbconfoption name="add machine script">/usr/sbin/useradd -d /var/lib/nobody -g 100 \</smbconfoption>
<member><parameter> -s /bin/false -M %u</parameter></member>
</smbconfblock></para>
@ -405,7 +405,7 @@ with the version of Windows.
The name of the account that is used to create Domain Member machine accounts can be
anything the network administrator may choose. If it is other than <constant>root</constant>
then this is easily mapped to <constant>root</constant> in the file named in the &smb.conf; parameter
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>.
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>.
</para>
<para>
@ -511,24 +511,24 @@ First, you must edit your &smb.conf; file to tell Samba it should now use domain
<para>
Change (or add) your
<smbconfoption><name>security</name></smbconfoption> line in the [global] section
<smbconfoption name="security"/> line in the [global] section
of your &smb.conf; to read:
</para>
<para>
<smbconfblock>
<smbconfoption><name>security</name><value>domain</value></smbconfoption>
<smbconfoption name="security">domain</smbconfoption>
</smbconfblock>
</para>
<para>
Next change the <smbconfoption><name>workgroup</name></smbconfoption> line in the <smbconfsection>[global]</smbconfsection>
Next change the <smbconfoption name="workgroup"/> line in the <smbconfsection>[global]</smbconfsection>
section to read:
</para>
<para>
<smbconfblock>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
</smbconfblock>
</para>
@ -537,20 +537,20 @@ This is the name of the domain we are joining.
</para>
<para>
You must also have the parameter <smbconfoption><name>encrypt passwords</name></smbconfoption>
You must also have the parameter <smbconfoption name="encrypt passwords"/>
set to <constant>yes</constant> in order for your users to authenticate to the NT PDC.
This is the default setting if this parameter is not specified. There is no need to specify this
parameter, but if it is specified in the &smb.conf; file, it must be set to <constant>Yes</constant>.
</para>
<para>
Finally, add (or modify) a <smbconfoption><name>password server</name></smbconfoption> line in the [global]
Finally, add (or modify) a <smbconfoption name="password server"/> line in the [global]
section to read:
</para>
<para>
<smbconfblock>
<smbconfoption><name>password server</name><value>DOMPDC DOMBDC1 DOMBDC2</value></smbconfoption>
<smbconfoption name="password server">DOMPDC DOMBDC1 DOMBDC2</smbconfoption>
</smbconfblock>
</para>
@ -570,7 +570,7 @@ set this line to be:
<para>
<smbconfblock>
<smbconfoption><name>password server</name><value>*</value></smbconfoption>
<smbconfoption name="password server">*</smbconfoption>
</smbconfblock>
</para>
@ -661,7 +661,7 @@ to your server. This means that if Domain user <constant>DOM\fred
</constant> attaches to your Domain Security Samba server, there needs
to be a local UNIX user fred to represent that user in the UNIX
file system. This is similar to the older Samba security mode
<smbconfoption><name>security</name><value>server</value></smbconfoption>,
<smbconfoption name="security">server</smbconfoption>,
where Samba would pass through the authentication request to a Windows
NT server in the same way as a Windows 95 or Windows 98 server would.
</para>
@ -682,11 +682,11 @@ domain PDC to an account domain PDC).
</para>
<para>
In addition, with <smbconfoption><name>security</name><value>server</value></smbconfoption>, every Samba
In addition, with <smbconfoption name="security">server</smbconfoption>, every Samba
daemon on a server has to keep a connection open to the
authenticating server for as long as that daemon lasts. This can drain
the connection resources on a Microsoft NT server and cause it to run
out of available connections. With <smbconfoption><name>security</name><value>domain</value></smbconfoption>,
out of available connections. With <smbconfoption name="security">domain</smbconfoption>,
however, the Samba daemons connect to the PDC/BDC only for as long
as is necessary to authenticate the user and then drop the connection,
thus conserving PDC connection resources.
@ -731,24 +731,24 @@ You must use at least the following three options in &smb.conf;:
</para>
<para><smbconfblock>
<smbconfoption><name>realm</name><value>your.kerberos.REALM</value></smbconfoption>
<smbconfoption><name>security</name><value>ADS</value></smbconfoption>
<smbconfoption name="realm">your.kerberos.REALM</smbconfoption>
<smbconfoption name="security">ADS</smbconfoption>
<smbconfcomment>The following parameter need only be specified if present.</smbconfcomment>
<smbconfcomment>The default setting is not present is Yes.</smbconfcomment>
<smbconfoption><name>encrypt passwords</name><value>yes</value></smbconfoption>
<smbconfoption name="encrypt passwords">yes</smbconfoption>
</smbconfblock></para>
<para>
In case samba cannot correctly identify the appropriate ADS server using the realm name, use the
<smbconfoption><name>password server</name></smbconfoption> option in &smb.conf;:
<smbconfoption name="password server"/> option in &smb.conf;:
<smbconfblock>
<smbconfoption><name>password server</name><value>your.kerberos.server</value></smbconfoption>
<smbconfoption name="password server">your.kerberos.server</smbconfoption>
</smbconfblock>
</para>
<note><para>
You do <emphasis>not</emphasis> need a smbpasswd file, and older clients will be authenticated as
if <smbconfoption><name>security</name><value>domain</value></smbconfoption>, although it will not do any harm and
if <smbconfoption name="security">domain</smbconfoption>, although it will not do any harm and
allows you to have local users not in the domain.
</para></note>
@ -997,14 +997,14 @@ This may be needed in particular when sharing files over both CIFS and NFS.
<para>To use the <emphasis>LDAP</emphasis> <parameter>ldap idmap suffix</parameter>, set:</para>
<smbconfblock>
<smbconfoption><name>ldap idmap suffix</name><value>ou=Idmap,dc=quenya,dc=org</value></smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=Idmap,dc=quenya,dc=org</smbconfoption>
</smbconfblock>
<para>See the &smb.conf; man page entry for the <smbconfoption><name>ldap idmap suffix</name><value></value></smbconfoption>
<para>See the &smb.conf; man page entry for the <smbconfoption name="ldap idmap suffix"></smbconfoption>
parameter for further information.</para>
<para>
Do not forget to specify also the <smbconfoption><name>ldap admin dn</name></smbconfoption>
Do not forget to specify also the <smbconfoption name="ldap admin dn"/>
and to make certain to set the LDAP administrative password into the <filename>secrets.tdb</filename> using:
<screen>
&rootprompt; smbpasswd -w ldap-admin-password
@ -1053,9 +1053,9 @@ Please try again later.'</errorname> Why?</quote>
</para>
<para>
You should check that there is an <smbconfoption><name>add machine script</name></smbconfoption> in your &smb.conf;
You should check that there is an <smbconfoption name="add machine script"/> in your &smb.conf;
file. If there is not, please add one that is appropriate for your OS platform. If a script
has been defined, you will need to debug its operation. Increase the <smbconfoption><name>log level</name><value></value></smbconfoption>
has been defined, you will need to debug its operation. Increase the <smbconfoption name="log level"></smbconfoption>
in the &smb.conf; file to level 10, then try to rejoin the domain. Check the logs to see which
operation is failing.
</para>
@ -1088,7 +1088,7 @@ Possible causes include:
</itemizedlist>
<para>
The <smbconfoption><name>add machine script</name></smbconfoption> does not create the
The <smbconfoption name="add machine script"/> does not create the
machine account in the Samba backend database, it is there only to create a UNIX system
account to which the Samba backend database account can be mapped.
</para>
@ -1099,7 +1099,7 @@ account to which the Samba backend database account can be mapped.
<title>I Can't Join a Windows 2003 PDC</title>
<para>Windows 2003 requires SMB signing. Client side SMB signing has been implemented in Samba-3.0.
Set <smbconfoption><name>client use spnego</name><value>yes</value></smbconfoption> when communicating
Set <smbconfoption name="client use spnego">yes</smbconfoption> when communicating
with a Windows 2003 server.</para>
</sect2>

372
docs/Samba-HOWTO-Collection/FastStart.xml
View File

@ -124,15 +124,15 @@ of the packages that are provided by the operating system vendor, or through oth
<title>Anonymous Read-Only Server Configuration</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>HOBBIT</value></smbconfoption>
<smbconfoption><name>security</name><value>share</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">HOBBIT</smbconfoption>
<smbconfoption name="security">share</smbconfoption>
<smbconfsection>[data]</smbconfsection>
<smbconfoption><name>comment</name><value>Data</value></smbconfoption>
<smbconfoption><name>path</name><value>/export</value></smbconfoption>
<smbconfoption><name>read only</name><value>Yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Data</smbconfoption>
<smbconfoption name="path">/export</smbconfoption>
<smbconfoption name="read only">Yes</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
</smbconfexample>
</para>
@ -260,17 +260,17 @@ Added user jackb.
<smbconfexample id="anon-rw"><title>Modified Anonymous Read-Write smb.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>HOBBIT</value></smbconfoption>
<smbconfoption><name>security</name><value>SHARE</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">HOBBIT</smbconfoption>
<smbconfoption name="security">SHARE</smbconfoption>
<smbconfsection>[data]</smbconfsection>
<smbconfoption><name>comment</name><value>Data</value></smbconfoption>
<smbconfoption><name>path</name><value>/export</value></smbconfoption>
<smbconfoption><name>force user</name><value>jackb</value></smbconfoption>
<smbconfoption><name>force group</name><value>users</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Data</smbconfoption>
<smbconfoption name="path">/export</smbconfoption>
<smbconfoption name="force user">jackb</smbconfoption>
<smbconfoption name="force group">users</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
</smbconfexample>
</para>
@ -313,21 +313,21 @@ Added user jackb.
<smbconfexample id="anon-print"><title>Anonymous Print Server smb.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>LUTHIEN</value></smbconfoption>
<smbconfoption><name>security</name><value>share</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>disable spoolss</name><value>Yes</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">LUTHIEN</smbconfoption>
<smbconfoption name="security">share</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="disable spoolss">Yes</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
</para>
@ -407,7 +407,7 @@ Added user jackb.
is the default, and for which the default is to store Microsoft Windows-compatible
encrypted passwords in a file called <filename>/etc/samba/smbpasswd</filename>.
The default &smb.conf; entry that makes this happen is:
<smbconfoption><name>passdb backend</name><value>smbpasswd, guest</value></smbconfoption>. Since this is the default
<smbconfoption name="passdb backend">smbpasswd, guest</smbconfoption>. Since this is the default
it is not necessary to enter it into the configuration file. Note that guest backend is
added to the list of active passdb backends not matter was it specified directly in Samba configuration
file or not.
@ -432,36 +432,36 @@ Added user jackb.
<title>Secure Office Server smb.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>OLORIN</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>disable spoolss</name><value>Yes</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">OLORIN</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="disable spoolss">Yes</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[public]</smbconfsection>
<smbconfoption><name>comment</name><value>Data</value></smbconfoption>
<smbconfoption><name>path</name><value>/export</value></smbconfoption>
<smbconfoption><name>force user</name><value>maryo</value></smbconfoption>
<smbconfoption><name>force group</name><value>users</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Data</smbconfoption>
<smbconfoption name="path">/export</smbconfoption>
<smbconfoption name="force user">maryo</smbconfoption>
<smbconfoption name="force group">users</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, maryo</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0600</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root, maryo</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
</para></step>
@ -644,49 +644,49 @@ smb: \> <userinput>q</userinput>
<title>Member server smb.conf (globals)</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>VALINOR</value></smbconfoption>
<smbconfoption><name>security</name><value>DOMAIN</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>disable spoolss</name><value>Yes</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>No</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>winbind use default domain</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use sendfile</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">VALINOR</smbconfoption>
<smbconfoption name="security">DOMAIN</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="disable spoolss">Yes</smbconfoption>
<smbconfoption name="show add printer wizard">No</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
<smbconfoption name="idmap gid">15000-20000</smbconfoption>
<smbconfoption name="winbind use default domain">Yes</smbconfoption>
<smbconfoption name="use sendfile">Yes</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
</smbconfexample></para>
<para>
<smbconfexample id="fast-memberserver-shares">
<title>Member server smb.conf (shares and services)</title>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[spytfull]</smbconfsection>
<smbconfoption><name>comment</name><value>Accounting Application Only</value></smbconfoption>
<smbconfoption><name>path</name><value>/export/spytfull</value></smbconfoption>
<smbconfoption><name>valid users</name><value>@Accounts</value></smbconfoption>
<smbconfoption><name>admin users</name><value>maryo</value></smbconfoption>
<smbconfoption><name>read only</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Accounting Application Only</smbconfoption>
<smbconfoption name="path">/export/spytfull</smbconfoption>
<smbconfoption name="valid users">@Accounts</smbconfoption>
<smbconfoption name="admin users">maryo</smbconfoption>
<smbconfoption name="read only">Yes</smbconfoption>
<smbconfsection>[public]</smbconfsection>
<smbconfoption><name>comment</name><value>Data</value></smbconfoption>
<smbconfoption><name>path</name><value>/export/public</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Data</smbconfoption>
<smbconfoption name="path">/export/public</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, maryo</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0600</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root, maryo</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
</para></step>
@ -872,72 +872,72 @@ maryo:x:15000:15003:Mary Orville:/home/MIDEARTH/maryo:/bin/false
<smbconfexample id="fast-engoffice-global">
<title>Engineering Office smb.conf (globals)</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>FRODO</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>tdbsam</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/usr/sbin/useradd -m %u</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/usr/sbin/userdel -r %u</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/usr/sbin/groupadd %g</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/usr/sbin/groupdel %g</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/usr/sbin/usermod -G %g %u</value></smbconfoption>
<smbconfoption><name>add machine script</name><value>/usr/sbin/useradd -s /bin/false \</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">FRODO</smbconfoption>
<smbconfoption name="passdb backend">tdbsam</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="add user script">/usr/sbin/useradd -m %u</smbconfoption>
<smbconfoption name="delete user script">/usr/sbin/userdel -r %u</smbconfoption>
<smbconfoption name="add group script">/usr/sbin/groupadd %g</smbconfoption>
<smbconfoption name="delete group script">/usr/sbin/groupdel %g</smbconfoption>
<smbconfoption name="add user to group script">/usr/sbin/usermod -G %g %u</smbconfoption>
<smbconfoption name="add machine script">/usr/sbin/useradd -s /bin/false \</smbconfoption>
<member><parameter> -d /var/lib/nobody %u</parameter></member>
<smbconfcomment>Note: The following specifies the default logon script.</smbconfcomment>
<smbconfcomment>Per user logon scripts can be specified in the user account using pdbedit </smbconfcomment>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfcomment>This sets the default profile path. Set per user paths with pdbedit</smbconfcomment>
<smbconfoption><name>logon path</name><value>\\%L\Profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>H:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\\%L\%U</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>35</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="logon path">\\%L\Profiles\%U</smbconfoption>
<smbconfoption name="logon drive">H:</smbconfoption>
<smbconfoption name="logon home">\\%L\%U</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="os level">35</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="domain master">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
<smbconfoption name="idmap gid">15000-20000</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
</smbconfexample>
<smbconfexample id="fast-engoffice-shares">
<title>Engineering Office smb.conf (shares and services)</title>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>comment</name><value>Home Directories</value></smbconfoption>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Home Directories</smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfcomment>Printing auto-share (makes printers available thru CUPS)</smbconfcomment>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root, maryo</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0600</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root, maryo</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Drivers Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/drivers</value></smbconfoption>
<smbconfoption><name>write list</name><value>maryo, root</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>maryo, root</value></smbconfoption>
<smbconfoption name="comment">Printer Drivers Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/drivers</smbconfoption>
<smbconfoption name="write list">maryo, root</smbconfoption>
<smbconfoption name="printer admin">maryo, root</smbconfoption>
<smbconfcomment>Needed to support domain logons</smbconfcomment>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>admin users</name><value>root, maryo</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="admin users">root, maryo</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
<smbconfcomment>For profiles to work, create a user directory under the path</smbconfcomment>
<smbconfcomment> shown. i.e., mkdir -p /var/lib/samba/profiles/maryo</smbconfcomment>
<smbconfsection>[Profiles]</smbconfsection>
<smbconfoption><name>comment</name><value>Roaming Profile Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>No</value></smbconfoption>
<smbconfoption><name>profile acls</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Roaming Profile Share</smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">No</smbconfoption>
<smbconfoption name="profile acls">Yes</smbconfoption>
<smbconfcomment>Other resource (share/printer) definitions would follow below.</smbconfcomment>
<member>...</member>
@ -1144,41 +1144,41 @@ userPassword: {SSHA}0jBHgQ1vp4EDX2rEMMfIudvRMJoGwjVb
<title>LDAP backend smb.conf for PDC</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>FRODO</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://localhost</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>add user script</name><value>/usr/local/sbin/smbldap-useradd.pl -m '%u'</value></smbconfoption>
<smbconfoption><name>delete user script</name><value>/usr/local/sbin/smbldap-userdel.pl %u</value></smbconfoption>
<smbconfoption><name>add group script</name><value>/usr/local/sbin/smbldap-groupadd.pl -p '%g'</value></smbconfoption>
<smbconfoption><name>delete group script</name><value>/usr/local/sbin/smbldap-groupdel.pl '%g'</value></smbconfoption>
<smbconfoption><name>add user to group script</name><value>/usr/local/sbin/ \</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">FRODO</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://localhost</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="add user script">/usr/local/sbin/smbldap-useradd.pl -m '%u'</smbconfoption>
<smbconfoption name="delete user script">/usr/local/sbin/smbldap-userdel.pl %u</smbconfoption>
<smbconfoption name="add group script">/usr/local/sbin/smbldap-groupadd.pl -p '%g'</smbconfoption>
<smbconfoption name="delete group script">/usr/local/sbin/smbldap-groupdel.pl '%g'</smbconfoption>
<smbconfoption name="add user to group script">/usr/local/sbin/ \</smbconfoption>
<member><parameter>smbldap-groupmod.pl -m '%g' '%u'</parameter></member>
<smbconfoption><name>delete user from group script</name><value>/usr/local/sbin/ \</value></smbconfoption>
<smbconfoption name="delete user from group script">/usr/local/sbin/ \</smbconfoption>
<member><parameter>smbldap-groupmod.pl -x '%g' '%u'</parameter></member>
<smbconfoption><name>set primary group script</name><value>/usr/local/sbin/ \</value></smbconfoption>
<smbconfoption name="set primary group script">/usr/local/sbin/ \</smbconfoption>
<member><parameter>smbldap-usermod.pl -g '%g' '%u'</parameter></member>
<smbconfoption><name>add machine script</name><value>/usr/local/sbin/smbldap-useradd.pl -w '%u'</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\Profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>H:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\\%L\%U</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>35</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=quenya,dc=org</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager</value></smbconfoption>
<smbconfoption><name>ldap ssl</name><value>no</value></smbconfoption>
<smbconfoption><name>ldap passwd sync</name><value>Yes</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="add machine script">/usr/local/sbin/smbldap-useradd.pl -w '%u'</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\Profiles\%U</smbconfoption>
<smbconfoption name="logon drive">H:</smbconfoption>
<smbconfoption name="logon home">\\%L\%U</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="os level">35</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="domain master">Yes</smbconfoption>
<smbconfoption name="ldap suffix">dc=quenya,dc=org</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=People</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
<smbconfoption name="idmap gid">15000-20000</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<member>...</member>
</smbconfexample>
</para></step>
@ -1217,30 +1217,30 @@ userPassword: {SSHA}0jBHgQ1vp4EDX2rEMMfIudvRMJoGwjVb
<title>Remote LDAP BDC smb.conf</title>
<smbconfcomment>Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>MIDEARTH</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>GANDALF</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://frodo.quenya.org</value></smbconfoption>
<smbconfoption><name>username map</name><value>/etc/samba/smbusers</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption><name>logon script</name><value>scripts\logon.bat</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\Profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>H:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\\%L\%U</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>33</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>No</value></smbconfoption>
<smbconfoption><name>ldap suffix</name><value>dc=quenya,dc=org</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap admin dn</name><value>cn=Manager</value></smbconfoption>
<smbconfoption><name>ldap ssl</name><value>no</value></smbconfoption>
<smbconfoption><name>ldap passwd sync</name><value>Yes</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>15000-20000</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption name="workgroup">MIDEARTH</smbconfoption>
<smbconfoption name="netbios name">GANDALF</smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://frodo.quenya.org</smbconfoption>
<smbconfoption name="username map">/etc/samba/smbusers</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfoption name="logon script">scripts\logon.bat</smbconfoption>
<smbconfoption name="logon path">\\%L\Profiles\%U</smbconfoption>
<smbconfoption name="logon drive">H:</smbconfoption>
<smbconfoption name="logon home">\\%L\%U</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="os level">33</smbconfoption>
<smbconfoption name="preferred master">Yes</smbconfoption>
<smbconfoption name="domain master">No</smbconfoption>
<smbconfoption name="ldap suffix">dc=quenya,dc=org</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=People</smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=People</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
<smbconfoption name="ldap ssl">no</smbconfoption>
<smbconfoption name="ldap passwd sync">Yes</smbconfoption>
<smbconfoption name="idmap uid">15000-20000</smbconfoption>
<smbconfoption name="idmap gid">15000-20000</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<member>...</member>
</smbconfexample>
</para></step>

6
docs/Samba-HOWTO-Collection/Group-Mapping.xml
View File

@ -52,7 +52,7 @@
accounts should be automatically created when these tools are used. In the absence of these scripts, and
so long as <command>winbindd</command> is running, Samba group accounts that are created using these
tools will be allocated UNIX UIDs/GIDs from the ID range specified by the
<smbconfoption><name>idmap uid</name></smbconfoption>/<smbconfoption><name>idmap gid</name></smbconfoption>
<smbconfoption name="idmap uid"/>/<smbconfoption name="idmap gid"/>
parameters in the &smb.conf; file.
</para>
@ -527,7 +527,7 @@ exit 0
<title>Configuration of &smb.conf; for the add group script.</title>
<smbconfsection>[global]</smbconfsection>
<member>...</member>
<smbconfoption><name>add group script</name><value>/path_to_tool/smbgrpadd.sh &quot;%g&quot;</value></smbconfoption>
<smbconfoption name="add group script">/path_to_tool/smbgrpadd.sh &quot;%g&quot;</smbconfoption>
<member>...</member>
</smbconfexample>
</para>
@ -591,7 +591,7 @@ manually before putting them into active service.
<para>
This is a common problem when the <command>groupadd</command> is called directly
by the Samba interface script for the <smbconfoption><name>add group script</name></smbconfoption> in
by the Samba interface script for the <smbconfoption name="add group script"/> in
the &smb.conf; file.
</para>

