Changeset 272 for branches/samba-3.2.x/docs-xml

Timestamp:

Jun 16, 2009, 5:52:30 PM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update 3.2 to 3.2.12

Location:

branches/samba-3.2.x/docs-xml

Files:

• Samba3-ByExample/SBE-KerberosFastStart.xml (modified) (1 diff)
• Samba3-HOWTO/TOSHARG-FastStart.xml (modified) (2 diffs)
• Samba3-HOWTO/TOSHARG-Install.xml (modified) (5 diffs)
• Samba3-HOWTO/TOSHARG-PDC.xml (modified) (2 diffs)
• Samba3-HOWTO/TOSHARG-Passdb.xml (modified) (5 diffs)
• Samba3-HOWTO/TOSHARG-VFS.xml (modified) (1 diff)
• Samba3-HOWTO/TOSHARG-foreword-cargill.xml (modified) (1 diff)
• Samba3-HOWTO/manpages.xml (modified) (1 diff)
• manpages-3/net.8.xml (modified) (3 diffs)
• smbdotconf/logon/abortshutdownscript.xml (modified) (1 diff)
• smbdotconf/logon/shutdownscript.xml (modified) (2 diffs)
• smbdotconf/protocol/unixextensions.xml (modified) (1 diff)

branches/samba-3.2.x/docs-xml/Samba3-ByExample/SBE-KerberosFastStart.xml

@@ -1369 +1369 @@
         <orderedlist>
                 <listitem><para>
-                A user opens a Work document from a network drive. The file was owned by user <constant>janetp</constant>
+                A user opens a Word document from a network drive. The file was owned by user <constant>janetp</constant>
                 and <group>users</group>, and was set read/write-enabled for everyone.
+                A user opens a Word document from a network drive. The file was owned by user <constant>janetp</constant>
+                and <constant>users</constant>, and was set read/write-enabled for everyone.
                 </para></listitem>
 

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml

@@ -1215 +1215 @@
 <smbconfoption name="ldap group suffix">ou=People</smbconfoption>
 <smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
-<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=quenya,dc=org</smbconfoption>
 <smbconfoption name="ldap ssl">no</smbconfoption>
 <smbconfoption name="ldap passwd sync">Yes</smbconfoption>
@@ -1282 +1282 @@
 <smbconfoption name="ldap group suffix">ou=People</smbconfoption>
 <smbconfoption name="ldap idmap suffix">ou=People</smbconfoption>
-<smbconfoption name="ldap admin dn">cn=Manager</smbconfoption>
+<smbconfoption name="ldap admin dn">cn=Manager,dc=quenya,dc=org</smbconfoption>
 <smbconfoption name="ldap ssl">no</smbconfoption>
 <smbconfoption name="ldap passwd sync">Yes</smbconfoption>

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/TOSHARG-Install.xml

@@ -335 +335 @@
                 <varlistentry><term>nmbd</term>
                         <listitem><para>
-                        <indexterm><primary>smbd</primary></indexterm>
-                        <indexterm><primary>starting samba</primary><secondary>smbd</secondary></indexterm>
+                        <indexterm><primary>nmbd</primary></indexterm>
+                        <indexterm><primary>starting samba</primary><secondary>nmbd</secondary></indexterm>
                         This daemon handles all name registration and resolution requests. It is the primary vehicle involved
                         in network browsing. It handles all UDP-based protocols. The <command>nmbd</command> daemon should
@@ -345 +345 @@
                 <varlistentry><term>smbd</term>
                         <listitem><para>
-                        <indexterm><primary>nmbd</primary></indexterm>
-                        <indexterm><primary>starting samba</primary><secondary>nmbd</secondary></indexterm>
+                        <indexterm><primary>smbd</primary></indexterm>
+                        <indexterm><primary>starting samba</primary><secondary>smbd</secondary></indexterm>
                         This daemon handles all TCP/IP-based connection services for file- and print-based operations. It also
                         manages local authentication. It should be started immediately following the startup of <command>nmbd</command>.
@@ -468 +468 @@
         be adopted is to do all documentation and configuration in a file that has another name, such as
         <filename>smb.conf.master</filename>. The <command>testparm</command> utility can be used to generate a
-        fully optimized &smb.conf; file from this master configuration and documtenation file as shown here:
+        fully optimized &smb.conf; file from this master configuration and documentation file as shown here:
 <screen>
 &rootprompt; testparm -s smb.conf.master > smb.conf
@@ -485 +485 @@
         <indexterm><primary>swat</primary></indexterm>
         SWAT is a Web-based interface that can be used to facilitate the configuration of Samba.  SWAT might not
-        be available in the Samba package that shipped with your platform, but in a separate package. If it is
-        necesaary to built SWAT please read the SWAT man page regarding compilation, installation, and
+        be available in the Samba package that shipped with your platform, but in a separate package. If you need to build SWAT please read the SWAT man page regarding compilation, installation, and
         configuration of SWAT from the source code.
         </para>
@@ -499 +498 @@
         <para>
         SWAT can be used from a browser on any IP-connected machine, but be aware that connecting from a remote
-        machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear. 
-        </para>
-
-        <para>
+        machine leaves your connection open to password sniffing because passwords will be sent over the wire in the clear.
+        </para>
+
+        <para>
+        Please note that re-writing the configuration file using SWAT will
+        remove all comments!
         More information about SWAT can be found in <link linkend="SWAT">The Samba Web Administration Tool</link>.
         </para>

