examples/libsmbclient/testutime
examples/libsmbclient/testwrite
examples/libsmbclient/testtruncate
+examples/libsmbclient/testfstatvfs
+examples/libsmbclient/teststatvfs
examples/libsmbclient/tree
examples/libsmbclient/Makefile.internal
source/librpc/gen_ndr/cli_krb5pac.*
- ================================
- Release Notes for Samba 3.3.0rc1
- November, 27 2008
- ================================
+ =============================
+ Release Notes for Samba 3.3.1
+ February, 24 2009
+ =============================
-This is the first release candidate of Samba 3.3.0. This is *not*
-intended for production environments and is designed for testing
-purposes only. Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
+This is the latest bugfix release release of the Samba 3.3 series.
-Major enhancements in Samba 3.3.0 include:
+Major enhancements in Samba 3.3.1 include:
- Configuration/installation:
- o Splitting of library directory into library directory and separate
- modules directory.
-
- File Serving:
- o Extended Cluster support.
-
- Winbind:
- o Simplified idmap configuration.
- o New idmap backends "adex" and "hash".
- o Added new parameter "winbind reconnect delay".
- o Added support for user and group aliasing.
-
- Administrative tools:
- o The destination "all" of smbcontrol does now affect all running
- daemons including nmbd and winbindd.
- o New 'net rpc vampire keytab' and 'net rpc vampire ldif' commands.
- o The 'net' utility can now use kerberos for joining and authentication.
- o The 'wbinfo' utility can now add, modify and remove identity mapping entries.
-
- Libraries:
- o NetApi library implements various new calls for User- and Group
- Account Management.
-
-
-Configure changes
-=================
-
-The configure option "--with-libdir" has been removed. The library
-directory can still be specified by using the existing "--libdir" option.
-A new option "--with-modulesdir" has been added to allow the specification
-of a separate directory for the shared modules.
-
-
-Winbind idmap backend changes
-=============================
-
-The idmap configuration has changed with version 3.3 to something that
-allows a smoother upgrade path from pre-3.0.25 configurations that use
-"idmap backend". The reason for this change is that to many, also to Samba
-developers, the 3.0.25 style configuration with "idmap config" turned out
-to be very complex. Version 3.3 no longer deprecates the "idmap backend"
-parameter, instead with "idmap backend" the default idmap backend is
-specified.
-
-Accordingly, the "idmap config <domain> : default = yes" setting is no
-longer being looked at.
-
-The alloc backend defaults to the default backend, which should be able to
-allocate IDs. In the default distribution the tdb and ldap backends can
-allocate, the ad and rid backends can not. The idmap alloc range is now
-being set with the "old" parameters "idmap uid" and "idmap gid".
-
-The "idmap domains" parameter has been removed.
-
-
-winbind reconnect delay
-=======================
-
-This is a new parameter which specifies the number of seconds the Winbind
-daemon will wait between attempts to contact a Domain controller for a domain
-that is determined to be down or not contactable.
-
-
-Winbind's Name Aliasing
-=======================
-
-Name aliasing in Winbind is a feature that allows an administrator to
-map a fully qualified user or group name from a Windows domain to a
-convenient short name for Unix access. This is similar to the username
-map functionality supported by smbd but is primary intended for
-clients and servers making use of Winbind's PAM and NSS libraries.
-
-For example, the user "DOMAIN\fred" has been mapped to the Unix name
-"freddie".
-
- $ getent passwd "DOMAIN\fred"
- freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
-
- $ getent passwd freddie
- freddie:x:1000:1001:Fred Jones:/home/freddie:/bin/bash
-
-The name aliasing support is provided by individual nss_info plugins.
-For example, the new "adex" plugin reads the uid attribute from Active
-Directory to make a short login name to the fully qualified name.
-While the new "hash" module utilizes a local file to map "short_name
-= QUALIFIED\name". Both user and group name mapping is supported.
-Please refer to the "winbind nss info" option in smb.conf(5) and
-to individual plugin man pages for further details.
-
-
-idmap_hash
-==========
-
-The idmap_hash plugin provides similar support as the idmap_rid
-module. However, uids and gids are generated from the full domain
-SID using a hashing algorithm that maps the lower 19 bits from the user
-or group RID to bits 0 - 19 in the Unix id and hashes 96 bits from
-the domain SID to bits 20 - 30 in the Unix id. The result is a 31 bit
-uid or gid that is consistent across machines and provides support for
-trusted domains.
-
-Please refer to the idmap_hash(8) man page for more details.
-
-
-idmap_adex
-==========
-
-The adex idmap/nss_info plugin is an adaptation of the Likewise
-Enterprise plugin with support for OU based cells removed
-(since the Windows pieces to manage the cells are not available).
-
-This plugin supports
-
- * The RFC2307 schema for users and groups.
- * Connections to trusted domains
- * Global catalog searches
- * Cross forest trusts
- * User and group aliases
-
-Prerequisite: Add the following attributes to the Partial Attribute
-Set in global catalog:
-
- * uidNumber
- * uid
- * gidNumber
-
-A basic config using the current trunk code would look like:
-
-[global]
- idmap backend = adex
- idmap uid = 10000 - 29999
- idmap gid = 10000 - 29999
- winbind nss info = adex
-
- winbind normalize names = yes
- winbind refresh tickets = yes
- template homedir = /home/%D/%U
- template shell = /bin/bash
-
-Please refer to the idmap_adex(8) man page for more details.
+ * Fix net ads join when "ldap ssl = start tls" (bug #6073).
+ * Fix renaming/deleting of files using Windows clients (bug #6082).
+ * Fix renaming/deleting a "not matching/resolving" symlink (bug #6090).
+ * Fix remotely adding a share via the Windows MMC.
######################################################################
Parameter Name Description Default
-------------- ----------- -------
- cups connection timeout New 30
- idmap domains Removed
- init logon delayed hosts New ""
- init logon delay New 100
- winbind reconnect delay New 30
+ ldap ssl ads New No
-Changes since 3.3.0pre2:
-------------------------
-
-o Michael Adam <obnox@samba.org>
- * Fix eventlog crash.
- * Make keytab filename argument mandatory to "net rpc vampire keytab".
- * Add domain prefix to username in lookup_groupmem().
- * Honour "winbind use default domain" in lookup_groupmem().
- * Sanely handle NULL domain in add_member().
- * Don't list the domain twice when expanding internal aliases.
- * Prevent negative GM/ cache entries due to broken connections.
- * Use the reconnect methods instead of the rpc methods directly.
+Changes since 3.3.0:
+--------------------
o Jeremy Allison <jra@samba.org>
- * BUG 5080: Fix access to cups-printers with cups 1.3.4.
- * BUG 5814: Fix Winbind crash bug while doing "rescan_trusted_domain".
- * BUG 5818: Sort ACEs in smbcacl output properly and honor inheritance.
- * BUG 5825: Fix account locking with an LDAP backend.
- * BUG 5826: Fix truncated filenames when accessing old servers.
- * BUG 5873: Fix ACL inheritance.
- * BUG 5889: Fix "delete veto files = no".
- * BUG 5891: Fix smbd crash when viewing the eventlog exported by "eventlog
- list".
- * BUG 5900: Fix vfs_readonly.
- * BUG 5903: Fix breaking of file contents in vfs_streams_xattr.
- * BUG 5904: Fix SIGABRT while servicing getaddrinfo() request caused by
- libnss_wins.
- * BUG 5914: Fix redefinition of struct name_list.
- * Correctly fix smbclient to terminate on eof from server.
- * Fix client timeout when searching for a large number of cups printers.
- * Unify access checks for lsa server functions.
- * Remove the requirement for ldap call made as root.
- * Cope with MAXIMUM_ALLOWED_ACCESS requests when opening handles.
- * Fix net rpc vampire, based on an *amazing* piece of debugging work by
- "Cooper S. Blake" <the_analogkid@yahoo.com>.
- * Fix memory leak in error path, spotted by Martin Zielinski <mz@seh.de>.
- * Add vfs_acl_tdb.c module to do ACLs completely in userspace.
- * Use fxattr calls whenever possible (trying to work around the strange
- Linux kernel oplock bug).
-
-
-o Kai Blin <kai@samba.org>
- * BUG 5892: Fix net rap printq info documentation.
- * Add placeholder functions to libwbclient.
-
-
-o Gerald (Jerry) Carter <jerry@samba.org>
- * Use the same prerequisite for DDNS update as Windows XP.
- * Make "lwinet ads dns register" honor the "interfaces" parameter.
-
-
-o Steven Danneman <steven.danneman@isilon.com>
- * Add options to manage identity mapping entries to wbinfo and Winbind.
- * Fix to allow setting of NULL DACL/SACL.
-
-
-o Günther Deschner <gd@samba.org>
- * BUG 5888: Fix remote rpc service management.
- * Ensure consistency when reporting password complexity.
- * Fix _lsa_GetUserName.
- * Fix access check in _samr_QuerySecurity().
- * _samr_DeleteUser needs to wipe out the user_handle on success.
- * NetGroupEnum_r needs to handle servers with no groups.
- * Fix numerous netapi issues.
- * Add support for partial and delta netlogon replication in
- "net rpc vampire".
- * Add automatic machine password update in Winbind for member servers.
- * Add German internalization for pam_winbind.
- * Add Winbind krb5 locator plugin manpage.
- * Add new wbclient wbcLookupDomainControllerEx call.
- * Use autogenerated DCE/RPC routines for one more call on SVCCTL
- named pipe.
- * Use autogenerated NBT routines from Samba4 for Mailslot/CLDAP
- parsing.
- * Fix Winbind password change code for Windows 2000 DCs.
- * Fix PNP_HwProfInfo NDR parsing.
- * Add wbclient wbcLogonUser and wbcLogoffUserEx functions.
- * Add automatic home directory creation for pam_winbind.
-
-
-o Mathias Dietz <MDIETZ@de.ibm.com>
- * Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so.
-
-
-o Dina Fine <dina@exanet.com>
- * BUG 5908: Fix internal change notify on share directories.
-
-
-o Nils Goroll <nils.goroll@hamburg.de>
- * BUG 5135: Prevent calling POSIX ACL vfs methods on zfs share.
- * BUG 5446: Prevent calling POSIX ACL vfs methods on zfs share.
+ * BUG 6082: Fix renaming/deleting of files using Windows clients.
+ * BUG 6069: Fix build with too many arguments.
+ * BUG 6090: Fix renaming/deleting a "not matching/resolving" symlink.
+ * BUG 6099: Try to fix domain join of Win7 Beta.
+ * BUG 6117: Fix core dump of pdbedit -a.
+ * BUG 6133: Fix deletion of non-ACL files on Solaris/ZFS/NFSv4 ACL
+ filesystem.
+ * Fix Coverity IDs 115, 116, 117, 602.
+ * Fix warning (bad handler prototype).
+ * Unify the detection of the timespec code in configure.in, and the
+ application of it in time.c.
+ * Correctly use chroot().
+ * Parameterize in local.h the MAX_RPC_DATA_SIZE, and ensure that "offered"
+ read from the rpc packet in spoolss is under that size.
+ * Backport the semantics of when to delete alternate data streams on a file
+ truncate.
+ * Fix printf warnings.
+ * Fix warnings on Solaris.
-o Jeff Layton <jlayton@redhat.com>
- * Have uppercase_string return success on NULL pointer in mount.cifs.
- * Make mount.cifs return codes match the return codes for /bin/mount.
+o Michael Adam <obnox@samba.org>
+ * BUG 6066: netinet/ip.h present but cannot be compiled on Solaris.
+ * BUG 6073: Prevent ads_connect() from using SSL unless explicitly
+ requested.
+ * Fix 'getent passwd' to allocate new uids.
+ * Fix 'getent group' to allocate new gids.
+ * Remove check for sharename being a username in 'net conf
+ addshare'.
-o Volker Lendecke <vl@samba.org>
- * BUG 5691: Fig smbd panic on Solaris.
- * BUG 5840: Fix segfault in "rpcclient lsaaddacctrights".
- * BUG 5860: safe_strcpy gives a nasty error message for overlong strings.
- * Fix the offset checks in the trans routines (CVE-2008-4314).
- * Fix a potential NULL deref in found by the IBM Checker.
- * Fix an uninitialized variable found by the IBM Checker.
- * Fix an unlikely memleak found by the IBM Checker.
- * Fix some missing error handlings.
- * Add workaround for domain joins using a netbios name which is different
- from the hostname.
- * Fix a valgrind error in idmap_ad_sids_to_unixids().
- * Make memcache_add_talloc NULL out the source pointer.
- * Fix memleak in memcache_add_talloc found by Martin Zielinski <mz@seh.de>.
- * Fix memleak in calculate_next_machine_pwd_change.
+o Guenther Deschner <gd@samba.org>
+ * Fix Coverity ID 848.
+ * Remove unused ENUM_HND from 'net'.
+ * Fix getform command asprintf return code in rpcclient.
+ * Fix memleak in get_remote_printer_publishing_data().
+ * Remove duplicate prototypes for generated rpc server functions.
-o Jeff Layton <jlayton@redhat.com>
- * mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog.
+o Holger Hetterich <hhetter@novell.com>
+ * Enable total anonymization in vfs_smb_traffic_analyzer.
-o Derrell Lipman <derrell.lipman@unwireduniverse.com>
- * BUG 5805: Don't close stdout when calling setup_logging multiple times.
+o Bjoern Jacke <bj@sernet.de>
+ * Fix build with external dns_sd libraries.
+ * Fix configure check "sub-second timestamps without struct timespec".
+ * Add configure check for AIX style sub-second resolution support.
+ * Add configure check for Tru64 sub-second timestamp resolution.