16
docs/Samba-HOWTO-Collection/Install.xml
View File

@ -64,14 +64,14 @@
<title>A minimal smb.conf</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>WKG</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>MYNAME</value></smbconfoption>
<smbconfoption name="workgroup">WKG</smbconfoption>
<smbconfoption name="netbios name">MYNAME</smbconfoption>
<smbconfsection>[share1]</smbconfsection>
<smbconfoption><name>path</name><value>/tmp</value></smbconfoption>
<smbconfoption name="path">/tmp</smbconfoption>
<smbconfsection>[share2]</smbconfsection>
<smbconfoption><name>path</name><value>/my_shared_folder</value></smbconfoption>
<smbconfoption><name>comment</name><value>Some random files</value></smbconfoption>
<smbconfoption name="path">/my_shared_folder</smbconfoption>
<smbconfoption name="comment">Some random files</smbconfoption>
</smbconfexample>
</sect2>
@ -151,11 +151,11 @@
<smbconfexample id="simple-example">
<title>Another simple smb.conf File</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>guest ok</name><value>no</value></smbconfoption>
<smbconfoption><name>read only</name><value>no</value></smbconfoption>
<smbconfoption name="guest ok">no</smbconfoption>
<smbconfoption name="read only">no</smbconfoption>
</smbconfexample>
</para>

6
docs/Samba-HOWTO-Collection/Integrating-with-Windows.xml
View File

@ -577,7 +577,7 @@ to be added to the &smb.conf; file:
</para>
<para><smbconfblock>
<smbconfoption><name>wins support</name><value>Yes</value></smbconfoption>
<smbconfoption name="wins support">Yes</smbconfoption>
</smbconfblock></para>
<para>
@ -586,8 +586,8 @@ needed in the &smb.conf; file:
</para>
<para><smbconfblock>
<smbconfoption><name>wins support</name><value>No</value></smbconfoption>
<smbconfoption><name>wins server</name><value>xxx.xxx.xxx.xxx</value></smbconfoption>
<smbconfoption name="wins support">No</smbconfoption>
<smbconfoption name="wins server">xxx.xxx.xxx.xxx</smbconfoption>
</smbconfblock></para>
<para>

4
docs/Samba-HOWTO-Collection/InterdomainTrusts.xml
View File

@ -39,8 +39,8 @@ The use of interdomain trusts requires use of <command>winbind</command>. Thus t
<command>winbindd</command> daemon must be running. Winbind operation in this mode is
dependant on the specification of a valid UID range and a valid GID range in the &smb.conf; file.
These are specified respectively using
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption> and
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>.
<smbconfoption name="idmap uid">10000-20000</smbconfoption> and
<smbconfoption name="idmap gid">10000-20000</smbconfoption>.
</para>
<note><para>

2
docs/Samba-HOWTO-Collection/LargeFile.xml
View File

@ -48,7 +48,7 @@ the directory for names - it knows that if a file does not exist in upper case t
</para>
<para>
The secret to this is really in the <smbconfoption><name>case sensitive</name><value>True</value></smbconfoption>
The secret to this is really in the <smbconfoption name="case sensitive">True</smbconfoption>
line. This tells smbd never to scan for case-insensitive versions of names. So if an application asks for a file
called <filename>FOO</filename>, and it can not be found by a simple stat call, then smbd will return file not
found immediately without scanning the containing directory for a version of a different case. The other

2
docs/Samba-HOWTO-Collection/NT4Migration.xml
View File

@ -178,7 +178,7 @@ Logon scripts can help to ensure that all users gain the share and printer conne
Logon scripts can be created on-the-fly so all commands executed are specific to the
rights and privileges granted to the user. The preferred controls should be affected through
group membership so group information can be used to create a custom logon script using
the <smbconfoption><name>root preexec</name></smbconfoption> parameters to the <smbconfsection>NETLOGON</smbconfsection> share.
the <smbconfoption name="root preexec"/> parameters to the <smbconfsection>NETLOGON</smbconfsection> share.
</para>
<para>

172
docs/Samba-HOWTO-Collection/NetworkBrowsing.xml
View File

@ -107,26 +107,26 @@ The Samba application that controls browse list management and name resolution i
called <filename>nmbd</filename>. The configuration parameters involved in nmbd's operation are:
</para>
<para>Browsing options: <smbconfoption><name>os level</name></smbconfoption>(*),
<smbconfoption><name>lm announce</name></smbconfoption>,
<smbconfoption><name>lm interval</name></smbconfoption>,
<smbconfoption><name>preferred master</name></smbconfoption>(*),
<smbconfoption><name>local master</name></smbconfoption>(*),
<smbconfoption><name>domain master</name></smbconfoption>(*),
<smbconfoption><name>browse list</name></smbconfoption>,
<smbconfoption><name>enhanced browsing</name></smbconfoption>.
<para>Browsing options: <smbconfoption name="os level"/>(*),
<smbconfoption name="lm announce"/>,
<smbconfoption name="lm interval"/>,
<smbconfoption name="preferred master"/>(*),
<smbconfoption name="local master"/>(*),
<smbconfoption name="domain master"/>(*),
<smbconfoption name="browse list"/>,
<smbconfoption name="enhanced browsing"/>.
</para>
<para>Name Resolution Method:
<smbconfoption><name>name resolve order</name></smbconfoption>(*).
<smbconfoption name="name resolve order"/>(*).
</para>
<para>WINS options:
<smbconfoption><name>dns proxy</name></smbconfoption>,
<smbconfoption><name>wins proxy</name></smbconfoption>,
<smbconfoption><name>wins server</name></smbconfoption>(*),
<smbconfoption><name>wins support</name></smbconfoption>(*),
<smbconfoption><name>wins hook</name></smbconfoption>.
<smbconfoption name="dns proxy"/>,
<smbconfoption name="wins proxy"/>,
<smbconfoption name="wins server"/>(*),
<smbconfoption name="wins support"/>(*),
<smbconfoption name="wins hook"/>.
</para>
<para>
@ -166,9 +166,9 @@ UDP messages can be broadcast or unicast.
<para>
<indexterm><primary>UDP</primary></indexterm>
Normally, only uni-cast UDP messaging can be forwarded by routers. The
<smbconfoption><name>remote announce</name></smbconfoption> parameter to smb.conf helps to project browse announcements
<smbconfoption name="remote announce"/> parameter to smb.conf helps to project browse announcements
to remote network segments via uni-cast UDP. Similarly, the
<smbconfoption><name>remote browse sync</name></smbconfoption> parameter of &smb.conf;
<smbconfoption name="remote browse sync"/> parameter of &smb.conf;
implements browse list collation using uni-cast UDP.
</para>
@ -213,16 +213,16 @@ In those networks where Samba is the only SMB server technology, wherever possib
server. This makes it easy to manage the browsing environment. If each network
segment is configured with its own Samba WINS server, then the only way to
get cross-segment browsing to work is by using the
<smbconfoption><name>remote announce</name></smbconfoption> and the
<smbconfoption><name>remote browse sync</name></smbconfoption>
<smbconfoption name="remote announce"/> and the
<smbconfoption name="remote browse sync"/>
parameters to your &smb.conf; file.
</para>
<para>
<indexterm><primary>WINS</primary></indexterm>
If only one WINS server is used for an entire multi-segment network, then
the use of the <smbconfoption><name>remote announce</name></smbconfoption> and the
<smbconfoption><name>remote browse sync</name></smbconfoption> parameters should not be necessary.
the use of the <smbconfoption name="remote announce"/> and the
<smbconfoption name="remote browse sync"/> parameters should not be necessary.
</para>
<para>
@ -238,7 +238,7 @@ Right now Samba WINS does not support MS-WINS replication. This means that
when setting up Samba as a WINS server, there must only be one <filename>nmbd</filename>
configured as a WINS server on the network. Some sites have used multiple Samba WINS
servers for redundancy (one server per subnet) and then used
<smbconfoption><name>remote browse sync</name></smbconfoption> and <smbconfoption><name>remote announce</name></smbconfoption>
<smbconfoption name="remote browse sync"/> and <smbconfoption name="remote announce"/>
to effect browse list collation across all segments. Note that this means clients
will only resolve local names, and must be configured to use DNS to resolve names
on other subnets in order to resolve the IP addresses of the servers they can see
@ -535,7 +535,7 @@ resolution to the local subnet, unless LMHOSTS is used to list all
names and IP addresses. In such situations, Samba provides a means by
which the Samba server name may be forcibly injected into the browse
list of a remote MS Windows network (using the
<smbconfoption><name>remote announce</name></smbconfoption> parameter).
<smbconfoption name="remote announce"/> parameter).
</para>
<para>
@ -573,13 +573,13 @@ inability to use the network services.
<para>
Samba supports a feature that allows forced synchronization of browse lists across
routed networks using the <smbconfoption><name>remote browse sync</name></smbconfoption>
routed networks using the <smbconfoption name="remote browse sync"/>
parameter in the &smb.conf; file. This causes Samba to contact the local master
browser on a remote network and to request browse list synchronization. This
effectively bridges two networks that are separated by routers. The two remote
networks may use either broadcast-based name resolution or WINS-based name
resolution, but it should be noted that the
<smbconfoption><name>remote browse sync</name></smbconfoption> parameter provides
<smbconfoption name="remote browse sync"/> parameter provides
browse list synchronization &smbmdash; and that is distinct from name to address
resolution. In other words, for cross-subnet browsing to function correctly it is
essential that a name-to-address resolution mechanism be provided. This mechanism
@ -613,7 +613,7 @@ of the &smb.conf; file:
<para>
<smbconfblock>
<smbconfoption><name>domain master</name><value>yes</value></smbconfoption>
<smbconfoption name="domain master">yes</smbconfoption>
</smbconfblock>
</para>
@ -628,10 +628,10 @@ file as shown in <link linkend="dmbexample">the following example</link>:
<smbconfexample id="dmbexample">
<title>Domain Master Browser smb.conf</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>domain master</name><value>yes</value></smbconfoption>
<smbconfoption><name>local master</name><value>yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>65</value></smbconfoption>
<smbconfoption name="domain master">yes</smbconfoption>
<smbconfoption name="local master">yes</smbconfoption>
<smbconfoption name="preferred master">yes</smbconfoption>
<smbconfoption name="os level">65</smbconfoption>
</smbconfexample>
</para>
@ -653,10 +653,10 @@ shown in <link linkend="lmbexample">following example</link>:
<smbconfexample id="lmbexample">
<title>Local master browser smb.conf</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>domain master</name><value>no</value></smbconfoption>
<smbconfoption><name>local master</name><value>yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>65</value></smbconfoption>
<smbconfoption name="domain master">no</smbconfoption>
<smbconfoption name="local master">yes</smbconfoption>
<smbconfoption name="preferred master">yes</smbconfoption>
<smbconfoption name="os level">65</smbconfoption>
</smbconfexample>
</para>
@ -666,9 +666,9 @@ each other over which is to be the Local Master Browser.
</para>
<para>
The <smbconfoption><name>local master</name></smbconfoption> parameter allows Samba to act as a
Local Master Browser. The <smbconfoption><name>preferred master</name></smbconfoption> causes <command>nmbd</command>
to force a browser election on startup and the <smbconfoption><name>os level</name></smbconfoption>
The <smbconfoption name="local master"/> parameter allows Samba to act as a
Local Master Browser. The <smbconfoption name="preferred master"/> causes <command>nmbd</command>
to force a browser election on startup and the <smbconfoption name="os level"/>
parameter sets Samba high enough so it should win any browser elections.
</para>
@ -682,10 +682,10 @@ becoming a Local Master Browser by setting the following options in the <smbconf
<smbconfexample id="nombexample">
<title>smb.conf for not being a Master Browser</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>domain master</name><value>no</value></smbconfoption>
<smbconfoption><name>local master</name><value>no</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>no</value></smbconfoption>
<smbconfoption><name>os level</name><value>0</value></smbconfoption>
<smbconfoption name="domain master">no</smbconfoption>
<smbconfoption name="local master">no</smbconfoption>
<smbconfoption name="preferred master">no</smbconfoption>
<smbconfoption name="os level">0</smbconfoption>
</smbconfexample>
</para>
@ -711,16 +711,16 @@ of the &smb.conf; file as shown in <link linkend="remsmb">following example</lin
<smbconfexample id="remsmb">
<title>Local Master Browser smb.conf</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>domain master</name><value>no</value></smbconfoption>
<smbconfoption><name>local master</name><value>yes</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>yes</value></smbconfoption>
<smbconfoption><name>os level</name><value>65</value></smbconfoption>
<smbconfoption name="domain master">no</smbconfoption>
<smbconfoption name="local master">yes</smbconfoption>
<smbconfoption name="preferred master">yes</smbconfoption>
<smbconfoption name="os level">65</smbconfoption>
</smbconfexample>
</para>
<para>
If you wish to have a Samba server fight the election with machines on the same subnet you
may set the <smbconfoption><name>os level</name></smbconfoption> parameter to lower levels.
may set the <smbconfoption name="os level"/> parameter to lower levels.
By doing this you can tune the order of machines that will become Local Master Browsers if
they are running. For more details on this refer to <link linkend="browse-force-master">Forcing Samba to Be the Master</link> section.
</para>
@ -736,10 +736,10 @@ and ever becoming a Local Master Browser by setting the following options in the
<smbconfexample id="xremmb">
<title>&smb.conf; for not being a master browser</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>domain master</name><value>no</value></smbconfoption>
<smbconfoption><name>local master</name><value>no</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>no</value></smbconfoption>
<smbconfoption><name>os level</name><value>0</value></smbconfoption>
<smbconfoption name="domain master">no</smbconfoption>
<smbconfoption name="local master">no</smbconfoption>
<smbconfoption name="preferred master">no</smbconfoption>
<smbconfoption name="os level">0</smbconfoption>
</smbconfexample>
</para>
@ -755,29 +755,29 @@ elections to just about every Windows network server or client.
</para>
<para>
If you want Samba to win elections, set the <smbconfoption><name>os level</name></smbconfoption>
If you want Samba to win elections, set the <smbconfoption name="os level"/>
global option in &smb.conf; to a higher number. It defaults to 20. Using 34 would make it win
all elections every other system (except other samba systems).
</para>
<para>
An <smbconfoption><name>os level</name></smbconfoption> of two would make it beat Windows for Workgroups and Windows 9x/Me, but not MS Windows
An <smbconfoption name="os level"/> of two would make it beat Windows for Workgroups and Windows 9x/Me, but not MS Windows
NT/200x Server. An MS Windows NT/200x Server Domain Controller uses level 32. The maximum os level is 255.
</para>
<para>
If you want Samba to force an election on startup, set the
<smbconfoption><name>preferred master</name></smbconfoption> global option in &smb.conf; to <constant>yes</constant>.
<smbconfoption name="preferred master"/> global option in &smb.conf; to <constant>yes</constant>.
Samba will then have a slight advantage over other potential master browsers that are not Preferred Master Browsers.
Use this parameter with care, as if you have two hosts (whether they are Windows 9x/Me or
NT/200x/XP or Samba) on the same local subnet both set with <smbconfoption><name>preferred master</name></smbconfoption>
NT/200x/XP or Samba) on the same local subnet both set with <smbconfoption name="preferred master"/>
to <constant>yes</constant>, then periodically and continually they will force an election in order
to become the Local Master Browser.
</para>
<para>
If you want Samba to be a <emphasis>Domain Master Browser</emphasis>, then it is recommended that
you also set <smbconfoption><name>preferred master</name></smbconfoption> to <constant>yes</constant>, because
you also set <smbconfoption name="preferred master"/> to <constant>yes</constant>, because
Samba will not become a Domain Master Browser for the whole of your LAN or WAN if it is not also a
Local Master Browser on its own broadcast isolated subnet.
</para>
@ -796,7 +796,7 @@ the current Domain Master Browser fail.
<para>
The domain master is responsible for collating the browse lists of multiple subnets so browsing can occur between subnets. You can
make Samba act as the Domain Master by setting <smbconfoption><name>domain master</name><value>yes</value></smbconfoption>
make Samba act as the Domain Master by setting <smbconfoption name="domain master">yes</smbconfoption>
in &smb.conf;. By default it will not be a Domain Master.
</para>
@ -815,8 +815,8 @@ other subnets and then contact them to synchronize browse lists.
<para>
If you want Samba to be the domain master, you should also set the
<smbconfoption><name>os level</name></smbconfoption> high enough to make sure it wins elections, and
set <smbconfoption><name>preferred master</name></smbconfoption> to <constant>yes</constant>, to
<smbconfoption name="os level"/> high enough to make sure it wins elections, and
set <smbconfoption name="preferred master"/> to <constant>yes</constant>, to
get Samba to force an election on startup.
</para>
@ -877,22 +877,22 @@ does not seem to support a zeros broadcast and you will probably find that brows
<para>
Samba supports machines with multiple network interfaces. If you have multiple interfaces, you will
need to use the <smbconfoption><name>interfaces</name></smbconfoption> option in &smb.conf; to configure them.
need to use the <smbconfoption name="interfaces"/> option in &smb.conf; to configure them.
</para>
</sect2>
<sect2>
<title>Use of the Remote Announce Parameter</title>
<para>
The <smbconfoption><name>remote announce</name></smbconfoption> parameter of
The <smbconfoption name="remote announce"/> parameter of
&smb.conf; can be used to forcibly ensure
that all the NetBIOS names on a network get announced to a remote network.
The syntax of the <smbconfoption><name>remote announce</name></smbconfoption> parameter is:
The syntax of the <smbconfoption name="remote announce"/> parameter is:
<smbconfblock>
<smbconfoption><name>remote announce</name><value>a.b.c.d [e.f.g.h] ...</value></smbconfoption>
<smbconfoption name="remote announce">a.b.c.d [e.f.g.h] ...</smbconfoption>
</smbconfblock>
<emphasis>or</emphasis>
<smbconfblock>
<smbconfoption><name>remote announce</name><value>a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...</value></smbconfoption>
<smbconfoption name="remote announce">a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ...</smbconfoption>
</smbconfblock>
where:
@ -925,17 +925,17 @@ where:
<title>Use of the Remote Browse Sync Parameter</title>
<para>
The <smbconfoption><name>remote browse sync</name></smbconfoption> parameter of
The <smbconfoption name="remote browse sync"/> parameter of
&smb.conf; is used to announce to another LMB that it must synchronize its NetBIOS name list with our
Samba LMB. This works only if the Samba server that has this option is
simultaneously the LMB on its network segment.
</para>
<para>
The syntax of the <smbconfoption><name>remote browse sync</name></smbconfoption> parameter is:
The syntax of the <smbconfoption name="remote browse sync"/> parameter is:
<smbconfblock>
<smbconfoption><name>remote browse sync</name><value><replaceable>a.b.c.d</replaceable></value></smbconfoption>
<smbconfoption name="remote browse sync"><replaceable>a.b.c.d</replaceable></smbconfoption>
</smbconfblock>
where <replaceable>a.b.c.d</replaceable> is either the IP address of the
@ -1000,19 +1000,19 @@ errors.
<para>
To configure Samba as a WINS server just add
<smbconfoption><name>wins support</name><value>yes</value></smbconfoption> to the &smb.conf;
<smbconfoption name="wins support">yes</smbconfoption> to the &smb.conf;
file [global] section.
</para>
<para>
To configure Samba to register with a WINS server just add
<smbconfoption><name>wins server</name><value>a.b.c.d</value></smbconfoption>
<smbconfoption name="wins server">a.b.c.d</smbconfoption>
to your &smb.conf; file <smbconfsection>[global]</smbconfsection> section.
</para>
<important><para>
Never use both <smbconfoption><name>wins support</name><value>yes</value></smbconfoption> together
with <smbconfoption><name>wins server</name><value>a.b.c.d</value></smbconfoption>
Never use both <smbconfoption name="wins support">yes</smbconfoption> together
with <smbconfoption name="wins server">a.b.c.d</smbconfoption>
particularly not using its own IP address. Specifying both will cause &nmbd; to refuse to start!
</para></important>
@ -1028,7 +1028,7 @@ the <smbconfsection>[global]</smbconfsection> section:
<para>
<smbconfblock>
<smbconfoption><name>wins support</name><value>yes</value></smbconfoption>
<smbconfoption name="wins support">yes</smbconfoption>
</smbconfblock>
</para>
@ -1040,13 +1040,13 @@ least set the parameter to <quote>no</quote> on all these machines.
</para>
<para>
Machines configured with <smbconfoption><name>wins support</name><value>yes</value></smbconfoption> will keep a list of
Machines configured with <smbconfoption name="wins support">yes</smbconfoption> will keep a list of
all NetBIOS names registered with them, acting as a DNS for NetBIOS names.
</para>
<para>
It is strongly recommended to set up only one WINS server. Do not set the
<smbconfoption><name>wins support</name><value>yes</value></smbconfoption> option on more than one Samba
<smbconfoption name="wins support">yes</smbconfoption> option on more than one Samba
server.
</para>
@ -1061,7 +1061,7 @@ participate in these replications. It is possible in the future that
a Samba-to-Samba WINS replication protocol may be defined, in which
case more than one Samba machine could be set up as a WINS server.
Currently only one Samba server should have the
<smbconfoption><name>wins support</name><value>yes</value></smbconfoption> parameter set.
<smbconfoption name="wins support">yes</smbconfoption> parameter set.
</para>
<para>
@ -1077,7 +1077,7 @@ all &smb.conf; files:
<para>
<smbconfblock>
<smbconfoption><name>wins server</name><value>&lt;name or IP address&gt;</value></smbconfoption>
<smbconfoption name="wins server">&lt;name or IP address&gt;</smbconfoption>
</smbconfblock>
</para>
@ -1089,8 +1089,8 @@ machine or its IP address.
<para>
This line must not be set in the &smb.conf; file of the Samba
server acting as the WINS server itself. If you set both the
<smbconfoption><name>wins support</name><value>yes</value></smbconfoption> option and the
<smbconfoption><name>wins server</name><value>&lt;name&gt;</value></smbconfoption> option then
<smbconfoption name="wins support">yes</smbconfoption> option and the
<smbconfoption name="wins server">&lt;name&gt;</smbconfoption> option then
<command>nmbd</command> will fail to start.
</para>
@ -1244,15 +1244,15 @@ Many sites want to restrict DNS lookups and avoid broadcast name
resolution traffic. The <parameter>name resolve order</parameter> parameter is of great help here.
The syntax of the <parameter>name resolve order</parameter> parameter is:
<smbconfblock>
<smbconfoption><name>name resolve order</name><value>wins lmhosts bcast host</value></smbconfoption>
<smbconfoption name="name resolve order">wins lmhosts bcast host</smbconfoption>
</smbconfblock>
<emphasis>or</emphasis>
<smbconfblock>
<smbconfoption><name>name resolve order</name><value>wins lmhosts (eliminates bcast and host)</value></smbconfoption>
<smbconfoption name="name resolve order">wins lmhosts (eliminates bcast and host)</smbconfoption>
</smbconfblock>
The default is:
<smbconfblock>
<smbconfoption><name>name resolve order</name><value>host lmhost wins bcast</value></smbconfoption>
<smbconfoption name="name resolve order">host lmhost wins bcast</smbconfoption>
</smbconfblock>
where <quote>host</quote> refers to the native methods used by the UNIX system
to implement the gethostbyname() function call. This is normally
@ -1266,7 +1266,7 @@ controlled by <filename>/etc/host.conf</filename>, <filename>/etc/nsswitch.conf<
<para>
SMB networking provides a mechanism by which clients can access a list
of machines in a network, a so-called <smbconfoption><name>browse list</name></smbconfoption>. This list
of machines in a network, a so-called <smbconfoption name="browse list"/>. This list
contains machines that are ready to offer file and/or print services
to other machines within the network. Thus it does not include
machines that aren't currently able to do server tasks. The browse
@ -1327,7 +1327,7 @@ recommended that you use one and only one Samba server as the WINS server.
<para>
To get browsing to work you need to run nmbd as usual, but will need
to use the <smbconfoption><name>workgroup</name></smbconfoption> option in &smb.conf;
to use the <smbconfoption name="workgroup"/> option in &smb.conf;
to control what workgroup Samba becomes a part of.
</para>
@ -1335,7 +1335,7 @@ to control what workgroup Samba becomes a part of.
Samba also has a useful option for a Samba server to offer itself for
browsing on another subnet. It is recommended that this option is only
used for <quote>unusual</quote> purposes: announcements over the Internet, for
example. See <smbconfoption><name>remote announce</name></smbconfoption> in the
example. See <smbconfoption name="remote announce"/> in the
&smb.conf; man page.
</para>
</sect2>
@ -1345,7 +1345,7 @@ example. See <smbconfoption><name>remote announce</name></smbconfoption> in the
<para>
If something does not work, the <filename>log.nmbd</filename> file will help
to track down the problem. Try a <smbconfoption><name>log level</name><value></value></smbconfoption> of 2 or 3 for finding
to track down the problem. Try a <smbconfoption name="log level"></smbconfoption> of 2 or 3 for finding
problems. Also note that the current browse list usually gets stored
in text form in a file called <filename>browse.dat</filename>.
</para>
@ -1358,7 +1358,7 @@ press enter and <command>filemanager</command> should display the list of availa
<para>
Some people find browsing fails because they do not have the global
<smbconfoption><name>guest account</name></smbconfoption> set to a valid account. Remember that the
<smbconfoption name="guest account"/> set to a valid account. Remember that the
IPC$ connection that lists the shares is done as guest and, thus, you must have a valid guest account.
</para>
@ -1373,7 +1373,7 @@ server resources.
<para>
The other big problem people have is that their broadcast address,
netmask or IP address is wrong (specified with the <smbconfoption><name>interfaces</name><value></value></smbconfoption> option
netmask or IP address is wrong (specified with the <smbconfoption name="interfaces"></smbconfoption> option
in &smb.conf;)
</para>
</sect2>
@ -1703,7 +1703,7 @@ guest account for browsing in <command>smbd</command>. Check that your guest acc
valid.
</para>
<para>Also see <smbconfoption><name>guest account</name></smbconfoption> in the &smb.conf; man page.</para>
<para>Also see <smbconfoption name="guest account"/> in the &smb.conf; man page.</para>
</sect2>

