</para>
<para>
- <command><quote>SERVER\user (Long name)</quote></command>
+ <command>"SERVER\user (Long name)"</command>
</para>
<para>
These are:
<itemizedlist>
- <listitem><smbconfoption><name>security mask</name></smbconfoption></listitem>
- <listitem><smbconfoption><name>force security mode</name></smbconfoption></listitem>
- <listitem><smbconfoption><name>directory security mask</name></smbconfoption></listitem>
- <listitem><smbconfoption><name>force directory security mode</name></smbconfoption></listitem>
+ <listitem><para><smbconfoption><name>security mask</name></smbconfoption></para></listitem>
+ <listitem><para><smbconfoption><name>force security mode</name></smbconfoption></para></listitem>
+ <listitem><para><smbconfoption><name>directory security mask</name></smbconfoption></para></listitem>
+ <listitem><para><smbconfoption><name>force directory security mode</name></smbconfoption></para></listitem>
</itemizedlist>
</para>
</screen>
</para>
- <note><para>
- <para>This is the same as doing:</para>
+ <note>
+ <para>This is the same as doing:
<screen>
&prompt;<userinput>chown jack /foodbar</userinput>
&prompt;<userinput>chgrp engr /foodbar</userinput>
</para>
<itemizedlist>
- <listitem>Server Manager</listitem>
- <listitem>User Manager for Domains</listitem>
- <listitem>Event Viewer</listitem>
+ <listitem><para>Server Manager</para></listitem>
+ <listitem><para>User Manager for Domains</para></listitem>
+ <listitem><para>Event Viewer</para></listitem>
</itemizedlist>
<para>
</para>
<itemizedlist>
- <listitem>No Logon Script.</listitem>
- <listitem>Simple universal Logon Script that applies to all users.</listitem>
- <listitem>Use of a conditional Logon Script that applies per user or per group attributes.</listitem>
- <listitem>Use of Samba's preexec and postexec functions on access to the NETLOGON share to create
- a custom logon script and then execute it.</listitem>
- <listitem>User of a tool such as KixStart.</listitem>
+ <listitem><para>No Logon Script.</para></listitem>
+ <listitem><para>Simple universal Logon Script that applies to all users.</para></listitem>
+ <listitem><para>Use of a conditional Logon Script that applies per user or per group attributes.</para></listitem>
+ <listitem><para>Use of Samba's preexec and postexec functions on access to the NETLOGON share to create
+ a custom logon script and then execute it.</para></listitem>
+ <listitem><para>User of a tool such as KixStart.</para></listitem>
</itemizedlist>
<para>
</para>
<itemizedlist>
- <listitem><ulink noescape="1" url="http://www.craigelachi.e.org/rhacer/ntlogon">http://www.craigelachi.e.org/rhacer/ntlogon</ulink></listitem>
- <listitem><ulink noescape="1" url="http://www.kixtart.org">http://www.kixtart.org</ulink></listitem>
+ <listitem><para><ulink noescape="1" url="http://www.craigelachi.e.org/rhacer/ntlogon">http://www.craigelachi.e.org/rhacer/ntlogon</ulink></para></listitem>
+ <listitem><para><ulink noescape="1" url="http://www.kixtart.org">http://www.kixtart.org</ulink></para></listitem>
</itemizedlist>
<sect2>
<para>
- <image><imagedescription>Windows printing to a local printer.</imagedescription><imagefile>1small</imagefile></image>
+ <image id="small1"><imagedescription>Windows printing to a local printer.</imagedescription><imagefile>1small</imagefile></image>
</para>
</sect2>
</note>
<para>
- <image><imagedescription>Printing to a PostScript printer.</imagedescription>
+ <image id="small2"><imagedescription>Printing to a PostScript printer.</imagedescription>
<imagefile>2small</imagefile></image>
</para>
</para>
<para>
- <image><imagedescription>Ghostscript as a RIP for non-postscript printers.</imagedescription>
+ <image id="small3"><imagedescription>Ghostscript as a RIP for non-postscript printers.</imagedescription>
<imagefile>3small</imagefile>
</image>
</para>
</para>
<para>