+ * Add Tru64 sub-second resolution timestamp support.
+ * Enable IPv6 support for NetBSD and FreeBSD.
+ * Use correct BSD evironment variable.
-o Stefan Metzmacher <metze@samba.org>
- * Return an error instead of crashing when no realm is given.
+o Guenter Kukkukk <linux@kukkukk.com>
+ * Don't try and delete a default ACL from a file.
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 5798: CFLAGS info lost in configure.
+ * Fix Coverity IDs 740, 742, 744, 745, 876, 879, 880.
+ * Fix remotely adding a share via the Windows MMC.
+ * Avoid valgrind errors.
+ * Fix 'net rpc join' for users with the SeMachineAccountPrivilege.
+ * Fix resume handle for _samr_EnumDomainGroups.
+ * Fix a buffer handling bug when adding lots of registry keys.
+ * Fix a O(n^2) algorithm in regdb_fetch_keys().
-o TAKAHASHI Motonobu <monyo@samba.gr.jp>
- * 5901: Fix default value for streams_depot location.
+o Jeff Layton <jlayton@redhat.com>
+ * Initialize rc to 0 in main in mount.cifs.
-o Tim Prouty <tim.prouty@isilon.com>
- * Fix several build warnings.
+o Derrell Lipman <derrell.lipman@unwireduniverse.com>
+ * BUG 6069: Add a fstatvfs function for libsmbclient.
+ * Eliminate compiler warnings.
-o Andreas Schneider <mail@cynapses.org>
- * Delete the krb5 ccname variable from the PAM environment if set.
- * Add a function out of pam_sm_close_session to delete the credentials.
- * Fix circular dependency error with autoconf 2.6.3.
+o Glenn Machin <gmachin@sandia.gov>
+ * Don't miss an absolute pathname as a kerberos keytab path.
-o Davide Sfriso <sfriso@virgilio.it>
- * BUG 5906: Fix Winbind crash bug during 'getent group' on PDC.
+o Stefan Metzmacher <metze@samba.org>
+ * BUG 6100: Implement _netr_LogonGetCapabilities() with
+ NT_STATUS_NOT_IMPLEMENTED.
+ * Make Samba work with older ctdb versions.
+ * Add S-1-22-X-Y sids to the local token.
-o Dan Sledz <dsledz@isilon.com>
- * Add FreeBSD configure check for backtrace_symbols.
- * Allow SYSLOG_FACILITY to be modified with a new configure option called
- --with-syslog-facility.
+o Lars Mueller <lars@samba.org>
+ * Conditional install of the cifs.upcall man page.
+ * Adjust regex to match variable names including underscores.
-o Joe Smith <yasumoto7@gmail.com>
- * Fix typo in source/utils/net_rap.c.
+o Shirish Pargaonkar <shirishpargaonkar@gmail.com>
+ * BUG 4370: Clean-up entries in /etc/mtab after unmount.
+ * Add fakemount (-f) and nomtab (-n) flags to mount.cifs.
-o Martin Schwenke <martin@meltin.net>
- * Prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty.
- * Add @CIFSUPCALL_PROGS@ to "all" target so cifs.upcall gets built at
- compile time rather than install time.
+o Ted Percival <ted.percival@quest.com>
+ * Fix a crash during name resolution.
-o Yasuma Takeda <yasuma@osstech.co.jp>
- * BUG 5909: Fix MS-DFS links containing multibyte characters on Vista.
+o Tim Prouty <tprouty@samba.org>
+ * Fix "assignment discards qualifiers from pointer target type"
+ warnings.
+ * Fix SMB_VFS_RECVFILE/SENDFILE macros.
-o Bo Yang <boyang@novell.com>
- * Fix broken msgids in ntstatus_errors.
- * i18n/l10n pam_winbind
+o Karolin Seeger <kseeger@samba.org>
+ * Change "ldap ssl:ads" parameter to "ldap ssl ads".
+ * Add manpages for vfs_acl_xattr and vfs_acl_tdb.
-Commit Highlights:
-------------------
-o Michael Adam <obnox@samba.org>
- * BUG 5609: Remove configure option "--with-libdir" and add
- "--with-modulesdir".
- * Extend "net rpc vampire keytab" to support differential replication
- and storing of kerberos keys.
- * Rework internal logic of registry tdb code.
- * Freeze autogenerated prototype headers (good bye "make proto").
+o Dan Sledz <dsledz@isilon.com>
+ * Fix double free caused by incorrect talloc_steal usage.
-o Jeremy Allison <jra@samba.org>
- * Add new "winbind reconnect delay" parameter.
- * Make the change to smbcontrol for "all" to mean broadcast,
- and "smbd" to mean the main smb daemon.
+o Simo Sorce <idra@samba.org>
+ * Build ldbrename.
-o Gerald W. Carter <jerry@samba.org>
- * Add support for name aliasing in Winbind.
- * Add the idmap/nss-info provider from Likewise Open.
- * Allow an admin to define the "uid" attribute for a RFC2307
- user object in AD to be the username alias.
- * Add new idmap backend "adex" to support RFC2307 enabled AD forests.
+o Aravind Srinivasan <aravind.srinivasan@isilon.com>
+ * Make nmbd check all available interfaces for WINS before failing.
-o Guenther Deschner <gd@samba.org>
- * BUG 5710: Fix changing of machine account passwords.
- * Add "net rpc vampire keytab" and "net rpc vampire ldif".
+o Miguel Suarez <Miguel.Suarez@stratus.com>
+ * Fix compilation of vfs_default on systems that do not support utimes().
-o Volker Lendecke <vl@samba.org>
- * Rework of the Winbind idmap backend.
- * Fix calculation of useable_space for trans2 and nttrans replies.
- * Add mapping of generic bits when setting an NFSv4 ACL.
+o Yasuma Takeda <yasuma@osstech.co.jp>
+ * BUG 5920: Fix the calculation of the memcpy length.
+ * BUG 6098: Fix ads_find_dc() in setups with "security = domain".
+
+
+o Bo Yang <boyang@novell.com>
+ * Make libsmbclient work with DFS.
######################################################################
rm -rf $(OUTPUTDIR)/* $(DOCBOOKDIR)
rm -f $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-dia))) \
$(patsubst %.svg,%.pdf,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \
- $(patsubst %.svg,%.eps,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg)))
+ $(patsubst %.svg,%.eps,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \
+ $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg)))
rm -f *-attributions.xml *.d *.tpt *.tex *.loc *.toc *.lof *.glo *.idx *.aux
rm -f *-images-html*
rm -f *-images-latex-* $(LATEX_FIGURES)
rm -f xslt/figures/*pdf
rm -f $(SMBDOTCONFDOC)/parameters.*.xml
rm -f $(addsuffix .*,$(MAIN_DOCS))
+ rm -f build/catalog.xml
# Output format targets
pdf:: $(patsubst %,$(PDFDIR)/%.pdf,$(MAIN_DOCS))
xslt/pearson.xsl:
distclean clobber:: clean
- rm Makefile.settings config.status config.log configure
+ rm -f Makefile.settings config.status config.log
+
+realdistclean:: distclean
+ rm -f configure
rm -rf autom4te.cache
<screen>
&rootprompt; smbd -D
&rootprompt; nmbd -D
-&rootprompt; winbindd -B
+&rootprompt; winbindd -D
</screen>
</para></step>
14290 ? S 0:00 /usr/sbin/smbd -D
$rootprompt; ps ax | grep winbind
-14293 ? S 0:00 /usr/sbin/winbindd -B
-14295 ? S 0:00 /usr/sbin/winbindd -B
+14293 ? S 0:00 /usr/sbin/winbindd -D
+14295 ? S 0:00 /usr/sbin/winbindd -D
</screen>
The <command>winbindd</command> daemon is running in split mode (normal), so there are also
two instances<footnote><para>For more information regarding winbindd, see <emphasis>TOSHARG2</emphasis>,
14290 ? S 0:00 /usr/sbin/smbd -D
$rootprompt; ps ax | grep winbind
-14293 ? S 0:00 /usr/sbin/winbindd -B
-14295 ? S 0:00 /usr/sbin/winbindd -B
+14293 ? S 0:00 /usr/sbin/winbindd -D
+14295 ? S 0:00 /usr/sbin/winbindd -D
</screen>
The <command>winbindd</command> daemon is running in split mode (normal), so there are also
two instances of it. For more information regarding <command>winbindd</command>, see
<para><programlisting>
#!/bin/sh
-/usr/local/samba/sbin/smbd -D
-/usr/local/samba/sbin/winbindd -B
-/usr/local/samba/sbin/nmbd -D
+/usr/local/samba/sbin/smbd -D
+/usr/local/samba/sbin/winbindd -D
+/usr/local/samba/sbin/nmbd -D
</programlisting></para>
<para>
<para>
The IDMAP dump file can be restored using the following command:
<screen>
-net idmap restore <full_path_and_tdb_filename> < dumpfile.txt
+net idmap restore idmap_dump.txt
</screen>
Where the Samba run-time tdb files are stored in the <filename>/var/lib/samba</filename> directory
the following command can be used to restore the data to the tdb file:
in the example above with:
<programlisting>
- daemon /usr/local/samba/sbin/winbindd -B
+ daemon /usr/local/samba/sbin/winbindd -D
</programlisting>.
</para>
</programlisting>
in the script above with:
<programlisting>
-/usr/local/samba/sbin/winbindd -B
+/usr/local/samba/sbin/winbindd -D
</programlisting>
</para>
consulting firm located in Waterloo, Ontario, Canada. We work
with a variety of environments (such as Windows, Windows NT and
Unix), tools and application areas, and can provide assistance for
- development work ranging from a few days to to multiple man-year
+ development work ranging from a few days to multiple man-year
projects. You can find more information at http://www.metrics.com/.
<td valign="top">This book provides example configurations, it documents key aspects of Microsoft Windows networking, provides in-depth insight into the important configuration of Samba-3, and helps to put all of these into a useful framework.</td>
</tr>
<tr>
- <td valign="top"><a href="../using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
+ <td valign="top"><a href="using_samba/toc.html">Using Samba</a>, 2nd Edition</td>
<td valign="top"><i>Using Samba</i>, Second Edition is a comprehensive guide to Samba administration. It covers all versions of Samba from 2.0 to 2.2, including selected features from an alpha version of 3.0, as well as the SWAT graphical configuration tool. Updated for Windows 2000, ME, and XP, the book also explores Samba's new role as a primary domain controller and domain member server, its support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.</td>
</tr>
<tr>
- <td valign="top"><a href="manpages-3/index.html">Man pages</a></td>
+ <td valign="top"><a href="manpages/index.html">Man pages</a></td>
<td valign="top">The Samba man pages in HTML.</td>
</tr>
<tr>
<td valign="top"><a href="../../WHATSNEW.txt">WHATSNEW</a></td>
<td valign="top">Samba Release Notes.</td>
</tr>
-<tr>
- <td valign="top"><a href="../../README.VENDOR">README.VENDOR</a></td>
- <td valign="top">VENDOR specific information.</td>
-</tr>
</table></body></html>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refnamediv>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
</term>
<listitem><para>
The <command>-o write</command> reads event log
- records from standard input and writes them to theSamba
+ records from standard input and writes them to the Samba
event log store named by EVENTLOG.
</para> </listitem>
</varlistentry>
</para></listitem>
<listitem><para>
- <command>SRN</command> - he name of the machine on
+ <command>SRN</command> - The name of the machine on
which the eventlog was generated. This is typically the
host name.
</para></listitem>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
extensions. This module implements only the "idmap"
API, and is READONLY. Mappings must be provided in advance
by the administrator by adding the posixAccount/posixGroup
- classess and relative attribute/value pairs to the users and
- groups objects in AD</para>
+ classes and relative attribute/value pairs to the user and
+ group objects in the AD.</para>
</refsynopsisdiv>
<refsect1>
<varlistentry>
<term>range = low - high</term>
<listitem><para>
- Defines the available matching uid and gid range for which the
+ Defines the available matching UID and GID range for which the
backend is authoritative. Note that the range acts as a filter.
If specified any UID or GID stored in AD that fall outside the
range is ignored and the corresponding map is discarded.
<listitem><para>
Defines the schema that idmap_ad should use when querying
Active Directory regarding user and group information.
- This can either the RFC2307 schema support included
+ This can be either the RFC2307 schema support included
in Windows 2003 R2 or the Service for Unix (SFU) schema.
</para></listitem>
</varlistentry>
<title>EXAMPLES</title>
<para>
The following example shows how to retrieve idmappings from our principal and
- and trusted AD domains. All is needed is to set default to yes. If trusted
- domains are present id conflicts must be resolved beforehand, there is no
+ and trusted AD domains. If trusted domains are present id conflicts must be
+ resolved beforehand, there is no
guarantee on the order conflicting mappings would be resolved at this point.
This example also shows how to leave a small non conflicting range for local
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
Specifies the absolute path to the name mapping
file used by the nss_info API. Entries in the file
are of the form "<replaceable>unix name</replaceable>
- = <replaceable>qualified domain name</replaceable>"e;.
+ = <replaceable>qualified domain name</replaceable>".
Mapping of both user and group names is supported.
</para></listitem>
</varlistentry>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<para>The idmap_ldap plugin provides a means for Winbind to
store and retrieve SID/uid/gid mapping tables in an LDAP directory
- service. The module implements both the "idmap" and
- "idmap alloc" APIs.
+ service.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings. The allocator can be provided by the
+ idmap_ldap backend itself or by any other allocating backend like
+ idmap_tdb or idmap_tdb2. This is configured with the
+ parameter <parameter>idmap alloc backend</parameter>.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend ldap
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
</para>
</refsynopsisdiv>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for which the
- backend is authoritative. Note that the range commonly matches
- the allocation range due to the fact that the same backend will
- store and retrieve SID/uid/gid mapping entries. If the parameter
- is absent, Winbind fail over to use the "idmap uid" and
- "idmap gid" options from smb.conf.