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/TOSHARG-PDC.xml

@@ -307 +307 @@
 SSO implementations utilize centralization of all user account information. Depending on environmental
 complexity and the age of the systems over which a SSO solution is implemented, it may not be possible to
-change the solution architecture so as to accomodate a new identity management and user authentication system.
+change the solution architecture so as to accommodate a new identity management and user authentication system.
 Many SSO solutions involving legacy systems consist of a new super-structure that handles authentication on
 behalf of the user. The software that gets layered over the old system may simply implement a proxy
@@ -376 +376 @@
 alternative specification called WS-Security. Some believe that the competing technologies and methods may
 converge when the SAML 2.0 standard is introduced. A few Web access-management products support SAML today,
-but implemention of the technology mostly requires customization to integrate applications and develop user
-interfaces. In a nust-shell, that is why FIM is a big and growing industry.
+but implementation of the technology mostly requires customization to integrate applications and develop user
+interfaces. In a nutshell, that is why FIM is a big and growing industry.
 </para>
 

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml

@@ -758 +758 @@
                 The POSIX and sambaSamAccount components of computer (machine) accounts are both used by Samba.
                 Thus, machine accounts are treated inside Samba in the same way that Windows NT4/200X treats
-                them. A user account and a machine account are indistinquishable from each other, except that
+                them. A user account and a machine account are indistinguishable from each other, except that
                 the machine account ends in a $ character, as do trust accounts.
                 </para>
@@ -1051 +1051 @@
                     </row>
                     <row>
-                                        <entry><para>Mimimum Password Length</para></entry>
+                                        <entry><para>Minimum Password Length</para></entry>
                                         <entry><para>min password length</para></entry>
                                         <entry><para>1 - 14 (Chars)</para></entry>
@@ -1616 +1616 @@
 account policy value for maximum password age was 4294967295
 account policy value for maximum password age is now 7776000
-&rootprompt; pdbedit -P "minimum password age" -C 7
+&rootprompt; pdbedit -P "minimum password age" -C 604800
 account policy value for minimum password age was 0
 account policy value for minimum password age is now 7
@@ -1736 +1736 @@
 <indexterm><primary>lookups</primary></indexterm>
                 The first problem is that all lookups must be performed sequentially. Given that
-                there are approximately two lookups per domain logon (one during intial logon validation
+                there are approximately two lookups per domain logon (one during initial logon validation
                 and one for a session connection setup, such as when mapping a network drive or printer), this
                 is a performance bottleneck for large sites. What is needed is an indexed approach
@@ -2627 +2627 @@
 
                 <sect3>
-                <title>Using OpenLDAP Overlay for Password Syncronization</title>
+                <title>Using OpenLDAP Overlay for Password Synchronization</title>
 
                 <para>

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml

@@ -277 +277 @@
                 <para>
 <indexterm><primary>logging</primary></indexterm>
-                This auditing tool is more felxible than most people readily will recognize. There are a number of ways
+                This auditing tool is more flexible than most people will readily recognize. There are a number of ways
                 by which useful logging information can be recorded.
                 </para>

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/TOSHARG-foreword-cargill.xml

@@ -39 +39 @@
 <para>
 A <emphasis>good standard</emphasis> survives because people know how to use it. People know how to use a
-standard when it is so transparent, so obvious, and so easy that it become invisible. And a standard becomes
+standard when it is so transparent, so obvious, and so easy that it becomes invisible. And a standard becomes
 invisible only when the documentation describing how to deploy it is clear, unambiguous, and correct. These
 three elements must be present for a standard to be useful, allowing communication and interaction between two

branches/samba-3.2.x/docs-xml/Samba3-HOWTO/manpages.xml

@@ -23 +23 @@
         <xi:include href="../manpages-3/nmblookup.1.xml"/>
         <xi:include href="../manpages-3/ntlm_auth.1.xml"/>
-        <xi:include href="../manpages-3/pam_winbind.7.xml"/>
+        <xi:include href="../manpages-3/pam_winbind.8.xml"/>
         <xi:include href="../manpages-3/pdbedit.8.xml"/>
         <xi:include href="../manpages-3/profiles.1.xml"/>

branches/samba-3.2.x/docs-xml/manpages-3/net.8.xml

@@ -36 +36 @@
                 <arg choice="opt">-d debuglevel</arg>
                 <arg choice="opt">-V</arg>
+                <arg choice="opt">--request-timeout seconds</arg>
         </cmdsynopsis>
 </refsynopsisdiv>
@@ -123 +124 @@
                 <listitem><para>
                 Make queries to the external server using the machine account of the local server.
+                </para></listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>--request-timeout 30</term>
+                <listitem><para>
+                Let client requests timeout after 30 seconds the default is 10
+                seconds.
                 </para></listitem>
                 </varlistentry>
@@ -1561 +1570 @@
 