- <image scale="25"><imagedescription>Pre-filtering in CUPS to form PostScript.</imagedescription>
+ <image id="small4" scale="25"><imagedescription>Pre-filtering in CUPS to form PostScript.</imagedescription>
<imagefile>4small</imagefile>
</image>
</para>
</para>
<para>
- <image scale="25"><imagedescription>Adding device-specific print options.</imagedescription>
+ <image scale="25" id="small5"><imagedescription>Adding device-specific print options.</imagedescription>
<imagefile>5small</imagefile>
</image>
</para>
</para>
<para>
- <image scale="25"><imagedescription>PostScript to intermediate raster format.</imagedescription><imagefile>6small</imagefile></image>
+ <image id="small6" scale="25"><imagedescription>PostScript to intermediate raster format.</imagedescription><imagefile>6small</imagefile></image>
</para>
<para>
</para>
<para>
- <image><imagedescription>CUPS-raster production using Ghostscript.</imagedescription>
+ <image id="small7"><imagedescription>CUPS-raster production using Ghostscript.</imagedescription>
<imagefile>7small</imagefile>
</image>
</para>
<title>PPDs shipped with CUPS</title>
<tgroup cols="2" align="left">
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify" colwidth="1*"/>
<thead><row><entry>PPD file</entry><entry>Printer type</entry></row></thead>
<tbody>
<row><entry>deskjet.ppd</entry><entry>older HP inkjet printers and compatible</entry></row>
</para>
<para>
-<image><imagedescription>Printing via CUPS/Samba server.</imagedescription>
+<image id="small13"><imagedescription>Printing via CUPS/Samba server.</imagedescription>
<imagefile>13small</imagefile>
</image>
</para>
<para>
<itemizedlist>
- <listitem>cups.hlp</listitem>
- <listitem>cupsdrvr.dll</listitem>
- <listitem>cupsui.dll</listitem>
+ <listitem><para>cups.hlp</para></listitem>
+ <listitem><para>cupsdrvr.dll</para></listitem>
+ <listitem><para>cupsui.dll</para></listitem>
</itemizedlist>
</para>
<para>
<itemizedlist>
- <listitem>ADFONTS.MFM</listitem>
- <listitem>ADOBEPS4.DRV</listitem>
- <listitem>ADOBEPS4.HLP</listitem>
- <listitem>DEFPRTR2.PPD</listitem>
- <listitem>ICONLIB.DLL</listitem>
- <listitem>PSMON.DLL</listitem>
+ <listitem><para>ADFONTS.MFM</para></listitem>
+ <listitem><para>ADOBEPS4.DRV</para></listitem>
+ <listitem><para>ADOBEPS4.HLP</para></listitem>
+ <listitem><para>DEFPRTR2.PPD</para></listitem>
+ <listitem><para>ICONLIB.DLL</para></listitem>
+ <listitem><para>PSMON.DLL</para></listitem>
</itemizedlist>
</para>
<para>
<itemizedlist>
- <listitem>ADOBEPS5.DLL</listitem>
- <listitem>ADOBEPSU.DLL</listitem>
- <listitem>ADOBEPSU.HLP</listitem>
+ <listitem><para>ADOBEPS5.DLL</para></listitem>
+ <listitem><para>ADOBEPSU.DLL</para></listitem>
+ <listitem><para>ADOBEPSU.HLP</para></listitem>
</itemizedlist>
</para>
<para>On Debian, you need to install the following packages:</para>
<para>
<itemizedlist>
- <listitem>libkrb5-dev</listitem>
- <listitem>krb5-user</listitem>
+ <listitem><para>libkrb5-dev</para></listitem>
+ <listitem><para>krb5-user</para></listitem>
</itemizedlist>
</para>
</sect3>
<para>On Red Hat Linux, this means you should have at least: </para>
<para>
<itemizedlist>
- <listitem>krb5-workstation (for kinit)</listitem>
- <listitem>krb5-libs (for linking with)</listitem>
- <listitem>krb5-devel (because you are compiling from source)</listitem>
+ <listitem><para>krb5-workstation (for kinit)</para></listitem>
+ <listitem><para>krb5-libs (for linking with)</para></listitem>
+ <listitem><para>krb5-devel (because you are compiling from source)</para></listitem>
</itemizedlist>
</para>
</emphasis>
</para>
-<para><note>
+<note><para>
When Samba is configured to use an LDAP, or other identity management and/or
directory service, it is Samba that continues to perform user and machine
authentication. It should be noted that the LDAP server does not perform
authentication handling in place of what Samba is designed to do.
