1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

1336 Commits

Author SHA1 Message Date
Rowland Penny
8f0cc7eaae remove duplicate lines from 'man smb.conf'
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Sep 21 17:18:46 CEST 2016 on sn-devel-144
2016-09-21 17:18:46 +02:00
Ralph Boehme
1b9787b319 docs/vfs_fruit: explain when to use vfs_catia
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 21 03:54:59 CEST 2016 on sn-devel-144
2016-09-21 03:54:59 +02:00
Ralph Boehme
b72287514c vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144
2016-08-31 18:41:20 +02:00
Ralph Boehme
cbe8f0d63b docs: document vfs_acl_xattr|tdb enforced settings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-31 14:57:09 +02:00
Andrew Bartlett
45373b988d docs: Explain that "reset on zero vc" is an SMB1 feature
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-08-31 07:09:26 +02:00
Ralph Boehme
26a9867ae1 vfs_acl_xattr|tdb: add option to control default ACL style
Existing behaviour is "posix" style. Next commit will (re)add the
"windows" style. This commit doesn't change behaviour in any way.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-30 21:12:26 +02:00
Volker Lendecke
ba297a6115 docs: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Aug 24 21:55:29 CEST 2016 on sn-devel-144
2016-08-24 21:55:29 +02:00
Christof Schmitt
5dd79dc128 docs: Clarify description for cache, lock and state directory settings
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-08-19 09:36:19 +02:00
Anoop C S
8c61e14796 Fix a typo in smb.conf man page
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 10 20:11:54 CEST 2016 on sn-devel-144
2016-08-10 20:11:54 +02:00
Uri Simchoni
1dfd8df23d smbd: add an option to inherit only the UNIX owner
This can be used to emulate folder quotas, as explained in the
modified manpage.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-10 08:18:17 +02:00
Uri Simchoni
513fa31c85 s3-param: add kerberos encryption types parameter
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-09 04:39:07 +02:00
Karolin Seeger
8a44659c33 docs: Bump version up to 4.6.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2016-08-05 22:20:05 +02:00
Marc Muehlfeld
976be8fe39 man: Wrong option for parameter ldap ssl in smb.conf man page
- "ldap ssl" does not accept the value "yes"
- Replaced "start_tls" with "start tls".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12023

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-08-04 18:26:07 +02:00
Rajesh Joseph
57518cf0d2 shadow_copy2: update man pages for the newly introduced options
shadow:snapprefix and shadow:delimiter are the two newly added options
in shadow copy. Update man pages explaining the two options.

Signed-off-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-07-28 10:06:13 +02:00
Stefan Metzmacher
b66ff2f47b docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
f28d0038c8 docs-xml/smbdotconf: add "password hash gpg key ids" option
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
eb33f7334f docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
d5541ef627 docs-xml:samba-tool.8: document "user syncpasswords" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:27 +02:00
Stefan Metzmacher
c8fb61cadc docs-xml:samba-tool.8: document "user getpassword" command
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-07-22 16:03:26 +02:00
Stefan Metzmacher
cd8dfed1a6 docs-xml:smbdotconf: default "ntlm auth" to "no"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 16:03:26 +02:00
Volker Lendecke
dd10c820aa smbd: Enable leases by default
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-07-22 10:32:22 +02:00
Andrew Bartlett
748384992b param: Correct the defaults for "dcerpc endpoint services"
We must not list any services that we skip building, as otherwise all RPC services fail to start.

We now build without the source4 spoolss server in non-developer builds

This fixes commit 0b4c741b9c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-07-19 13:41:11 +02:00
Garming Sam
878fa6ef7d check-password-script: Allow AD to execute these scripts
In contrast to source3, this is run as root and without substitution.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-05 00:00:14 +02:00
Jeremy Allison
bc3fcb23fa s3: docs: Add documentation for posix_whoami command in smbclient.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 26 02:43:55 CEST 2016 on sn-devel-144
2016-05-26 02:43:55 +02:00
Stefan Metzmacher
f4b5e9d44d Revert "s3:rpcclient add -m option"
This reverts commit a55ac51f5f.

This will be implemented in a more common way using the
"client ipc max protocol" option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-21 01:28:28 +02:00
Christian Ambach
a55ac51f5f s3:rpcclient add -m option
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 12 17:36:09 CEST 2016 on sn-devel-144
2016-05-12 17:36:09 +02:00
Garming Sam
d4b3cb0dd2 manpages: Markup led to missing space
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Uri Simchoni
b51add1f3b smbd: remove "only user" and "username" parameters
These have long been superseded by "valid users"

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-06 01:32:24 +02:00
Ralph Boehme
625dcef765 vfs_fruit: add an option that allows disabling POSIX rename behaviour
https://bugzilla.samba.org/show_bug.cgi?id=11721

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 00:04:50 CEST 2016 on sn-devel-144
2016-05-05 00:04:50 +02:00
Garming Sam
5caebde11d dns: modify dns forwarder param to be multi-valued
This allows a secondary DNS forwarder for a trivial failover. Requests
which fail/timeout at the primary DNS forwarder will be restarted
entirely with the next forwarder in the list.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-03 08:10:09 +02:00
Stefan Metzmacher
f762be4343 CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
06b038c017 CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
We sadly need to allow this for now by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
c52097ae17 CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
f65f618e96 CVE-2016-2115: docs-xml: add "client ipc signing" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
8ff6a955f5 CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
1dd4378b34 CVE-2016-2114: docs-xml: let the "smb signing" documentation reflect the reality
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
6ad9ba72a7 CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
2362c0353b CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
6e22abd977 CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
0cd2acef79 CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
1dc40a08f0 CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
a1900b5bd6 CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
6cd48add11 CVE-2016-2111: docs-xml: document the new "client NTLMv2 auth" and "client use spnego" interaction
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Volker Lendecke
10054c4281 docs: Mention _NO_WINBINDD in idmap_script.8
Thanks to Joachim Achtzehnter <joachima@netacquire.com> for pointing out this
flaw!

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 31 23:57:13 CEST 2016 on sn-devel-144
2016-03-31 23:57:13 +02:00
Volker Lendecke
74f0a2435b docs: build idmap_script.8 by default
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-31 20:30:11 +02:00
Günther Deschner
8a71e1a5a8 param: add parameter "server multi channel support", defaults to off.
Guenther

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-15 17:31:10 +01:00
Herwin Weststrate
0b500d413c Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).

It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.

It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).

After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).

  $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
  Logon failure (0xc000006d)
  $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
  NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-11 22:58:18 +01:00
Ralph Boehme
f28014d810 docs: update vfs_fruit manpage
Add documentation that ea support = yes is required and explain why all
shares for OS X clients should use fruit if one uses it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-10 00:08:11 +01:00
Christian Ambach
301c69816c s3:utils/smbget update manpage with -P option removal
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-02-26 11:31:32 +01:00
Andreas Schneider
a5e349a5ff docs: Add manpage for cifsdd
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11730

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Feb 18 18:05:55 CET 2016 on sn-devel-144
2016-02-18 18:05:55 +01:00