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use the
+ "idmap uid" and "idmap gid" options
+ from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refsynopsisdiv>
<title>DESCRIPTION</title>
- <para>The idmap_tdb plugin is the default backend used by winbindd
- for storing SID/uid/gid mapping tables and implements
- both the "idmap" and "idmap alloc" APIs.
+ <para>
+ The idmap_tdb plugin is the default backend used by winbindd
+ for storing SID/uid/gid mapping tables.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings. The allocator can be provided by the
+ idmap_tdb backend itself or by any other allocating backend like
+ idmap_ldap or idmap_tdb2. This is configured with the
+ parameter <parameter>idmap alloc backend</parameter>.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend tdb
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
</para>
</refsynopsisdiv>
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for which the
- backend is authoritative. Note that the range commonly matches
- the allocation range due to the fact that the same backend will
- store and retrieve SID/uid/gid mapping entries. If the parameter
- is absent, Winbind fail over to use the "idmap uid" and
- "idmap gid" options from smb.conf.
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
+ the "idmap uid" and "idmap gid" options
+ from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
- <title>IDMAP ALLOC OPTIONS</title>
+ <title>EXAMPLES</title>
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range from which
- winbindd can allocate for users and groups. If the parameter
- is absent, Winbind fail over to use the "idmap uid"
- and "idmap gid" options from smb.conf.
- </para></listitem>
- </varlistentry>
- </variablelist>
+ <para>
+ This example shows how tdb is used as a the default idmap backend.
+ It configures the idmap range through the global options for all
+ domains encountered. This same range is used for uid/gid allocation.
+ </para>
+
+ <programlisting>
+ [global]
+ # "idmap backend = tdb" is redundant here since it is the default
+ idmap backend = tdb
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ </programlisting>
+
+ <para>
+ This (rather theoretical) example shows how tdb can be used as the
+ allocating backend while ldap is the default backend used to store
+ the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the tdb idmap backend. Note that the same range as the
+ default uid/gid range is used, since the allocator has to serve
+ both the default backend and the explicitly configured domain DOM1.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = ldap
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ # use a different uid/gid allocator:
+ idmap alloc backend = tdb
+
+ idmap config DOM1 : backend = tdb
+ idmap config DOM1 : range = 1000000-2000000
+ </programlisting>
</refsect1>
<refsect1>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_tdb2.8">
+
+<refmeta>
+ <refentrytitle>idmap_tdb2</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_tdb2</refname>
+ <refpurpose>Samba's idmap_tdb2 Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+
+ <para>
+ The idmap_tdb2 plugin is a substitute for the default idmap_tdb
+ backend used by winbindd for storing SID/uid/gid mapping tables
+ in clustered environments with Samba and CTDB.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings. The allocator can be provided by the
+ idmap_tdb2 backend itself or by any other allocating backend like
+ idmap_tdb or idmap_ldap. This is configured with the
+ parameter <parameter>idmap alloc backend</parameter>.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend tdb2
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>range = low - high</term>
+ <listitem><para>
+ Defines the available matching uid and gid range for which the
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
+ the "idmap uid" and "idmap gid" options
+ from smb.conf.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>IDMAP SCRIPT</title>
+
+ <para>
+ The tdb2 idmap backend supports a script for performing id mappings
+ through the smb.conf option <parameter>idmap : script</parameter>.
+ The script should accept the following command line options.
+ </para>
+
+ <programlisting>
+ SIDTOID S-1-xxxx
+ IDTOSID UID xxxx
+ IDTOSID GID xxxx
+ </programlisting>
+
+ <para>
+ And it should return one of the following responses as a single line of
+ text.
+ </para>
+
+ <programlisting>
+ UID:yyyy
+ GID:yyyy
+ SID:yyyy
+ ERR:yyyy
+ </programlisting>
+
+ <para>
+ Note that the script should cover the complete range of SIDs
+ that can be passed in for SID to Unix ID mapping, since otherwise
+ SIDs unmapped by the script might get mapped to IDs that had
+ previously been mapped by the script.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>
+ This example shows how tdb2 is used as a the default idmap backend.
+ It configures the idmap range through the global options for all
+ domains encountered. This same range is used for uid/gid allocation.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = tdb2
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
<manvolnum>3</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">C Library Functions</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refnamediv>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<refentry id="ldbrename.1">
+
+<refmeta>
+ <refentrytitle>ldbrename</refentrytitle>
+ <manvolnum>1</manvolnum>
+</refmeta>
+
+
+<refnamediv>
+ <refname>ldbrename</refname>
+ <refpurpose>Edit LDB databases using your favorite editor</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>ldbrename</command>
+ <arg choice="opt">-h</arg>
+ <arg choice="opt">-o options</arg>
+ <arg choice="req">olddn</arg>
+ <arg choice="req">newdb</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>ldbrename is a utility that allows you to rename trees in
+ an LDB database based by DN. This utility takes
+ two arguments: the original
+ DN name of the top element and the DN to change it to.
+ </para>
+
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>-h</term>
+ <listitem><para>
+ Show list of available options.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-H <ldb-url></term>
+ <listitem><para>
+ LDB URL to connect to. See ldb(7) for details.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-o options</term>
+ <listitem><para>Extra ldb options, such as
+ modules.</para></listitem>
+ </varlistentry>
+
+ </variablelist>
+
+</refsect1>
+
+<refsect1>
+ <title>ENVIRONMENT</title>
+
+ <variablelist>
+ <varlistentry><term>LDB_URL</term>
+ <listitem><para>LDB URL to connect to (can be overrided by using the
+ -H command-line option.)</para></listitem>
+ </varlistentry>
+ </variablelist>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 4.0 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>SEE ALSO</title>
+
+ <para>ldb(7), ldbmodify, ldbdel, ldif(5)</para>
+
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para> ldb was written by
+ <ulink url="http://samba.org/~tridge/">Andrew Tridgell</ulink>.
+ </para>
+
+ <para>
+If you wish to report a problem or make a suggestion then please see
+the <ulink url="http://ldb.samba.org/"/> web site for
+current contact and maintainer information.
+ </para>
+
+ <para>This manpage was written by Jelmer Vernooij.</para>
+
+</refsect1>
+
+</refentry>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">7</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refsynopsisdiv>
<cmdsynopsis>
- <command>Browser URL:</command>
<para>
- smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options]
- </para>
+ Browser URL:
+ <command moreinfo="none">smb://[[[domain:]user[:password@]]server[/share[/path[/file]]]] [?options]
+ </command>
+ </para>
</cmdsynopsis>
</refsynopsisdiv>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
</para>
<para>
- The mount.cifs utility attaches the UNC name (exported network resource) to
- the local directory <emphasis>mount-point</emphasis>. It is possible to set the mode for mount.cifs to
-setuid root to allow non-root users to mount shares to directories for which they
-have write permission.
+ The mount.cifs utility attaches the UNC name (exported network resource)
+ specified as <emphasis>service</emphasis> (using //server/share syntax,
+ where "server" is the server name or IP address and "share" is the name
+ of the share) to the local directory <emphasis>mount-point</emphasis>.
+ It is possible to set the mode for mount.cifs to setuid root to allow
+ non-root users to mount shares to directories for which they
+ have write permission.
</para>
<para>
<listitem><para>specifies the CIFS password. If this
option is not given then the environment variable
-<emphasis>PASSWD</emphasis> is used. If the password is not specified
+<emphasis>PASSWD</emphasis> is used. If the password is not specified
directly or indirectly via an argument to mount, <emphasis>mount.cifs</emphasis> will prompt
for a password, unless the guest option is specified.
</para>
<listitem><para>
specifies a file that contains a username
- and/or password. The format of the file is:
+ and/or password and optionally the name of the
+ workgroup. The format of the file is:
</para>
<programlisting>
username=<replaceable>value</replaceable>
password=<replaceable>value</replaceable>
+ workgroup=<replaceable>value</replaceable>
</programlisting>
-
+
<para>
This is preferred over having passwords in plaintext in a
shared file, such as <filename>/etc/fstab</filename>. Be sure to protect any
same domain (e.g. running winbind or nss_ldap) and
the server supports the Unix Extensions then the uid
and gid can be retrieved from the server (and uid
- and gid would not have to be specifed on the mount.
+ and gid would not have to be specified on the mount.
For servers which do not support the CIFS Unix
extensions, the default uid (and gid) returned on lookup
of existing files will be the uid (gid) of the person
<term>noacl</term>
<listitem><para>Do not allow POSIX ACL operations even if server would support them.</para><para>
The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers
- version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and
+ version 3.0.10 and later. Setting POSIX ACLs requires enabling both XATTR and
then POSIX support in the CIFS configuration options when building the cifs
- module. POSIX ACL support can be disabled on a per mount basic by specifying
+ module. POSIX ACL support can be disabled on a per mount basis by specifying
"noacl" on mount.</para>
</listitem>
</varlistentry>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">7</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>7</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">Miscellanea</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="sharesec.1">
+
+<refmeta>
+ <refentrytitle>sharesec</refentrytitle>
+ <manvolnum>1</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">User Commands</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>sharesec</refname>
+ <refpurpose>Set or get share ACLs</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>sharesec</command>
+ <arg choice="req">sharename</arg>
+ <arg choice="opt">-r, --remove=ACL</arg>
+ <arg choice="opt">-m, --modify=ACL</arg>
+ <arg choice="opt">-a, --add=ACL</arg>
+ <arg choice="opt">-R, --replace=ACLs</arg>
+ <arg choice="opt">-D, --delete</arg>
+ <arg choice="opt">-v, --view</arg>
+ <arg choice="opt">-M, --machine-sid</arg>
+ <arg choice="opt">-F, --force</arg>
+ <arg choice="opt">-d, --debuglevel=DEBUGLEVEL</arg>
+ <arg choice="opt">-s, --configfile=CONFIGFILE</arg>
+ <arg choice="opt">-l, --log-basename=LOGFILEBASE</arg>
+ <arg choice="opt">-V, --version</arg>
+ <arg choice="opt">-?, --help</arg>
+ <arg choice="opt">--usage</arg>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This tool is part of the <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>sharesec</command> program manipulates share permissions
+ on SMB file shares.</para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <para>The following options are available to the <command>sharesec</command> program.
+ The format of ACLs is described in the section ACL FORMAT </para>
+
+ <variablelist>
+ <varlistentry>
+ <term>-a|--add=ACL</term>
+ <listitem><para>Add the ACEs specified to the ACL list.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-D|--delete</term>
+ <listitem><para>Delete the entire security descriptor.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-F|--force</term>
+ <listitem><para>Force storing the ACL.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-m|--modify=ACL</term>
+ <listitem><para>Modify existing ACEs.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-M|--machine-sid</term>
+ <listitem><para>Initialize the machine SID.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-r|--remove=ACL</term>
+ <listitem><para>Remove ACEs.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>-R|--replace=ACLS</term>
+ <listitem><para>
+ Overwrite an existing share permission ACL.
+ </para></listitem>
+ </varlistentry>
+
+ &stdarg.help;
+ &stdarg.server.debug;
+ &popt.common.samba;
+ </variablelist>
+</refsect1>
+
+
+<refsect1>
+ <title>ACL FORMAT</title>
+
+ <para>The format of an ACL is one or more ACL entries separated by
+ either commas or newlines. An ACL entry is one of the following: </para>
+
+ <para><programlisting>
+ REVISION:<revision number>
+ OWNER:<sid or name>
+ GROUP:<sid or name>
+ ACL:<sid or name>:<type>/<flags>/<mask>
+ </programlisting></para>
+
+ <para>The revision of the ACL specifies the internal Windows
+ NT ACL revision for the security descriptor.
+ If not specified it defaults to 1. Using values other than 1 may
+ cause strange behaviour.</para>
+
+ <para>The owner and group specify the owner and group SIDs for the
+ object. If a SID in the format S-1-x-y-z is specified this is used,
+ otherwise the name specified is resolved using the server on which
+ the file or directory resides.</para>
+
+ <para>ACLs specify permissions granted to the SID. This SID
+ can be specified in S-1-x-y-z format or as a name in which case
+ it is resolved against the server on which the file or directory
+ resides. The type, flags and mask values determine the type of
+ access granted to the SID.</para>
+
+ <para>The type can be either ALLOWED or DENIED to allow/deny access
+ to the SID. The flags values are generally zero for share ACLs.
+ </para>
+
+ <para>The mask is a value which expresses the access right
+ granted to the SID. It can be given as a decimal or hexadecimal value,
+ or by using one of the following text strings which map to the NT
+ file permissions of the same name.</para>
+
+ <itemizedlist>
+ <listitem><para><emphasis>R</emphasis> - Allow read access </para></listitem>
+ <listitem><para><emphasis>W</emphasis> - Allow write access</para></listitem>
+ <listitem><para><emphasis>X</emphasis> - Execute permission on the object</para></listitem>
+ <listitem><para><emphasis>D</emphasis> - Delete the object</para></listitem>
+ <listitem><para><emphasis>P</emphasis> - Change permissions</para></listitem>
+ <listitem><para><emphasis>O</emphasis> - Take ownership</para></listitem>
+ </itemizedlist>
+
+ <para>The following combined permissions can be specified:</para>
+
+ <itemizedlist>
+ <listitem><para><emphasis>READ</emphasis> - Equivalent to 'RX'
+ permissions</para></listitem>
+ <listitem><para><emphasis>CHANGE</emphasis> - Equivalent to 'RXWD' permissions
+ </para></listitem>
+ <listitem><para><emphasis>FULL</emphasis> - Equivalent to 'RWXDPO'
+ permissions</para></listitem>
+ </itemizedlist>
+ </refsect1>
+
+<refsect1>
+ <title>EXIT STATUS</title>
+
+ <para>The <command>sharesec</command> program sets the exit status
+ depending on the success or otherwise of the operations performed.