-</note></para>
+</para></note>
<para>
Please refer to <link linkend="samba-pdc"></link>, for more information regarding
this to be done using the following syntax:
<screen>
&rootprompt; <userinput>kinit Administrator@your.kerberos.REALM</userinput>
-&rootprompt; <userinput>net ads join <quote>organizational_unit</quote></userinput>
+&rootprompt; <userinput>net ads join "organizational_unit"</userinput>
</screen>
</para>
an encryption type of DES-CBC-MD5?
</para>
-<para><note>
+<note><para>
Samba can use both DES-CBC-MD5 encryption as well as ARCFOUR-HMAC-MD5 encoding.
-</note></para>
+</para></note>
</sect2>
<para>
<screen>
- &rootprompt;<userinput>net groupmap add ntgroup=<quote>Domain Admins</quote> UNIXgroup=domadm</userinput>
+ &rootprompt;<userinput>net groupmap add ntgroup="Domain Admins" UNIXgroup=domadm</userinput>
</screen>
</para>
Aliases, and RIDs are shown in <link linkend="WKURIDS"/>.
</para>
- <para><note>
+ <note><para>
When the <parameter>passdb backend</parameter> uses LDAP (<constant>ldapsam</constant>) it is the
admininstrators' responsibility to create the essential Domain Groups, and to assign each its default RID.
- </note></para>
+ </para></note>
<para>
It is permissible to create any Domain Group that may be necessary, just make certain that the essential
<table frame="all" id="majtypes"><title>The Three Major Site Types</title>
<tgroup cols="2">
<colspec align="left"/>
- <colspec align="justify" colspec="1*"/>
+ <colspec align="justify" colwidth="1*"/>
<thead>
<row><entry>Number of Users</entry><entry>Description</entry></row>
</thead>
</para>
<itemizedlist>
- <listitem>MS Windows machines register their presence to the network.</listitem>
- <listitem>Machines announce themselves to other machines on the network.</listitem>
- <listitem>One or more machine on the network collates the local announcements.</listitem>
- <listitem>The client machine finds the machine that has the collated list of machines.</listitem>
- <listitem>The client machine is able to resolve the machine names to IP addresses.</listitem>
- <listitem>The client machine is able to connect to a target machine.</listitem>
+ <listitem><para>MS Windows machines register their presence to the network.</para></listitem>
+ <listitem><para>Machines announce themselves to other machines on the network.</para></listitem>
+ <listitem><para>One or more machine on the network collates the local announcements.</para></listitem>
+ <listitem><para>The client machine finds the machine that has the collated list of machines.</para></listitem>
+ <listitem><para>The client machine is able to resolve the machine names to IP addresses.</para></listitem>
+ <listitem><para>The client machine is able to connect to a target machine.</para></listitem>
</itemizedlist>
<para>
</para>
<itemizedlist>
- <listitem>WINS &smbmdash; the best tool.</listitem>
- <listitem>LMHOSTS &smbmdash; static and hard to maintain.</listitem>
- <listitem>Broadcast &smbmdash; uses UDP and cannot resolve names across remote segments.</listitem>
+ <listitem><para>WINS &smbmdash; the best tool.</para></listitem>
+ <listitem><para>LMHOSTS &smbmdash; static and hard to maintain.</para></listitem>
+ <listitem><para>Broadcast &smbmdash; uses UDP and cannot resolve names across remote segments.</para></listitem>
</itemizedlist>
<para>
Alternative means of name resolution include:
</para>
<itemizedlist>
-<listitem>Static <filename>/etc/hosts</filename> &smbmdash; hard to maintain, and lacks name_type info.</listitem>
