diff options
| author | bubulle <bubulle@alioth.debian.org> | 2009-02-28 07:48:43 +0000 |
|---|---|---|
| committer | bubulle <bubulle@alioth.debian.org> | 2009-02-28 07:48:43 +0000 |
| commit | 04e8785889590298589f360db370ea1d8139d1bf (patch) | |
| tree | 1a43b854222905465cc5834b417f08bbbe8c107c /docs-xml | |
| parent | 9e055700ecc3860c50dcf62199ea2b8de854de7c (diff) | |
merge upstream 3.3.1
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@2614 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'docs-xml')
28 files changed, 544 insertions, 38 deletions
diff --git a/docs-xml/archives/THANKS b/docs-xml/archives/THANKS index 789042f78e..37ecc99eeb 100644 --- a/docs-xml/archives/THANKS +++ b/docs-xml/archives/THANKS @@ -86,7 +86,7 @@ Tom Haapanen (tomh@metrics.com) consulting firm located in Waterloo, Ontario, Canada. We work with a variety of environments (such as Windows, Windows NT and Unix), tools and application areas, and can provide assistance for - development work ranging from a few days to to multiple man-year + development work ranging from a few days to multiple man-year projects. You can find more information at http://www.metrics.com/. diff --git a/docs-xml/manpages-3/eventlogadm.8.xml b/docs-xml/manpages-3/eventlogadm.8.xml index 1fa89fdcb5..e7d838bfe0 100644 --- a/docs-xml/manpages-3/eventlogadm.8.xml +++ b/docs-xml/manpages-3/eventlogadm.8.xml @@ -91,7 +91,7 @@ </term> <listitem><para> The <command>-o write</command> reads event log - records from standard input and writes them to theSamba + records from standard input and writes them to the Samba event log store named by EVENTLOG. </para> </listitem> </varlistentry> @@ -180,7 +180,7 @@ </para></listitem> <listitem><para> - <command>SRN</command> - he name of the machine on + <command>SRN</command> - The name of the machine on which the eventlog was generated. This is typically the host name. </para></listitem> diff --git a/docs-xml/manpages-3/ldbrename.1.xml b/docs-xml/manpages-3/ldbrename.1.xml new file mode 100644 index 0000000000..391ec84ccc --- /dev/null +++ b/docs-xml/manpages-3/ldbrename.1.xml @@ -0,0 +1,107 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> +<refentry id="ldbrename.1"> + +<refmeta> + <refentrytitle>ldbrename</refentrytitle> + <manvolnum>1</manvolnum> +</refmeta> + + +<refnamediv> + <refname>ldbrename</refname> + <refpurpose>Edit LDB databases using your favorite editor</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>ldbrename</command> + <arg choice="opt">-h</arg> + <arg choice="opt">-o options</arg> + <arg choice="req">olddn</arg> + <arg choice="req">newdb</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>ldbrename is a utility that allows you to rename trees in + an LDB database based by DN. This utility takes + two arguments: the original + DN name of the top element and the DN to change it to. + </para> + +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-h</term> + <listitem><para> + Show list of available options.</para></listitem> + </varlistentry> + + <varlistentry> + <term>-H <ldb-url></term> + <listitem><para> + LDB URL to connect to. See ldb(7) for details. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-o options</term> + <listitem><para>Extra ldb options, such as + modules.</para></listitem> + </varlistentry> + + </variablelist> + +</refsect1> + +<refsect1> + <title>ENVIRONMENT</title> + + <variablelist> + <varlistentry><term>LDB_URL</term> + <listitem><para>LDB URL to connect to (can be overrided by using the + -H command-line option.)</para></listitem> + </varlistentry> + </variablelist> + +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 4.0 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>SEE ALSO</title> + + <para>ldb(7), ldbmodify, ldbdel, ldif(5)</para> + +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> ldb was written by + <ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>. + </para> + + <para> +If you wish to report a problem or make a suggestion then please see +the <ulink url="http://ldb.samba.org/"/> web site for +current contact and maintainer information. + </para> + + <para>This manpage was written by Jelmer Vernooij.