+ The exit status may be one of the following values. </para>
+
+ <para>If the operation succeeded, sharesec returns and exit
+ status of 0. If <command>sharesec</command> couldn't connect to the specified server,
+ or there was an error getting or setting the ACLs, an exit status
+ of 1 is returned. If there was an error parsing any command line
+ arguments, an exit status of 2 is returned. </para>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Add full access for SID
+ <parameter>S-1-5-21-1866488690-1365729215-3963860297-17724</parameter> on
+ <parameter>share</parameter>:
+ </para>
+
+ <programlisting>
+ host:~ # sharesec share -a S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ </programlisting>
+
+ <para>List all ACEs for <parameter>share</parameter>:
+ </para>
+
+ <programlisting>
+ host:~ # sharesec share -v
+ REVISION:1
+ OWNER:(NULL SID)
+ GROUP:(NULL SID)
+ ACL:S-1-1-0:ALLOWED/0/0x101f01ff
+ ACL:S-1-5-21-1866488690-1365729215-3963860297-17724:ALLOWED/0/FULL
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3 of the Samba suite.</para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refnamediv>
<refname>smbclient</refname>
- <refpurpose>ftp-like client to access SMB/CIFS resources
+ <refpurpose>ftp-like client to access SMB/CIFS resources
on servers</refpurpose>
</refnamediv>
<arg choice="opt">-m maxprotocol</arg>
<arg choice="opt">-A authfile</arg>
<arg choice="opt">-N</arg>
+ <arg choice="opt">-g</arg>
<arg choice="opt">-i scope</arg>
<arg choice="opt">-O <socket options></arg>
<arg choice="opt">-p port</arg>
<arg choice="opt">-P</arg>
<arg choice="opt">-c <command></arg>
</cmdsynopsis>
-
+
<cmdsynopsis>
<command>smbclient</command>
<arg choice="req">servicename</arg>
<arg choice="opt">-m maxprotocol</arg>
<arg choice="opt">-A authfile</arg>
<arg choice="opt">-N</arg>
+ <arg choice="opt">-g</arg>
<arg choice="opt">-l log-basename</arg>
<arg choice="opt">-I destinationIP</arg>
<arg choice="opt">-E</arg>
on your WfWg PCs if you want them to always be able to receive
messages. </para></listitem>
</varlistentry>
-
+
<varlistentry>
<term>-p port</term>
<listitem><para>This number is the TCP port number that will be used
TCP port number for an SMB/CIFS server is 139, which is the
default. </para></listitem>
</varlistentry>
-
+
+ <varlistentry>
+ <term>-g</term>
+ <listitem><para>This parameter provides combined with
+ <parameter>-L</parameter> easy parseable output that allows processing
+ with utilities such as grep and cut.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term>-P</term>
<listitem><para>
Make queries to the external server using the machine account of the local server.
</para></listitem>
</varlistentry>
-
+
&stdarg.help;
-
+
<varlistentry>
<term>-I IP-address</term>
- <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
+ <listitem><para><replaceable>IP address</replaceable> is the address of the server to connect to.
It should be specified in standard "a.b.c.d" notation. </para>
<para>Normally the client would attempt to locate a named
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>5</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">File Formats and Conventions</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>check</option>
+ </term>
+ <listitem><para>Check the integrity of the current database.
+ </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term>
<option>quit</option>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_acl_tdb.8">
+
+<refmeta>
+ <refentrytitle>vfs_acl_tdb</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_acl_tdb</refname>
+ <refpurpose>Save NTFS-ACLs in a tdb file</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = acl_tdb</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_acl_tdb</command> VFS module stores
+ NTFS Access Control Lists (ACLs) in a tdb file.
+ This enables the full mapping of Windows ACLs on Samba
+ servers.
+ </para>
+
+ <para>
+ The ACL settings are stored in
+ <filename>$LOCKDIR/file_ntacls.tdb</filename>.
+ </para>
+
+ <para>Please note that this module is
+ <emphasis>experimental</emphasis>!
+ </para>
+
+ <para>This module is stackable.</para>
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+ <para>
+ There are no options for <command>vfs_acl_tdb</command>.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_acl_xattr.8">
+
+<refmeta>
+ <refentrytitle>vfs_acl_xattr</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_acl_xattr</refname>
+ <refpurpose>Save NTFS-ACLs in Extended Attributes (EAs)</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = acl_xattr</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_acl_xattr</command> VFS module stores
+ NTFS Access Control Lists (ACLs) in Extended Attributes (EAs).
+ This enables the full mapping of Windows ACLs on Samba
+ servers.
+ </para>
+
+ <para>The ACLs are stored in the Extended Attribute
+ <parameter>security.NTACL</parameter> of a file or directory.
+ This Attribute is <emphasis>not</emphasis> listed by
+ <command>getfattr -d <filename>filename</filename></command>.
+ To show the current value, the name of the EA must be specified
+ (e.g. <command>getfattr -n security.NTACL <filename>filename</filename>
+ </command>).
+ </para>
+
+ <para>Please note that this module is
+ <emphasis>experimental</emphasis>!
+ </para>
+
+ <para>This module is stackable.</para>
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+ <para>
+ There are no options for <command>vfs_acl_xattr</command>.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+</refsect1>
+
+</refentry>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_fileid.8">
+
+<refmeta>
+ <refentrytitle>vfs_fileid</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_fileid</refname>
+ <refpurpose>Generates file_id structs with unique device id values for
+ cluster setups</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = fileid</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry>
+ suite.</para>
+
+ <para>Samba uses file_id structs to uniquely identify files
+ for locking purpose. By default the file_id contains the device
+ and inode number returned by the <command>stat()</command> system call.
+ As the file_id is a unique identifier of a file, it must be the same
+ on all nodes in a cluster setup. This module overloads the
+ <command>SMB_VFS_FILE_ID_CREATE()</command> operation and
+ generates the device number based on the configured algorithm
+ (see the "fileid:algorithm" option).
+ </para>
+</refsect1>
+
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+
+ <varlistentry>
+ <term>fileid:algorithm = ALGORITHM</term>
+ <listitem>
+ <para>Available algorithms are <command>fsname</command>
+ and <command>fsid</command>. The default value is
+ <command>fsname</command>.
+ </para>
+ <para>The <command>fsname</command> algorithm generates
+ device id by hashing the kernel device name.
+ </para>
+ <para>The <command>fsid</command> algorithm generates
+ the device id from the <command>f_fsid</command> returned
+ from the <command>statfs()</command> syscall.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fileid:mapping = ALGORITHM</term>
+ <listitem>
+ <para>This option is the legacy version of the
+ <command>fileid:algorithm</command> option, which was used in earlier
+ versions of fileid mapping feature in custom Samba 3.0 versions.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Usage of the <command>fileid</command> module with the
+ <command>fsid</command> algorithm:</para>
+
+<programlisting>
+ <smbconfsection name="[global]"/>
+ <smbconfoption name="vfs objects">fileid</smbconfoption>
+ <smbconfoption name="fileid:algorithm">fsid</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3.2 of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<refsect1>
<title>EXAMPLES</title>
- <para>Log operations on all shares using the LOCAL1 facility
- and NOTICE priority:</para>
+ <para>Move files "deleted" on <parameter>share</parameter> to
+ <parameter>/data/share/.recycle</parameter> instead of deleting them:
+ </para>
<programlisting>
- <smbconfsection name="[global]"/>
+ <smbconfsection name="[share]"/>
+ <smbconfoption name="path">/data/share</smbconfoption>
<smbconfoption name="vfs objects">recycle</smbconfoption>
- <smbconfoption name="recycle:facility">LOCAL1</smbconfoption>
- <smbconfoption name="recycle:priority">NOTICE</smbconfoption>
+ <smbconfoption name="recycle:repository">.recycle</smbconfoption>
+ <smbconfoption name="recycle:keeptree">yes</smbconfoption>
+ <smbconfoption name="recycle:versions">yes</smbconfoption>
</programlisting>
</refsect1>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
--- /dev/null
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="vfs_shadow_copy2.8">
+
+<refmeta>
+ <refentrytitle>vfs_shadow_copy2</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>vfs_shadow_copy2</refname>
+ <refpurpose>Expose snapshots to Windows clients as shadow copies.</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <cmdsynopsis>
+ <command>vfs objects = shadow_copy2</command>
+ </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>DESCRIPTION</title>
+
+ <para>This VFS module is part of the
+ <citerefentry><refentrytitle>samba</refentrytitle>
+ <manvolnum>7</manvolnum></citerefentry> suite.</para>
+
+ <para>The <command>vfs_shadow_copy2</command> VFS module functionality
+ that is similar to Microsoft Shadow Copy services. When setup properly,
+ this module allows Microsoft Shadow Copy clients to browse
+ "shadow copies" on Samba shares.
+ </para>
+
+ <para>This is a 2nd implementation of a shadow copy module. This
+ version has the following features:</para>
+ <orderedlist continuation="restarts" inheritnum="ignore" numeration="arabic">
+ <listitem><para>You don't need to populate your shares with symlinks to the
+ snapshots. This can be very important when you have thousands of
+ shares, or use [homes].</para></listitem>
+ <listitem><para>The inode number of the files is altered so it is different
+ from the original. This allows the 'restore' button to work
+ without a sharing violation.</para></listitem>
+ </orderedlist>
+
+ <para>This module is stackable.</para>
+
+</refsect1>
+
+<refsect1>
+ <title>CONFIGURATION</title>
+
+ <para><command>vfs_shadow_copy2</command> relies on a filesystem
+ snapshot implementation. Many common filesystems have native
+ support for this.
+ </para>
+
+ <para>Filesystem snapshots must be mounted on
+ specially named directories in order to be recognized by
+ <command>vfs_shadow_copy2</command>. The snapshot mount points must
+ be immediate children of a the directory being shared.</para>
+
+ <para>The snapshot naming convention is @GMT-YYYY.MM.DD-hh.mm.ss,
+ where:
+ <itemizedlist>
+ <listitem><para><command>YYYY</command> is the 4 digit year</para></listitem>
+ <listitem><para><command>MM</command> is the 2 digit month</para></listitem>
+ <listitem><para><command>DD</command> is the 2 digit day</para></listitem>
+ <listitem><para><command>hh</command> is the 2 digit hour</para></listitem>
+ <listitem><para><command>mm</command> is the 2 digit minute</para></listitem>
+ <listitem><para><command>ss</command> is the 2 digit second.</para></listitem>
+ </itemizedlist>
+ </para>
+
+ <para>The <command>vfs_shadow_copy2</command> snapshot naming convention can be
+ produced with the following <citerefentry><refentrytitle>date</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> command:
+ <programlisting>
+ TZ=GMT date +@GMT-%Y.%m.%d-%H.%M.%S
+ </programlisting></para>
+
+</refsect1>
+
+<refsect1>
+ <title>OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>shadow:snapdir = SNAPDIR
+ </term>
+ <listitem>
+ <para>Path to the directory where snapshots are kept.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>shadow:basedir = BASEDIR
+ </term>
+ <listitem>
+ <para>Path to the base directory that snapshots are from.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>shadow:fixinodes = yes/no
+ </term>
+ <listitem>
+ <para>If you enable <command moreinfo="none">shadow:fixinodes
+ </command> then this module will modify the apparent inode
+ number of files in the snapshot directories using a hash of the
+ files path. This is needed for snapshot systems where the
+ snapshots have the same device:inode number as the original
+ files (such as happens with GPFS snapshots). If you don't set
+ this option then the 'restore' button in the shadow copy UI
+ will fail with a sharing violation.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>Add shadow copy support to user home directories:</para>
+<programlisting>
+ <smbconfsection name="[homes]"/>
+ <smbconfoption name="vfs objects">shadow_copy2</smbconfoption>
+ <smbconfoption name="shadow:snapdir">/data/snaphots</smbconfoption>
+ <smbconfoption name="shadow:basedir">/data/home</smbconfoption>
+</programlisting>
+
+</refsect1>
+
+<refsect1>
+ <title>CAVEATS</title>
+
+ <para>This is not a backup, archival, or version control solution.