-<listitem>DNS &smbmdash; is a good choice but lacks essential name_type info.</listitem>
+<listitem><para>Static <filename>/etc/hosts</filename> &smbmdash; hard to maintain, and lacks name_type info.</para></listitem>
+<listitem><para>DNS &smbmdash; is a good choice but lacks essential name_type info.</para></listitem>
</itemizedlist>
<para>
<tgroup cols="3" align="left">
<colspec align="left"/>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify" colwidth="1*"/>
<thead>
<row><entry>Subnet</entry><entry>Browse Master</entry><entry>List</entry></row>
<para>Basically, you need three components:</para>
<itemizedlist>
- <listitem>The File and Print Client (IBM Peer)</listitem>
- <listitem>TCP/IP (Internet support) </listitem>
- <listitem>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</listitem>
+ <listitem><para>The File and Print Client (IBM Peer)</para></listitem>
+ <listitem><para>TCP/IP (Internet support) </para></listitem>
+ <listitem><para>The <quote>NetBIOS over TCP/IP</quote> driver (TCPBEUI)</para></listitem>
</itemizedlist>
<para>Installing the first two together with the base operating
<para>
<indexterm><primary>Account Controls</primary></indexterm>
<itemizedlist>
- <listitem>Logon hours</listitem>
- <listitem>Password aging</listitem>
- <listitem>Permitted logon from certain machines only</listitem>
- <listitem>Account type (local or global)</listitem>
- <listitem>User rights</listitem>
+ <listitem><para>Logon hours</para></listitem>
+ <listitem><para>Password aging</para></listitem>
+ <listitem><para>Permitted logon from certain machines only</para></listitem>
+ <listitem><para>Account type (local or global)</para></listitem>
+ <listitem><para>User rights</para></listitem>
</itemizedlist>
</para>
<listitem><para>In addition to the version, if you obtained Samba via
CVS, mention the date when you last checked it out.</para></listitem>
- <listitem><para> Try and make your questions clear and brief. Lots of long,
+ <listitem><para>Try and make your questions clear and brief. Lots of long,
convoluted questions get deleted before they are completely read!
Do not post HTML encoded messages. Most people on mailing lists simply delete
them.
</para></listitem>
- <listitem><para> If you run one of those nifty <quote>I'm on holidays</quote> things when
+ <listitem><para>If you run one of those nifty <quote>I'm on holidays</quote> things when
you are away, make sure its configured to not answer mailing list traffic. Auto-responses
to mailing lists really irritate the thousands of people who end up having to deal
with such bad netiquet bahavior.
<listitem><para>If you have a complete Netmon trace (from the opening of
the pipe to the error), you can send the *.CAP file as well.</para></listitem>
- `
+
<listitem><para>Please think carefully before attaching a document to an email.
Consider pasting the relevant parts into the body of the message. The Samba
mailing lists go to a huge number of people. Do they all need a copy of your
<note><para>You will need to log on if a logon box opens up.
For example, connect as <replaceable>DOMAIN</replaceable>\root, password:
- <replaceable>mypassword</replaceable>.</para></note> </step>
+ <replaceable>mypassword</replaceable>.</para></note></step>
<step><para> To make the profile capable of being used by anyone, select <quote>Everyone</quote>. </para></step>
<note><para>
Under Windows NT/200x, the use of mandatory profiles forces the use of MS Exchange storage of mail
data and keeps it out of the desktop profile. That keeps desktop profiles from becoming unusable.
