diff -u -r --new-file --exclude=CVS samba-2.2.5/WHATSNEW.txt samba-2.2.6/WHATSNEW.txt --- samba-2.2.5/WHATSNEW.txt Wed Jun 19 01:13:13 2002 +++ samba-2.2.6/WHATSNEW.txt Wed Oct 16 22:05:21 2002 @@ -1,11 +1,179 @@ - WHAT'S NEW IN Samba 2.2.5 - 18th June 2002 - =========================================== + WHAT'S NEW IN Samba 2.2.6 - 16th October 2002 + ============================================= This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. There have been several fixes and internal enhancements which include: + * Fixes for MS-RPC printing issues affecting Windows 2000 clients + * New support for smb.conf generation in SWAT + * Inclusion of several performance enhancements (See --with-sendfile + & and the modified smb.conf(5) parameters in these Release Notes) + * Fixes for several file locking bugs and returned status codes + + +New Parameters +-------------- + +Refer to the smb.conf(5) man page for complete descriptions of new parameters. + + * profile acls (S) workaround for issue with WinXP SP1 + and roaming user profiles + +Removed Parameters +------------------ + + * max packet (G) + * packet size (G) + +Modified Parameters +------------------- + + * max xmit (G) new default value + * large readwrite (G) new default value + +New ./configure Options +----------------------- + + --with-sendfile Enable experimental sendfile support + --with-winbind-ldap-hack Enable winbindd_ldap_hack() functionality + for Windows 2000 native mode domains + + +Changes since 2.2.5 +-------------------- + +See the cvs log for SAMBA_2_2 for more details + +1) Fixed several compiler warnings caused by the use of const parameters +2) Fixed a hang in the main smbd process caused by an EINTR in the + wrong place +3) Fixed string substitutions to accept a length for sanity checks +4) Fixed 17-bit length field in nmb header +5) Removed non-portable inline declaration for functions +6) Performance fix for including files with an smb.conf variable in the + path name +7) Fix for parsing LPRng lpq output +8) Parsing fix for PRINTER_INFO_2 structure which was causing viewing + printer properties to fail +9) Fix for printer change notification and Windows NT clients which caused + the client to go into an infinite loop of refreshing the local printers + folder +10) Allow trans2 and nttrans messages to be processed in oplock break state + which fixes a problem with oplock break requests and Win2k clients +11) Don't crash on setfileinfo on printer fsp +12) Memory fixes caught by Valgrind +13) Updates to stop spurious error message in tdb +14) Fix silly logic bug in 'make smbd processes' and 'status = no' check +15) Fix compilation of pam_smbpass and --with-ldap +16) Fix compilation of smbwrapper on Solaris hosts +17) fix logic error in a check for enabling the winbind_pam_auth_crap() code + & fix formatting typo in --with-winbind-auth-challenge +18) Correcting check for ldap_start_tls() +19) Fixed a problem with getgroups() where it could include our current + effective gid +20) fix incorrect semantics in the DeletePrinterDriver() spoolss rpc + to only attempt to delete the architecture specified by the client +21) Don't allow TEMP attribute on directory open +22) Restore VxFS quotas to the 2.2 branch +23) Added basic "Wizard" functionality to SWAT +24) Fix initial "allocation size" in NTcreate&X call +25) Fix for open fid, "nametoolong" +26) Exit server on receipt of a non-SMB packet. Ensure we have + at least smb_size bytes before processing a packet +27) Replace inet_aton with inet_addr() to correct compile problems on Solaris +28) Include the "account" objectclass when adding a new account to --with-ldapsam + in order to comply with the data model implemented by OpenLDAP 2.1.x +29) Various fixes for POSIX compliance +30) Correct alignment & offset bug in EnumPrinterDataEx() +31) Fix access checks when modifying forms using a print server handle + (not just a printer handle) +32) Account for case data_len == 0 in EnumPrinterDataEx() +33) Fix logic error in blocking lock code +34) Fixed various incorrect return codes to clients +35) Add RESOLVE_DFSPATH to mkdir operations +36) Fix longstanding bug in Win2k clients by clearing the shortname + buffer before returning ASCII short name +37) added -t option to smbpasswd for explicitly changing a trust + account password when operating in security = domain +38) installed -x option to testparm to eXclude printing all parameter + values that are at default settings. +39) Fix shares/printers view in SWAT so that only Basic options are exposed + upon initial entry. +40) Added 1125 & KOI8-U to codepage list in Makefile.in +41) Include separate configure checks for *openbsd* & *freebsd* when + determining flags used to compile shared libraries. +42) Merge in free list unlock on error fix +43) Correctly fail opens with mismatching SYSTEM or HIDDEN attributes + if we are mapping system or hidden +44) Fix bug with stat mode open being done on read-only open with truncate +45) Fix crash bug discovered where cli struct was being deallocated in a + called function +46) Ensure we open UNIX fifo's non-blocking +47) Fix DeletePrinterDriver() (hopefully for the last time...yeah right....) +48) only lowercase global_myname in the %L substitution, not the whole string +49) Merged Steve French's fix for OS/2 EA return error being removed +50) Patch from Steve French to fix difference in responses to smbclient + //server/share ls / on Samba and Windows 2000 +51) Print error and exit if smb.conf doesn't have security=domain and + encrypt passwords=yes when joining domain +52) Added final Steve French patch for "required" attributes with old dir + listings +53) Initialize user_rid value in WINBIND_USERINFO structure returned by + the rpc version of query_user() +54) Ensure we've failed a lock with a lock denied message before automatically + pushing it onto the blocking queue +55) Add experimental --with-sendfile code +56) alignment fix in printing code merged from HEAD +57) Merge fix for other sids in token from HEAD +58) Merge winbindd with current (more advanced) state of play in APPLIANCE_HEAD +59) fix smbclient / Win98 off by one bug +60) Never, *ever* hold a mutex lock in the message database where there may be + traversals being attempted +61) Add LDAP hack for retrieving the SAM sequence number when a member of a + Windows 2000 native mode domain +62) Fix race condition when changing a machine account password as we were + no longer locking the secrets entry +63) Allow '@' as a valid character in domain names +64) remove jobs from the spool directory when using cups +65) removed -lresolv for --enable-ldapsam +66) Memory leak fix and correct use of negative caching in winbindd +67) Updated spoolss parsing code with known good state of APPLIANCE_HEAD +68) Delete printer security check was reversed +69) Windows allows delete printer on a handle opened by an admin user, then + used on a pipe handle created by an anonymous user...We do to now... +70) Make explicit the difference between a tdb key with no data attached, and + a non existent entry +71) Ensure we register the 1c name on the unicast subnet. +72) Fix inheritance problem when recursively setting ACLs on directories +73) prevent ACL set on read-only share +74) Ensure we never have more than MAX_PRINT_JOBS in a queue +75) Added timeout to tdb_lock_bystring() +76) Ensure we set FIRST+LAST flags on a bind request +77) Add version strings to the usage message for smbcacls and smbpasswd +78) Fix bug in the write cache code +79) make the default printed values for boolean the same for all parameters +80) Default all LDAP connections to v3 with compiling with --with-ldapsam +81) Fix memory leak in smbspool +82) Fix bug in mangling code that resulted in Win9x clients not being + able to execute batch files in deep, non 8.3 directory paths +83) Fix infinite looping bug in winbindd_getgrent() +84) Fix crash bug on 64-bit systems (merge from HEAD) +85) Fix extended character bug when setting LanMan/NT password +86) Negotiate same SMB read size as a Windows 2000 file server + to fix performance bug with NT4 clients + + + ========================================= + +Older releases notes for 2.2.x distributions follow + +----------------------------------------------------------------------------- +The release notes for 2.2.5 follow : + +There have been several fixes and internal enhancements which include: + * Several compile fixes for Solaris and HP-UX * More printing fixes for Windows NT/2k/XP clients * New options for the VFS recycle bin library @@ -121,9 +289,6 @@ 43) Added links to new documentation on SWAT welcome page - ========================================= - -Older releases notes for 2.2.x distributions follow ----------------------------------------------------------------------------- The release notes for 2.2.4 follow : diff -u -r --new-file --exclude=CVS samba-2.2.5/WHATSNEW.txt.bak samba-2.2.6/WHATSNEW.txt.bak --- samba-2.2.5/WHATSNEW.txt.bak Thu Jan 1 00:00:00 1970 +++ samba-2.2.6/WHATSNEW.txt.bak Wed Oct 16 22:03:54 2002 @@ -0,0 +1,1068 @@ + WHAT'S NEW IN Samba 2.2.6 - 16th October 2002 + ============================================= + +This is the latest stable release of Samba. This is the version that all +production Samba servers should be running for all current bug-fixes. + +There have been several fixes and internal enhancements which include: + + * Fixes for MS-RPC printing issues affecting Windows 2000 clients + * New support for smb.conf generation in SWAT + * Inclusion of several performance enhancements (See --with-sendfile + & and the modified smb.conf(5) parameters in these Release Notes) + * Fixes for several file locking bugs and returned status codes + + +New Parameters +-------------- + +Refer to the smb.conf(5) man page for complete descriptions of new parameters. + + * profile acls (S) workaround for issue with WinXP SP1 + and roaming user profiles + +Removed Parameters +------------------ + + * max packet (G) + * packet size (G) + +Modified Parameters +------------------- + + * max xmit (G) new default value + * large readwrite (G) new default value + +New ./configure Options +----------------------- + + --with-sendfile Enable experimental sendfile support + --with-winbind-ldap-hack Enable winbindd_ldap_hack() functionality + for Windows 2000 native mode domains + + +Changes since 2.2.5 +-------------------- + +See the cvs log for SAMBA_2_2 for more details + +1) Fixed several compiler warnings caused by the use of const parameters +2) Fixed a hang in the main smbd process caused by an EINTR in the + wrong place +3) Fixed string substitutions to accept a length for sanity checks +4) Fixed 17-bit length field in nmb header +5) Removed non-portable inline declaration for functions +6) Performance fix for including files with an smb.conf variable in the + path name +7) Fix for parsing LPRng lpq output +8) Parsing fix for PRINTER_INFO_2 structure which was causing viewing + printer properties to fail +9) Fix for printer change notification and Windows NT clients which caused + the client to go into an infinite loop of refreshing the local printers + folder +10) Allow trans2 and nttrans messages to be processed in oplock break state + which fixes a problem with oplock break requests and Win2k clients +11) Don't crash on setfileinfo on printer fsp +12) Memory fixes caught by Valgrind +13) Updates to stop spurious error message in tdb +14) Fix silly logic bug in 'make smbd processes' and 'status = no' check +15) Fix compilation of pam_smbpass and --with-ldap +16) Fix compilation of smbwrapper on Solaris hosts +17) fix logic error in a check for enabling the winbind_pam_auth_crap() code + & fix formatting typo in --with-winbind-auth-challenge +18) Correcting check for ldap_start_tls() +19) Fixed a problem with getgroups() where it could include our current + effective gid +20) fix incorrect semantics in the DeletePrinterDriver() spoolss rpc + to only attempt to delete the architecture specified by the client +21) Don't allow TEMP attribute on directory open +22) Restore VxFS quotas to the 2.2 branch +23) Added basic "Wizard" functionality to SWAT +24) Fix initial "allocation size" in NTcreate&X call +25) Fix for open fid, "nametoolong" +26) Exit server on receipt of a non-SMB packet. Ensure we have + at least smb_size bytes before processing a packet +27) Replace inet_aton with inet_addr() to correct compile problems on Solaris +28) Include the "account" objectclass when adding a new account to --with-ldapsam + in order to comply with the data model implemented by OpenLDAP 2.1.x +29) Various fixes for POSIX compliance +30) Correct alignment & offset bug in EnumPrinterDataEx() +31) Fix access checks when modifying forms using a print server handle + (not just a printer handle) +32) Account for case data_len == 0 in EnumPrinterDataEx() +33) Fix logic error in blocking lock code +34) Fixed various incorrect return codes to clients +35) Add RESOLVE_DFSPATH to mkdir operations +36) Fix longstanding bug in Win2k clients by clearing the shortname + buffer before returning ASCII short name +37) added -t option to smbpasswd for explicitly changing a trust + account password when operating in security = domain +38) installed -x option to testparm to eXclude printing all parameter + values that are at default settings. +39) Fix shares/printers view in SWAT so that only Basic options are exposed + upon initial entry. +40) Added 1125 & KOI8-U to codepage list in Makefile.in +41) Include separate configure checks for *openbsd* & *freebsd* when + determining flags used to compile shared libraries. +42) Merge in free list unlock on error fix +43) Correctly fail opens with mismatching SYSTEM or HIDDEN attributes + if we are mapping system or hidden +44) Fix bug with stat mode open being done on read-only open with truncate +45) Fix crash bug discovered where cli struct was being deallocated in a + called function +46) Ensure we open UNIX fifo's non-blocking +47) Fix DeletePrinterDriver() (hopefully for the last time...yeah right....) +48) only lowercase global_myname in the %L substitution, not the whole string +49) Merged Steve French's fix for OS/2 EA return error being removed +50) Patch from Steve French to fix difference in responses to smbclient + //server/share ls / on Samba and Windows 2000 +51) Print error and exit if smb.conf doesn't have security=domain and + encrypt passwords=yes when joining domain +52) Added final Steve French patch for "required" attributes with old dir + listings +53) Initialize user_rid value in WINBIND_USERINFO structure returned by + the rpc version of query_user() +54) Ensure we've failed a lock with a lock denied message before automatically + pushing it onto the blocking queue +55) Add experimental --with-sendfile code +56) alignment fix in printing code merged from HEAD +57) Merge fix for other sids in token from HEAD +58) Merge winbindd with current (more advanced) state of play in APPLIANCE_HEAD +59) fix smbclient / Win98 off by one bug +60) Never, *ever* hold a mutex lock in the message database where there may be + traversals being attempted +61) Add LDAP hack for retrieving the SAM sequence number when a member of a + Windows 2000 native mode domain +62) Fix race condition when changing a machine account password as we were + no longer locking the secrets entry +63) Allow '@' as a valid character in domain names +64) remove jobs from the spool directory when using cups +65) removed -lresolv for --enable-ldapsam +66) Memory leak fix and correct use of negative caching in winbindd +67) Updated spoolss parsing code with known good state of APPLIANCE_HEAD +68) Delete printer security check was reversed +69) Windows allows delete printer on a handle opened by an admin user, then + used on a pipe handle created by an anonymous user...We do to now... +70) Make explicit the difference between a tdb key with no data attached, and + a non existent entry +71) Ensure we register the 1c name on the unicast subnet. +72) Fix inheritance problem when recursively setting ACLs on directories +73) prevent ACL set on read-only share +74) Ensure we never have more than MAX_PRINT_JOBS in a queue +75) Added timeout to tdb_lock_bystring() +76) Ensure we set FIRST+LAST flags on a bind request +77) Add version strings to the usage message for smbcacls and smbpasswd +78) Fix bug in the write cache code +79) make the default printed values for boolean the same for all parameters +80) Default all LDAP connections to v3 with compiling with --with-ldapsam +81) Fix memory leak in smbspool +82) Fix bug in mangling code that resulted in Win9x clients not being + able to execute batch files in deep, non 8.3 directory paths +83) Fix infinite looping bug in winbindd_getgrent() +84) Fix crash bug on 64-bit systems (merge from HEAD) +85) Fix extended character bug when setting LanMan/NT password +86) Negotiate same SMB read size as a Windows 2000 file server + to fix performance bug with NT4 clients + + + ========================================= + +Older releases notes for 2.2.x distributions follow + +----------------------------------------------------------------------------- +The release notes for 2.2.5 follow : + +There have been several fixes and internal enhancements which include: + +* Several compile fixes for Solaris and HP-UX +* More printing fixes for Windows NT/2k/XP clients +* New options for the VFS recycle bin library +* New internal signal handling semantics relating to directory change + notification and oplocks + +New/Changed parameters in 2.2.5 +-------------------------------- + +For more information on these parameters, see the man pages for +smb.conf(5). + +Added/changed parameters +------------------------ + +* block size = +* force unknown acl user = +* mangling method = [hash|hash2] + + +Deprecated Parameters +--------------------- + +The following parameters have been marked as deprecated and will be removed +in Samba 3.0 + +* strip dot +* status + + +Removed Parameters +------------------ + + none + + +Changes in 2.2.5 +---------------- + +See the cvs log for SAMBA_2_2 for more details + +1) Removal of several compiler warnings, incorrect Makefile dependencies, + and wrong autoconf tests on various platforms--Solaris & HP-UX 10.20 + being the predominantly reported platforms +2) Fixed winbindd crash bug on the IBM s390 running Linux +3) Inclusion of enhanced Linux quota support +4) Correctly link against Sun LDAP libraries on Solaris 8 (even through + there is no apparent SSL support there) +5) POSIX conformance patches +6) Include new configure --enable-cups option (can also be disabled even + if CUPS libraries are installed on the system) +7) Set reasonable default for the "passwd program" parameter using an + autoconf test +8) Added --with-winbind-auth for enabling winbindd_pam_auth_crap() code +9) fixed bug to prevent root account from being deleted by the + "delete user script" +10) Inclusion of autoconf script for building VFS modules +11) Add new run time options to the VFS recycle bin library (see + examples/VFS/recycle/README for details) +12) Include findsmb perl script as part of the "make install" process +13) Return correct error code for EnumPrinters(PRINTER_ENUM_REMOTE, InfoLevel1) + to fix a bug where printers appear at the workgroup level in the Windows + NT/2k APW browse list +14) Added support to nmblookup to return NMB flags (See nmblookup(8) for + details) +15) Fix length bug that caused password changes from Windows NT/2k clients to + occasionally fail +16) Correct false password expiration when using --with-ldapsam caused by + missing attributes in the directory +17) added -S option to smbpasswd for storing the SID of a domain controller + as the local machine SID in secrets.tdb. See the smbpasswd(8) man page + for details. +18) Various fixes for UNIX CIFS extensions commands +19) Fixed CIDR notation in "hosts allow/deny" +20) Change semantics of an idle connection to mean "no open files and no + open handles". We cannot idle a connection if there are open named + pipe handles. This fixes scalability problem on Samba print servers + and NT/2k clients introduced in 2.2.4 +21) Fix germam umlaut problem when returning ACL entries +22) Return NT_STATUS_OBJECT_NAME_NOT_FOUND for ENOENT. This fixes the bug + of running the Microsoft Access executable (msaccess.exe) and database + files from a Samba share documented in the 2.2.4 release +23) Corrected signal handling relating to directory change notification and + kernel oplocks +24) Fix bug in unix_to_nt_time() that appeared on files dated close to Daylight + Savings Time +25) Corrected alignment bug in spoolss parsing code which caused Win2k/XP + clients not to be able to view printer properties from a Samba host +26) Fixed spoolss parsing bug causing printing from ACT! 2000 running on + Windows 2k/XP clients to fail +27) Fixed incorrect error check in mod_share_entry() +28) Allow %S variable in MS-DFS root paths +29) Correct a bug regarding the use of 'wbinfo -A' +30) Fixed libnss_wins.so to correctly work on RedHat 7.3 systems +31) Store the key for a name-to-sid cache entry in upper case rather than + whatever case the request was made in. This gets rid of duplicate + cache entries. +32) Fix bug causing the pid stored in winbindd's pid file to be the wrong id +33) Enhanced error reporting messages of wbinfo +34) Parameterize block size on disk size return +35) Added new parameter to allow incoming ACLs to have owner and group forced + to the currently logged in user. This fixes the XCOPY /O problem +36) Fixed bug in local_change_password() caused by reusing a struct + passwd* pointer +37) Change default value for "ldap port" to 389 if "ldap ssl = no" +38) Updated HOWTO's, manpages, and general documentation.... +39) Allow root as well as domain admins to open an LDAP connection +40) Fixed veto files bug with ".*" +41) Fixed uninitialized variable bug in smbpasswd that was causing a random + IP address to be used in the connection when joining a domain +42) Fix for joining a domain with a netbios name of 15 characters and + pre-creating the account on the DC +43) Added links to new documentation on SWAT welcome page + + + +----------------------------------------------------------------------------- +The release notes for 2.2.4 follow : + +There have been several fixes and internal enhancements which include: + + * More/better SPOOLSS printing functionality for Windows + NT/2k/XP clients. + * Several fixes relating to serving PC database files such + as (Access and FoxPro) from a Samba file share. + * Several improves in Samba's VFS layer which can be seen + in the inclusion of a "Recycle Bin" vfs module. See + examples/VFS/README for more details on this. + * Addition of a tool (tdbbackup) for backup/restore of Samba's + tdb's + * Continued improvements to winbind for greater scalability + and stability + * Several fixes related to Samba's MS-DFS support + * Rpcclient's various printer commands now work (again) + + +New/Changed parameters in 2.2.4 +-------------------------------- + +For more information on these parameters, see the man pages for +smb.conf(5). + +Added/changed parameters +------------------------ + +* csc policy +* inherit acls +* nt status support +* lock spin count +* lock spin time +* pid directory +* winbind use default domain + + +Deprecated parameters +--------------------- + +The following parameters have been marked as deprecated +and will be removed in Samba 3.0 + +* postscript +* printer driver +* printer driver file +* printer driver location + + +Removed Parameters +------------------ + + none + + +Changes in 2.2.4 +---------------- + +See the cvs log for SAMBA_2_2 for more details + +1) added -c option to smbpasswd +2) reworked smbpasswd internal command line option parsing +3) small various bug fixes to experimental pdb_tdb.c +4) Enforce spoolss RPCs based on the access granted at PrinterOpen() +5) Added missing access checks to [add/delete/set]form +6) Compile fixes for pam_smbpass +7) fix smbd crash when netbios session request fails from + spoolss_connect_to_client(). +8) fixed logic bug that prevent SetPrinter() from storing devmode +9) Removed extra get_printer_snum() calls from set_printer_hnd_name() +10) fix joining domain on big endian machine when using -U to smbpasswd +11) allow command line arg to override smb.conf log level +12) continue to retry to register 1b name with wins server if there is an old IP there +13) fix smbclient print crash bug +14) 9x pnp fix when the config file and driver file are different +15) force testparm to print the correct value for log level +16) fix swat to show full log level info +17) fix server GetPrinterData() fields to be more sensible +18) fix logic error in SetPrinterDataEx() +19) Only set smb_read_error if not already set +20) Fix string returns that require unicode +21) Merge of printing performance fixes from appliance +22) lpq parsing fixes +23) Back port tridge's xcopy /o fix from HEAD +24) Fix the printer change notify code (unfinished) +25) Patch for Domain users not showing up +26) Fixed SetPrinterData(magic key) to support zero length DEVMODE +27) Ensure that all methods of looking up and connecting to DC's work + using identical logic. +28) Merge in the mutex code to stop multiple domain logon failure +29) Ignore 0/0 lock +30) Fix winbindd to respect command line debuglevel as nmbd/smbd +31) Update with tdbbackup from HEAD +32) Fix for typo on solaris nss +33) Merge in the locking changes from HEAD +34) Added POSIX ACL layer into the vfs +35) Fix the returning of domain enum +36) Fix the generation of the MACHINE.SID file into the secrets.tdb. +37) Enable test for -rdynamic when building binaries +38) Remove the "stat open" code - make it inline +39) Fix the mp3 rename bug +40) Fix for Explorer DFS problems on older Windows 9X machines +41) implement OpenPrinter() opnum == 0x01 +42) Matched W2K *insane* open semantics.... +43) small fix that will prevent the "failed to marshall + R_NET_SAMLOGON" message in the logs +42) don't do checking of local passdb in smbpasswd if using -r option +43) fix "smbpasswd -j DOMAIN -r * -U Admin%XXXX" so that it doesn't + try to connect to a server named '*' +44) merge rpcclient code from HEAD +45) Ensure MACHINE.SID update done before child spawns +46) Fix the bad path errors for mkdir so mkdir \a\b\c\d works +47) Removed --with-vfs - always built if available +48) Fixed psec for 2.2 +49) Fixed the handle leak in the connection management code +50) fix disable spoolss after the switch to nt status codes +51) Added Shirish's client side caching policy change +52) Honor the specversion when parsing the the DEVICEMODE +53) fix parsing bug when DEVICEMODE's private data does not end + on a 4 byte boundary +54) do not idle an smbd when there is an open pipe +55) when a new driver is added to a Samba server, cycle through + all printers and bump the change_id for each one bound to the driver +56) allow smbclient to work with a FIFO as well (needed for KDE + ioslave) +57) various updates to pdb_nisplus.c +58) many small documentation updates +59) removed many compiler warnings + + +----------------------------------------------------------------------------- +The release notes for 2.2.3a follow : + +This is a minor bugfix release for the 2.2.3 release. The 2.2.3 +release had a problem that was visible to Windows 2000 Explorer +users in that copying files into a share that already existed +failed with "Access Denied" rather than asking the user if an +overwrite was required. This was due to an incorrect error mapping +between the UNIX EXIST error code and the NT status error. + +As Windows Explorer is a highly visible end user application a quick +bugfix release was required, hence 2.2.3a. + +Compilation on HPUX versions earlier than HPUX 11 has also been +corrected. + +The cvs.log file is no longer included with this release, as it adds +13Mb to the size of the release, and is easily available on the Web. + +----------------------------------------------------------------------------- +The release notes for 2.2.3 follow : + +There are several important scaling bugs that have been fixed in this release +for large server systems so an upgrade is recommended. + +LDAP update +----------- + +Much work has been done on the LDAP backend code. The configure +option --with-ldapsam is now considered to be stable. The schema +used has changed, see the file examples/LDAP/samba.schema for the +new schema. + +New documentation explaining how to set up a Samba only PDC/BDC +setup has been added in the files Samba-LDAP-HOWTO and Samba-BDC-HOWTO +in the documentation tree. + +winbindd daemon extended +------------------------ + +Samba 2.2.2 was the first release to include the winbind daemon. +This code allows UNIX systems that implement the name service +switch (nss) to be entered into a Windows NT/2000 domain and +use the Domain controller for all user and group enumeration. + +Samba 2.2.3 fixes the known memory leaks in winbindd and has +been extended to work with SGI IRIX and HPUX (11.x) in addition +to the earlier targets of Linux and Solaris. + +For more information on using winbind, see the man pages for +winbindd and wbinfo. + +Note that winbindd is not installed by default. + +New/Changed parameters in 2.2.3 +-------------------------------- + +For more information on these parameters, see the man pages for +smb.conf. + +Added/changed parameters. +------------------------- + +unix extensions + +Enables the experimental UNIX CIFS extensions in smbd. See the manpage +for more details. + +default devmode + +Some printer drivers will crash the Windows NT/2000 spooler service +if they are given a default devmode, some require it. This parameter +allows the administrator a choice of whether smbd returns such a +default devmode for a driver. + +share modes + +This parameter has been restored to allow people who wish smbd to ignore +client share modes. This is *very dangerous* and should not be set without +full knowledge of what this is designed for. + +Changes in 2.2.3 +----------------- + +1). Fixed shared library compile for Solaris with native compiler. +2). UNIX CIFS extensions code added (donated by HP). +3). Changed to using NT status codes on the wire if the client can support +this. +4). altname command to show 8.3 name added to smbclient. +5). const-safe endian macros now used. +6). client code now uses UNICODE on the wire. +7). Correctly return fault PDU's on bad handle. +8). Improved NT error code mapping table. +9). Many new point and print RPC calls added. +10). Win9x clients can now see full user list. +11). field added to identify simultaneous open files (no longer +use dev/inode/time as unique value). +12). HPUX ACL code added (donated by HP). +13). vfs interfaces updated (again !). +14). MSDOS Code Page 866 -> 1251 mapping added. +15). winbindd now processes quit/hup signals correctly. +16). No tdb traversal done on startup/shutdown - ensures scalability. +17). Fix bug with paths for homes share. +18). Fixed copyfile for OS/2. +19). Fix group membership when groups are on more than one line. +20). Fixed core dumps in posix ACL mapping code. +21). Tidyup of UNICODE functions (put/get). +22). Move rpcclient to the new libsmb code. +23). Add missing Windows 2000 passthough trans2 calls. +24). Return check all tdb calls. +25). Make local name lookup work even if wins server is down. +26). pam session code added to winbind. +27). Added winbindd cache to all lookups. +28). Fix allocate bugs that caused file sizes to be incorrect. +29). Fixed write cache code - now safe to use. +30). Fixed winbindd memory leaks. +31). winbindd will now do name lookups (to allow non Open Source +systems to do the nsswitch WINS lookup). Fixed by SGI. +32). passdb memory leaks fixed. +33). LDAP code updates and now properly maintained. +34). Finally figured out how changeid is meant to work. +35). Downlevel printing now looks as NT does in print monitor window. +36). Many fixups in spoolss printing RPC parsing. +37). Speed up password enumeration as a PDC. +38). Fix printer changed notify messages (work from HP). +39). Fix modify timestamp on close code. +40). Fix long standing mangled names bug. +41). Fix delete on close semantics. +42). Stop opening all files with O_NONBLOCK ! +43). Use O_NOFOLLOW for systems that have it and don't want symlinks. +44). Ensure NT supplementary groups get added to user token. +45). Try and mitigate effects of DNS timeout (do less lookups). +46). Added current user connection context stack. +47). Fixes to utmp code. +48). smbw code tidyups. +49). Added tdb open log code. Several tdb fixes. + +----------------------------------------------------------------------------- +The release notes for 2.2.2 follow : + +New daemon included - winbindd +------------------------------ + +Samba 2.2.2 is the first release to include the winbind daemon. +This code allows UNIX systems that implement the name service +switch (nss) to be entered into a Windows NT/2000 domain and +use the Domain controller for all user and group enumeration. + +This allows a Samba server added to a Windows domain to serve +file and print services with *NO* local users needed in /etc/passwd +and /etc/group - all users and groups are read directly from the +Windows domain controller. In addition with pam_winbind which allows +a PAM enabled UNIX system to use a Windows domain for authentication +service this allows single sign on and account control across +UNIX and Windows systems. + +The current version of winbindd shipped in 2.2.2 does have some +memory leaks, which will be addressed for the next Samba release, +so it is advisable to monitor the winbind process. This code is +being used in production