22
docs/Samba-HOWTO-Collection/Other-Clients.xml
View File

@ -109,7 +109,7 @@ For more info on these packages, Samba, and Linux (and other UNIX-based systems)
and not copy an installed driver from an OS/2 system.</para>
<para>Install the NT driver first for that printer. Then, add to your &smb.conf; a parameter,
<smbconfoption><name>os2 driver map</name><value><replaceable>filename</replaceable></value></smbconfoption>.
<smbconfoption name="os2 driver map"><replaceable>filename</replaceable></smbconfoption>.
Next, in the file specified by <replaceable>filename</replaceable>, map the
name of the NT driver name to the OS/2 driver name as follows:</para>
@ -189,7 +189,7 @@ type <userinput>EXPAND A:\ADMINCFG.EX_ C:\WINDOWS\ADMINCFG.EXE</userinput>.
Then add an icon for it via the <application>Program Manager</application> <guimenu>New</guimenu> Menu.
This program allows you to control how WFW handles passwords, i.e.,
Disable Password Caching and so on.
for use with <smbconfoption><name>security</name><value>user</value></smbconfoption>.
for use with <smbconfoption name="security">user</smbconfoption>.
</para>
</sect2>
@ -199,7 +199,7 @@ for use with <smbconfoption><name>security</name><value>user</value></smbconfopt
<para>Windows for Workgroups uppercases the password before sending it to the server.
UNIX passwords can be case-sensitive though. Check the &smb.conf; information on
<smbconfoption><name>password level</name></smbconfoption> to specify what characters
<smbconfoption name="password level"/> to specify what characters
Samba should try to uppercase when checking.</para>
</sect2>
@ -293,14 +293,14 @@ most likely occur if it is not.
<para>
In order to serve profiles successfully to Windows 2000 SP2
clients (when not operating as a PDC), Samba must have
<smbconfoption><name>nt acl support</name><value>no</value></smbconfoption>
<smbconfoption name="nt acl support">no</smbconfoption>
added to the file share which houses the roaming profiles.
If this is not done, then the Windows 2000 SP2 client will
complain about not being able to access the profile (Access
Denied) and create multiple copies of it on disk (DOMAIN.user.001,
DOMAIN.user.002, and so on). See the &smb.conf; man page
for more details on this option. Also note that the
<smbconfoption><name>nt acl support</name></smbconfoption> parameter was formally a global parameter in
<smbconfoption name="nt acl support"/> parameter was formally a global parameter in
releases prior to Samba 2.2.2.
</para>
@ -311,11 +311,11 @@ releases prior to Samba 2.2.2.
<para><smbconfexample id="minimalprofile">
<title>Minimal profile share</title>
<smbconfsection>[profile]</smbconfsection>
<smbconfoption><name>path</name><value>/export/profile</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0600</value></smbconfoption>
<smbconfoption><name>directory mask</name><value>0700</value></smbconfoption>
<smbconfoption><name>nt acl support</name><value>no</value></smbconfoption>
<smbconfoption><name>read only</name><value>no</value></smbconfoption>
<smbconfoption name="path">/export/profile</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="directory mask">0700</smbconfoption>
<smbconfoption name="nt acl support">no</smbconfoption>
<smbconfoption name="read only">no</smbconfoption>
</smbconfexample></para>
<para>
@ -328,7 +328,7 @@ for the <errorname>access denied</errorname> message.
</para>
<para>
By disabling the <smbconfoption><name>nt acl support</name></smbconfoption> parameter, Samba will send
By disabling the <smbconfoption name="nt acl support"/> parameter, Samba will send
the Windows 200x client a response to the QuerySecurityDescriptor trans2 call, which causes the client
to set a default ACL for the profile. This default ACL includes:
</para>

12
docs/Samba-HOWTO-Collection/PAM.xml
View File

@ -622,7 +622,7 @@ PAM documentation for further helpful information.
<title>&smb.conf; PAM Configuration</title>
<para>
There is an option in &smb.conf; called <smbconfoption><name>obey pam restrictions</name></smbconfoption>.
There is an option in &smb.conf; called <smbconfoption name="obey pam restrictions"/>.
The following is from the online help for this option in SWAT;
</para>
@ -630,12 +630,12 @@ The following is from the online help for this option in SWAT;
When Samba is configured to enable PAM support (i.e., <option>--with-pam</option>), this parameter will
control whether or not Samba should obey PAM's account and session management directives. The default behavior
is to use PAM for clear-text authentication only and to ignore any account or session management. Samba always
ignores PAM for authentication in the case of <smbconfoption><name>encrypt passwords</name><value>yes</value></smbconfoption>.
ignores PAM for authentication in the case of <smbconfoption name="encrypt passwords">yes</smbconfoption>.
The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB
password encryption.
</para>
<para>Default: <smbconfoption><name>obey pam restrictions</name><value>no</value></smbconfoption></para>
<para>Default: <smbconfoption name="obey pam restrictions">no</smbconfoption></para>
</sect2>
@ -666,7 +666,7 @@ lock directory and will be remembered.
<para>
The astute administrator will realize from this that the combination of <filename>pam_smbpass.so</filename>,
<command>winbindd</command> and a distributed <smbconfoption><name>passdb backend</name><value></value></smbconfoption>,
<command>winbindd</command> and a distributed <smbconfoption name="passdb backend"></smbconfoption>,
such as <parameter>ldap</parameter>, will allow the establishment of a centrally managed, distributed user/password
database that can also be used by all PAM-aware (e.g., Linux) programs and applications. This arrangement can have
particularly potent advantages compared with the use of Microsoft Active Directory Service (ADS) in so far as
@ -891,8 +891,8 @@ password required /lib/security/pam_stack.so service=system-auth
<para>
<quote>
My &smb.conf; file is correctly configured. I have specified
<smbconfoption><name>idmap uid</name><value>12000</value></smbconfoption>,
and <smbconfoption><name>idmap gid</name><value>3000-3500</value></smbconfoption>
<smbconfoption name="idmap uid">12000</smbconfoption>,
and <smbconfoption name="idmap gid">3000-3500</smbconfoption>
and <command>winbind</command> is running. When I do the following it all works fine.
</quote>
</para>

82
docs/Samba-HOWTO-Collection/PDC.xml
View File

@ -345,7 +345,7 @@ NT4/200x/XP clients:
<itemizedlist>
<listitem><para>Configuration of basic TCP/IP and MS Windows networking.</para></listitem>
<listitem><para>Correct designation of the Server Role (<smbconfoption><name>security</name><value>user</value></smbconfoption>).</para></listitem>
<listitem><para>Correct designation of the Server Role (<smbconfoption name="security">user</smbconfoption>).</para></listitem>
<listitem><para>Consistent configuration of Name Resolution<footnote><para>See <link linkend="NetworkBrowsing">Network Browsing</link>, and
<link linkend="integrate-ms-networks">Integrating MS Windows Networks with Samba</link>.</para></footnote>.</para></listitem>
<listitem><para>Domain logons for Windows NT4/200x/XP Professional clients.</para></listitem>
@ -361,7 +361,7 @@ The following provisions are required to serve MS Windows 9x/Me clients:
<itemizedlist>
<listitem><para>Configuration of basic TCP/IP and MS Windows networking.</para></listitem>
<listitem><para>Correct designation of the server role (<smbconfoption><name>security</name><value>user</value></smbconfoption>).</para></listitem>
<listitem><para>Correct designation of the server role (<smbconfoption name="security">user</smbconfoption>).</para></listitem>
<listitem><para>Network Logon Configuration (since Windows 9x/Me/XP Home are not technically domain
members, they do not really participate in the security aspects of Domain logons as such).</para></listitem>
<listitem><para>Roaming Profile Configuration.</para></listitem>
@ -404,7 +404,7 @@ A Domain Controller is an SMB/CIFS server that:
<para>
It is rather easy to configure Samba to provide these. Each Samba Domain Controller must provide
the NETLOGON service that Samba calls the <smbconfoption><name>domain logons</name></smbconfoption> functionality
the NETLOGON service that Samba calls the <smbconfoption name="domain logons"/> functionality
(after the name of the parameter in the &smb.conf; file). Additionally, one server in a Samba-3
Domain must advertise itself as the Domain Master Browser<footnote><para>See <link linkend="NetworkBrowsing">Network Browsing</link>.</para></footnote>.
This causes the Primary Domain Controller to claim a domain-specific NetBIOS name that identifies it as a
@ -429,30 +429,30 @@ in &smb.conf;. An example &smb.conf; for acting as a PDC can be found in <link l
<smbconfexample id="pdc-example">
<title>smb.conf for being a PDC</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>netbios name</name><value><replaceable>BELERIAND</replaceable></value></smbconfoption>
<smbconfoption><name>workgroup</name><value><replaceable>&example.workgroup;</replaceable></value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>tdbsam</value></smbconfoption>
<smbconfoption><name>os level</name><value>33</value></smbconfoption>
<smbconfoption><name>preferred master</name><value>yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>yes</value></smbconfoption>
<smbconfoption><name>local master</name><value>yes</value></smbconfoption>
<smbconfoption><name>security</name><value>user</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>yes</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%N\profiles\%U</value></smbconfoption>
<smbconfoption><name>logon drive</name><value>H:</value></smbconfoption>
<smbconfoption><name>logon home</name><value>\\homeserver\%U\winprofile</value></smbconfoption>
<smbconfoption><name>logon script</name><value>logon.cmd</value></smbconfoption>
<smbconfoption name="netbios name"><replaceable>BELERIAND</replaceable></smbconfoption>
<smbconfoption name="workgroup"><replaceable>&example.workgroup;</replaceable></smbconfoption>
<smbconfoption name="passdb backend">tdbsam</smbconfoption>
<smbconfoption name="os level">33</smbconfoption>
<smbconfoption name="preferred master">yes</smbconfoption>
<smbconfoption name="domain master">yes</smbconfoption>
<smbconfoption name="local master">yes</smbconfoption>
<smbconfoption name="security">user</smbconfoption>
<smbconfoption name="domain logons">yes</smbconfoption>
<smbconfoption name="logon path">\\%N\profiles\%U</smbconfoption>
<smbconfoption name="logon drive">H:</smbconfoption>
<smbconfoption name="logon home">\\homeserver\%U\winprofile</smbconfoption>
<smbconfoption name="logon script">logon.cmd</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption><name>write list</name><value><replaceable>ntadmin</replaceable></value></smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="write list"><replaceable>ntadmin</replaceable></smbconfoption>
<smbconfsection>[profiles]</smbconfsection>
<smbconfoption><name>path</name><value>/var/lib/samba/profiles</value></smbconfoption>
<smbconfoption><name>read only</name><value>no</value></smbconfoption>
<smbconfoption><name>create mask</name><value>0600</value></smbconfoption>
<smbconfoption><name>directory mask</name><value>0700</value></smbconfoption>
<smbconfoption name="path">/var/lib/samba/profiles</smbconfoption>
<smbconfoption name="read only">no</smbconfoption>
<smbconfoption name="create mask">0600</smbconfoption>
<smbconfoption name="directory mask">0700</smbconfoption>
</smbconfexample>
</para>
@ -521,11 +521,11 @@ of operation. The following &smb.conf; parameters are the essentials alone:
<para>
<smbconfblock>
<smbconfoption><name>netbios name</name><value>BELERIAND</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>Yes</value></smbconfoption>
<smbconfoption><name>security</name><value>User</value></smbconfoption>
<smbconfoption name="netbios name">BELERIAND</smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="domain master">Yes</smbconfoption>
<smbconfoption name="security">User</smbconfoption>
</smbconfblock>
</para>
@ -573,8 +573,8 @@ an integral part of the essential functionality that is provided by a Domain Con
<para>
All Domain Controllers must run the netlogon service (<emphasis>domain logons</emphasis>
in Samba). One Domain Controller must be configured with <smbconfoption><name>domain master</name><value>Yes</value></smbconfoption>
(the Primary Domain Controller); on all Backup Domain Controllers <smbconfoption><name>domain master</name><value>No</value></smbconfoption>
in Samba). One Domain Controller must be configured with <smbconfoption name="domain master">Yes</smbconfoption>
(the Primary Domain Controller); on all Backup Domain Controllers <smbconfoption name="domain master">No</smbconfoption>
must be set.
</para>
@ -584,14 +584,14 @@ must be set.
<smbconfexample id="PDC-config">
<title>smb.conf for being a PDC</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption><name>domain master</name><value>(Yes on PDC, No on BDCs)</value></smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
<smbconfoption name="domain master">(Yes on PDC, No on BDCs)</smbconfoption>
<smbconfsection>[netlogon]</smbconfsection>
<smbconfoption><name>comment</name><value>Network Logon Service</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/lib/samba/netlogon</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">Network Logon Service</smbconfoption>
<smbconfoption name="path">/var/lib/samba/netlogon</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
</sect3>
@ -791,11 +791,11 @@ For this reason, it is wise to configure the Samba DC as the DMB.
<para>
Now back to the issue of configuring a Samba DC to use a mode other than
<smbconfoption><name>security</name><value>user</value></smbconfoption>. If a Samba host is
<smbconfoption name="security">user</smbconfoption>. If a Samba host is
configured to use another SMB server or DC in order to validate user connection requests,
it is a fact that some other machine on the network (the <smbconfoption><name>password server</name></smbconfoption>)
it is a fact that some other machine on the network (the <smbconfoption name="password server"/>)
knows more about the user than the Samba host. About 99% of the time, this other host is
a Domain Controller. Now to operate in domain mode security, the <smbconfoption><name>workgroup</name></smbconfoption>
a Domain Controller. Now to operate in domain mode security, the <smbconfoption name="workgroup"/>
parameter must be set to the name of the Windows NT domain (which already has a Domain Controller).
If the domain does not already have a Domain Controller, you do not yet have a Domain.
</para>
@ -803,7 +803,7 @@ If the domain does not already have a Domain Controller, you do not yet have a D
<para>
Configuring a Samba box as a DC for a domain that already by definition has a
PDC is asking for trouble. Therefore, you should always configure the Samba DC
to be the DMB for its domain and set <smbconfoption><name>security</name><value>user</value></smbconfoption>.
to be the DMB for its domain and set <smbconfoption name="security">user</smbconfoption>.
This is the only officially supported mode of operation.
</para>
@ -909,7 +909,7 @@ wrong?</quote>
<para>
This problem is caused by the PDC not having a suitable Machine Trust Account.
If you are using the <smbconfoption><name>add machine script</name></smbconfoption> method to create
If you are using the <smbconfoption name="add machine script"/> method to create
accounts then this would indicate that it has not worked. Ensure the domain
admin user system is working.
</para>

