1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

2150 Commits

Author SHA1 Message Date
Volker Lendecke
f78a44fce6 docs: Fix a typo in a parameter file name
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
24dc8ef174 param: Add "client netlogon ping protocol"
Allow "net ads join" in environments where UDP/389 is blocked. Code
will follow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:04 +00:00
Volker Lendecke
527d81fc5e param: Remove parameter "cldap port"
This was not used consistently across all of our code base, and I
don't see a reason why this should ever not be port 389.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11 14:03:03 +00:00
Ralph Boehme
ae3e9dde4c smbd: add option "smb3 directory leases"
By default enabled on non-clustered Samba, disabled on clustered Samba, the
reason being the expected additional load caused by forcing strict rename to be
enabled.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
7b59145922 docs: fix indentation of "strict rename"
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
38b5c8c663 smbd: remove "fruit:posix_rename"
This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could result
in severe problems for Windows clients.

As a possible workaround it is possible to prevent creation of .DS_Store files
(a Finder thingy to store directory view settings) on network mounts by running

  $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true

on the Mac.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-10-25 10:42:32 +00:00
David Mulder
948d0fcfe1 Isolate hsm auth value from the cache
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-10-23 14:21:33 +00:00
David Mulder
f0cbe4d5a2 Add lp Rust bindings
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-10-23 14:21:33 +00:00
Alexander Bokovoy
4f577c7b68 sync machine password to keytab: handle FreeIPA use case
FreeIPA uses own procedure to retrieve keytabs and during the setup of
Samba on FreeIPA client the keytab is already present, only machine
account needs to be set in the secrets database.

'sync machine password to keytab' option handling broke this use case by
always attempting to contact a domain controller and failing to do so
(Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2309199).

The original synchronizing machine account password to keytab feature
did not have a mechanism to disable its logic at all.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Fri Sep 13 13:16:09 UTC 2024 on atb-devel-224
2024-09-13 13:16:09 +00:00
Anoop C S
12ad4832a7 docs_xml/vfs_ceph_new: Add new proxy option
Update man page to describe new 'proxy' module option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15703

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Sep 12 16:51:14 UTC 2024 on atb-devel-224
2024-09-12 16:51:14 +00:00
Stefan Metzmacher
460e280d3a docs-xml: add 'vfs mkdir use tmp name' option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15693

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-08-21 08:02:30 +00:00
Ralph Boehme
1c4e2ba842 docs: document SUPPORTS_BLOCK_REFCOUNTING for share:fake_fscaps
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2024-08-20 05:41:32 +00:00
Anoop C S
31c9352099 docs-xml: Fix script location in syncmachinepasswordscript.xml
Update the change in installation path for winbind_ctdb_updatekeytab.sh
from SAMBA_DATADIR to newly defined CTDB_DATADIR.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 16 09:49:30 UTC 2024 on atb-devel-224
2024-08-16 09:49:30 +00:00
Pavel Filipenský
9e4074d426 docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224
2024-08-13 15:27:26 +00:00
Pavel Filipenský
2dd81ec2be docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-08-13 14:10:37 +00:00
Pavel Filipenský
ca7acec952 docs:smbdotconf: Improve documentation for 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-08-13 14:10:37 +00:00
Pavel Filipenský
cb774a74c4 docs: Add examples to net.8 that use 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-08-13 14:10:37 +00:00
Pavel Filipenský
51784e80f2 Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
This reverts commit a5f47f6efe.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-08-13 14:10:37 +00:00
Shachar Sharon
68f0835c8e docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
update the relevant man-page accordingly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Aug  8 13:54:34 UTC 2024 on atb-devel-224
2024-08-08 13:54:34 +00:00
Shachar Sharon
d8c84a2993 docs-xml/manpages: add entry for vfs_ceph_new
Create man entry for the newly added vfs_ceph_new module: almost
identical to existing vfs_ceph, except to the configuration entry:

  [sharename]
  vfs objects = ceph_new
  ...