by several vendors, so the leaks are +manageable. In addition, this version of winbind does not work +correctly against a Samba PDC, due to some missing calls on the +PDC side. These problems are being addressed for the next Samba +release, but it was thought better to release the code now rather +than delay the main Samba code to match the winbind release schedule. + +For more information on using winbind, see the man pages for +winbindd and wbinfo. + +Note that winbindd is not installed by default. + +New/Changed parameters in 2.2.2 +------------------------------- + +For more information on these parameters, see the man pages for +smb.conf. + +Added/changed parameters. +------------------------- + +strict allocate + +Causes Samba not to create UNIX 'sparse' files, but to follow the +Windows behavior of always allocating on-disk space. + +use mmap + +Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other +UNIX systems that don't have coherent mmap/read-write internal caches. +You should not need to set this parameter. + +nt acl support + +This parameter has been changed to a per-share option, and is very +useful in enabling Windows 2000 SP2 to load/save profiles from a +Samba share. + +New printing parameters. +------------------------ + +disable spoolss + +Setting this parameter causes Samba to go back to the old 2.0.x +LANMAN printing behavior, for people who wish to disable the +new SPOOLSS pipe. + +use client driver + +Causes Windows NT/2000 clients to need have a local printer driver +installed and to treat the printer as local. + +New LDAP parameters. +-------------------- + +Samba 2.2.2 contains new code to maintain a Samba SAM database +on a remote LDAP server. These parameters have been added as +part of this code. These parameters are only available when Samba +has been compiled with the --with-ldapsam option. + +ldap admin dn +ldap ssl + +New SSL parameters. +------------------- + +The SSL support in Samba has been fixed. These new parameters +are part of the changes added. These parameters are only available +when Samba has been compiled with the --with-ssl option. +Please see the smb.conf man page for details. + +ssl egd socket +ssl entropy file +ssl entropy bytes + +New winbindd parameters. +------------------------ + +These parameters are used by winbindd. See the man page for +winbindd for details. + +winbind separator +winbind uid +winbind gid +winbind cache time +winbind enum users +winbind enum groups +template homedir +template shell + +Removed parameters. +------------------- + +share modes +ldap root +ldap root passwd + +New Documentation. +------------------ + +Some new README's have been added in the docs/ directory. These cover +using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2), +and how to use Samba to help prevent Windows virus spread +(docs/README.Win32-Viruses). + +Quota problems on a Linux 2.4 kernel. +------------------------------------- + +Currently the quota interfaces have diverged between the Linus +2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox variants +are shipped with RedHat). Running quota-enabled Samba compiled on +an Alan Cox kernel works correctly on an Alan Cox kernel (the one +shipped by default with RedHat 7.x) but fails on a Linus kernel. + +This is a mess, and hopefully Alan and Linus will sort it out soon. +In the meantime we need to ship..... + +Changes in 2.2.2 +----------------- + +1). mmap tdb code disabled on HPUX. This should prevent the reports of +tdb corruption on HUPX. +2). Large file support set to off in Solaris 5.5 and below. +3). Better CUPS detection. +4). New SAM (password database) backends - smbpasswd (traditional), +LDAP, NIS+ and Samba TDB. +5). Quota fixups on Linux. +6). libsmbclient stand-alone code added. Can be built as a shared library +under Linux. +7). Tru64 ACL support added. +8). winbindd option added. +9). Realloc fail tidyup fixes all over the code. +10). Large improvement in hash table code efficiency - would be found with +large stat caches. +11). Error code consistency improved (still needs more work). +12). Profile shared memory support added to nmbd. +13). New Windows 2000/NT passthrough info levels added. +14). readraw/writeraw code rewritten - many bugs fixed. +15). UNIX password sync (non pam) code fixed, use correct wildcard matcher. +16). Reverse DNS lookup avoided on socket open. +17). Bug preventing nmbd re-registering names on WINS server timeout fixed. +18). Zero length byte range lock code added. Much closer to Windows semantics. +19). Alignment fault fixes for Linux/Alpha. +20). Error checking on tdb returns vastly improved. +21). Handling of delete on close fixed. No longer possible to leave 'dead' +file entries. +22). Handling of oplock break failure cleanups improved. Should not be +able to leave 'dead' entries. +23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts. +24). Misc. MS-DFS code fixes. +25). Ignore logon packets if not a PDC (needed for PDC/BDC failover). +26). winbind pam module added. +27). Order N^^2 enumeration of printers problem fixed. +28). Password backend database code re-ordered to allow different password +backends (at compile time currently). +29). Improved print driver version detection for Windows 2000. +30). Driver DEVMODE initialization fixes. +31). Improved SYSV print parse code. +32). Fixed enumeration of large numbers of users/groups from Windows clients. +Code still too slow. +33). Fix for buggy NetApp RPC pipe clients. +34). Fix for NT sending multiple SetPrinterDataEx calls. +35). Fix for logic bug where smbd could delay oplock break request messages +from other smbd daemons whilst client kept us busy. +36). Fix deadlock problem with connections tdb on enumeration. +37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways. +38). Removed unused readbmpx/writebmpx code. +39). Attempt to fix Linux 2.4.x quota mess. +40). Improved ctemp code for Windows 2000 compatibility. +41). Finally understood difference between set EOF and set allocation requests. +Added strict allocate parameter to help. +42). Correctly return name types on name to SID lookups. +43). tdb spinlock code update. +44). Use pread/pwrite on systems that have it to fix race condition in tdb code. + +----------------------------------------------------------------------------- +The release notes for 2.2.1a follow : + +This is a minor bugfix release for 2.2.1, *NOT* security related. + +1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or +Windows2000 machine into a Samba hosted PDC would fail due to our +stricter user name checking. We were disallowing user names +containing '$', which is needed when using smbpasswd to add a +machine into a domain. Automatically adding machines (using the +native Windows tools) into a Samba domain worked correctly. + +2.2.1a fixes this single problem. + +----------------------------------------------------------------------------- +The release notes for 2.2.1 follow : + +New/Changed parameters in 2.2.1 +------------------------------- + +Added parameters. +----------------- + +obey pam restrictions + +When Samba is configured to use PAM, turns on or off Samba checking +the PAM account restrictions. Defaults to off. + +pam password change + +When Samba is configured to use PAM, turns on or off Samba passing +the password changes to PAM. Defaults to off. + +large readwrite + +New option to allow new Windows 2000 large file (64k) streaming +read/write options. Needs a 64 bit underlying operating system +(for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance +by 10% with Windows 2000 clients. Defaults to off. Not as tested +as some other Samba code paths. + +hide unreadable + +Prevents clients from seeing the existence of files that cannot +be read. Off by default. + +enhanced browsing + +Turn on/off the enhanced Samba browsing functionality (*1B names). +Default is "on". Can prevent eternal machines in workgroups when +WINS servers are not synchronized. + +Removed parameters. +------------------- + +domain groups +domain admin users +domain guest users + +Changes in 2.2.1 +----------------- + +1). "find" command removed for smbclient. Internal code now used. +2). smbspool updates to retry connections from Michael Sweet. +3). Fix for mapping 8859-15 characters to UNICODE. +4). Changed "security=server" to try with invalid username to prevent + account lockouts. +5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC. +6). Support for Windows 9x Nexus tools to allow security changes from Win9x. +7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network + lock tester tool for distributed databases. +8). Preliminary support added for Windows 2000 large file read/write SMBs. +9). Changed random number generator in Samba to prevent guess attacks. +10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb. + smbd's clean the tdb files on startup and shutdown. +11). Fixes for default ACLs on Solaris. +12). Tidyup of password entry caching code. +13). Correct shutdowns added for send fails. Helps tdb cleanup code. +14). Prevent invalid '/' characters in workgroup names. +15). Removed more static arrays in SAMR code. +16). Client code is now UNICODE on the wire. +17). Fix 2 second timestamp resolution everywhere if dos timestamp set to yes. +18). All tdb opens now going through logging function. +19). Add pam password changing and pam restrictions code. +20). Printer driver management improvements (delete driver). +21). Fix difference between NULL security descriptors and empty + security descriptors. +22). Fix SID returns for server roles. +23). Allow Windows 2000 mmc to view and set Samba share security descriptors. +24). Allow smbcontrol to forcibly disconnect a share. +25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent + mmap/file read/write cache. +26). Fix race condition in returning create disposition for file create/open. +27). Fix NT rewriting of security descriptors to their canonical form for + ACLs. +28). Fix for Samba running on top of Linux VFAT ftruncate bug. +29). Swat fixes for being run with xinetd that doesn't set the umask. +30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft + TCP stack early ack specification error. +31). Changed lock & persistent tdb directory to /var/cache/samba by default on + RedHat and Mandrake as they clear the /var/lock/samba directory on reboot. + +----------------------------------------------------------------------------- +The release notes for 2.2.0a follow : + +SECURITY FIX +============ + +This is a security bugfix release for Samba 2.2.0. This release provides the +following two changes *ONLY* from the 2.2.0 release. + +1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) + and described in the security advisory below. +2). Fix for the hosts allow/hosts deny parameters not being honoured. + +No other changes are being made for this release to ensure a security fix only. +For new functionality (including these security fixes) download Samba 2.2.1 +when it is available. + +The security advisory follows : + + + IMPORTANT: Security bugfix for Samba + ------------------------------------ + +June 23rd 2001 + + +Summary +------- + +A serious security hole has been discovered in all versions of Samba +that allows an attacker to gain root access on the target machine for +certain types of common Samba configuration. + +The immediate fix is to edit your smb.conf configuration file and +remove all occurances of the macro "%m". Replacing occurances of %m +with %I is probably the best solution for most sites. + +Details +------- + +A remote attacker can use a netbios name containing unix path +characters which will then be substituted into the %m macro wherever +it occurs in smb.conf. This can be used to cause Samba to create a log +file on top of an important system file, which in turn can be used to +compromise security on the server. + +The most commonly used configuration option that can be vulnerable to +this attack is the "log file" option. The default value for this +option is VARDIR/log.smbd. If the default is used then Samba is not +vulnerable to this attack. + +The security hole occurs when a log file option like the following is +used: + + log file = /var/log/samba/%m.log + +In that case the attacker can use a locally created symbolic link to +overwrite any file on the system. This requires local access to the +server. + +If your Samba configuration has something like the following: + + log file = /var/log/samba/%m + +Then the attacker could successfully compromise your server remotely +as no symbolic link is required. This type of configuration is very +rare. + +The most commonly used log file configuration containing %m is the +distributed in the sample configuration file that comes with Samba: + + log file = /var/log/samba/log.%m + +in that case your machine is not vulnerable to this attack unless you +happen to have a subdirectory in /var/log/samba/ which starts with the +prefix "log." + +Credit +------ + +Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this +vulnerability. + + +New Release +----------- + +While we recommend that vulnerable sites immediately change their +smb.conf configuration file to prevent the attack we will also be +making new releases of Samba within the next 24 hours to properly fix +the problem. Please see http://www.samba.org/ for the new releases. + +Please report any attacks to the appropriate authority. + + The Samba Team + security@samba.org + +--------------------------------------------------------------------------- + +The release notes for 2.2.0 follow : + +This is the official Samba 2.2.0 release. This version of Samba provides +the following new features and enhancements. + +Integration between Windows oplocks and NFS file opens (IRIX and Linux +2.4 kernel only). This gives complete data and locking integrity between +Windows and UNIX file access to the same data files. + +Ability to act as an authentication source for Windows 2000 clients as +well as for NT4.x clients. + +Integration with the winbind daemon that provides a single +sign on facility for UNIX servers in Windows 2000/NT4 networks +driven by a Windows 2000/NT4 PDC. winbind is not included in +this release, it currently must be obtained separately. We are +committed to including winbind in a future Samba 2.2.x release. + +Support for native Windows 2000/NT4 printing RPCs. This includes +support for automatic printer driver download. + +Support for server supported Access Control Lists (ACLs). +This release contains support for the following filesystems: + + Solaris 2.6+ + SGI Irix + Linux Kernel with ACL patch from http://acl.bestbits.at + Linux Kernel with XFS ACL support. + Caldera/SCO UnixWare + IBM AIX + FreeBSD (with external patch) + +Other platforms will be supported as resources are +available to test and implement the necessary modules. If +you are interested in writing the support for a particular +ACL filesystem, please join the samba-technical mailing +list and coordinate your efforts. + +On PAM (Pluggable Authentication Module) based systems - better debugging +messages and encrypted password users now have access control verified via +PAM - Note: Authentication still uses the encrypted password database. + +Rewritten internal locking semantics for more robustness. +This release supports full 64 bit locking semantics on all +(even 32 bit) platforms. SMB locks are mapped onto POSIX +locks (32 bit or 64 bit) as the underlying system allows. + +Conversion of various internal flat data structures to use +database records for increased performance and +flexibility. + +Support for acting as a MS-DFS (Distributed File System) server. + +Support for manipulating Samba shares using Windows client tools +(server manager). Per share security can be set using these tools +and Samba will obey the access restrictions applied. + +Samba profiling support (see below). + +Compile time option for enabling a (Virtual file system) VFS layer +to allow non-disk resources to be exported as Windows filesystems +(such as databases etc.). + +The documentation in this release has been updated and converted +from Yodl to DocBook 4.1. There are many new parameters since 2.0.7 +and some defaults have changed. + +Profiling support. +------------------ +Support for collection of profile information. A shared +memory area has been created which contains counters for +the number of calls to and the amount of time spent in +various system calls, smb transactions and nmbd activity. See +the file profile.h for a complete listing of the information +collected. Sample code for a samba pmda (collection agent +for Performance Co-Pilot) has been included in the pcp +directory. + +To enable the profile data collection code in samba, you must +compile samba with profile data support (run configure with +the --with-profiling-data option). On startup, collection of +data is disabled. To begin collecting data use the smbcontrol +program to turn on profiling (see the smbcontrol man page). +Profile information collection can be enabled for nmbd, all smbd +processes or one or more selected processes. The profiling +data collected is the aggregate for all processes that have +profiling enabled. + +With samba compiled for profile data collection, you may see +a very slight degradation in performance even with profiling +collection turned off. On initial tests with NetBench on an +SGI Origin 200 server, this degradation was not measurable +with profile collection off compared to no profile collection +compiled into samba. + +With count profile collection enabled on all clients, the +degradation was less than 2%. With full profile collection +enabled on all clients, the degradation was about 8.5%. + +===================================================================== + +If you think you have found a bug please email a report to : + + samba@samba.org + +As always, all bugs are our responsibility. + +Regards, + + The Samba Team. diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/Samba-HOWTO-Collection.pdf samba-2.2.6/docs/Samba-HOWTO-Collection.pdf --- samba-2.2.5/docs/Samba-HOWTO-Collection.pdf Wed Jun 19 01:13:14 2002 +++ samba-2.2.6/docs/Samba-HOWTO-Collection.pdf Wed Oct 9 20:27:11 2002 @@ -1,6 +1,6 @@ %PDF-1.2 %âãÏÓ -1 0 obj<>endobj +1 0 obj<>endobj 2 0 obj<>endobj 3 0 obj<>endobj 4 0 obj<>endobj @@ -3666,7 +3666,7 @@ 0000256429 00000 n 0000256524 00000 n trailer -<<37f2139748809e07227d5db7799d36c3>]>> +<]>> startxref 256739 %%EOF diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/docbook/manpages/smb.conf.5.sgml samba-2.2.6/docs/docbook/manpages/smb.conf.5.sgml --- samba-2.2.5/docs/docbook/manpages/smb.conf.5.sgml Wed Jun 19 01:13:16 2002 +++ samba-2.2.6/docs/docbook/manpages/smb.conf.5.sgml Wed Oct 16 04:30:47 2002 @@ -109,7 +109,7 @@ [foo] path = /home/bar - writeable = true + read only = no @@ -124,9 +124,9 @@ [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes @@ -195,7 +195,7 @@ [homes] - writeable = yes + read only = no @@ -897,6 +897,7 @@ printer driver location printer name printing + profile acls public queuepause command queueresume command @@ -915,6 +916,7 @@ strict sync sync always use client driver + use sendfile user username users @@ -1328,7 +1330,7 @@ queue the lock request, and periodically attempt to obtain the lock until the timeout period expires. - If this parameter is set to false, then + If this parameter is set to no, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained. @@ -1353,7 +1355,7 @@ This controls whether smbd(8) will serve a browse list to a client doing a NetServerEnum call. Normally - set to true. You should never need to change + set to yes. You should never need to change this. Default: browse list = yes @@ -2135,11 +2137,11 @@ This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the veto files - option). If this option is set to false (the default) then if a vetoed + option). If this option is set to no (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want. - If this option is set to true, then Samba + If this option is set to yes, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file serving systems such as NetAtalk which create meta-files within @@ -2417,7 +2419,7 @@ domain logons (G) - If set to true, the Samba server will serve + If set to yes, the Samba server will serve Windows 95/98 Domain logons for the workgroup it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows @@ -2542,7 +2544,7 @@ default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user smbd is acting on behalf of is not the file owner. Setting this option to - true allows DOS semantics and smbd will change the file + yes allows DOS semantics and smbd will change the file timestamp as DOS requires. Default: dos filetimes = no @@ -2963,7 +2965,7 @@ caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the wide links - parameter is set to false. + parameter is set to no. Default: getwd cache = yes @@ -3108,7 +3110,7 @@ homedir map (G) Ifnis homedir - is true, and is yes, and smbd(8) is also acting as a Win95/98 logon server then this parameter specifies the NIS (or YP) map from which the server for the user's @@ -3503,11 +3505,11 @@ with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with - Windows 2000 clients. Defaults to off. Not as tested as some other Samba - code paths. + Windows 2000 clients. Defaults to on. Windows NT 4.0 only supports + read version of this call, and ignores the write version. - Default : large readwrite = no + Default : large readwrite = yes @@ -3692,7 +3694,7 @@ oplocks are supported then level2 oplocks are not granted (even if this parameter is set to yes). Note also, the oplocks - parameter must be set to true on this share in order for + parameter must be set to yes on this share in order for this parameter to have any effect. See also the oplocks @@ -3713,10 +3715,10 @@ nmbd(8) will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three - values, true, false, or + values, yes, no, or auto. The default is auto. - If set to false Samba will never produce these - broadcasts. If set to true Samba will produce + If set to no Samba will never produce these + broadcasts. If set to yes Samba will produce Lanman announce broadcasts at a frequency set by the parameter lm interval. If set to auto Samba will not send Lanman announce broadcasts by default but will @@ -3771,15 +3773,15 @@ local master (G) This option allows nmbd(8) to try and become a local master browser - on a subnet. If set to false then + on a subnet. If set to no then nmbd will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By - default this value is set to true. Setting this value to true doesn't + default this value is set to yes. Setting this value to yes doesn't mean that Samba will become the local master browser on a subnet, just that nmbd will participate in elections for local master browser. - Setting this value to false will cause nmbd + Setting this value to no will cause nmbd never to become a local master browser. Default: local master = yes @@ -4803,12 +4805,14 @@ max xmit (G) This option controls the maximum packet size - that will be negotiated by Samba. The default is 65535, which - is the maximum. In some cases you may find you get better performance + that will be negotiated by Samba. The default in Samba 2.2.6 is + now 16644 (changed from 65535 in earlier releases) which matches + Windows 2000. This allows better performance with Windows NT clients. + The maximum is 65535. In some cases you may find you get better performance with a smaller value. A value below 2048 is likely to cause problems. - Default: max xmit = 65535 + Default: max xmit = 16644 Example: max xmit = 8192 @@ -5457,7 +5461,7 @@ if the expect string is a full stop then no string is expected. If the pam - password change parameter is set to true, the chat pairs + password change parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions. @@ -5519,7 +5523,7 @@ it. Note that if the unix - password sync parameter is set to true + password sync parameter is set to yes then this program is called AS ROOT before the SMB password in the smbpasswd(5) file is changed. If this UNIX password change fails, then @@ -5530,7 +5534,7 @@ is set this parameter MUST USE ABSOLUTE PATHS for ALL programs called, and must be examined for security implications. Note that by default unix - password sync is set to false. + password sync is set to no. See also unix password sync. @@ -5819,7 +5823,7 @@ url="nmbd.8.html">nmbd(8) is a preferred master browser for its workgroup. - If this is set to true, on startup, nmbd + If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with @@ -5993,7 +5997,7 @@ Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling - of print data. The writeable + of print data. The read only parameter controls only non-printing access to the resource. @@ -6240,7 +6244,40 @@ + + + + profile acls (S) + + This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\Administrators, + BUILTIN\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user. + If you didn't understand the above text, you probably should not set + this parameter :-). + Default profile acls = no + + + + @@ -6345,7 +6382,7 @@ This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the writeable + linkend="READONLY">read only option is set to. The list can include group names using the syntax described in the invalid users parameter. @@ -6364,8 +6401,18 @@ read only (S) - Note that this is an inverted synonym for writeable. + An inverted synonym is + writeable. + + If this parameter is yes, then users + of a service may not create or modify files in the service's + directory. + + Note that a printable service (printable = yes) + will ALWAYS allow writing to the directory + (user privileges permitting), but only via spooling operations. + + Default: read only = yes @@ -6498,10 +6545,10 @@ restrict anonymous (G) - This is a boolean parameter. If it is true, then + This is a boolean parameter. If it is yes, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, - but it doesn't. Setting it to true will force these anonymous + but it doesn't. Setting it to yes will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter is only recommended for homogeneous NT client environments. @@ -6511,7 +6558,7 @@ likes to use anonymous connections when refreshing the share list, and this is a way to work around that. - When restrict anonymous is true, all anonymous connections + When restrict anonymous is yes, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate its machine account after someone else has logged on the client @@ -6815,7 +6862,7 @@ url="smbpasswd.8.html">smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the encrypted passwords - parameter to be set to true. In this + parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do. @@ -7621,10 +7668,10 @@ sync always (S) This is a boolean parameter that controls whether writes will always be written to stable storage before - the write call returns. If this is false then the server will be + the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). - If this is true then every write will be followed by a fsync() + If this is yes then every write will be followed by a fsync() call to ensure the data is written to disk. Note that the strict sync parameter must be set to yes in order for this parameter to have @@ -7759,9 +7806,9 @@ unix extensions(G) This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. These - extensions enable CIFS to server UNIX clients to UNIX servers - better, and allow such things as symbolic links, hard links etc. + implments the CIFS UNIX extensions, as defined by HP. + These extensions enable Samba to better serve UNIX CIFS clients + by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients. @@ -7777,7 +7824,7 @@ This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. - If this is set to true the program specified in the passwd + If this is set to yes the program specified in the passwd programparameter is called AS ROOT - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no @@ -7867,7 +7914,7 @@ This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a - coherent cache, and so this parameter is set to false by + coherent cache, and so this parameter is set to no by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with the tdb internal code. @@ -7882,7 +7929,7 @@ use rhosts (G) - If this global parameter is true, it specifies + If this global parameter is yes, it specifies that the UNIX user's .rhosts file in their home directory will be read to find the names of hosts and users who will be allowed access without specifying a password. @@ -7899,7 +7946,6 @@ - user (S) Synonym for @@ -7949,7 +7995,7 @@ can use the valid users parameter. - If any of the usernames begin with a '@' then the name + If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users @@ -8097,12 +8143,30 @@ + + use sendfile (S) + If this parameter is yes, and Samba + was built with the --with-sendfile-support option, and the underlying operating + system supports sendfile system call, then some SMB read calls (mainly ReadAndX + and ReadRaw) will use the more efficient sendfile system call for files that + are exclusively oplocked. This may make more efficient use of the system CPU's + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet. + + + Default: use sendfile = no + + + + + + utmp (G) This boolean parameter is only available if Samba has been configured and compiled with the option - --with-utmp. If set to true then Samba will attempt + --with-utmp. If set to yes then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share. @@ -8380,7 +8444,7 @@ getpwent() and endpwent() group of system calls. If the winbind enum users parameter is - false, calls to the getpwent system call + no, calls to the getpwent system call will not return any data. Warning: Turning off user @@ -8402,7 +8466,7 @@ getgrent() and endgrent() group of system calls. If the winbind enum groups parameter is - false, calls to the getgrent() system + no, calls to the getgrent() system call will not return any data. Warning: Turning off group @@ -8478,9 +8542,9 @@ own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system. - Default: winbind use default domain = <falseg> + Default: winbind use default domain = <no> - Example: winbind use default domain = true + Example: winbind use default domain = yes @@ -8575,9 +8639,9 @@ wins support (G) This boolean controls if the nmbd(8) process in Samba will act as a WINS server. You should - not set this to true unless you have a multi-subnetted network and + not set this to yes unless you have a multi-subnetted network and you wish a particular nmbd to be your WINS server. - Note that you should NEVER set this to true + Note that you should NEVER set this to yes on more than one machine in your network. Default: wins support = no @@ -8648,7 +8712,7 @@ This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the writeable + linkend="READONLY">read only option is set to. The list can include group names using the @group syntax. @@ -8672,8 +8736,8 @@ write ok (S) - Synonym for - writeable. + Inverted synonym for + read only. @@ -8693,18 +8757,8 @@ writeable (S) - An inverted synonym is - read only. - - If this parameter is no, then users - of a service may not create or modify files in the service's - directory. - - Note that a printable service (printable = yes) - will ALWAYS allow writing to the directory - (user privileges permitting), but only via spooling operations. - - Default: writeable = no + Inverted synonym for + read only. diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/docbook/manpages/smbpasswd.8.sgml samba-2.2.6/docs/docbook/manpages/smbpasswd.8.sgml --- samba-2.2.5/docs/docbook/manpages/smbpasswd.8.sgml Wed Jun 19 01:13:16 2002 +++ samba-2.2.6/docs/docbook/manpages/smbpasswd.8.sgml Thu Aug 29 11:05:23 2002 @@ -183,6 +183,19 @@ + -t + This option is used to force smbpasswd to + change the current password assigned to the machine trust account + when operating in domain security mode. This is really meant to + be used on systems that only run winbindd. + Under server installations, smbd + handle the password updates automatically. + + + + + + -U username[%pass] This option may only be used in conjunction with the -r option. When changing diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/docbook/manpages/testparm.1.sgml samba-2.2.6/docs/docbook/manpages/testparm.1.sgml --- samba-2.2.5/docs/docbook/manpages/testparm.1.sgml Fri Jul 6 02:00:08 2001 +++ samba-2.2.6/docs/docbook/manpages/testparm.1.sgml Thu Aug 29 11:05:23 2002 @@ -18,6 +18,7 @@ testparm -s -h + -x -L <servername> config filename hostname hostIP @@ -69,6 +70,10 @@ Print usage message + + -x + Print only parameters that have non-default values + -L servername diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/docbook/scripts/strip-links.pl samba-2.2.6/docs/docbook/scripts/strip-links.pl --- samba-2.2.5/docs/docbook/scripts/strip-links.pl Fri Jul 6 02:00:08 2001 +++ samba-2.2.6/docs/docbook/scripts/strip-links.pl Thu Aug 29 11:05:23 2002 @@ -1,13 +1,15 @@ #!/usr/bin/perl -## small script to stirp the tags from +## small script to strip the tags from ## manpages generated from docbook2man. we'll leave ## the and links for now while () { chomp ($_); - $_ =~ s/\s*\s*//g; + $_ =~ s/\s*\s+/ /g; + $_ =~ s/\s*\S//g; + $_ =~ s/\s*$//g; print "$_\n"; } diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/htmldocs/Integrating-with-Windows.html samba-2.2.6/docs/htmldocs/Integrating-with-Windows.html --- samba-2.2.5/docs/htmldocs/Integrating-with-Windows.html Sat Oct 13 21:08:42 2001 +++ samba-2.2.6/docs/htmldocs/Integrating-with-Windows.html Thu Aug 29 11:05:23 2002 @@ -191,7 +191,7 @@ > is one such file.