+ </para>
+
+ <para>With Samba or Windows servers,
+ <command>vfs_shadow_copy2</command> is designed to be an end-user
+ tool only. It does not replace or enhance your backup and
+ archival solutions and should in no way be considered as
+ such. Additionally, if you need version control, implement a
+ version control system.</para>
+
+</refsect1>
+
+
+
+<refsect1>
+ <title>VERSION</title>
+
+ <para>This man page is correct for version 3.2.7 of the Samba suite.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.</para>
+
+</refsect1>
+
+</refentry>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>smb_traffic_analyzer:total_anonymization = STRING</term>
+ <listitem>
+ <para>If STRING matches to 'yes', the module will replace
+ any user name with the string given by the option
+ smb_traffic_analyzer:anonymize_prefix, without generating
+ an additional hash number. This means that any transfer data
+ will be mapped to a single user, leading to a total
+ anonymization of user related data.</para>
+ </listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>1</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">User Commands</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Samba</refmiscinfo>
<refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.2</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
</refmeta>
<para>You may wish to disable this option if you have a problem with empty
workgroups not disappearing from browse lists. Due to the restrictions
- of the browse protocols these enhancements can cause a empty workgroup
+ of the browse protocols, these enhancements can cause a empty workgroup
to stay around forever which can be annoying.</para>
<para>In general you should leave this option enabled as it makes
type="enum"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- <description>
+<description>
<para>This option is used to define whether or not Samba should
use SSL when connecting to the ldap server
This is <emphasis>NOT</emphasis> related to
- Samba's previous SSL support which was enabled by specifying the
- <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename>
+ Samba's previous SSL support which was enabled by specifying the
+ <command moreinfo="none">--with-ssl</command> option to the
+ <filename moreinfo="none">configure</filename>
script.</para>
-
-<para>The <smbconfoption name="ldap ssl"/> can be set to one of three values:</para>
+
+ <para>LDAP connections should be secured where possible. This may be
+ done setting <emphasis>either</emphasis> this parameter to
+ <parameter moreinfo="none">Start_tls</parameter>
+ <emphasis>or</emphasis> by specifying <parameter moreinfo="none">ldaps://</parameter> in
+ the URL argument of <smbconfoption name="passdb backend"/>.</para>
+
+ <para>The <smbconfoption name="ldap ssl"/> can be set to one of
+ two values:</para>
<itemizedlist>
<listitem>
- <para><parameter moreinfo="none">Off</parameter> = Never
+ <para><parameter moreinfo="none">Off</parameter> = Never
use SSL when querying the directory.</para>
</listitem>
<listitem>
- <para><parameter moreinfo="none">Start_tls</parameter> = Use
- the LDAPv3 StartTLS extended operation (RFC2830) for
+ <para><parameter moreinfo="none">start tls</parameter> = Use
+ the LDAPv3 StartTLS extended operation (RFC2830) for
communicating with the directory server.</para>
</listitem>
-
- <listitem>
- <para><parameter moreinfo="none">On</parameter> = Use SSL
- on the ldaps port when contacting the <parameter
- moreinfo="none">ldap server</parameter>. Only available when the
- backwards-compatiblity <command
- moreinfo="none">--with-ldapsam</command> option is specified
- to configure. See <smbconfoption name="passdb backend"/></para>.
- </listitem>
- </itemizedlist>
+ </itemizedlist>
+ <para>
+ Please note that this parameter does only affect <emphasis>rpc</emphasis>
+ methods. To enable the LDAPv3 StartTLS extended operation (RFC2830) for
+ <emphasis>ads</emphasis>, set
+ <smbconfoption name="ldap ssl">yes</smbconfoption>
+ <emphasis>and</emphasis>
+ <smbconfoption name="ldap ssl ads">yes</smbconfoption>.
+ See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
+ for more information on <smbconfoption name="ldap ssl ads"/>.
+ </para>
+
</description>
-<value type="default">start_tls</value>
+<value type="default">start tls</value>
</samba:parameter>
--- /dev/null
+<samba:parameter name="ldap ssl ads"
+ context="G"
+ type="boolean"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option is used to define whether or not Samba should
+ use SSL when connecting to the ldap server using
+ <emphasis>ads</emphasis> methods.
+ Rpc methods are not affected by this parameter. Please note, that
+ this parameter won't have any effect if <smbconfoption name="ldap ssl"/>
+ is set to <parameter>no</parameter>.
+ </para>
+
+ <para>See <refentrytitle>smb.conf</refentrytitle><manvolnum>5</manvolnum>
+ for more information on <smbconfoption name="ldap ssl"/>.
+ </para>
+
+</description>
+<value type="default">no</value>
+</samba:parameter>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- When Samba connects to an ldap server that server may be down or unreachable. To prevent Samba from hanging whilst
- waiting for the connection this parameter specifies in seconds how long Samba should wait before failing the
- connect. The default is to only wait fifteen seconds for the ldap server to respond to the connect request.
+ This parameter defines the number of seconds that Samba should use as timeout for LDAP operations.
</para>
</description>
<value type="default">15</value>
context="S"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This enables or disables the honoring of
- the <parameter moreinfo="none">share modes</parameter> during a file open. These
- modes are used by clients to gain exclusive read or write access
+ <para>This enables or disables the honoring of
+ the <parameter moreinfo="none">share modes</parameter> during a file open. These
+ modes are used by clients to gain exclusive read or write access
to a file.</para>
+ <para>This is a deprecated option from old versions of
+ Samba, and will be removed in the next major release.
+ </para>
+
<para>These open modes are not directly supported by UNIX, so
- they are simulated using shared memory, or lock files if your
- UNIX doesn't support shared memory (almost all do).</para>
+ they are simulated using shared memory.</para>
- <para>The share modes that are enabled by this option are
- <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>,
- <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>,
- <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>.
+ <para>The share modes that are enabled by this option are
+ the standard Windows share modes.
</para>
- <para>This option gives full share compatibility and enabled
+ <para>This option gives full share compatibility and is enabled
by default.</para>
- <para>You should <emphasis>NEVER</emphasis> turn this parameter
+ <para>You should <emphasis>NEVER</emphasis> turn this parameter
off as many Windows applications will break if you do so.</para>
</description>
<value type="default">yes</value>
<para>
When strict locking is set to Auto (the default), the server performs file lock checks only on non-oplocked files.
As most Windows redirectors perform file locking checks locally on oplocked files this is a good trade off for
- inproved performance.
+ improved performance.
</para>
<para>
<para>
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
Manager. The <parameter moreinfo="none">add share command</parameter> is used to define an external program
- or script which will add a new service definition to <filename moreinfo="none">smb.conf</filename>. In order
- to successfully execute the <parameter moreinfo="none">add share command</parameter>, <command
- moreinfo="none">smbd</command> requires that the administrator be connected using a root account (i.e. uid == 0).
+ or script which will add a new service definition to
+ <filename moreinfo="none">smb.conf</filename>.
</para>
- <para>
- If the connected account has <literal>SeDiskOperatorPrivilege</literal>, scripts defined in
- <parameter moreinfo="none">change share</parameter> parameter are executed as root.
- </para>
+ <para>
+ In order to successfully execute the
+ <parameter moreinfo="none">add share command</parameter>,
+ <command moreinfo="none">smbd</command> requires that the administrator
+ connects using a root account (i.e. uid == 0) or has the
+ <literal>SeDiskOperatorPrivilege</literal>.
+ Scripts defined in the <parameter moreinfo="none">add share command</parameter>
+ parameter are executed as root.
+ </para>
<para>
When executed, <command moreinfo="none">smbd</command> will automatically invoke the
</itemizedlist>
<para>
- This parameter is only used for add file shares. To add printer shares, see the <smbconfoption
+ This parameter is only used to add file shares. To add printer shares, see the <smbconfoption
name="addprinter command"/>.
</para>
</description>
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
Manager. The <parameter moreinfo="none">change share command</parameter> is used to define an external
program or script which will modify an existing service definition in <filename
-moreinfo="none">smb.conf</filename>. In order to successfully execute the <parameter moreinfo="none">change
-share command</parameter>, <command moreinfo="none">smbd</command> requires that the administrator be
-connected using a root account (i.e. uid == 0).
+moreinfo="none">smb.conf</filename>.
</para>
<para>
- If the connected account has <literal>SeDiskOperatorPrivilege</literal>, scripts defined in
- <parameter moreinfo="none">change share</parameter> parameter are executed as root.
+ In order to successfully execute the
+ <parameter moreinfo="none">change share command</parameter>,
+ <command moreinfo="none">smbd</command> requires that the administrator
+ connects using a root account (i.e. uid == 0) or has the
+ <literal>SeDiskOperatorPrivilege</literal>.
+ Scripts defined in the <parameter moreinfo="none">change share command</parameter>
+ parameter are executed as root.
</para>
<para>
</itemizedlist>
<para>
- This parameter is only used modify existing file shares definitions. To modify
- printer shares, use the "Printers..." folder as seen when browsing the Samba host.
+ This parameter is only used to modify existing file share definitions.
+ To modify printer shares, use the "Printers..." folder as seen
+ when browsing the Samba host.
</para>
</description>
<related>add share command</related>
<related>delete share command</related>
<value type="default"></value>
-<value type="example">/usr/local/bin/addshare</value>
+<value type="example">/usr/local/bin/changeshare</value>
</samba:parameter>
Samba 2.2.0 introduced the ability to dynamically add and delete shares via the Windows NT 4.0 Server
Manager. The <parameter moreinfo="none">delete share command</parameter> is used to define an external
program or script which will remove an existing service definition from
- <filename moreinfo="none">smb.conf</filename>. In order to successfully execute the
- <parameter moreinfo="none">delete share command</parameter>, <command moreinfo="none">smbd</command>
- requires that the administrator be connected using a root account (i.e. uid == 0).
+ <filename moreinfo="none">smb.conf</filename>.
</para>
- <para>
- If the connected account has <literal>SeDiskOperatorPrivilege</literal>, scripts defined in
- <parameter moreinfo="none">change share</parameter> parameter are executed as root.
- </para>
+ <para>In order to successfully execute the
+ <parameter moreinfo="none">delete share command</parameter>,
+ <command moreinfo="none">smbd</command> requires that the administrator
+ connects using a root account (i.e. uid == 0) or has the
+ <literal>SeDiskOperatorPrivilege</literal>.
+ Scripts defined in the <parameter moreinfo="none">delete share command</parameter>
+ parameter are executed as root.
+ </para>
<para>
When executed, <command moreinfo="none">smbd</command> will automatically invoke the
</description>
<related>add share command</related>
-<related>delete share command</related>
+<related>change share command</related>
<value type="default"></value>
<value type="example">/usr/local/bin/delshare</value>
</samba:parameter>
<description>
<para>
This option allows you to setup <citerefentry><refentrytitle>nmbd</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>to periodically announce itself
+ <manvolnum>8</manvolnum></citerefentry> to periodically announce itself
to arbitrary IP addresses with an arbitrary workgroup name.
</para>
</programlisting>
the above line would cause <command moreinfo="none">nmbd</command> to announce itself
to the two given IP addresses using the given workgroup names. If you leave out the
- workgroup name then the one given in the <smbconfoption name="workgroup"/> parameter
+ workgroup name, then the one given in the <smbconfoption name="workgroup"/> parameter
is used instead.
</para>
developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This option allows you to control what
- address Samba will listen for connections on. This is used to
- support multiple virtual interfaces on the one server, each
+ <para>This option allows you to control what
+ address Samba will listen for connections on. This is used to
+ support multiple virtual interfaces on the one server, each
with a different configuration.</para>
-
- <para>By default Samba will accept connections on any
+ <para>Setting this option should never be necessary on usual Samba
+ servers running only one nmbd.</para>
+
+ <para>By default Samba will accept connections on any
address.</para>
</description>
to be accessed by non-authenticated users or not. It is the equivalent
of allowing people who can create a share the option of setting
<parameter moreinfo="none">guest ok = yes</parameter> in a share
- definition. Due to the security sensitive nature of this the default
+ definition. Due to its security sensitive nature, the default
is set to off.</para>
</description>
<description>
<para>This parameter specifies a list of absolute pathnames
the root of which are allowed to be exported by user defined share definitions.
- If the pathname exported doesn't start with one of the strings in this
- list the user defined share will not be allowed. This allows the Samba
+ If the pathname to be exported doesn't start with one of the strings in this
+ list, the user defined share will not be allowed. This allows the Samba
administrator to restrict the directories on the system that can be
exported by user defined shares.
</para>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>User defined shares only have limited possible parameters
- such as path, guest ok etc. This parameter allows usershares to
+ such as path, guest ok, etc. This parameter allows usershares to
"cloned" from an existing share. If "usershare template share"
is set to the name of an existing share, then all usershares
created have their defaults set from the parameters set on this
<para>See also the discussion in the <link linkend="PRINTERSSECT">
[printers]</link> section.</para>
</description>
+<value type="default">Depends on the operating system, see
+<command moreinfo="none">testparm -v.</command></value>
</samba:parameter>
<para>If this parameter is enabled for a printer, then any attempt
to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped
to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx()
- call to succeed. <emphasis>This parameter MUST not be able enabled
+ call to succeed. <emphasis>This parameter MUST not be enabled
on a print share which has valid print driver installed on the Samba
server.</emphasis></para>
</description>
and allows the open. If the user doesn't have permission to delete the file this will only be
discovered at close time, which is too late for the Windows user tools to display an error message
to the user. The symptom of this is files that appear to have been deleted "magically" re-appearing
- on a Windows explorer refersh. This is an extremely advanced protocol option which should not
+ on a Windows explorer refresh. This is an extremely advanced protocol option which should not
need to be changed. This parameter was introduced in its final form in 3.0.21, an earlier version
with slightly different semantics was introduced in 3.0.20. That older version is not documented here.
</para>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>Hosts running the "Advanced Server for Unix (ASU)" product
- require some special accomodations such as creating a builting [ADMIN$]
+ require some special accomodations such as creating a builtin [ADMIN$]
share that only supports IPC connections. The has been the default
behavior in smbd for many years. However, certain Microsoft applications
such as the Print Migrator tool require that the remote server support
password hashes (e.g. Windows NT/2000, Samba, etc... but not
Windows 95/98) will be able to be connected from the Samba client.</para>
- <para>The LANMAN encrypted response is easily broken, due to it's
+ <para>The LANMAN encrypted response is easily broken, due to its
case-insensitive nature, and the choice of algorithm. Clients
without Windows 95/98 servers are advised to disable
this option. </para>
basic="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether the client offers or requires
- the server it talks to to use SMB signing. Possible values
+ <para>This controls whether the client is allowed or required to use SMB signing. Possible values
are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
and <emphasis>disabled</emphasis>.