 <refsect2>
+<title>DOM</title>
+
+<para>Starting with version 3.2.0 Samba has support for remote join and unjoin APIs, both client and server-side. Windows supports remote join capabilities since Windows 2000.
+</para>
+<para>In order for Samba to be joined or unjoined remotely an account must be used that is either member of the Domain Admins group, a member of the local Administrators group or a user that is granted the SeMachineAccountPrivilege privilege.
+</para>
+
+<para>The client side support for remote join is implemented in the net dom commands which are:
+<simplelist>
+<member>net dom join - Join a remote computer into a domain.</member>
+<member>net dom unjoin - Unjoin a remote computer from a domain.</member>
+</simplelist>
+</para>
+
+<refsect3>
+<title>DOM JOIN <replaceable>domain=DOMAIN</replaceable> <replaceable>ou=OU</replaceable> <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Joins a computer into a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>DOMAIN</replaceable> can be a NetBIOS domain name (also known as short domain name) or a DNS domain name for Active Directory Domains. As in Windows, it is also possible to control which Domain Controller to use. This can be achieved by appending the DC name using the \ separator character. Example: MYDOM\MYDC. The <replaceable>DOMAIN</replaceable> parameter cannot be NULL.</para></listitem>
+
+<listitem><para><replaceable>OU</replaceable> can be set to a RFC 1779 LDAP DN, like <emphasis>ou=mymachines,cn=Users,dc=example,dc=com</emphasis> in order to create the machine account in a non-default LDAP containter. This optional parameter is only supported when joining Active Directory Domains.</para></listitem>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to join the machine to the domain. This domain account needs to have sufficient privileges to join machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful join to the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to join. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+        Example:
+        net dom join -S xp -U XP\\administrator%secret domain=MYDOM account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and join the computer into a domain called MYDOM using the MYDOM domain administrator account and password topsecret. After successful join, the computer would reboot.
+</para>
+
+</refsect3>
+
+<refsect3>
+<title>DOM UNJOIN <replaceable>account=ACCOUNT</replaceable> <replaceable>password=PASSWORD</replaceable> <replaceable>reboot</replaceable></title>
+
+<para>
+Unjoins a computer from a domain. This command supports the following additional parameters:
+</para>
+
+<itemizedlist>
+
+<listitem><para><replaceable>ACCOUNT</replaceable> defines a domain account that will be used to unjoin the machine from the domain. This domain account needs to have sufficient privileges to unjoin machines.</para></listitem>
+
+<listitem><para><replaceable>PASSWORD</replaceable> defines the password for the domain account defined with <replaceable>ACCOUNT</replaceable>.</para></listitem>
+
+<listitem><para><replaceable>REBOOT</replaceable> is an optional parameter that can be set to reboot the remote machine after successful unjoin from the domain.</para></listitem>
+
+</itemizedlist>
+
+<para>
+Note that you also need to use standard net paramters to connect and authenticate to the remote machine that you want to unjoin. These additional parameters include: -S computer and -U user.
+</para>
+<para>
+        Example:
+        net dom unjoin -S xp -U XP\\administrator%secret account=MYDOM\\administrator password=topsecret reboot.
+</para>
+<para>
+This example would connect to a computer named XP as the local administrator using password secret, and unjoin the computer from the domain using the MYDOM domain administrator account and password topsecret. After successful unjoin, the computer would reboot.
+</para>
+
+</refsect3>
+
+</refsect2>
+
+<refsect2>
+
 <title>HELP [COMMAND]</title>
 

branches/samba-3.2.x/docs-xml/smbdotconf/logon/abortshutdownscript.xml

@@ -10 +10 @@
                 
         <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>,
-        right, this command will be run as user.</para>
+        right, this command will be run as root.</para>
 </description>
 <value type="default">&quot;&quot;</value>

branches/samba-3.2.x/docs-xml/smbdotconf/logon/shutdownscript.xml

@@ -11 +11 @@
 
         <para>If the connected user posseses the <constant>SeRemoteShutdownPrivilege</constant>,
-        right, this command will be run as user.</para>
+        right, this command will be run as root.</para>
 
         <para>The %z %t %r %f variables are expanded as follows:</para>
@@ -43 +43 @@
 <programlisting format="linespecific">
 #!/bin/bash
-                
-$time=0
-let &quot;time/60&quot;
-let &quot;time++&quot;
+
+time=$2
+let time=&quot;${time} / 60&quot;
+let time=&quot;${time} + 1&quot;
 
 /sbin/shutdown $3 $4 +$time $1 &amp;
+
 </programlisting>
         Shutdown does not return so we need to launch it in background.

branches/samba-3.2.x/docs-xml/smbdotconf/protocol/unixextensions.xml

@@ -5 +5 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
  <description>
-    <para>This boolean parameter controls whether Samba 
-    implments the CIFS UNIX extensions, as defined by HP. 
+    <para>This boolean parameter controls whether Samba
+    implements the CIFS UNIX extensions, as defined by HP.
     These extensions enable Samba to better serve UNIX CIFS clients
     by supporting features such as symbolic links, hard links, etc...