When the IP address of the destination interface has been -determined a protocol called ARP/RARP isused to identify +determined a protocol called ARP/RARP is used to identify the MAC address of the target interface. ARP stands for Address Resolution Protocol, and is a broadcast oriented method that uses UDP (User Datagram Protocol) to send a request to all @@ -414,7 +414,7 @@ that the primary nature of the network environment is that of a peer-to-peer design. In a WORKGROUP all machines are responsible for their own security, and generally such security is limited to use of -just a password (known as SHARE MORE security). In most situations +just a password (known as SHARE MODE security). In most situations with peer-to-peer networking the users who control their own machines will simply opt to have no security at all. It is possible to have USER MODE security in a WORKGROUP environment, thus requiring use @@ -444,8 +444,8 @@ >

All MS Windows machines employ an in memory buffer in which is -stored the NetBIOS names and their IP addresses for all external -machines that that the local machine has communicated with over the +stored the NetBIOS names and IP addresses for all external +machines that that machine has communicated with over the past 10-15 minutes. It is more efficient to obtain an IP address for a machine from the local cache than it is to go through all the configured name resolution mechanisms.

If a machine whose name is in the local name cache has been shut down before the name had been expired and flushed from the cache, then an attempt to exchange a message with that machine will be subject -to time-out delays. ie: It's name is in the cache, so a name resolution +to time-out delays. i.e.: Its name is in the cache, so a name resolution lookup will succeed, but the machine can not respond. This can be frustrating for users - but it is a characteristic of the protocol.

As stated above, MS Windows machines register their NetBIOS names -(ie: the machine name for each service type in operation) on start +(i.e.: the machine name for each service type in operation) on start up. Also, as stated above, the exact method by which this name registration takes place is determined by whether or not the MS Windows client/server has been given a WINS server address, whether or not LMHOSTS lookup @@ -685,7 +685,7 @@ master browser (found by asking WINS or from LMHOSTS) and exchanging browse list contents. This way every master browser will eventually obtain a complete list of all machines that are on the network. Every 11-15 minutes an election -is held to determine which machine will be the master browser. By nature of +is held to determine which machine will be the master browser. By the nature of the election criteria used, the machine with the highest uptime, or the most senior protocol version, or other criteria, will win the election as domain master browser.

MS Windows clients have a habit of dropping network mappings that have been idle for 10 minutes or longer. When the user attempts to -use the mapped drive connection that has been dropped the SMB protocol -has a mechanism by which the connection can be re-established using +use the mapped drive connection that has been dropped, the client +re-establishes the connection using a cached copy of the password.

When Microsoft changed the default password mode, they dropped support for @@ -959,7 +959,7 @@ >

This mode of authentication demands that there be on the -Unix/Linux system both a Unix style account as well as and +Unix/Linux system both a Unix style account as well as an smbpasswd entry for the user. The Unix system account can be locked if required as only the encrypted password will be used for SMB client authentication.

workgroup = SAMBA
-domain master = yes
-domain logons = yes
[global] + workgroup = SAMBA + domain master = yes + domain logons = yes + encrypt passwords = yes + security = user + ....

Several other things like a [homes] and a [netlogon] share also may be @@ -171,33 +175,93 @@ >

  • The file private/MACHINE.SID identifies the domain. When a samba -server is first started, it is created on the fly and must never be -changed again. This file has to be the same on the PDC and the BDC, -so the MACHINE.SID has to be copied from the PDC to the BDC.

    The file private/MACHINE.SID identifies the domain. When a samba + server is first started, it is created on the fly and must never be + changed again. This file has to be the same on the PDC and the BDC, + so the MACHINE.SID has to be copied from the PDC to the BDC. Note that in the + latest Samba 2.2.x releases, the machine SID (and therefore domain SID) is stored + in the private/secrets.tdb database. This file cannot just + be copied because Samba looks under the key SECRETS/SID/DOMAIN. + where DOMAIN is the machine's netbios name. Since this name has + to be unique for each SAMBA server, this lookup will fail.

    A new option has been added to the smbpasswd(8) + command to help ease this problem. When running smbpasswd -S as the root user, + the domain SID will be retrieved from a domain controller matching the value of the + workgroup parameter in smb.conf and stored as the + new Samba server's machine SID. See the smbpasswd(8) + man page for more details on this functionality. +

  • The Unix user database has to be synchronized from the PDC to the -BDC. This means that both the /etc/passwd and /etc/group have to be -replicated from the PDC to the BDC. This can be done manually -whenever changes are made, or the PDC is set up as a NIS master -server and the BDC as a NIS slave server. To set up the BDC as a -mere NIS client would not be enough, as the BDC would not be able to -access its user database in case of a PDC failure.

    The Unix user database has to be synchronized from the PDC to the + BDC. This means that both the /etc/passwd and /etc/group have to be + replicated from the PDC to the BDC. This can be done manually + whenever changes are made, or the PDC is set up as a NIS master + server and the BDC as a NIS slave server. To set up the BDC as a + mere NIS client would not be enough, as the BDC would not be able to + access its user database in case of a PDC failure. LDAP is also a + potential vehicle for sharing this information. +

  • The Samba password database in the file private/smbpasswd has to be -replicated from the PDC to the BDC. This is a bit tricky, see the -next section.

    The Samba password database in the file private/smbpasswd + has to be replicated from the PDC to the BDC. This is a bit tricky, see the + next section. +

  • Any netlogon share has to be replicated from the PDC to the -BDC. This can be done manually whenever login scripts are changed, -or it can be done automatically together with the smbpasswd -synchronization.

    Any netlogon share has to be replicated from the PDC to the + BDC. This can be done manually whenever login scripts are changed, + or it can be done automatically together with the smbpasswd + synchronization. + 

workgroup = samba
-domain master = no
-domain logons = yes
[global] + workgroup = SAMBA + domain master = yes + domain logons = yes + encrypt passwords = yes + security = user + ....

in the [global]-section of the smb.conf of the BDC. This makes the BDC @@ -222,21 +290,58 @@ >

How do I replicate the smbpasswd file?

Replication of the smbpasswd file is sensitive. It has to be done -whenever changes to the SAM are made. Every user's password change is -done in the smbpasswd file and has to be replicated to the BDC. So +whenever changes to the SAM are made. Every user's password change +(including machine trust account password changes) is done in the +smbpasswd file and has to be replicated to the BDC. So replicating the smbpasswd file very often is necessary.

As the smbpasswd file contains plain text password equivalents, it must not be sent unencrypted over the wire. The best way to set up smbpasswd replication from the PDC to the BDC is to use the utility -rsync. rsync can use ssh as a transport. ssh itself can be set up to -accept *only* rsync transfer without requiring the user to type a -password.

rsync(1). rsync can use +ssh(1) as a transport. ssh itself +can be set up to accept only rsync transfer without requiring the user to +type a password. Refer to the man pages for these two tools for more details.

Another solution with high potential is to use Samba's --with-ldapsam +for sharing and/or replicating the list of sambaAccount entries. +This can all be done over SSL to ensure security. See the Samba-LDAP-HOWTO +for more details.

O'Reilly Publishing is working on a guide to LDAP for System Administrators which has a planned release date of -early summer, 2002.

Two additional Samba resources which may prove to be helpful are

IDEALX that are - geared to manage users and group in such a Samba-LDAP Domain Controller configuration. + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. These scripts can + be found in the Samba 2.2.5 release in the examples/LDAP/smbldap-tools/ directory.

Introduction

The first is that all lookups must be performed sequentially. Given that there are approximately two lookups per domain logon (one for a normal session connection such as when mapping a network drive or printer), this -is a performance bottleneck for lareg sites. What is needed is an indexed approach +is a performance bottleneck for large sites. What is needed is an indexed approach such as is used in databases.

  • As a result of these defeciencies, a more robust means of storing user attributes -used by smbd was developed. The API which defines access to user accounts +used by smbd was developed. The API which defines access to user accounts is commonly referred to as the samdb interface (previously this was called the passdb API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support for a samdb backend (e.g. --with-ldapsam autoconf -option, smbd (and associated tools) will store and lookup user accounts in +option, smbd (and associated tools) will store and lookup user accounts in an LDAP directory. In reality, this is very easy to understand. If you are comfortable with using an smbpasswd file, simply replace "smbpasswd" with "LDAP directory" in all the documentation.

    Supported LDAP Servers

    Schema and Relationship to the RFC 2307 posixAccount

    objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+>objectclass ( 1.3.1.5.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILARY
      DESC 'Samba Account'
      MUST ( uid $ rid )
      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
@@ -261,7 +271,10 @@
             description $ userWorkstations $ primaryGroupID $ domain ))

    The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +>The samba.schema file has been formatted for OpenLDAP 2.0 & 2.1. The OID's are owned by the Samba Team and as such is legal to be openly published. If you translate the schema to be used with Netscape DS, please submit the modified schema file as a patch to jerry@samba.org

    Since the original release, schema files for

    • IBM's SecureWay Server

    • Netscape Directory Server version 4.x and 5.x

    have been submitted and included in the Samba source distribution. I cannot +personally comment on the integration of these commercial directory servers since +I have not had the oppotinuity to work with them.

    Just as the smbpasswd file is mean to store information which supplements a user's /etc/passwd entry, so is the sambaAccount object -meant to supplement the UNIX user account information. A sambaAccount is a +meant to supplement the UNIX user account information. A sambaAccount is now an STRUCTURAL objectclass so it can be stored individually -in the directory. However, there are several fields (e.g. uid) which overlap -with the posixAccount objectclass outlined in RFC2307. This is by design.

    AUXILARY objectclass so it can be stored alongside +a posixAccount or person objectclass in the directory. Note that there are +several fields (e.g. uid) which overlap with the posixAccount objectclass +outlined in RFC2307. This is by design. The move from a STRUCTURAL objectclass +to an AUXILIARY one was compliance with the LDAP data model which states that +an entry can contain only one STRUCTURAL objectclass per entry. This is now +enforced by the OpenLDAP 2.1 server.

    In order to store all user account information (UNIX and Samba) in the directory, it is necessary to use the sambaAccount and posixAccount objectclasses in -combination. However, smbd will still obtain the user's UNIX account +combination. However, smbd will still obtain the user's UNIX account information via the standard C library calls (e.g. getpwnam(), et. al.). This means that the Samba server must also have the LDAP NSS library installed and functioning correctly. This division of information makes it possible to @@ -297,7 +335,7 @@ >

    Configuring Samba with LDAP

    Importing smbpasswd entries

    Import existing user entries from an smbpasswd can be trivially done using +a Perl script named import_smbpasswd.pl included in the +examples/LDAP/ directory of the Samba source distribution. There are +two main requirements of this script:

    • All users to be imported to the directory must have a valid uid on the + local system. This can be a problem if using a machinej different from the Samba server + to import the file.

    • The local system must have a working installation of the Net::LDAP perl + module which can be obtained from with http://search.cpan.org/ + by searching for perl-ldap or directly from http://perl-ldap.sf.net/. +

    Please refer to the documentation in the same directory as the script for more details.

    Accounts and Groups management

    Security and sambaAccount

    LDAP specials attributes for sambaAccounts

    Example LDIF Entries for a sambaAccount

    Comments

    jerry@samba.org. This documents was -last updated to reflect the Samba 2.2.3 release.

    By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will - need to use the -i <scope> option to nmbd, smbd, and - smbclient. All your PCs will need to have the same setting for + need to use the 'netbios scope' smb.conf option. + All your PCs will need to have the same setting for this to work. I do not recommend scope IDs.

    You can disable share modes using "share modes = no". - This may be useful on a heavily loaded server as the share - modes code is very slow. See also the FAST_SHARE_MODES - option in the Makefile for a way to do full share modes - very fast using shared memory (if your OS supports it).

    Mapping Usernames

    Other Character Sets

    -oraw -option for printing. You can use the ldd command to -find out details:

    lphelp on your system) plus some different GUI frontends on Linux
-UNIX, which can present PPD options to the users. PPD optons are normally
+UNIX, which can present PPD options to the users. PPD options are normally
 meant to become evaluated by the PostScript RIP on the real PostScript
 printer.
    *cupsFilter
-this line
+>.
+This line
 tells the CUPS print system which printer-specific filter to use for the
 interpretation of the accompanying PostScript. Thus CUPS lets all its
 printers appear as PostScript devices to its clients, because it can act as a
@@ -224,8 +225,8 @@
 > Filter and are therefor logged in
     the CUPS page_log   page_log. - NOTE: this
@@ -250,7 +251,7 @@
 >
    This setup may be of special interest to people
 experiencing major problems in WTS environments. WTS need often a multitude
-of non-PostScript drivers installed to run their clients' multitude of
+of non-PostScript drivers installed to run their clients' variety of
 different printer models. This often imposes the price of much increased
 instability. In many cases, in an attempt to overcome this problem, site
 administrators have resorted to restrict the allowed drivers installed on
@@ -337,7 +338,7 @@
         ICONLIB.DLL

    Users of the ESP Print Pro software are able to isntall +>Users of the ESP Print Pro software are able to install their "Samba Drivers" package for this purpose with no problem.

    the cupsomatic trick from Linuxprinting.org is working different from the other drivers. While the other drivers take the generic CUPS raster (produced by CUPS' own pstoraster PostScript RIP) as -their input, cupsomatic "kidmaps" the PostScript inside CUPS, before +their input, cupsomatic "kidnaps" the PostScript inside CUPS, before RIP-ping, deviates it to an external Ghostscript installation (which now becomes the RIP) and gives it back to a CUPS backend once Ghostscript is -finished.

    Once you installed a printer inside CUPS with one of the recommended methods (the lpadmin command, the web browser interface or one of @@ -580,6 +588,22 @@ "Connect..." (depending on the Windows version you use). Now their should be a new printer in your client's local "Printers" folder, named (in my case) "infotec_IS2027 on kdebitshop"

    NOTE: +cupsaddsmb will only reliably work i +with CUPS version 1.1.15 or higher +and Samba from 2.2.4. If it doesn't work, or if the automatic printer +driver download to the clients doesn't succeed, you can still manually +install the CUPS printer PPD on top of the Adobe PostScript driver on +clients and then point the client's printer queue to the Samba printer +share for connection, should you desire to use the CUPS networked +PostScript RIP functions.

    printer driver file parameter, are being depreciated and should not +> parameter, are being deprecated and should not be used in new installations. For more information on this change, you should refer to the

    Click "No" in the error dialog and you will be presented with -the printer properties window. The way assign a driver to a +>Click No in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a printer is to either

    • Use the "New Driver..." button to install +>Use the "New Driver..." button to install a new printer driver, or

    • Select a driver from the popup list of +>Select a driver from the popup list of installed drivers. Initially this list will be empty.

    If you wish to install printer drivers for client -operating systems other than "Windows NT x86", you will need +>If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need to use the "Sharing" tab of the printer properties dialog.

    Assuming you have connected with a root account, you -will also be able modify other printer properties such as +>Assuming you have connected with a root account, you +will also be able modify other printer properties such as ACLs and device settings using this dialog box.

    A few closing comments for this section, it is possible +>A few closing comments for this section, it is possible on a Windows NT print server to have printers listed in the Printers folder which are not shared. Samba does not make this distinction. By definition, the only printers of @@ -428,7 +431,7 @@ >.

    Another interesting side note is that Windows NT clients do -not use the SMB printer share, but rather can print directly +not use the SMB printer share, but rather can print directly to any printer on another Windows NT host using MS-RPC. This of course assumes that the printing client has the necessary privileges on the remote host serving the printer. The default @@ -440,45 +443,88 @@ >

    DeviceModes and New Printers

    In order for a printer to be truly usbla eby a Windows NT/2k/XP client, +it must posses:

    • a valid Device Mode generated by the driver for the printer, and

    • a complete set of PrinterDriverData generated by the driver.

    If either one of these is incomplete, the clients can produce less than optimal +output at best or in the worst cases, unreadable garbage or nothing at all. +Fortunately, most driver generate the printer driver that is needed. +However, the client must be tickled to generate a valid Device Mode and set it on the +server. The easist means of doing so is to simply set the page orientation on +the server's printer using the native Windows NT/2k printer properties page from +a Window clients. Make sure to apply changes between swapping the page orientation +to cause the change to actually take place. Be aware that this can only be done +by a "printer admin" (the reason should be obvious I hope).

    Samba also includes a service level parameter name default +devmode for generating a default device mode for a printer. Some driver +will function fine with this default set of properties. Others may crash the client's +spooler service. Use this parameter with caution. It is always better to have the client +generate a valid device mode for the printer and store it on the server for you.

    Support a large number of printers

    One issue that has arisen during the development phase of Samba 2.2 is the need to support driver downloads for -100's of printers. Using the Windows NT APW is somewhat -awkward to say the list. If more than one printer are using the +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the same driver, the rpcclient's -setdriver command can be used to set the driver +> command can be used to set the driver associated with an installed driver. The following is example of how this could be accomplished:

     
-$ rpcclient pogo -U root%secret -c "enumdrivers"
 Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
- 
+
 [Windows NT x86]
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4000 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 2100 Series PS]
- 
+
 Printer Driver Info 1:
      Driver Name: [HP LaserJet 4Si/4SiMX PS]
-				  
+
 $ $ 
    Adding New Printers via the Windows NT APW
    smb.conf
-in the "Printers..." folder.  Also existing in this folder is the Windows NT 
+in the "Printers..." folder.  Also existing in this folder is the Windows NT
 Add Printer Wizard icon.  The APW will be show only if
    show 
+>show
 	add printer wizard = yes

    • In order to be able to use the APW to successfully add a printer to a Samba +>In order to be able to use the APW to successfully add a printer to a Samba server, the add +>add printer command must have a defined value. The program -hook must successfully add the printer to the system (i.e. +hook must successfully add the printer to the system (i.e. /etc/printcap or appropriate files) and +> or appropriate files) and smb.conf if necessary.

    When using the APW from a client, if the named printer share does +>When using the APW from a client, if the named printer share does not exist, smbd will execute the add printer +>add printer command and reparse to the

    Samba and Printer Ports

    The Imprints Toolset

    as well as the documentation included with the imprints source distribution. This section will only provide a brief introduction to the features of Imprints.

    As of June 16, 2002 (quite a bit earlier actually), the Imprints + project is in need of a new maintainer. The most important skill + is decent perl coding and an interest in MS-RPC based printing using Samba. + If you wich to volunteer, please coordinate your efforts on the samba-technical + mailing list. +

    What is Imprints?

    Creating Printer Driver Packages

    The Imprints server

    The Installation Client

    Parameters in smb.conf(5) for Backwards Compatibility

    The have been two new parameters add in Samba 2.2.2 to for better support of Samba 2.0.x backwards capability (). Both of these options are described in the smb.coinf(5) man page and are -disabled by default.

    [foo] path = /home/bar - writeable = true + read only = no [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes [homes] - writeable = yes + read only = no

  • profile acls

  • use sendfile

  • EXPLANATION OF EACH PARAMETER

    If this parameter is set to falseno, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range @@ -5539,7 +5563,7 @@ > call. Normally set to trueyes. You should never need to change this.

    option). If this option is set to falseno (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want.

    If this option is set to trueyes, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file @@ -7780,7 +7804,7 @@ >

    If set to trueyes, the Samba server will serve Windows 95/98 Domain logons for the is acting on behalf of is not the file owner. Setting this option to true yes allows DOS semantics and parameter is set to falseno.

    Default: is trueyes, and

    Default : large readwrite = nolarge readwrite = yes

    parameter must be set to trueyes on this share in order for this parameter to have any effect.

    trueyes, falseno, or . If set to falseno Samba will never produce these broadcasts. If set to trueyes Samba will produce Lanman announce broadcasts at a frequency set by the parameter to try and become a local master browser on a subnet. If set to falseno then nmbdtrueyes. Setting this value to trueyes doesn't mean that Samba will become

    Setting this value to falseno will cause nmbd

    This option controls the maximum packet size - that will be negotiated by Samba. The default is 65535, which - is the maximum. In some cases you may find you get better performance + that will be negotiated by Samba. The default in Samba 2.2.6 is + now 16644 (changed from 65535 in earlier releases) which matches + Windows 2000. This allows better performance with Windows NT clients. + The maximum is 65535. In some cases you may find you get better performance with a smaller value. A value below 2048 is likely to cause problems.

    Default: max xmit = 65535max xmit = 16644

    Example: parameter is set to true, the chat pairs +> parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \n macro is ignored for PAM conversions.

    parameter is set to true +>yes then this program is called AS ROOT is set to falseno.

    See also

    If this is set to trueyes, on startup, nmbdNote that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling of print data. The writeable +>read only

    profile acls (S)

    This boolean parameter was added to fix the problems that people have been + having with storing user profiles on Samba shares from Windows 2000 or + Windows XP clients. New versions of Windows 2000 or Windows XP service + packs do security ACL checking on the owner and ability to write of the + profile directory stored on a local workstation when copied from a Samba + share. When not in domain mode with winbindd then the security info copied + onto the local workstation has no meaning to the logged in user (SID) on + that workstation so the profile storing fails. Adding this parameter + onto a share used for profile storage changes two things about the + returned Windows ACL. Firstly it changes the owner and group owner + of all reported files and directories to be BUILTIN\Administrators, + BUILTIN\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly + it adds an ACE entry of "Full Control" to the SID BUILTIN\Users to + every returned ACL. This will allow any Windows 2000 or XP workstation + user to access the profile. Note that if you have multiple users logging + on to a workstation then in order to prevent them from being able to access + each others profiles you must remove the "Bypass traverse checking" advanced + user right. This will prevent access to other users profile directories as + the top level profile directory (named after the user) is created by the + workstation profile code and has an ACL restricting entry to the directory + tree to the owning user.

    If you didn't understand the above text, you probably should not set + this parameter :-).

    Default profile acls = no

    protocol (G)
    This is a list of users that are given read-only access to a service. If the connecting user is in this list then they will not be given write access, no matter what the writeableread only @@ -15374,15 +15440,36 @@ >read only (S)

    Note that this is an inverted synonym for An inverted synonym is writeable.

    If this parameter is yes, then users + of a service may not create or modify files in the service's + directory.

    Note that a printable service (printable = yes) + will ALWAYS allow writing to the directory + (user privileges permitting), but only via spooling operations.

    Default: read only = yes

    This is a boolean parameter. If it is trueyes, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, but it doesn't. Setting it to trueyes will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter @@ -15601,7 +15688,7 @@ >

    When restrict anonymous is trueyes, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate @@ -16294,7 +16381,7 @@ parameter to be set to trueyes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly @@ -17739,13 +17826,13 @@ whether writes will always be written to stable storage before the write call returns. If this is falseno then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). If this is trueyes then every write will be followed by a fsync() @@ -17991,9 +18078,9 @@ >

    This boolean parameter controls whether Samba - implments the CIFS UNIX extensions, as defined by HP. These - extensions enable CIFS to server UNIX clients to UNIX servers - better, and allow such things as symbolic links, hard links etc. + implments the CIFS UNIX extensions, as defined by HP. + These extensions enable Samba to better serve UNIX CIFS clients + by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients.

    trueyes the program specified in the falseno by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with @@ -18190,7 +18277,7 @@ >

    If this global parameter is trueyes, it specifies that the UNIX user's parameter.

    If any of the usernames begin with a '@' then the name +>If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users @@ -18544,6 +18631,30 @@ >

    use sendfile (S)

    If this parameter is yes, and Samba + was built with the --with-sendfile-support option, and the underlying operating + system supports sendfile system call, then some SMB read calls (mainly ReadAndX + and ReadRaw) will use the more efficient sendfile system call for files that + are exclusively oplocked. This may make more efficient use of the system CPU's + and cause Samba to be faster. This is off by default as it's effects are unknown + as yet. +

    Default: use sendfile = no

    utmp (G)
    --with-utmp. If set to trueyes then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the @@ -19073,7 +19184,10 @@ >winbind enum users parameter is - false, calls to the no, calls to the getpwent system call @@ -19124,7 +19238,10 @@ >winbind enum groups parameter is - false, calls to the no, calls to the getgrent() system @@ -19259,13 +19376,13 @@ >

    Default: winbind use default domain = <falseg> +>winbind use default domain = <no>

    Example: winbind use default domain = truewinbind use default domain = yes

    process in Samba will act as a WINS server. You should not set this to trueyes unless you have a multi-subnetted network and you wish a particular NEVER set this to trueyes on more than one machine in your network.

    This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the writeableread only @@ -19567,12 +19684,12 @@ >write ok (S)

    Synonym for Inverted synonym for writeable read only.

    writeable (S)

    An inverted synonym is Inverted synonym for read only read only.

    If this parameter is no, then users - of a service may not create or modify files in the service's - directory.

    Note that a printable service (printable = yes) - will ALWAYS allow writing to the directory - (user privileges permitting), but only via spooling operations.

    Default: writeable = no

    WARNINGS

    VERSION

    SEE ALSO

    AUTHOR

    -t

    This option is used to force smbpasswd to + change the current password assigned to the machine trust account + when operating in domain security mode. This is really meant to + be used on systems that only run winbindd. + Under server installations, smbd + handle the password updates automatically.

    -U username[%pass]

    NOTES

    VERSION

    SEE ALSO

    AUTHOR

    testparm [-s] [-h] [-L <servername>] {config filename} [hostname hostIP]

    [-s] [-h] [-x] [-L <servername>] {config filename} [hostname hostIP]

    DESCRIPTION

    OPTIONS

    Print usage message

    -x

    Print only parameters that have non-default values

    -L servername

    FILES

    DIAGNOSTICS

    VERSION

    SEE ALSO

    AUTHOR

    Another interesting way in which we expect Winbind to - be used is as a central part of UNIX based appliances. Appliances + be used is as a central part of UNIX based appliances. Appliances that provide file and print services to Microsoft based networks will be able to use Winbind to provide seamless integration of the appliance into the domain.

    jtrostel@snapserver.com -for providing the HOWTO for this section.

    This HOWTO describes how to get winbind services up and running +for providing the original Linux version of this HOWTO which +describes how to get winbind services up and running to control access and authenticate users on your Linux box using -the winbind services which come with SAMBA 2.2.2.

    There is also some Solaris specific information in -docs/textdocs/Solaris-Winbind-HOWTO.txt. -Future revisions of this document will incorporate that -information.

    Introduction

    This HOWTO describes the procedures used to get winbind up and -running on my RedHat 7.1 system. Winbind is capable of providing access -and authentication control for Windows Domain users through an NT -or Win2K PDC for 'regular' services, such as telnet a nd ftp, as -well for SAMBA services.

    This HOWTO has been written from a 'RedHat-centric' perspective, so if -you are using another distribution, you may have to modify the instructions -somewhat to fit the way your distribution works.

    This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution (or operating system), you may have +to modify the instructions somewhat to fit the way your distribution works.

      This allows the SAMBA administrator to rely on the - authentication mechanisms on the NT/Win2K PDC for the authentication - of domain members. NT/Win2K users no longer need to have separate +>This allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate accounts on the SAMBA server.

      This HOWTO is designed for system administrators. If you are - implementing SAMBA on a file server and wish to (fairly easily) +> This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) integrate existing NT/Win2K users from your PDC onto the - SAMBA server, this HOWTO is for you. That said, I am no NT or PAM - expert, so you may find a better or easier way to accomplish - these tasks. + SAMBA server, this HOWTO is for you.

    Requirements

    If you have a samba configuration file that you are currently +>If you have a samba configuration file that you are currently using... BACK IT UP! If your system already uses PAM, +> If your system already uses PAM, back up the /etc/pam.d directory -contents! If you haven't already made a boot disk, +> (or /etc/pam.conf) +directory contents! If you haven't already made a boot disk, MAKE ONE NOW!

    Messing with the pam configuration files can make it nearly impossible -to log in to yourmachine. That's why you want to be able to boot back -into your machine in single user mode and restore your +>Messing with the pam configuration files can make it nearly impossible +to log in to your machine. That's why you want to be able to boot back +into your machine in single user mode and restore your /etc/pam.d back to the original state they were in if -you get frustrated with the way things are going. ;-)

    (or pam.conmf) back to +the original state they were in if +you get frustrated with the way things are going.