</para>
Windows 95/98 or the MS DOS network client) will be able to
connect to the Samba host.</para>
- <para>The LANMAN encrypted response is easily broken, due to it's
+ <para>The LANMAN encrypted response is easily broken, due to its
case-insensitive nature, and the choice of algorithm. Servers
without Windows 95/98/ME or MS DOS clients are advised to disable
this option. </para>
<para>By specifying the name of another SMB server
or Active Directory domain controller with this option,
and using <command moreinfo="none">security = [ads|domain|server]</command>
- it is possible to get Samba to
+ it is possible to get Samba
to do all its username/password validation using a specific remote server.</para>
<para>This option sets the name or IP address of the password server to use.
want to mainly setup shares without a password (guest shares). This
is commonly used for a shared printer server. It is more difficult
to setup guest shares with <command moreinfo="none">security = user</command>, see
- the <smbconfoption name="map to guest"/>parameter for details.</para>
+ the <smbconfoption name="map to guest"/> parameter for details.</para>
<para>It is possible to use <command moreinfo="none">smbd</command> in a <emphasis>
hybrid mode</emphasis> where it is offers both user and share
<para><anchor id="SECURITYEQUALSSHARE"/><emphasis>SECURITY = SHARE</emphasis></para>
- <para>When clients connect to a share level security server they
+ <para>When clients connect to a share level security server, they
need not log onto the server with a valid username and password before
attempting to connect to a shared resource (although modern clients
such as Windows 95/98 and Windows NT will send a logon request with
</para></note>
<note><para>From the client's point of
- view <command moreinfo="none">security = server</command> is the
+ view, <command moreinfo="none">security = server</command> is the
same as <command moreinfo="none">security = user</command>. It
only affects how the server deals with the authentication, it does
not in any way affect what the client sees.</para></note>
</para>
<para>
- Please note that with this set to <literal>no</literal> you will have to apply the WindowsXP
+ Please note that with this set to <literal>no</literal>, you will have to apply the WindowsXP
<filename>WinXP_SignOrSeal.reg</filename> registry patch found in the docs/registry subdirectory of the Samba distribution tarball.
</para>
</description>
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This controls whether the server offers or requires
- the client it talks to to use SMB signing. Possible values
+ <para>This controls whether the client is allowed or required to use SMB signing. Possible values
are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
and <emphasis>disabled</emphasis>.
</para>
and MacOS/X clients. Windows clients do not support this feature.
</para>
- <para>This controls whether the server offers or requires
- the client it talks to to use SMB encryption. Possible values
+ <para>This controls whether the remote client is allowed or required to use SMB encryption. Possible values
are <emphasis>auto</emphasis>, <emphasis>mandatory</emphasis>
and <emphasis>disabled</emphasis>. This may be set on a per-share
basis, but clients may chose to encrypt the entire session, not
This boolean parameter allows a user logging on with a plaintext password to have their encrypted (hashed)
password in the smbpasswd file to be updated automatically as they log on. This option allows a site to
migrate from plaintext password authentication (users authenticate with plaintext password over the
- wire, and are checked against a UNIX account atabase) to encrypted password authentication (the SMB
+ wire, and are checked against a UNIX account database) to encrypted password authentication (the SMB
challenge/response authentication mechanism) without forcing all users to re-enter their passwords via
smbpasswd at the time the change is made. This is a convenience option to allow the change over to encrypted
passwords to be made over a longer period. Once all users have encrypted representations of their passwords
</para>
<para>
- Note that even when this parameter is set a user authenticating to <command moreinfo="none">smbd</command>
+ Note that even when this parameter is set, a user authenticating to <command moreinfo="none">smbd</command>
must still enter a valid password in order to connect correctly, and to update their hashed (smbpasswd)
passwords.
</para>
<samba:parameter name="acl compatibility"
- context="S"
+ context="G"
type="enum"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
teststat \
teststat2 \
teststat3 \
+ teststatvfs \
+ testfstatvfs \
testtruncate \
testchmod \
testutime \
@echo Linking teststat3
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+teststatvfs: teststatvfs.o
+ @echo Linking teststatvfs
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+
+testfstatvfs: testfstatvfs.o
+ @echo Linking testfstatvfs
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
+
testtruncate: testtruncate.o
@echo Linking testtruncate
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< $(LIBSMBCLIENT) -lpopt
--- /dev/null
+#include <sys/types.h>
+#include <sys/statvfs.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+#include <libsmbclient.h>
+#include "get_auth_data_fn.h"
+
+
+int main(int argc, char * argv[])
+{
+ int i;
+ int fd;
+ int ret;
+ int debug = 0;
+ char * p;
+ char path[2048];
+ struct stat statbuf;
+ struct statvfs statvfsbuf;
+
+ smbc_init(get_auth_data_fn, debug);
+
+ for (;;)
+ {
+ fprintf(stdout, "Path: ");
+ *path = '\0';
+ fgets(path, sizeof(path) - 1, stdin);
+ if (strlen(path) == 0)
+ {
+ return 0;
+ }
+
+ p = path + strlen(path) - 1;
+ if (*p == '\n')
+ {
+ *p = '\0';
+ }
+
+ /* Determine if it's a file or a folder */
+ if (smbc_stat(path, &statbuf) < 0)
+ {
+ perror("smbc_stat");
+ continue;
+ }
+
+ if (S_ISREG(statbuf.st_mode))
+ {
+ if ((fd = smbc_open(path, O_RDONLY, 0)) < 0)
+ {
+ perror("smbc_open");
+ continue;
+ }
+ }
+ else
+ {
+ if ((fd = smbc_opendir(path)) < 0)
+ {
+ perror("smbc_opendir");
+ continue;
+ }
+ }
+
+ ret = smbc_fstatvfs(fd, &statvfsbuf);
+
+ smbc_close(fd);
+
+ if (ret < 0)
+ {
+ perror("fstatvfs");
+ }
+ else
+ {
+ printf("\n");
+ printf("Block Size: %lu\n", statvfsbuf.f_bsize);
+ printf("Fragment Size: %lu\n", statvfsbuf.f_frsize);
+ printf("Blocks: %llu\n", statvfsbuf.f_blocks);
+ printf("Free Blocks: %llu\n", statvfsbuf.f_bfree);
+ printf("Available Blocks: %llu\n", statvfsbuf.f_bavail);
+ printf("Files : %llu\n", statvfsbuf.f_files);
+ printf("Free Files: %llu\n", statvfsbuf.f_ffree);
+ printf("Available Files: %llu\n", statvfsbuf.f_favail);
+ printf("File System ID: %lu\n", statvfsbuf.f_fsid);
+ printf("\n");
+
+ printf("Flags: 0x%lx\n", statvfsbuf.f_flag);
+ printf("Extended Features: ");
+
+ if (statvfsbuf.f_flag & SMBC_VFS_FEATURE_NO_UNIXCIFS)
+ {
+ printf("NO_UNIXCIFS ");
+ }
+ else
+ {
+ printf("unixcifs ");
+ }
+
+ if (statvfsbuf.f_flag & SMBC_VFS_FEATURE_CASE_INSENSITIVE)
+ {
+ printf("CASE_INSENSITIVE ");
+ }
+ else
+ {
+ printf("case_sensitive ");
+ }
+
+ if (statvfsbuf.f_flag & SMBC_VFS_FEATURE_DFS)
+ {
+ printf("DFS ");
+ }
+ else
+ {
+ printf("no_dfs ");
+ }
+
+ printf("\n");
+ }
+ }
+
+ return 0;
+}
--- /dev/null
+#include <sys/types.h>
+#include <sys/statvfs.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+#include <libsmbclient.h>
+#include "get_auth_data_fn.h"
+
+
+int main(int argc, char * argv[])
+{
+ int i;
+ int fd;
+ int ret;
+ int debug = 0;
+ char * p;
+ char path[2048];
+ struct stat statbuf;
+ struct statvfs statvfsbuf;
+
+ smbc_init(get_auth_data_fn, debug);
+
+ for (;;)
+ {
+ fprintf(stdout, "Path: ");
+ *path = '\0';
+ fgets(path, sizeof(path) - 1, stdin);
+ if (strlen(path) == 0)
+ {
+ return 0;
+ }
+
+ p = path + strlen(path) - 1;
+ if (*p == '\n')
+ {
+ *p = '\0';
+ }
+
+ ret = smbc_statvfs(path, &statvfsbuf);
+
+ if (ret < 0)
+ {
+ perror("fstatvfs");
+ }
+ else
+ {
+ printf("\n");
+ printf("Block Size: %lu\n", statvfsbuf.f_bsize);
+ printf("Fragment Size: %lu\n", statvfsbuf.f_frsize);
+ printf("Blocks: %llu\n", statvfsbuf.f_blocks);
+ printf("Free Blocks: %llu\n", statvfsbuf.f_bfree);
+ printf("Available Blocks: %llu\n", statvfsbuf.f_bavail);
+ printf("Files : %llu\n", statvfsbuf.f_files);
+ printf("Free Files: %llu\n", statvfsbuf.f_ffree);
+ printf("Available Files: %llu\n", statvfsbuf.f_favail);
+ printf("File System ID: %lu\n", statvfsbuf.f_fsid);
+ printf("\n");
+
+ printf("Flags: 0x%lx\n", statvfsbuf.f_flag);
+ printf("Extended Features: ");
+
+ if (statvfsbuf.f_flag & SMBC_VFS_FEATURE_NO_UNIXCIFS)
+ {
+ printf("NO_UNIXCIFS ");
+ }
+ else
+ {
+ printf("unixcifs ");
+ }
+
+ if (statvfsbuf.f_flag & SMBC_VFS_FEATURE_CASE_INSENSITIVE)
+ {
+ printf("CASE_INSENSITIVE ");
+ }
+ else
+ {
+ printf("case_sensitive ");
+ }
+
+ if (statvfsbuf.f_flag & SMBC_VFS_FEATURE_DFS)
+ {
+ printf("DFS ");
+ }
+ else
+ {
+ printf("no_dfs ");
+ }
+
+ printf("\n");
+ }
+ }
+
+ return 0;
+}
killproc()
{
pid=`ps aux | grep $1 | egrep -v '(grep|perfcountd)' | awk '{print $2}'`
- if [ "$pid" != "" ]; then
+ if [ x"$pid" != "x" ]; then
kill $pid
fi
}
# Start/stop processes
-case "$1"
+case "$1"
in
start)
/opt/samba/bin/perfcount -d -f /var/lib/samba/perfmon 2> /dev/null
status)
pid=`ps aux | grep perfcount | egrep -v '(grep|perfcountd)' | awk '{print $2}'`
- if [ "$pid" == "" ]; then
+ if [ x"$pid" = "x" ]; then
echo "Dead!"
exit 2;
fi
+#!/bin/sh
case `uname -m` in
- x86_64)
- libdir=/usr/lib64/samba
- ;;
- *)
- libdir=/usr/lib/samba
- ;;
+ x86_64)
+ _libarch=lib64
+ ;;
+ *)
+ _libarch=lib
+ ;;
esac
-CFLAGS="-Wall -g -D_GNU_SOURCE" ./configure \
- --prefix=/usr \
- --localstatedir=/var \
- --with-configdir=/etc/samba \
- --with-libdir=$libdir \
- --with-lockdir=/var/lib/samba \
- --with-logfilebase=/var/log/samba \
- --with-mandir=/usr/man \
- --with-piddir=/var/run \
- --with-privatedir=/etc/samba \
- --with-sambabook=/usr/share/swat/using_samba \
- --with-swatdir=/usr/share/swat \
+_libarchdir=/usr/${_libarch}
+
+_prefix=/usr
+_sysconfdir=/etc
+_mandir=/usr/man
+_datadir=/usr/share
+
+# check for ccache
+ccache -h 2>&1 > /dev/null
+if [ $? -eq 0 ]; then
+ CC="ccache gcc"
+else
+ CC="gcc"
+fi
+
+./autogen.sh
+
+CC="$CC" CFLAGS="-Wall -g -D_GNU_SOURCE" ./configure -C \
+ --prefix=${_prefix} \
+ --localstatedir=/var \
+ --with-configdir=${_sysconfdir}/samba \
+ --with-libdir=${_libarchdir}/samba \
+ --with-pammodulesdir=/${_libarch}/security \
+ --with-lockdir=/var/lib/samba \
+ --with-logfilebase=/var/log/samba \
+ --with-mandir=${_mandir} \
+ --with-piddir=/var/run \
+ --with-privatedir=${_sysconfdir}/samba \
+ --with-sambabook=${_datadir}/swat/using_samba \
+ --with-swatdir=${_datadir}/swat \
--disable-cups \
- --with-acl-support \
+ --with-acl-support \
--with-ads \
- --with-automount \
- --with-fhs \
+ --with-automount \
+ --with-fhs \
--with-pam_smbpass \
--with-libsmbclient \
--with-libsmbsharemodes \
- --without-smbwrapper \
+ --without-smbwrapper \
--with-pam \
--with-quotas \
- --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2 \
+ --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2,vfs_gpfs \
--with-syslog \
--with-utmp \
--with-cluster-support \
--without-dnsupdate \
--with-aio-support \
$*
+
+make showlayout
+
DIRNAME=$(dirname $0)
TOPDIR=${DIRNAME}/../..
-SRCDIR=${TOPDIR}/source
-VERSION_H=${SRCDIR}/include/version.h
SPECFILE="samba.spec"
DOCS="docs.tar.bz2"
##
## determine the samba version and create the SPEC file
##
-pushd ${SRCDIR}
-./script/mkversion.sh
-popd
-if [ ! -f ${VERSION_H} ] ; then
- echo "Error creating version.h"
- exit 1
+${DIRNAME}/makespec.sh
+RC=$?
