<refsect3>
<title>GROUPMAP MODIFY</title>
-<para>Update en existing group entry.</para>
+<para>Update an existing group entry.</para>
<para>
<programlisting>
To use this option, a basic ldap tree must be provided and the ldap suffix parameters must be properly
configured. On virgin servers the default users and groups (Administrator, Guest, Domain Users,
Domain Admins, Domain Guests) can be precreated with the command <command moreinfo="none">net sam
- provision</command>. To run this command the ldap server must be running, Winindd must be running and
+ provision</command>. To run this command the ldap server must be running, Winbindd must be running and
the smb.conf ldap options must be properly configured.
The typical ldap setup used with the <smbconfoption name="ldapsam:trusted">yes</smbconfoption> option
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This parameter has been made inoperative in Samba 3.0.24.
- The functionality it contolled is now controlled by the parameter
+ The functionality it controlled is now controlled by the parameter
<smbconfoption name="lock spin time"/>.
</para>
</description>
<emphasis>1</emphasis> for tracing function calls.
</para>
<para>
- The debug ouput from the LDAP libraries appears with the
+ The debug output from the LDAP libraries appears with the
prefix [LDAP] in Samba's logging output.
The level at which LDAP logging is printed is controlled by the
parameter <parameter>ldap debug threshold</parameter>.
<manvolnum>8</manvolnum></citerefentry> that
should stop a shutdown procedure issued by the <smbconfoption name="shutdown script"/>.</para>
- <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>,
+ <para>If the connected user possesses the <constant>SeRemoteShutdownPrivilege</constant>,
right, this command will be run as root.</para>
</description>
<value type="default">""</value>
<para>Thanks to the Posix subsystem in NT a Windows User has a
primary group in addition to the auxiliary groups. This script
- sets the primary group in the unix userdatase when an
+ sets the primary group in the unix user database when an
administrator sets the primary group from the windows user
manager or when fetching a SAM with <command>net rpc
vampire</command>. <parameter>%u</parameter> will be replaced
<manvolnum>8</manvolnum></citerefentry> that should
start a shutdown procedure.</para>
- <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>,
+ <para>If the connected user possesses the <constant>SeRemoteShutdownPrivilege</constant>,
right, this command will be run as root.</para>
<para>The %z %t %r %f variables are expanded as follows:</para>
Be aware that if you set this parameter, this needs to be in
the file smb.conf, it is not really helpful to put this into
a registry configuration (typical on a cluster), because to
- access the registry contact to ctdb is requred.
+ access the registry contact to ctdb is required.
</para>
<para>Setting <parameter>ctdb timeout</parameter> to n makes
any process waiting longer than n seconds for a reply by the
<para>
To use the CUPS printing interface set <command moreinfo="none">printcap name = cups </command>. This should
- be supplemented by an addtional setting <smbconfoption name="printing">cups</smbconfoption> in the [global]
+ be supplemented by an additional setting <smbconfoption name="printing">cups</smbconfoption> in the [global]
section. <command moreinfo="none">printcap name = cups</command> will use the "dummy" printcap
created by CUPS, as specified in your CUPS configuration file.
</para>
printer using MS-RPC. The problem is that because the client
considers the printer to be local, it will attempt to issue the
OpenPrinterEx() call requesting access rights associated with the
- logged on user. If the user possesses local administator rights but
+ logged on user. If the user possesses local administrator rights but
not root privilege on the Samba host (often the case), the
OpenPrinterEx() call will fail. The result is that the client will
now display an "Access Denied; Unable to connect" message
normal way. To enable POSIX large write support (SMB/CIFS writes up to 16Mb) this option must be
nonzero. The maximum value is 128k. Values greater than 128k will be silently set to 128k.</para>
<para>Note this option will have NO EFFECT if set on a SMB signed connection.</para>
-<para>The default is zero, which diables this option.</para>
+<para>The default is zero, which disables this option.</para>
</description>
<related>min receivefile size</related>
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This deprecated variable controls controls whether samba will try
+ <para>This deprecated variable controls whether samba will try
to use Simple and Protected NEGOciation (as specified by rfc2478) with
WindowsXP and Windows2000 clients to agree upon an authentication mechanism.
</para>
that group to modify the permissions on it. This allows the delegation of security controls
on a point in the filesystem to the group owner of a directory and anything below it also owned
by that group. This means there are multiple people with permissions to modify ACLs on a file
- or directory, easing managability.