118
docs/Samba-HOWTO-Collection/Passdb.xml
View File

@ -225,9 +225,9 @@ Samba-3 introduces a number of new password backend capabilities.
In addition to differently encrypted passwords, Windows also stores certain data for each
user that is not stored in a UNIX user database. For example, workstations the user may logon from,
the location where the user's profile is stored, and so on. Samba retrieves and stores this
information using a <smbconfoption><name>passdb backend</name></smbconfoption>. Commonly available backends are LDAP, plain text
information using a <smbconfoption name="passdb backend"/>. Commonly available backends are LDAP, plain text
file, and MySQL. For more information, see the man page for &smb.conf; regarding the
<smbconfoption><name>passdb backend</name></smbconfoption> parameter.
<smbconfoption name="passdb backend"/> parameter.
</para>
@ -376,7 +376,7 @@ Samba-3 introduces a number of new password backend capabilities.
<para>
First, all Samba SAM (Security Account Manager database) accounts require
a UNIX/Linux UID that the account will map to. As users are added to the account
information database, Samba will call the <smbconfoption><name>add user script</name></smbconfoption>
information database, Samba will call the <smbconfoption name="add user script"/>
interface to add the account to the Samba host OS. In essence all accounts in
the local SAM require a local user account.
</para>
@ -418,9 +418,9 @@ Samba-3 introduces a number of new password backend capabilities.
<title>Example configuration with the LDAP idmap backend</title>
<indexterm><primary>SAM backend</primary><secondary>xmlsam</secondary></indexterm>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://ldap-server.quenya.org:636</value></smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://ldap-server.quenya.org:636</smbconfoption>
<smbcomment>Alternately, this could be specified as:</smbcomment>
<smbconfoption><name>idmap backend</name><value>ldap:ldaps://ldap-server.quenya.org</value></smbconfoption>
<smbconfoption name="idmap backend">ldap:ldaps://ldap-server.quenya.org</smbconfoption>
</smbconfexample>
</para>
@ -620,7 +620,7 @@ Password must change: Mon, 18 Jan 2038 20:14:07 GMT
<procedure>
<step><para>
Set the <smbconfoption><name>passdb backend</name><value>tdbsam, smbpasswd</value></smbconfoption>.
Set the <smbconfoption name="passdb backend">tdbsam, smbpasswd</smbconfoption>.
</para></step>
<step><para>
@ -655,7 +655,7 @@ backends of the same type. For example, to use two different tdbsam databases:
<para>
<smbconfblock>
<smbconfoption><name>passdb backend</name><value>tdbsam:/etc/samba/passdb.tdb \</value></smbconfoption>
<smbconfoption name="passdb backend">tdbsam:/etc/samba/passdb.tdb \</smbconfoption>
<member><parameter>tdbsam:/etc/samba/old-passdb.tdb</parameter></member>
</smbconfblock>
</para>
@ -680,7 +680,7 @@ backends of the same type. For example, to use two different tdbsam databases:
<para>
<indexterm><primary>SAM backend</primary><secondary>smbpasswd</secondary></indexterm>
Traditionally, when configuring <smbconfoption><name>encrypt passwords</name><value>yes</value></smbconfoption> in Samba's &smb.conf; file, user account
Traditionally, when configuring <smbconfoption name="encrypt passwords">yes</smbconfoption> in Samba's &smb.conf; file, user account
information such as username, LM/NT password hashes, password change times, and account
flags have been stored in the <filename>smbpasswd(5)</filename> file. There are several
disadvantages to this approach for sites with large numbers of users (counted
@ -1075,17 +1075,17 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz
</para>
<para>LDAP related smb.conf options:
<smbconfoption><name>passdb backend</name><value>ldapsam:url</value></smbconfoption>,
<smbconfoption><name>ldap admin dn</name></smbconfoption>,
<smbconfoption><name>ldap delete dn</name></smbconfoption>,
<smbconfoption><name>ldap filter</name></smbconfoption>,
<smbconfoption><name>ldap group suffix</name></smbconfoption>,
<smbconfoption><name>ldap idmap suffix</name></smbconfoption>,
<smbconfoption><name>ldap machine suffix</name></smbconfoption>,
<smbconfoption><name>ldap passwd sync</name></smbconfoption>,
<smbconfoption><name>ldap ssl</name></smbconfoption>,
<smbconfoption><name>ldap suffix</name></smbconfoption>,
<smbconfoption><name>ldap user suffix</name></smbconfoption>,
<smbconfoption name="passdb backend">ldapsam:url</smbconfoption>,
<smbconfoption name="ldap admin dn"/>,
<smbconfoption name="ldap delete dn"/>,
<smbconfoption name="ldap filter"/>,
<smbconfoption name="ldap group suffix"/>,
<smbconfoption name="ldap idmap suffix"/>,
<smbconfoption name="ldap machine suffix"/>,
<smbconfoption name="ldap passwd sync"/>,
<smbconfoption name="ldap ssl"/>,
<smbconfoption name="ldap suffix"/>,
<smbconfoption name="ldap user suffix"/>,
</para>
<para>
@ -1098,10 +1098,10 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz
<smbconfexample id="confldapex">
<title>Configuration with LDAP</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>security</name><value>user</value></smbconfoption>
<smbconfoption><name>encrypt passwords</name><value>yes</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>MORIA</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>NOLDOR</value></smbconfoption>
<smbconfoption name="security">user</smbconfoption>
<smbconfoption name="encrypt passwords">yes</smbconfoption>
<smbconfoption name="netbios name">MORIA</smbconfoption>
<smbconfoption name="workgroup">NOLDOR</smbconfoption>
<smbconfcomment>ldap related parameters</smbconfcomment>
@ -1110,32 +1110,32 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz
<smbconfcomment>must be set by using 'smbpasswd -w <replaceable>secretpw</replaceable>' to store the</smbconfcomment>
<smbconfcomment>passphrase in the secrets.tdb file. If the "ldap admin dn" values</smbconfcomment>
<smbconfcomment>change, this password will need to be reset.</smbconfcomment>
<smbconfoption><name>ldap admin dn</name><value>"cn=Manager,dc=quenya,dc=org"</value></smbconfoption>
<smbconfoption name="ldap admin dn">"cn=Manager,dc=quenya,dc=org"</smbconfoption>
<smbconfcomment>Define the SSL option when connecting to the directory</smbconfcomment>
<smbconfcomment>('off', 'start tls', or 'on' (default))</smbconfcomment>
<smbconfoption><name>ldap ssl</name><value>start tls</value></smbconfoption>
<smbconfoption name="ldap ssl">start tls</smbconfoption>
<smbconfcomment>syntax: passdb backend = ldapsam:ldap://server-name[:port]</smbconfcomment>
<smbconfoption><name>passdb backend</name><value>ldapsam:ldap://frodo.quenya.org</value></smbconfoption>
<smbconfoption name="passdb backend">ldapsam:ldap://frodo.quenya.org</smbconfoption>
<smbconfcomment>smbpasswd -x delete the entire dn-entry</smbconfcomment>
<smbconfoption><name>ldap delete dn</name><value>no</value></smbconfoption>
<smbconfoption name="ldap delete dn">no</smbconfoption>
<smbconfcomment>the machine and user suffix added to the base suffix</smbconfcomment>
<smbconfcomment>wrote WITHOUT quotes. NULL suffixes by default</smbconfcomment>
<smbconfoption><name>ldap user suffix</name><value>ou=People</value></smbconfoption>
<smbconfoption><name>ldap group suffix</name><value>ou=Groups</value></smbconfoption>
<smbconfoption><name>ldap machine suffix</name><value>ou=Computers</value></smbconfoption>
<smbconfoption name="ldap user suffix">ou=People</smbconfoption>
<smbconfoption name="ldap group suffix">ou=Groups</smbconfoption>
<smbconfoption name="ldap machine suffix">ou=Computers</smbconfoption>
<smbconfcomment>Trust UNIX account information in LDAP</smbconfcomment>
<smbconfcomment> (see the smb.conf man page for details)</smbconfcomment>
<smbconfcomment> specify the base DN to use when searching the directory</smbconfcomment>
<smbconfoption><name>ldap suffix</name><value>dc=quenya,dc=org</value></smbconfoption>
<smbconfoption name="ldap suffix">dc=quenya,dc=org</smbconfoption>
<smbconfcomment> generally the default ldap search filter is ok</smbconfcomment>
<smbconfoption><name>ldap filter</name><value>(uid=%u)</value></smbconfoption>
<smbconfoption name="ldap filter">(uid=%u)</smbconfoption>
</smbconfexample>
</para>
@ -1197,13 +1197,13 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz
</para>
<para>
To remedy the first security issue, the <smbconfoption><name>ldap ssl</name></smbconfoption> &smb.conf; parameter defaults
to require an encrypted session (<smbconfoption><name>ldap ssl</name><value>on</value></smbconfoption>) using
To remedy the first security issue, the <smbconfoption name="ldap ssl"/> &smb.conf; parameter defaults
to require an encrypted session (<smbconfoption name="ldap ssl">on</smbconfoption>) using
the default port of <constant>636</constant>
when contacting the directory server. When using an OpenLDAP server, it
is possible to use the StartTLS LDAP extended operation in the place of
LDAPS. In either case, you are strongly discouraged to disable this security
(<smbconfoption><name>ldap ssl</name><value>off</value></smbconfoption>).
(<smbconfoption name="ldap ssl">off</smbconfoption>).
</para>
<para>
@ -1279,12 +1279,12 @@ access to attrs=SambaLMPassword,SambaNTPassword
<row><entry><constant>sambaLogonScript</constant></entry><entry>The sambaLogonScript property specifies the path of
the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path
is relative to the netlogon share. Refer to the <smbconfoption><name>logon script</name></smbconfoption> parameter in the
is relative to the netlogon share. Refer to the <smbconfoption name="logon script"/> parameter in the
&smb.conf; man page for more information.</entry></row>
<row><entry><constant>sambaProfilePath</constant></entry><entry>Specifies a path to the user's profile.
This value can be a null string, a local absolute path, or a UNC path. Refer to the
<smbconfoption><name>logon path</name></smbconfoption> parameter in the &smb.conf; man page for more information.</entry></row>
<smbconfoption name="logon path"/> parameter in the &smb.conf; man page for more information.</entry></row>
<row><entry><constant>sambaHomePath</constant></entry><entry>The sambaHomePath property specifies the path of
the home directory for the user. The string can be null. If sambaHomeDrive is set and specifies
@ -1336,12 +1336,12 @@ access to attrs=SambaLMPassword,SambaNTPassword
<para>
These attributes are only stored with the sambaSamAccount entry if
the values are non-default values. For example, assume MORIA has now been
configured as a PDC and that <smbconfoption><name>logon home</name><value>\\%L\%u</value></smbconfoption> was defined in
configured as a PDC and that <smbconfoption name="logon home">\\%L\%u</smbconfoption> was defined in
its &smb.conf; file. When a user named <quote>becky</quote> logons to the domain,
the <smbconfoption><name>logon home</name></smbconfoption> string is expanded to \\MORIA\becky.
the <smbconfoption name="logon home"/> string is expanded to \\MORIA\becky.
If the smbHome attribute exists in the entry <quote>uid=becky,ou=People,dc=samba,dc=org</quote>,
this value is used. However, if this attribute does not exist, then the value
of the <smbconfoption><name>logon home</name></smbconfoption> parameter is used in its place. Samba
of the <smbconfoption name="logon home"/> parameter is used in its place. Samba
will only write the attribute value to the directory entry if the value is
something other than the default (e.g., <filename>\\MOBY\becky</filename>).
</para>
@ -1420,7 +1420,7 @@ access to attrs=SambaLMPassword,SambaNTPassword
using pam_ldap, this allows changing both UNIX and Windows passwords at once.
</para>
<para>The <smbconfoption><name>ldap passwd sync</name></smbconfoption> options can have the values shown in
<para>The <smbconfoption name="ldap passwd sync"/> options can have the values shown in
<link linkend="ldappwsync">the next table</link>.</para>
<table iframe="all" id="ldappwsync">
@ -1484,15 +1484,15 @@ access to attrs=SambaLMPassword,SambaNTPassword
<title>Configuring</title>
<para>This plug-in lacks some good documentation, but here is some brief information. Add the following to the
<smbconfoption><name>passdb backend</name></smbconfoption> variable in your &smb.conf;:
<smbconfoption name="passdb backend"/> variable in your &smb.conf;:
<smbconfblock>
<smbconfoption><name>passdb backend</name><value>[other-plugins] mysql:identifier [other-plugins]</value></smbconfoption>
<smbconfoption name="passdb backend">[other-plugins] mysql:identifier [other-plugins]</smbconfoption>
</smbconfblock>
</para>
<para>The identifier can be any string you like, as long as it does not collide with
the identifiers of other plugins or other instances of pdb_mysql. If you
specify multiple pdb_mysql.so entries in <smbconfoption><name>passdb backend</name></smbconfoption>, you also need to
specify multiple pdb_mysql.so entries in <smbconfoption name="passdb backend"/>, you also need to
use different identifiers.
</para>
@ -1552,7 +1552,7 @@ access to attrs=SambaLMPassword,SambaNTPassword
<row><entry>domain column</entry><entry>varchar(255)</entry><entry>NT domain user belongs to</entry></row>
<row><entry>nt username column</entry><entry>varchar(255)</entry><entry>NT username</entry></row>
<row><entry>fullname column</entry><entry>varchar(255)</entry><entry>Full name of user</entry></row>
<row><entry>home dir column</entry><entry>varchar(255)</entry><entry>UNIX homedir path (equivalent of the <smbconfoption><name>logon home</name></smbconfoption> parameter.</entry></row>
<row><entry>home dir column</entry><entry>varchar(255)</entry><entry>UNIX homedir path (equivalent of the <smbconfoption name="logon home"/> parameter.</entry></row>
<row><entry>dir drive column</entry><entry>varchar(2)</entry><entry>Directory drive path (e.g., <quote>H:</quote>)</entry></row>
<row><entry>logon script column</entry><entry>varchar(255)</entry><entry>Batch file to run on client side when logging on</entry></row>
<row><entry>profile path column</entry><entry>varchar(255)</entry><entry>Path of profile</entry></row>
@ -1587,19 +1587,19 @@ access to attrs=SambaLMPassword,SambaNTPassword
<smbconfexample id="mysqlsam">
<title>Example configuration for the MySQL passdb backend</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>passdb backend</name><value>mysql:foo</value></smbconfoption>
<smbconfoption><name>foo:mysql user</name><value>samba</value></smbconfoption>
<smbconfoption><name>foo:mysql password</name><value>abmas</value></smbconfoption>
<smbconfoption><name>foo:mysql database</name><value>samba</value></smbconfoption>
<smbconfoption name="passdb backend">mysql:foo</smbconfoption>
<smbconfoption name="foo:mysql user">samba</smbconfoption>
<smbconfoption name="foo:mysql password">abmas</smbconfoption>
<smbconfoption name="foo:mysql database">samba</smbconfoption>
<smbconfcomment>domain name is static and can't be changed</smbconfcomment>
<smbconfoption><name>foo:domain column</name><value>'MYWORKGROUP':</value></smbconfoption>
<smbconfoption name="foo:domain column">'MYWORKGROUP':</smbconfoption>
<smbconfcomment>The fullname column comes from several other columns</smbconfcomment>
<smbconfoption><name>foo:fullname column</name><value>CONCAT(firstname,' ',surname):</value></smbconfoption>
<smbconfoption name="foo:fullname column">CONCAT(firstname,' ',surname):</smbconfoption>
<smbconfcomment>Samba should never write to the password columns</smbconfcomment>
<smbconfoption><name>foo:lanman pass column</name><value>lm_pass:</value></smbconfoption>
<smbconfoption><name>foo:nt pass column</name><value>nt_pass:</value></smbconfoption>
<smbconfoption name="foo:lanman pass column">lm_pass:</smbconfoption>
<smbconfoption name="foo:nt pass column">nt_pass:</smbconfoption>
<smbconfcomment>The unknown 3 column is not stored</smbconfcomment>
<smbconfoption><name>foo:unknown 3 column</name><value>NULL</value></smbconfoption>
<smbconfoption name="foo:unknown 3 column">NULL</smbconfoption>
</smbconfexample>
</sect3>
@ -1680,7 +1680,7 @@ access to attrs=SambaLMPassword,SambaNTPassword
<para><quote>I've installed Samba, but now I can't log on with my UNIX account! </quote></para>
<para>Make sure your user has been added to the current Samba <smbconfoption><name>passdb backend</name></smbconfoption>.
<para>Make sure your user has been added to the current Samba <smbconfoption name="passdb backend"/>.
Read the section <link linkend="acctmgmttools">Account Management Tools</link> for details.</para>
</sect2>
@ -1698,7 +1698,7 @@ access to attrs=SambaLMPassword,SambaNTPassword
<smbconfblock>
<smbconfsection>[global]</smbconfsection>
<member>...</member>
<smbconfoption><name>passdb backend</name><value>smbpasswd, tdbsam</value></smbconfoption>
<smbconfoption name="passdb backend">smbpasswd, tdbsam</smbconfoption>
<member>...</member>
</smbconfblock>
</para>
@ -1712,7 +1712,7 @@ access to attrs=SambaLMPassword,SambaNTPassword
<smbconfblock>
[globals]
...
<smbconfoption><name>passdb backend</name><value>tdbsam, smbpasswd</value></smbconfoption>
<smbconfoption name="passdb backend">tdbsam, smbpasswd</smbconfoption>
...
</smbconfblock>
</para>
@ -1723,9 +1723,9 @@ access to attrs=SambaLMPassword,SambaNTPassword
<title>Configuration of <parameter>auth methods</parameter></title>
<para>
When explicitly setting an <smbconfoption><name>auth methods</name></smbconfoption> parameter,
When explicitly setting an <smbconfoption name="auth methods"/> parameter,
<parameter>guest</parameter> must be specified as the first entry on the line,
for example, <smbconfoption><name>auth methods</name><value>guest sam</value></smbconfoption>.
for example, <smbconfoption name="auth methods">guest sam</smbconfoption>.
</para>
</sect2>