+if [ $RC -ne 0 ]; then
+ exit ${RC}
fi
-VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING ${VERSION_H} | awk '{print $3}'`
-vendor_version=`grep SAMBA_VERSION_VENDOR_SUFFIX ${VERSION_H} | awk '{print $3}'`
-if test "x${vendor_version}" != "x" ; then
- VERSION="${VERSION}-${vendor_version}"
-fi
-VERSION=`echo ${VERSION} | sed 's/-/_/g'`
-VERSION=`echo ${VERSION} | sed 's/\"//g'`
-echo "VERSION: ${VERSION}"
-sed -e s/PVERSION/${VERSION}/g \
- < ${DIRNAME}/${SPECFILE}.tmpl \
- > ${DIRNAME}/${SPECFILE}
+RELEASE=$(grep ^Release ${DIRNAME}/${SPECFILE} | sed -e 's/^Release:\ \+//')
+VERSION=$(grep ^Version ${DIRNAME}/${SPECFILE} | sed -e 's/^Version:\ \+//')
##
## create the tarball
--- /dev/null
+#!/bin/sh
+#
+# Copyright (C) Michael Adam 2008
+#
+# Script to determine the samba version and create the SPEC file from template
+
+DIRNAME=$(dirname $0)
+TOPDIR=${DIRNAME}/../..
+SRCDIR=${TOPDIR}/source
+VERSION_H=${SRCDIR}/include/version.h
+SPECFILE=${DIRNAME}/samba.spec
+
+##
+## determine the samba version and create the SPEC file
+##
+pushd ${SRCDIR}
+./script/mkversion.sh
+popd
+if [ ! -f ${VERSION_H} ] ; then
+ echo "Error creating version.h"
+ exit 1
+fi
+
+VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING ${VERSION_H} | awk '{print $3}'`
+vendor_version=`grep SAMBA_VERSION_VENDOR_SUFFIX ${VERSION_H} | awk '{print $3}'`
+if test "x${vendor_version}" != "x" ; then
+ VERSION="${VERSION}-${vendor_version}"
+fi
+VERSION=`echo ${VERSION} | sed 's/-/_/g'`
+VERSION=`echo ${VERSION} | sed 's/\"//g'`
+echo "VERSION: ${VERSION}"
+sed -e s/PVERSION/${VERSION}/g \
+ < ${SPECFILE}.tmpl \
+ > ${SPECFILE}
+
# RPM_OPT_FLAGS="$RPM_OPT_FLAGS -D_FILE_OFFSET_BITS=64"
## check for ccache
-# ccache -h 2>&1 > /dev/null
-#if [ $? -eq 0 ]; then
-# CC="ccache gcc"
-#else
+if ccache -h >/dev/null 2>&1 ; then
+ CC="ccache gcc"
+else
CC="gcc"
-#fi
+fi
+
+export CC
## always run autogen.sh
./autogen.sh
--with-configdir=%{_sysconfdir}/samba \
--libdir=%{_libarchdir} \
--with-modulesdir=%{_libarchdir}/samba \
+ --with-pammodulesdir=%{_libarch}/security \
--with-lockdir=/var/lib/samba \
--with-logfilebase=/var/log/samba \
--with-mandir=%{_mandir} \
--without-smbwrapper \
--with-pam \
--with-quotas \
- --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2 \
+ --with-shared-modules=idmap_rid,idmap_ad,idmap_tdb2,vfs_gpfs \
--with-syslog \
--with-utmp \
--with-cluster-support \
make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" %{?_smp_mflags} \
all modules pam_smbpass
-## build the cifs fs mount helper
-cd client
-gcc -o mount.cifs $RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -D_GNU_SOURCE -D_LARGEFILE64_SOURCE mount.cifs.c
-gcc -o umount.cifs $RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -D_GNU_SOURCE -D_LARGEFILE64_SOURCE umount.cifs.c
-cd ..
-
# Remove some permission bits to avoid to many dependencies
cd ..
find examples docs -type f | xargs -r chmod -x
install
cd ..
-# NSS & PAM winbind support
-install -m 755 source/bin/pam_winbind.so $RPM_BUILD_ROOT/%{_libarch}/security/pam_winbind.so
+# NSS winbind support
install -m 755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/%{_libarch}/libnss_winbind.so.2
( cd $RPM_BUILD_ROOT/%{_libarch};
ln -sf libnss_winbind.so.2 libnss_winbind.so )
#install -m 755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/%{_libarch}/libnss_wins.so
# ( cd $RPM_BUILD_ROOT/%{_libarch}; ln -sf libnss_wins.so libnss_wins.so.2 )
-# Install pam_smbpass.so
-install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/%{_libarch}/security/pam_smbpass.so
## cleanup
/bin/rm -rf $RPM_BUILD_ROOT/usr/lib*/samba/security
install -m755 setup/smbprint $RPM_BUILD_ROOT%{_bindir}
install -m644 setup/smbusers $RPM_BUILD_ROOT%{_sysconfdir}/samba/smbusers
install -m644 setup/smb.conf $RPM_BUILD_ROOT%{_sysconfdir}/samba/smb.conf
-install -m755 source/client/mount.cifs $RPM_BUILD_ROOT/sbin/mount.cifs
-install -m755 source/client/umount.cifs $RPM_BUILD_ROOT/sbin/umount.cifs
+install -m755 source/bin/mount.cifs $RPM_BUILD_ROOT/sbin/mount.cifs
+install -m755 source/bin/umount.cifs $RPM_BUILD_ROOT/sbin/umount.cifs
install -m755 source/script/mksmbpasswd.sh $RPM_BUILD_ROOT%{_bindir}
/bin/rm $RPM_BUILD_ROOT%{_sbindir}/*mount.cifs
/sbin/mount.cifs
/sbin/umount.cifs
+%{_sbindir}/cifs.upcall
+
%{_bindir}/rpcclient
%{_bindir}/smbcacls
%{_bindir}/findsmb
%{_mandir}/man8/mount.cifs.8.*
%{_mandir}/man8/umount.cifs.8.*
+%{_mandir}/man8/cifs.upcall.8*
%{_mandir}/man8/smbspool.8*
%{_mandir}/man1/smbget.1*
%{_mandir}/man5/smbgetrc.5*
%{_mandir}/man1/ldbedit.1*
%{_mandir}/man1/ldbmodify.1*
%{_mandir}/man1/ldbsearch.1*
-%{_mandir}/man8/cifs.upcall.8*
%ifarch i386 i486 i586 i686 ppc s390
%files winbind-32bit
make CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE" %{?_smp_mflags} \
all modules pam_smbpass
-## build the cifs fs mount helper
-cd client
-gcc -o mount.cifs $RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -D_GNU_SOURCE -D_LARGEFILE64_SOURCE mount.cifs.c
-gcc -o umount.cifs $RPM_OPT_FLAGS -D_GNU_SOURCE -Wall -D_GNU_SOURCE -D_LARGEFILE64_SOURCE umount.cifs.c
-cd ..
-
# Remove some permission bits to avoid to many dependencies
cd ..
find examples docs -type f | xargs -r chmod -x
install -m755 setup/smbprint $RPM_BUILD_ROOT%{_bindir}
install -m644 setup/smbusers $RPM_BUILD_ROOT%{_sysconfdir}/samba/smbusers
install -m644 setup/smb.conf $RPM_BUILD_ROOT%{_sysconfdir}/samba/smb.conf
-install -m755 source/client/mount.cifs $RPM_BUILD_ROOT/sbin/mount.cifs
-install -m755 source/client/umount.cifs $RPM_BUILD_ROOT/sbin/umount.cifs
+install -m755 source/bin/mount.cifs $RPM_BUILD_ROOT/sbin/mount.cifs
+install -m755 source/bin/umount.cifs $RPM_BUILD_ROOT/sbin/umount.cifs
install -m755 source/script/mksmbpasswd.sh $RPM_BUILD_ROOT%{_bindir}
/bin/rm $RPM_BUILD_ROOT%{_sbindir}/*mount.cifs
--- /dev/null
+#!/bin/sh
+
+# Script to fill the packaging templates with the version
+# information that is created by mkversion in advance.
+#
+# This is a standalone wrapper for update-pkginfo, which
+# is ususally called from release-scripts/create-tarball.
+# This allows for testing some aspects of packaging without
+# the need to go through all of create-tarball.
+#
+# Copyright (C) Michael Adam 2009
+#
+# License: GPL
+
+DIRNAME=$(dirname $0)
+TOPDIR=${DIRNAME}/../..
+SRCDIR=${TOPDIR}/source
+VERSION_H=${SRCDIR}/include/version.h
+
+pushd ${SRCDIR} > /dev/null 2>&1
+./script/mkversion.sh
+popd > /dev/null 2>&1
+
+if [ ! -f ${VERSION_H} ] ; then
+ echo "Error creating version.h"
+ exit 1
+fi
+
+VERSION=`grep "define SAMBA_VERSION_OFFICIAL_STRING" ${VERSION_H} | awk '{print $3}'`
+
+vendor_version=`grep "define SAMBA_VERSION_VENDOR_SUFFIX" ${VERSION_H} | awk '{print $3}'`
+if test "x${vendor_version}" != "x" ; then
+ VERSION="${VERSION}-${vendor_version}"
+fi
+
+vendor_patch=`grep "define SAMBA_VERSION_VENDOR_PATCH" ${VERSION_H} | awk '{print $3}'`
+if test "x${vendor_patch}" != "x" ; then
+ VERSION="${VERSION}-${vendor_patch}"
+fi
+
+VERSION=`echo ${VERSION} | sed 's/\"//g'`
+
+echo "VERSION: ${VERSION}"
+
+pushd ${TOPDIR}/packaging > /dev/null 2>&1
+./bin/update-pkginfo "${VERSION}" 1 ""
+popd > /dev/null 2>&1
echo Usage: update-pkginfo VERSION RELEASE REVISION
exit 1
fi
-# PREV=`echo ${REVISION} | sed 's/[^0-9]//g'`
-# PREV="."`echo ${REVISION} | sed 's/[0-9]//g'`".${PREV}"
-for f in `du -a | awk '{print $2}' | grep \.tmpl$`; do
+DIRNAME=$(dirname $0)
+TOPDIR=${DIRNAME}/../../
+PACKAGINGDIR=${TOPDIR}/packaging
+
+pushd ${PACKAGINGDIR} > /dev/null 2>&1
+for f in `find . -type f -name "*.tmpl"`; do
f2=`echo $f | sed s/.tmpl//g`
echo $f2
sed -e s/PVERSION/$VERSION/g \
-e s/PREVISION/${REVISION}/g \
-e s/PRPMREV/${RPMREVISION}/g < $f > $f2
done
-
+popd > /dev/null 2>&1
#!/bin/sh
+_exit() {
+ echo $@
+ popd
+ exit 1
+}
+
DOCSRCDIR=`dirname $0`/../docs-xml
-cd $DOCSRCDIR || exit 1
+pushd $DOCSRCDIR || exit 1
git clean -d -x -f
autoconf && \
make release
if [ $? != 0 ]; then
- echo "Docs build failed!"
- exit 1
+ _exit "Docs build failed!"