+ or directory, easing manageability.
</para>
<para>
This parameter allows Samba to also permit delegation of the control over a point in the exported
<para>Setting this option to a larger value could be useful to sites
transitioning from WinNT and Win2k, as existing user and
- group rids would otherwise clash with sytem users etc.
+ group rids would otherwise clash with system users etc.
</para>
<para>All UIDs and GIDs must be able to be resolved into SIDs for
<emphasis>should not</emphasis> be used, as the default '*' indicates to Samba
to determine the best DC to contact dynamically, just as all other hosts in an
AD domain do. This allows the domain to be maintained without modification to
- the smb.conf file. The cryptograpic protection on the authenticated RPC calls
+ the smb.conf file. The cryptographic protection on the authenticated RPC calls
used to verify passwords ensures that this default is safe.</para>
<para><emphasis>It is strongly recommended that you use the
<listitem>
<para>Using a password server means your UNIX box (running
- Samba) is only as secure as (a host masqurading as) your password server. <emphasis>DO NOT
+ Samba) is only as secure as (a host masquerading as) your password server. <emphasis>DO NOT
CHOOSE A PASSWORD SERVER THAT YOU DON'T COMPLETELY TRUST</emphasis>.
</para>
</listitem>
</programlisting>
registry key in Windows 2000 and Windows NT. When set to 0, user
and group list information is returned to anyone who asks. When set
- to 1, only an authenticated user can retrive user and
+ to 1, only an authenticated user can retrieve user and
group list information. For the value 2, supported by
Windows 2000/XP and Samba, no anonymous connections are allowed at
all. This can break third party and Microsoft
<para>
Please note that for user or share mode security, the username map is applied prior to validating the user
credentials. Domain member servers (domain or ads) apply the username map after the user has been
- successfully authenticated by the domain controller and require fully qualified enties in the map table (e.g.
+ successfully authenticated by the domain controller and require fully qualified entries in the map table (e.g.
biddle = <literal>DOMAIN\foo</literal>).
</para>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>Some version of NT 4.x allow non-guest
- users with a bad passowrd. When this option is enabled, samba will not
+ users with a bad password. When this option is enabled, samba will not
use a broken NT 4.x server as password server, but instead complain
to the logs and exit.
</para>
<para>Disabling this option prevents Samba from making
- this check, which involves deliberatly attempting a
+ this check, which involves deliberately attempting a
bad logon to the remote server.</para>
</description>
when a file is created or extended to be a given size. In UNIX
terminology this means that Samba will stop creating sparse files.</para>
- <para>This option is really desgined for file systems that support
+ <para>This option is really designed for file systems that support
fast allocation of large numbers of blocks such as extent-based file systems.
On file systems that don't support extents (most notably ext3) this can
make Samba slower. When you work with large files over >100MB on file
samba can use.</para>
<para>This option is only available if Samba was configured with the argument <command>--with-sys-quotas</command> or
- on linux when <command>./configure --with-quotas</command> was used and a working quota api
+ on Linux when <command>./configure --with-quotas</command> was used and a working quota api
was found in the system. Most packages are configured with these options already.</para>
<para>This parameter should specify the path to a script that
<description>
<para>
- Setting this paramter to <value type="example">no</value> prevents
+ Setting this parameter to <value type="example">no</value> prevents
winbind from creating custom krb5.conf files. Winbind normally does
this because the krb5 libraries are not AD-site-aware and thus would
pick any domain controller out of potentially very many. Winbind
<para>
The idmap configuration is hence divided into groups, one group
for each domain to be configured, and one group with the the
- asterisk instead of a proper domain name, which speifies the
+ asterisk instead of a proper domain name, which specifies the
default configuration that is used to catch all domains that do
not have an explicit idmap configuration of their own.
</para>
Defines the available matching uid and gid range for which the
backend is authoritative. For allocating backends, this also
defines the start and the end of the range for allocating
- new unid IDs.
+ new uniq IDs.
</para>
<para>
winbind uses this parameter to find the backend that is
idmap and nss_info plugin for the specifics on how to configure
name aliasing for a specific configuration. Name aliasing takes
precedence (and is mutually exclusive) over the whitespace
- replacement mechanism discussed previsouly.
+ replacement mechanism discussed previously.
</para>
</description>
git.samba.org / samba.git / commitdiff