264
docs/Samba-HOWTO-Collection/Printing.xml
View File

@ -190,14 +190,14 @@ However, in many environments these are enough to provide a valid
<smbconfexample id="simpleprc">
<title>Simple configuration with BSD printing</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>printing</name><value>bsd</value></smbconfoption>
<smbconfoption><name>load printers</name><value>yes</value></smbconfoption>
<smbconfoption name="printing">bsd</smbconfoption>
<smbconfoption name="load printers">yes</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>public</name><value>yes</value></smbconfoption>
<smbconfoption><name>writable</name><value>no</value></smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="public">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
</smbconfexample></para>
<para>
@ -215,8 +215,8 @@ so you may want to pipe it through a pager program.
The syntax for the configuration file is easy to grasp. You should
know that is not very picky about its syntax. As has been explained
elsewhere in this document, Samba tolerates some spelling errors (such
as <smbconfoption><name>browseable</name></smbconfoption> instead of
<smbconfoption><name>browseable</name></smbconfoption>), and spelling is
as <smbconfoption name="browseable"/> instead of
<smbconfoption name="browseable"/>), and spelling is
case-insensitive. It is permissible to use <parameter>Yes/No</parameter>
or <parameter>True/False</parameter> for Boolean settings. Lists of names
may be separated by commas, spaces or tabs.
@ -294,7 +294,7 @@ configuration used, add the <quote>-v</quote> parameter to testparm.</para></not
Should you need to troubleshoot at any stage, please always come back
to this point first and verify if <command>testparm</command> shows the parameters you
expect. To give you a warning from personal experience,
try to just comment out the <smbconfoption><name>load printers</name></smbconfoption>
try to just comment out the <smbconfoption name="load printers"/>
parameter. If your 2.2.x system behaves like mine, you'll see this:
</para>
@ -327,7 +327,7 @@ the reason. But I am no longer fooled ... at least not by this.
<para>
Only when the parameter is explicitly set to
<smbconfoption><name>load printers</name><value>No</value></smbconfoption>
<smbconfoption name="load printers">No</smbconfoption>
would Samba conform with my intentions. So, my strong advice is:
</para>
@ -417,7 +417,7 @@ This means that a line consisting of, for example:
<para><smbconfblock>
<smbconfcomment>This defines LPRng as the printing system</smbconfcomment>
<smbconfoption><name>printing</name><value> lprng</value></smbconfoption>
<smbconfoption name="printing"> lprng</smbconfoption>
</smbconfblock></para>
<para>
@ -449,35 +449,35 @@ file to remove all parameters that are set at default.
<para><smbconfexample id="extbsdpr">
<title>Extended BSD Printing Configuration</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>printing</name><value>bsd</value></smbconfoption>
<smbconfoption><name>load printers</name><value>yes</value></smbconfoption>
<smbconfoption><name>show add printer wizard</name><value>yes</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>/etc/printcap</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>@ntadmin, root</value></smbconfoption>
<smbconfoption><name>max print jobs</name><value>100</value></smbconfoption>
<smbconfoption><name>lpq cache time</name><value>20</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>no</value></smbconfoption>
<smbconfoption name="printing">bsd</smbconfoption>
<smbconfoption name="load printers">yes</smbconfoption>
<smbconfoption name="show add printer wizard">yes</smbconfoption>
<smbconfoption name="printcap name">/etc/printcap</smbconfoption>
<smbconfoption name="printer admin">@ntadmin, root</smbconfoption>
<smbconfoption name="max print jobs">100</smbconfoption>
<smbconfoption name="lpq cache time">20</smbconfoption>
<smbconfoption name="use client driver">no</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>browseable</name><value>no</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption><name>public</name><value>yes</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption><name>writable</name><value>no </value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="browseable">no</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="public">yes</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="writable">no </smbconfoption>
<smbconfsection>[my_printer_name]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer with Restricted Access</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba_my_printer</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>kurt</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>writable</name><value>no</value></smbconfoption>
<smbconfoption><name>hosts allow</name><value>0.0.0.0</value></smbconfoption>
<smbconfoption><name>hosts deny</name><value>turbo_xp, 10.160.50.23, 10.160.51.60</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>no</value></smbconfoption>
<smbconfoption name="comment">Printer with Restricted Access</smbconfoption>
<smbconfoption name="path">/var/spool/samba_my_printer</smbconfoption>
<smbconfoption name="printer admin">kurt</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="writable">no</smbconfoption>
<smbconfoption name="hosts allow">0.0.0.0</smbconfoption>
<smbconfoption name="hosts deny">turbo_xp, 10.160.50.23, 10.160.51.60</smbconfoption>
<smbconfoption name="guest ok">no</smbconfoption>
</smbconfexample></para>
<para>
@ -513,23 +513,23 @@ share settings and specify other values).
</para>
<variablelist>
<varlistentry><term><smbconfoption><name>printing</name><value>bsd </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="printing">bsd </smbconfoption></term>
<listitem><para>Causes Samba to use default print commands
applicable for the BSD (also known as RFC 1179 style or LPR/LPD) printing
system. In general, the <parameter>printing</parameter> parameter informs Samba about the
print subsystem it should expect. Samba supports CUPS, LPD, LPRNG,
SYSV, HPUX, AIX, QNX, and PLP. Each of these systems defaults to a
different <smbconfoption><name>print command</name></smbconfoption> (and other queue control
different <smbconfoption name="print command"/> (and other queue control
commands).</para>
<caution><para>The <smbconfoption><name>printing</name></smbconfoption> parameter is
<caution><para>The <smbconfoption name="printing"/> parameter is
normally a service level parameter. Since it is included here in the
<smbconfsection>[global]</smbconfsection> section, it will take effect for all
printer shares that are not defined differently. Samba-3 no longer
supports the SOFTQ printing system.</para></caution>
</listitem></varlistentry>
<varlistentry><term><smbconfoption><name>load printers</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="load printers">yes </smbconfoption></term>
<listitem><para>Tells Samba to create automatically all
available printer shares. Available printer shares are discovered by
scanning the printcap file. All created printer shares are also loaded
@ -542,7 +542,7 @@ share settings and specify other values).
publicly visible and available).</para>
</listitem></varlistentry>
<varlistentry><term><smbconfoption><name>show add printer wizard</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="show add printer wizard">yes </smbconfoption></term>
<listitem><para>Setting is normally enabled by default (even if the parameter is not specified in &smb.conf;).
It causes the <guiicon>Add Printer Wizard</guiicon> icon to appear
in the <guiicon>Printers</guiicon> folder of the Samba host's
@ -556,7 +556,7 @@ share settings and specify other values).
uploaded driver.</para>
</listitem></varlistentry>
<varlistentry><term><smbconfoption><name>max print jobs</name><value>100 </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="max print jobs">100 </smbconfoption></term>
<listitem><para>Sets the upper limit to 100 print jobs
being active on the Samba server at any one time. Should a client
submit a job that exceeds this number, a <quote>no more space
@ -565,31 +565,31 @@ share settings and specify other values).
<emphasis>no</emphasis> limit at all.
</para></listitem></varlistentry>
<varlistentry><term><smbconfoption><name>printcap name</name><value>/etc/printcap </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="printcap name">/etc/printcap </smbconfoption></term>
<listitem><para>Tells Samba where to look for a list of
available printer names. Where CUPS is used, make sure that a printcap
file is written. This is controlled by the <constant>Printcap</constant> directive in the
<filename>cupsd.conf</filename> file.
</para></listitem></varlistentry>
<varlistentry><term><smbconfoption><name>printer admin</name><value>@ntadmin </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="printer admin">@ntadmin </smbconfoption></term>
<listitem><para>Members of the ntadmin group should be able to add
drivers and set printer properties (<constant>ntadmin</constant> is only an example name,
it needs to be a valid UNIX group name); root is implicitly always a
<smbconfoption><name>printer admin</name></smbconfoption>. The @ sign precedes group names in the
<smbconfoption name="printer admin"/>. The @ sign precedes group names in the
<filename>/etc/group</filename>. A printer admin can do anything to
printers via the remote administration interfaces offered by MS-RPC
(see below). In larger installations, the <smbconfoption><name>printer admin</name></smbconfoption>
(see below). In larger installations, the <smbconfoption name="printer admin"/>
parameter is normally a per-share parameter. This permits different groups to administer each printer share.
</para></listitem></varlistentry>
<varlistentry><term><smbconfoption><name>lpq cache time</name><value>20 </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="lpq cache time">20 </smbconfoption></term>
<listitem><para>Controls the cache time for the results of the
lpq command. It prevents the lpq command being called too often and
reduces the load on a heavily used print server.
</para></listitem></varlistentry>
<varlistentry><term><smbconfoption><name>use client driver</name><value>no </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="use client driver">no </smbconfoption></term>
<listitem><para>If set to <constant>yes</constant>, only
takes effect for Windows NT/200x/XP clients (and not for Win 95/98/ME). Its
default value is <constant>No</constant> (or <constant>False</constant>).
@ -617,26 +617,26 @@ man page.) Settings inside this container must be Share Level parameters.
</para>
<variablelist>
<varlistentry><term><smbconfoption><name>comment</name><value>All printers </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="comment">All printers </smbconfoption></term>
<listitem><para>
The <smbconfoption><name>comment</name></smbconfoption> is shown next to the share if
The <smbconfoption name="comment"/> is shown next to the share if
a client queries the server, either via <guiicon>Network Neighborhood</guiicon> or with
the <command>net view</command> command to list available shares.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>printable</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="printable">yes </smbconfoption></term>
<listitem><para>
The <smbconfsection>[printers]</smbconfsection> service <emphasis>must</emphasis>
be declared as printable. If you specify otherwise, smbd will refuse to load at
startup. This parameter allows connected clients to open, write to and submit spool files
into the directory specified with the <smbconfoption><name>path</name></smbconfoption>
into the directory specified with the <smbconfoption name="path"/>
parameter for this service. It is used by Samba to differentiate printer shares from
file shares.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>path</name><value>/var/spool/samba </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="path">/var/spool/samba </smbconfoption></term>
<listitem><para>
Must point to a directory used by Samba to spool incoming print files. <emphasis>It
must not be the same as the spool directory specified in the configuration of your UNIX
@ -645,21 +645,21 @@ man page.) Settings inside this container must be Share Level parameters.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>browseable</name><value>no </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="browseable">no </smbconfoption></term>
<listitem><para>
Is always set to <constant>no</constant> if
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>. It makes
<smbconfoption name="printable">yes</smbconfoption>. It makes
the <smbconfsection>[printer]</smbconfsection> share itself invisible in the list of
available shares in a <command>net view</command> command or in the Explorer browse
list. (You will of course see the individual printers).
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>guest ok</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="guest ok">yes </smbconfoption></term>
<listitem><para>
If this parameter is set to <constant>yes</constant>, no password is required to
connect to the printer's service. Access will be granted with the privileges of the
<smbconfoption><name>guest account</name></smbconfoption>. On many systems the guest
<smbconfoption name="guest account"/>. On many systems the guest
account will map to a user named <quote>nobody</quote>. This user will usually be found
in the UNIX passwd file with an empty password, but with no valid UNIX login. (On some
systems the guest account might not have the privilege to be able to print. Test this
@ -672,10 +672,10 @@ man page.) Settings inside this container must be Share Level parameters.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>public</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="public">yes </smbconfoption></term>
<listitem><para>
Is a synonym for <smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>.
Since we have <smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>, it
Is a synonym for <smbconfoption name="guest ok">yes</smbconfoption>.
Since we have <smbconfoption name="guest ok">yes</smbconfoption>, it
really does not need to be here. (This leads to the interesting question: <quote>What if I
by accident have two contradictory settings for the same share?</quote> The answer is the
last one encountered by Samba wins. Testparm does not complain about different settings
@ -685,7 +685,7 @@ man page.) Settings inside this container must be Share Level parameters.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>read only</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="read only">yes </smbconfoption></term>
<listitem><para>
Normally (for other types of shares) prevents users from creating or modifying files
in the service's directory. However, in a <quote>printable</quote> service, it is
@ -694,9 +694,9 @@ man page.) Settings inside this container must be Share Level parameters.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>writable</name><value>no </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="writable">no </smbconfoption></term>
<listitem><para>
Is a synonym for <smbconfoption><name>read only</name><value>yes</value></smbconfoption>.
Is a synonym for <smbconfoption name="read only">yes</smbconfoption>.
</para></listitem>
</varlistentry>
</variablelist>
@ -707,7 +707,7 @@ man page.) Settings inside this container must be Share Level parameters.
<para>
If a section appears in the &smb.conf; file, which when given the parameter
<smbconfoption><name>printable</name><value>yes</value></smbconfoption> causes Samba to configure it
<smbconfoption name="printable">yes</smbconfoption> causes Samba to configure it
as a printer share. Windows 9x/Me clients may have problems with connecting or loading printer drivers
if the share name has more than eight characters. Do not name a printer share with a name that may conflict
with an existing user or file share name. On Client connection requests, Samba always tries to find file
@ -716,20 +716,20 @@ to a printer with the same name!
</para>
<variablelist>
<varlistentry><term><smbconfoption><name>comment</name><value>Printer with Restricted Access </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="comment">Printer with Restricted Access </smbconfoption></term>
<listitem><para>
The comment says it all.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>path</name><value>/var/spool/samba_my_printer </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="path">/var/spool/samba_my_printer </smbconfoption></term>
<listitem><para>
Sets the spooling area for this printer to a directory other than the default. It is not
necessary to set it differently, but the option is available.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>printer admin</name><value>kurt </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="printer admin">kurt </smbconfoption></term>
<listitem><para>
The printer admin definition is different for this explicitly defined printer share from the general
<smbconfsection>[printers]</smbconfsection> share. It is not a requirement; we
@ -737,42 +737,42 @@ to a printer with the same name!
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>browseable</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="browseable">yes </smbconfoption></term>
<listitem><para>
This makes the printer browseable so the clients may conveniently find it when browsing the
<guiicon>Network Neighborhood</guiicon>.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>printable</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="printable">yes </smbconfoption></term>
<listitem><para>
See <link linkend="ptrsect">The [printers] Section</link>.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>writable</name><value>no </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="writable">no </smbconfoption></term>
<listitem><para>
See <link linkend="ptrsect">The [printers] Section</link>.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>hosts allow</name><value>10.160.50.,10.160.51. </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="hosts allow">10.160.50.,10.160.51. </smbconfoption></term>
<listitem><para>
Here we exercise a certain degree of access control by using the <smbconfoption><name>hosts allow</name></smbconfoption> and <smbconfoption><name>hosts deny</name></smbconfoption>
Here we exercise a certain degree of access control by using the <smbconfoption name="hosts allow"/> and <smbconfoption name="hosts deny"/>
parameters. This is not by any means a safe bet. It is not a way to secure your
printers. This line accepts all clients from a certain subnet in a first evaluation of
access control.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>hosts deny</name><value>turbo_xp,10.160.50.23,10.160.51.60 </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="hosts deny">turbo_xp,10.160.50.23,10.160.51.60 </smbconfoption></term>
<listitem><para>
All listed hosts are not allowed here (even if they belong to the allowed subnets). As
you can see, you could name IP addresses as well as NetBIOS hostnames here.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>guest ok</name><value>no </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="guest ok">no </smbconfoption></term>
<listitem><para>
This printer is not open for the guest account.
</para></listitem>
@ -787,7 +787,7 @@ to a printer with the same name!
In each section defining a printer (or in the <smbconfsection>[printers]</smbconfsection> section),
a <parameter>print command</parameter> parameter may be defined. It sets a command to process the files
that have been placed into the Samba print spool directory for that printer. (That spool directory was,
if you remember, set up with the <smbconfoption><name>path</name></smbconfoption> parameter). Typically,
if you remember, set up with the <smbconfoption name="path"/> parameter). Typically,
this command will submit the spool file to the Samba host's print subsystem, using the suitable system
print command. But there is no requirement that this needs to be the case. For debugging or
some other reason, you may want to do something completely different than print the file. An example is a
@ -804,8 +804,8 @@ your hard disk may soon suffer from shortage of free space.
<para>
You learned earlier on that Samba, in most cases, uses its built-in settings for many parameters
if it cannot find an explicitly stated one in its configuration file. The same is true for the
<smbconfoption><name>print command</name></smbconfoption>. The default print command varies depending
on the <smbconfoption><name>printing</name></smbconfoption> parameter setting. In the commands listed
<smbconfoption name="print command"/>. The default print command varies depending
on the <smbconfoption name="printing"/> parameter setting. In the commands listed
below, you will notice some parameters of the form <emphasis>%X</emphasis> where <emphasis>X</emphasis> is
<emphasis>p, s, J</emphasis>, and so on. These letters stand for printer name, spool-file and job ID, respectively.
They are explained in more detail further below. <link linkend="printOptions">Next table</link> presents an overview of key
@ -825,63 +825,63 @@ printing options but excludes the special case of CUPS that is discussed in <lin
</thead>
<tbody>
<row>
<entry><smbconfoption><name>printing</name><value>bsd|aix|lprng|plp</value></smbconfoption></entry>
<entry><smbconfoption name="printing">bsd|aix|lprng|plp</smbconfoption></entry>
<entry>print command is <command>lpr -r -P%p %s</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>sysv|hpux</value></smbconfoption></entry>
<entry><smbconfoption name="printing">sysv|hpux</smbconfoption></entry>
<entry>print command is <command>lp -c -P%p %s; rm %s</command></entry>
</row>
<row>
<entry> <smbconfoption><name>printing</name><value>qnx</value></smbconfoption></entry>
<entry> <smbconfoption name="printing">qnx</smbconfoption></entry>
<entry>print command is <command>lp -r -P%p -s %s</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>bsd|aix|lprng|plp</value></smbconfoption></entry>
<entry><smbconfoption name="printing">bsd|aix|lprng|plp</smbconfoption></entry>
<entry>lpq command is <command>lpq -P%p</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>sysv|hpux</value></smbconfoption></entry>
<entry><smbconfoption name="printing">sysv|hpux</smbconfoption></entry>
<entry>lpq command is <command>lpstat -o%p</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>qnx</value></smbconfoption></entry>
<entry><smbconfoption name="printing">qnx</smbconfoption></entry>
<entry>lpq command is <command>lpq -P%p</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>bsd|aix|lprng|plp</value></smbconfoption></entry>
<entry><smbconfoption name="printing">bsd|aix|lprng|plp</smbconfoption></entry>
<entry>lprm command is <command>lprm -P%p %j</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>sysv|hpux</value></smbconfoption></entry>
<entry><smbconfoption name="printing">sysv|hpux</smbconfoption></entry>
<entry>lprm command is <command>cancel %p-%j</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>qnx</value></smbconfoption></entry>
<entry><smbconfoption name="printing">qnx</smbconfoption></entry>
<entry>lprm command is <command>cancel %p-%j</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>bsd|aix|lprng|plp</value></smbconfoption></entry>
<entry><smbconfoption name="printing">bsd|aix|lprng|plp</smbconfoption></entry>
<entry>lppause command is <command>lp -i %p-%j -H hold</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>sysv|hpux</value></smbconfoption></entry>
<entry><smbconfoption name="printing">sysv|hpux</smbconfoption></entry>
<entry>lppause command (...is empty)</entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>qnx</value></smbconfoption></entry>
<entry><smbconfoption name="printing">qnx</smbconfoption></entry>
<entry>lppause command (...is empty)</entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>bsd|aix|lprng|plp</value></smbconfoption></entry>
<entry><smbconfoption name="printing">bsd|aix|lprng|plp</smbconfoption></entry>
<entry>lpresume command is <command>lp -i %p-%j -H resume</command></entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>sysv|hpux</value></smbconfoption></entry>
<entry><smbconfoption name="printing">sysv|hpux</smbconfoption></entry>
<entry>lpresume command (...is empty)</entry>
</row>
<row>
<entry><smbconfoption><name>printing</name><value>qnx</value></smbconfoption></entry>
<entry><smbconfoption name="printing">qnx</smbconfoption></entry>
<entry>lpresume command (...is empty)</entry>
</row>
</tbody>
@ -891,7 +891,7 @@ printing options but excludes the special case of CUPS that is discussed in <lin
<para>
We excluded the special case of CUPS here, because it is discussed in the next chapter. For
<parameter>printing = CUPS</parameter>, if Samba is compiled against libcups, it uses the CUPS API to submit
jobs. (It is a good idea also to set <smbconfoption><name>printcap</name><value>cups</value></smbconfoption>
jobs. (It is a good idea also to set <smbconfoption name="printcap">cups</smbconfoption>
in case your <filename>cupsd.conf</filename> is set to write its auto-generated printcap file to an
unusual place). Otherwise, Samba maps to the System V printing commands with the -oraw option for printing,
i.e., it uses <command>lp -c -d%p -oraw; rm %s</command>. With <parameter>printing = cups</parameter>,
@ -904,7 +904,7 @@ and if Samba is compiled against libcups, any manually set print command will be
<title>Custom Print Commands</title>
<para>
After a print job has finished spooling to a service, the <smbconfoption><name>print command</name></smbconfoption>
After a print job has finished spooling to a service, the <smbconfoption name="print command"/>
will be used by Samba via a <emphasis>system()</emphasis> call to process the
spool file. Usually the command specified will submit the spool file to the host's printing subsystem. But
there is no requirement at all that this must be the case. The print subsystem may not remove the spool
@ -957,25 +957,25 @@ You can form quite complex print commands. You need to realize that print comman
passed to a UNIX shell. The shell is able to expand the included environment variables as
usual. (The syntax to include a UNIX environment variable <parameter>$variable</parameter>
in the Samba print command is <parameter>%$variable</parameter>.) To give you a working
<smbconfoption><name>print command</name></smbconfoption> example, the following will log a print job
<smbconfoption name="print command"/> example, the following will log a print job
to <filename>/tmp/print.log</filename>, print the file, then remove it. The semicolon (<quote>;</quote>
is the usual separator for commands in shell scripts:
</para>
<para><smbconfblock>
<smbconfoption><name>print command</name><value>echo Printing %s &gt;&gt; \</value></smbconfoption>
<smbconfoption name="print command">echo Printing %s &gt;&gt; \</smbconfoption>
<member><parameter>/tmp/print.log; lpr -P %p %s; rm %s</parameter></member>
</smbconfblock></para>
<para>
You may have to vary your own command considerably from this example depending on how you normally print
files on your system. The default for the <smbconfoption><name>print command</name></smbconfoption>
parameter varies depending on the setting of the <smbconfoption><name>printing</name></smbconfoption>
files on your system. The default for the <smbconfoption name="print command"/>
parameter varies depending on the setting of the <smbconfoption name="printing"/>
parameter. Another example is:
</para>
<para><smbconfblock>
<smbconfoption><name>print command</name><value>/usr/local/samba/bin/myprintscript %p %s</value></smbconfoption>
<smbconfoption name="print command">/usr/local/samba/bin/myprintscript %p %s</smbconfoption>
</smbconfblock></para>
</sect3>
</sect2>
@ -1138,7 +1138,7 @@ service of exactly this name if they want to retrieve printer driver files.
<para>
You should modify the server's file to add the global parameters and create the
<smbconfsection>[print$]</smbconfsection> file share (of course, some of the parameter values, such
as <smbconfoption><name>path</name></smbconfoption> are arbitrary and should be replaced with appropriate values for your
as <smbconfoption name="path"/> are arbitrary and should be replaced with appropriate values for your
site). See <link linkend="prtdollar">next example</link>.
</para>
@ -1148,23 +1148,23 @@ site). See <link linkend="prtdollar">next example</link>.
<smbconfsection>[global]</smbconfsection>
<smbconfcomment>members of the ntadmin group should be able to add drivers and set</smbconfcomment>
<smbconfcomment>printer properties. root is implicitly always a 'printer admin'.</smbconfcomment>
<smbconfoption><name>printer admin</name><value>@ntadmin</value></smbconfoption>
<smbconfoption name="printer admin">@ntadmin</smbconfoption>
<member>...</member>
<smbconfsection>[printers]</smbconfsection>
<member>...</member>
<smbconfsection>[print$]</smbconfsection>
<smbconfoption><name>comment</name><value>Printer Driver Download Area</value></smbconfoption>
<smbconfoption><name>path</name><value>/etc/samba/drivers</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption><name>write list</name><value>@ntadmin, root</value></smbconfoption>
<smbconfoption name="comment">Printer Driver Download Area</smbconfoption>
<smbconfoption name="path">/etc/samba/drivers</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="write list">@ntadmin, root</smbconfoption>
</smbconfexample>
</para>
<para>
Of course, you also need to ensure that the directory named by the
<smbconfoption><name>path</name></smbconfoption> parameter exists on the UNIX file system.
<smbconfoption name="path"/> parameter exists on the UNIX file system.
</para>
</sect2>
@ -1179,7 +1179,7 @@ The following parameters are frequently needed in this share section:
</para>
<variablelist>
<varlistentry><term><smbconfoption><name>comment</name><value>Printer Driver Download Area </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="comment">Printer Driver Download Area </smbconfoption></term>
<listitem><para>
The comment appears next to the share name if it is listed in a share list (usually Windows
clients will not see it, but it will also appear up in a <command>smbclient -L sambaserver
@ -1187,13 +1187,13 @@ The following parameters are frequently needed in this share section:
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>path</name><value>/etc/samba/printers </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="path">/etc/samba/printers </smbconfoption></term>
<listitem><para>
Is the path to the location of the Windows driver file deposit from the UNIX point of view.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>browseable</name><value>no </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="browseable">no </smbconfoption></term>
<listitem><para>
Makes the <smbconfsection>[print$]</smbconfsection> share invisible to clients from the
<guimenu>Network Neighborhood</guimenu>. However, you can still mount it from any client
@ -1202,7 +1202,7 @@ The following parameters are frequently needed in this share section:
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>guest ok</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="guest ok">yes </smbconfoption></term>
<listitem><para>
Gives read-only access to this share for all guest users. Access may be granted to
download and install printer drivers on clients. The requirement for <parameter>guest ok
@ -1223,14 +1223,14 @@ The following parameters are frequently needed in this share section:
</listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>read only</name><value>yes </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="read only">yes </smbconfoption></term>
<listitem><para>
Because we do not want everybody to upload driver files (or even change driver settings),
we tagged this share as not writable.
</para></listitem>
</varlistentry>
<varlistentry><term><smbconfoption><name>write list</name><value>@ntadmin, root </value></smbconfoption></term>
<varlistentry><term><smbconfoption name="write list">@ntadmin, root </smbconfoption></term>
<listitem><para>
The <smbconfsection>[print$]</smbconfsection> was made read-only by the previous
setting so we should create a <parameter>write list</parameter> entry also. UNIX
@ -1239,7 +1239,7 @@ The following parameters are frequently needed in this share section:
update files on the share. Normally, you will want to only name administrative-level user
account in this setting. Check the file system permissions to make sure these accounts
can copy files to the share. If this is a non-root account, then the account should also
be mentioned in the global <smbconfoption><name>printer admin</name></smbconfoption>
be mentioned in the global <smbconfoption name="printer admin"/>
parameter. See the &smb.conf; man page for more information on configuring file shares.
</para></listitem>
</varlistentry>
@ -1253,7 +1253,7 @@ The following parameters are frequently needed in this share section:
<para>
In order for a Windows NT print server to support the downloading of driver files by multiple client
architectures, you must create several subdirectories within the <smbconfsection>[print$]</smbconfsection>
service (i.e., the UNIX directory named by the <smbconfoption><name>path</name></smbconfoption>
service (i.e., the UNIX directory named by the <smbconfoption name="path"/>
parameter). These correspond to each of the supported client architectures. Samba follows this model as
well. Just like the name of the <smbconfsection>[print$]</smbconfsection> share itself, the subdirectories
must be exactly the names listed below (you may leave out the subdirectories of architectures you do
@ -1381,7 +1381,7 @@ to a printer is open to us. You now have the choice of:
<para>
Once the APW is started, the procedure is exactly the same as the one you are familiar with in Windows (we
assume here that you are familiar with the printer driver installations procedure on Windows NT). Make sure
your connection is, in fact, setup as a user with <smbconfoption><name>printer admin</name></smbconfoption>
your connection is, in fact, setup as a user with <smbconfoption name="printer admin"/>
privileges (if in doubt, use <command>smbstatus</command> to check for this). If you wish to install
printer drivers for client operating systems other than <application>Windows NT x86</application>,
you will need to use the <guilabel>Sharing</guilabel> tab of the printer properties dialog.
@ -1389,7 +1389,7 @@ you will need to use the <guilabel>Sharing</guilabel> tab of the printer propert
<para>
Assuming you have connected with an administrative (or root) account (as named by the
<smbconfoption><name>printer admin</name></smbconfoption> parameter), you will also be able to modify
<smbconfoption name="printer admin"/> parameter), you will also be able to modify
other printer properties such as ACLs and default device settings using this dialog. For the default
device settings, please consider the advice given further in <link linkend="inst-rpc">Installing Print Drivers Using <command>rpcclient</command></link>.
</para>
@ -1963,7 +1963,7 @@ user</emphasis> nobody. In a DOS box type:
<para><userinput>net use \\<replaceable>SAMBA-SERVER</replaceable>\print$ /user:root</userinput></para>
<para>
Replace root, if needed, by another valid <smbconfoption><name>printer admin</name></smbconfoption> user as given in
Replace root, if needed, by another valid <smbconfoption name="printer admin"/> user as given in
the definition. Should you already be connected as a different user, you will get an error message. There
is no easy way to get rid of that connection, because Windows does not seem to know a concept of logging
off from a share connection (do not confuse this with logging off from the local workstation; that is
@ -2056,7 +2056,7 @@ in the following paragraphs.
<para>
Be aware that a valid Device Mode can only be initiated by a
<smbconfoption><name>printer admin</name></smbconfoption>, or root
<smbconfoption name="printer admin"/>, or root
(the reason should be obvious). Device Modes can only be correctly
set by executing the printer driver program itself. Since Samba cannot execute this Win32 platform driver
code, it sets this field initially to NULL (which is not a valid setting for clients to use). Fortunately,
@ -2172,7 +2172,7 @@ command...</guimenuitem> field from the <guimenu>Start</guimenu> menu.
<para>
After you installed the driver on the Samba server (in its <smbconfsection>[print$]</smbconfsection>
share, you should always make sure that your first client installation completes correctly. Make it a
habit for yourself to build the very first connection from a client as <smbconfoption><name>printer admin</name></smbconfoption>. This is to make sure that:
habit for yourself to build the very first connection from a client as <smbconfoption name="printer admin"/>. This is to make sure that:
</para>
<itemizedlist>
@ -2207,7 +2207,7 @@ To connect as root to a Samba printer, try this command from a Windows 200x/XP D
You will be prompted for root's Samba-password; type it, wait a few
seconds, click on <guibutton>Printing
Defaults</guibutton>, and proceed to set the job options that should be used as defaults by all
clients. Alternately, instead of root you can name one other member of the <smbconfoption><name>printer admin</name></smbconfoption> from the setting.
clients. Alternately, instead of root you can name one other member of the <smbconfoption name="printer admin"/> from the setting.
</para>
<para>
@ -2315,7 +2315,7 @@ The following list needs periods after the letters and numbers:::::::::
Do you see any difference in the two settings dialogs? I do not either. However, only the last one, which
you arrived at with steps C.1 through 6 will permanently save any settings which will then become the defaults
for new users. If you want all clients to have the same defaults, you need to conduct these steps as
administrator (<smbconfoption><name>printer admin</name></smbconfoption> in ) before
administrator (<smbconfoption name="printer admin"/> in ) before
a client downloads the driver (the clients can later set their own per-user defaults
by following procedures A or B above). Windows 200x/XP allow per-user default settings and the ones the
administrator gives them, before they set up their own. The parents of the identically-looking dialogs have a slight difference in their window names; one is called <computeroutput>Default Print
@ -2457,7 +2457,7 @@ folder. Also located in this folder is the Windows NT Add Printer Wizard icon. T
<itemizedlist>
<listitem><para>
The connected user is able to successfully execute an <command>OpenPrinterEx(\\server)</command> with
administrative privileges (i.e., root or <smbconfoption><name>printer admin</name></smbconfoption>).
administrative privileges (i.e., root or <smbconfoption name="printer admin"/>).
</para>
<tip><para> Try this from a Windows 200x/XP DOS box command prompt:
@ -2472,7 +2472,7 @@ folder. Also located in this folder is the Windows NT Add Printer Wizard icon. T
</para></tip></listitem>
<listitem><para>... contains the setting
<smbconfoption><name>show add printer wizard</name><value>yes</value></smbconfoption> (the
<smbconfoption name="show add printer wizard">yes</smbconfoption> (the
default).</para></listitem>
</itemizedlist>
@ -2495,25 +2495,25 @@ The APW can do various things:
<listitem><para>
Add an entirely new printer to the Samba host (only in conjunction with a working
<smbconfoption><name>add printer command</name></smbconfoption>. A corresponding
<smbconfoption><name>delete printer command</name></smbconfoption> for removing entries from the
<smbconfoption name="add printer command"/>. A corresponding
<smbconfoption name="delete printer command"/> for removing entries from the
<guiicon>Printers</guiicon> folder may also be provided).
</para></listitem>
</itemizedlist>
<para>
The last one (add a new printer) requires more effort than the previous ones. To use
the APW to successfully add a printer to a Samba server, the <smbconfoption><name>add printer command</name></smbconfoption> must have a defined value. The program hook must successfully
the APW to successfully add a printer to a Samba server, the <smbconfoption name="add printer command"/> must have a defined value. The program hook must successfully
add the printer to the UNIX print system (i.e., to <filename>/etc/printcap</filename>,
<filename>/etc/cups/printers.conf</filename> or other appropriate files) and to &smb.conf; if necessary.
</para>
<para>
When using the APW from a client, if the named printer share does not exist, smbd will execute the
<smbconfoption><name>add printer command</name></smbconfoption> and re-parse to the to attempt to locate the new printer
<smbconfoption name="add printer command"/> and re-parse to the to attempt to locate the new printer
share. If the share is still not defined, an error of <errorname>Access Denied</errorname> is returned to
the client. The <smbconfoption><name>add printer command</name></smbconfoption> is executed
under the context of the connected user, not necessarily a root account. A <smbconfoption><name>map to guest</name><value>bad user</value></smbconfoption> may have connected you unwittingly under the wrong
the client. The <smbconfoption name="add printer command"/> is executed
under the context of the connected user, not necessarily a root account. A <smbconfoption name="map to guest">bad user</smbconfoption> may have connected you unwittingly under the wrong
privilege. You should check it by using the <command>smbstatus</command> command.
</para>
@ -2735,7 +2735,7 @@ Pooling assigns a logical printer to multiple ports as a form of load balancing
<para>
If you require multiple ports be defined for some reason or another (my users and my boss should not know
that they are working with Samba), configure <smbconfoption><name>enumports command</name></smbconfoption>
that they are working with Samba), configure <smbconfoption name="enumports command"/>
which can be used to define an external program that generates a listing of ports on a system.
</para>
</sect2>

2
docs/Samba-HOWTO-Collection/Problems.xml
View File

@ -34,7 +34,7 @@ on the screen.</para>
<para>
One of the best diagnostic tools for debugging problems is Samba itself.
You can use the <option>-d option</option> for both &smbd; and &nmbd; to specify the
<smbconfoption><name>debug level</name></smbconfoption> at which to run.
<smbconfoption name="debug level"/> at which to run.
See the man pages for <command>smbd, nmbd</command> and
&smb.conf; for more information regarding debugging options. The debug
level can range from 1 (the default) to 10 (100 for debugging passwords).