-</para> </note>
+</para></note>
<sect4>
<title>Windows XP Service Pack 1</title>
exists there it will copy this to the workstation to the <filename>C:\Documents and Settings\</filename>
under the Windows login name of the user. </para>
-<note> <para> This path translates, in Samba parlance, to the &smb.conf;
+<note><para> This path translates, in Samba parlance, to the &smb.conf;
<smbconfsection>[NETLOGON]</smbconfsection> share. The directory should be created at the root
of this share and must be called <filename>Default Profile</filename>. </para> </note>
<para> In any case, you can configure only one profile per user. That profile can be either: </para>
<itemizedlist>
- <listitem>A profile unique to that user.</listitem>
- <listitem>A mandatory profile (one the user cannot change).</listitem>
- <listitem>A group profile (really should be mandatory, that is unchangable).</listitem>
+ <listitem><para>A profile unique to that user.</para></listitem>
+ <listitem><para>A mandatory profile (one the user cannot change).</para></listitem>
+ <listitem><para>A group profile (really should be mandatory, that is unchangable).</para></listitem>
</itemizedlist>
</sect2>
<figure id="domain-example"><title>An Example Domain.</title>
<mediaobject>
-<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/domain" width="4in" height="3in" scalefit="1"/></imageobject>
+<imageobject role="latex"><imagedata fileref="projdoc/imagefiles/domain" width="4in" scalefit="1"/></imageobject>
<imageobject><imagedata fileref="projdoc/imagefiles/domain.png" scale="50" scalefit="1"/></imageobject>
</mediaobject>
</figure>
<para>
New to Samba-3 is the ability to use a backend database that holds the same type of data as
-the NT4-style SAM database (one of the registry files)<footnote>See also <link linkend="passdb"/>.</footnote>.
+the NT4-style SAM database (one of the registry files)<footnote><para>See also <link linkend="passdb"/>.</para></footnote>.
</para>
<para>
environment. However, there are certain compromises:
<itemizedlist>
- <listitem>No machine policy files.</listitem>
- <listitem>No Group Policy Objects.</listitem>
- <listitem>No synchronously executed AD logon scripts.</listitem>
- <listitem>Can't use Active Directory management tools to manage users and machines.</listitem>
- <listitem>Registry changes tattoo the main registry, while with AD they do not leave permanent changes in effect.</listitem>
- <listitem>Without AD you cannot perform the function of exporting specific applications to specific users or groups.</listitem>
+ <listitem><para>No machine policy files.</para></listitem>
+ <listitem><para>No Group Policy Objects.</para></listitem>
+ <listitem><para>No synchronously executed AD logon scripts.</para></listitem>
+ <listitem><para>Can't use Active Directory management tools to manage users and machines.</para></listitem>
+ <listitem><para>Registry changes tattoo the main registry, while with AD they do not leave permanent changes in effect.</para></listitem>
+ <listitem><para>Without AD you cannot perform the function of exporting specific applications to specific users or groups.</para></listitem>
</itemizedlist>
</para>
It is rather easy to configure Samba to provide these. Each Samba Domain Controller must provide
the NETLOGON service that Samba calls the <smbconfoption><name>domain logons</name></smbconfoption> functionality
(after the name of the parameter in the &smb.conf; file). Additionally, one server in a Samba-3
-Domain must advertise itself as the Domain Master Browser<footnote>See <link linkend="NetworkBrowsing"/>.</footnote>.
+Domain must advertise itself as the Domain Master Browser<footnote><para>See <link linkend="NetworkBrowsing"/>.</para></footnote>.
This causes the Primary Domain Controller to claim a domain-specific NetBIOS name that identifies it as a
Domain Master Browser for its given domain or workgroup. Local master browsers in the same domain or workgroup on
broadcast-isolated subnets then ask for a complete copy of the browse list for the whole wide area network.
the <quote>$</quote>. Or create the whole entry with vipw if you like; make sure you use a unique user login ID.
</para>
-<para><note>The machine account must have the exact name that the workstation has.</note></para>
+<note><para>The machine account must have the exact name that the workstation has.</para></note>
<note><para>
The UNIX tool <command>vipw</command> is a common tool for directly editing the <filename>/etc/passwd</filename> file.