</para> + +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/mount.cifs.8.xml b/docs-xml/manpages-3/mount.cifs.8.xml index 93823654b8..dae54e1d97 100644 --- a/docs-xml/manpages-3/mount.cifs.8.xml +++ b/docs-xml/manpages-3/mount.cifs.8.xml @@ -43,10 +43,13 @@ by the popular Open Source server Samba. </para> <para> - The mount.cifs utility attaches the UNC name (exported network resource) to - the local directory <emphasis>mount-point</emphasis>. It is possible to set the mode for mount.cifs to -setuid root to allow non-root users to mount shares to directories for which they -have write permission. + The mount.cifs utility attaches the UNC name (exported network resource) + specified as <emphasis>service</emphasis> (using //server/share syntax, + where "server" is the server name or IP address and "share" is the name + of the share) to the local directory <emphasis>mount-point</emphasis>. + It is possible to set the mode for mount.cifs to setuid root to allow + non-root users to mount shares to directories for which they + have write permission. </para> <para> @@ -137,7 +140,7 @@ credentials file properly. same domain (e.g. running winbind or nss_ldap) and the server supports the Unix Extensions then the uid and gid can be retrieved from the server (and uid - and gid would not have to be specifed on the mount. + and gid would not have to be specified on the mount. For servers which do not support the CIFS Unix extensions, the default uid (and gid) returned on lookup of existing files will be the uid (gid) of the person @@ -369,9 +372,9 @@ port 445 is tried and if no response then port 139 is tried. <term>noacl</term> <listitem><para>Do not allow POSIX ACL operations even if server would support them.</para><para> The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers - version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and + version 3.0.10 and later. Setting POSIX ACLs requires enabling both XATTR and then POSIX support in the CIFS configuration options when building the cifs - module. POSIX ACL support can be disabled on a per mount basic by specifying + module. POSIX ACL support can be disabled on a per mount basis by specifying "noacl" on mount.</para> </listitem> </varlistentry> diff --git a/docs-xml/manpages-3/sharesec.1.xml b/docs-xml/manpages-3/sharesec.1.xml new file mode 100644 index 0000000000..d8ac510b69 --- /dev/null +++ b/docs-xml/manpages-3/sharesec.1.xml @@ -0,0 +1,220 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="sharesec.1"> + +<refmeta> + <refentrytitle>sharesec</refentrytitle> + <manvolnum>1</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">User Commands</refmiscinfo> + <refmiscinfo class="version">3.3</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>sharesec</refname> + <refpurpose>Set or get share ACLs</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>sharesec</command> + <arg choice="req">sharename</arg> + <arg choice="opt">-r, --remove=ACL</arg> + <arg choice="opt">-m, --modify=ACL</arg> + <arg choice="opt">-a, --add=ACL</arg> + <arg choice="opt">-R, --replace=ACLs</arg> + <arg choice="opt">-D, --delete</arg> + <arg choice="opt">-v, --view</arg> + <arg choice="opt">-M, --machine-sid</arg> + <arg choice="opt">-F, --force</arg> + <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg> + <arg choice="opt">-s, --configfile=CONFIGFILE</arg> + <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg> + <arg choice="opt">-V, --version</arg> + <arg choice="opt">-?, --help</arg> + <arg choice="opt">--usage</arg> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>sharesec</command> program manipulates share permissions + on SMB file shares.</para> +</refsect1> + + +<refsect1> + <title>OPTIONS</title> + + <para>The following options are available to the <command>sharesec</command> program. + The format of ACLs is described in the section ACL FORMAT </para> + + <variablelist> + <varlistentry> + <term>-a|--add=ACL</term> + <listitem><para>Add the ACEs specified to the ACL list. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-D|--delete</term> + <listitem><para>Delete the entire security descriptor. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-F|--force</term> + <listitem><para>Force storing the ACL. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-m|--modify=ACL</term> + <listitem><para>Modify existing ACEs. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-M|--machine-sid</term> + <listitem><para>Initialize the machine SID. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-r|--remove=ACL</term> + <listitem><para>Remove ACEs. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>-R|--replace=ACLS</term> + <listitem><para> + Overwrite an existing share permission ACL. + </para></listitem> + </varlistentry> + + &stdarg.help; + &stdarg.server.debug; + &popt.common.samba; + </variablelist> +</refsect1> + + +<refsect1> + <title>ACL FORMAT</title> + + <para>The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: </para> + + <para><programlisting> + REVISION:<revision number> + OWNER:<sid or name> + GROUP:<sid or name> + ACL:<sid or name>:<type>/<flags>/<mask> + </programlisting></para> + + <para>The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour.</para> + + <para>The owner and group specify the owner and group SIDs for the + object. If a SID in the format S-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides.</para> + + <para>ACLs specify permissions granted to the SID. This SID + can be specified in S-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID.</para> + + <para>The type can be either ALLOWED or DENIED to allow/deny access + to the SID. The flags values are generally zero for share ACLs. + </para> + + <para>The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name.</para> + + <itemizedlist> + <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem> + <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem> + <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem> + <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem> + <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem> + <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem> + </itemizedlist> + + <para>The following combined permissions can be specified:</para> + + <itemizedlist> + <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX' + permissions</para></listitem> + <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions + </para></listitem> + <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO' + permissions</para></listitem> + </itemizedlist> + </refsect1> + +<refsect1> + <title>EXIT STATUS</title> + + <para>The <command>sharesec</command> program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. </para> + + <para>If the operation succeeded, sharesec returns and exit + status of 0. If <command>sharesec</command> couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. </para> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para>Add full access for SID + <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on + <parameter>share</parameter>: + </para> + + <programlisting> + host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </programlisting> + + <para>List all ACEs for <parameter>share</parameter>: + </para> + + <programlisting> + host:~ # sharesec share -v + REVISION:1 + OWNER:(NULL SID) + GROUP:(NULL SID) + ACL:S-1-1-0:ALLOWED/0/0x101f01ff + ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL + </programlisting> +</refsect1> + +<refsect1> + <title>VERSION</title> + + <para>This man page is correct for version 3 of the Samba suite.</para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_acl_tdb.8.xml b/docs-xml/manpages-3/vfs_acl_tdb.8.xml new file mode 100644 index 0000000000..086b86f03e --- /dev/null +++ b/docs-xml/manpages-3/vfs_acl_tdb.8.xml @@ -0,0 +1,66 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_acl_tdb.8"> + +<refmeta> + <refentrytitle>vfs_acl_tdb</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">3.3</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_acl_tdb</refname> + <refpurpose>Save NTFS-ACLs in a tdb file</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = acl_tdb</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>vfs_acl_tdb</command> VFS module stores + NTFS Access Control Lists (ACLs) in a tdb file. + This enables the full mapping of Windows ACLs on Samba + servers. + </para> + + <para> + The ACL settings are stored in + <filename>$LOCKDIR/file_ntacls.tdb</filename>. + </para> + + <para>Please note that this module is + <emphasis>experimental</emphasis>! + </para> + + <para>This module is stackable.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <para> + There are no options for <command>vfs_acl_tdb</command>. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_acl_xattr.8.xml b/docs-xml/manpages-3/vfs_acl_xattr.8.xml new file mode 100644 index 0000000000..7387824f79 --- /dev/null +++ b/docs-xml/manpages-3/vfs_acl_xattr.8.xml @@ -0,0 +1,70 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="vfs_acl_xattr.8"> + +<refmeta> + <refentrytitle>vfs_acl_xattr</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">3.3</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>vfs_acl_xattr</refname> + <refpurpose>Save NTFS-ACLs in Extended Attributes (EAs)</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <cmdsynopsis> + <command>vfs objects = acl_xattr</command> + </cmdsynopsis> +</refsynopsisdiv> + +<refsect1> + <title>DESCRIPTION</title> + + <para>This VFS module is part of the + <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>7</manvolnum></citerefentry> suite.