48
docs/Samba-HOWTO-Collection/ProfileMgmt.xml
View File

@ -75,14 +75,14 @@ For example, to support Windows NT4/200x clients, set the following in the [glob
<para>
<smbconfblock>
<smbconfoption><name>logon path</name><value> </value></smbconfoption>
<smbconfoption name="logon path"> </smbconfoption>
<member><parameter>\\profileserver\profileshare\profilepath\%U\moreprofilepath</parameter></member>
</smbconfblock>
This is typically implemented like:
<smbconfblock>
<smbconfoption><name>logon path</name><value>\\%L\Profiles\%u</value></smbconfoption>
<smbconfoption name="logon path">\\%L\Profiles\%u</smbconfoption>
</smbconfblock>
where <quote>%L</quote> translates to the name of the Samba server and <quote>%u</quote> translates to the user name.
</para>
@ -107,7 +107,7 @@ to not use the <smbconfsection>homes</smbconfsection> meta-service name as part
<title>Windows 9x/Me User Profiles</title>
<para>
To support Windows 9x/Me clients, you must use the <smbconfoption><name>logon home</name></smbconfoption>
To support Windows 9x/Me clients, you must use the <smbconfoption name="logon home"/>
parameter. Samba has been fixed so <userinput>net use /home</userinput> now works as well and it, too, relies
on the <command>logon home</command> parameter.
</para>
@ -118,7 +118,7 @@ directory. But wait! There is a trick you can use. If you set the following in
<smbconfsection>[global]</smbconfsection> section of your &smb.conf; file:
</para>
<para><smbconfblock>
<smbconfoption><name>logon home</name><value>\\%L\%U\.profiles</value></smbconfoption>
<smbconfoption name="logon home">\\%L\%U\.profiles</smbconfoption>
</smbconfblock></para>
<para>
@ -130,7 +130,7 @@ of your home directory called <filename>.profiles</filename> (making them hidden
Not only that, but <userinput>net use /home</userinput> will also work because of a feature in
Windows 9x/Me. It removes any directory stuff off the end of the home directory area
and only uses the server and share portion. That is, it looks like you
specified <filename>\\%L\%U</filename> for <smbconfoption><name>logon home</name></smbconfoption>.
specified <filename>\\%L\%U</filename> for <smbconfoption name="logon home"/>.
</para>
</sect3>
@ -139,12 +139,12 @@ specified <filename>\\%L\%U</filename> for <smbconfoption><name>logon home</name
<para>
You can support profiles for Windows 9x and Windows NT clients by setting both the
<smbconfoption><name>logon home</name></smbconfoption> and <smbconfoption><name>logon path</name></smbconfoption> parameters. For example:
<smbconfoption name="logon home"/> and <smbconfoption name="logon path"/> parameters. For example:
</para>
<para><smbconfblock>
<smbconfoption><name>logon home</name><value>\\%L\%u\.profiles</value></smbconfoption>
<smbconfoption><name>logon path</name><value>\\%L\profiles\%u</value></smbconfoption>
<smbconfoption name="logon home">\\%L\%u\.profiles</smbconfoption>
<smbconfoption name="logon path">\\%L\profiles\%u</smbconfoption>
</smbconfblock></para>
</sect3>
@ -168,7 +168,7 @@ There are three ways of doing this:
<term>In &smb.conf;</term>
<listitem><para>
Affect the following settings and ALL clients will be forced to use a local profile:
<smbconfoption><name>logon home</name><value> </value></smbconfoption> and <smbconfoption><name>logon path</name><value> </value></smbconfoption>
<smbconfoption name="logon home"> </smbconfoption> and <smbconfoption name="logon path"> </smbconfoption>
</para>
<para>
@ -230,9 +230,9 @@ When a user first logs in on Windows 9X, the file user.DAT is created, as are fo
<filename>Nethood</filename>. These directories and their contents will be merged with the local
versions stored in <filename>c:\windows\profiles\username</filename> on subsequent logins, taking the
most recent from each. You will need to use the <smbconfsection>[global]</smbconfsection> options
<smbconfoption><name>preserve case</name><value>yes</value></smbconfoption>,
<smbconfoption><name>short preserve case</name><value>yes</value></smbconfoption> and
<smbconfoption><name>case sensitive</name><value>no</value></smbconfoption>
<smbconfoption name="preserve case">yes</smbconfoption>,
<smbconfoption name="short preserve case">yes</smbconfoption> and
<smbconfoption name="case sensitive">no</smbconfoption>
in order to maintain capital letters in shortcuts in any of the profile folders.
</para>
@ -275,7 +275,7 @@ if that domain logon server supports it), user name and user's password.
wish to save the user's preferences?</computeroutput> Select <guibutton>Yes</guibutton>. </para>
<para> Once the Windows 9x/Me client comes up with the desktop, you should be able to examine the
contents of the directory specified in the <smbconfoption><name>logon path</name></smbconfoption> on
contents of the directory specified in the <smbconfoption name="logon path"/> on
the Samba server and verify that the <filename>Desktop</filename>, <filename>Start Menu</filename>,
<filename>Programs</filename> and <filename>Nethood</filename> folders have been created. </para>
@ -329,7 +329,7 @@ shown below. When this user next logs in, the user will be told that he/she is l
</para></listitem>
<listitem><para>
Check the contents of the profile path (see <smbconfoption><name>logon path</name></smbconfoption>
Check the contents of the profile path (see <smbconfoption name="logon path"/>
described above) and delete the <filename>user.DAT</filename> or <filename>user.MAN</filename>
file for the user, making a backup if required.
</para></listitem>
@ -364,12 +364,12 @@ provided with Windows NT4/200x server, and see what the differences are with the
<title>Windows NT4 Workstation</title>
<para> When a user first logs in to a Windows NT Workstation, the profile NTuser.DAT is created. The profile
location can be now specified through the <smbconfoption><name>logon path</name></smbconfoption> parameter.
location can be now specified through the <smbconfoption name="logon path"/> parameter.
</para>
<para> There is a parameter that is now available for use with NT Profiles: <smbconfoption><name>logon drive</name></smbconfoption>.
<para> There is a parameter that is now available for use with NT Profiles: <smbconfoption name="logon drive"/>.
This should be set to <filename>H:</filename> or any other drive, and should be used in conjunction with
the new <smbconfoption><name>logon home</name></smbconfoption> parameter. </para>
the new <smbconfoption name="logon home"/> parameter. </para>
<para> The entry for the NT4 profile is a directory not a file. The NT help on Profiles mentions that a
directory is also created with a .PDS extension. The user, while logging in, must have write permission
@ -513,8 +513,8 @@ user logs on again with the newer version of MS Windows. </para>
<para> If you then want to share the same Start Menu/Desktop with W9x/Me, you will need to specify a common
location for the profiles. The &smb.conf; parameters that need to be common are
<smbconfoption><name>logon path</name></smbconfoption> and
<smbconfoption><name>logon home</name></smbconfoption>. </para>
<smbconfoption name="logon path"/> and
<smbconfoption name="logon home"/>. </para>
<para> If you have this set up correctly, you will find separate <filename>user.DAT</filename> and
<filename>NTuser.DAT</filename> files in the same profile directory. </para>
@ -1094,9 +1094,9 @@ First, the Samba server needs to be configured as a Domain Controller. This can
setting in &smb.conf;: </para>
<smbconfblock>
<smbconfoption><name>security</name><value>user</value></smbconfoption>
<smbconfoption><name>os level</name><value>32 (or more)</value></smbconfoption>
<smbconfoption><name>domain logons</name><value>Yes</value></smbconfoption>
<smbconfoption name="security">user</smbconfoption>
<smbconfoption name="os level">32 (or more)</smbconfoption>
<smbconfoption name="domain logons">Yes</smbconfoption>
</smbconfblock>
<para> There must be a <smbconfsection>[netlogon]</smbconfsection> share that is world readable. It is
@ -1115,9 +1115,9 @@ so they do not interoperate with domain profiles. </para>
<para> For roaming profiles, add to &smb.conf;: </para>
<smbconfblock>
<smbconfoption><name>logon path</name><value>\\%N\profiles\%U</value></smbconfoption>
<smbconfoption name="logon path">\\%N\profiles\%U</smbconfoption>
<smbconfcomment>Default logon drive is Z:</smbconfcomment>
<smbconfoption><name>logon drive</name><value>H:</value></smbconfoption>
<smbconfoption name="logon drive">H:</smbconfoption>
<smbconfcomment>This requires a PROFILES share that is world writable.</smbconfcomment>
</smbconfblock>

4
docs/Samba-HOWTO-Collection/RightsAndPriviliges.xml
View File

@ -61,7 +61,7 @@ access to the UNIX host system.
<para>
Samba 3.0.11 introduces support for the Windows privilege model. This model
allows certain rights to be assigned to a user or group SID. In order to enable
this feature, <smbconfoption><name>enable privileges</name><value>yes</value></smbconfoption>
this feature, <smbconfoption name="enable privileges">yes</smbconfoption>
must be defined in the <smbconfsection>global</smbconfsection> section of the &smb.conf; file.
</para>
@ -227,7 +227,7 @@ on the Samba mailing lists.
<varlistentry><term>SePrintOperatorPrivilege</term>
<listitem><para>
This privilege operates identically to the
<smbconfoption><name>printer admin</name></smbconfoption>
<smbconfoption name="printer admin"/>
option in the &smb.conf; file (see section 5 man page for &smb.conf;)
except that it is a global right (not on a per printer basis).
Eventually the smb.conf option will be deprecated and administrative

2
docs/Samba-HOWTO-Collection/SWAT.xml
View File

@ -394,7 +394,7 @@ to us so we will include this in the next release of Samba. The <command>msg</co
</para>
</para>
Note that if you enable this feature and the <smbconfoption><name>display charset</name></smbconfoption> is not
Note that if you enable this feature and the <smbconfoption name="display charset"/> is not
matched to your browsers setting, the SWAT display may be corrupted. In a future version of
Samba, SWAT will always display messages with UTF-8 encoding. You will then not need to set
this &smb.conf; file parameter.

26
docs/Samba-HOWTO-Collection/Securing.xml
View File

@ -88,14 +88,14 @@ before someone will find yet another vulnerability.
</para>
<para>
One of the simplest fixes in this case is to use the <smbconfoption><name>hosts allow</name></smbconfoption> and
<smbconfoption><name>hosts deny</name></smbconfoption> options in the Samba &smb.conf; configuration file to only
One of the simplest fixes in this case is to use the <smbconfoption name="hosts allow"/> and
<smbconfoption name="hosts deny"/> options in the Samba &smb.conf; configuration file to only
allow access to your server from a specific range of hosts. An example might be:
</para>
<para><smbconfblock>
<smbconfoption><name>hosts allow</name><value>127.0.0.1 192.168.2.0/24 192.168.3.0/24</value></smbconfoption>
<smbconfoption><name>hosts deny</name><value>0.0.0.0/0</value></smbconfoption>
<smbconfoption name="hosts allow">127.0.0.1 192.168.2.0/24 192.168.3.0/24</smbconfoption>
<smbconfoption name="hosts deny">0.0.0.0/0</smbconfoption>
</smbconfblock></para>
<para>
@ -116,7 +116,7 @@ before someone will find yet another vulnerability.
</para>
<para><smbconfblock>
<smbconfoption><name>valid users</name><value>@smbusers, jacko</value></smbconfoption>
<smbconfoption name="valid users">@smbusers, jacko</smbconfoption>
</smbconfblock></para>
<para>
@ -142,8 +142,8 @@ before someone will find yet another vulnerability.
</para>
<para><smbconfblock>
<smbconfoption><name>interfaces</name><value>eth* lo</value></smbconfoption>
<smbconfoption><name>bind interfaces only</name><value>yes</value></smbconfoption>
<smbconfoption name="interfaces">eth* lo</smbconfoption>
<smbconfoption name="bind interfaces only">yes</smbconfoption>
</smbconfblock></para>
<para>
@ -212,8 +212,8 @@ before someone will find yet another vulnerability.
<para><smbconfblock>
<smbconfsection>[IPC$]</smbconfsection>
<smbconfoption><name>hosts allow</name><value>192.168.115.0/24 127.0.0.1</value></smbconfoption>
<smbconfoption><name>hosts deny</name><value>0.0.0.0/0</value></smbconfoption>
<smbconfoption name="hosts allow">192.168.115.0/24 127.0.0.1</smbconfoption>
<smbconfoption name="hosts deny">0.0.0.0/0</smbconfoption>
</smbconfblock></para>
<para>
@ -343,19 +343,19 @@ out to be a security problem request are totally convinced that the problem is w
</para>
<para>
Samba allows the behavior you require. Simply put the <smbconfoption><name>only user</name><value>%S</value></smbconfoption>
Samba allows the behavior you require. Simply put the <smbconfoption name="only user">%S</smbconfoption>
option in the <smbconfsection>[homes]</smbconfsection> share definition.
</para>
<para>
The <smbconfoption><name>only user</name><value></value></smbconfoption> works in conjunction with the <smbconfoption><name>users</name><value>list</value></smbconfoption>,
The <smbconfoption name="only user"></smbconfoption> works in conjunction with the <smbconfoption name="users">list</smbconfoption>,
so to get the behavior you require, add the line :
<smbconfblock>
<smbconfoption><name>users</name><value>%S</value></smbconfoption>
<smbconfoption name="users">%S</smbconfoption>
</smbconfblock>
this is equivalent to adding
<smbconfblock>
<smbconfoption><name>valid users</name><value>%S</value></smbconfoption>
<smbconfoption name="valid users">%S</smbconfoption>
</smbconfblock>
to the definition of the <smbconfsection>[homes]</smbconfsection> share, as recommended in
the &smb.conf; man page.

54
docs/Samba-HOWTO-Collection/ServerType.xml
View File

@ -200,7 +200,7 @@ The &smb.conf; parameter that sets user level security is:
</para>
<para><smbconfblock>
<smbconfoption><name>security</name><value>user</value></smbconfoption>
<smbconfoption name="security">user</smbconfoption>
</smbconfblock></para>
<para>
@ -236,7 +236,7 @@ Many clients send a session setup even if the server is in Share Level security.
normally send a valid username but no password. Samba records this username in a list
of possible usernames. When the client then does a tree connection it also adds to this list the name
of the share they try to connect to (useful for home directories) and any users
listed in the <smbconfoption><name>user</name></smbconfoption> parameter in the &smb.conf; file.
listed in the <smbconfoption name="user"/> parameter in the &smb.conf; file.
The password is then checked in turn against these possible usernames. If a match is found
then the client is authenticated as that user.
</para>
@ -249,7 +249,7 @@ The &smb.conf; parameter that sets Share Level security is:
</para>
<para><smbconfblock>
<smbconfoption><name>security</name><value>share</value></smbconfoption>
<smbconfoption name="security">share</smbconfoption>
</smbconfblock></para>
</sect3>
@ -260,7 +260,7 @@ The &smb.conf; parameter that sets Share Level security is:
<para>
<indexterm><primary>Domain Member</primary></indexterm>
When Samba is operating in <smbconfoption><name>security</name><value>domain</value></smbconfoption> mode,
When Samba is operating in <smbconfoption name="security">domain</smbconfoption> mode,
the Samba server has a domain security trust account (a machine account) and causes
all authentication requests to be passed through to the Domain Controllers.
In other words, this configuration makes the Samba server a Domain Member server.
@ -279,8 +279,8 @@ This method involves addition of the following parameters in the &smb.conf; file
</para>
<para><smbconfblock>
<smbconfoption><name>security</name><value>domain</value></smbconfoption>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption name="security">domain</smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
</smbconfblock></para>
<para>
@ -362,8 +362,8 @@ AD-member mode can accept Kerberos tickets.
<title>Example Configuration</title>
<para><smbconfblock>
<smbconfoption><name>realm</name><value>your.kerberos.REALM</value></smbconfoption>
<smbconfoption><name>security</name><value>ADS</value></smbconfoption>
<smbconfoption name="realm">your.kerberos.REALM</smbconfoption>
<smbconfoption name="security">ADS</smbconfoption>
</smbconfblock></para>
<para>
@ -371,7 +371,7 @@ The following parameter may be required:
</para>
<para><smbconfblock>
<smbconfoption><name>password server</name><value>your.kerberos.server</value></smbconfoption>
<smbconfoption name="password server">your.kerberos.server</smbconfoption>
</smbconfblock></para>
<para>
@ -404,10 +404,10 @@ security mode has many drawbacks that include:
In Server Security Mode the Samba server reports to the client that it is in User Level
security. The client then does a session setup as described earlier.
The Samba server takes the username/password that the client sends and attempts to login to the
<smbconfoption><name>password server</name></smbconfoption> by sending exactly the same username/password that
<smbconfoption name="password server"/> by sending exactly the same username/password that
it got from the client. If that server is in User Level Security and accepts the password,
then Samba accepts the client's connection. This allows the Samba server to use another SMB
server as the <smbconfoption><name>password server</name></smbconfoption>.
server as the <smbconfoption name="password server"/>.
</para>
<para>
@ -418,10 +418,10 @@ passwords in encrypted form. Samba supports this type of encryption by default.
</para>
<para>
The parameter <smbconfoption><name>security</name><value>server</value></smbconfoption> means that Samba reports to clients that
The parameter <smbconfoption name="security">server</smbconfoption> means that Samba reports to clients that
it is running in <emphasis>user mode</emphasis> but actually passes off all authentication
requests to another <emphasis>user mode</emphasis> server. This requires an additional
parameter <smbconfoption><name>password server</name></smbconfoption> that points to the real authentication server.
parameter <smbconfoption name="password server"/> that points to the real authentication server.
The real authentication server can be another Samba server, or it can be a Windows NT server,
the latter being natively capable of encrypted password support.
</para>
@ -447,9 +447,9 @@ This method involves the additions of the following parameters in the &smb.conf;
</para>
<para><smbconfblock>
<smbconfoption><name>encrypt passwords</name><value>Yes</value></smbconfoption>
<smbconfoption><name>security</name><value>server</value></smbconfoption>
<smbconfoption><name>password server</name><value>"NetBIOS_name_of_a_DC"</value></smbconfoption>
<smbconfoption name="encrypt passwords">Yes</smbconfoption>
<smbconfoption name="security">server</smbconfoption>
<smbconfoption name="password server">"NetBIOS_name_of_a_DC"</smbconfoption>
</smbconfblock></para>
@ -536,24 +536,24 @@ when using clear-text authentication:
</para>
<para><smbconfblock>
<smbconfoption><name>password level</name><value><replaceable>integer</replaceable></value></smbconfoption>
<smbconfoption><name>username level</name><value><replaceable>integer</replaceable></value></smbconfoption>
<smbconfoption name="password level"><replaceable>integer</replaceable></smbconfoption>
<smbconfoption name="username level"><replaceable>integer</replaceable></smbconfoption>
</smbconfblock></para>
<para>
By default Samba will convert to lower case the username before attempting to lookup the user
in the database of local system accounts. Because UNIX usernames conventionally
only contain lower-case characters, the <smbconfoption><name>username level</name></smbconfoption> parameter
only contain lower-case characters, the <smbconfoption name="username level"/> parameter
is rarely needed.
</para>
<para>
However, passwords on UNIX systems often make use of mixed-case characters.
This means that in order for a user on a Windows 9x/Me client to connect to a Samba
server using clear-text authentication, the <smbconfoption><name>password level</name></smbconfoption>
server using clear-text authentication, the <smbconfoption name="password level"/>
must be set to the maximum number of upper case letters that <emphasis>could</emphasis>
appear in a password. Note that if the server OS uses the traditional DES version
of crypt(), a <smbconfoption><name>password level</name></smbconfoption> of 8 will result in case
of crypt(), a <smbconfoption name="password level"/> of 8 will result in case
insensitive passwords as seen from Windows users. This will also result in longer
login times as Samba has to compute the permutations of the password string and
try them one by one until a match is located (or all combinations fail).
@ -589,7 +589,7 @@ to those for whom English is not their native tongue.
<para>
To some the nature of the Samba <emphasis>security</emphasis> mode is obvious, but entirely
wrong all the same. It is assumed that <smbconfoption><name>security</name><value>server</value></smbconfoption> means that Samba
wrong all the same. It is assumed that <smbconfoption name="security">server</smbconfoption> means that Samba
will act as a server. Not so! This setting means that Samba will <emphasis>try</emphasis>
to use another SMB server as its source for user authentication alone.
</para>
@ -600,7 +600,7 @@ to use another SMB server as its source for user authentication alone.
<title>What Makes Samba a Domain Controller?</title>
<para>
The &smb.conf; parameter <smbconfoption><name>security</name><value>domain</value></smbconfoption> does not really make Samba behave
The &smb.conf; parameter <smbconfoption name="security">domain</smbconfoption> does not really make Samba behave
as a Domain Controller. This setting means we want Samba to be a Domain Member. See <link linkend="samba-pdc">Samba as a PDC</link> for more information.
</para>
@ -610,7 +610,7 @@ as a Domain Controller. This setting means we want Samba to be a Domain Member.
<title>What Makes Samba a Domain Member?</title>
<para>
Guess! So many others do. But whatever you do, do not think that <smbconfoption><name>security</name><value>user</value></smbconfoption>
Guess! So many others do. But whatever you do, do not think that <smbconfoption name="security">user</smbconfoption>
makes Samba act as a Domain Member. Read the manufacturer's manual before the warranty expires. See
<link linkend="domain-member">Domain Membership</link> for more information.
</para>
@ -631,9 +631,9 @@ connection whose session key would be different. So server_validate() must give
</para>
<para>
Indeed. That's why <smbconfoption><name>security</name><value>server</value></smbconfoption>
is at best a nasty hack. Please use <smbconfoption><name>security</name><value>domain</value></smbconfoption>;
<smbconfoption><name>security</name><value>server</value></smbconfoption> mode is also known as pass-through authentication.
Indeed. That's why <smbconfoption name="security">server</smbconfoption>
is at best a nasty hack. Please use <smbconfoption name="security">domain</smbconfoption>;
<smbconfoption name="security">server</smbconfoption> mode is also known as pass-through authentication.
</para>
</sect2>