<itemizedlist>
<listitem><para>Domain Controller</para>
<itemizedlist>
- <listitem>Primary Domain Controller</listitem>
- <listitem>Backup Domain Controller</listitem>
- <listitem>ADS Domain Controller</listitem>
+ <listitem><para>Primary Domain Controller</para></listitem>
+ <listitem><para>Backup Domain Controller</para></listitem>
+ <listitem><para>ADS Domain Controller</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Domain Member Server</para>
<itemizedlist>
- <listitem>Active Directory Domain Server</listitem>
- <listitem>NT4 Style Domain Domain Server</listitem>
+ <listitem><para>Active Directory Domain Server</para></listitem>
+ <listitem><para>NT4 Style Domain Domain Server</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>Stand-alone Server</para></listitem>
A simple module to audit file access to the syslog
facility. The following operations are logged:
<itemizedlist>
- <listitem>share</listitem>
- <listitem>connect/disconnect</listitem>
- <listitem>directory opens/create/remove</listitem>
- <listitem>file open/close/rename/unlink/chmod</listitem>
+ <listitem><para>share</para></listitem>
+ <listitem><para>connect/disconnect</para></listitem>
+ <listitem><para>directory opens/create/remove</para></listitem>
+ <listitem><para>file open/close/rename/unlink/chmod</para></listitem>
</itemizedlist>
</para>
<para>
<quote>
We are seeing lots of errors in the Samba logs, like:
+</quote>
<programlisting>
tdb(/usr/local/samba_2.2.7/var/locks/locking.tdb): rec_read bad magic
0x4d6f4b61 at offset=36116
</programlisting>
+<quote>
What do these mean?
</quote>
</para>
</sect2>
+<sect2>
+<title>New Backends</title>
+
<para>
Samba-3 introduces a number of new password backend capabilities.
<indexterm><primary>SAM backend</primary><secondary>tdbsam</secondary></indexterm>
<indexterm><primary>SAM backend</primary><secondary>xmlsam</secondary></indexterm>
</para>
-<sect2>
-<title>New Backends</title>
-
<variablelist>
<varlistentry><term>tdbsam</term>
<listitem>
</para>
<itemizedlist>
- <listitem>MS DOS Network client 3.0 with the basic network redirector installed.</listitem>
- <listitem>Windows 95 with the network redirector update installed.</listitem>
- <listitem>Windows 98 [Second Edition].</listitem>
- <listitem>Windows Me.</listitem>
+ <listitem><para>MS DOS Network client 3.0 with the basic network redirector installed.</para></listitem>
+ <listitem><para>Windows 95 with the network redirector update installed.</para></listitem>
+ <listitem><para>Windows 98 [Second Edition].</para></listitem>
+ <listitem><para>Windows Me.</para></listitem>
</itemizedlist>
<note>
</para>
<itemizedlist>
- <listitem>Windows NT 3.5x.</listitem>
- <listitem>Windows NT 4.0.</listitem>
- <listitem>Windows 2000 Professional.</listitem>
- <listitem>Windows 200x Server/Advanced Server.</listitem>
- <listitem>Windows XP Professional.</listitem>
+ <listitem><para>Windows NT 3.5x.</para></listitem>
+ <listitem><para>Windows NT 4.0.</para></listitem>
+ <listitem><para>Windows 2000 Professional.</para></listitem>
+ <listitem><para>Windows 200x Server/Advanced Server.</para></listitem>
+ <listitem><para>Windows XP Professional.</para></listitem>
</itemizedlist>
<para>
<indexterm><primary>SAM backend</primary><secondary>ldapsam</secondary></indexterm>
<smbconfexample id="idmapbackendexample">
<title>Example configuration with the LDAP idmap backend</title>
-<indexterm><primary>SAM backend</primary><secondary>xmlsam</secondary></indexterm>
<smbconfsection>[global]</smbconfsection>
<smbconfoption><name>idmap backend</name><value>ldapsam:ldap://ldap-server.quenya.org:636</value></smbconfoption>