fi
-mkdir ../docs
+mkdir -p ../docs
rsync -Ca --delete --exclude=.git output/ ../docs/
rsync -Ca --exclude=.svn registry ../docs/
rsync -Ca --exclude=.svn archives/ ../docs/
-cd ../docs || exit 1
+cd ../docs || _exit "Error changing dir to ${DOCSDIR}/../docs/"
+
/bin/rm -rf test.pdf Samba4*pdf htmldocs/Samba4* htmldocs/test
mv manpages-3 manpages
mv htmldocs/manpages-3 htmldocs/manpages
-cd $DOCSRCDIR || exit 1
-make clean
+cd ../docs-xml || _exit "Error changing dir to ${DOCSDIR}/../docs-xml/"
+make distclean
+echo "Success"
+popd
exit
if [ -n "$vendor_version" ]; then
version="$version-$vendor_version"
fi
+ vendor_patch=`grep "define SAMBA_VERSION_VENDOR_PATCH" $VER_H | awk '{print $3}'`
+ if [ -n "$vendor_patch" ]; then
+ version="$version-$vendor_patch"
+ fi
version=`echo $version | sed 's/\"//g'`
echo "Creating release tarball for Samba $version"
LOGFILEBASE = @logfilebase@
CONFIGFILE = $(CONFIGDIR)/smb.conf
LMHOSTSFILE = $(CONFIGDIR)/lmhosts
-CTDBDIR = @ctdbdir@
# This is where smbpasswd et al go
PRIVATEDIR = @privatedir@
bin/nmblookup@EXEEXT@ bin/pdbedit@EXEEXT@ bin/tdbdump@EXEEXT@ \
bin/tdbtool@EXEEXT@
BIN_PROGS3 = bin/smbpasswd@EXEEXT@ bin/rpcclient@EXEEXT@ bin/smbcacls@EXEEXT@ \
- bin/profiles@EXEEXT@ bin/ntlm_auth@EXEEXT@ \
+ bin/profiles@EXEEXT@ bin/ntlm_auth@EXEEXT@ bin/sharesec@EXEEXT@ \
bin/smbcquotas@EXEEXT@ bin/eventlogadm@EXEEXT@
BIN_PROGS4 = bin/ldbedit@EXEEXT@ bin/ldbsearch@EXEEXT@ bin/ldbadd@EXEEXT@ \
- bin/ldbdel@EXEEXT@ bin/ldbmodify@EXEEXT@
+ bin/ldbdel@EXEEXT@ bin/ldbmodify@EXEEXT@ bin/ldbrename@EXEEXT@
TORTURE_PROGS = bin/smbtorture@EXEEXT@ bin/msgtest@EXEEXT@ \
bin/masktest@EXEEXT@ bin/locktest@EXEEXT@ \
SWAT_OBJ1 = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \
web/swat.o web/neg_lang.o
-SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(LIBSMB_OBJ) \
+SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(PRINTBASE_OBJ) $(LIBSMB_OBJ) \
$(LOCKING_OBJ) $(PASSDB_OBJ) @LIBWBCLIENT_STATIC@ $(KRBCLIENT_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \
$(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_GEN_OBJ) $(LIBMSRPC_OBJ) \
LDBADD_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbadd.o
LDBDEL_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbdel.o
LDBMODIFY_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbmodify.o
+LDBRENAME_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbrename.o
WINBIND_KRB5_LOCATOR_OBJ1 = nsswitch/winbind_krb5_locator.o
WINBIND_KRB5_LOCATOR_OBJ = $(WINBIND_KRB5_LOCATOR_OBJ1) $(LIBREPLACE_OBJ)
dssetup.idl krb5pac.idl ntsvcs.idl libnetapi.idl drsuapi.idl drsblobs.idl \
nbt.idl
+PIDL = "$(srcdir)/pidl/pidl"
+
idl::
- @IDL_FILES="$(IDL_FILES)" CPP="$(CPP)" PERL="$(PERL)" \
+ @IDL_FILES="$(IDL_FILES)" CPP="$(CPP)" PERL="$(PERL)" PIDL="$(PIDL)"\
srcdir="$(srcdir)" $(srcdir)/script/build_idl.sh $(PIDL_ARGS)
bin/vfstest@EXEEXT@: $(BINARY_PREREQS) $(VFSTEST_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(VFSTEST_OBJ) $(LDFLAGS) $(TERMLDFLAGS) \
- $(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \
+ $(TERMLIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) $(DNSSD_LIBS) \
$(ACL_LIBS) $(LIBS) $(POPT_LIBS) $(KRB5LIBS) $(LDAP_LIBS) \
@SMBD_LIBS@ $(NSCD_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \
$(WINBIND_LIBS)
$(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
$(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+bin/ldbrename: $(BINARY_PREREQS) $(LDBRENAME_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ @LIBWBCLIENT_SHARED@
+ @echo Linking $@
+ @$(CC) $(FLAGS) -o $@ $(LDBRENAME_OBJ) $(DYNEXP) $(LDFLAGS) \
+ $(LIBS) $(POPT_LIBS) $(LDAP_LIBS) \
+ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(WINBIND_LIBS)
+
#####################################################################
#
$(LIBTALLOC_SHARED_TARGET): $(LIBTALLOC_SHARED_TARGET_SONAME)
@rm -f $@
- @ln -s -f `basename $(LIBTALLOC_SHARED_TARGET_SONAME)` $@
+ @ln -f -s `basename $(LIBTALLOC_SHARED_TARGET_SONAME)` $@
$(LIBTALLOC_STATIC_TARGET): $(BINARY_PREREQS) $(LIBTALLOC_OBJ0)
@echo Linking non-shared library $@
-$(INSTALLLIBCMD_SH) $(LIBTALLOC_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBTALLOC_SHARED_TARGET)`
-if test -r $(LIBTALLOC_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBTALLOC_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBTALLOC_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBTALLOC_SHARED_TARGET)` ; \
fi
-$(INSTALLLIBCMD_A) $(LIBTALLOC_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
$(LIBTDB_SHARED_TARGET): $(LIBTDB_SHARED_TARGET_SONAME)
@rm -f $@
- @ln -s -f `basename $(LIBTDB_SHARED_TARGET_SONAME)` $@
+ @ln -f -s `basename $(LIBTDB_SHARED_TARGET_SONAME)` $@
$(LIBTDB_STATIC_TARGET): $(BINARY_PREREQS) $(LIBTDB_OBJ0)
@echo Linking non-shared library $@
-$(INSTALLLIBCMD_SH) $(LIBTDB_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBTDB_SHARED_TARGET)`
-if test -r $(LIBTDB_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBTDB_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBTDB_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBTDB_SHARED_TARGET)` ; \
fi
-$(INSTALLLIBCMD_A) $(LIBTDB_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
$(LIBWBCLIENT_SHARED_TARGET): $(LIBWBCLIENT_SHARED_TARGET_SONAME)
@rm -f $@
- @ln -s -f `basename $(LIBWBCLIENT_SHARED_TARGET_SONAME)` $@
+ @ln -f -s `basename $(LIBWBCLIENT_SHARED_TARGET_SONAME)` $@
$(LIBWBCLIENT_STATIC_TARGET): $(BINARY_PREREQS) $(LIBWBCLIENT_OBJ0) $(WBCOMMON_OBJ)
@echo Linking non-shared library $@
-$(INSTALLLIBCMD_SH) $(LIBWBCLIENT_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBWBCLIENT_SHARED_TARGET)`
-if test -r $(LIBWBCLIENT_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBWBCLIENT_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBWBCLIENT_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBWBCLIENT_SHARED_TARGET)` ; \
fi
@$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) ${prefix}/include
$(LIBADDNS_SHARED_TARGET): $(LIBADDNS_SHARED_TARGET_SONAME)
@rm -f $@
- @ln -s -f `basename $(LIBADDNS_SHARED_TARGET_SONAME)` $@
+ @ln -f -s `basename $(LIBADDNS_SHARED_TARGET_SONAME)` $@
$(LIBADDNS_STATIC_TARGET): $(BINARY_PREREQS) $(LIBADDNS_OBJ0)
@echo Linking non-shared library $@
-$(INSTALLLIBCMD_SH) $(LIBADDNS_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBADDNS_SHARED_TARGET)`
-if test -r $(LIBADDNS_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBADDNS_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBADDNS_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBADDNS_SHARED_TARGET)` ; \
fi
-$(INSTALLLIBCMD_A) $(LIBADDNS_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
$(LIBNETAPI_SHARED_TARGET): $(LIBNETAPI_SHARED_TARGET_SONAME)
@rm -f $@
- @ln -s -f `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` $@
+ @ln -f -s `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` $@
$(LIBNETAPI_STATIC_TARGET): $(BINARY_PREREQS) $(LIBNETAPI_OBJ0)
@echo Linking non-shared library $@
-$(INSTALLLIBCMD_SH) $(LIBNETAPI_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBNETAPI_SHARED_TARGET)`
-if test -r $(LIBNETAPI_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBNETAPI_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBNETAPI_SHARED_TARGET)` ; \
fi
-$(INSTALLLIBCMD_A) $(LIBNETAPI_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
-$(INSTALLLIBCMD_SH) $(LIBSMBCLIENT_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBSMBCLIENT_SHARED_TARGET)`
-if test -r $(LIBSMBCLIENT_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBSMBCLIENT_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBSMBCLIENT_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBSMBCLIENT_SHARED_TARGET)` ; \
fi
-$(INSTALLLIBCMD_A) $(LIBSMBCLIENT_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
$(LIBSMBSHAREMODES_SHARED_TARGET): $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME)
@rm -f $@
- @ln -s -f `basename $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME)` $@
+ @ln -f -s `basename $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME)` $@
$(LIBSMBSHAREMODES_STATIC_TARGET): $(BINARY_PREREQS) $(LIBSMBSHAREMODES_OBJ0)
@echo Linking non-shared library $@
-$(INSTALLLIBCMD_SH) $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME) $(DESTDIR)$(LIBDIR)
@rm -f $(DESTDIR)$(LIBDIR)/`basename $(LIBSMBSHAREMODES_SHARED_TARGET)`
-if test -r $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME) ; then \
- ln -s -f `basename $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME)` \
+ ln -f -s `basename $(LIBSMBSHAREMODES_SHARED_TARGET_SONAME)` \
$(DESTDIR)$(LIBDIR)/`basename $(LIBSMBSHAREMODES_SHARED_TARGET)` ; \
fi
-$(INSTALLLIBCMD_A) $(LIBSMBSHAREMODES_STATIC_TARGET) $(DESTDIR)$(LIBDIR)
########################################################
SAMBA_VERSION_MAJOR=3
SAMBA_VERSION_MINOR=3
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
########################################################
# Bug fix releases use a letter for the patch revision #
struct passwd *pwd;
gid_t *gids;
auth_serversupplied_info *result;
- int i;
- size_t num_gids;
- DOM_SID unix_group_sid;
const char *username = pdb_get_username(sampass);
NTSTATUS status;
}
result->sam_account = sampass;
- /* Ensure thaat the sampass will be freed with the result */
- talloc_steal(result, sampass);
result->unix_name = pwd->pw_name;
/* Ensure that we keep pwd->pw_name, because we will free pwd below */
talloc_steal(result, pwd->pw_name);
}
}
- /* Add the "Unix Group" SID for each gid to catch mapped groups
- and their Unix equivalent. This is to solve the backwards
- compatibility problem of 'valid users = +ntadmin' where
- ntadmin has been paired with "Domain Admins" in the group
- mapping table. Otherwise smb.conf would need to be changed
- to 'valid user = "Domain Admins"'. --jerry */
-
- num_gids = result->num_sids;
- for ( i=0; i<num_gids; i++ ) {
- if ( !gid_to_unix_groups_sid( gids[i], &unix_group_sid ) ) {
- DEBUG(1,("make_server_info_sam: Failed to create SID "
- "for gid %d!\n", gids[i]));
- continue;
- }
- status = add_sid_to_array_unique(result, &unix_group_sid,
- &result->sids,
- &result->num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- result->sam_account = NULL; /* Don't free on error exit. */
- TALLOC_FREE(result);
- return status;
- }
- }
-
/* For now we throw away the gids and convert via sid_to_gid
* later. This needs fixing, but I'd like to get the code straight and
* simple first. */
pdb_get_username(sampass), result->unix_name));
*server_info = result;
+ /* Ensure thaat the sampass will be freed with the result */
+ talloc_steal(result, sampass);
return NT_STATUS_OK;
}
{
NTSTATUS status;
size_t i;
+ struct dom_sid tmp_sid;
/*
* If winbind is not around, we can not make much use of the SIDs the
&server_info->utok.ngroups);
}
+ /*
+ * Add the "Unix Group" SID for each gid to catch mapped groups
+ * and their Unix equivalent. This is to solve the backwards
+ * compatibility problem of 'valid users = +ntadmin' where
+ * ntadmin has been paired with "Domain Admins" in the group
+ * mapping table. Otherwise smb.conf would need to be changed
+ * to 'valid user = "Domain Admins"'. --jerry
+ *
+ * For consistency we also add the "Unix User" SID,
+ * so that the complete unix token is represented within
+ * the nt token.
+ */
+
+ if (!uid_to_unix_users_sid(server_info->utok.uid, &tmp_sid)) {
+ DEBUG(1,("create_local_token: Failed to create SID "
+ "for uid %d!\n", server_info->utok.uid));
+ }
+ add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+ &server_info->ptok->user_sids,
+ &server_info->ptok->num_sids);
+
+ for ( i=0; i<server_info->utok.ngroups; i++ ) {
+ if (!gid_to_unix_groups_sid( server_info->utok.groups[i], &tmp_sid ) ) {
+ DEBUG(1,("create_local_token: Failed to create SID "
+ "for gid %d!\n", server_info->utok.groups[i]));
+ continue;
+ }
+ add_sid_to_array_unique(server_info->ptok, &tmp_sid,
+ &server_info->ptok->user_sids,
+ &server_info->ptok->num_sids);
+ }
+
debug_nt_user_token(DBGC_AUTH, 10, server_info->ptok);
+ debug_unix_user_token(DBGC_AUTH, 10,
+ server_info->utok.uid,
+ server_info->utok.gid,
+ server_info->utok.ngroups,
+ server_info->utok.groups);
status = log_nt_token(server_info->ptok);
return status;
static bool smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv)
{
int pam_error;
+#ifdef PAM_RHOST
const char *our_rhost;
+#endif
char addr[INET6_ADDRSTRLEN];
*pamh = (pam_handle_t *)NULL;
return False;
}
+#ifdef PAM_RHOST
if (rhost == NULL) {
our_rhost = client_name(get_client_fd());
if (strequal(our_rhost,"UNKNOWN"))
our_rhost = rhost;
}
-#ifdef PAM_RHOST
DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost));
pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost);
if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) {
/* Ensure cur_dir ends in a DIRSEP */
if ((new_cd[0] != '\0') && (*(new_cd+strlen(new_cd)-1) != CLI_DIRSEP_CHAR)) {
- new_cd = talloc_asprintf_append(new_cd, CLI_DIRSEP_STR);
+ new_cd = talloc_asprintf_append(new_cd, "%s", CLI_DIRSEP_STR);
if (!new_cd) {
goto out;
}
return;
}
p = strrchr_m(mask2,CLI_DIRSEP_CHAR);
- if (!p) {
- TALLOC_FREE(dir);
- return;
+ if (p) {
+ p[1] = 0;
+ } else {
+ mask2[0] = '\0';
}
- p[1] = 0;
mask2 = talloc_asprintf_append(mask2,
"%s%s*",
f->name,
if (*buf == CLI_DIRSEP_CHAR) {
mask = talloc_strdup(ctx, buf);
} else {
- mask = talloc_asprintf_append(mask, buf);
+ mask = talloc_asprintf_append(mask, "%s", buf);
}
} else {
mask = talloc_asprintf_append(mask, "*");
return 1;
}
if ((mask[0] != '\0') && (mask[strlen(mask)-1]!=CLI_DIRSEP_CHAR)) {
- mask = talloc_asprintf_append(mask, CLI_DIRSEP_STR);
+ mask = talloc_asprintf_append(mask, "%s", CLI_DIRSEP_STR);
if (!mask) {
return 1;
}
if (*buf == CLI_DIRSEP_CHAR) {
git.samba.org / samba.git / commitdiff