26
docs/Samba-HOWTO-Collection/Speed.xml
View File

@ -65,7 +65,7 @@ line with the <option>-O</option> option, or in the &smb.conf; file.
</para>
<para>
The <smbconfoption><name>socket options</name></smbconfoption> section of the &smb.conf; manual page describes how
The <smbconfoption name="socket options"/> section of the &smb.conf; manual page describes how
to set these and gives recommendations.
</para>
@ -78,7 +78,7 @@ much. The correct settings are very dependent on your local network.
<para>
The socket option TCP_NODELAY is the one that seems to make the biggest single difference
for most networks. Many people report that adding
<?latex \linebreak ?><smbconfoption><name>socket options</name><value>TCP_NODELAY</value></smbconfoption>
<?latex \linebreak ?><smbconfoption name="socket options">TCP_NODELAY</smbconfoption>
doubles the read performance of a Samba drive. The best explanation I have seen for
this is that the Microsoft TCP/IP stack is slow in sending TCP ACKs.
</para>
@ -96,7 +96,7 @@ first be quantitatively measured on the server being configured.
<title>Read Size</title>
<para>
The option <smbconfoption><name>read size</name></smbconfoption> affects the overlap of disk
The option <smbconfoption name="read size"/> affects the overlap of disk
reads/writes with network reads/writes. If the amount of data being
transferred in several of the SMB commands (currently SMBwrite, SMBwriteX and
SMBreadbraw) is larger than this value, then the server begins writing
@ -126,7 +126,7 @@ pointless and will cause you to allocate memory unnecessarily.
<para>
At startup the client and server negotiate a <parameter>maximum transmit</parameter> size,
which limits the size of nearly all SMB commands. You can set the
maximum size that Samba will negotiate using the <smbconfoption><name>max xmit</name></smbconfoption> option
maximum size that Samba will negotiate using the <smbconfoption name="max xmit"/> option
in &smb.conf;. Note that this is the maximum size of SMB requests that
Samba will accept, but not the maximum size that the client will accept.
The client maximum receive size is sent to Samba by the client and Samba
@ -146,7 +146,7 @@ In most cases the default is the best option.
<title>Log Level</title>
<para>
If you set the log level (also known as <smbconfoption><name>debug level</name></smbconfoption>) higher than 2
If you set the log level (also known as <smbconfoption name="debug level"/>) higher than 2
then you may suffer a large drop in performance. This is because the
server flushes the log file after each operation, which can be quite
expensive.
@ -157,20 +157,20 @@ expensive.
<title>Read Raw</title>
<para>
The <smbconfoption><name>read raw</name></smbconfoption> operation is designed to be an optimized, low-latency
The <smbconfoption name="read raw"/> operation is designed to be an optimized, low-latency
file read operation. A server may choose to not support it,
however, and Samba makes support for <smbconfoption><name>read raw</name></smbconfoption> optional, with it
however, and Samba makes support for <smbconfoption name="read raw"/> optional, with it
being enabled by default.
</para>
<para>
In some cases clients do not handle <smbconfoption><name>read raw</name></smbconfoption> very well and actually
In some cases clients do not handle <smbconfoption name="read raw"/> very well and actually
get lower performance using it than they get using the conventional
read operations.
</para>
<para>
So you might like to try <smbconfoption><name>read raw</name><value>no</value></smbconfoption> and see what happens on your
So you might like to try <smbconfoption name="read raw">no</smbconfoption> and see what happens on your
network. It might lower, raise or not effect your performance. Only
testing can really tell.
</para>
@ -181,13 +181,13 @@ testing can really tell.
<title>Write Raw</title>
<para>
The <smbconfoption><name>write raw</name></smbconfoption> operation is designed to be an optimized, low-latency
The <smbconfoption name="write raw"/> operation is designed to be an optimized, low-latency
file write operation. A server may choose to not support it, however, and Samba makes support for
<smbconfoption><name>write raw</name></smbconfoption> optional, with it being enabled by default.
<smbconfoption name="write raw"/> optional, with it being enabled by default.
</para>
<para>
Some machines may find <smbconfoption><name>write raw</name></smbconfoption> slower than normal write, in which
Some machines may find <smbconfoption name="write raw"/> slower than normal write, in which
case you may wish to change this option.
</para>
@ -198,7 +198,7 @@ case you may wish to change this option.
<para>
Slow logins are almost always due to the password checking time. Using
the lowest practical <smbconfoption><name>password level</name></smbconfoption> will improve things.
the lowest practical <smbconfoption name="password level"/> will improve things.
</para>
</sect1>

42
docs/Samba-HOWTO-Collection/StandAloneServer.xml
View File

@ -106,15 +106,15 @@ UNIX system database. This is a simple system to administer.
<title>smb.conf for Reference Documentation Server</title>
<smbconfcomment> Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>&example.server.samba;</value></smbconfoption>
<smbconfoption><name>security</name><value>SHARE</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>guest</value></smbconfoption>
<smbconfoption><name>wins server</name><value>192.168.1.1</value></smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
<smbconfoption name="netbios name">&example.server.samba;</smbconfoption>
<smbconfoption name="security">SHARE</smbconfoption>
<smbconfoption name="passdb backend">guest</smbconfoption>
<smbconfoption name="wins server">192.168.1.1</smbconfoption>
<smbconfsection>[data]</smbconfsection>
<smbconfoption><name>comment</name><value>Data</value></smbconfoption>
<smbconfoption><name>path</name><value>/export</value></smbconfoption>
<smbconfoption><name>guest only</name><value>Yes</value></smbconfoption>
<smbconfoption name="comment">Data</smbconfoption>
<smbconfoption name="path">/export</smbconfoption>
<smbconfoption name="guest only">Yes</smbconfoption>
</smbconfexample>
<para>
@ -198,21 +198,21 @@ The contents of the &smb.conf; file is shown in <link linkend="AnonPtrSvr">the n
<title>&smb.conf; for Anonymous Printing</title>
<smbconfcomment> Global parameters</smbconfcomment>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>workgroup</name><value>&example.workgroup;</value></smbconfoption>
<smbconfoption><name>netbios name</name><value>&example.server.samba;</value></smbconfoption>
<smbconfoption><name>security</name><value>SHARE</value></smbconfoption>
<smbconfoption><name>passdb backend</name><value>guest</value></smbconfoption>
<smbconfoption><name>printing</name><value>cups</value></smbconfoption>
<smbconfoption><name>printcap name</name><value>cups</value></smbconfoption>
<smbconfoption name="workgroup">&example.workgroup;</smbconfoption>
<smbconfoption name="netbios name">&example.server.samba;</smbconfoption>
<smbconfoption name="security">SHARE</smbconfoption>
<smbconfoption name="passdb backend">guest</smbconfoption>
<smbconfoption name="printing">cups</smbconfoption>
<smbconfoption name="printcap name">cups</smbconfoption>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>comment</name><value>All Printers</value></smbconfoption>
<smbconfoption><name>path</name><value>/var/spool/samba</value></smbconfoption>
<smbconfoption><name>printer admin</name><value>root</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>Yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>Yes</value></smbconfoption>
<smbconfoption><name>use client driver</name><value>Yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>No</value></smbconfoption>
<smbconfoption name="comment">All Printers</smbconfoption>
<smbconfoption name="path">/var/spool/samba</smbconfoption>
<smbconfoption name="printer admin">root</smbconfoption>
<smbconfoption name="guest ok">Yes</smbconfoption>
<smbconfoption name="printable">Yes</smbconfoption>
<smbconfoption name="use client driver">Yes</smbconfoption>
<smbconfoption name="browseable">No</smbconfoption>
</smbconfexample>
</para>

34
docs/Samba-HOWTO-Collection/Unicode.xml
View File

@ -94,7 +94,7 @@ Samba knows of three kinds of character sets:
<variablelist>
<varlistentry>
<term><smbconfoption><name>unix charset</name></smbconfoption></term>
<term><smbconfoption name="unix charset"/></term>
<listitem><para>
This is the charset used internally by your operating system.
The default is <constant>UTF-8</constant>, which is fine for most
@ -105,14 +105,14 @@ Samba knows of three kinds of character sets:
</varlistentry>
<varlistentry>
<term><smbconfoption><name>display charset</name></smbconfoption></term>
<term><smbconfoption name="display charset"/></term>
<listitem><para>This is the charset Samba will use to print messages
on your screen. It should generally be the same as the <parameter>unix charset</parameter>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><smbconfoption><name>dos charset</name></smbconfoption></term>
<term><smbconfoption name="dos charset"/></term>
<listitem><para>This is the charset Samba uses when communicating with
DOS and Windows 9x/Me clients. It will talk unicode to all newer clients.
The default depends on the charsets you have installed on your system.
@ -183,28 +183,28 @@ Setting up Japanese charsets is quite difficult. This is mainly because:
<sect2><title>Basic Parameter Setting</title>
<para>
<smbconfoption><name>dos charset</name></smbconfoption> and
<smbconfoption><name>display charset</name></smbconfoption>
<smbconfoption name="dos charset"/> and
<smbconfoption name="display charset"/>
should be set to the locale compatible with the character set
and encoding method used on Windows. This is usually CP932
but sometimes has a different name.
</para>
<para>
<smbconfoption><name>unix charset</name></smbconfoption> can be either Shift_JIS series,
<smbconfoption name="unix charset"/> can be either Shift_JIS series,
EUC-JP series and UTF-8. UTF-8 is always available but the availability of other locales
and its name itself depends on the system.
</para>
<para>
Additionally, you can consider to use the Shift_JIS series as the
value of the <smbconfoption><name>unix charset</name></smbconfoption>
value of the <smbconfoption name="unix charset"/>
parameter by using the vfs_cap module, which does the same thing as
setting <quote>coding system = CAP</quote> in the Samba 2.2 series.
</para>
<para>
Where to set <smbconfoption><name>unix charset</name></smbconfoption>
Where to set <smbconfoption name="unix charset"/>
to is a difficult question. Here is a list of details, advantages and
disadvantages of using a certain value.
</para>
@ -376,13 +376,13 @@ Setting up Japanese charsets is quite difficult. This is mainly because:
<smbconfexample><title>VFS CAP</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>dos charset</name><value>CP932<footnote><para>the locale name "CP932" may be different name</para></footnote></value></smbconfoption>
<smbconfoption><name>unix charset</name><value>CP932</value></smbconfoption>
<smbconfoption name="dos charset">CP932<footnote><para>the locale name "CP932" may be different name</para></footnote></smbconfoption>
<smbconfoption name="unix charset">CP932</smbconfoption>
<member><para>...</para></member>
<smbconfsection>[cap-share]</smbconfsection>
<smbconfoption><name>vfs option</name><value>cap</value></smbconfoption>
<smbconfoption name="vfs option">cap</smbconfoption>
</smbconfexample>
<para>
@ -442,9 +442,9 @@ display charset = CP932
</para>
<smbconfblock>
<smbconfoption><name>dos charset</name><value>CP932</value></smbconfoption>
<smbconfoption><name>unix charset</name><value>CP932 / eucJP-ms / UTF-8</value></smbconfoption>
<smbconfoption><name>display charset</name><value>CP932</value></smbconfoption>
<smbconfoption name="dos charset">CP932</smbconfoption>
<smbconfoption name="unix charset">CP932 / eucJP-ms / UTF-8</smbconfoption>
<smbconfoption name="display charset">CP932</smbconfoption>
</smbconfblock>
<para>
@ -462,7 +462,7 @@ display charset = CP932
<para>
Prior to Samba-2.2 series <quote>coding system</quote> parameter is used as
<smbconfoption><name>unix charset</name></smbconfoption> parameter of the Samba-3 series.
<smbconfoption name="unix charset"/> parameter of the Samba-3 series.
<link linkend="japancharsets">Next table</link> shows the mapping table when migrating from the Samba-2.2 series to Samba-3.
</para>
@ -500,8 +500,8 @@ Prior to Samba-2.2 series <quote>coding system</quote> parameter is used as
<para><quote>Samba is complaining about a missing <filename>CP850.so</filename> file.</quote></para>
<para><emphasis>Answer:</emphasis> CP850 is the default <smbconfoption><name>dos charset</name></smbconfoption>.
The <smbconfoption><name>dos charset</name></smbconfoption> is used to convert data to the codepage used by your dos clients.
<para><emphasis>Answer:</emphasis> CP850 is the default <smbconfoption name="dos charset"/>.
The <smbconfoption name="dos charset"/> is used to convert data to the codepage used by your dos clients.
If you do not have any dos clients, you can safely ignore this message. </para>
<para>CP850 should be supported by your local iconv implementation. Make sure you have all the required packages installed.

44
docs/Samba-HOWTO-Collection/VFS.xml
View File

@ -36,18 +36,18 @@ on different systems. They currently have been tested against GNU/Linux and IRIX
<para>
To use the VFS modules, create a share similar to the one below. The
important parameter is the <smbconfoption><name>vfs objects</name></smbconfoption> parameter where
important parameter is the <smbconfoption name="vfs objects"/> parameter where
you can list one or more VFS modules by name. For example, to log all access
to files and put deleted files in a recycle bin, see <link linkend="vfsrecyc">next configuration</link>:
<smbconfexample id="vfsrecyc">
<title>smb.conf with VFS modules</title>
<smbconfsection>[audit]</smbconfsection>
<smbconfoption><name>comment</name><value>Audited /data directory</value></smbconfoption>
<smbconfoption><name>path</name><value>/data</value></smbconfoption>
<smbconfoption><name>vfs objects</name><value>audit recycle</value></smbconfoption>
<smbconfoption><name>writeable</name><value>yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption name="comment">Audited /data directory</smbconfoption>
<smbconfoption name="path">/data</smbconfoption>
<smbconfoption name="vfs objects">audit recycle</smbconfoption>
<smbconfoption name="writeable">yes</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
</smbconfexample>
</para>
@ -57,7 +57,7 @@ Let's say that you want to both have a virus scanner module and a recycle
bin module. It is wise to put the virus scanner module as the first one so
that it is the first that get run an may detect a virus immediately, before
any action is performed on that file.
<smbconfoption><name>vfs objects</name><value>vscan-clamav recycle</value></smbconfoption>
<smbconfoption name="vfs objects">vscan-clamav recycle</smbconfoption>
</para>
<para>
@ -73,14 +73,14 @@ This can be done using a configuration similar to the one shown in <link linkend
<smbconfexample id="multimodule">
<title>smb.conf with multiple VFS modules</title>
<smbconfsection>[test]</smbconfsection>
<smbconfoption><name>comment</name><value>VFS TEST</value></smbconfoption>
<smbconfoption><name>path</name><value>/data</value></smbconfoption>
<smbconfoption><name>writeable</name><value>yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption><name>vfs objects</name><value>example:example1 example example:test</value></smbconfoption>
<smbconfoption><name>example1: parameter</name><value>1</value></smbconfoption>
<smbconfoption><name>example: parameter</name><value>5</value></smbconfoption>
<smbconfoption><name>test: parameter</name><value>7</value></smbconfoption>
<smbconfoption name="comment">VFS TEST</smbconfoption>
<smbconfoption name="path">/data</smbconfoption>
<smbconfoption name="writeable">yes</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
<smbconfoption name="vfs objects">example:example1 example example:test</smbconfoption>
<smbconfoption name="example1: parameter">1</smbconfoption>
<smbconfoption name="example: parameter">5</smbconfoption>
<smbconfoption name="test: parameter">7</smbconfoption>
</smbconfexample>
</para>
@ -111,7 +111,7 @@ This can be done using a configuration similar to the one shown in <link linkend
<para>
This module is identical with the <command>audit</command> module above except
that it sends audit logs to both syslog as well as the <command>smbd</command> log files. The
<smbconfoption><name>log level</name></smbconfoption> for this module is set in the &smb.conf; file.
<smbconfoption name="log level"/> for this module is set in the &smb.conf; file.
</para>
<para>
@ -161,7 +161,7 @@ This can be done using a configuration similar to the one shown in <link linkend
<para>
Auditing information often must be preserved for a long time. So that the log files do not get rotated
it is essential that the <smbconfoption><name>max log size</name><value>0</value></smbconfoption> be set
it is essential that the <smbconfoption name="max log size">0</smbconfoption> be set
in the &smb.conf; file.
</para>
@ -507,11 +507,11 @@ This can be done using a configuration similar to the one shown in <link linkend
<smbconfexample id="vfsshadow">
<title>Share With shadow_copy VFS</title>
<smbconfsection>[shadow_share]</smbconfsection>
<smbconfoption><name>comment</name><value>Shadow Copy Enabled Share</value></smbconfoption>
<smbconfoption><name>path</name><value>/data/shadow_share</value></smbconfoption>
<smbconfoption><name>vfs objects</name><value>shadow_copy</value></smbconfoption>
<smbconfoption><name>writeable</name><value>yes</value></smbconfoption>
<smbconfoption><name>browseable</name><value>yes</value></smbconfoption>
<smbconfoption name="comment">Shadow Copy Enabled Share</smbconfoption>
<smbconfoption name="path">/data/shadow_share</smbconfoption>
<smbconfoption name="vfs objects">shadow_copy</smbconfoption>
<smbconfoption name="writeable">yes</smbconfoption>
<smbconfoption name="browseable">yes</smbconfoption>
</smbconfexample>
</para>
</listitem>

24
docs/Samba-HOWTO-Collection/Winbind.xml
View File

@ -580,17 +580,17 @@ linkend="winbindcfg">the next example</link>, was modified to include the necess
<smbconfsection>[global]</smbconfsection>
&lt;...&gt;
<smbconfcomment> separate domain and username with '\', like DOMAIN\username</smbconfcomment>
<smbconfoption><name>winbind separator</name><value>\</value></smbconfoption>
<smbconfoption name="winbind separator">\</smbconfoption>
<smbconfcomment> use uids from 10000 to 20000 for domain users</smbconfcomment>
<smbconfoption><name>idmap uid</name><value>10000-20000</value></smbconfoption>
<smbconfoption name="idmap uid">10000-20000</smbconfoption>
<smbconfcomment> use gids from 10000 to 20000 for domain groups</smbconfcomment>
<smbconfoption><name>idmap gid</name><value>10000-20000</value></smbconfoption>
<smbconfoption name="idmap gid">10000-20000</smbconfoption>
<smbconfcomment> allow enumeration of winbind users and groups</smbconfcomment>
<smbconfoption><name>winbind enum users</name><value>yes</value></smbconfoption>
<smbconfoption><name>winbind enum groups</name><value>yes</value></smbconfoption>
<smbconfoption name="winbind enum users">yes</smbconfoption>
<smbconfoption name="winbind enum groups">yes</smbconfoption>
<smbconfcomment> give winbind users a real shell (only needed if they have telnet access)</smbconfcomment>
<smbconfoption><name>template homedir</name><value>/home/winnt/%D/%U</value></smbconfoption>
<smbconfoption><name>template shell</name><value>/bin/bash</value></smbconfoption>
<smbconfoption name="template homedir">/home/winnt/%D/%U</smbconfoption>
<smbconfoption name="template shell">/bin/bash</smbconfoption>
</smbconfexample></para>
</sect3>
@ -709,7 +709,7 @@ your PDC. For example, I get the following response:
</screen></para>
<para>
Obviously, I have named my domain <quote>CEO</quote> and my <smbconfoption><name>winbind separator</name></smbconfoption> is <quote>\</quote>.
Obviously, I have named my domain <quote>CEO</quote> and my <smbconfoption name="winbind separator"/> is <quote>\</quote>.
</para>
<para>
@ -996,11 +996,11 @@ have individual directories for the domain users already present on
the server, or change the home directory template to a general
directory for all domain users. These can be easily set using
the &smb.conf; global entry
<smbconfoption><name>template homedir</name></smbconfoption>.
<smbconfoption name="template homedir"/>.
</para>
<note>
<para>The directory in <smbconfoption><name>template homedir</name></smbconfoption> is not created automatically! Use pam_mkhomedir or pre-create
<para>The directory in <smbconfoption name="template homedir"/> is not created automatically! Use pam_mkhomedir or pre-create
the directories of users to make sure users can log in on UNIX with
their own home directory.
</para>
@ -1208,8 +1208,8 @@ cost of running a mixed UNIX and NT network.</para>
<para><quote>
My &smb.conf; file is correctly configured. I have specified
<smbconfoption><name>idmap uid</name><value>12000</value></smbconfoption>,
and <smbconfoption><name>idmap gid</name><value>3000-3500</value></smbconfoption>
<smbconfoption name="idmap uid">12000</smbconfoption>,
and <smbconfoption name="idmap gid">3000-3500</smbconfoption>
and <command>winbind</command> is running. When I do the following it all works fine.
</quote></para>

2
docs/Samba-HOWTO-Collection/WindowsClientConfig.xml
View File

@ -457,7 +457,7 @@ The most common reasons for which a Windows NT/200x/XP Professional client canno
</para>
<itemizedlist>
<listitem><para>&smb.conf; does not have correct <smbconfoption><name>add machine script</name></smbconfoption> settings.</para></listitem>
<listitem><para>&smb.conf; does not have correct <smbconfoption name="add machine script"/> settings.</para></listitem>
<listitem><para><quote>root</quote> account is not in password backend database.</para></listitem>
<listitem><para>Attempt to use a user account instead of the <quote>root</quote> account to join a machine to the domain.</para></listitem>
<listitem><para>Open connections from the workstation to the server.</para></listitem>