    The latest version of SAMBA (version 2.2.2 as of this writing), now -includes a functioning winbindd daemon. Please refer to the +>The first SAMBA release to inclue a stable winbindd daemon was 2.2.2. Please refer to the main SAMBA web page or, -better yet, your closest SAMBA mirror site for instructions on -downloading the source code.

    or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code. it is generally advised to obtain the lates +Samba release as bugs are constantly being fixed.

    To allow Domain users the ability to access SAMBA shares and -files, as well as potentially other services provided by your +>To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your SAMBA machine, PAM (pluggable authentication modules) must -be setup properly on your machine. In order to compile the -winbind modules, you should have at least the pam libraries resident -on your system. For recent RedHat systems (7.1, for instance), that -means pam-0.74-22. For best results, it is helpful to also -install the development packages in pam-devel-0.74-22.

    pam and pam-devel RPM. +The former is installed by default on all Linux systems of which the author is aware.

    Testing Things Out

    Before starting, it is probably best to kill off all the SAMBA -related daemons running on your server. Kill off all Before starting, kill off all the SAMBA related daemons running on your server. Kill off +all smbd, -, nmbd, and winbindd processes that may -be running. To use PAM, you will want to make sure that you have the -standard PAM package (for RedHat) which supplies the processes that may +be running (winbindd will only be running if you have ao previous Winbind +installation...but why would you be reading tis if that were the case?). To use PAM, you will +want to make sure that you have the standard PAM package (for RedHat) which supplies the /etc/pam.d -directory structure, including the pam modules are used by pam-aware +> +directory structure, including the pam modules are used by pam-aware services, several pam libraries, and the /usr/doc +> and /usr/man entries for pam. Winbind built better -in SAMBA if the pam-devel package was also installed. This package includes -the header files needed to compile pam-aware applications. For instance, -my RedHat system has both pam-0.74-22 and - entries for pam. Samba will require +the pam-devel package if you plan to build the pam-devel-0.74-22 RPMs installed.

    pam_winbind.so library or +include the --with-pam option to the configure script. +This package includes the header files needed to compile pam-aware applications.

    [I have no idea which Solaris packages are quired for PAM libraries and +development files. If you know, please mail me the information and I will include +it in the next revision of this HOWTO. --jerry@samba.org]

    Configure and compile SAMBAConfigure and Compile SAMBA

    The configuration and compilation of SAMBA is pretty straightforward. -The first three steps may not be necessary depending upon -whether or not you have previously built the Samba binaries.

    The configuration and compilation of SAMBA is straightforward.

    root# autoconf
-root# make clean
-root# rm config.cache
-root# ./configure --with-winbind
 /usr/local/samba.
 See the main SAMBA documentation if you want to install SAMBA somewhere else.
-It will also build the winbindd executable and libraries.

    Configure nsswitch.conf and the +> and the winbind libraries

    The libraries needed to run the winbindd daemon -through nsswitch need to be copied to their proper locations, so

    daemon +through nsswitch need to be copied to their proper locations.

    root# cp ../samba/source/nsswitch/libnss_winbind.so /libcp nsswitch/libnss_winbind.so /lib +root# chmod 755 /lib/libnss_winbind.so

    I also found it necessary to make the following symbolic link:

    It necessary to make the following symbolic link:

    ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

    Now, as root you need to edit The .2 extension is due to the version of glibc used on your Linux host. +for most modern systems, the file extension is correct. However, some other operating systems, +Solaris 7/8 being the most common, the destination filename should be replaced with +/lib/nss_winbind.so.1

    Now, as root edit /etc/nsswitch.conf to +> to allow user and group entries to be visible from the winbindd -daemon. My /etc/nsswitch.conf file look like -this after editing:

    +daemon. After editing, the file look appear:

    	passwd:     files winbind
-	shadow:     files 
+	shadow:     files
 	group:      files winbind

    -The libraries needed by the winbind daemon will be automatically -entered into the ldconfig cache the next time -your system reboots, but it -is faster (and you don't need to reboot) if you do it manually:

    root# /sbin/ldconfig -v | grep winbind

    This makes libnss_winbind available to winbindd -and echos back a check to you.

    Configure smb.confConfigure smb.conf

    Several parameters are needed in the smb.conf file to control +>Several parameters are needed in the smb.conf file to control the behavior of winbindd. Configure +>. Configure smb.conf These are described in more detail in +> These are described in more detail in the winbindd(8) man page. My +> man page. My smb.confwinbind gid = 10000-20000 # allow enumeration of winbind users and groups + # might need to disable these next two for performance + # reasons on the winbindd host winbind enum groups = yes - # give winbind users a real shell (only needed if they have telnet access) + # give winbind users a real shell (only needed if they have telnet/sshd/etc... access)

    Join the SAMBA server to the PDC domain

    Enter the following command to make the SAMBA server join the +>Enter the following command to make the SAMBA server join the PDC domain, where DOMAIN is the name of +> is the name of your Windows domain and Administrator is +> is a domain user who has administrative privileges in the domain.

    /usr/local/samba/bin/smbpasswd -j DOMAIN -r PDC -U Administrator

    The proper response to the command should be: "Joined the domain +>The proper response to the command should be: "Joined the domain DOMAIN +> is your DOMAIN name.

    Start up the winbindd daemon and test it!

    Eventually, you will want to modify your smb startup script to -automatically invoke the winbindd daemon when the other parts of +>Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of SAMBA start, but it is possible to test out just the winbind -portion first. To start up winbind services, enter the following +portion first. To start up winbind services, enter the following command as root:

    root# /usr/local/samba/bin/winbinddexport PATH=$PATH:/usr/local/samba/bin +root# winbindd

    I'm always paranoid and like to make sure the daemon +>I'm always paranoid and like to make sure the daemon is really running...

    3025 ? 00:00:00 winbindd

    Now... for the real test, try to get some information about the +>Note that a sample RedHat init script for starting winbindd is included in +the SAMBA sourse distribution as packaging/RedHat/winbind.init.

    Now... for the real test, try to get some information about the users on your PDC

    root# /usr/local/samba/bin/wbinfo -uwbinfo -u

    -This should echo back a list of users on your Windows users on +>This should echo back a list of users on your Windows users on your PDC. For example, I get the following response:

     is '+'.
    You can do the same sort of thing to get group information from 
+>You can do the same sort of thing to get group information from
 the PDC:
    The function 'getent' can now be used to get unified 
+>The function 'getent' can now be used to get unified
 lists of both local and PDC users and groups.
 Try the following command:
    You should get a list that looks like your /etc/passwd 
-list followed by the domain users with their new uids, gids, home 
-directories and default shells.
    
+list followed by the domain users with their new uids, gids, home
+directories and default shells.  If you do not, verify that the permissions on the
+libnss_winbind.so library are rwxr-xr-x.
    The same thing can be done for groups with the command
    Fix the /etc/rc.d/init.d/smb startup filesConfigure Winbind and PAM
    The At this point we are assured that winbindd daemon needs to start up after the 
-smbd and nmbd daemons are running.  
-To accomplish this task, you need to modify the /etc/init.d/smbsmbd
-script to add commands to invoke this daemon in the proper sequence.  My 
+are working together.  If you want to use winbind to provide authentication for other
+services, keep reading.  The pam configuration files need to be altered in
+this step.  (Did you remember to make backups of your original
 /etc/init.d/smb file starts up smbd, 
-nmbd, and winbindd from the 
-/etc/pam.d (or /usr/local/samba/bin directory directly.  The 'start' 
-function in the script looks like this:
    start() {
-        KIND="SMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Starting $KIND services: "
-        daemon /usr/local/samba/bin/winbindd
-        RETVAL3=$?
-        echo
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \
-           RETVAL=1
-        return $RETVAL
-}
    The 'stop' function has a corresponding entry to shut down the 
-services and look s like this:
    stop() {
-        KIND="SMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc smbd
-        RETVAL=$?
-        echo
-        KIND="NMB"
-        echo -n $"Shutting down $KIND services: "
-        killproc nmbd
-        RETVAL2=$?
-        echo
-        KIND="Winbind"
-        echo -n $"Shutting down $KIND services: "
-        killproc winbindd
-        RETVAL3=$?
-        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb
-        echo ""
-        return $RETVAL
-}
    /etc/pam.conf    ) file[s]? If not, do it now.)
    If you restart the smbd, nmbd, 
-and You will need a PAM module to use winbindd daemons at this point, you
-should be able to connect to the samba server as a domain member just as
-if you were a local user.

    Configure Winbind and PAM

    If you have made it this far, you know that winbindd and samba are working -together. If you want to use winbind to provide authentication for other -services, keep reading. The pam configuration files need to be altered in -this step. (Did you remember to make backups of your original -/etc/pam.d files? If not, do it now.)

    You will need a pam module to use winbindd with these other services. This +> with these other services. This module will be compiled in the ../source/nsswitchpam_winbind.so file should be copied to the location of -your other pam security modules. On my RedHat system, this was the +your other pam security modules. On Linux and Solaris systems, this is the /lib/securityroot# cp ../samba/source/nsswitch/pam_winbind.so /lib/security

    The /etc/pam.d/samba file does not need to be changed. I -just left this fileas it was:

    auth    required        /lib/security/pam_stack.so service=system-auth
-account required        /lib/security/pam_stack.so service=system-auth
    cp nsswitch/pam_winbind.so /lib/security +root# chmod 755 /lib/security/pam_winbind.so

    The other services that I modified to allow the use of winbind -as an authentication service were the normal login on the console (or a terminal -session), telnet logins, and ftp service. In order to enable these -services, you may first need to change the entries in +>Other services, such as the normal login on the console (or a terminal +session), telnet logins, and ftp service, can be modified to allow the use of winbind +as an authentication service. In order to enable these +services, you may first need to change the entries in /etc/xinetd.d (or /etc/inetd.conf). -RedHat 7.1 uses the new xinetd.d structure, in this case you need +>). +RedHat 7.1 uses the new xinetd.d structure, in this case you need to change the lines in /etc/xinetd.d/telnet +> and /etc/xinetd.d/wu-ftp from

    from

    enable = yes

    -For ftp services to work properly, you will also need to either -have individual directories for the domain users already present on +>For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on the server, or change the home directory template to a general -directory for all domain users. These can be easily set using +directory for all domain users. These can be easily set using the smb.conf global entry +> global entry template homedirThe /etc/pam.d/ftp file can be changed +> file can be changed to allow winbind ftp access in a manner similar to the samba file. My /etc/pam.d/ftp file was +> file was changed to look like this:

    The /etc/pam.d/login file can be changed nearly the 
+> file can be changed nearly the
 same way.  It now looks like this:
    In this case, I added the auth sufficient /lib/security/pam_winbind.so 
+>
 lines as before, but also added the required pam_securetty.so 
-above it, to disallow root logins over the network.  I also added a 
+>
+above it, to disallow root logins over the network.  I also added a
 sufficient /lib/security/pam_unix.so use_first_passwinbind.so line to get rid of annoying 
+> line to get rid of annoying
 double prompts for passwords.
    Note that a Solaris /etc/pam.conf confiruation file looks
+very similar to this except thaty the service name is included as the first entry
+per line.  An example for the login service is given here.
    ## excerpt from /etc/pam.conf on a Solaris 8 system
+login   auth required   /lib/security/pam_winbind.so
+login   auth required   /lib/security/$ISA/pam_unix.so.1 try_first_pass
+login   auth required   /lib/security/$ISA/pam_dial_auth.so.1 try_first_pass

    Limitations

    Winbind has a number of limitations in its current - released version that we hope to overcome in future +>Winbind has a number of limitations in its current + released version that we hope to overcome in future releases:

    • Winbind is currently only available for - the Linux operating system, although ports to other operating - systems are certainly possible. For such ports to be feasible, - we require the C library of the target operating system to - support the Name Service Switch and Pluggable Authentication - Modules systems. This is becoming more common as NSS and - PAM gain support among UNIX vendors.

    • The mappings of Windows NT RIDs to UNIX ids - is not made algorithmically and depends on the order in which - unmapped users or groups are seen by winbind. It may be difficult - to recover the mappings of rid to UNIX id mapping if the file +>The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file containing this information is corrupted or destroyed.

    • Currently the winbind PAM module does not take - into account possible workstation and logon time restrictions +>Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions that may be been set for Windows NT users.