</para> + + <para>The <command>vfs_acl_xattr</command> VFS module stores + NTFS Access Control Lists (ACLs) in Extended Attributes (EAs). + This enables the full mapping of Windows ACLs on Samba + servers. + </para> + + <para>The ACLs are stored in the Extended Attribute + <parameter>security.NTACL</parameter> of a file or directory. + This Attribute is <emphasis>not</emphasis> listed by + <command>getfattr -d <filename>filename</filename></command>. + To show the current value, the name of the EA must be specified + (e.g. <command>getfattr -n security.NTACL <filename>filename</filename> + </command>). + </para> + + <para>Please note that this module is + <emphasis>experimental</emphasis>! + </para> + + <para>This module is stackable.</para> +</refsect1> + +<refsect1> + <title>OPTIONS</title> + <para> + There are no options for <command>vfs_acl_xattr</command>. + </para> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para>The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.</para> +</refsect1> + +</refentry> diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml index 556fa3e86e..3a16b61210 100644 --- a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml +++ b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml @@ -117,6 +117,17 @@ </listitem> </varlistentry> + <varlistentry> + <term>smb_traffic_analyzer:total_anonymization = STRING</term> + <listitem> + <para>If STRING matches to 'yes', the module will replace + any user name with the string given by the option + smb_traffic_analyzer:anonymize_prefix, without generating + an additional hash number. This means that any transfer data + will be mapped to a single user, leading to a total + anonymization of user related data.</para> + </listitem> + </varlistentry> </variablelist> </refsect1> diff --git a/docs-xml/smbdotconf/browse/enhancedbrowsing.xml b/docs-xml/smbdotconf/browse/enhancedbrowsing.xml index 13f2cd6446..7f85616c22 100644 --- a/docs-xml/smbdotconf/browse/enhancedbrowsing.xml +++ b/docs-xml/smbdotconf/browse/enhancedbrowsing.xml @@ -17,7 +17,7 @@ <para>You may wish to disable this option if you have a problem with empty workgroups not disappearing from browse lists. Due to the restrictions - of the browse protocols these enhancements can cause a empty workgroup + of the browse protocols, these enhancements can cause a empty workgroup to stay around forever which can be annoying.</para> <para>In general you should leave this option enabled as it makes diff --git a/docs-xml/smbdotconf/ldap/ldapssl.xml b/docs-xml/smbdotconf/ldap/ldapssl.xml index b2e953736b..fa7fea94d0 100644 --- a/docs-xml/smbdotconf/ldap/ldapssl.xml +++ b/docs-xml/smbdotconf/ldap/ldapssl.xml @@ -13,9 +13,9 @@ script.</para> <para>LDAP connections should be secured where possible. This may be - done setting either this parameter to + done setting <emphasis>either</emphasis> this parameter to <parameter moreinfo="none">Start_tls</parameter> - or by specifying <parameter moreinfo="none">ldaps://</parameter> in + <emphasis>or</emphasis> by specifying <parameter moreinfo="none">ldaps://</parameter> in the URL argument of <smbconfoption name="passdb backend"/>.</para> <para>The <smbconfoption name="ldap ssl"/> can be set to one of @@ -32,6 +32,17 @@ communicating with the directory server.</para> </listitem> </itemizedlist> + <para> + Please note that this parameter does only affect <emphasis>rpc</emphasis> + methods. To enable the LDAPv3 StartTLS extended operation (RFC2830) for + <emphasis>ads</emphasis>, set + <smbconfoption name="ldap ssl">yes</smbconfoption> + <emphasis>and</emphasis> + <smbconfoption name="ldap ssl ads">yes</smbconfoption>. + See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + for more information on <smbconfoption name="ldap ssl ads"/>. + </para> + </description> <value type="default">start tls</value> </samba:parameter> diff --git a/docs-xml/smbdotconf/ldap/ldapsslads.xml b/docs-xml/smbdotconf/ldap/ldapsslads.xml new file mode 100644 index 0000000000..e6998cbaf2 --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapsslads.xml @@ -0,0 +1,21 @@ +<samba:parameter name="ldap ssl ads" + context="G" + type="boolean" + advanced="1" developer="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para>This option is used to define whether or not Samba should + use SSL when connecting to the ldap server using + <emphasis>ads</emphasis> methods. + Rpc methods are not affected by this parameter. Please note, that + this parameter won't have any effect if <smbconfoption name="ldap ssl"/> + is set to <parameter>no</parameter>. + </para> + + <para>See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum> + for more information on <smbconfoption name="ldap ssl"/>. + </para> + +</description> +<value type="default">no</value> +</samba:parameter> diff --git a/docs-xml/smbdotconf/locking/strictlocking.xml b/docs-xml/smbdotconf/locking/strictlocking.xml index e3a0ed7b4c..15ad0ad073 100644 --- a/docs-xml/smbdotconf/locking/strictlocking.xml +++ b/docs-xml/smbdotconf/locking/strictlocking.xml @@ -12,7 +12,7 @@ <para> When strict locking is set to Auto (the default), the server performs file lock checks only on non-oplocked files. As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for - inproved performance. + improved performance. </para> <para> diff --git a/docs-xml/smbdotconf/misc/remoteannounce.xml b/docs-xml/smbdotconf/misc/remoteannounce.xml index f23968b501..a6bf0c546f 100644 --- a/docs-xml/smbdotconf/misc/remoteannounce.xml +++ b/docs-xml/smbdotconf/misc/remoteannounce.xml @@ -6,7 +6,7 @@ <description> <para> This option allows you to setup <citerefentry><refentrytitle>nmbd</refentrytitle> - <manvolnum>8</manvolnum></citerefentry>to periodically announce itself + <manvolnum>8</manvolnum></citerefentry> to periodically announce itself to arbitrary IP addresses with an arbitrary workgroup name. </para> @@ -23,7 +23,7 @@ </programlisting> the above line would cause <command moreinfo="none">nmbd</command> to announce itself to the two given IP addresses using the given workgroup names. If you leave out the - workgroup name then the one given in the <smbconfoption name="workgroup"/> parameter + workgroup name, then the one given in the <smbconfoption name="workgroup"/> parameter is used instead. </para> diff --git a/docs-xml/smbdotconf/misc/usershareallowguests.xml b/docs-xml/smbdotconf/misc/usershareallowguests.xml index 738f3a11ba..a3ae5183b0 100644 --- a/docs-xml/smbdotconf/misc/usershareallowguests.xml +++ b/docs-xml/smbdotconf/misc/usershareallowguests.xml @@ -8,7 +8,7 @@ to be accessed by non-authenticated users or not. It is the equivalent of allowing people who can create a share the option of setting <parameter moreinfo="none">guest ok = yes</parameter> in a share - definition. Due to the security sensitive nature of this the default + definition. Due to its security sensitive nature, the default is set to off.</para> </description> diff --git a/docs-xml/smbdotconf/misc/usershareprefixallowlist.xml b/docs-xml/smbdotconf/misc/usershareprefixallowlist.xml index bacc2e9530..6c1822a165 100644 --- a/docs-xml/smbdotconf/misc/usershareprefixallowlist.xml +++ b/docs-xml/smbdotconf/misc/usershareprefixallowlist.xml @@ -6,8 +6,8 @@ <description> <para>This parameter specifies a list of absolute pathnames the root of which are allowed to be exported by user defined share definitions. - If the pathname exported doesn't start with one of the strings in this - list the user defined share will not be allowed. This allows the Samba + If the pathname to be exported doesn't start with one of the strings in this + list, the user defined share will not be allowed. This allows the Samba administrator to restrict the directories on the system that can be exported by user defined shares. </para> diff --git a/docs-xml/smbdotconf/misc/usersharetemplateshare.xml b/docs-xml/smbdotconf/misc/usersharetemplateshare.xml index efe2e81d22..9593a6c7e4 100644 --- a/docs-xml/smbdotconf/misc/usersharetemplateshare.xml +++ b/docs-xml/smbdotconf/misc/usersharetemplateshare.xml @@ -5,7 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>User defined shares only have limited possible parameters - such as path, guest ok etc. This parameter allows usershares to + such as path, guest ok, etc. This parameter allows usershares to "cloned" from an existing share. If "usershare template share" is set to the name of an existing share, then all usershares created have their defaults set from the parameters set on this diff --git a/docs-xml/smbdotconf/printing/useclientdriver.xml b/docs-xml/smbdotconf/printing/useclientdriver.xml index 99e8556811..4d9b7abfcc 100644 --- a/docs-xml/smbdotconf/printing/useclientdriver.xml +++ b/docs-xml/smbdotconf/printing/useclientdriver.xml @@ -29,7 +29,7 @@ <para>If this parameter is enabled for a printer, then any attempt to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() - call to succeed. <emphasis>This parameter MUST not be able enabled + call to succeed. <emphasis>This parameter MUST not be enabled on a print share which has valid print driver installed on the Samba server.