32
docs/Samba-HOWTO-Collection/locking.xml
View File

@ -87,13 +87,13 @@ a file. Unfortunately with the way fcntl() works, this can be slow and may overs
the <command>rpc.lockd</command>. This is almost always unnecessary as clients are supposed to
independently make locking calls before reads and writes if locking is
important to them. By default, Samba only makes locking calls when explicitly asked
to by a client, but if you set <smbconfoption><name>strict locking</name><value>yes</value></smbconfoption>, it
to by a client, but if you set <smbconfoption name="strict locking">yes</smbconfoption>, it
will make lock checking calls on <emphasis>every</emphasis> read and write call.
</para>
<para>
You can also disable byte range locking completely by using
<smbconfoption><name>locking</name><value>no</value></smbconfoption>.
<smbconfoption name="locking">no</smbconfoption>.
This is useful for those shares that do not support locking or do not need it
(such as CDROMs). In this case, Samba fakes the return codes of locking calls to
tell clients that everything is okay.
@ -414,7 +414,7 @@ the share.
<para>
Samba includes an &smb.conf; parameter called
<smbconfoption><name>force user</name></smbconfoption> that changes
<smbconfoption name="force user"/> that changes
the user accessing a share from the incoming user to whatever user is
defined by the smb.conf variable. If opportunistic locking is enabled
on a share, the change in user access causes an oplock break to be sent
@ -431,7 +431,7 @@ Avoid the combination of the following:
<itemizedlist>
<listitem><para>
<smbconfoption><name>force user</name></smbconfoption> in the &smb.conf; share configuration.
<smbconfoption name="force user"/> in the &smb.conf; share configuration.
</para></listitem>
<listitem><para>
@ -454,8 +454,8 @@ administrator to adjust various properties of the oplock mechanism to
account for timing and usage levels. These parameters provide good
versatility for implementing oplocks in environments where they would
likely cause problems. The parameters are:
<smbconfoption><name>oplock break wait time</name></smbconfoption>,
<smbconfoption><name>oplock contention limit</name></smbconfoption>.
<smbconfoption name="oplock break wait time"/>,
<smbconfoption name="oplock contention limit"/>.
</para>
<para>
@ -601,8 +601,8 @@ You can disable oplocks on a per-share basis with the following:
<para>
<smbconfblock>
<smbconfsection>[acctdata]</smbconfsection>
<smbconfoption><name>oplocks</name><value>False</value></smbconfoption>
<smbconfoption><name>level2 oplocks</name><value>False</value></smbconfoption>
<smbconfoption name="oplocks">False</smbconfoption>
<smbconfoption name="level2 oplocks">False</smbconfoption>
</smbconfblock>
</para>
@ -617,7 +617,7 @@ Alternately, you could disable oplocks on a per-file basis within the share:
<para>
<smbconfblock>
<smbconfoption><name>veto oplock files</name><value>/*.mdb/*.MDB/*.dbf/*.DBF/</value></smbconfoption>
<smbconfoption name="veto oplock files">/*.mdb/*.MDB/*.dbf/*.DBF/</smbconfoption>
</smbconfblock>
</para>
@ -647,7 +647,7 @@ basis in the &smb.conf; file.
<para>
<smbconfblock>
<smbconfoption><name>kernel oplocks</name><value>yes</value></smbconfoption>
<smbconfoption name="kernel oplocks">yes</smbconfoption>
</smbconfblock>
The default is no.
</para>
@ -670,15 +670,15 @@ enabled on a per-share basis, or globally for the entire server, in the
<smbconfexample id="far1">
<title>Share with some files oplocked</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>veto oplock files</name><value>/filename.htm/*.txt/</value></smbconfoption>
<smbconfoption name="veto oplock files">/filename.htm/*.txt/</smbconfoption>
<smbconfsection>[share_name]</smbconfsection>
<smbconfoption><name>veto oplock files</name><value>/*.exe/filename.ext/</value></smbconfoption>
<smbconfoption name="veto oplock files">/*.exe/filename.ext/</smbconfoption>
</smbconfexample>
</para>
<para>
<smbconfoption><name>oplock break wait time</name></smbconfoption> is an &smb.conf; parameter
<smbconfoption name="oplock break wait time"/> is an &smb.conf; parameter
that adjusts the time interval for Samba to reply to an oplock break request. Samba recommends:
<quote>Do not change this parameter unless you have read and understood the Samba oplock code.</quote>
Oplock break Wait Time can only be configured globally in the &smb.conf; file as shown below.
@ -686,7 +686,7 @@ Oplock break Wait Time can only be configured globally in the &smb.conf; file as
<para>
<smbconfblock>
<smbconfoption><name>oplock break wait time</name><value> 0 (default)</value></smbconfoption>
<smbconfoption name="oplock break wait time"> 0 (default)</smbconfoption>
</smbconfblock>
</para>
@ -703,10 +703,10 @@ the entire server, in the &smb.conf; file as shown in <link linkend="far3"/>.
<smbconfexample id="far3">
<title>Configuration with oplock break contention limit</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>oplock break contention limit</name><value> 2 (default)</value></smbconfoption>
<smbconfoption name="oplock break contention limit"> 2 (default)</smbconfoption>
<smbconfsection>[share_name]</smbconfsection>
<smbconfoption><name>oplock break contention limit</name><value> 2 (default)</value></smbconfoption>
<smbconfoption name="oplock break contention limit"> 2 (default)</smbconfoption>
</smbconfexample>
</para>

12
docs/Samba-HOWTO-Collection/msdfs.xml
View File

@ -38,9 +38,9 @@
<para>
A Samba server can be made a DFS server by setting the global
Boolean <smbconfoption><name>host msdfs</name></smbconfoption>
Boolean <smbconfoption name="host msdfs"/>
parameter in the &smb.conf; file. You designate a share as a DFS
root using the Share Level Boolean <smbconfoption><name>msdfs root</name></smbconfoption> parameter. A DFS root directory on Samba hosts DFS
root using the Share Level Boolean <smbconfoption name="msdfs root"/> parameter. A DFS root directory on Samba hosts DFS
links in the form of symbolic links that point to other servers. For example, a symbolic link
<filename>junction-&gt;msdfs:storage1\share1</filename> in the share directory acts
as the DFS junction. When DFS-aware clients attempt to access the junction link,
@ -65,12 +65,12 @@
<smbconfexample id="dfscfg">
<title>smb.conf with DFS configured</title>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>netbios name</name><value>&example.server.samba;</value></smbconfoption>
<smbconfoption><name>host msdfs </name><value>yes</value></smbconfoption>
<smbconfoption name="netbios name">&example.server.samba;</smbconfoption>
<smbconfoption name="host msdfs ">yes</smbconfoption>
<smbconfsection>[dfs]</smbconfsection>
<smbconfoption><name>path</name><value>/export/dfsroot</value></smbconfoption>
<smbconfoption><name>msdfs root</name><value>yes</value></smbconfoption>
<smbconfoption name="path">/export/dfsroot</smbconfoption>
<smbconfoption name="msdfs root">yes</smbconfoption>
</smbconfexample>
</para>

20
docs/Samba-HOWTO-Collection/upgrading-to-3.0.xml
View File

@ -21,9 +21,9 @@ the move from 2.2.x to 3.0.0.
<para>
Samba-3.0.0 default behavior should be approximately the same as Samba-2.2.x.
The default behavior when the new parameter <smbconfoption><name>passdb backend</name></smbconfoption>
The default behavior when the new parameter <smbconfoption name="passdb backend"/>
is not defined in the &smb.conf; file provides the same default behavior as Samba-2.2.x
with <smbconfoption><name>encrypt passwords</name><value>Yes</value></smbconfoption>, and
with <smbconfoption name="encrypt passwords">Yes</smbconfoption>, and
will use the <filename>smbpasswd</filename> database.
</para>
@ -37,7 +37,7 @@ preserved across the upgrade.
<para>
If the Samba-2.2.x system was using an LDAP backend, and there is no time to update the LDAP
database, then make sure that <smbconfoption><name>passdb backend</name><value>ldapsam_compat</value></smbconfoption>
database, then make sure that <smbconfoption name="passdb backend">ldapsam_compat</smbconfoption>
is specified in the &smb.conf; file. For the rest, behavior should remain more or less the same.
At a later date, when there is time to implement a new Samba-3 compatible LDAP backend, it is possible
to migrate the old LDAP database to the new one through use of the <command>pdbedit</command>.
@ -435,7 +435,7 @@ complete descriptions of new or modified parameters.
</para></listitem>
<listitem><para>
Inclusion of new <smbconfoption><name>security</name><value>ads</value></smbconfoption> option for integration
Inclusion of new <smbconfoption name="security">ads</smbconfoption> option for integration
with an Active Directory domain using the native Windows Kerberos 5 and LDAP protocols.
</para></listitem>
</orderedlist>
@ -443,9 +443,9 @@ complete descriptions of new or modified parameters.
<para>
Samba-3 also includes the possibility of setting up chains
of authentication methods
(<smbconfoption><name>auth methods</name></smbconfoption>) and account
(<smbconfoption name="auth methods"/>) and account
storage backends
(<smbconfoption><name>passdb backend</name></smbconfoption>).
(<smbconfoption name="passdb backend"/>).
Please refer to the &smb.conf;
man page and <link linkend="passdb">Account Information Databases</link>, for details. While both parameters assume sane default
values, it is likely that you will need to understand what the
@ -589,10 +589,10 @@ complete descriptions of new or modified parameters.
<smbconfblock>
<smbconfsection>[global]</smbconfsection>
<member>...</member>
<smbconfoption><name>idmap backend</name><value>ldap:ldap://onterose/</value></smbconfoption>
<smbconfoption><name>ldap idmap suffix</name><value>ou=idmap,dc=quenya,dc=org</value></smbconfoption>
<smbconfoption><name>idmap uid</name><value>40000-50000</value></smbconfoption>
<smbconfoption><name>idmap gid</name><value>40000-50000</value></smbconfoption>
<smbconfoption name="idmap backend">ldap:ldap://onterose/</smbconfoption>
<smbconfoption name="ldap idmap suffix">ou=idmap,dc=quenya,dc=org</smbconfoption>
<smbconfoption name="idmap uid">40000-50000</smbconfoption>
<smbconfoption name="idmap gid">40000-50000</smbconfoption>
</smbconfblock>
<para>

8
docs/manpages/nmbd.8.xml
View File

@ -54,7 +54,7 @@
specified it will respond with the IP number of the host it
is running on. Its "own NetBIOS name" is by
default the primary DNS name of the host it is running on,
but this can be overridden by the <smbconfoption><name>netbios name</name></smbconfoption>
but this can be overridden by the <smbconfoption name="netbios name"/>
in &smb.conf;. Thus <command>nmbd</command> will
reply to broadcast queries for its own name(s). Additional
names for <command>nmbd</command> to respond on can be set
@ -129,7 +129,7 @@
<listitem><para>NetBIOS lmhosts file. The lmhosts
file is a list of NetBIOS names to IP addresses that
is loaded by the nmbd server and used via the name
resolution mechanism <smbconfoption><name>name resolve order</name></smbconfoption> described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
resolution mechanism <smbconfoption name="name resolve order"/> described in <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> to resolve any
NetBIOS name queries needed by the server. Note
that the contents of this file are <emphasis>NOT</emphasis>
@ -201,7 +201,7 @@
and <filename>/etc/samba/smb.conf</filename>.</para>
<para>When run as a WINS server (see the
<smbconfoption><name>wins support</name></smbconfoption>
<smbconfoption name="wins support"/>
parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> man page),
<command>nmbd</command>
@ -210,7 +210,7 @@
wherever Samba was configured to install itself.</para>
<para>If <command>nmbd</command> is acting as a <emphasis>
browse master</emphasis> (see the <smbconfoption><name>local master</name></smbconfoption>
browse master</emphasis> (see the <smbconfoption name="local master"/>
parameter in the <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> man page, <command>nmbd</command>
will store the browsing database in the file <filename>browse.dat

6
docs/manpages/ntlm_auth.1.xml
View File

@ -160,7 +160,7 @@
<term>Username</term>
<listitem><para>The username, expected to be in
Samba's <smbconfoption><name>unix charset</name></smbconfoption>.
Samba's <smbconfoption name="unix charset"/>.
</para>
<para><example>Username: bob</example></para>
@ -170,7 +170,7 @@
<varlistentry>
<term>Username</term>
<listitem><para>The user's domain, expected to be in
Samba's <smbconfoption><name>unix charset</name></smbconfoption>.
Samba's <smbconfoption name="unix charset"/>.
</para>
<para><example>Domain: WORKGROUP</example></para>
@ -182,7 +182,7 @@
<listitem><para>The fully qualified username, expected to be in
Samba's <smbconfoption><name>unix
charset</name></smbconfoption> and qualified with the
<smbconfoption><name>winbind separator</name></smbconfoption>.
<smbconfoption name="winbind separator"/>.
</para>
<para><example>Full-Username: WORKGROUP\bob</example></para>

2
docs/manpages/pdbedit.8.xml
View File

@ -257,7 +257,7 @@ retype new password
</para>
<note><para>pdbedit does not call the unix password syncronisation
script if <smbconfoption><name>unix password sync</name></smbconfoption>
script if <smbconfoption name="unix password sync"/>
has been set. It only updates the data in the Samba
user database.
</para>

2
docs/manpages/rpcclient.1.xml
View File

@ -54,7 +54,7 @@
<term>server</term>
<listitem><para>NetBIOS name of Server to which to connect.
The server can be any SMB/CIFS server. The name is
resolved using the <smbconfoption><name>name resolve order</name></smbconfoption> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
resolved using the <smbconfoption name="name resolve order"/> line from <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.</para></listitem>
</varlistentry>

20
docs/manpages/smb.conf.5.xml
View File

@ -105,8 +105,8 @@
<smbconfexample>
<smbconfsection>[foo]</smbconfsection>
<smbconfoption><name>path</name><value>/home/bar</value></smbconfoption>
<smbconfoption><name>read only</name><value>read only = no</value></smbconfoption>
<smbconfoption name="path">/home/bar</smbconfoption>
<smbconfoption name="read only">read only = no</smbconfoption>
</smbconfexample>
<para>The following sample section defines a printable share.
@ -118,10 +118,10 @@
<smbconfexample>
<smbconfsection>[aprinter]</smbconfsection>
<smbconfoption><name>path</name><value>/usr/spool/public</value></smbconfoption>
<smbconfoption><name>read only</name><value>yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption name="path">/usr/spool/public</smbconfoption>
<smbconfoption name="read only">yes</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
</smbconfexample>
</refsect1>
@ -188,7 +188,7 @@
<smbconfexample>
<smbconfsection>[homes]</smbconfsection>
<smbconfoption><name>read only</name><value>no</value></smbconfoption>
<smbconfoption name="read only">no</smbconfoption>
</smbconfexample>
<para>An important point is that if guest access is specified
@ -250,9 +250,9 @@
<smbconfexample>
<smbconfsection>[printers]</smbconfsection>
<smbconfoption><name>path</name><value>/usr/spool/public</value></smbconfoption>
<smbconfoption><name>guest ok</name><value>yes</value></smbconfoption>
<smbconfoption><name>printable</name><value>yes</value></smbconfoption>
<smbconfoption name="path">/usr/spool/public</smbconfoption>
<smbconfoption name="guest ok">yes</smbconfoption>
<smbconfoption name="printable">yes</smbconfoption>
</smbconfexample>
<para>All aliases given for a printer in the printcap file

4
docs/manpages/smbd.8.xml
View File

@ -136,7 +136,7 @@
<term>-p &lt;port number(s)&gt;</term>
<listitem><para><replaceable>port number(s)</replaceable> is a
space or comma-separated list of TCP ports smbd should listen on.
The default value is taken from the <smbconfoption><name>ports</name></smbconfoption> parameter in &smb.conf;</para>
The default value is taken from the <smbconfoption name="ports"/> parameter in &smb.conf;</para>
<para>The default ports are 139 (used for SMB over NetBIOS over TCP)
and port 445 (used for plain SMB over TCP).
@ -225,7 +225,7 @@
<para>Samba uses PAM for authentication (when presented with a plaintext
password), for account checking (is this account disabled?) and for
session management. The degree too which samba supports PAM is restricted
by the limitations of the SMB protocol and the <smbconfoption><name>obey pam restrictions</name></smbconfoption> <citerefentry><refentrytitle>smb.conf</refentrytitle>
by the limitations of the SMB protocol and the <smbconfoption name="obey pam restrictions"/> <citerefentry><refentrytitle>smb.conf</refentrytitle>
<manvolnum>5</manvolnum></citerefentry> paramater. When this is set, the following restrictions apply:
</para>

2
docs/manpages/smbpasswd.8.xml
View File

@ -313,7 +313,7 @@
<listitem><para>This parameter is only available if Samba
has been compiled with LDAP support. The <parameter>-w</parameter>
switch is used to specify the password to be used with the
<smbconfoption><name>ldap admin dn</name></smbconfoption>. Note that the password is stored in
<smbconfoption name="ldap admin dn"/>. Note that the password is stored in
the <filename>secrets.tdb</filename> and is keyed off
of the admin's DN. This means that if the value of <parameter>ldap
admin dn</parameter> ever changes, the password will need to be

24
docs/manpages/winbindd.8.xml
View File

@ -42,8 +42,8 @@
service to <command>smbd</command>, <command>ntlm_auth</command>
and the <command>pam_winbind.so</command> PAM module, by managing connections to
domain controllers. In this configuraiton the
<smbconfoption><name>idmap uid</name></smbconfoption> and
<smbconfoption><name>idmap gid</name></smbconfoption>
<smbconfoption name="idmap uid"/> and
<smbconfoption name="idmap gid"/>
parameters are not required. (This is known as `netlogon proxy only mode'.)</para>
<para> The Name Service Switch allows user
@ -229,25 +229,25 @@ hosts: files wins
<itemizedlist>
<listitem><para>
<smbconfoption><name>winbind separator</name></smbconfoption></para></listitem>
<smbconfoption name="winbind separator"/></para></listitem>
<listitem><para>
<smbconfoption><name>idmap uid</name></smbconfoption></para></listitem>
<smbconfoption name="idmap uid"/></para></listitem>
<listitem><para>
<smbconfoption><name>idmap gid</name></smbconfoption></para></listitem>
<smbconfoption name="idmap gid"/></para></listitem>
<listitem><para>
<smbconfoption><name>idmap backend</name></smbconfoption></para></listitem>
<smbconfoption name="idmap backend"/></para></listitem>
<listitem><para>
<smbconfoption><name>winbind cache time</name></smbconfoption></para></listitem>
<smbconfoption name="winbind cache time"/></para></listitem>
<listitem><para>
<smbconfoption><name>winbind enum users</name></smbconfoption></para></listitem>
<smbconfoption name="winbind enum users"/></para></listitem>
<listitem><para>
<smbconfoption><name>winbind enum groups</name></smbconfoption></para></listitem>
<smbconfoption name="winbind enum groups"/></para></listitem>
<listitem><para>
<smbconfoption><name>template homedir</name></smbconfoption></para></listitem>
<smbconfoption name="template homedir"/></para></listitem>
<listitem><para>
<smbconfoption><name>template shell</name></smbconfoption></para></listitem>
<smbconfoption name="template shell"/></para></listitem>
<listitem><para>
<smbconfoption><name>winbind use default domain</name></smbconfoption></para></listitem>
<smbconfoption name="winbind use default domain"/></para></listitem>
</itemizedlist>
</refsect1>

14
docs/xslt/expand-sambadoc.xsl
View File

@ -7,10 +7,8 @@
(C) Alexander Bokovoy 2002-2004
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:exsl="http://exslt.org/common"
xmlns:samba="http://samba.org/common"
version="1.1"
extension-element-prefixes="exsl">
version="1.1">
<xsl:import href="../settings.xsl"/>
@ -83,18 +81,18 @@
<xsl:element name="member">
<xsl:element name="indexterm">
<xsl:element name="primary">
<xsl:value-of select="name"/>
<xsl:value-of select="@name"/>
</xsl:element>
</xsl:element>
<xsl:element name="parameter">
<xsl:text disable-output-escaping="yes">
&lt;?latex \hspace{1cm} ?&gt;
</xsl:text>
<xsl:value-of select="name"/>
<xsl:value-of select="@name"/>
<xsl:choose>
<xsl:when test="value != ''">
<xsl:when test="text() != ''">
<xsl:text> = </xsl:text>
<xsl:value-of select="value"/>
<xsl:value-of select="text()"/>
</xsl:when>
</xsl:choose>
</xsl:element>
@ -126,7 +124,7 @@
<!-- Include an index term -->
<xsl:element name="indexterm">
<xsl:element name="primary">
<xsl:value-of select="name"/>
<xsl:value-of select="@name"/>
</xsl:element>
</xsl:element>

3
docs/xslt/generate-attributions.xsl
View File

@ -4,7 +4,6 @@
(C) Jelmer Vernooij 2003
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"
version="1.1">
<xsl:output method="xml" omit-xml-declaration="yes" indent="yes"/>
@ -57,7 +56,7 @@
<xsl:when test="affiliation/address/email != ''">
<xsl:text> &lt;</xsl:text>
<xsl:element name="ulink">
<xsl:attribute name="samba:noescape">
<xsl:attribute name="noescape">
<xsl:text>1</xsl:text>
</xsl:attribute>
<xsl:attribute name="url">

8
docs/xslt/sambadoc2pearson.xsl
View File

@ -23,7 +23,7 @@
</xsl:template>
<xsl:template match="smbconfexample/smbconfoption|smbconfblock/smbconfoption">
<xsl:text> </xsl:text><xsl:value-of select="name"/><xsl:text> = </xsl:text><xsl:value-of select="value"/><xsl:text>&#10;</xsl:text>
<xsl:text> </xsl:text><xsl:value-of select="@name"/><xsl:text> = </xsl:text><xsl:value-of select="text()"/><xsl:text>&#10;</xsl:text>
</xsl:template>
<xsl:template match="smbconfexample">
@ -78,10 +78,10 @@
</xsl:template>
<xsl:template match="smbconfoption">
<code><xsl:value-of select="name"/></code>
<xsl:if test="value != ''">
<code><xsl:value-of select="@name"/></code>
<xsl:if test="text() != ''">
<xsl:text> = </xsl:text>
<xsl:value-of select="value"/>
<xsl:value-of select="text()"/>
</xsl:if>
<xsl:text>&#10;</xsl:text>
</xsl:template>

10
docs/xslt/upgrade.pl Normal file
View File

@ -0,0 +1,10 @@
#!/usr/bin/perl
# Update documents to the Samba DTD V1.0
undef $/;
while(<>) {
s/<smbconfoption><name>(.*?)<\/name><value>(.*?)<\/value><\/smbconfoption>/<smbconfoption name=\"\1\">\2<\/smbconfoption>/g;
s/<smbconfoption><name>(.*?)<\/name><\/smbconfoption>/<smbconfoption name=\"\1\"\/>/g;
print $_;
}