    Conclusion

    .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "FINDSMB" "1" "02 May 2002" "" "" +.TH "FINDSMB" "1" "03 September 2002" "" "" .SH NAME findsmb \- list info about machines that respond to SMB name queries on a subnet .SH SYNOPSIS @@ -11,12 +11,12 @@ \fBfindsmb\fR [ \fBsubnet broadcast address\fR ] .SH "DESCRIPTION" .PP -This perl script is part of the Sambasuite. +This perl script is part of the Samba suite. .PP \fBfindsmb\fR is a perl script that prints out several pieces of information about machines on a subnet that respond to SMB name query requests. -It uses \fB nmblookup(1)\fRto obtain this information. +It uses \fB nmblookup(1)\fR to obtain this information. .SH "OPTIONS" .TP \fBsubnet broadcast address\fR @@ -40,7 +40,7 @@ not show any information about the operating system or server version. .PP -The command must be run on a system without \fBnmbd\fRrunning. +The command must be run on a system without \fBnmbd\fR running. If \fBnmbd\fR is running on the system, you will only get the IP address and the DNS name of the machine. To get proper responses from Windows 95 and Windows 98 machines, @@ -72,9 +72,9 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, +\fBnmbd(8)\fR \fBsmbclient(1) -\fR +\fR and \fBnmblookup(1)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/lmhosts.5 samba-2.2.6/docs/manpages/lmhosts.5 --- samba-2.2.5/docs/manpages/lmhosts.5 Fri May 3 01:02:05 2002 +++ samba-2.2.6/docs/manpages/lmhosts.5 Wed Oct 9 20:27:13 2002 @@ -3,15 +3,15 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "LMHOSTS" "5" "02 May 2002" "" "" +.TH "LMHOSTS" "5" "03 September 2002" "" "" .SH NAME lmhosts \- The Samba NetBIOS hosts file .SH SYNOPSIS .PP -\fIlmhosts\fR is the SambaNetBIOS name to IP address mapping file. +\fIlmhosts\fR is the Samba NetBIOS name to IP address mapping file. .SH "DESCRIPTION" .PP -This file is part of the Sambasuite. +This file is part of the Samba suite. .PP \fIlmhosts\fR is the \fBSamba \fRNetBIOS name to IP address mapping file. It @@ -67,7 +67,7 @@ .PP The default location of the \fIlmhosts\fR file is in the same directory as the -smb.conf(5)>file. +smb.conf(5)> file. .PP .SH "VERSION" .PP @@ -76,7 +76,7 @@ .SH "SEE ALSO" .PP \fBsmbclient(1) -\fR +\fR and \fB smbpasswd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/make_smbcodepage.1 samba-2.2.6/docs/manpages/make_smbcodepage.1 --- samba-2.2.5/docs/manpages/make_smbcodepage.1 Fri May 3 01:02:05 2002 +++ samba-2.2.6/docs/manpages/make_smbcodepage.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "MAKE_SMBCODEPAGE" "1" "02 May 2002" "" "" +.TH "MAKE_SMBCODEPAGE" "1" "03 September 2002" "" "" .SH NAME make_smbcodepage \- construct a codepage file for Samba .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBmake_smbcodepage\fR compiles or de-compiles codepage files for use with the internationalization features @@ -123,7 +123,7 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/make_unicodemap.1 samba-2.2.6/docs/manpages/make_unicodemap.1 --- samba-2.2.5/docs/manpages/make_unicodemap.1 Fri May 3 01:02:05 2002 +++ samba-2.2.6/docs/manpages/make_unicodemap.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "MAKE_UNICODEMAP" "1" "02 May 2002" "" "" +.TH "MAKE_UNICODEMAP" "1" "03 September 2002" "" "" .SH NAME make_unicodemap \- construct a unicode map file for Samba .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR .SH "DESCRIPTION" .PP -This tool is part of the Samba +This tool is part of the Samba suite. .PP \fBmake_unicodemap\fR compiles text unicode map @@ -82,7 +82,7 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/nmbd.8 samba-2.2.6/docs/manpages/nmbd.8 --- samba-2.2.5/docs/manpages/nmbd.8 Wed Jun 19 01:13:19 2002 +++ samba-2.2.6/docs/manpages/nmbd.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBD" "8" "17 June 2002" "" "" +.TH "NMBD" "8" "03 September 2002" "" "" .SH NAME nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS @@ -33,7 +33,7 @@ option (see OPTIONS below). Thus \fBnmbd\fR will reply to broadcast queries for its own name(s). Additional names for \fBnmbd\fR to respond on can be set -via parameters in the \fI smb.conf(5)\fRconfiguration file. +via parameters in the \fI smb.conf(5)\fR configuration file. .PP \fBnmbd\fR can also be used as a WINS (Windows Internet Name Server) server. What this basically means @@ -82,7 +82,7 @@ NetBIOS lmhosts file. The lmhosts file is a list of NetBIOS names to IP addresses that is loaded by the nmbd server and used via the name -resolution mechanism name resolve order +resolution mechanism name resolve order described in \fIsmb.conf(5)\fR to resolve any NetBIOS name queries needed by the server. Note that the contents of this file are \fBNOT\fR used by \fBnmbd\fR to answer any name queries. @@ -93,7 +93,7 @@ Samba as part of the build process. Common defaults are \fI/usr/local/samba/lib/lmhosts\fR, \fI/usr/samba/lib/lmhosts\fR or -\fI/etc/lmhosts\fR. See the \fIlmhosts(5)\fRman page for details on the +\fI/etc/lmhosts\fR. See the \fIlmhosts(5)\fR man page for details on the contents of this file. .TP \fB-V\fR @@ -119,8 +119,8 @@ cryptic. Note that specifying this parameter here will override -the log level -parameter in the \fI smb.conf\fRfile. +the log level +parameter in the \fI smb.conf\fR file. .TP \fB-l \fR The -l parameter specifies a directory @@ -135,8 +135,8 @@ \fB-n \fR This option allows you to override the NetBIOS name that Samba uses for itself. This is identical -to setting the NetBIOS nameparameter in the -\fIsmb.conf\fRfile. However, a command +to setting the NetBIOS name parameter in the +\fIsmb.conf\fR file. However, a command line setting will take precedence over settings in \fIsmb.conf\fR. .TP @@ -153,14 +153,14 @@ this may be changed when Samba is autoconfigured. The file specified contains the configuration details -required by the server. See \fIsmb.conf(5)\fRfor more information. +required by the server. See \fIsmb.conf(5)\fR for more information. .SH "FILES" .TP \fB\fI/etc/inetd.conf\fB\fR If the server is to be run by the \fBinetd\fR meta-daemon, this file must contain suitable startup information for the -meta-daemon. See the UNIX_INSTALL.htmldocument +meta-daemon. See the UNIX_INSTALL.html document for details. .TP \fB\fI/etc/rc\fB\fR @@ -169,7 +169,7 @@ If running the server as a daemon at startup, this file will need to contain an appropriate startup -sequence for the server. See the UNIX_INSTALL.htmldocument +sequence for the server. See the UNIX_INSTALL.html document for details. .TP \fB\fI/etc/services\fB\fR @@ -219,7 +219,7 @@ .PP The debug log level of nmbd may be raised or lowered using \fBsmbcontrol(1)\fR -(SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level. .SH "TROUBLESHOOTING" @@ -237,10 +237,10 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBinetd(8)\fR, \fBsmbd(8)\fR, +\fBinetd(8)\fR, \fBsmbd(8)\fR \fIsmb.conf(5)\fR -, \fBsmbclient(1) -\fR, and the Internet RFC's + \fBsmbclient(1) +\fR and the Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. In addition the CIFS (formerly SMB) specification is available as a link from the Web page diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/nmblookup.1 samba-2.2.6/docs/manpages/nmblookup.1 --- samba-2.2.5/docs/manpages/nmblookup.1 Wed Jun 19 01:13:19 2002 +++ samba-2.2.6/docs/manpages/nmblookup.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "NMBLOOKUP" "1" "16 May 2002" "" "" +.TH "NMBLOOKUP" "1" "03 September 2002" "" "" .SH NAME nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBnmblookup\fR [ \fB-f\fR ] [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B \fR ] [ \fB-U \fR ] [ \fB-d \fR ] [ \fB-s \fR ] [ \fB-i \fR ] [ \fB-T\fR ] \fBname\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBnmblookup\fR is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP @@ -50,7 +50,7 @@ where it ignores the source port of the requesting packet and only replies to UDP port 137. Unfortunately, on most UNIX systems root privilege is needed to bind to this port, and -in addition, if the nmbd(8) +in addition, if the nmbd(8) daemon is running on this machine it also binds to this port. .TP \fB-A\fR @@ -65,7 +65,7 @@ this option the default behavior of nmblookup is to send the query to the broadcast address of the network interfaces as either auto-detected or defined in the \fIinterfaces\fR -parameter of the \fIsmb.conf (5)\fR file. + parameter of the \fIsmb.conf (5)\fR file. .TP \fB-U \fR Do a unicast query to the specified address or @@ -89,11 +89,11 @@ generate HUGE amounts of data, most of which is extremely cryptic. Note that specifying this parameter here will override -the \fI log level\fRparameter in the \fI smb.conf(5)\fR file. +the \fI log level\fR parameter in the \fI smb.conf(5)\fR file. .TP \fB-s \fR This parameter specifies the pathname to -the Samba configuration file, smb.conf(5). This file controls all aspects of +the Samba configuration file, smb.conf(5) This file controls all aspects of the Samba setup on the machine. .TP \fB-i \fR @@ -142,8 +142,8 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, -samba(7) +\fBnmbd(8)\fR +samba(7) and smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/pdbedit.8 samba-2.2.6/docs/manpages/pdbedit.8 --- samba-2.2.5/docs/manpages/pdbedit.8 Fri May 3 01:02:05 2002 +++ samba-2.2.6/docs/manpages/pdbedit.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "PDBEDIT" "8" "02 May 2002" "" "" +.TH "PDBEDIT" "8" "03 September 2002" "" "" .SH NAME pdbedit \- manage the SAM database .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i file\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The pdbedit program is used to manage the users accounts stored in the sam database and can be run only by root. @@ -77,7 +77,7 @@ This option sets the "smbpasswd" listing format. It will make pdbedit list the users in the database printing out the account fields in a format compatible with the -\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fRfor details) +\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fR for details) Example: \fBpdbedit -l -w\fR @@ -178,7 +178,7 @@ the Samba suite. .SH "SEE ALSO" .PP -smbpasswd(8), +smbpasswd(8) samba(7) .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/rpcclient.1 samba-2.2.6/docs/manpages/rpcclient.1 --- samba-2.2.5/docs/manpages/rpcclient.1 Fri May 3 01:02:05 2002 +++ samba-2.2.6/docs/manpages/rpcclient.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "RPCCLIENT" "1" "02 May 2002" "" "" +.TH "RPCCLIENT" "1" "03 September 2002" "" "" .SH NAME rpcclient \- tool for executing client side MS-RPC functions .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBrpcclient\fR [ \fB-A authfile\fR ] [ \fB-c \fR ] [ \fB-d debuglevel\fR ] [ \fB-h\fR ] [ \fB-l logfile\fR ] [ \fB-N\fR ] [ \fB-s \fR ] [ \fB-U username[%password]\fR ] [ \fB-W workgroup\fR ] [ \fB-N\fR ] \fBserver\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBrpcclient\fR is a utility initially developed to test MS-RPC functionality in Samba itself. It has undergone @@ -23,7 +23,7 @@ \fBserver\fR NetBIOS name of Server to which to connect. The server can be any SMB/CIFS server. The name is -resolved using the \fIname resolve order\fRline from +resolved using the \fIname resolve order\fR line from \fIsmb.conf(5)\fR. .TP \fB-A filename\fR diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/samba.7 samba-2.2.6/docs/manpages/samba.7 --- samba-2.2.5/docs/manpages/samba.7 Fri May 3 01:02:05 2002 +++ samba-2.2.6/docs/manpages/samba.7 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SAMBA" "7" "02 May 2002" "" "" +.TH "SAMBA" "7" "03 September 2002" "" "" .SH NAME SAMBA \- A Windows SMB/CIFS fileserver for UNIX .SH SYNOPSIS @@ -125,7 +125,7 @@ .PP In addition, several commercial organizations now help fund the Samba Team with money and equipment. For details see -the Samba Web pages at http://samba.org/samba/samba-thanks.html. +the Samba Web pages at http://samba.org/samba/samba-thanks.html .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smb.conf.5 samba-2.2.6/docs/manpages/smb.conf.5 --- samba-2.2.5/docs/manpages/smb.conf.5 Wed Jun 19 01:13:19 2002 +++ samba-2.2.6/docs/manpages/smb.conf.5 Wed Oct 16 04:30:50 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMB.CONF" "5" "17 June 2002" "" "" +.TH "SMB.CONF" "5" "15 October 2002" "" "" .SH NAME smb.conf \- The configuration file for the Samba suite .SH "SYNOPSIS" @@ -13,7 +13,7 @@ runtime configuration information for the Samba programs. The \fIsmb.conf\fR file is designed to be configured and administered by the \fBswat(8)\fR -program. The complete description of the file format and + program. The complete description of the file format and possible parameters held within are here for reference purposes. .SH "FILE FORMAT" .PP @@ -94,7 +94,7 @@ .nf [foo] path = /home/bar - writeable = true + read only = no .sp @@ -110,9 +110,9 @@ .nf [aprinter] path = /usr/spool/public - writeable = false - printable = true - guest ok = true + read only = yes + printable = yes + guest ok = yes .sp @@ -180,7 +180,7 @@ .sp .nf [homes] - writeable = yes + read only = no .sp @@ -1342,6 +1342,9 @@ \fIprinting\fR .TP 0.2i \(bu +\fIprofile acls\fR +.TP 0.2i +\(bu \fIpublic\fR .TP 0.2i \(bu @@ -1396,6 +1399,9 @@ \fIuse client driver\fR .TP 0.2i \(bu +\fIuse sendfile\fR +.TP 0.2i +\(bu \fIuser\fR .TP 0.2i \(bu @@ -1456,7 +1462,7 @@ to the print system and to add the appropriate service definition to the \fIsmb.conf\fR file in order that it can be shared by \fBsmbd(8)\fR -. + The \fIadd printer command\fR is automatically invoked with the following parameter (in @@ -1556,16 +1562,16 @@ \fBadd user script (G)\fR This is the full pathname to a script that will be run \fBAS ROOT\fR by smbd(8) -under special circumstances described below. + under special circumstances described below. Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the -Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users +Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users \fBON DEMAND\fR when a user accesses the Samba server. -In order to use this option, smbd +In order to use this option, smbd must \fBNOT\fR be set to \fIsecurity = share\fR and \fIadd user script\fR must be set to a full pathname for a script that will create a UNIX @@ -1573,7 +1579,7 @@ the UNIX user name to create. When the Windows user attempts to access the Samba server, -at login (session setup in the SMB protocol) time, smbdcontacts the \fIpassword server\fR and +at login (session setup in the SMB protocol) time, smbd contacts the \fIpassword server\fR and attempts to authenticate the given user with the given password. If the authentication succeeds then \fBsmbd\fR attempts to find a UNIX user in the UNIX password database to map the @@ -1616,7 +1622,7 @@ This option only takes effect when the \fIsecurity\fR option is set to server or domain. If it is set to no, then attempts to connect to a resource from -a domain or workgroup other than the one which smbdis running +a domain or workgroup other than the one which smbd is running in will fail, even if that domain is trusted by the remote server doing the authentication. @@ -1633,7 +1639,7 @@ .TP \fBannounce as (G)\fR This specifies what type of server -\fBnmbd\fR +\fBnmbd\fR will announce itself as, to a network neighborhood browse list. By default this is set to Windows NT. The valid options are : "NT Server" (which can also be written as "NT"), @@ -1672,8 +1678,8 @@ \fBbind interfaces only (G)\fR This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests. If -affects file service smbd(8)and -name service nmbd(8)in slightly +affects file service smbd(8) and +name service nmbd(8) in slightly different ways. For name service it causes \fBnmbd\fR to bind @@ -1702,8 +1708,8 @@ If \fIbind interfaces only\fR is set then unless the network address \fB127.0.0.1\fR is added -to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR -and \fBswat(8)\fRmay +to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR +and \fBswat(8)\fR may not work as expected due to the reasons covered below. To change a users SMB password, the \fBsmbpasswd\fR @@ -1714,7 +1720,7 @@ \fIinterfaces\fR parameter list then \fB smbpasswd\fR will fail to connect in it's default mode. \fBsmbpasswd\fR can be forced to use the primary IP interface of the local host by using its \fI-r remote machine\fR -parameter, with \fIremote machine\fR set + parameter, with \fIremote machine\fR set to the IP name of the primary interface of the local host. The \fBswat\fR status page tries to connect with @@ -1727,7 +1733,7 @@ Default: \fBbind interfaces only = no\fR .TP \fBblock size (S)\fR -This parameter controls the behavior of smbd(8)when reporting disk free sizes. +This parameter controls the behavior of smbd(8) when reporting disk free sizes. By default, this reports a disk block size of 1024 bytes. Changing this parameter may have some effect on the @@ -1745,7 +1751,7 @@ Example: \fBblock size = 65536\fR .TP \fBblocking locks (S)\fR -This parameter controls the behavior of smbd(8)when given a request by a client +This parameter controls the behavior of smbd(8) when given a request by a client to obtain a byte range lock on a region of an open file, and the request has a time limit associated with it. @@ -1754,7 +1760,7 @@ queue the lock request, and periodically attempt to obtain the lock until the timeout period expires. -If this parameter is set to false, then +If this parameter is set to no, then Samba 2.2 will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained. @@ -1765,9 +1771,9 @@ See the \fI browseable\fR. .TP \fBbrowse list (G)\fR -This controls whether \fBsmbd(8)\fRwill serve a browse list to +This controls whether \fBsmbd(8)\fR will serve a browse list to a client doing a \fBNetServerEnum\fR call. Normally -set to true. You should never need to change +set to yes. You should never need to change this. Default: \fBbrowse list = yes\fR @@ -1791,7 +1797,7 @@ This SMB allows a client to tell a server to "watch" a particular directory for any changes and only reply to the SMB request when a change has occurred. Such constant scanning of -a directory is expensive under UNIX, hence an \fBsmbd(8)\fRdaemon only performs such a scan +a directory is expensive under UNIX, hence an \fBsmbd(8)\fR daemon only performs such a scan on each requested directory once every \fIchange notify timeout\fR seconds. @@ -1848,7 +1854,7 @@ .PP .TP \fBcharacter set (G)\fR -This allows smbdto map incoming filenames +This allows smbd to map incoming filenames from a DOS Code page (see the client code page parameter) to several built in UNIX character sets. The built in code page translations are: @@ -1919,10 +1925,10 @@ Windows NT releases is code page 437. The default for western European releases of the above operating systems is code page 850. -This parameter tells smbd(8) +This parameter tells smbd(8) which of the \fIcodepage.XXX \fRfiles to dynamically load on startup. These files, -described more fully in the manual page \fBmake_smbcodepage(1)\fR, tell \fB smbd\fR how to map lower to upper case characters to provide +described more fully in the manual page \fBmake_smbcodepage(1)\fR tell \fB smbd\fR how to map lower to upper case characters to provide the case insensitivity of filenames that Windows clients expect. Samba currently ships with the following code page files : @@ -2189,7 +2195,7 @@ .TP \fBdebug pid (G)\fR When using only one log file for more then one -forked smbd-process there may be hard to follow which process +forked smbdprocess there may be hard to follow which process outputs which message. This boolean parameter is adds the process-id to the timestamp message headers in the logfile when turned on. @@ -2368,7 +2374,7 @@ .TP \fBdelete user script (G)\fR This is the full pathname to a script that will -be run \fBAS ROOT\fR by \fBsmbd(8)\fRunder special circumstances +be run \fBAS ROOT\fR by \fBsmbd(8)\fR under special circumstances described below. Normally, a Samba server requires that UNIX users are @@ -2416,11 +2422,11 @@ This option is used when Samba is attempting to delete a directory that contains one or more vetoed directories (see the \fIveto files\fR -option). If this option is set to false (the default) then if a vetoed +option). If this option is set to no (the default) then if a vetoed directory contains any non-vetoed files or directories then the directory delete will fail. This is usually what you want. -If this option is set to true, then Samba +If this option is set to yes, then Samba will attempt to recursively delete any files and directories within the vetoed directory. This can be useful for integration with file serving systems such as NetAtalk which create meta-files within @@ -2589,7 +2595,7 @@ Default : \fBdisable spoolss = no\fR .TP \fBdns proxy (G)\fR -Specifies that nmbd(8) +Specifies that nmbd(8) when acting as a WINS server and finding that a NetBIOS name has not been registered, should treat the NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server for that name on behalf of @@ -2642,7 +2648,7 @@ Example: \fBdomain guest group = nobody @guest\fR .TP \fBdomain logons (G)\fR -If set to true, the Samba server will serve +If set to yes, the Samba server will serve Windows 95/98 Domain logons for the \fIworkgroup\fR it is in. Samba 2.2 also has limited capability to act as a domain controller for Windows NT 4 Domains. For more details on setting up this feature see @@ -2652,13 +2658,13 @@ Default: \fBdomain logons = no\fR .TP \fBdomain master (G)\fR -Tell \fB nmbd(8)\fRto enable WAN-wide browse list +Tell \fB nmbd(8)\fR to enable WAN-wide browse list collation. Setting this option causes \fBnmbd\fR to claim a special domain specific NetBIOS name that identifies it as a domain master browser for its given \fIworkgroup\fR. Local master browsers in the same \fIworkgroup\fR on broadcast-isolated subnets will give this \fBnmbd\fR their local browse lists, -and then ask \fBsmbd(8)\fR +and then ask \fBsmbd(8)\fR for a complete copy of the browse list for the whole wide area network. Browser clients will then contact their local master browser, and will receive the domain-wide browse list, instead of just the list @@ -2718,7 +2724,7 @@ for a share causes Samba to round the reported time down to the nearest two second boundary when a query call that requires one second resolution is made to \fBsmbd(8)\fR -. + This option is mainly used as a compatibility option for Visual C++ when used against Samba shares. If oplocks are enabled on a @@ -2739,7 +2745,7 @@ only the owner of the file or root may change the timestamp. By default, Samba runs with POSIX semantics and refuses to change the timestamp on a file if the user \fBsmbd\fR is acting -on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbdwill change the file +on behalf of is not the file owner. Setting this option to yes allows DOS semantics and smbd will change the file timestamp as DOS requires. Default: \fBdos filetimes = no\fR @@ -2753,9 +2759,9 @@ directory \fIdocs/\fR shipped with the source code. In order for encrypted passwords to work correctly -\fBsmbd(8)\fRmust either +\fBsmbd(8)\fR must either have access to a local \fIsmbpasswd(5) -\fRprogram for information on how to set up +\fR program for information on how to set up and maintain this file), or set the security = [server|domain] parameter which causes \fBsmbd\fR to authenticate against another server. @@ -2843,7 +2849,7 @@ cache file data. With some oplock types the client may even cache file open/close operations. This can give enormous performance benefits. -When you set \fBfake oplocks = yes\fR, \fBsmbd(8)\fRwill +When you set \fBfake oplocks = yes\fR, \fBsmbd(8)\fR will always grant oplock requests no matter how many clients are using the file. @@ -2862,7 +2868,7 @@ .TP \fBfollow symlinks (S)\fR This parameter allows the Samba administrator -to stop \fBsmbd(8)\fR +to stop \fBsmbd(8)\fR from following symbolic links in a particular share. Setting this parameter to no prevents any file or directory that is a symbolic link from being followed (the user will get an @@ -2923,7 +2929,7 @@ permissions set for 'group' and 'other' as well as the read/write/execute bits set for the 'user'. .TP -\fBforce directory security mode (S)\fR +\fBforce directory\fR This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating the UNIX permission on a directory using the native NT security dialog box. @@ -3065,7 +3071,7 @@ This parameter allows the administrator to configure the string that specifies the type of filesystem a share is using that is reported by \fBsmbd(8) -\fRwhen a client queries the filesystem type +\fR when a client queries the filesystem type for a share. The default type is NTFS for compatibility with Windows NT but this can be changed to other strings such as Samba or FAT @@ -3080,7 +3086,7 @@ caching algorithm will be used to reduce the time taken for getwd() calls. This can have a significant impact on performance, especially when the \fIwide links\fR -parameter is set to false. +parameter is set to no. Default: \fBgetwd cache = yes\fR .TP @@ -3179,7 +3185,7 @@ .TP \fBhomedir map (G)\fR If\fInis homedir -\fRis true, and \fBsmbd(8)\fRis also acting +\fRis yes, and \fBsmbd(8)\fR is also acting as a Win95/98 \fIlogon server\fR then this parameter specifies the NIS (or YP) map from which the server for the user's home directory should be extracted. At present, only the Sun @@ -3211,7 +3217,7 @@ See also the \fI msdfs root\fR share level parameter. For more information on setting up a Dfs tree on Samba, -refer to msdfs_setup.html. +refer to msdfs_setup.html Default: \fBhost msdfs = no\fR .TP @@ -3264,7 +3270,7 @@ Note that access still requires suitable user-level passwords. See \fBtestparm(1)\fR -for a way of testing your host access to see if it does + for a way of testing your host access to see if it does what you expect. Default: \fBnone (i.e., all hosts permitted access) @@ -3468,7 +3474,7 @@ Kernel oplocks support allows Samba \fIoplocks \fRto be broken whenever a local UNIX process or NFS operation accesses a file that \fBsmbd(8)\fR -has oplocked. This allows complete data consistency between + has oplocked. This allows complete data consistency between SMB/CIFS, NFS and local file access (and is a \fBvery\fR cool feature :-). @@ -3483,7 +3489,7 @@ Default: \fBkernel oplocks = yes\fR .TP \fBlanman auth (G)\fR -This parameter determines whether or not smbdwill +This parameter determines whether or not smbd will attempt to authenticate users using the LANMAN password hash. If disabled, only clients which support NT password hashes (e.g. Windows NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS @@ -3497,10 +3503,10 @@ with Windows 2000. Note that due to Windows 2000 client redirector bugs this requires Samba to be running on a 64-bit capable operating system such as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with -Windows 2000 clients. Defaults to off. Not as tested as some other Samba -code paths. +Windows 2000 clients. Defaults to on. Windows NT 4.0 only supports +read version of this call, and ignores the write version. -Default : \fBlarge readwrite = no\fR +Default : \fBlarge readwrite = yes\fR .TP \fBldap admin dn (G)\fR This parameter is only available if Samba has been @@ -3513,7 +3519,7 @@ server when retreiving user account information. The \fIldap admin dn\fR is used in conjunction with the admin dn password stored in the \fIprivate/secrets.tdb\fR file. See the -\fBsmbpasswd(8)\fRman +\fBsmbpasswd(8)\fR man page for more information on how to accmplish this. Default : \fBnone\fR @@ -3616,7 +3622,7 @@ oplocks\fR are supported then level2 oplocks are not granted (even if this parameter is set to yes). Note also, the \fIoplocks\fR -parameter must be set to true on this share in order for +parameter must be set to yes on this share in order for this parameter to have any effect. See also the \fIoplocks\fR @@ -3626,13 +3632,13 @@ Default: \fBlevel2 oplocks = yes\fR .TP \fBlm announce (G)\fR -This parameter determines if \fBnmbd(8)\fRwill produce Lanman announce +This parameter determines if \fBnmbd(8)\fR will produce Lanman announce broadcasts that are needed by OS/2 clients in order for them to see the Samba server in their browse list. This parameter can have three -values, true, false, or +values, yes, no, or auto. The default is auto. -If set to false Samba will never produce these -broadcasts. If set to true Samba will produce +If set to no Samba will never produce these +broadcasts. If set to yes Samba will produce Lanman announce broadcasts at a frequency set by the parameter \fIlm interval\fR. If set to auto Samba will not send Lanman announce broadcasts by default but will @@ -3671,14 +3677,14 @@ Default: \fBload printers = yes\fR .TP \fBlocal master (G)\fR -This option allows \fB nmbd(8)\fRto try and become a local master browser -on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser +This option allows \fB nmbd(8)\fR to try and become a local master browser +on a subnet. If set to no then \fB nmbd\fR will not attempt to become a local master browser on a subnet and will also lose in all browsing elections. By -default this value is set to true. Setting this value to true doesn't +default this value is set to yes. Setting this value to yes doesn't mean that Samba will \fBbecome\fR the local master browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser. -Setting this value to false will cause \fBnmbd\fR +Setting this value to no will cause \fBnmbd\fR \fBnever\fR to become a local master browser. Default: \fBlocal master = yes\fR @@ -4050,14 +4056,14 @@ \fBmachine password timeout (G)\fR If a Samba server is a member of a Windows NT Domain (see the security = domain) -parameter) then periodically a running smbd(8)process will try and change the MACHINE ACCOUNT +parameter) then periodically a running smbd(8) process will try and change the MACHINE ACCOUNT PASSWORD stored in the TDB called \fIprivate/secrets.tdb \fR\&. This parameter specifies how often this password will be changed, in seconds. The default is one week (expressed in seconds), the same as a Windows NT Domain member server. See also \fBsmbpasswd(8) -\fR, and the security = domain) parameter. +\fR and the security = domain) parameter. Default: \fBmachine password timeout = 604800\fR .TP @@ -4230,7 +4236,7 @@ .TP \fBmangled stack (G)\fR This parameter controls the number of mangled names -that should be cached in the Samba server smbd(8). +that should be cached in the Samba server smbd(8) This stack is a list of recently mangled base names (extensions are only maintained if they are longer than 3 characters @@ -4313,7 +4319,7 @@ and domain. This parameter can take three different values, which tell -smbd(8)what to do with user +smbd(8) what to do with user login requests that don't match a valid UNIX user in some way. The three settings are : @@ -4421,7 +4427,7 @@ .TP \fBmax open files (G)\fR This parameter limits the maximum number of -open files that one smbd(8)file +open files that one smbd(8) file serving process may have open for a client at any one time. The default for this parameter is set very high (10,000) as Samba uses only one bit per unopened file. @@ -4435,7 +4441,7 @@ \fBmax print jobs (S)\fR This parameter limits the maximum number of jobs allowable in a Samba printer queue at any given moment. -If this number is exceeded, \fB smbd(8)\fRwill remote "Out of Space" to the client. +If this number is exceeded, \fB smbd(8)\fR will remote "Out of Space" to the client. See all \fItotal print jobs\fR. @@ -4492,7 +4498,7 @@ as a stopgap to prevent degrading service to clients in the event that the server has insufficient resources to handle more than this number of connections. Remember that under normal operating -conditions, each user will have an smbdassociated with him or her +conditions, each user will have an smbd associated with him or her to handle connections to all shares from a given host. Default: \fBmax smbd processes = 0\fR ## no limit @@ -4510,7 +4516,7 @@ .TP \fBmax wins ttl (G)\fR This option tells nmbd(8) -when acting as a WINS server ( \fIwins support = yes\fR) what the maximum + when acting as a WINS server ( \fIwins support = yes\fR) what the maximum \&'time to live' of NetBIOS names that \fBnmbd\fR will grant will be (in seconds). You should never need to change this parameter. The default is 6 days (518400 seconds). @@ -4522,11 +4528,13 @@ .TP \fBmax xmit (G)\fR This option controls the maximum packet size -that will be negotiated by Samba. The default is 65535, which -is the maximum. In some cases you may find you get better performance +that will be negotiated by Samba. The default in Samba 2.2.6 is +now 16644 (changed from 65535 in earlier releases) which matches +Windows 2000. This allows better performance with Windows NT clients. +The maximum is 65535. In some cases you may find you get better performance with a smaller value. A value below 2048 is likely to cause problems. -Default: \fBmax xmit = 65535\fR +Default: \fBmax xmit = 16644\fR Example: \fBmax xmit = 8192\fR .TP @@ -4665,7 +4673,7 @@ links of the form \fImsdfs:serverA\\shareA,serverB\\shareB \fRand so on. For more information on setting up a Dfs tree on Samba, refer to msdfs_setup.html -. + See also \fIhost msdfs \fR @@ -4684,7 +4692,7 @@ \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu @@ -4722,7 +4730,7 @@ .PP .TP \fBnetbios aliases (G)\fR -This is a list of NetBIOS names that nmbd(8)will advertise as additional +This is a list of NetBIOS names that nmbd(8) will advertise as additional names by which the Samba server is known. This allows one machine to appear in browse lists under multiple names. If a machine is acting as a browse server or logon server none @@ -4786,7 +4794,7 @@ .TP \fBnt acl support (S)\fR This boolean parameter controls whether -smbd(8)will attempt to map +smbd(8) will attempt to map UNIX permissions into Windows NT access control lists. This parameter was formally a global parameter in releases prior to 2.2.2. @@ -4795,7 +4803,7 @@ .TP \fBnt pipe support (G)\fR This boolean parameter controls whether -smbd(8)will allow Windows NT +smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ pipes. This is a developer debugging option and can be left alone. @@ -4803,7 +4811,7 @@ Default: \fBnt pipe support = yes\fR .TP \fBnt smb support (G)\fR -This boolean parameter controls whether smbd(8)will negotiate NT specific SMB +This boolean parameter controls whether smbd(8) will negotiate NT specific SMB support with Windows NT/2k/XP clients. Although this is a developer debugging option and should be left alone, benchmarking has discovered that Windows NT clients give faster performance with this option @@ -4818,7 +4826,7 @@ Default: \fBnt smb support = yes\fR .TP \fBnt status support (G)\fR -This boolean parameter controls whether smbd(8)will negotiate NT specific status +This boolean parameter controls whether smbd(8) will negotiate NT specific status support with Windows NT/2k/XP clients. This is a developer debugging option and should be left alone. If this option is set to no then Samba offers @@ -4833,7 +4841,7 @@ Allow or disallow client access to accounts that have null passwords. -See also smbpasswd (5). +See also smbpasswd (5) Default: \fBnull passwords = no\fR .TP @@ -4890,11 +4898,11 @@ .TP \fBoplock contention limit (S)\fR This is a \fBvery\fR advanced -smbd(8)tuning option to +smbd(8) tuning option to improve the efficiency of the granting of oplocks under multiple client contention for the same file. -In brief it specifies a number, which causes smbdnot to +In brief it specifies a number, which causes smbd not to grant an oplock even when requested if the approximate number of clients contending for an oplock on the same file goes over this limit. This causes \fBsmbd\fR to behave in a similar @@ -4931,7 +4939,7 @@ \fBos level (G)\fR This integer value controls what level Samba advertises itself as for browse elections. The value of this -parameter determines whether nmbd(8) +parameter determines whether nmbd(8) has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area. \fBNote :\fRBy default, Samba will win @@ -4960,9 +4968,9 @@ The need for the file is due to the printer driver namespace problem described in the Samba -Printing HOWTO. For more details on OS/2 clients, please +Printing HOWTO For more details on OS/2 clients, please refer to the OS2-Client-HOWTO -containing in the Samba documentation. + containing in the Samba documentation. Default: \fBos2 driver map = \fR.TP @@ -4980,7 +4988,7 @@ .TP \fBpanic action (G)\fR This is a Samba developer option that allows a -system command to be called when either smbd(8) +system command to be called when either smbd(8) crashes. This is usually used to draw attention to the fact that a problem occurred. @@ -4990,9 +4998,9 @@ .TP \fBpasswd chat (G)\fR This string controls the \fB"chat"\fR -conversation that takes places between smbdand the local password changing +conversation that takes places between smbd and the local password changing program to change the user's password. The string describes a -sequence of response-receive pairs that smbd(8)uses to determine what to send to the +sequence of response-receive pairs that smbd(8) uses to determine what to send to the \fIpasswd program\fR and what to expect back. If the expected output is not received then the password is not changed. @@ -5023,7 +5031,7 @@ if the expect string is a full stop then no string is expected. If the \fIpam -password change\fR parameter is set to true, the chat pairs +password change\fR parameter is set to yes, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular output. The \\n macro is ignored for PAM conversions. @@ -5041,7 +5049,7 @@ This boolean specifies if the passwd chat script parameter is run in \fBdebug\fR mode. In this mode the strings passed to and received from the passwd chat are printed -in the smbd(8)log with a +in the smbd(8) log with a \fIdebug level\fR of 100. This is a dangerous option as it will allow plaintext passwords to be seen in the \fBsmbd\fR log. It is available to help @@ -5071,10 +5079,10 @@ it. \fBNote\fR that if the \fIunix -password sync\fR parameter is set to true +password sync\fR parameter is set to yes then this program is called \fBAS ROOT\fR before the SMB password in the smbpasswd(5) -file is changed. If this UNIX password change fails, then + file is changed. If this UNIX password change fails, then \fBsmbd\fR will fail to change the SMB password also (this is by design). @@ -5082,7 +5090,7 @@ is set this parameter \fBMUST USE ABSOLUTE PATHS\fR for \fBALL\fR programs called, and must be examined for security implications. Note that by default \fIunix -password sync\fR is set to false. +password sync\fR is set to no. See also \fIunix password sync\fR. @@ -5321,10 +5329,10 @@ Default: \fBpreexec close = no\fR .TP \fBpreferred master (G)\fR -This boolean parameter controls if nmbd(8)is a preferred master browser +This boolean parameter controls if nmbd(8) is a preferred master browser for its workgroup. -If this is set to true, on startup, \fBnmbd\fR +If this is set to yes, on startup, \fBnmbd\fR will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with \fB\fI domain master\fB = yes\fR, so that \fB nmbd\fR can guarantee becoming a domain master. @@ -5463,7 +5471,7 @@ Note that a printable service will ALWAYS allow writing to the service path (user privileges permitting) via the spooling -of print data. The \fIwriteable +of print data. The \fIread only \fRparameter controls only non-printing access to the resource. @@ -5533,7 +5541,7 @@ parameter and will be removed in the next major release following version 2.2. Please see the instructions in the Samba 2.2. Printing -HOWTOfor more information +HOWTO for more information on the new method of loading printer drivers onto a Samba server. This option allows you to control the string @@ -5559,7 +5567,7 @@ parameter and will be removed in the next major release following version 2.2. Please see the instructions in the Samba 2.2. Printing -HOWTOfor more information +HOWTO for more information on the new method of loading printer drivers onto a Samba server. This parameter tells Samba where the printer driver @@ -5587,7 +5595,7 @@ parameter and will be removed in the next major release following version 2.2. Please see the instructions in the Samba 2.2. Printing -HOWTOfor more information +HOWTO for more information on the new method of loading printer drivers onto a Samba server. This parameter tells clients of a particular printer @@ -5641,12 +5649,40 @@ and CUPS. To see what the defaults are for the other print -commands when using the various options use the testparm(1)program. +commands when using the various options use the testparm(1) program. This option can be set on a per printer basis See also the discussion in the [printers] section. .TP +\fBprofile acls (S)\fR +This boolean parameter was added to fix the problems that people have been +having with storing user profiles on Samba shares from Windows 2000 or +Windows XP clients. New versions of Windows 2000 or Windows XP service +packs do security ACL checking on the owner and ability to write of the +profile directory stored on a local workstation when copied from a Samba +share. When not in domain mode with winbindd then the security info copied +onto the local workstation has no meaning to the logged in user (SID) on +that workstation so the profile storing fails. Adding this parameter +onto a share used for profile storage changes two things about the +returned Windows ACL. Firstly it changes the owner and group owner +of all reported files and directories to be BUILTIN\\Administrators, +BUILTIN\\Users respectively (SIDs S-1-5-32-544, S-1-5-32-545). Secondly +it adds an ACE entry of "Full Control" to the SID BUILTIN\\Users to +every returned ACL. This will allow any Windows 2000 or XP workstation +user to access the profile. Note that if you have multiple users logging +on to a workstation then in order to prevent them from being able to access +each others profiles you must remove the "Bypass traverse checking" advanced +user right. This will prevent access to other users profile directories as +the top level profile directory (named after the user) is created by the +workstation profile code and has an ACL restricting entry to the directory +tree to the owning user. + +If you didn't understand the above text, you probably should not set +this parameter :-). + +Default \fBprofile acls = no\fR +.TP \fBprotocol (G)\fR Synonym for \fImax protocol\fR. .TP @@ -5704,7 +5740,7 @@ Example: \fBqueuepause command = enable %p \fR.TP \fBread bmpx (G)\fR -This boolean parameter controls whether smbd(8)will support the "Read +This boolean parameter controls whether smbd(8) will support the "Read Block Multiplex" SMB. This is now rarely used and defaults to no. You should never need to set this parameter. @@ -5714,7 +5750,7 @@ \fBread list (S)\fR This is a list of users that are given read-only access to a service. If the connecting user is in this list then -they will not be given write access, no matter what the \fIwriteable\fR +they will not be given write access, no matter what the \fIread only\fR option is set to. The list can include group names using the syntax described in the \fI invalid users\fR parameter. @@ -5726,7 +5762,17 @@ Example: \fBread list = mary, @students\fR .TP \fBread only (S)\fR -Note that this is an inverted synonym for \fIwriteable\fR. +An inverted synonym is \fIwriteable\fR. + +If this parameter is yes, then users +of a service may not create or modify files in the service's +directory. + +Note that a printable service (\fBprintable = yes\fR) +will \fBALWAYS\fR allow writing to the directory +(user privileges permitting), but only via spooling operations. + +Default: \fBread only = yes\fR .TP \fBread raw (G)\fR This parameter controls whether or not the server @@ -5770,7 +5816,7 @@ Example: \fBread size = 8192\fR .TP \fBremote announce (G)\fR -This option allows you to setup nmbd(8)to periodically announce itself +This option allows you to setup nmbd(8) to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name. This is useful if you want your Samba server to appear @@ -5799,7 +5845,7 @@ Default: \fBremote announce = \fR.TP \fBremote browse sync (G)\fR -This option allows you to setup nmbd(8)to periodically request +This option allows you to setup nmbd(8) to periodically request synchronization of browse lists with the master browser of a Samba server that is on a remote segment. This option will allow you to gain browse lists for multiple workgroups across routed networks. This @@ -5828,10 +5874,10 @@ Default: \fBremote browse sync = \fR.TP \fBrestrict anonymous (G)\fR -This is a boolean parameter. If it is true, then +This is a boolean parameter. If it is yes, then anonymous access to the server will be restricted, namely in the case where the server is expecting the client to send a username, -but it doesn't. Setting it to true will force these anonymous +but it doesn't. Setting it to yes will force these anonymous connections to be denied, and the client will be required to always supply a username and password when connecting. Use of this parameter is only recommended for homogeneous NT client environments. @@ -5841,7 +5887,7 @@ likes to use anonymous connections when refreshing the share list, and this is a way to work around that. -When restrict anonymous is true, all anonymous connections +When restrict anonymous is yes, all anonymous connections are denied no matter what they are for. This can effect the ability of a machine to access the Samba Primary Domain Controller to revalidate its machine account after someone else has logged on the client @@ -5920,7 +5966,7 @@ The option sets the "security mode bit" in replies to protocol negotiations with smbd(8) -to turn share level security on or off. Clients decide + to turn share level security on or off. Clients decide based on this bit whether (and how) to transfer user and password information to the server. @@ -6096,9 +6142,9 @@ \fBSECURITY = DOMAIN \fR.PP .PP -This mode will only work correctly if smbpasswd(8)has been used to add this +This mode will only work correctly if smbpasswd(8) has been used to add this machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR -parameter to be set to true. In this +parameter to be set to yes. In this mode Samba will try to validate the username/password by passing it to a Windows NT Primary or Backup Domain Controller, in exactly the same way that a Windows NT Server would do. @@ -6474,7 +6520,7 @@ system and the configure option \fB--with-ssl\fR was given at configure time. -The certificate in this file is used by \fBsmbclient(1)\fRif it exists. It's needed +The certificate in this file is used by \fBsmbclient(1)\fR if it exists. It's needed if the server requires a client certificate. Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem @@ -6485,7 +6531,7 @@ system and the configure option \fB--with-ssl\fR was given at configure time. -This is the private key for \fBsmbclient(1)\fR. It's only needed if the +This is the private key for \fBsmbclient(1)\fR It's only needed if the client should have a certificate. Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem @@ -6603,7 +6649,7 @@ If this variable is set to yes, the \fBsmbclient(1)\fR -will request a certificate from the server. Same as + will request a certificate from the server. Same as \fIssl require clientcert\fR for the server. @@ -6653,7 +6699,7 @@ Default: \fBssl version = "ssl2or3"\fR .TP \fBstat cache (G)\fR -This parameter determines if smbd(8)will use a cache in order to +This parameter determines if smbd(8) will use a cache in order to speed up case insensitive name mappings. You should never need to change this parameter. @@ -6719,7 +6765,7 @@ all outstanding data in kernel disk buffers has been safely stored onto stable storage. This is very slow and should only be done rarely. Setting this parameter to no (the -default) means that smbdignores the Windows applications requests for +default) means that smbd ignores the Windows applications requests for a sync call. There is only a possibility of losing data if the operating system itself that Samba is running on crashes, so there is little danger in this default setting. In addition, this fixes many @@ -6743,10 +6789,10 @@ \fBsync always (S)\fR This is a boolean parameter that controls whether writes will always be written to stable storage before -the write call returns. If this is false then the server will be +the write call returns. If this is no then the server will be guided by the client's request in each write call (clients can set a bit indicating that a particular write should be synchronous). -If this is true then every write will be followed by a \fBfsync() +If this is yes then every write will be followed by a \fBfsync() \fRcall to ensure the data is written to disk. Note that the \fIstrict sync\fR parameter must be set to yes in order for this parameter to have @@ -6780,7 +6826,7 @@ .TP \fBtemplate homedir (G)\fR When filling out the user information for a Windows NT -user, the winbindd(8)daemon +user, the winbindd(8) daemon uses this parameter to fill in the home directory for that user. If the string \fI%D\fR is present it is substituted with the user's Windows NT domain name. If the string \fI%U @@ -6791,7 +6837,7 @@ .TP \fBtemplate shell (G)\fR When filling out the user information for a Windows NT -user, the winbindd(8)daemon +user, the winbindd(8) daemon uses this parameter to fill in the login shell for that user. Default: \fBtemplate shell = /bin/false\fR @@ -6808,7 +6854,7 @@ .TP \fBtime server (G)\fR This parameter determines if -nmbd(8)advertises itself as a time server to Windows +nmbd(8) advertises itself as a time server to Windows clients. Default: \fBtime server = no\fR @@ -6820,7 +6866,7 @@ This parameter accepts an integer value which defines a limit on the maximum number of print jobs that will be accepted system wide at any given time. If a print job is submitted -by a client which will exceed this number, then smbdwill return an +by a client which will exceed this number, then smbd will return an error indicating that no space is available on the server. The default value of 0 means that no such limit exists. This parameter can be used to prevent a server from exceeding its capacity and is @@ -6833,9 +6879,9 @@ .TP \fBunix extensions(G)\fR This boolean parameter controls whether Samba -implments the CIFS UNIX extensions, as defined by HP. These -extensions enable CIFS to server UNIX clients to UNIX servers -better, and allow such things as symbolic links, hard links etc. +implments the CIFS UNIX extensions, as defined by HP. +These extensions enable Samba to better serve UNIX CIFS clients +by supporting features such as symbolic links, hard links, etc... These extensions require a similarly enabled client, and are of no current use to Windows clients. @@ -6845,7 +6891,7 @@ This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. -If this is set to true the program specified in the \fIpasswd +If this is set to yes the program specified in the \fIpasswd program\fRparameter is called \fBAS ROOT\fR - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password change code has no @@ -6918,7 +6964,7 @@ This global parameter determines if the tdb internals of Samba can depend on mmap working correctly on the running system. Samba requires a coherent mmap/read-write system memory cache. Currently only HPUX does not have such a -coherent cache, and so this parameter is set to false by +coherent cache, and so this parameter is set to no by default on HPUX. On all other systems this parameter should be left alone. This parameter is provided to help the Samba developers track down problems with the tdb internal code. @@ -6926,7 +6972,7 @@ Default: \fBuse mmap = yes\fR .TP \fBuse rhosts (G)\fR -If this global parameter is true, it specifies +If this global parameter is yes, it specifies that the UNIX user's \fI.rhosts\fR file in their home directory will be read to find the names of hosts and users who will be allowed access without specifying a password. @@ -6976,7 +7022,7 @@ can use the \fIvalid users \fRparameter. -If any of the usernames begin with a '@' then the name +If any of the usernames begin with a '@' then the name will be looked up first in the NIS netgroups list (if Samba is compiled with netgroup support), followed by a lookup in the UNIX groups database and will expand to a list of all users @@ -7111,9 +7157,20 @@ Example: \fBusername map = /usr/local/samba/lib/users.map \fR.TP +\fBuse sendfile (S)\fR +If this parameter is yes, and Samba +was built with the --with-sendfile-support option, and the underlying operating +system supports sendfile system call, then some SMB read calls (mainly ReadAndX +and ReadRaw) will use the more efficient sendfile system call for files that +are exclusively oplocked. This may make more efficient use of the system CPU's +and cause Samba to be faster. This is off by default as it's effects are unknown +as yet. + +Default: \fBuse sendfile = no\fR +.TP \fButmp (G)\fR This boolean parameter is only available if -Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to true then Samba will attempt +Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to yes then Samba will attempt to add utmp or utmpx records (depending on the UNIX system) whenever a connection is made to a Samba server. Sites may use this to record the user connecting to a Samba share. @@ -7315,7 +7372,7 @@ .TP \fBwinbind cache time (G)\fR This parameter specifies the number of seconds the -winbindd(8)daemon will cache +winbindd(8) daemon will cache user and group information before querying a Windows NT server again. @@ -7323,13 +7380,13 @@ .TP \fBwinbind enum users (G)\fR On large installations using -winbindd(8)it may be +winbindd(8) it may be necessary to suppress the enumeration of users through the \fBsetpwent()\fR, \fBgetpwent()\fR and \fBendpwent()\fR group of system calls. If the \fIwinbind enum users\fR parameter is -false, calls to the \fBgetpwent\fR system call +no, calls to the \fBgetpwent\fR system call will not return any data. \fBWarning:\fR Turning off user @@ -7342,13 +7399,13 @@ .TP \fBwinbind enum groups (G)\fR On large installations using -winbindd(8)it may be +winbindd(8) it may be necessary to suppress the enumeration of groups through the \fBsetgrent()\fR, \fBgetgrent()\fR and \fBendgrent()\fR group of system calls. If the \fIwinbind enum groups\fR parameter is -false, calls to the \fBgetgrent()\fR system +no, calls to the \fBgetgrent()\fR system call will not return any data. \fBWarning:\fR Turning off group @@ -7358,7 +7415,7 @@ .TP \fBwinbind gid (G)\fR The winbind gid parameter specifies the range of group -ids that are allocated by the winbindd(8)daemon. This range of group ids should have no +ids that are allocated by the winbindd(8) daemon. This range of group ids should have no existing local or NIS groups within it as strange conflicts can occur otherwise. @@ -7383,7 +7440,7 @@ .TP \fBwinbind uid (G)\fR The winbind gid parameter specifies the range of group -ids that are allocated by the winbindd(8)daemon. This range of ids should have no +ids that are allocated by the winbindd(8) daemon. This range of ids should have no existing local or NIS users within it as strange conflicts can occur otherwise. @@ -7400,9 +7457,9 @@ own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail function in a way much closer to the way they would in a native unix system. -Default: \fBwinbind use default domain = +Default: \fBwinbind use default domain = \fR -Example: \fBwinbind use default domain = true\fR +Example: \fBwinbind use default domain = yes\fR .TP \fBwins hook (G)\fR When Samba is running as a WINS server this @@ -7451,7 +7508,7 @@ .PP .TP \fBwins proxy (G)\fR -This is a boolean that controls if nmbd(8)will respond to broadcast name +This is a boolean that controls if nmbd(8) will respond to broadcast name queries on behalf of other hosts. You may need to set this to yes for some older clients. @@ -7459,7 +7516,7 @@ .TP \fBwins server (G)\fR This specifies the IP address (or DNS name: IP -address for preference) of the WINS server that nmbd(8)should register with. If you have a WINS server on +address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on your network then you should set this to the WINS server's IP. You should point this at your WINS server if you have a @@ -7478,10 +7535,10 @@ .TP \fBwins support (G)\fR This boolean controls if the -nmbd(8)process in Samba will act as a WINS server. You should -not set this to true unless you have a multi-subnetted network and +nmbd(8) process in Samba will act as a WINS server. You should +not set this to yes unless you have a multi-subnetted network and you wish a particular \fBnmbd\fR to be your WINS server. -Note that you should \fBNEVER\fR set this to true +Note that you should \fBNEVER\fR set this to yes on more than one machine in your network. Default: \fBwins support = no\fR @@ -7528,7 +7585,7 @@ \fBwrite list (S)\fR This is a list of users that are given read-write access to a service. If the connecting user is in this list then -they will be given write access, no matter what the \fIwriteable\fR +they will be given write access, no matter what the \fIread only\fR option is set to. The list can include group names using the @group syntax. @@ -7543,7 +7600,7 @@ Example: \fBwrite list = admin, root, @staff \fR.TP \fBwrite ok (S)\fR -Synonym for \fI writeable\fR. +Inverted synonym for \fI read only\fR. .TP \fBwrite raw (G)\fR This parameter controls whether or not the server @@ -7553,17 +7610,7 @@ Default: \fBwrite raw = yes\fR .TP \fBwriteable (S)\fR -An inverted synonym is \fIread only\fR. - -If this parameter is no, then users -of a service may not create or modify files in the service's -directory. - -Note that a printable service (\fBprintable = yes\fR) -will \fBALWAYS\fR allow writing to the directory -(user privileges permitting), but only via spooling operations. - -Default: \fBwriteable = no\fR +Inverted synonym for \fI read only\fR. .SH "WARNINGS" .PP Although the configuration file permits service names @@ -7573,7 +7620,7 @@ .PP On a similar note, many clients - especially DOS clients - limit service names to eight characters. smbd(8) -has no such limitation, but attempts to connect from such + has no such limitation, but attempts to connect from such clients will fail if they truncate the service names. For this reason you should probably keep your service names down to eight characters in length. @@ -7589,14 +7636,14 @@ the Samba suite. .SH "SEE ALSO" .PP -samba(7), -\fBsmbpasswd(8)\fR, -\fBswat(8)\fR, -\fBsmbd(8)\fR, -\fBnmbd(8)\fR, -\fBsmbclient(1)\fR, -\fBnmblookup(1)\fR, -\fBtestparm(1)\fR, +samba(7) +\fBsmbpasswd(8)\fR +\fBswat(8)\fR +\fBsmbd(8)\fR +\fBnmbd(8)\fR +\fBsmbclient(1)\fR +\fBnmblookup(1)\fR +\fBtestparm(1)\fR \fBtestprns(1)\fR .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbcacls.1 samba-2.2.6/docs/manpages/smbcacls.1 --- samba-2.2.5/docs/manpages/smbcacls.1 Fri May 3 01:02:06 2002 +++ samba-2.2.6/docs/manpages/smbcacls.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCACLS" "1" "02 May 2002" "" "" +.TH "SMBCACLS" "1" "03 September 2002" "" "" .SH NAME smbcacls \- Set or get ACLs on an NT file or directory names .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The \fBsmbcacls\fR program manipulates NT Access Control Lists (ACLs) on SMB file shares. diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbclient.1 samba-2.2.6/docs/manpages/smbclient.1 --- samba-2.2.5/docs/manpages/smbclient.1 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbclient.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCLIENT" "1" "02 May 2002" "" "" +.TH "SMBCLIENT" "1" "03 September 2002" "" "" .SH NAME smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ] [ \fB-b \fR ] [ \fB-d debuglevel\fR ] [ \fB-D Directory\fR ] [ \fB-U username\fR ] [ \fB-W workgroup\fR ] [ \fB-M \fR ] [ \fB-m maxprotocol\fR ] [ \fB-A authfile\fR ] [ \fB-N\fR ] [ \fB-l logfile\fR ] [ \fB-L \fR ] [ \fB-I destinationIP\fR ] [ \fB-E \fR ] [ \fB-c \fR ] [ \fB-i scope\fR ] [ \fB-O \fR ] [ \fB-p port\fR ] [ \fB-R \fR ] [ \fB-s \fR ] [ \fB-TIXFqgbNan\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbclient\fR is a client that can \&'talk' to an SMB/CIFS server. It offers an interface @@ -85,7 +85,7 @@ \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbcontrol.1 samba-2.2.6/docs/manpages/smbcontrol.1 --- samba-2.2.5/docs/manpages/smbcontrol.1 Wed Jun 19 01:13:20 2002 +++ samba-2.2.6/docs/manpages/smbcontrol.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBCONTROL" "1" "29 May 2002" "" "" +.TH "SMBCONTROL" "1" "03 September 2002" "" "" .SH NAME smbcontrol \- send messages to smbd, nmbd or winbindd processes .SH SYNOPSIS @@ -13,12 +13,12 @@ \fBsmbcontrol\fR [ \fB-d \fR ] [ \fB-s \fR ] \fBdestination\fR \fBmessage-type\fR [ \fBparameter\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbcontrol\fR is a very small program, which -sends messages to an smbd(8), +sends messages to an smbd(8) an nmbd(8) -or a winbindd(8) +or a winbindd(8) daemon running on the system. .SH "OPTIONS" .TP @@ -27,7 +27,7 @@ .TP \fB-s \fR This parameter specifies the pathname to -the Samba configuration file, smb.conf(5). This file controls all aspects of +the Samba configuration file, smb.conf(5) This file controls all aspects of the Samba setup on the machine. .TP \fB-i\fR @@ -112,8 +112,8 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBnmbd(8)\fR, -and \fBsmbd(8)\fR. +\fBnmbd(8)\fR +and \fBsmbd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbd.8 samba-2.2.6/docs/manpages/smbd.8 --- samba-2.2.5/docs/manpages/smbd.8 Wed Jun 19 01:13:20 2002 +++ samba-2.2.6/docs/manpages/smbd.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBD" "8" "17 June 2002" "" "" +.TH "SMBD" "8" "03 September 2002" "" "" .SH NAME smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS @@ -26,12 +26,12 @@ server can provide is given in the man page for the configuration file controlling the attributes of those services (see \fIsmb.conf(5) -\fR. This man page will not describe the +\fR This man page will not describe the services, but will concentrate on the administrative aspects of running the server. .PP Please note that there are significant security -implications to running this server, and the \fIsmb.conf(5)\fR +implications to running this server, and the \fIsmb.conf(5)\fR manpage should be regarded as mandatory reading before proceeding with installation. .PP @@ -110,7 +110,7 @@ Note that specifying this parameter here will override the log -levelfile. +level file. .TP \fB-l \fR If specified, @@ -120,7 +120,7 @@ messages from the running server. The log file generated is never removed by the server although its size may be controlled by the max log size -option in the \fI smb.conf(5)\fRfile. \fBBeware:\fR +option in the \fI smb.conf(5)\fR file. \fBBeware:\fR If the directory specified does not exist, \fBsmbd\fR will log to the default debug log location defined at compile time. @@ -128,9 +128,9 @@ compile time. .TP \fB-O \fR -See the socket options +See the socket options parameter in the \fIsmb.conf(5) -\fRfile for details. +\fR file for details. .TP \fB-p \fR \fIport number\fR is a positive integer @@ -161,7 +161,7 @@ information in this file includes server-specific information such as what printcap file to use, as well as descriptions of all the services that the server is -to provide. See \fI smb.conf(5)\fRfor more information. +to provide. See \fI smb.conf(5)\fR for more information. The default configuration file name is determined at compile time. .SH "FILES" @@ -198,7 +198,7 @@ and \fI/etc/smb.conf\fR. This file describes all the services the server -is to make available to clients. See \fIsmb.conf(5)\fRfor more information. +is to make available to clients. See \fIsmb.conf(5)\fR for more information. .SH "LIMITATIONS" .PP On some systems \fBsmbd\fR cannot change uid back @@ -280,7 +280,7 @@ .PP The debug log level of \fBsmbd\fR may be raised or lowered using \fBsmbcontrol(1) -\fRprogram (SIGUSR[1|2] signals are no longer used in +\fR program (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is to allow transient problems to be diagnosed, whilst still running at a normally low log level. .PP @@ -293,10 +293,10 @@ .SH "SEE ALSO" .PP hosts_access(5), \fBinetd(8)\fR, -\fBnmbd(8)\fR, +\fBnmbd(8)\fR \fIsmb.conf(5)\fR -, \fBsmbclient(1) -\fR, and the Internet RFC's + \fBsmbclient(1) +\fR and the Internet RFC's \fIrfc1001.txt\fR, \fIrfc1002.txt\fR. In addition the CIFS (formerly SMB) specification is available as a link from the Web page diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbmnt.8 samba-2.2.6/docs/manpages/smbmnt.8 --- samba-2.2.5/docs/manpages/smbmnt.8 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbmnt.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMNT" "8" "02 May 2002" "" "" +.TH "SMBMNT" "8" "03 September 2002" "" "" .SH NAME smbmnt \- helper utility for mounting SMB filesystems .SH SYNOPSIS @@ -21,7 +21,7 @@ .PP The \fBsmbmnt\fR program is normally invoked by \fBsmbmount(8)\fR -. It should not be invoked directly by users. + It should not be invoked directly by users. .PP smbmount searches the normal PATH for smbmnt. You must ensure that the smbmnt version in your path matches the smbmount used. diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbmount.8 samba-2.2.6/docs/manpages/smbmount.8 --- samba-2.2.5/docs/manpages/smbmount.8 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbmount.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBMOUNT" "8" "02 May 2002" "" "" +.TH "SMBMOUNT" "8" "03 September 2002" "" "" .SH NAME smbmount \- mount an smbfs filesystem .SH SYNOPSIS @@ -115,7 +115,7 @@ .TP \fBsockopt=\fR sets the TCP socket options. See the \fIsmb.conf -\fR\fIsocket options\fR option. +\fR \fIsocket options\fR option. .TP \fBscope=\fR sets the NetBIOS scope @@ -198,7 +198,7 @@ FreeBSD also has a smbfs, but it is not related to smbmount .PP For Solaris, HP-UX and others you may want to look at -\fBsmbsh(1)\fRor at other +\fBsmbsh(1)\fR or at other solutions, such as sharity or perhaps replacing the SMB server with a NFS server. .SH "AUTHOR" diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbpasswd.5 samba-2.2.6/docs/manpages/smbpasswd.5 --- samba-2.2.5/docs/manpages/smbpasswd.5 Wed Jun 19 01:13:20 2002 +++ samba-2.2.6/docs/manpages/smbpasswd.5 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBPASSWD" "5" "16 May 2002" "" "" +.TH "SMBPASSWD" "5" "03 September 2002" "" "" .SH NAME smbpasswd \- The Samba encrypted password file .SH SYNOPSIS @@ -11,7 +11,7 @@ \fIsmbpasswd\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the @@ -109,7 +109,7 @@ account has no password (the passwords in the fields LANMAN Password Hash and NT Password Hash are ignored). Note that this will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5) -\fRconfig file. +\fR config file. .TP 0.2i \(bu \fBD\fR - This means the account @@ -141,8 +141,8 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBsmbpasswd(8)\fR, -samba(7), and +\fBsmbpasswd(8)\fR +samba(7) and the Internet RFC1321 for details on the MD4 algorithm. .