</emphasis></para> </description> diff --git a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml index 6916261759..79b6da7afa 100644 --- a/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml +++ b/docs-xml/smbdotconf/protocol/aclcheckpermissions.xml @@ -21,7 +21,7 @@ and allows the open. If the user doesn't have permission to delete the file this will only be discovered at close time, which is too late for the Windows user tools to display an error message to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing - on a Windows explorer refersh. This is an extremely advanced protocol option which should not + on a Windows explorer refresh. This is an extremely advanced protocol option which should not need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version with slightly different semantics was introduced in 3.0.20. That older version is not documented here. </para> diff --git a/docs-xml/smbdotconf/protocol/enableasusupport.xml b/docs-xml/smbdotconf/protocol/enableasusupport.xml index cd4f30fb8d..bb56b5ad0b 100644 --- a/docs-xml/smbdotconf/protocol/enableasusupport.xml +++ b/docs-xml/smbdotconf/protocol/enableasusupport.xml @@ -5,7 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>Hosts running the "Advanced Server for Unix (ASU)" product - require some special accomodations such as creating a builting [ADMIN$] + require some special accomodations such as creating a builtin [ADMIN$] share that only supports IPC connections. The has been the default behavior in smbd for many years. However, certain Microsoft applications such as the Print Migrator tool require that the remote server support diff --git a/docs-xml/smbdotconf/security/clientlanmanauth.xml b/docs-xml/smbdotconf/security/clientlanmanauth.xml index 5266fef6a2..967eacf85b 100644 --- a/docs-xml/smbdotconf/security/clientlanmanauth.xml +++ b/docs-xml/smbdotconf/security/clientlanmanauth.xml @@ -11,7 +11,7 @@ password hashes (e.g. Windows NT/2000, Samba, etc... but not Windows 95/98) will be able to be connected from the Samba client.</para> - <para>The LANMAN encrypted response is easily broken, due to it's + <para>The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Clients without Windows 95/98 servers are advised to disable this option. </para> diff --git a/docs-xml/smbdotconf/security/clientsigning.xml b/docs-xml/smbdotconf/security/clientsigning.xml index bf37cbb874..c657e05711 100644 --- a/docs-xml/smbdotconf/security/clientsigning.xml +++ b/docs-xml/smbdotconf/security/clientsigning.xml @@ -4,8 +4,7 @@ basic="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This controls whether the client offers or requires - the server it talks to to use SMB signing. Possible values + <para>This controls whether the client is allowed or required to use SMB signing. Possible values are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> and <emphasis>disabled</emphasis>. </para> diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml index 341952205f..4e68c5e03a 100644 --- a/docs-xml/smbdotconf/security/lanmanauth.xml +++ b/docs-xml/smbdotconf/security/lanmanauth.xml @@ -12,7 +12,7 @@ Windows 95/98 or the MS DOS network client) will be able to connect to the Samba host.</para> - <para>The LANMAN encrypted response is easily broken, due to it's + <para>The LANMAN encrypted response is easily broken, due to its case-insensitive nature, and the choice of algorithm. Servers without Windows 95/98/ME or MS DOS clients are advised to disable this option. </para> diff --git a/docs-xml/smbdotconf/security/passwordserver.xml b/docs-xml/smbdotconf/security/passwordserver.xml index 0da247d27d..0e92af9eba 100644 --- a/docs-xml/smbdotconf/security/passwordserver.xml +++ b/docs-xml/smbdotconf/security/passwordserver.xml @@ -7,7 +7,7 @@ <para>By specifying the name of another SMB server or Active Directory domain controller with this option, and using <command moreinfo="none">security = [ads|domain|server]</command> - it is possible to get Samba to + it is possible to get Samba to do all its username/password validation using a specific remote server.