-<smbcomment>Alternately, this could be specified as:</smbcomment>
+<smbconfcomment>Alternately, this could be specified as:</smbconfcomment>
<smbconfoption><name>idmap backend</name><value>ldapsam:ldaps://ldap-server.quenya.org</value></smbconfoption>
</smbconfexample>
</para>
</para>
<itemizedlist>
- <listitem><emphasis>add</emphasis> user or machine accounts.</listitem>
- <listitem><emphasis>delete</emphasis> user or machine accounts.</listitem>
- <listitem><emphasis>enable</emphasis> user or machine accounts.</listitem>
- <listitem><emphasis>disable</emphasis> user or machine accounts.</listitem>
- <listitem><emphasis>set to NULL</emphasis> user passwords.</listitem>
- <listitem><emphasis>manage interdomain trust accounts.</emphasis></listitem>
+ <listitem><para><emphasis>add</emphasis> user or machine accounts.</para></listitem>
+ <listitem><para><emphasis>delete</emphasis> user or machine accounts.</para></listitem>
+ <listitem><para><emphasis>enable</emphasis> user or machine accounts.</para></listitem>
+ <listitem><para><emphasis>disable</emphasis> user or machine accounts.</para></listitem>
+ <listitem><para><emphasis>set to NULL</emphasis> user passwords.</para></listitem>
+ <listitem><para><emphasis>manage interdomain trust accounts.</emphasis></para></listitem>
</itemizedlist>
<para>
</para>
<itemizedlist>
- <listitem>add, remove or modify user accounts.</listitem>
- <listitem>list user accounts.</listitem>
- <listitem>migrate user accounts.</listitem>
+ <listitem><para>add, remove or modify user accounts.</para></listitem>
+ <listitem><para>list user accounts.</para></listitem>
+ <listitem><para>migrate user accounts.</para></listitem>
</itemizedlist>
<para>
</para>
<itemizedlist>
- <listitem>sambaHomePath</listitem>
- <listitem>sambaLogonScript</listitem>
- <listitem>sambaProfilePath</listitem>
- <listitem>sambaHomeDrive</listitem>
+ <listitem><para>sambaHomePath</para></listitem>
+ <listitem><para>sambaLogonScript</para></listitem>
+ <listitem><para>sambaProfilePath</para></listitem>
+ <listitem><para>sambaHomeDrive</para></listitem>
</itemizedlist>
<para>
<para>The <smbconfoption><name>ldap passwd sync</name></smbconfoption> options can have the values shown in
<link linkend="ldappwsync"/>.</para>
- <table iframe="all" id="ldappwsync">
+ <table frame="all" id="ldappwsync">
<title>Possible <emphasis>ldap passwd sync</emphasis> values</title>
<tgroup cols="2">
- <colspec align="left" width="1*"/>
- <colspec align="justify" width="4*"/>
+ <colspec align="left" colwidth="1*"/>
+ <colspec align="justify" colwidth="4*"/>
<thead>
<row><entry align="left">Value</entry><entry align="center">Description</entry></row>
</thead>
<para>
<smbconfblock>
- <smbconfsection>[global]</smbconfsection>
- <member>...</member>
<smbconfoption><name>passdb backend</name><value>smbpasswd, tdbsam</value></smbconfoption>
- <member>...</member>
</smbconfblock>
</para>
<para>
<smbconfblock>
-[globals]
-...
+ <smbconfsection>[globals]</smbconfsection>
+ <member>...</member>
<smbconfoption><name>passdb backend</name><value>tdbsam, smbpasswd</value></smbconfoption>
-...
+ <member>...</member>
</smbconfblock>
</para>
The major new features are:
</para>
-<orderedlist numberation="arabic">
+<orderedlist numeration="arabic">
<listitem><para>
Active Directory support. This release is able to join an ADS realm
as a member server and authenticate users using LDAP/kerberos.
<table frame='all' id="tdbfiledesc"><title>TDB File Descriptions</title>
<tgroup cols='3'>
<colspec align="left"/>
- <colspec align="justify" width="1*"/>
+ <colspec align="justify" colwidth="1*"/>
<colspec align="left"/>
<thead>
<row>