Adds a bit of info for the motivation behind this new module.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
2024-08-05 15:03:28 +00:00
Pavel Filipenský
a5f47f6efe docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Aug  5 13:29:25 UTC 2024 on atb-devel-224
2024-08-05 13:29:25 +00:00
Pavel Filipenský
374680010d docs-xml: Fix trailing whitespace in net.8.xml
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-08-05 12:23:37 +00:00
Pavel Filipenský
6c627903ee docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
Hint: review this commit with ignoring white space changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-08-05 12:23:37 +00:00
Volker Lendecke
10e9b858a3 docs: Document parametric form of hide and veto files
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 31 09:41:54 UTC 2024 on atb-devel-224
2024-07-31 09:41:54 +00:00
Pavel Filipenský
09c3029958 docs:smbdotconf: Add parameter 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Pavel Filipenský
731a25b5c8 docs:smbdotconf: Add parameter 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=6750

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 17:12:36 +00:00
Ralph Boehme
b8b2f21835 s3/lib: add per-user support to set_namearray()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-07-26 10:06:31 +00:00
Pavel Filipenský
20e8e7062c docs-xml: Mention winbind consistently in samba-dcerpcd.8
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-07-17 07:48:31 +00:00
Andréas Leroux
2c1a4a516f ldap_server: Add a ldapsrv debug class to log LDAP queries
Patch updated for recent samba versions in merge request #3295 by kvvloten
Initial patch created by Jeremy Allison (https://www.spinics.net/lists/samba/msg161128.html) to log LDAP server queries/functions in a separate file

Signed-off-by: Andréas Leroux <aleroux@tranquil.it>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul  9 08:37:22 UTC 2024 on atb-devel-224
2024-07-09 08:37:22 +00:00
Volker Lendecke
f1fae5403e docs: "share:fake_fscaps" is per share, not global
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-07-04 15:26:36 +00:00
Douglas Bagnall
7fb38aee12 docs-xml:manpages: allow for longer version strings
The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to
"Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page.
("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's
not worry about that).

On narrow terminals (< ~75 columns) this makes it more likely that
the version string will run into the date string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-07-03 01:35:31 +00:00
Oliver Mihatsch
3c1691aff5 Extended the documentation for the "tls certfile" parameter in the smb.conf.
Signed-off-by: Oliver Mihatsch <om-git@q4k.de>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jun 27 05:33:17 UTC 2024 on atb-devel-224
2024-06-27 05:33:17 +00:00
Andreas Schneider
758bb9aacd docs-xml: Add smb.conf option 'dns hostname'
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22 20:33:36 +00:00
Stefan Metzmacher
acaa24c65d smbdotconf: finally remove unused "client use spnego principal" option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
844e1bdc6d smbdotconf: add client ldap sasl wrapping = {starttls,ldaps}
In order to use SASL authentitation within a TLS connection
we now provide "client ldap sasl wrapping = starttls" or
"client ldap sasl wrapping = ldaps".

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
0b84c97cf3 docs-xml: add 'tls trust system cas' and 'tls ca directories' options
This will make it easier to support trusting more than one CA.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Stefan Metzmacher
6c17e3d280 s4:ldap_server: add support for tls channel bindings
ldap server require strong auth = allow_sasl_over_tls
is now an alias for 'allow_sasl_without_tls_channel_bindings'
and should be avoided and changed to 'yes' or
'allow_sasl_without_tls_channel_bindings'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:34 +00:00
Vinit Agnihotri
9fcb62cf22 param: Add additional key 'options' for interfaces
The key 'options' specifies if server should spawn/kill listning sockets
in event of add/dropped ip addresses on specified interface.

Signed-off-by: Vinit Agnihotri <vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 23:51:45 +00:00
Pavel Filipenský
75a4fbbf6a smbdotconf: Enable "winbind debug traceid" by default
The traceid debug header field is a useful feature, let's make it
default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
2024-04-15 18:47:41 +00:00
Pavel Filipenský
a485d9de2f docs-xml: Add parameter all_groupmem to idmap_ad
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-02 12:25:31 +00:00
Rob van der Linde
93f4be1647 netcmd: docs: update documentation for new auth policy command structure
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Rob van der Linde
2af65446cf netcmd: docs: add section headings for auth policies and silos
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Rob van der Linde
7fbe515609 netcmd: docs: consistently put <constant> around GROUP and SILO
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Rob van der Linde
4e1d12835f netcmd: docs: --user-allowed-to-authenticate-from-device-group was missing
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Rob van der Linde
26feb09fd1 netcmd: docs: --user-allowed-to-authenticate-from-device-silo missing "device"
Make it consistent with --service-allowed-to-authenticate-from-device-silo by adding =SILO

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Rob van der Linde
a7edd5b536 netcmd: docs: add documentation for service-account group-msa-membership commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Rob van der Linde
03a6740a90 netcmd: docs: add documentation for service-account base command
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-28 01:50:41 +00:00
Jule Anger
055b4cd50f samba-tool: add "samba-tool user list --locked-only"
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-12 09:49:31 +00:00
Stefan Metzmacher
7a674ee9ff docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224
2024-02-13 21:06:24 +00:00
Stefan Metzmacher
1d0938d6fe docs-xml: add details for 'net witness'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-02-13 20:02:31 +00:00