</para> <para>This option sets the name or IP address of the password server to use. diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml index 3ad5175712..514ea54e0f 100644 --- a/docs-xml/smbdotconf/security/security.xml +++ b/docs-xml/smbdotconf/security/security.xml @@ -47,7 +47,7 @@ want to mainly setup shares without a password (guest shares). This is commonly used for a shared printer server. It is more difficult to setup guest shares with <command moreinfo="none">security = user</command>, see - the <smbconfoption name="map to guest"/>parameter for details.</para> + the <smbconfoption name="map to guest"/> parameter for details.</para> <para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis> hybrid mode</emphasis> where it is offers both user and share @@ -58,7 +58,7 @@ <para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para> - <para>When clients connect to a share level security server they + <para>When clients connect to a share level security server, they need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with @@ -211,7 +211,7 @@ </para></note> <note><para>From the client's point of - view <command moreinfo="none">security = server</command> is the + view, <command moreinfo="none">security = server</command> is the same as <command moreinfo="none">security = user</command>. It only affects how the server deals with the authentication, it does not in any way affect what the client sees.</para></note> diff --git a/docs-xml/smbdotconf/security/serverschannel.xml b/docs-xml/smbdotconf/security/serverschannel.xml index 6317448fb6..655463576f 100644 --- a/docs-xml/smbdotconf/security/serverschannel.xml +++ b/docs-xml/smbdotconf/security/serverschannel.xml @@ -13,7 +13,7 @@ </para> <para> - Please note that with this set to <literal>no</literal> you will have to apply the WindowsXP + Please note that with this set to <literal>no</literal>, you will have to apply the WindowsXP <filename>WinXP_SignOrSeal.reg</filename> registry patch found in the docs/registry subdirectory of the Samba distribution tarball. </para> </description> diff --git a/docs-xml/smbdotconf/security/serversigning.xml b/docs-xml/smbdotconf/security/serversigning.xml index f2f5629586..ea21a2c6f6 100644 --- a/docs-xml/smbdotconf/security/serversigning.xml +++ b/docs-xml/smbdotconf/security/serversigning.xml @@ -5,8 +5,7 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> - <para>This controls whether the server offers or requires - the client it talks to to use SMB signing. Possible values + <para>This controls whether the client is allowed or required to use SMB signing. Possible values are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> and <emphasis>disabled</emphasis>. </para> diff --git a/docs-xml/smbdotconf/security/smbencrypt.xml b/docs-xml/smbdotconf/security/smbencrypt.xml index eb91ce51fa..d556166953 100644 --- a/docs-xml/smbdotconf/security/smbencrypt.xml +++ b/docs-xml/smbdotconf/security/smbencrypt.xml @@ -16,8 +16,7 @@ and MacOS/X clients. Windows clients do not support this feature. </para> - <para>This controls whether the server offers or requires - the client it talks to to use SMB encryption. Possible values + <para>This controls whether the remote client is allowed or required to use SMB encryption. Possible values are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis> and <emphasis>disabled</emphasis>. This may be set on a per-share basis, but clients may chose to encrypt the entire session, not diff --git a/docs-xml/smbdotconf/security/updateencrypted.xml b/docs-xml/smbdotconf/security/updateencrypted.xml index da493665cf..eb54ed9bab 100644 --- a/docs-xml/smbdotconf/security/updateencrypted.xml +++ b/docs-xml/smbdotconf/security/updateencrypted.xml @@ -9,7 +9,7 @@ This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed) password in the smbpasswd file to be updated automatically as they log on. This option allows a site to migrate from plaintext password authentication (users authenticate with plaintext password over the - wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB + wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB challenge/response authentication mechanism) without forcing all users to re-enter their passwords via smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted passwords to be made over a longer period. Once all users have encrypted representations of their passwords @@ -24,7 +24,7 @@ </para> <para> - Note that even when this parameter is set a user authenticating to <command moreinfo="none">smbd</command> + Note that even when this parameter is set, a user authenticating to <command moreinfo="none">smbd</command> must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd) passwords. </para> |