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbpasswd.8 samba-2.2.6/docs/manpages/smbpasswd.8 --- samba-2.2.5/docs/manpages/smbpasswd.8 Wed Jun 19 01:13:20 2002 +++ samba-2.2.6/docs/manpages/smbpasswd.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBPASSWD" "8" "06 June 2002" "" "" +.TH "SMBPASSWD" "8" "03 September 2002" "" "" .SH NAME smbpasswd \- change a user's SMB password .SH SYNOPSIS @@ -17,7 +17,7 @@ \fBsmbpasswd\fR [ \fBoptions\fR ] [ \fBpassword\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The smbpasswd program has several different functions, depending on whether it is run by the \fBroot\fR @@ -135,6 +135,14 @@ be contacted. In this case, the domain SID obtained is the one for the domain to which the remote machine belongs. .TP +\fB-t\fR +This option is used to force smbpasswd to +change the current password assigned to the machine trust account +when operating in domain security mode. This is really meant to +be used on systems that only run \fBwinbindd\fR +Under server installations, \fBsmbd\fR +handle the password updates automatically. +.TP \fB-U username[%pass]\fR This option may only be used in conjunction with the \fI-r\fR option. When changing @@ -212,7 +220,7 @@ \fB--with-ldapsam\fR option. The \fI-w\fR switch is used to specify the password to be used with the \fIldap admin -dn\fR. Note that the password is stored in +dn\fR Note that the password is stored in the \fIprivate/secrets.tdb\fR and is keyed off of the admin's DN. This means that if the value of \fIldap admin dn\fR ever changes, the password will need to be @@ -274,7 +282,7 @@ \(bu lmhosts : Lookup an IP address in the Samba lmhosts file. If the line in lmhosts has -no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +no name type attached to the NetBIOS name (see the lmhosts(5) for details) then any name type matches for lookup. .TP 0.2i \(bu @@ -336,7 +344,7 @@ the Samba suite. .SH "SEE ALSO" .PP -\fIsmbpasswd(5)\fR, +\fIsmbpasswd(5)\fR samba(7) .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbsh.1 samba-2.2.6/docs/manpages/smbsh.1 --- samba-2.2.5/docs/manpages/smbsh.1 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbsh.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSH" "1" "02 May 2002" "" "" +.TH "SMBSH" "1" "03 September 2002" "" "" .SH NAME smbsh \- Allows access to Windows NT filesystem using UNIX commands .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBsmbsh\fR [ \fB-W workgroup\fR ] [ \fB-U username\fR ] [ \fB-P prefix\fR ] [ \fB-R \fR ] [ \fB-d \fR ] [ \fB-l logfile\fR ] [ \fB-L libdir\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbsh\fR allows you to access an NT filesystem using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a @@ -155,7 +155,7 @@ describe how a program was linked. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, +\fBsmbd(8)\fR smb.conf(5) .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbspool.8 samba-2.2.6/docs/manpages/smbspool.8 --- samba-2.2.5/docs/manpages/smbspool.8 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbspool.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSPOOL" "8" "02 May 2002" "" "" +.TH "SMBSPOOL" "8" "03 September 2002" "" "" .SH NAME smbspool \- send print file to an SMB printer .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP smbspool is a very small print spooling program that sends a print file to an SMB printer. The command-line arguments @@ -82,8 +82,8 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, -and samba(7). +\fBsmbd(8)\fR +and samba(7) .SH "AUTHOR" .PP \fBsmbspool\fR was written by Michael Sweet diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbstatus.1 samba-2.2.6/docs/manpages/smbstatus.1 --- samba-2.2.5/docs/manpages/smbstatus.1 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbstatus.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBSTATUS" "1" "02 May 2002" "" "" +.TH "SMBSTATUS" "1" "03 September 2002" "" "" .SH NAME smbstatus \- report on current Samba connections .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBsmbstatus\fR [ \fB-P\fR ] [ \fB-b\fR ] [ \fB-d\fR ] [ \fB-L\fR ] [ \fB-p\fR ] [ \fB-S\fR ] [ \fB-s \fR ] [ \fB-u \fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbstatus\fR is a very simple program to list the current Samba connections. @@ -32,7 +32,7 @@ causes smbstatus to only list locks. .TP \fB-p\fR -print a list of \fBsmbd(8)\fRprocesses and exit. +print a list of \fBsmbd(8)\fR processes and exit. Useful for scripting. .TP \fB-S\fR @@ -42,7 +42,7 @@ The default configuration file name is determined at compile time. The file specified contains the configuration details required by the server. See \fIsmb.conf(5)\fR -for more information. + for more information. .TP \fB-u \fR selects information relevant to @@ -53,8 +53,8 @@ the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fRand -smb.conf(5). +\fBsmbd(8)\fR and +smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbtar.1 samba-2.2.6/docs/manpages/smbtar.1 --- samba-2.2.5/docs/manpages/smbtar.1 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbtar.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBTAR" "1" "02 May 2002" "" "" +.TH "SMBTAR" "1" "03 September 2002" "" "" .SH NAME smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives .SH SYNOPSIS @@ -11,10 +11,10 @@ \fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBsmbtar\fR is a very small shell script on top -of \fBsmbclient(1)\fR +of \fBsmbclient(1)\fR which dumps SMB shares directly to tape. .SH "OPTIONS" .TP @@ -92,16 +92,16 @@ .PP See the \fBDIAGNOSTICS\fR section for the \fBsmbclient(1)\fR -command. + command. .SH "VERSION" .PP This man page is correct for version 2.2 of the Samba suite. .SH "SEE ALSO" .PP -\fBsmbd(8)\fR, -\fBsmbclient(1)\fR, -smb.conf(5), +\fBsmbd(8)\fR +\fBsmbclient(1)\fR +smb.conf(5) .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/smbumount.8 samba-2.2.6/docs/manpages/smbumount.8 --- samba-2.2.5/docs/manpages/smbumount.8 Fri May 3 01:02:07 2002 +++ samba-2.2.6/docs/manpages/smbumount.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SMBUMOUNT" "8" "02 May 2002" "" "" +.TH "SMBUMOUNT" "8" "03 September 2002" "" "" .SH NAME smbumount \- smbfs umount for normal users .SH SYNOPSIS diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/swat.8 samba-2.2.6/docs/manpages/swat.8 --- samba-2.2.5/docs/manpages/swat.8 Wed Jun 19 01:13:20 2002 +++ samba-2.2.6/docs/manpages/swat.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "SWAT" "8" "17 June 2002" "" "" +.TH "SWAT" "8" "03 September 2002" "" "" .SH NAME swat \- Samba Web Administration Tool .SH SYNOPSIS @@ -11,10 +11,10 @@ \fBswat\fR [ \fB-s \fR ] [ \fB-a\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBswat\fR allows a Samba administrator to -configure the complex \fI smb.conf(5)\fRfile via a Web browser. In addition, +configure the complex \fI smb.conf(5)\fR file via a Web browser. In addition, a \fBswat\fR configuration page has help links to all the configurable options in the \fIsmb.conf\fR file allowing an administrator to easily look up the effects of any change. @@ -165,8 +165,8 @@ .SH "SEE ALSO" .PP \fBinetd(5)\fR, -\fBsmbd(8)\fR, -smb.conf(5), \fBxinetd(8)\fR +\fBsmbd(8)\fR +smb.conf(5) \fBxinetd(8)\fR .SH "AUTHOR" .PP The original Samba software and related utilities diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/testparm.1 samba-2.2.6/docs/manpages/testparm.1 --- samba-2.2.5/docs/manpages/testparm.1 Fri May 3 01:02:08 2002 +++ samba-2.2.6/docs/manpages/testparm.1 Wed Oct 9 20:27:13 2002 @@ -3,15 +3,15 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "TESTPARM" "1" "02 May 2002" "" "" +.TH "TESTPARM" "1" "03 September 2002" "" "" .SH NAME testparm \- check an smb.conf configuration file for internal correctness .SH SYNOPSIS .sp -\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-L \fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ] +\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-x\fR ] [ \fB-L \fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBtestparm\fR is a very simple test program to check an \fBsmbd\fR configuration file for @@ -41,6 +41,9 @@ \fB-h\fR Print usage message .TP +\fB-x\fR +Print only parameters that have non-default values +.TP \fB-L servername\fR Sets the value of the %L macro to \fIservername\fR. This is useful for testing include files specified with the @@ -83,7 +86,7 @@ the Samba suite. .SH "SEE ALSO" .PP -\fIsmb.conf(5)\fR, +\fIsmb.conf(5)\fR \fBsmbd(8)\fR .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/testprns.1 samba-2.2.6/docs/manpages/testprns.1 --- samba-2.2.5/docs/manpages/testprns.1 Fri May 3 01:02:08 2002 +++ samba-2.2.6/docs/manpages/testprns.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "TESTPRNS" "1" "02 May 2002" "" "" +.TH "TESTPRNS" "1" "03 September 2002" "" "" .SH NAME testprns \- check printer name for validity with smbd .SH SYNOPSIS @@ -11,11 +11,11 @@ \fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP \fBtestprns\fR is a very simple test program to determine whether a given printer name is valid for use in -a service to be provided by \fB smbd(8)\fR. +a service to be provided by \fB smbd(8)\fR .PP "Valid" in this context means "can be found in the printcap specified". This program is very stupid - so stupid in @@ -73,7 +73,7 @@ .SH "SEE ALSO" .PP \fIprintcap(5)\fR, -\fBsmbd(8)\fR, +\fBsmbd(8)\fR \fBsmbclient(1)\fR .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/wbinfo.1 samba-2.2.6/docs/manpages/wbinfo.1 --- samba-2.2.5/docs/manpages/wbinfo.1 Fri May 3 01:02:08 2002 +++ samba-2.2.6/docs/manpages/wbinfo.1 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WBINFO" "1" "02 May 2002" "" "" +.TH "WBINFO" "1" "03 September 2002" "" "" .SH NAME wbinfo \- Query information from winbind daemon .SH SYNOPSIS @@ -11,10 +11,10 @@ \fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-h name\fR ] [ \fB-i ip\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-r user\fR ] [ \fB-a user%password\fR ] [ \fB-A user%password\fR ] .SH "DESCRIPTION" .PP -This tool is part of the Sambasuite. +This tool is part of the Samba suite. .PP The \fBwbinfo\fR program queries and returns information -created and used by the \fB winbindd(8)\fRdaemon. +created and used by the \fB winbindd(8)\fR daemon. .PP The \fBwinbindd(8)\fR daemon must be configured and running for the \fBwbinfo\fR program to be able diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/manpages/winbindd.8 samba-2.2.6/docs/manpages/winbindd.8 --- samba-2.2.5/docs/manpages/winbindd.8 Fri May 3 01:02:08 2002 +++ samba-2.2.6/docs/manpages/winbindd.8 Wed Oct 9 20:27:13 2002 @@ -3,7 +3,7 @@ .\" .\" Please send any bug reports, improvements, comments, patches, .\" etc. to Steve Cheng . -.TH "WINBINDD" "8" "02 May 2002" "" "" +.TH "WINBINDD" "8" "03 September 2002" "" "" .SH NAME winbindd \- Name Service Switch daemon for resolving names from NT servers .SH SYNOPSIS @@ -11,7 +11,7 @@ \fBwinbindd\fR [ \fB-i\fR ] [ \fB-d \fR ] [ \fB-s \fR ] .SH "DESCRIPTION" .PP -This program is part of the Sambasuite. +This program is part of the Samba suite. .PP \fBwinbindd\fR is a daemon that provides a service for the Name Service Switch capability that is present @@ -376,8 +376,8 @@ .SH "SEE ALSO" .PP \fInsswitch.conf(5)\fR, -samba(7), -wbinfo(1), +samba(7) +wbinfo(1) smb.conf(5) .SH "AUTHOR" .PP diff -u -r --new-file --exclude=CVS samba-2.2.5/docs/textdocs/CUPS-PrintingInfo.txt samba-2.2.6/docs/textdocs/CUPS-PrintingInfo.txt --- samba-2.2.5/docs/textdocs/CUPS-PrintingInfo.txt Thu Jan 1 00:00:00 1970 +++ samba-2.2.6/docs/textdocs/CUPS-PrintingInfo.txt Wed Oct 9 21:00:30 2002 @@ -0,0 +1,589 @@ +Date: Sun, 22 Sep 2002 15:38:02 +0200 +From: "Kurt Pfeifle" +Reply-To: kpfeifle@danka.de +Organization: Danka Deutschland GmbH +To: samba@lists.samba.org +Subject: CUPS filtering mechanism explained, was: [cups raw mode, was Re: [Samba] unlink data file in cups_job_submit] + +Paul Janzen wrote on Samba digest: + + > Message: 7 + > To: Gerald Carter + > Cc: samba@lists.samba.org + > From: Paul Janzen + > Subject: cups raw mode, was Re: [Samba] unlink data file in cups_job_submit + > Date: 21 Sep 2002 12:09:23 -0700 + > + > + > Gerald Carter writes: + > + > > Looks right to me [:-)] Applying it now. Thanks. I've been meaning to + > > track this one down. + > + > + > Thanks! + > + > While we are on the subject... [:-)] + > + > If I am using native printer drivers on Windows clients, I would like + > the "raw" option to get propagated to CUPS. Otherwise cups does not + > pass the data on to the printer. + +Paul, + +I see you know about what you call the "raw data passthrough feature". +I guess you mean the lines in "/etc/cups/mime.types" and +"/etc/cups/mime.convs" which need to be uncommented to allow "raw" +printing ? + +Here is some clarification (likely not very useful for you, but +possibly for some other readers of the Samba list): + +### If you have "printing = cups" and "printcap = cups" enabled, +--- everything is handled by Samba accessing the CUPS API. (And any + "print command" directive in Samba will be ignored.) If the CUPS + API is not available (because Samba might not be compiled against +libcups), it automatically maps to the "System V" command set, with +"-oraw" enabled automatically. + + > (If I enable cups's application/ + > octet-stream raw-data passthrough feature, both cupsomatic and the + > Windows driver add PJL headers and footers, which is not what I want + > either.) + +### According to my experience, cupsomatic on the Samba/CUPS server +--- does *not* add any features if a file is really printed "raw". + However, if you have loaded the driver for the Windows client +from the CUPS server, using the "cupsaddsmb" utility, and if this +driver is one using a "Foomatic" PPD, the PJL header in question is +already added on the Windows client, at the time when the driver +initially generated the PostScript data -- and CUPS in true "-oraw" +manner doesn't remove this PJL header and passes the file "as is" +to its printer communication backend. + +NOTE, please, that the editing in the "mime.convs" and the +----- "mime.types" file does not *enforce* "raw" printing, it + only *allows* it. Any file arriving from Windows is +"auto-typed" by CUPS, which might consecutively lead to its +treatment by various filters automatically (depending on the +actual outcome of the auto-typing and the configuration of the +printqueue in question): + + --> Files generated by PCL drivers and destined to PCL + printers get auto-typed "application/octet-stream" + and are indeed printed "raw". Also, unknown file + types are getting tagged as "application/octet-stream". + + --> Files generated by a PostScript driver (and destined + for any target printer type) are auto-typed. Depending + on the driver, the discovered MIME type may be + + * application/postscript or + * application/vnd.cups-postscript + +"application/postscript" goes first thru the "pstops" filter + (where also the page counting and accounting takes place + currently), and the outcome will be of MIME type + "application/vnd.cups-postscript". The pstopsfilter reads and + uses information from the PPD and inserts user-provided options + into the PostScript file. As a consequence, the filtered file + will possibly have the PJL header you don't want. + +"application/postscript" will be all files with a ".ps", ".ai", + ".eps" suffix or which have as their first character string one + of "%!" or "<04>%". + +"application/vnd.cups-postscript" will be those files which do both, + first... + ...carry a string "LANGUAGE=POSTSCRIPT" (or similar variations + with different capitalization) amongst the first 512 bytes, + *plus*... + ...contain the "PJL super escape code" amongst the first 128 + bytes ("<1B>%-12345X"). Very likely, most PostScript files + generated on Windows using a CUPS- or other PPD, will have + to be auto-typed as "vnd.cups-postscript". + Probably a file produced with a "Generic PostScript driver" + will be just "application/postscript" (have not checked). + +Once the file is in "application/vnd.cups-postscript" format, +either "pstoraster" or "cupsomatic" will take over (depending +on the printer configuration, as determined by the PPD in use). + +NOTE: a printer queue with *no* PPD associated to it is a "raw" +----- printer and all files will go directly there as received + by the spooler; the exeption are file types +"application/octet-stream" which need the mentioned "passthrough +feature" enabled. "Raw" queues don't do any filtering at all, they +hand the file directly to the CUPS backend. This backend is +responsible for the sending of the data to the device (as visible +in the "device URI" notation as lpd://, socket://, smb://, ipp://, +http://, parallel:/, serial:/, usb:/ etc.) + +NOTE, please, also the following fact: "cupsomatic"/Foomatic are +----- *not* native CUPS drivers and they don't ship with CUPS. + They are a Third Party add-on, developed at Linuxprinting.org. +As such, they are a brilliant hack to make all models (driven by +Ghostscript drivers/filters in traditional spoolers) also work via +CUPS, with the same (good or bad!) quality as in these other +spoolers. "cupsomatic" is only a vehicle to execute a ghostscript +commandline at that stage in the CUPS filtering chain, where +"normally" the native CUPS "pstoraster" filter would kick in. +cupsomatic by-passes pstoraster, "kidnaps" the printfile from CUPS +away and re-directs it to go through Ghostscipt. CUPS accepts this, +because the associated CUPS-O-Matic-/Foomatic-PPD carries a line +reading + + *cupsFilter: "application/vnd.cups-postscript 0 cupsomatic" + +This line persuades CUPS to hand the file to cupsomatic, once it +has successfully converted it to the MIME type +"application/vnd.cups-postscript". This conversion will not +happen for Jobs arriving from Windows which are autotyped +"application/octet-stream", with the according changes in +"/etc/cups/mime.types" in place. + +See small drawings at the end... + +I am not a programmer, so please correct me if I am wrong. + + > With traditional lpr, you can just add "-oraw" to the "print command" + > line in smb.conf. With cups, you don't have that alternative. + +You *do* have it, I think. + +But you need to disable the settings "printing = cups" and "printcap = += cups" and use "printing = bsd" and "printcap = /etc/printcap" +instead. [Additionally, you will probably have to enable and configure +the CUPS mini-LPD daemon ("cups-lpd") run from inetd... but I have not +checked, so take this item with a grain of salt and a proper dose of +caution, please.] + + > The result is that to support both unix printing and native-driver + > Windows printing from CUPS, you have to have two logical printers per + > physical printer: one ("cooked") for Unix clients and one ("raw") for + > Samba to use. + +Yes, that is one current workaround, if you don't want the auto-typing +of CUPS influencing Samba/Windows client PostScript jobs. + +CUPS is widely configurable and flexible, even regarding its filtering +mechanism. Another workaround in some situations would be to have +lines in "/etc/cups/mime.types" saying + + application/postscript application/vnd.cups-raw 0 - + application/vnd.cups-postscript application/vnd.cups-raw 0 - + +This would prevent all Postscript files to be filtered (or rather, they +will go thru the virtual "nullfilter" denoted with "-". (This could only +be useful for PS printers, or if you want to print PS code on non-PS +printers ;-) + +A single line of + + */* application/vnd.cups-raw 0 - + +would effectively send *all* files towards the backend immediately +(good luck!) + +Last, you could have the following (without the need for a Samba +patch): + + application/vnd.cups-postscript application/vnd.cups-raw 0 my_PJL_stripping_filter + +You'd need to write a "my_PJL_stripping_filter" (could be a shellscript) +which parses the PostScript and removes the undesired PJL. This would +need to conform to CUPS filter design (mainly, receive and pass the +parameters printername, job-id, username, jobtitle, copies, printoptions +and possibly the filename). It would just go as world executably into +"/usr/lib/cups/filters/" and work from there, called by cups if it +encounters a MIME type "application/vnd.cups-postscript" + + > The attached patch allows you to specify an option string for cups + > printers in smb.conf. + +I think your patch is in any case very useful (if it works as +advertised ;-). It is the most generic, simple and flexible +approach to complement CUPS. + + > So, if you want to use native Windows drivers, + > all you need is + > + > cups printer options = raw + > + > in smb.conf. You can add any other options that cups and the printer + > understand. + +Now this last sentence makes me very curious. Do you mean you can add +*multiple* options to this directive? Which syntax would be required +for this ? (Some CUPS options are specified by an "-o option=value" +pair on the commandline, some are single values, like the "-o raw" +one...) + +I am thinking on one specific usage now: + +----------------------------------------------------------------------- +-> passing any available IPP job attribute to the printer / the spooler +----------------------------------------------------------------------- + +For example, CUPS can handle "-o job-hold-until=indefinite". This +keeps the job in the queue "on hold". It will only be printed upon +manual release by the printer operator. This is a requirement in +many "central reproduction departments", where a few operators +manage the jobs of hundreds of users on some big machine, where no +user is allowed to have direct access. (The operators often need to +load the proper paper type before running the 10.000 page job +requested by marketing for the mailing, etc.). + +A lot more useful applications come to mind, if I could pass +"any other options that cups and the printer understand" via +the smb.conf directive!! + +Thanks a lot! + +Cheers, +Kurt + +P.S.: List, please give me some feedback, if you think this type of + explanation could be useful in the Samba HOWTO Collection. In + that case, I'll try to write it up in a nicer form. + + +######################################################################### +# +# CUPS in and of itself has this (general) filter chain (CAPITAL +# letters are FILE-FORMATS or MIME types, other are filters (this is +# true for pre-1.1.15 of pre-4.3 versions of CUPS and ESP PrintPro): +# +# -FILEFORMAT +# | +# | +# V +# tops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT +# | +# | +# V +# pstoraster # as shipped with CUPS, independent from any Ghostscipt +# | # installation on the system +# | (= "postscipt interpreter") +# | +# V +# APPLICATION/VND.CUPS-RASTER +# | +# | +# V +# rasterto (f.e. Gimp-Print filters may be plugged in here) +# | (= "raster driver") +# | +# V +# SOMETHING-DEVICE-SPECIFIC +# | +# | +# V +# backend +# +# +# ESP PrintPro has some enhanced "rasterto" filters as compared to +# CUPS, and also a somewhat improved "pstoraster" filter. +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rasterto is noted. +# +# +######################################################################### +# +# This is how "cupsomatic" comes into play: +# ========================================= +# +# -FILEFORMAT +# | +# | +# V +# tops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+ +# | | +# | V +# V cupsomatic +# pstoraster (constructs complicated +# | (= "postscipt interpreter") Ghostscript commandline +# | to let the file be +# V processed by a +# APPLICATION/VND.CUPS-RASTER "-sDEVICE=" +# | call...) +# | | +# V | +# rasterto V +# | (= "raster driver") +-------------------------+ +# | | Ghostscript at work.... | +# V | | +# SOMETHING-DEVICE-SPECIFIC *-------------------------+ +# | | +# | | +# V | +# backend <------------------------------------+ +# | +# | +# V +# THE PRINTER +# +# +# +# Note, that cupsomatic "kidnaps" the printfile after the +# "APPLICATION/VND.CUPS-POSTSCRPT" stage and deviates it through +# the CUPS-external, systemwide Ghostscript installation, bypassing the +# "pstoraster" filter (therefor also bypassing the CUPS-raster-drivers +# "rasterto", and hands the rasterized file directly to the CUPS +# backend... +# +# cupsomatic is not made by the CUPS developers. It is an independent +# contribution to printing development, made by people from +# Linuxprinting.org. (see also http://www.cups.org/cups-help.html) +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rasterto is noted. +# +# +######################################################################### +# +# And this is how it works for ESP PrintPro from 4.3: +# =================================================== +# +# -FILEFORMAT +# | +# | +# V +# tops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT +# | +# | +# V +# gsrip +# | (= "postscipt interpreter") +# | +# V +# APPLICATION/VND.CUPS-RASTER +# | +# | +# V +# rasterto (f.e. Gimp-Print filters may be plugged in here) +# | (= "raster driver") +# | +# V +# SOMETHING-DEVICE-SPECIFIC +# | +# | +# V +# backend +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rasterto is noted. +# +# +######################################################################### +# +# This is how "cupsomatic" would come into play with ESP PrintPro: +# ================================================================ +# +# +# -FILEFORMAT +# | +# | +# V +# tops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT ----------------+ +# | | +# | V +# V cupsomatic +# gsrip (constructs complicated +# | (= "postscipt interpreter") Ghostscript commandline +# | to let the file be +# V processed by a +# APPLICATION/VND.CUPS-RASTER "-sDEVICE=" +# | call...) +# | | +# V | +# rasterto V +# | (= "raster driver") +-------------------------+ +# | | Ghostscript at work.... | +# V | | +# SOMETHING-DEVICE-SPECIFIC *-------------------------+ +# | | +# | | +# V | +# backend <------------------------------------+ +# | +# | +# V +# THE PRINTER +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rasterto is noted. +# +######################################################################### +# +# And this is how it works for CUPS from 1.1.15: +# ============================================== +# +# -FILEFORMAT +# | +# | +# V +# tops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT-----+ +# | +# +------------------v------------------------------+ +# | Ghostscript | +# | at work... | +# | (with | +# | "-sDEVICE=cups") | +# | | +# | (= "postscipt interpreter") | +# | | +# +------------------v------------------------------+ +# | +# | +# APPLICATION/VND.CUPS-RASTER <-------+ +# | +# | +# V +# rasterto +# | (= "raster driver") +# | +# V +# SOMETHING-DEVICE-SPECIFIC +# | +# | +# V +# backend +# +# +# NOTE: since version 1.1.15 CUPS "outsourced" the pstoraster process to +# Ghostscript. GNU Ghostscript needs to be patched to handle the +# CUPS requirement; ESP Ghostscript has this builtin. In any case, +# "gs -h" needs to show up a "cups" device. pstoraster is now a +# calling an appropriate "gs -sDEVICE=cups..." commandline to do +# the job. It will output "application/vnd.cup-raster", which will +# be finally processed by a CUPS raster driver "rasterto" +# Note the difference to "cupsomatic", which will *not* output +# CUPS-raster, but a final version of the printfile, ready to be +# sent to the printer. cupsomatic also doesn't use the "cups" +# devicemode in Ghostscript, but one of the classical devicemodes.... +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rasterto is noted. +# +######################################################################### +# +# And this is how it works for CUPS from 1.1.15, with cupsomatic included: +# ======================================================================== +# +# -FILEFORMAT +# | +# | +# V +# tops +# | +# | +# V +# APPLICATION/POSTSCRIPT +# | +# | +# V +# pstops +# | +# | +# V +# APPLICATION/VND.CUPS-POSTSCRIPT-----+ +# | +# +------------------v------------------------------+ +# | Ghostscript . Ghostscript at work.... | +# | at work... . (with "-sDEVICE= | +# | (with . " | +# | "-sDEVICE=cups") . | +# | . | +# | (CUPS standard) . (cupsomatic) | +# | . | +# | (= "postscript interpreter") | +# | . | +# +------------------v--------------v---------------+ +# | | +# | | +# APPLICATION/VND.CUPS-RASTER <-------+ | +# | | +# | | +# V | +# rasterto | +# | (= "raster driver") | +# | | +# V | +# SOMETHING-DEVICE-SPECIFIC <------------------------+ +# | +# | +# V +# backend +# +# +# NOTE: Gimp-Print and some other 3rd-Party-Filters (like TurboPrint) to +# CUPS and ESP PrintPro plug-in where rasterto is noted. +# +########################################################################## + +I hope this helps more people understand how CUPS works and how they +can possibly tweak it to their needs. + + diff -u -r --new-file --exclude=CVS samba-2.2.5/examples/LDAP/samba-nds.schema samba-2.2.6/examples/LDAP/samba-nds.schema --- samba-2.2.5/examples/LDAP/samba-nds.schema Thu Jan 1 00:00:00 1970 +++ samba-2.2.6/examples/LDAP/samba-nds.schema Wed Oct 9 21:00:30 2002 @@ -0,0 +1,201 @@ +-- +-- Submitted by Bruno Gimenes Pereti +-- +-- schema file for Novell's eDirectory 8.6 +-- + +SambaAccountSchemaExtensions DEFINITIONS ::= +BEGIN + +-- Password hashes +"lmPassword" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } +} + +"ntPassword" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } +} + +-- Account flags in string format ([UWDX ]) +"acctFlags" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } +} + +-- Password timestamps & policies +"pwdLastSet" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } +} + +"logonTime" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } +} + +"logoffTime" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } +} + +"kickoffTime" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } +} + +"pwdCanChange" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } +} + +"pwdMustChange" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } +} + +-- string settings +"homeDrive" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } +} + +"scriptPath" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } +} + +"profilePath" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } +} + +"userWorkstations" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } +} + +"smbHome" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } +} + +"domain" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } +} + +-- user and group RID +"rid" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } +} + +"primaryGroupID" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } +} + +"sambaAccount" OBJECT-CLASS ::= +{ + Operation ADD, + Flags {DS_AUXILIARY_CLASS}, + SubClassOf {"TOP"}, + MustContain { "uid"}, + MustContain { "rid"}, + MayContain { "CN"}, + MayContain { "lmPassword"}, + MayContain { "ntPassword"}, + MayContain { "pwdLastSet"}, + MayContain { "logonTime"}, + MayContain { "logoffTime"}, + MayContain { "kickoffTime"}, + MayContain { "pwdCanChange"}, + MayContain { "pwdMustChange"}, + MayContain { "acctFlags"}, + MayContain { "displayName"}, + MayContain { "smbHome"}, + MayContain { "homeDrive"}, + MayContain { "scriptPath"}, + MayContain { "profilePath"}, + MayContain { "description"}, + MayContain { "userWorkstations"}, + MayContain { "primaryGroupID"}, + MayContain { "domain"}, + ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 } +} + +-- Used for Winbind experimentation +"uidPool" OBJECT-CLASS ::= +{ + Operation ADD, + Flags {DS_AUXILIARY_CLASS}, + SubClassOf {"TOP"}, + MustContain { "uidNumber"}, + MustContain { "CN"}, + ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 } +} + +"gidPool" OBJECT-CLASS ::= +{ + Operation ADD, + Flags {DS_AUXILIARY_CLASS}, + SubClassOf {"TOP"}, + MustContain { "gidNumber"}, + MustContain { "CN"}, + ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 } +} + +END + + diff -u -r --new-file --exclude=CVS samba-2.2.5/examples/LDAP/samba.schema samba-2.2.6/examples/LDAP/samba.schema --- samba-2.2.5/examples/LDAP/samba.schema Wed Jun 19 01:13:21 2002 +++ samba-2.2.6/examples/LDAP/samba.schema Wed Oct 9 20:27:13 2002 @@ -142,11 +142,11 @@ ## ## Used for Winbind experimentation ## -objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY - DESC 'Pool for allocating UNIX uids' - MUST ( uidNumber $ cn ) ) +#objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY +# DESC 'Pool for allocating UNIX uids' +# MUST ( uidNumber $ cn ) ) -objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY - DESC 'Pool for allocating UNIX gids' - MUST ( gidNumber $ cn ) ) +#objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY +# DESC 'Pool for allocating UNIX gids' +# MUST ( gidNumber $ cn ) ) diff -u -r --new-file --exclude=CVS samba-2.2.5/examples/VFS/audit.c samba-2.2.6/examples/VFS/audit.c --- samba-2.2.5/examples/VFS/audit.c Fri May 3 01:02:11 2002 +++ samba-2.2.6/examples/VFS/audit.c Wed Oct 9 20:27:13 2002 @@ -88,6 +88,7 @@ NULL, /* read */ NULL, /* write */ NULL, /* lseek */ + NULL, /* sendfile */ audit_rename, NULL, /* fsync */ NULL, /* stat */ diff -u -r --new-file --exclude=CVS samba-2.2.5/examples/VFS/block/block.c samba-2.2.6/examples/VFS/block/block.c --- samba-2.2.5/examples/VFS/block/block.c Wed Jun 19 01:13:21 2002 +++ samba-2.2.6/examples/VFS/block/block.c Wed Oct 9 20:27:14 2002 @@ -81,6 +81,7 @@ NULL, /* read */ NULL, /* write */ NULL, /* lseek */ + NULL, /* sendfile */ NULL, /* rename */ NULL, /* fsync */ NULL, /* stat */ @@ -144,7 +145,7 @@ extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char * , char *)); -//functions +/* functions */ BOOL enter_pblock_mount(char *dir); BOOL get_section(char *sect); diff -u -r --new-file --exclude=CVS samba-2.2.5/examples/VFS/recycle/recycle.c samba-2.2.6/examples/VFS/recycle/recycle.c --- samba-2.2.5/examples/VFS/recycle/recycle.c Mon Jun 17 18:35:10 2002 +++ samba-2.2.6/examples/VFS/recycle/recycle.c Wed Oct 9 20:27:14 2002 @@ -90,6 +90,7 @@ NULL, /* read */ NULL, /* write */ NULL, /* lseek */ + NULL, /* sendfile */ NULL, /* rename */ NULL, /* fsync */ NULL, /* stat */ @@ -154,8 +155,6 @@ if (current->recycle_bin == NULL) return False; current->recycle_bin = safe_strcpy(current->recycle_bin,pszParmValue,sizeof(pstring)); - standard_sub_basic(current->recycle_bin); - trim_string(current->recycle_bin,"/","/"); DEBUG(10, ("name=%s\n", current->recycle_bin)); } else if (StrCaseCmp("mode",pszParmName)==0) { if (checkparam(pszParmValue,"KEEP_DIRECTORIES") == True) @@ -256,6 +255,8 @@ rc=pm_process( conf_file, do_section, do_parameter); DEBUG(10, ("pm_process returned %d\n", rc)); } + standard_sub_conn( conn , current->recycle_bin,sizeof(pstring)); + trim_string(current->recycle_bin,"/","/"); conn->vfs_private= (void *)current; return 0; } @@ -326,7 +327,7 @@ pstrcpy(tempstr,dname); y=tempstr; /* Create directory tree if neccessary */ - while((c=strsep(&y,"/"))) { + for(c = strtok(y,"/"); c; c= strtok(NULL,"/")) { pstrcat(newdir,c); if (recycle_directory_exist(conn,newdir)) DEBUG(3, ("dir %s already exists\n",newdir)); diff -u -r --new-file --exclude=CVS samba-2.2.5/examples/VFS/skel.c samba-2.2.6/examples/VFS/skel.c --- samba-2.2.5/examples/VFS/skel.c Fri May 3 01:02:11 2002 +++ samba-2.2.6/examples/VFS/skel.c Wed Oct 9 20:27:13 2002 @@ -104,6 +104,12 @@ return default_vfs_ops.write(fsp, fd, data, n); } +static ssize_t skel_sendfile(int tofd, struct files_struct *fsp, int fromfd, const DATA_BLOB *hdr, + SMB_OFF_T offset, size_t n) +{ + return default_vfs_ops.sendfile(tofd, fsp, fromfd, hdr, offset, n); +} + static SMB_OFF_T skel_lseek(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence) { return default_vfs_ops.lseek(fsp, filedes, offset, whence); @@ -379,6 +385,7 @@ tmp_ops.read = skel_read; tmp_ops.write = skel_write; tmp_ops.lseek = skel_lseek; + tmp_ops.sendfile = skel_sendfile; tmp_ops.rename = skel_rename; tmp_ops.fsync = skel_fsync; tmp_ops.stat = skel_stat; @@ -462,6 +469,7 @@ skel_read, skel_write, skel_lseek, + skel_sendfile, skel_rename, skel_fsync, skel_stat, diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/makerpms.sh samba-2.2.6/packaging/Caldera/OpenLinux/makerpms.sh --- samba-2.2.5/packaging/Caldera/OpenLinux/makerpms.sh Wed Jun 19 01:17:29 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/makerpms.sh Thu Oct 17 02:33:55 2002 @@ -24,11 +24,11 @@ # Start preparing the packages... if [ $devel -ne 0 ]; then - ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba; mv samba samba-2.2.5 ) - ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-2.2.5.tar.gz samba-2.2.5; mv samba-2.2.5 samba ) + ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba; mv samba samba-2.2.6 ) + ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-2.2.6.tar.gz samba-2.2.6; mv samba-2.2.6 samba ) else - ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba-2.2.5 ) - ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-2.2.5.tar.gz samba-2.2.5 ) + ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba-2.2.6 ) + ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-2.2.6.tar.gz samba-2.2.6 ) fi cp -af *.spec *.spec-lsb $SPECDIR diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec Wed Jun 19 01:17:29 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec Thu Oct 17 02:33:55 2002 @@ -1,4 +1,4 @@ -%define Version 2.2.5 +%define Version 2.2.6 %define date 1 %define Vendor Caldera %define Dist OpenLinux @@ -29,9 +29,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch %Package doc @@ -188,9 +185,6 @@ %Prep %setup -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 # instead of patch (to help configuration) ... ;^) %{fixUP} -vbT source/Makefile.in -e ' diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-lsb samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-lsb --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-lsb Wed Jun 19 01:17:29 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-lsb Thu Oct 17 02:33:55 2002 @@ -1,4 +1,4 @@ -%define Version 2.2.5 +%define Version 2.2.6 %define date 1 %define Vendor Caldera %define Dist OpenLinux @@ -28,10 +28,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch -Patch6: %{Name}-2.2.2-libsmbclient.patch %Package doc Group : Server/Network @@ -192,10 +188,6 @@ %Prep %setup -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 -%patch6 -p1 # instead of patch (to help configuration) ... ;^) %{fixUP} -vbT source/Makefile.in -e ' @@ -265,7 +257,7 @@ %Build cd source -autoreconf +#autoreconf CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \ --with-fhs \ diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl Wed Jun 19 01:13:22 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-lsb.tmpl Thu Aug 29 11:05:24 2002 @@ -28,10 +28,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch -Patch6: %{Name}-2.2.2-libsmbclient.patch %Package doc Group : Server/Network @@ -192,10 +188,6 @@ %Prep %setup -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 -%patch6 -p1 # instead of patch (to help configuration) ... ;^) %{fixUP} -vbT source/Makefile.in -e ' @@ -265,7 +257,7 @@ %Build cd source -autoreconf +#autoreconf CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \ --with-fhs \ diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-sam samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-sam --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-sam Wed Jun 19 01:17:29 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-sam Thu Oct 17 02:33:55 2002 @@ -1,4 +1,4 @@ -%define Version 2.2.5sam +%define Version 2.2.6sam %define date 1 %define Vendor Caldera %define Dist OpenLinux @@ -28,10 +28,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch -#Patch6: %{Name}-2.2.2-libsmbclient.patch %Package doc Group : Server/Network @@ -191,9 +187,6 @@ %Prep %setup -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 # instead of patch (to help configuration) ... ;^) %{fixUP} -vbT source/Makefile.in -e ' diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-sam.tmpl samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-sam.tmpl --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-sam.tmpl Wed Jun 19 01:13:22 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-sam.tmpl Thu Aug 29 11:05:24 2002 @@ -28,10 +28,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch -#Patch6: %{Name}-2.2.2-libsmbclient.patch %Package doc Group : Server/Network @@ -191,9 +187,6 @@ %Prep %setup -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 # instead of patch (to help configuration) ... ;^) %{fixUP} -vbT source/Makefile.in -e ' diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-team samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-team --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-team Wed Jun 19 01:17:29 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-team Thu Oct 17 02:33:55 2002 @@ -1,4 +1,4 @@ -%define Version 2.2.5 +%define Version 2.2.6 %define date 1 %define Vendor Caldera %define Dist OpenLinux @@ -28,11 +28,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch -#Patch6: %{Name}-2.2.2-libsmbclient.patch -Patch7: kanji-makefile.patch %Package doc Group : Server/Network @@ -282,9 +277,6 @@ --with-utmp \ --with-winbind \ --with-syslog -# --with-tdbsam - -#%patch7 -p1 make LOGFILEBASE=/var/log/samba.d everything nsswitch/libnss_wins.so diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-team.tmpl samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-team.tmpl --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec-team.tmpl Wed Jun 19 01:13:22 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec-team.tmpl Thu Aug 29 11:05:24 2002 @@ -28,11 +28,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch -#Patch6: %{Name}-2.2.2-libsmbclient.patch -Patch7: kanji-makefile.patch %Package doc Group : Server/Network @@ -282,9 +277,6 @@ --with-utmp \ --with-winbind \ --with-syslog -# --with-tdbsam - -#%patch7 -p1 make LOGFILEBASE=/var/log/samba.d everything nsswitch/libnss_wins.so diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec.tmpl samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec.tmpl --- samba-2.2.5/packaging/Caldera/OpenLinux/samba2.spec.tmpl Wed Jun 19 01:13:22 2002 +++ samba-2.2.6/packaging/Caldera/OpenLinux/samba2.spec.tmpl Thu Aug 29 11:05:24 2002 @@ -29,9 +29,6 @@ BuildRoot : /tmp/%{Name}-%{Version} Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz -#Patch0: %{Name}-%{Version}-smbmount.patch -#Patch1: %{Name}-%{Version}-install.patch -#Patch2: %{Name}-%{Version}-smbconf.patch %Package doc @@ -188,9 +185,6 @@ %Prep %setup -#%patch0 -p1 -#%patch1 -p1 -#%patch2 -p1 # instead of patch (to help configuration) ... ;^) %{fixUP} -vbT source/Makefile.in -e ' diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/README samba-2.2.6/packaging/Debian/README --- samba-2.2.5/packaging/Debian/README Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/README Thu Oct 17 02:32:52 2002 @@ -4,9 +4,9 @@ Building Debian packages is not as hard as some people might think. The following instructions will allow you to build your own Samba Debian packages. These instructions, and the files in packaging/Debian/, are -current as of Samba 2.2.5, and should allow you to build Debian packages +current as of Samba 2.2.6, and should allow you to build Debian packages for Debian Potato (2.2), Debian Woody (3.0), and Debian unstable as of -the date Samba 2.2.5 was released. +the date Samba 2.2.6 was released. Instructions ------------ @@ -34,7 +34,7 @@ That's fine; the configure script won't detect CUPS support and the resulting binaries won't support CUPS. -1) cd samba[-]. For example, "cd samba-2.2.5". +1) cd samba[-]. For example, "cd samba-2.2.6". 2) cp -a packaging/Debian/debian/ debian It's important that you copy instead of symlink because the build tools in Potato have a problem that prevents the build to work with @@ -43,7 +43,7 @@ Debian version numbers! Don't complain later if you can't upgrade to official versions of the Samba packages for Debian.) - Edit the changelog and make sure the version is right. For example, - for Samba 2.2.4, the version number should something like 2.2.4-0.1 + for Samba 2.2.6, the version number should something like 2.2.6-0.1 (use a number less than 1 like 0.1, 0.2, etc. so there is no conflict with future upgrades to the official Debian packages.) 4) Run 'debian/rules binary'. diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/README.build-upstream samba-2.2.6/packaging/Debian/debian/README.build-upstream --- samba-2.2.5/packaging/Debian/debian/README.build-upstream Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/README.build-upstream Thu Oct 17 02:32:52 2002 @@ -4,9 +4,9 @@ Building Debian packages is not as hard as some people might think. The following instructions will allow you to build your own Samba Debian packages. These instructions, and the files in packaging/Debian/, are -current as of Samba 2.2.5, and should allow you to build Debian packages +current as of Samba 2.2.6, and should allow you to build Debian packages for Debian Potato (2.2), Debian Woody (3.0), and Debian unstable as of -the date Samba 2.2.5 was released. +the date Samba 2.2.6 was released. Instructions ------------ @@ -34,7 +34,7 @@ That's fine; the configure script won't detect CUPS support and the resulting binaries won't support CUPS. -1) cd samba[-]. For example, "cd samba-2.2.5". +1) cd samba[-]. For example, "cd samba-2.2.6". 2) cp -a packaging/Debian/debian/ debian It's important that you copy instead of symlink because the build tools in Potato have a problem that prevents the build to work with @@ -43,7 +43,7 @@ Debian version numbers! Don't complain later if you can't upgrade to official versions of the Samba packages for Debian.) - Edit the changelog and make sure the version is right. For example, - for Samba 2.2.4, the version number should something like 2.2.4-0.1 + for Samba 2.2.6, the version number should something like 2.2.6-0.1 (use a number less than 1 like 0.1, 0.2, etc. so there is no conflict with future upgrades to the official Debian packages.) 4) Run 'debian/rules binary'. @@ -58,4 +58,3 @@ Eloy A. Paris Steve Langasek - diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/README.debian samba-2.2.6/packaging/Debian/debian/README.debian --- samba-2.2.5/packaging/Debian/debian/README.debian Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/README.debian Thu Oct 17 02:32:52 2002 @@ -90,15 +90,19 @@ Samba 2.2 has experimental LDAP code. However, the official Debian packages have not been compiled with LDAP support for a good reason: if LDAP support is compiled in then the other authentication methods (PAM, -smbpasswd, etc.) cannot be used, only LDAP will work. So, until LDAP -can coexist peacefully with the other methods we will not provide +smbpasswd, etc.) cannot be used, only LDAP will work. So, while LDAP +cannot coexist peacefully with the other methods we will not provide LDAP-enabled packages. The workaround is, of course, to build your own packages. We can help with this if you don't know how to build packages. We follow Samba development, so please do not file bug reports asking -for LDAP; we will add support for it when it doesn't break other +for LDAP, we will add support for it when it doesn't break other things. +update (2002/10/16): the Debian Samba packages in Debian unstable have +been compiled with --ldapsam support. If you need LDAP support you can +use those packages, or as we said, build your own 2.2.x packages. + 5. Reporting Bugs ----------------- @@ -137,3 +141,4 @@ Eloy A. Paris Steve Langasek +$Id: README.debian,v 1.2.2.6 2002/10/17 01:45:11 jerry Exp $ diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/changelog samba-2.2.6/packaging/Debian/debian/changelog --- samba-2.2.5/packaging/Debian/debian/changelog Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/changelog Thu Oct 17 02:32:52 2002 @@ -1,55 +1,34 @@ -samba (2.2.5-0.1debian) unstable; urgency=low +samba (2.2.6-0.1) unstable; urgency=low - * This is a locally-built version of Samba for Debian. Do not pester - the Samba Team with questions about Debian packaging. Contact the - Debian Samba maintainers instead. - - -- Debian User Mon, 17 Jun 2002 23:22:36 -0400 - -samba (2.2.4+2.2.5-1) unstable; urgency=low - - * New upstream release. - * Remove patches/parse_spoolss.patch, now included upstream. - * Fixed thinko WRT POSIX ACL support, which we "half-enabled" in - 2.2.4-1. We don't use POSIX ACL support ourselves, so we'd - appreciate reports from those using this feature so we can - be sure this works. + * Local build. + + -- Debian User Sun, 13 Oct 2002 02:33:32 -0400 + +samba (2.2.5-1.woody) stable; urgency=low + + * Upload latest stable Samba release to woody. + - includes improved NT printing support (closes: #157406) * Fix the filename-matching algorithm used for smbtar's 'exclude' functionality. (closes: #131571) - * Look for secrets.tdb in /var/lib/samba, and handle in the postinst. - This is not really a config file, because users don't edit it. - (closes: #147429) - * Doxygen fix for libsmbclient.h, thanks to Tommi Komulainen - for the patch. (closes: #144847) + * Remove patches/srv_spoolss_nt.patch, now included upstream. - -- Eloy A. Paris Tue, 28 May 2002 11:33:51 -0400 + -- Steve Langasek Fri, 23 Aug 2002 17:20:08 -0500 -samba (2.2.4-1) unstable; urgency=low +samba (2.2.3a-8) stable; urgency=low - * New upstream release (closes: #144713) - * Building with POSIX ACL support (closes: #137819) - * Include samples, exclude INSTALL from libpam-smbpass (closes: #145055) - * Compile with --with-automount, for NIS homedir support (closes: #123396) - * Add a proper 'flags' field to the mount entry we write to /etc/mtab; - fixes a display bug with mount (closes: #140397) - * Added logic to /etc/init.d/samba so a help message is printed out - when Samba is running from inetd _and_ we are not booting, i.e. the - user called the init script manually. Thanks to Francesco - Potorti for the suggestion on how to implement this. - (Closes: #139807, #140204) + * maintainer script fixes backported from sid. + * reorder postinst, so that installing samba-common from scratch loads + the debconf answers properly (closes: #151985). + * Look for secrets.tdb in /var/lib/samba, and handle in the postinst. + This is not really a config file, because users don't edit it. + (closes: #147429) * samba.postinst: added logic so we don't call /etc/init.d/samba if we are running from inetd (this prevents the stupid help message to be printed during package upgrades if we are running from inetd.) - * samba.prerm: idem. - * /etc/init.d/samba: delete stale PID files after nmbd and smbd are - stopped. This prevents start-stop-daemon from printing an ugly - error message when called from '/etc/init.d/samba stop'. I prefer - this than running start-stop-daemon with --oknodo because - start-stop-daemon might print other important error messages that with - --oknodo it would otherwise not print. (Closes: #102187, #109301) - * Patch from jerry@samba.org to fix parsing of spoolss structures. + * Fixed bug in the FHS migration path that causes nmbd to read its + state from one location, but write it out to another. (closes: #154210) - -- Eloy A. Paris Thu, 23 May 2002 23:16:52 -0400 + -- Steve Langasek Sat, 13 Jul 2002 10:18:56 -0500 samba (2.2.3a-7) unstable; urgency=medium @@ -98,7 +77,7 @@ * Bring our shipped smb.conf closer in line with the upstream defaults: don't twiddle the send/recv buffer sizes, since the Linux kernel already provides a much better default setting - (closes: #80966, #80934, #137415, #133477) + (closes: #80966, #80934, #137415, #133477) * Added libnss_wins.so to the winbind package (closes: #137201) * Updates to README.debian. diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/config.cache samba-2.2.6/packaging/Debian/debian/config.cache --- samba-2.2.5/packaging/Debian/debian/config.cache Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/config.cache Wed Oct 16 04:30:52 2002 @@ -46,6 +46,12 @@ samba_cv_USE_SETRESUID=${samba_cv_USE_SETRESUID=yes} +# POSIX ACL support not present in Linux 2.2; not allowed in the +# Debian packages, even if present on the build machine. + +ac_cv_header_sys_acl_h=${ac_cv_header_sys_acl_h=no} + + # Various basic libc/compiler stuff that it's blindingly obvious that # Linux supports (now watch me get bitten for saying that) @@ -124,6 +130,8 @@ # to support transparent userland VFS. We might as well preempt # any checks for shadowed symbols that are only useful for smbwrapper. +ac_cv_func___acl=${ac_cv_func___acl=no} +ac_cv_func__acl=${ac_cv_func__acl=no} ac_cv_func___chdir=${ac_cv_func___chdir=no} ac_cv_func__chdir=${ac_cv_func__chdir=no} ac_cv_func___close=${ac_cv_func___close=no} @@ -134,6 +142,8 @@ ac_cv_func__dup=${ac_cv_func__dup=no} ac_cv_func___dup2=${ac_cv_func___dup2=no} ac_cv_func__dup2=${ac_cv_func__dup2=no} +ac_cv_func___facl=${ac_cv_func___facl=no} +ac_cv_func__facl=${ac_cv_func__facl=no} ac_cv_func___fchdir=${ac_cv_func___fchdir=no} ac_cv_func__fchdir=${ac_cv_func__fchdir=no} ac_cv_func___fcntl=${ac_cv_func___fcntl=no} diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/libpam-smbpass.docs samba-2.2.6/packaging/Debian/debian/libpam-smbpass.docs --- samba-2.2.5/packaging/Debian/debian/libpam-smbpass.docs Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/libpam-smbpass.docs Thu Oct 17 02:32:52 2002 @@ -1,3 +1,2 @@ -source/pam_smbpass/CHANGELOG source/pam_smbpass/README source/pam_smbpass/TODO diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/Makefile.in.patch samba-2.2.6/packaging/Debian/debian/patches/Makefile.in.patch --- samba-2.2.5/packaging/Debian/debian/patches/Makefile.in.patch Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/Makefile.in.patch Wed Oct 16 04:30:52 2002 @@ -1,7 +1,6 @@ -diff -uNr samba-2.2.5pre1.orig/source/Makefile.in samba-2.2.5pre1/source/Makefile.in ---- samba-2.2.5pre1.orig/source/Makefile.in Tue Jun 4 15:54:14 2002 -+++ samba-2.2.5pre1/source/Makefile.in Wed Jun 12 15:25:42 2002 -@@ -714,9 +714,10 @@ +--- samba/source/Makefile.in.orig 2002-10-13 01:43:10.000000000 -0400 ++++ samba/source/Makefile.in 2002-10-13 01:43:10.000000000 -0400 +@@ -723,9 +723,10 @@ @$(SHELL) $(srcdir)/script/installswat.sh $(SWATDIR) $(srcdir) installclientlib: diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/fhs.patch samba-2.2.6/packaging/Debian/debian/patches/fhs.patch --- samba-2.2.5/packaging/Debian/debian/patches/fhs.patch Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/fhs.patch Thu Oct 17 02:32:52 2002 @@ -1,7 +1,7 @@ diff -uNr samba-2.2.5pre1.orig/source/Makefile.in samba-2.2.5pre1/source/Makefile.in --- samba-2.2.5pre1.orig/source/Makefile.in Wed Jun 12 15:26:50 2002 +++ samba-2.2.5pre1/source/Makefile.in Wed Jun 12 15:30:29 2002 -@@ -83,7 +83,7 @@ +@@ -84,7 +84,7 @@ FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DLOGFILEBASE=\"$(LOGFILEBASE)\" FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" FLAGS3 = -DSWATDIR=\"$(SWATDIR)\" -DSBINDIR=\"$(SBINDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" @@ -53,9 +53,9 @@ diff -uNr samba-2.2.5pre1.orig/source/include/local.h samba-2.2.5pre1/source/include/local.h --- samba-2.2.5pre1.orig/source/include/local.h Tue Jan 15 10:02:37 2002 +++ samba-2.2.5pre1/source/include/local.h Wed Jun 12 15:30:29 2002 -@@ -189,4 +189,20 @@ - /* Allocation roundup. */ - #define SMB_ROUNDUP_ALLOCATION_SIZE 0x100000 +@@ -191,4 +191,20 @@ + /* Max number of jobs per print queue. */ + #define PRINT_MAX_JOBID 10000 +/* FHS-compatible directory defines */ +#ifdef FHS_COMPATIBLE @@ -77,7 +77,7 @@ diff -uNr samba-2.2.5pre1.orig/source/lib/util.c samba-2.2.5pre1/source/lib/util.c --- samba-2.2.5pre1.orig/source/lib/util.c Mon Jun 3 21:11:11 2002 +++ samba-2.2.5pre1/source/lib/util.c Wed Jun 12 15:30:29 2002 -@@ -1860,6 +1860,46 @@ +@@ -1862,6 +1862,46 @@ return fname; } @@ -180,9 +180,8 @@ DEBUG(0, ("winbindd_idmap_init: Unable to open idmap database\n")); return False; } -diff -uNr samba-2.2.5pre1.orig/source/param/loadparm.c samba-2.2.5pre1/source/param/loadparm.c ---- samba-2.2.5pre1.orig/source/param/loadparm.c Thu May 30 23:13:00 2002 -+++ samba-2.2.5pre1/source/param/loadparm.c Wed Jun 12 15:30:29 2002 +--- samba-2.2.5/source/param/loadparm.c.orig Tue Jun 18 21:13:45 2002 ++++ samba-2.2.5/source/param/loadparm.c Tue Jun 18 23:24:14 2002 @@ -107,6 +107,9 @@ char *szAddPrinterCommand; char *szDeletePrinterCommand; @@ -193,7 +192,7 @@ char *szLockDir; char *szPidDir; char *szRootdir; -@@ -1025,8 +1028,13 @@ +@@ -1043,8 +1043,13 @@ {"config file", P_STRING, P_GLOBAL, &Globals.szConfigFile, NULL, NULL, FLAG_HIDE}, {"preload", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_DOS_STRING}, {"auto services", P_STRING, P_GLOBAL, &Globals.szAutoServices, NULL, NULL, FLAG_DOS_STRING}, @@ -210,7 +209,7 @@ diff -uNr samba-2.2.5pre1.orig/source/printing/nt_printing.c samba-2.2.5pre1/source/printing/nt_printing.c --- samba-2.2.5pre1.orig/source/printing/nt_printing.c Thu Jun 6 08:15:02 2002 +++ samba-2.2.5pre1/source/printing/nt_printing.c Wed Jun 12 15:30:29 2002 -@@ -263,24 +263,24 @@ +@@ -262,24 +262,24 @@ if (tdb_drivers && tdb_printers && tdb_forms && local_pid == sys_getpid()) return True; diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/loadparm.patch samba-2.2.6/packaging/Debian/debian/patches/loadparm.patch --- samba-2.2.5/packaging/Debian/debian/patches/loadparm.patch Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/loadparm.patch Thu Oct 17 02:32:52 2002 @@ -1,7 +1,6 @@ -diff -uNr samba-2.2.5pre1.orig/source/param/loadparm.c samba-2.2.5pre1/source/param/loadparm.c ---- samba-2.2.5pre1.orig/source/param/loadparm.c Wed Jun 12 15:42:59 2002 -+++ samba-2.2.5pre1/source/param/loadparm.c Wed Jun 12 15:43:10 2002 -@@ -1128,26 +1128,26 @@ +--- samba-2.2.5/source/param/loadparm.c.orig Tue Jun 18 23:15:07 2002 ++++ samba-2.2.5/source/param/loadparm.c Tue Jun 18 23:15:07 2002 +@@ -1146,26 +1146,26 @@ case PRINT_AIX: case PRINT_LPRNT: case PRINT_LPROS2: @@ -38,7 +37,7 @@ break; case PRINT_CUPS: -@@ -1163,19 +1163,19 @@ +@@ -1181,19 +1181,19 @@ string_set(&Globals.szPrintcapname, "cups"); #else string_set(&sDefault.szLpqcommand, @@ -65,7 +64,7 @@ string_set(&Globals.szPrintcapname, "lpstat"); #endif /* HAVE_CUPS */ break; -@@ -1492,7 +1492,10 @@ +@@ -1513,7 +1513,10 @@ else StrnCpy(ret, s, len); @@ -75,5 +74,5 @@ + StrnCpy(ret, s, len); + } - standard_sub_basic(ret); + standard_sub_basic(ret, len + 100); return (ret); diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/lpq_parse.c.patch samba-2.2.6/packaging/Debian/debian/patches/lpq_parse.c.patch --- samba-2.2.5/packaging/Debian/debian/patches/lpq_parse.c.patch Thu May 2 20:20:28 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/lpq_parse.c.patch Wed Oct 16 04:30:52 2002 @@ -1,6 +1,6 @@ ---- samba-2.2.4/source/printing/lpq_parse.c.orig Wed May 1 23:14:51 2002 -+++ samba-2.2.4/source/printing/lpq_parse.c Thu May 2 00:18:30 2002 -@@ -263,6 +263,9 @@ +--- samba/source/printing/lpq_parse.c.orig 2002-07-24 09:22:49.000000000 -0400 ++++ samba/source/printing/lpq_parse.c 2002-10-13 01:43:10.000000000 -0400 +@@ -265,6 +265,9 @@ buf->status = LPQ_PAUSED; } diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/samba.patch samba-2.2.6/packaging/Debian/debian/patches/samba.patch --- samba-2.2.5/packaging/Debian/debian/patches/samba.patch Fri May 3 01:02:19 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/samba.patch Wed Oct 16 04:30:52 2002 @@ -133,9 +133,9 @@ become_daemon(); ---- samba-2.2.4/source/smbd/service.c.orig Wed May 1 23:15:10 2002 -+++ samba-2.2.4/source/smbd/service.c Thu May 2 00:20:44 2002 -@@ -713,6 +713,14 @@ +--- samba/source/smbd/service.c.orig 2002-10-12 11:54:24.000000000 -0400 ++++ samba/source/smbd/service.c 2002-10-13 01:43:10.000000000 -0400 +@@ -698,6 +698,14 @@ smbrun(cmd,NULL); } diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/smbclient-xfer-speed.patch samba-2.2.6/packaging/Debian/debian/patches/smbclient-xfer-speed.patch --- samba-2.2.5/packaging/Debian/debian/patches/smbclient-xfer-speed.patch Fri May 3 01:02:20 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/smbclient-xfer-speed.patch Wed Oct 16 04:30:52 2002 @@ -1,5 +1,5 @@ ---- samba-2.2.4/source/client/client.c.orig Wed May 1 23:13:57 2002 -+++ samba-2.2.4/source/client/client.c Thu May 2 00:34:16 2002 +--- samba-2.2.2.cvs20020120/source/client/client.c.orig Wed Jan 23 23:32:44 2002 ++++ samba-2.2.2.cvs20020120/source/client/client.c Wed Jan 23 23:33:50 2002 @@ -91,10 +91,10 @@ extern file_info def_finfo; diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/patches/smbmount-nomtab.patch samba-2.2.6/packaging/Debian/debian/patches/smbmount-nomtab.patch --- samba-2.2.5/packaging/Debian/debian/patches/smbmount-nomtab.patch Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/patches/smbmount-nomtab.patch Thu Oct 17 02:32:52 2002 @@ -1,6 +1,5 @@ -diff -uNr samba-2.2.5pre1.orig/source/client/smbmnt.c samba-2.2.5pre1/source/client/smbmnt.c ---- samba-2.2.5pre1.orig/source/client/smbmnt.c Wed Jun 12 15:50:00 2002 -+++ samba-2.2.5pre1/source/client/smbmnt.c Wed Jun 12 15:50:04 2002 +--- samba-2.2.3a/source/client/smbmnt.c.orig Tue Apr 2 09:58:18 2002 ++++ samba-2.2.3a/source/client/smbmnt.c Tue Apr 2 09:58:24 2002 @@ -28,6 +28,7 @@ static uid_t mount_uid; static gid_t mount_gid; @@ -102,9 +101,8 @@ return 0; } -diff -uNr samba-2.2.5pre1.orig/source/client/smbmount.c samba-2.2.5pre1/source/client/smbmount.c ---- samba-2.2.5pre1.orig/source/client/smbmount.c Wed Jun 12 15:46:02 2002 -+++ samba-2.2.5pre1/source/client/smbmount.c Wed Jun 12 15:50:04 2002 +--- samba/source/client/smbmount.c.orig 2002-10-13 01:34:58.000000000 -0400 ++++ samba/source/client/smbmount.c 2002-10-13 01:34:59.000000000 -0400 @@ -50,6 +50,7 @@ static int mount_ro; static unsigned mount_fmask; diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/rules samba-2.2.6/packaging/Debian/debian/rules --- samba-2.2.5/packaging/Debian/debian/rules Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/rules Wed Oct 16 04:30:52 2002 @@ -4,6 +4,7 @@ # solve build problems) introduced in Samba 2.2.1a-5. These # modification were made by Steve Langasek . # +# $Id: rules,v 1.2.2.6 2002/10/15 21:36:46 jerry Exp $ # # Uncomment this to turn on verbose mode. @@ -75,8 +76,7 @@ --with-pam_smbpass \ --with-libsmbclient \ --with-winbind \ - --with-msdfs \ - --with-automount) + --with-msdfs) touch configure-stamp @@ -178,7 +178,7 @@ cp debian/smb.conf $(DESTDIR)/usr/share/samba/ cp debian/samba.pamd $(DESTDIR)/etc/pam.d/samba - # This is to comply with policy (the symlink that ldconfig would + # This is to comply with policy (the symlink that ldconfig would # produce must exist in the package). /sbin/ldconfig -n $(DESTDIR)/usr/lib/ diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/samba-common.postinst samba-2.2.6/packaging/Debian/debian/samba-common.postinst --- samba-2.2.5/packaging/Debian/debian/samba-common.postinst Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/samba-common.postinst Wed Oct 16 04:30:52 2002 @@ -1,18 +1,19 @@ #!/bin/sh # +# $Id: samba-common.postinst,v 1.1.4.4 2002/10/15 21:36:46 jerry Exp $ # set -e +# Do debconf stuff here +. /usr/share/debconf/confmodule + # We need a default smb.conf file. If one doesn't exist we put in place # one that has some basic defaults. if [ ! -e /etc/samba/smb.conf ]; then cp -a /usr/share/samba/smb.conf /etc/samba/ fi -# Do debconf stuff here -. /usr/share/debconf/confmodule - # ------------------------- Debconf questions start --------------------- # Is the user configuring with debconf, or he/she prefers swat/manual diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/samba-common.postrm samba-2.2.6/packaging/Debian/debian/samba-common.postrm --- samba-2.2.5/packaging/Debian/debian/samba-common.postrm Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/samba-common.postrm Wed Oct 16 04:30:52 2002 @@ -1,5 +1,6 @@ #!/bin/sh # +# $Id: samba-common.postrm,v 1.2.2.6 2002/10/15 21:36:46 jerry Exp $ # if [ "$1" = purge ]; then diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Debian/debian/samba.init samba-2.2.6/packaging/Debian/debian/samba.init --- samba-2.2.5/packaging/Debian/debian/samba.init Wed Jun 19 01:13:23 2002 +++ samba-2.2.6/packaging/Debian/debian/samba.init Wed Oct 16 04:30:52 2002 @@ -2,6 +2,7 @@ # # Start/stops the Samba daemons (nmbd and smbd). # +# $Id: samba.init,v 1.2.2.6 2002/10/15 21:36:46 jerry Exp $ # # Defaults @@ -18,18 +19,14 @@ # If Samba is running from inetd then there is nothing to do if [ "$RUN_MODE" = "inetd" ]; then - # INIT_VERSION is defined for scripts than run directly from init... - if [ "$INIT_VERSION" = "" ]; then - cat < /dev/null - then - # Stale PID file (nmbd was succesfully stopped), - # remove it (should be removed by nmbd itself IMHO.) - rm -f $NMBDPID - fi - echo -n "nmbd " + echo -n " smbd" start-stop-daemon --stop --quiet --pidfile $SMBDPID - # Wait a little and remove stale PID file - sleep 1 - if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null - then - # Stale PID file (nmbd was succesfully stopped), - # remove it (should be removed by smbd itself IMHO.) - rm -f $SMBDPID - fi - echo "smbd." + echo "." ;; reload) echo -n "Reloading /etc/samba/smb.conf (smbd only)" @@ -81,9 +63,19 @@ echo "." ;; restart|force-reload) - $0 stop - sleep 1 - $0 start + echo -n "Restarting Samba daemons:" + + echo -n " nmbd" + start-stop-daemon --stop --quiet --pidfile $NMBDPID + sleep 2 + start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- -D + + echo -n " smbd" + start-stop-daemon --stop --quiet --pidfile $SMBDPID + sleep 2 + start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- -D + + echo "." ;; *) echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload}" diff -u -r --new-file --exclude=CVS samba-2.2.5/packaging/Mandrake/README.mandrake samba-2.2.6/packaging/Mandrake/README.mandrake --- samba-2.2.5/packaging/Mandrake/README.mandrake Thu Jan 1 00:00:00 1970 +++ samba-2.2.6/packaging/Mandrake/README.mandrake Tue Aug 27 23:39:20 2002 @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +The Mandrake samba spec file used for packaging for Mandrake and cooker +is now also used by the makerpms.sh script, and you can pass any options +that you would normally pass to rpm via the makerpms.sh script. + +Note that only release after 8.1 support passing options using +"--with